9. MÜSÝAD Uluslararasý Ticaret Fuarý, 3-6 Ekim 2002, CNR, Yeþilköy / Ýstanbul
Title: 9. MÜSÝAD Uluslararasý Ticaret Fuarý, 3-6 Ekim 2002, Istanbul 9. MÜSÝAD ULUSLARARASI FUARI 3-6 EKÝM 2002, ÝSTANBUL CNR, Yeþilköy Evet ! MÜSÝAD Fuarlarý devam ediyor !... Türkiye'mizin geleceðine katkýda bulunmadaki çabalarýmýz 9.MÜSÝAD Uluslararasý Fuarý ile devam ediyor! 8,000m2 stand alaný ve 150 bin üzerinde beklenen ziyaretçi, ve 1000'e yaklaþan yabancý ziyaretçilerimizle esaslý bir ticari hareketlilik vaat ediyor. Baþta komþu ülkelerden olmak üzere hem kurumsal (Dubai-Jebel Ali Serbest Bölgesi ve Ýslam Kalkýnma Bankasý), hem de þirket bazýnda çeþitli ülkelerden stand bazýnda katýlýmcý, çok sayýda alýcý heyet ve fuar alanýnda yapýlacak çeþitli Ülke Toplantýlarý yer almaktadýr. On-line davetiye, ayrýntýlý bilgi ve program için týklayýn ! Otobüs Seferleri: ÝETT Özel MÜSÝAD Fuar duraklarýndan 10:30'dan 20:00'ye kadar her yarým saatte bir aþaðýdaki duraklardan otobüs seferleri yapýlacaktýr. Kalkýþ merkezlerine dönüþ seferleri de yapýlacaktýr. Bakýrköy (Deniz Otobüsleri Ýskelesi önü) Mecidiyeköy (Viyadük altý) Kadýköy (Rýhtým Ýskelesi - Esenler Otogarý) Taksim (Gezi Parký yaný) Fuarda yer alacak baþlýca sektörler: MUMAC: Makina,Takým tezgahlarý, Elektronik ürünler, Elektrikli makineler, Bilgisayar, Otomotiv, Otomotiv yan sanayii MUFOPACK:Yiyecek & Ýçecek, Ambalaj baský makinalarý, Ambalaj malzemeleri, Ambalaj teknikleri ve makinalarý MUTEX: Tekstil ürünleri, Hazýr giyim, Ýç giyim Tekstil ve dikim sanayi donanýmlarý, Ayakkabý, Halý, Deri giysiler, Deri ürünler MUSCON: Yapý Malzemeleri, Isýtma sistemleri, Mobilya & Dekorasyon, Mermer & Granit, Cam ürünler, Elektrikli ev ürünleri, Plastik ve plastik ürünler, Saðlýk, Eðitim ve diðer hizmet sektörleri Bu gönderiyi bir daha almak istemiyorsanýz týklayýn! Hakan834 rules it !
Re: What email encryption is actually in use?
at Wednesday, October 02, 2002 3:13 AM, Peter Gutmann <[EMAIL PROTECTED]> was seen to say: > As opposed to more conventional encryption, where you're protecting > nothing at any point along the chain, because 99.99% of the user base > can't/won't use it. That is a different problem. if you assume that relying on every hop between you and your correspondent to be protected by TLS *and* the owner of that server to be trustworthy (not only in the normal sense, but resistant to legal pressure, warrants from LEAs and financial "incentives" from your competitors) then you are in for a rude awakening at some point. S/Mime isn't wonderful, but it is built-in to the M$oft email packages and you can trivially generate a key *for* your correspondents to be delivered to them out-of-band. installing is double-clicking a file, and decryption automatic. More security aware users will obviously want their own, a key from a recognised CA or prefer pgp, but that is upgrades to the basic security you can provide by five minutes work with a copy of OpenSSL. > In any case most email is point-to-point, which > means you are protecting the entire chain (that is, if I send you > mail it may go through a few internal machines here or there, but > once it hits the WAN it's straight from my gateway to yours). Depends on the setup. Few home users can afford always-up connections, and most dialup ranges are blocked from direct delivery anyhow. the typical chain goes Sender-->Sender's ISP-->Recipient's ISP-->Mailspool-->Recipient for a corporate user, a typical chain might go Sender-->sender's internal email system-->sender's outbound gateway-->recipient's firewall-->recipients inbound gateway-->recipient's email system-->recipient assuming *everyone* at both companies is trustworthy (or IT is on the ball and preventing sniffers from running on their lans; I will pause while everyone laughs and then drafts replies pointing out that is impossible) then you can get away with TLS-protecting just the link gateway-->firewall. Yes, crypto should be transparent and enabled *by default* in those M$ corporate products; no, the US government wasn't (and still isn't even under the more relaxed regime) willing to wear on-by-default unbreakable, easy crypto in mass-market products.
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- at Tuesday, October 01, 2002 9:04 PM, Petro <[EMAIL PROTECTED]> was seen to say: > Well, it's a start. Every mail server (except mx1 and > mx2.prserv.net) should use TLS. Its nice in theory, but in practice look how long it takes the bulk of the internet to install urgent patches - how long is it going to take to get people to install an upgrade to privacy that actually causes more problems for them? Besides the core here is that 1) everyone with a server enroute can read the mail 2) you are relying on every other link in the chain to protect your privacy clientside crypto fixes both these problems, reduces the total crypto load on the chain (encryption/decryption is only ever done once) and allows use of digital signatures. > Once you start using it, it becomes part of hte pattern by wich > other people identify you. Exactly the intention, yes :) Just for the sake of it (anyone who cares will have seen my signature enough times by now) I will sign this one :) -BEGIN PGP SIGNATURE- Version: PGP - Cyber-Knights Templar iQIVAwUBPZrB22DKt9Hjj5SVAQF3eBAAh8RK5LgLIPv8JhBwX6kdj2x0c6NsrtdA xiH45Zb+bCNO07ac07n+qyKRZ5UiTGjekjQXjnSOczDFUgCyUymexqif7SnDZ04P S/55rQ31wfUWNRVrO/ULjdq4TVYHMsAUFKhrYgwvYyqJNOg2C+sBwgNsLM3gedm2 R0KRY6pO/wqpVsvki3c27h7wszfvCkmsRrqtuKTwktm23XdbmAs+21YWbThbqc3Y r1gtmH8QrJuUzhPXfE/L104reFo5yi2BMuY/ac1G7uXNc+6yAhy61q4z0v17OMcS glEASE0AO+XrtYFfq/3VXk1SN5S3x44GazHvKo9NgqpJn8pvoNq9TsXhXIa9c1/u hchVahwsuZ6rooMxur8ekLP86zTn8mfI+lFKd1n+LuFzcVbzezzKRH3PM+TjDMTF p0TzHsrDOeUkrYJ2ImznpJ1019oDPBVvDCwRyCqOeLZ9MvARTXLtO9gwjt1NAh2E h7WBYhQyMdlKeUMh6mUwIG7DOoitOnf/mQkmQWybPK7NT2tOhx9uHEWE92iWUxc+ AQF4UywdSvFpTskVBkQIQESsYWGs92A350zEapogB2+cDJxytqtRDN2mLGG6tPPt u+60lj65OQUdc0D91e2W3yif9mF7ul3aztt2Ca5qziyMRVwnoceSwbejDyr1fZLO 8MgGBffIDis= =jz44 -END PGP SIGNATURE- resent - with broken line wrap fixed. damned lousy MS email client :) Next time I *check* first before sending and don't look so clueless in a worldwide list :)
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill Stewart wrote: | | If your organization is an ISP, the risks are letting them | handle your email at all (especially with currently proposed | mandatory eavesdropping laws), and STARTTLS provides a | mechanism for direct delivery that isn't as likely to be blocked | by anti-spamming restrictions on port 25. | Now to get some email *clients* using it. | BTW, most and probably all of the major mail clients out there will do STARTTLS *for SMTP*. It's a matter of servers offering it and clients being configured to actually use it. It'd be nice if they always used it if it's available, but right now I think they all require being told to. Specifically, Mozilla, Outlook, Outlook Express, Netscape (all the way back to 4.7x at least), Evolution, and Eudora all support STARTTLS (again, for SMTP). I imagine there are others that do as well. Amusingly, virtually none of them support STARTLS on any other protocol. :) IMAP and POP are almost all supported only on dedicated SSL ports (IMAPS, POP3S). Argh. Regards, Jeremey. - -- Jeremey Barrett [[EMAIL PROTECTED]]Key: http://rot26.com/gpg.asc GnuPG fingerprint: 716E C811 C6D9 2B31 685D 008F F715 EB88 52F6 3860 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9mwrg9xXriFL2OGARAo/oAJ0QnWSlj22d3jvdyw8wtfVXIGkjFACeOuXr fZjD8Wo2H/AWkM1saPxNNOY= =g5QQ -END PGP SIGNATURE-
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Udhay Shankar N wrote: | At 10:04 AM 10/2/02 -0500, Jeremey Barrett wrote: | |> Amusingly, virtually none of them support STARTLS on any other protocol. |> :) IMAP and POP are almost all supported only on dedicated SSL ports |> (IMAPS, POP3S). Argh. | | I use Eudora, as I'm very comfortable with it (so comfortable, in fact, | that it's my primary reason for booting Windows at all.) | | The version I use, 5.1, *does* support STARTTLS for POP over both the | regular port 110 as well as alternate ports, as well as user-defined | ports. It needs some tweaking, but the capability exists. | | I don't know about IMAP, as I don't use IMAP to get my mail. | Yes, Eudora is the exception. It supports both STARTTLS and dedicated SSL ports for all mail protocols (it even does SMTPS I think). Jeremey. - -- Jeremey Barrett [[EMAIL PROTECTED]]Key: http://rot26.com/gpg.asc GnuPG fingerprint: 716E C811 C6D9 2B31 685D 008F F715 EB88 52F6 3860 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9mxbK9xXriFL2OGARAsrqAKCeoCG1YA07tRdU8pEi8Rci6SWaKACgtWBv nobLVt5wGMgvwNOT5wTYzLI= =k+kp -END PGP SIGNATURE-
Re: What email encryption is actually in use?
--On Wednesday, 02 October, 2002 10:54 -0500 Jeremey Barrett <[EMAIL PROTECTED]> wrote: > Udhay Shankar N wrote: >| At 10:04 AM 10/2/02 -0500, Jeremey Barrett wrote: >| >|> Amusingly, virtually none of them support STARTLS on any other protocol. >|> :) IMAP and POP are almost all supported only on dedicated SSL ports >|> (IMAPS, POP3S). Argh. >| >| I use Eudora, as I'm very comfortable with it (so comfortable, in fact, >| that it's my primary reason for booting Windows at all.) >| >| The version I use, 5.1, *does* support STARTTLS for POP over both the >| regular port 110 as well as alternate ports, as well as user-defined >| ports. It needs some tweaking, but the capability exists. >| >| I don't know about IMAP, as I don't use IMAP to get my mail. >| > > Yes, Eudora is the exception. It supports both STARTTLS and dedicated > SSL ports for all mail protocols (it even does SMTPS I think). it isn't the only exception: i use mulberry with IMAP, and it supports STARTTLS for both IMAP and SMTP over the normal ports; haven't tried POP3, although it looks like it should work. and this seems to work for mulberry on linux, macs and windows. -paul
Re: What email encryption is actually in use?
Lucky Green wrote: > I also agree that current MTAs' implementations of STARTTLS are only a > first step. At least in postfix, the only MTA with which I am > sufficiently familiar to form an opinion, it appears impossible to > require that certs presented by trusted parties match a particular hash > while certs presented by untrusted MTAs can present any certificate they > desire to achieve EDH-level security. This is probably a stupid question, but... why would you want to do this? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
Re: What email encryption is actually in use?
-- > > Once you start using it, it becomes part of hte pattern > > by wich other people identify you. On 2 Oct 2002 at 9:52, David Howe wrote: > Exactly the intention, yes :) Just for the sake of it (anyone > who cares will have seen my signature enough times by now) I > will sign this one :) And PGP tells me "signature not checked, key does not meet validity threshold" So I said to myself, OK, I will sign David Howe's key on my keyring to tell myself that this is the "David Howe" who posts on cypherpunks, though of course, pgp gives us merely a single variable "trust", which can have no easy connection to the question "what do you actually know about this particular David Howe?". (What we really would like is a database of communications indexed by key, so that we could see this communication in the context of past communications with the David Howe that used the same key.) I attempt to sign "David Howe"s key, whereupon PGP gives the highly uninformative error message: "Key signature error". It seems that I get similarly uninformative errors whenever I tried to use PGP. And that folks, is at least one of the reasons why end user crypto is not widespread. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 3XIIjDu4swm4B8omsJgkQJcu1Op4/sNb2XkGf18B 4F9ZT3OQag+pZrW134bJdhLT3EeX1wOFqJzi1WJQ5
Re: Court rules up-skirt peep cams legal
At 02:37 PM 10/1/02 -0700, Steve Schear wrote: >Court rules up-skirt peep cams legal > >In a ruling that could change fashions in Washington state, the supreme >court there has ruled that "up-skirt cams" do not violate voyeurism laws. > >[Using almost identical logic cities around the country have passed >ordinances prohibiting the wearing of masks. So, by extension, might a >city pass an ordinance that prohibits a woman from wearing underwear with a >skirt? Enquiring legal minds want to know ;-) steve] And various theocracies might require, or restrict, beards there too :->
Do you want to invest in EGYPT ?
Title: email This message is never sent unsolicited. If you feel that your email was obtained by error, or would like to opt-out of receiving future offers please send email to [EMAIL PROTECTED] with unsubscribe in subject .
JYA ping
Cryptome has nor been updated since 9/23 ... any clues, anyone ?
Re: What email encryption is actually in use?
On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | Lucky Green wrote: | >I also agree that current MTAs' implementations of STARTTLS are only a | >first step. At least in postfix, the only MTA with which I am | >sufficiently familiar to form an opinion, it appears impossible to | >require that certs presented by trusted parties match a particular hash | >while certs presented by untrusted MTAs can present any certificate they | >desire to achieve EDH-level security. | | This is probably a stupid question, but... why would you want to do this? So that your regular correspondants are authenticated, while anyone else is opportunisticly encrypted. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Re: What email encryption is actually in use?
James A. Donald wrote: >> And PGP tells me "signature not checked, key does not meet > validity threshold" what version are you on? ckt never does that - it checks it, and marks the sig status as good or bad - but obviously marks the key status as invalid (due to lack of signing) on anyone I don't trust enough to sign :) oh - and some versions of pgp have trouble with that particular key - its a 4K RSA that V5.x would accept, but V6.x wouldn't Try 6.5.8 CKT instead :)
Re: What email encryption is actually in use?
Adam Shostack wrote: > On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: > | Lucky Green wrote: > | >I also agree that current MTAs' implementations of STARTTLS are only a > | >first step. At least in postfix, the only MTA with which I am > | >sufficiently familiar to form an opinion, it appears impossible to > | >require that certs presented by trusted parties match a particular hash > | >while certs presented by untrusted MTAs can present any certificate they > | >desire to achieve EDH-level security. > | > | This is probably a stupid question, but... why would you want to do this? > > So that your regular correspondants are authenticated, while anyone > else is opportunisticly encrypted. ??? How does checking their MTA's cert authenticate them? What's wrong with PGP sigs? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
Re: What email encryption is actually in use?
On Wed, Oct 02, 2002 at 09:12:47PM +0100, Ben Laurie wrote: | Adam Shostack wrote: | >On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | >| Lucky Green wrote: | >| >I also agree that current MTAs' implementations of STARTTLS are only a | >| >first step. At least in postfix, the only MTA with which I am | >| >sufficiently familiar to form an opinion, it appears impossible to | >| >require that certs presented by trusted parties match a particular hash | >| >while certs presented by untrusted MTAs can present any certificate they | >| >desire to achieve EDH-level security. | >| | >| This is probably a stupid question, but... why would you want to do this? | > | >So that your regular correspondants are authenticated, while anyone | >else is opportunisticly encrypted. | | ??? How does checking their MTA's cert authenticate them? What's wrong | with PGP sigs? Consistency with last time. Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff. Sure, you and I can use PGP, but by and large, people don't bother. So lets look at a technology that's getting accepted, and improve it slowly. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Re: JYA ping
On Wed, 2 Oct 2002, Anonymous wrote: > Cryptome has nor been updated since 9/23 ... any clues, anyone ? No. Anyone knows whether John Young is okay?
ADV: Attention Business Owner: Do you have Legal Coverage? bkmwa
Greetings Business Owner, Do you have Legal coverage for your business? Now you can get a Business Owners Legal Plan for your company that makes it like having a top law firm "on your staff". Obtain benefits like: - Legal consultation ...pick up the phone and call - Legal correspondence - Contract review - Debt collection - Trial defense services - much, much, more Visit http://ww1.bestoffersonthenet.com/businessprotection/ The information is free... Give your company "That Competitive Edge. . ." for about the price of a Mocha a day. --- To easily remove your address from the list, go to: http://ww1.bestoffersonthenet.com/stopthemailplease/ Please allow 48-72 hours for removal.
RE: What email encryption is actually in use?
Ben wrote: > Lucky Green wrote: > > I also agree that current MTAs' implementations of STARTTLS > are only a > > first step. At least in postfix, the only MTA with which I am > > sufficiently familiar to form an opinion, it appears impossible to > > require that certs presented by trusted parties match a particular > > hash while certs presented by untrusted MTAs can present any > > certificate they desire to achieve EDH-level security. > > This is probably a stupid question, but... why would you want > to do this? To protect against MIM attacks on the encrypted tunnel between the trust domains represented by my friend's MTA and my MTA. --Lucky Green
Re: What email encryption is actually in use?
"David Howe" <[EMAIL PROTECTED]> writes: >at Wednesday, October 02, 2002 3:13 AM, Peter Gutmann ><[EMAIL PROTECTED]> was seen to say: >>As opposed to more conventional encryption, where you're protecting >>nothing at any point along the chain, because 99.99% of the user base >>can't/won't use it. >That is a different problem. if you assume that relying on every hop between >you and your correspondent to be protected by TLS Doing a quick check of all of today's mail, there's only a single hop on the WAN. This is a non-issue. >*and* the owner of that server to be trustworthy (not only in the normal >sense, but resistant to legal pressure, warrants from LEAs and financial >"incentives" from your competitors) If the Uni sysadmins want to read mail sent from Uni machines, they'll get it with or without me using encryption, and it'd be the same for most (all?) corporates. This is a non-issue. >then you are in for a rude awakening at some point. I know exactly what I'm getting from STARTTLS, which is adequate security most of the time, automatically, with no extra effort. If I want real security, I'll send it from a home machine in a lead-lined room while wearing a tinfoil hat, while worrying whether the use of an encrypted message in this manner will attract undue suspicion. Luckily I don't need real security most of the time, just protection from fishing expeditions and general snooping, which STARTTLS gives me. Peter.
Re: What email encryption is actually in use?
On Wed, Oct 02, 2002 at 07:45:47PM -0700, James A. Donald wrote: > -- > On 2 Oct 2002 at 16:19, Adam Shostack wrote: > > Whats wrong with PGP sigs is that going on 9 full years after > > I generated my first pgp key, my mom still can't use the > > stuff. > > The fact that your mum cannot use the stuff is only half the > problem. I am a computer expert, a key administrator, someone > who has been paid to write cryptographic code, and half the > time I cannot use pgp. Have you looked at GnuPG? http://www.gnupg.org/ There are some graphical front-ends which I have not tried, but the console version seems straightforward to me. Blessed be, Alfie -- guru, n: A computer owner who can read the manual. [demime 0.97c removed an attachment of type application/pgp-signature]
Re: What email encryption is actually in use?
At 09:05 AM 10/01/2002 -0700, Major Variola (ret) wrote: >So yes Alice at ABC.COM sends mail to Bob at XYZ.COM and >the SMTP link is encrypted, so the bored upstream-ISP netops >can't learn anything besides traffic analysis. >But once inside XYZ.COM, many unauthorized folks could >intercept Bob's email. Access Control is sorely lacking folks. I'm running Win2000 in "You're Not The Administrator" mode. Since somebody else is root and I'm not, the fact that my network admins could eavesdrop on my link traffic isn't a big deal, especially when they set up my PC's software. And if I do pretend to trust my machine against some insiders, I can use SSH, SSL, and PGP to reduce risks from others... Also, STARTTLS can reduce eavesdropping at Alice's ABC.COM. If your organization is an ISP, the risks are letting them handle your email at all (especially with currently proposed mandatory eavesdropping laws), and STARTTLS provides a mechanism for direct delivery that isn't as likely to be blocked by anti-spamming restrictions on port 25. Now to get some email *clients* using it. On the other hand, if your recipient is at a big corporation, they're highly likely to be using a big shared MS Exchange server, or some standards-based equivalent, so the game's over on that end before you even start. Take the STARTTLS and run with it... >Link encryption is a good idea, but rarely sufficient. Defense in depth is important for real security. STARTTLS can be a link-encryption solution, but it can also be part of a layered solution, and if you don't bother with end-to-end, it's a really good start, and isolates your risks. It also offers you some possibility of doing certificate management to reduce the risk of man-in-the-middle attacks from outside your organization, and does reduce some traffic analysis. > >at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann > ><[EMAIL PROTECTED]> was seen to say: > >> For encryption, STARTTLS, which protects more mail than all other > >> email encryption technology combined. If your goal is to encrypt 20% of the net by Christmas, STARTTLS will get a lot closer to that than a perfect system. Similarly, IPSEC using the shared key "open secret" would have been a much-faster-deployed form of opportunistic encryption than the FreeSWAN project's more complex form that wants some control over DNS that most users don't have. In the absence of a real Public Key Infrastructure, neither is totally man-in-the-middle-proof, so if the Feds are targeting *you* it's clearly not enough, but reducing mass-quantity fishing expeditions increases our security and reduces the Echelon potential - especially if 90% of the encrypted material is routine corporate email, mailing lists, Usenet drivel, etc. At 01:20 PM 10/1/02 +0100, David Howe wrote: > >I would dispute that - not that it isn't used and useful, but unless you > >are handing off directly to the "home" machine of the end user (or his > >direct spool) odds are good that the packet will be sent unencrypted > >somewhere along its journey. with TLS you are basically protecting a > >single link of a transmission chain, with no control over the rest of > >the chain. You can protect most of the path if your firewalls don't interfere, and more if your recipients' don't.
