Re: It's time for PGP to die.

[Nicholas Cole]

On Sun, Aug 17, 2014 at 10:14 PM, Robert J. Hansen  wrote:
>> Leaving aside the issue of how popular encryption of mail is - we are
>> faced with the fact that 98 per cent of computer users are completely
>> ignorant about software and hardware.


But even if they weren't, the problem is that OpenPGP protects such a
small part of the problem that it is hard to justify the additional
time and effort to users.

If the revelations of the last year have proved anything, it is that
most computer systems are vulnerable at a very deep level to all kinds
of sophisticated attacks.  In that context, where the underlying
operating systems themselves are so vulnerable, OpenPGP really doesn't
solve very much for most users.

Supposing the following threat model (which I think corresponds to how
must people use email):

- physical security of hardware.
- the need for secure communication contents (but the fact of the
communication is not secret).
- connection of the computers to the internet.
- attackers who are interested in the content of the communication and
who are willing to launch electronic attacks to get it.

OpenPGP would be an ideal solution for the actual transmission in this
scenario -- except that there is simply no operating system that can
be trusted to be a secure platform upon which to run OpenPGP.  There
will always be a weaker link than the encryption, and so the right
solution for most users is not to send confidential information by
email at all.

Now, there are still plenty of uses for OpenPGP, but they tend to be
niche ones with particular threat models and especially motivated
users.  To expect mass-adoption of a tool with only niche uses is not
reasonable.  It doesn't mean that the project is a failure.

N.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: It's time for PGP to die.

[Rob Ambidge]

I read an article or something a while back stating the legal theory that if 
your passphrase is an admittance to a past crime, to hand over said passphrase 
would constitute as having said "testimonial value" and you could get away with 
not disclosing the passphrase.
But it is just legal theory, and I am no expert in law, american law, or even 
cryptography. So what happens in practice is anyone's guess really.

On 18 August 2014 07:01:46 BST, Johan Wevers  wrote:
>On 17-08-2014 22:42, Robert J. Hansen wrote:
>
>> The only time production of a passphrase is permitted is when
>> it lacks any testimonial value.
>
>And who determines wether it has any "testimonial value"?
>
>That sounds like a fine legal loophole to pressure someone into telling
>the passphrase. In those cases where the US government is actually
>interested in paying lip service that it will obey the law that is -
>they could just as easily declare you an "illegal combattant" or
>something like that and just torture it out of you.
>
>-- 
>ir. J.C.A. Wevers
>PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
>
>
>___
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

AW: [Announce] The sixth Beta for GnuPG 2.1 is now available for testing

[KA IT User]

Again, we request to remove us from the mailing list.

Mit freundlichen Grüßen / Kind regards
__
Ing. Roman Höller, MSc
Informationstechnologie
Information Technology
Kommunalkredit Austria AG
1092 Wien, Türkenstraße 9
Tel.: +43 (0) 1/31631 519, Fax: -99519
Mobil: +43 (0) 664/80 31631 519
r.hoel...@kommunalkredit.at
www.kommunalkredit.at

-Ursprüngliche Nachricht-
Von: Gnupg-announce [mailto:gnupg-announce-boun...@gnupg.org] Im Auftrag von 
Werner Koch
Gesendet: Donnerstag, 14. August 2014 18:07
An: gnupg-annou...@gnupg.org
Betreff: [Announce] The sixth Beta for GnuPG 2.1 is now available for testing

Hello!

I just released the sixth *beta* version of GnuPG *2.1*.  It has been released 
to give you the opportunity to check out new features and to help fixing bugs.

  If you need a stable and fully maintained version of GnuPG,
  you should use version 2.0.26 or 1.4.18.

This versions is marked as BETA and as such it should in general not be used 
for real work.  However, the core functionality is solid enough for a long time 
and I am using this code base for a couple of years now.


What's new in 2.1.0-beta783 since beta751 
=

 * gpg: Add command --quick-gen-key.

 * gpg: Make --quick-sign-key promote local key signatures.

 * gpg: Added "show-usage" sub-option to --list-options.

 * gpg: Screen keyserver responses to avoid importing unwanted keys
   from rogue servers.

 * gpg: Removed the option --pgp2 and --rfc1991 and the ability to
   create PGP-2 compatible messages.

 * gpg: Removed options --compress-keys and --compress-sigs.

 * gpg: Cap attribute packets at 16MB.

 * gpg: Improved output of --list-packets.

 * gpg: Make with-colons output of --search-keys work again.

 * gpgsm: Auto-create the ".gnupg" directory like gpg does.

 * agent: Fold new passphrase warning prompts into one.

 * scdaemon: Add support for the Smartcard-HSM card.

 * scdaemon: Remove the use of the pcsc-wrapper.



Getting the Software


GnuPG 2.1.0-beta783 is available at

 ftp://ftp.gnupg.org/gcrypt/gnupg/unstable/gnupg-2.1.0-beta783.tar.bz2
 ftp://ftp.gnupg.org/gcrypt/gnupg/unstable/gnupg-2.1.0-beta783.tar.bz2.sig

and soon on all mirrors .

Please read the README file !


Checking the Integrity
==

In order to check that the version of GnuPG which you are going to install is 
an original and unmodified one, you can do it in one of the following ways:

 * If you already have a trusted version of GnuPG installed, you
   can simply check the supplied signature.  For example to check the
   signature of the file gnupg-2.1.0-beta783.tar.bz2 you would use
   this command:

 gpg --verify gnupg-2.1.0-beta783.tar.bz2.sig

   Depending on your installation you may use "gpg2" instead of "gpg".
   This checks whether the signature file matches the source file.  You
   should see a message indicating that the signature is good and made
   by that signing key.  Make sure that you have the right key, either
   by checking the fingerprint of that key with other sources or by
   checking that the key has been signed by a trustworthy other key.
   Note, that you can retrieve the signing key using the command

 finger wk ,at' g10code.com

   or using a keyserver like

 gpg --keyserver keys.gnupg.net --recv-key 4F25E3B6

   The distribution key 4F25E3B6 is signed by the well known key
   1E42B367.

   NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
   INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!


Documentation
=

The file gnupg.info has the complete user manual of the system.
Separate man pages are included as well; however they have not all the details 
available in the manual.  It is also possible to read the complete manual 
online in HTML format at

  https://www.gnupg.org/documentation/manuals/gnupg-devel/

The chapters on gpg-agent, gpg and gpgsm include information on how to set up 
the whole thing.  You may also want search the GnuPG mailing list archives or 
ask on the gnupg-users mailing lists for advise on how to solve problems.  Many 
of the new features are around for several years and thus enough public 
knowledge is already available.

Almost all mail clients support GnuPG-2.  Mutt users may want to use the 
configure option "--enable-gpgme" during build time and put a "set 
use_crypt_gpgme" in ~/.muttrc to enable S/MIME support along with the reworked 
OpenPGP support.


Support
===

Please consult the archive of the gnupg-users mailing list before reporting a 
bug .
We suggest to send bug reports for a new release to this list in favor of 
filing a bug at .  We also have a dedicated service 
directory at:

  https://www.gnupg.org/service.html

Maintaining and improving GnuPG is costly.  For more than a decade,
g10 Code GmbH, a German company owne

Re: AW: [Announce] The sixth Beta for GnuPG 2.1 is now available for testing

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 08/18/2014 09:14 AM, KA IT User wrote:
> Again, we request to remove us from the mailing list.

See the list-unsubscribe header or the bottom of every mail for how to
unsubscribe.

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Ne nuntium necare
Don't kill the messenger
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJT8eZkAAoJEPw7F94F4TagAPAP/3ypT8ZCPPv2XtM3RrktYXvZ
RWCARkzuatIA68PWh7pK0s8q85IqUT3a36V6OIwB57SL00AuL5uHs7kEKxRAXyKy
31A8TlziA9C7/TT3d3bQqaKESNmGjklsHKrcSRdmz+BYZMEg4Bt26u0yfxE0SRfk
WQ3nd94o6cFBytzriYwO1wRuGX5rfYtdzQ/yW9s/6Gk+HCrkVQyb/XIlwm2goXH9
ZZ1XgOa8fRgD8bKetgRG6UrQZ3SqHySZOaFtxsMJOE9sAoiTL9cAlzIKk4XgpukU
J+DpwSE6Mty9Q6/r452IlNI8LauX3wvXm1VwRDRHzKfJzeX3QA6KB1ButWueM+96
RlsNhgo/dDyGp/UlQDyvGhuCSCEQrL9/V5UkCAPQ8UZWunwtx6+hKnpSoxqx6EdW
VdWGRdvp2yMbIIcflL8yHbfBv9NCwnghsVRBvA1DXIpvo6fu2xZjPY9lqzSzxtdl
gMsA67zfqwcb34CDmj5hLSs+nmVLeJPhycZygiYpQcbQ7p/Ywx3kXTpuuYZhQenu
VTwZ/tLst7NCxCLGqJZ9oV16wa4TCIolVOoKjHSNsy2hMTyrWVmQilWV1QLyfAQL
93lx3QsgO+HbErzy7vLfkYFCJpEygz8q1UlnJhwqHbdZ+0MkHUBFAWp2vfigiIru
cjITkvBwPVLQrw7HYa/O
=Ld9y
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: It's time for PGP to die.

[Robert J. Hansen]

On 8/18/2014 5:04 AM, Rob Ambidge wrote:
> I read an article or something a while back stating the legal theory 
> that if your passphrase is an admittance to a past crime, to hand
> over said passphrase would constitute as having said "testimonial
> value" and you could get away with not disclosing the passphrase.

That's one of the exceptions, yes.

Basically, if the fact you know something would tend to implicate you in
the commission of a crime, then you can't be compelled to reveal that
you know it.  Whether it's a passphrase or a safe combination makes no
difference.

There are a lot of nuances and exceptions here.  This isn't legal
advice.  If you need legal advice, ask a real lawyer, not an internet
mailing list...




smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Announce] The sixth Beta for GnuPG 2.1 is now available for testing

[Jerry]

On Mon, 18 Aug 2014 07:14:53 +, KA IT User stated:

> Again, we request to remove us from the mailing list.

And again, have you checked the email headers?

List-Unsubscribe: ,
 

-- 
Jerry

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: It's time for PGP to die.

[Jerry]

On Mon, 18 Aug 2014 10:04:54 +0100, Rob Ambidge stated:

> I read an article or something a while back stating the legal theory that
> if your passphrase is an admittance to a past crime, to hand over said
> passphrase would constitute as having said "testimonial value" and you
> could get away with not disclosing the passphrase. But it is just legal
> theory, and I am no expert in law, american law, or even cryptography. So
> what happens in practice is anyone's guess really.
> 
> On 18 August 2014 07:01:46 BST, Johan Wevers 
> wrote:
> >On 17-08-2014 22:42, Robert J. Hansen wrote:
> >
> >> The only time production of a passphrase is permitted is when
> >> it lacks any testimonial value.
> >
> >And who determines wether it has any "testimonial value"?
> >
> >That sounds like a fine legal loophole to pressure someone into telling
> >the passphrase. In those cases where the US government is actually
> >interested in paying lip service that it will obey the law that is -
> >they could just as easily declare you an "illegal combattant" or
> >something like that and just torture it out of you.

Much of the discussion has been about what analogy comes closest. Prosecutors
tend to view PGP passphrases as akin to someone possessing a key to a safe
filled with incriminating documents. That person can, in general, be legally
compelled to hand over the key. Other examples include the U.S. Supreme Court
saying that defendants can be forced to provide fingerprints, blood samples,
or voice recordings.

The entire article is available here:


-- 
Jerry

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: It's time for PGP to die.

[Robert J. Hansen]

On 8/18/2014 2:01 AM, Johan Wevers wrote:
> And who determines wether it has any "testimonial value"?

Johan, we're entering paranoid fantasy here.  If you truly believe the
whole of the USG is corrupt, and that our independent judiciary is in
cahoots with a corrupt Executive and Legislature in order to
systematically violate people's rights, well... then I think I'm going
to need to stop talking with you, which I regret.  :(




smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: It's time for PGP to die.

[Robert J. Hansen]

Much of the discussion has been about what analogy comes closest. Prosecutors
tend to view PGP passphrases as akin to someone possessing a key to a safe
filled with incriminating documents.


s/Prosecutors/Judges

Nobody really cares what prosecutors view it as: the question is what 
they can get a judge to rule it as.


That said, the analogy is pretty much exact.  If the documents in the 
safe would incriminate you, and the government knows they exist and 
roughly what their contents are, then yes, you can be subpoenaed to 
provide them.  (If the government doesn't know they exist or generally 
what their contents are, the subpoena gets rejected as an illegal 
fishing expedition.)


If knowing the combination *by itself* would incriminate you, then you 
can't be compelled to provide.


For instance, let's say that a safe has been robbed.  There's no signs 
of forced entry or safecracking.  The government demands you cough up 
the combination, in order to prove that you had the means to commit the 
crime.  You object on grounds that proving you had the means to commit 
the crime would tend to implicate you in the crime.  The judge refuses 
the government's motion to compel you to produce the combination in court.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: It's time for PGP to die.

[Martin Behrendt]

Am 18.08.2014 um 14:31 schrieb Robert J. Hansen:
> On 8/18/2014 2:01 AM, Johan Wevers wrote:
>> And who determines wether it has any "testimonial value"?
> 
> Johan, we're entering paranoid fantasy here.  If you truly believe the
> whole of the USG is corrupt, and that our independent judiciary is in
> cahoots with a corrupt Executive and Legislature in order to
> systematically violate people's rights, well... then I think I'm going
> to need to stop talking with you, which I regret.  :(
> 

I think his question is not only good, it is necessary and important to
ask. Especially when it comes to laws. Or if you want a more visible
example just look at all the misinterpretation of "laws" in religions.

And furthermore you don't need to assume a conspiracy or corruptness.
People make mistakes.
People are willing to bypass the law because they think they serve a
greater good "in this one special case".
People don't think about the greater consequences of their actions.
People are ambitious.
People are stupid.
People ...

But anyhow, how about you choose your password to be a confession about
a crime you committed. Would this be enough testimonial value? :)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: It's time for PGP to die.

[Mark H. Wood]

On Sun, Aug 17, 2014 at 12:41:52AM +0100, Nicholas Cole wrote:
> On Sun, Aug 17, 2014 at 12:08 AM, Robert J. Hansen  
> wrote:
[snip]
> > OpenPGP's biggest problem, BTW, which goes *completely unmentioned* in
> > this blogpost: OpenPGP can't protect your metadata, and that turns out
> > to often be higher-value content than your emails themselves are.
> > Further, exposed metadata is inherent to SMTP, which means this problem
> > is going to be absolutely devilish to fix.
> 
> That is true.  But perhaps it would be a start if email clients
> actually put the actual email (with subject and references headers
> etc.) as an attachment to a bare email that contained only the minimal
> headers for delivery.  It wouldn't be a perfect solution, but it would
> at least fix a certain amount of metadata analysis.

Perhaps it would be a start if sites providing SMTP would turn on
STARTTLS.

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: It's time for PGP to die.

[Aaron Toponce]

On Mon, Aug 18, 2014 at 09:59:33AM -0400, Mark H. Wood wrote:
> Perhaps it would be a start if sites providing SMTP would turn on
> STARTTLS.

STARTTLS does not encrypt mail. It only provides safe passage over the network.
It is also client/server encrypted and decrypted. Thus, an administrator with
root at an SMTP server can view the mail once the mail transfer is decrypted.
Also, many big mail vendors have already enabled SSL/TLS/STARTTLS, such as
Google, Yahoo, and Microsoft.

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o


pgprklDx6SXoi.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: It's time for PGP to die.

[Mark H. Wood]

On Mon, Aug 18, 2014 at 08:15:49AM -0600, Aaron Toponce wrote:
> On Mon, Aug 18, 2014 at 09:59:33AM -0400, Mark H. Wood wrote:
> > Perhaps it would be a start if sites providing SMTP would turn on
> > STARTTLS.
> 
> STARTTLS does not encrypt mail. It only provides safe passage over the 
> network.

Sure, it does encrypt mail.  My SMTP has mail from me to deliver.  It
contacts an SMTP that it thinks can get the mail closer to its
addressee.  My SMTP sends STARTTLS, the receiving SMTP agrees, they
handshake, and the rest of the session, including MAIL FROM, RCPT TO,
and my mailgram following the DATA, is encrypted over the wire.

> It is also client/server encrypted and decrypted. Thus, an administrator with
> root at an SMTP server can view the mail once the mail transfer is decrypted.

As is often said here, "what's your threat model?"  Keeping
nonprivileged people out of the transaction is worthwhile, if I am
worried about mail being spied on in transit.  STARTTLS greatly
reduces the number of parties who could just read email metadata if
they have access to the wire.

Sysadmin.s take a risk if they are prying into the mail spool -- they
could be discovered.  Governments, too, may judge that the cost of
exposure of such activity is worth more than the advantage of doing
it.

But I wouldn't depend solely on STARTTLS for securing email any more
than I am satisfied to depend solely on encrypting the message body
with OpenPGP or similar means.  I believe in making the bad guys take
as much time, create as much mess, and make as much noise as I can
compel.  It costs almost nothing to make as much trouble as possible
for snoopers, and it's interesting work, so why not do it?

> Also, many big mail vendors have already enabled SSL/TLS/STARTTLS, such as
> Google, Yahoo, and Microsoft.

You mean those webmail thingies that I never use?  There's so much we
don't know about their security practices that I wasn't even thinking
about such services.  My remark was focused on the scenario above:
there is a local MUA, a local MTA and a remote MTA.

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: It's time for PGP to die.

[Mark H. Wood]

On Sun, Aug 17, 2014 at 10:41:27AM +0100, da...@gbenet.com wrote:
> Time to die? Well after 20 years I think it is all very academic - professors 
> sit in class
> rooms the world over - not much common sense comes out of their mouths. The 
> real issues are:
> 
> (a) do we want to implement our own security on our own devices as a "geek" or

Yes.  I know what tools I used and how I used them.

> (b) have some automated pre-installed software that will create all that's 
> necessary at
> first boot or

No.  I have no idea what it actually did.

> (c) rely on some large corporation to handle the encryption and decryption 
> for us

Same answer as (b).

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: It's time for PGP to die.

[Aaron Toponce]

On Mon, Aug 18, 2014 at 12:24:43PM -0400, Mark H. Wood wrote:
> Sure, it does encrypt mail.  My SMTP has mail from me to deliver.  It
> contacts an SMTP that it thinks can get the mail closer to its
> addressee.  My SMTP sends STARTTLS, the receiving SMTP agrees, they
> handshake, and the rest of the session, including MAIL FROM, RCPT TO,
> and my mailgram following the DATA, is encrypted over the wire.

The connection is encrypted, not the mail itelf. SSL/TLS behave like a tunnel.
The end result is the same, but the details are different. Much like on OpenSSH
tunnel, where SSH does not know anything of the data moving through the tunnel,
STARTTLS knows nothing about the data going through its tunnel.

> You mean those webmail thingies that I never use?  There's so much we
> don't know about their security practices that I wasn't even thinking
> about such services.  My remark was focused on the scenario above:
> there is a local MUA, a local MTA and a remote MTA.

No, I mean the POP3S/IMAPS/SMTPS/MAPIS protocols your MUA, and other SMTP MTAs
connects to. Not HTTPS.

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o


pgp2Xw45OQOkz.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: It's time for PGP to die.

[Johan Wevers]

On 18-08-2014 11:04, Rob Ambidge wrote:

> But it is just legal theory, and I am no expert in law, american law, or
> even cryptography. So what happens in practice is anyone's guess really.

I've seen what happens in practice: some group of people was accused of
organized growing of hennep. They arrested a lot of people, then dropped
the charges against some minor members of the gang. And then they became
"witnesses" and had to testify. Considering what could happen to them if
they talked they suddenly all had amnesia...

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: It's time for PGP to die.

[Johan Wevers]

On 18-08-2014 14:31, Robert J. Hansen wrote:

>> And who determines wether it has any "testimonial value"?

> Johan, we're entering paranoid fantasy here.  If you truly believe the
> whole of the USG is corrupt,

Well, I see some ridiculous sentences of US judges published here, but I
realize that only the most stupid ones reach the press here. However,
since US law has something called "subphoena", which I consider a grave
violation of the right to remain silent, I have not much trust in US law.

And as I described in another reply, I've seen in practice what they do
to make someone testify: drop charges against person 1 so he can be
declared "witness" against person 2.

> and that our independent judiciary is in
> cahoots with a corrupt Executive and Legislature in order to
> systematically violate people's rights,

That seems to be what Snowden showd.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

(OT) It's time for PGP to die.

[Peter Lebbing]

On 18/08/14 19:28, Johan Wevers wrote:
> And then they became "witnesses" and had to testify. Considering what
> could happen to them if they talked they suddenly all had amnesia...

Classic prisoners dillemma! You know, they should arrest a whole lot of
these groups, and in a controlled setting try this many times. For science!

;P

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: It's time for PGP to die.

[Peter Lebbing]

On 17/08/14 23:14, Robert J. Hansen wrote:
> But let's be real careful about thinking we are in any way better
> than other people.  We're not.

I completely agree with that statement but never read any disrespect in
the mail you are replying to. It /can/ be read that way, I agree. So it
might be good to point it out, as you did.

> If a new email cryptography standard comes out that's significantly 
> better than GnuPG, do you think Werner is going to sit around
> drinking Tanqueray straight out of the bottle because nobody's using
> GnuPG anymore?  I don't.  I think he'll cheerfully send GnuPG off
> into maintenance, applaud the new standard, and volunteer to help
> with a free implementation of the new standard.
> 
> [...]
> 
> When (not if) GnuPG dies out, the only question will be, "is this on 
> balance good for people?"  If so, then let's be thankful GnuPG
> existed, celebrate its passing, and cheerfully move on.

Thank you for that! It was something that bothered me about the blog
post. If the writer then and there came with a great new successor to
OpenPGP and put the title "OpenPGP needs to die" above his article that
then goes on "... because here is my killer application", then I would
congratulate him.

Now it's nothing but hot air. OpenPGP doesn't need to die; who is it
bothering by merely existing? What has OpenPGP ever done to him? Present
large blocks of base64 at the bottom of a mail? :)

Something better needs to live. That's the opposite of what he is
saying. What a negative Nancy.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: It's time for PGP to die.

[Peter Lebbing]

On 18/08/14 16:15, Aaron Toponce wrote:
> Also, many big mail vendors have already enabled SSL/TLS/STARTTLS, such as
> Google, Yahoo, and Microsoft.

Unfortunately, so long as TLS is not demanded, a downgrade attack can
easily disable it.

My 2c

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: It's time for PGP to die.

[Robert J. Hansen]

> Well, I see some ridiculous sentences of US judges published here, 
> but I realize that only the most stupid ones reach the press here. 
> However, since US law has something called "subphoena", which I 
> consider a grave violation of the right to remain silent, I have not 
> much trust in US law.

Err -- *what* right to remain silent?  No country has a universal right
to remain silent.  If you're a witness to a crime, you can be compelled
to testify about what you see.  If you're in possession of documents
that are relevant to a police investigation, you can be ordered to
produce them, and so on and so on.  That's the subpoena duces tecum in a
nutshell, right there.

Keep in mind that the idea of a subpoena duces tecum is so
uncontroversial that it's been formalized in *two* separate Hague
conventions: the Hague Service Convention and the Hague Evidence
Convention.  If you don't have trust in U.S. law because we have the
subpoena duces tecum, you should have no more faith in Dutch law...

> That seems to be what Snowden showd.

Been nice talking to you, Johan.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: It's time for PGP to die.

[James Platt]

On Aug 18, 2014, at 7:13 AM, Jerry  wrote:

> The entire article is available here:
> 

As the article says, the question of whether the 5th Amendment applies to 
passphrases remains unclear.  There have been conflicting rulings in various 
other cases.

The article also mentions the issue of inspections at border crossings which 
are not criminal investigations.   I discussed this a while back with an ACLU 
lawyer and his take was that the border crossing is more like civil law than 
criminal law.  In a civil case, you can assert a 5th Amendment right but then 
still be compelled to testify (including disclosure of passphrases) if they 
grant you immunity from criminal prosecution for anything revealed by the 
testimony.  In this way, the 5th amendment can not protect you from civil 
liability.  So, if the ACLU lawyer is correct, then you can assert a 5th 
amendment right at a border crossing to not decrypt your laptop, they could 
then compel decryption of the laptop on condition of giving you immunity from 
prosecution.  

We use PGP whole disk encryption for laptops which have HIPAA regulated data on 
them.  Doctors here have raised questions about whether it’s right for border 
agents to get access to this data.  



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: It's time for PGP to die.

[Robert J. Hansen]

> Something better needs to live. That's the opposite of what he is
> saying. What a negative Nancy.

(Long anecdote, but I promise, it's relevant.)

=

I live maybe ten miles away from the world's largest firearms museum.
When I first moved to this area a couple of years ago I figured I'd take
a look around and see what it was like.  While there, I got the chance
to see an original M-16 rifle from *1959* -- before it had even been
accepted for military service.

The museum curator explained to me that the original rifle from 1959 was
the product of extremely strict requirements.  The strictest was, it
couldn't mass more than 2.7 kilograms.  The rifle was built to meet this
seemingly-impossible weight target, and many of the worst defects of the
rifle were in reality triumphs of engineering that let them reach this goal.

For instance: the M-16 feeds hot gases directly from the barrel back
into the action in order to tap some of that energy to cycle the action
and chamber a new round.  The AK-47 has the hot gases operate on a
piston, and the piston in turn works the action.  This has the effect of
the AK-47 being much more reliable than the M-16, since it isn't
channeling hot gas and gunpowder residue directly back into the weapon.

For the last 50-odd years, people have called the M16's direct gas
impingement operation "Eugene Stoner's biggest blunder."  The reality
was, the AK-47's piston-style arrangement is *heavy*, and they had a
2.7-kg weight limit... so by doing it this way, they saved about 200
grams of weight.  That's a big deal when your total allowed mass is 2.7
kilos.  That it had an unpleasant effect on the reliability, everyone
knew... but everyone also knew that if they hadn't done it, there's no
way they would've hit 2.7kg.

Today, when the basic M-16 model weighs in at 3.8kg (they waived the
2.7kg limit in the 1980s), it's easy to look at the defects and start
criticizing Eugene Stoner's biggest mistake.  When you've got a 3.8kg
rifle there's no excuse for direct gas impingement.  When your rifle is
3.8kg, the direct gas impingement can only be thought of as a terrible
blunder.

But it didn't start out that way.

=

There's a big difference between saying, "this needs to die," and
"something better needs to live," I agree.

I find myself wishing, though, that before people said either of them
they would give more thought to why *this particular thing* came to live
in the first place.  Because I keep on thinking about that walk through
the National Firearms Museum, and seeing that old M-16, and hearing the
curator explain that everything people hated about it were actually
features demanded by the government, and it would have never been
adopted -- much less been so successful -- without those defects.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: It's time for PGP to die.

[Robert J. Hansen]

> The article also mentions the issue of inspections at border crossings
> which are not criminal investigations.

A U.S. appellate court recently ruled that inspections of laptop
contents at border crossings violated the Fourth Amendment.  It's
currently being appealed, but so far the tea leaves are the Supreme
Court won't touch it and will instead simply let the appellate decision
stand.  Just FYI.  :)



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: It's time for PGP to die.

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 08/18/2014 09:03 PM, Robert J. Hansen wrote:
>> The article also mentions the issue of inspections at border
>> crossings which are not criminal investigations.
> 
> A U.S. appellate court recently ruled that inspections of laptop 
> contents at border crossings violated the Fourth Amendment.  It's 
> currently being appealed, but so far the tea leaves are the
> Supreme Court won't touch it and will instead simply let the
> appellate decision stand.  Just FYI.  :)

At least for US persons, iirc the protection doesn't extend beyond that?

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Potius sero quam numquam
Better late then never
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJT8k5sAAoJEPw7F94F4TaguwkP/j2m6HBdFskiyQtcriEfMOus
+uaOCoSQOXyoF1G/PZILne66o1PkrMgjd4K7I1Mzg5CvI061V0YAjlskwMo5/y3J
92hZivc14GMdusk6ozhLtnd+lP2V6XUUfuxoPOJJ+jwlpnMMfb5iliCg6GmVm2FI
iQN1UY7+VpJVHebnT2vkYPAmIBrzFkJ3F7lJKo0uNygPwa0LK4EWq7oOWCRLAiOC
sDOQYM3L4RDt1bx2VWQcH9Sp/O6gNJMJb1/E0o/0i25owtiO77F7IM8AWMA3H69Y
G2FJTfs32sCcIG93OQftdZIGjLKa9+LiqrMVvcZvMmbubtkB37DSScZJNDrVKGik
fhBV3wUL7XfJ3SRoaHN9oAX8wb+B/2tyB0eGy9Fmt6A2InO5KRDC5Su+qld/f1xi
CqbuICZ0b/EDzSVewanRVPWj7uNHg61Cn+3UdnFE0QT4iMGX9wKq+P5abEyenG6p
u+hwD62g8QsWtBtALe+SIObwXTXJtK/9HvKZT7sUm4ygzB+rjy7W3Lwi2pFOCMR0
E0IZST/Kh7g7acbhrkrvWlWgSChNFfHQErL64IHckeATVudgHVw1346oQZoNBtvq
cn3vgU+4x84Oh/K1n8T1/k2nUejVy2InMqwTcuHFEJpxV5D2Agw2yF3XUJBT9HaU
Nrok4Vu1aNVRB2aWMOsl
=0WAA
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: It's time for PGP to die.

[Robert J. Hansen]

> At least for US persons, iirc the protection doesn't extend beyond
> that?

No, the Fourth Amendment protects all people within U.S. borders
equally.  Americans get no special protections over visitors to the country.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: It's time for PGP to die.

[Johan Wevers]

On 18-08-2014 20:11, Robert J. Hansen wrote:

> Err -- *what* right to remain silent?  No country has a universal right
> to remain silent.  If you're a witness to a crime, you can be compelled
> to testify about what you see.

Yes, unfortunately.

>  If you're in possession of documents
> that are relevant to a police investigation, you can be ordered to
> produce them, and so on and so on.

No, not here. When the police thinks I have such documents they can get
a search order, but if they can't find them and I remain silent it's too
bad for them. I am not in violation of any law when I don't give them,
not even when they later find out I did have them. Same for when I would
destroy or encrypt said documents after I found out the police was
looking for them.

> Keep in mind that the idea of a subpoena duces tecum is so
> uncontroversial that it's been formalized in *two* separate Hague
> conventions: the Hague Service Convention and the Hague Evidence
> Convention.

Perhaps, but the Dutch law doesn't wortk like that.

> If you don't have trust in U.S. law because we have the
> subpoena duces tecum,

Not ONLY because of that.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: It's time for PGP to die

[Michael Anders]

>> Once a crisp and nicely implementable asynchronous protocol with forward
>> secrecy comes up, however, we should have it implemented
>> immediately.(The synchronous ones are easy, of course.)

>Whispersystems has done a good job with Textsecure as ar as I read the
>opinions about it. In practice their application is very usable too,
>except that MMS does not work in some circumstances (but who uses that
>anyway in 2014?)

 


Think about implementing forward secrecy for a moment and imagine, you had to develop a "forward secret PGP"(actually in my opinion it should properly be called backward secrecy for that matter.)

You have to keep track of all one to one communications with their current status of shared secrets. This is much more data to be kept secret than without fs. In fact depending on your activity possibly so much more that simply enciphering the whole database would not be efficient anymore. You would have to use a random access cipher (like e.g. in truecrypt). You don't have it yet? Then you have to code it - a formidable task-  or get it from some other source. Just in case - do you trust the other source...?

And if you have a random access cipher, what amount of information is visible to the intruder just from viewing the outer structure and its reaction to activity of this random access database cipher?

How do you deal with simultaneously maintaining one to one communications that exchange messages 10 times a day as well as comms that talk to each other once every other year. This is a problem if you have a systen that changes public keys on a time basis.

You will have to delete info regarding dead communication strands to keep the database compact. What time do you set to declare a strand dead?
How do you recover if messages were lost or if a deleted strand suddenly is reanimated by your peer? How do you recover without opening a soft flank to attackers who want to highjack the strand?

How do you detect it when a strand was highjacked by a MITM-Attack?

How do you deal with highly asymmetric communication strands, once a year into one direction, twice a day into the other direction?

How about a busy strand where one strand sends two messages in rapid succession and resets his timer in between and the messages arrive in reversed order? How do you recover in this case?

How do you synchronize databases if a user wants to sustain the one to one communication using different systems(e.g. office PC - netbook-smartphone) intermittingly.

I can go on and on and on. To me this IS like opening a can of worms. And I seriosly doubt if the pain is worth the reward(forward secrecy).

 

Matthew Green mentions the Axolotl protocol and TextSecure(which you refer to in your post as well) as a product that uses it. Well if TextSecure/Axolotl -which I haven't used and don't seriously know yet- solved all these problems satisfactorily and securely I bow in humble adoration(seriously).

You should have a look at the Axolotl protocol   https://github.com/trevp/axolotl/wiki

First look at the humongous state variable!
Then it takes about 60 lines of description where a standard public key protocol would take about 5. From studying the protocol, you can see that some of the above mentioned problems might be solved, yet we don't know how it stands against a brilliant attacker. The sheer complexity makes me feel very uneasy.

In my view, the axolotl protocol has the elegance of transporting water in a bucket with twenty something holes, where each hole got a cork plugged into it. I wouldn't want to code it.

By the way - Green (rightfully) critizises PGP for bad defaults (e.g. using SHA1) yet he praises TextSecure which heavily relies on SHA1. This leaves me baffled.

 

Cheers,

  Michael Anders

 



 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: It's time for PGP to die.

[Bob Holtzman]

On Sun, Aug 17, 2014 at 04:42:52PM -0400, Robert J. Hansen wrote:
> > Unfortunately most of us do. Including the US, UK and the Dutch are
> > aklso pushing for such laws.
> 
> Speaking only for the U.S., this is not the case.

Dream on.
 
> The United States Constitution protects an individual's right not to
> testify against themselves.  If the production of a passphrase would
> have any kind of testimonial value, then such production cannot be
> ordered.  The only time production of a passphrase is permitted is when
> it lacks any testimonial value.

There are quite a few ways police and prosecutors can coerce a suspect
to hand over his encryption key(s). Dangling the prospect of a lighter
sentence under the poor bugger's nose, or conversely, threatening to
come down hard, perhaps going for a death penalty. The surrender of a
suspect's keys would be "voluntary" and therefore constitutional. Even if
the role production serves is testimonial, if it's voluntary, and the
statement the poor sod is required to sign will so state, it's 
constitutional (I think).   

Don't forget, even non-testimonial key surrender can be used to build a
body of evidence.  

DISCLAIMER: I'm not a lawyer and the above is opinion only.
 

> Many people look at one particular case and say, "hey, production was
> required in that case, clearly the U.S. can compel you to produce!", or
> "production wasn't required in that case, clearly the U.S. can't compel
> you to produce!"  The reality is different.  You need to look at the
> role the production serves.  Testimonial in nature?  Nope, forbidden.
> Non-testimonial?  Yep, permitted.

-- 
Bob Holtzman
Giant intergalactic brain-sucking hyperbacteria 
came to Earth to rape our women and create a race 
of mindless zombies.  Look!  It's working!


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: It's time for PGP to die.

[Robert J. Hansen]

On 8/18/2014 9:32 PM, Bob Holtzman wrote:
> There are quite a few ways police and prosecutors can coerce a 
> suspect to hand over his encryption key(s).

Your examples which involve coercion are illegal, and the ones that are
legal do not involve coercion.

> Dangling the prospect of a lighter sentence under the poor bugger's 
> nose

Not coercion.

Prosecutor: "We know you have an encrypted drive partition with a lot of
child porn on it.  Give up your passphrase and we'll reduce it to ten
counts of possession and drop the intent to distribute, and we won't
object to sentences running concurrently."

Defendant: "... that sounds really good."

Or, alternately, imagine the defendant is innocent of the charge:

Defendant: "I can't accept that deal.  I'm innocent of that."  (True: if
you're innocent of the charge, you're not allowed to plead guilty to it.
 You might be able to talk the judge into accepting an Alford, but it'd
be an uphill battle.)

Or, alternately, imagine the defendant is guilty, but only of eight
counts of possession:

Defendant: "No deal.  I'll take my risks in court.  Good luck producing
these 'thousands of images' you're talking about."

> or conversely, threatening to come down hard, perhaps going for a 
> death penalty.

Grossly illegal, in violation of the canons of legal ethics, and will
get an attorney disbarred.  Don't confuse "Law & Order" re-runs with
real life.  The DA is allowed to threaten prosecution of only those
crimes the DA reasonably believes a person violated, and the DA is
expressly forbidden from using the threat of the death penalty to
persuade someone to taking a lesser sentence.

> The surrender of a suspect's keys would be "voluntary" and therefore 
> constitutional.

In your first example yes, in your second example no.

Don't get me wrong: prosecutors have a lot of power, and I personally
believe they have too much power with too little accountability.
However, it's not a de-facto state of tyranny, either.

As always, my best advice for people facing legal problems is "shut up
and get a lawyer."



smime.p7s
Description: S/MIME Cryptographic Signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users