On Fri, May 26, 2000 at 09:12:16AM +, Sergio Brandano wrote:
> > Of course, you could also implement something like a bulletin board
> > on HTTP over SSL instead... or maybe SMTP over SSL to each individual
> > list subscriber. (insecure; most subscribers don't run their own mail
> > server)
>
On 26-May-2000 Alexander Hvostov wrote:
> Bradley,
>
> Uhm, isn't Sendmail's SMTP-over-SSL thing supposed to conform to some
> standard..? I seriously doubt the other endpoint has to be
> Sendmail; rather, I think it probably only needs to be running a proper
> SMTP-over-SSL implementation. If th
Ethan,
No. RSA does. And they have the agreement of enough people (whereas MS
doesn't) to push the feds into sticking to relaxed crypto export controls.
"Remember, if you don't keep the crypto laws relaxed, none of us will vote
for you... nor will our supporters."
Regards,
Alex.
---
PGP/GPG F
On Fri, May 26, 2000 at 02:37:59AM -0700, Alexander Hvostov wrote:
> Ethan,
>
> Only one problem. Charlie Brown doesn't have hordes of lawyers.
and the Free software movement does?
MS has hoards of lawyers and billions of dollors and even they are not
escaping the US govt ;-)
--
Ethan Benson
Ethan,
Only one problem. Charlie Brown doesn't have hordes of lawyers.
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GCM d- s:+ a--- C UL P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X
On Fri, May 26, 2000 at 02:19:06AM -0700, Alexander Hvostov wrote:
> Ethan, and everyone,
>
> I seem to keep having to repeat myself: the USA recently relaxed its
> crypto export controls. I'm not certain if that means I can download
> OpenSSL and then send it to someone in country here>, but I b
Sergio,
It would be useless to try and use SSL for debian-security, because it is
a publicly accessible list, which sort of defeats the purpose of SSL...
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK-
Version: 3.12
G
Ethan, and everyone,
I seem to keep having to repeat myself: the USA recently relaxed its
crypto export controls. I'm not certain if that means I can download
OpenSSL and then send it to someone in , but I believe I can.
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B
We'll soon be getting braindead crypto laws in the UK if the RIP bill goes
through.
RIP details at http://www.stand.org.uk/
On Fri, 26 May 2000, Alexander Hvostov wrote:
> Sergio,
>
> That's what GPG and a good MUA like Pine is for. Let's see "Big
> Brother" crack 1024-bit public key crypto a
Alexander Hvostov wrote
> ...Unless you encrypt to a public key belonging to everyone on the
> mailing list, which certainly can be done, though this means
> distributing the appropriate public/private key pair, so the keys
> themselves would also have to be encrypted, probably to each
> individ
On Fri, May 26, 2000 at 12:19:33AM -0700, Alexander Hvostov wrote:
> Sergio,
>
> That's what GPG and a good MUA like Pine is for. Let's see "Big
> Brother" crack 1024-bit public key crypto anytime this decade...
>
> I know you can't legally do this in France; if you have a desire for your
> email
Julien,
The US has relaxed its crypto export laws. I understand crypto can be
exported freely now, though I'm not going to try that until I have a nice
lawyer to talk to...
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-BEGIN GEEK CODE BLOCK--
On Fri, May 26, 2000 at 12:19:33AM -0700, Alexander Hvostov wrote:
> Sergio,
>
> That's what GPG and a good MUA like Pine is for. Let's see "Big
> Brother" crack 1024-bit public key crypto anytime this decade...
>
> I know you can't legally do this in France; if you have a desire for your
> email
Bradley,
Uhm, isn't Sendmail's SMTP-over-SSL thing supposed to conform to some
standard..? I seriously doubt the other endpoint has to be
Sendmail; rather, I think it probably only needs to be running a proper
SMTP-over-SSL implementation. If this is the case, then this can be done
with stunnel an
Daniel,
...Unless you encrypt to a public key belonging to everyone on the mailing
list, which certainly can be done, though this means distributing the
appropriate public/private key pair, so the keys themselves would also
have to be encrypted, probably to each individual user.
Of course, you co
Sergio,
That's what GPG and a good MUA like Pine is for. Let's see "Big
Brother" crack 1024-bit public key crypto anytime this decade...
I know you can't legally do this in France; if you have a desire for your
email to be private, then I suggest moving to a country whose crypto
policies are not
Sendmail is also beginning to address this issue. 8.11.x is supposed to
include SSL code to do end-to-end encryption. However, this still leaves
an opening at the destination host for snooping. Aside from that, this
assumes that both ends are using sendmail 8.11, which is a pipe dream for
a while t
The closest reliable method in that area is PGP encryption
of e-mail. In theory only those people who have the message
signed with their public key will be able to read it.
In practice I haven't heard otherwise.
The only place where it isn't appropriate to encrypt (maybe only sign)
is on public
I would like to raise the problem of the security of electronic
mail. The problem popped into my mind a while ago, while reading
about Italian legislation on the privacy and, in particular, of
paper mail. I always wanted to draw the issue to the attention of the
``hi spheres'', but I am now i
19 matches
Mail list logo
