On 3/14/10 1:52 AM, erythrocyte wrote:
> From my understanding, the probabilities calculated give you
> random error. That is "given a population of 4 people, there is a
> 68.4% chance that there would >=1 failures purely by random effects
> regardless of what actions they may or may not take to in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
erythrocyte escribió:
...
> The combined probability that all individuals would accept a fake ID
> would be 1/4 * 1/4 * 1/4 * 1/4 = 0.00390625 .
>
> However, the combined probability that at least one of the encounters
> would result in accepting a
On Sun, Mar 14, 2010 at 8:08 AM, Robert J. Hansen wrote:
> On 3/13/10 8:06 PM, erythrocyte wrote:
>> Umm.. if I understand the nature of the probability tests or
>> calculations just mentioned above, the results have to be accepted as
>> they are. They either got it wrong or right. Those individua
On 3/13/10 8:06 PM, erythrocyte wrote:
> Umm.. if I understand the nature of the probability tests or
> calculations just mentioned above
You don't.
If person A and person B disagree on whether something is fake, the
operating assumption is that it's fake. The burden is on the person
claiming it
On Sat, Mar 13, 2010 at 10:04 PM, Robert J. Hansen wrote:
>
> 99.6%; a little different. The binomial theorem gives us the correct numbers.
>
> 0 failures: 31.6%
> 1 failure: 42.2%
> 2 failures: 21.1%
> 3 failures: 4.7%
> 4 failures: 0.4%
Alrighty... :-) . So the combined probability that there
Robert J. Hansen wrote:
But all that aside, I'm pretty sure news reports, etc. of human
traffickers, smugglers, spies, etc. all confirm the fact that
national IDs such as passports can be forged and do in fact slip by
immigration authorities pretty commonly.
Only because the news doesn't report
> But all that aside, I'm pretty sure news reports, etc. of human traffickers,
> smugglers, spies, etc. all confirm the fact that national IDs such as
> passports can be forged and do in fact slip by immigration authorities pretty
> commonly.
Only because the news doesn't report on people who g
On Mar 13, 2010, at 7:08 AM, erythrocyte wrote:
> However, the combined probability that at least one of the encounters would
> result in accepting a fake ID would be 1/4 + 1/4 + 1/4 + 1/4 = 1 .
99.6%; a little different. The binomial theorem gives us the correct numbers.
0 failures: 31.6%
1
2010/3/13 Ingo Klöcker
> Sorry, but your calculation is wrong. If the calculation was correct
> then with 5 encounters the probability would be 1.25 which is an
> impossibility. Probability is never negative and never > 1. (People say
> all the time that they are 110 % sure that something will hap
On Saturday 13 March 2010, erythrocyte wrote:
> On Sat, Mar 13, 2010 at 1:14 PM, Robert J. Hansen
wrote:
> > Even then — so what? Let's say the Type II rate is 25%. That's a
> > very high Type II rate; most people would think that failing to
> > recognize one set of fake IDs per four is a really
On Sat, Mar 13, 2010 at 1:14 PM, Robert J. Hansen wrote:
> Even then — so what? Let's say the Type II rate is 25%. That's a very
> high Type II rate; most people would think that failing to recognize one set
> of fake IDs per four is a really bad error rate. Yet, if you're at a
> keysigning par
On Sat, Mar 13, 2010 at 1:00 PM, Robert J. Hansen wrote:
> > I'm a little confused as to how does that make it any different from
> using the Pidgin OTR method.
>
> It's a question of degree, not kind.
>
> > I simply open up an OTR session, ask my friend a question the answer to
> which is secret
> The reason I think that it's still difficult is because even immigration
> officials get duped all the time.
Cites, please. Show me studies showing how often immigration officials get
duped, and how often they correctly flag false passports.
When verifying an identity document, the null h
> I'm a little confused as to how does that make it any different from using
> the Pidgin OTR method.
It's a question of degree, not kind.
> I simply open up an OTR session, ask my friend a question the answer to which
> is secret (only known to him)
How do you know the secret is known only to
On Sat, Mar 13, 2010 at 11:30 AM, Robert J. Hansen wrote:
> > There's no way I could be trained enough to
> > recognize spoofing of the latter kind even at a keysigning party.
>
> A serious question here -- have you considered writing Immigration and
> Customs Enforcement or the Border Patrol (or
On Sat, Mar 13, 2010 at 11:40 AM, Robert J. Hansen wrote:
> > You have an existing credential - a passport.
> > You then use that credential to verify another - a PGP key.
>
> The passport isn't used to verify the OpenPGP key. The passport is used to
> verify *identity*. The key fingerprint is u
> You have an existing credential - a passport.
> You then use that credential to verify another - a PGP key.
The passport isn't used to verify the OpenPGP key. The passport is used to
verify *identity*. The key fingerprint is used to verify the OpenPGP key.
A signature is a statement of "I be
> I guess what I'm trying to say here is that because regular people don't
> understand what spoofing actually is, that by itself is a security hole.
Semantics. A security hole is a way by which the security policy may be
violated. Most people don't bother to think about policy in the first pla
On 3/12/2010 5:33 PM, Robert J. Hansen wrote:
> The question isn't whether you can. The question is whether it's wise. The
> principle of using one credential to authorize the use of another credential
> is about as old as the hills. The ways to exploit this are about as old as
> the hills, t
On 3/13/2010 1:10 AM, MFPA wrote:
>> Each of these adds a given amount of risk, that really should be
>> made transparent to end-users IMHO.
>
>
> I think you might mean the risk should be made *clear* to end-users?
> Security is already *transparent* to end users visiting a "secure" website
> wh
On 3/13/2010 1:01 AM, Robert J. Hansen wrote:
> Sure. But the problem here isn't spoofed emails. The problem here is living
> in an area where basic human rights aren't respected. The spoofed emails
> didn't get them convicted: the spoofed emails were cooked up to provide
> political cover fo
On 3/13/2010 2:14 AM, Doug Barton wrote:
> You posited a scenario where you are using OTR communications to verify
> a PGP key. My assumption (and pardon me if it was incorrect) was that
> you had a security-related purpose in mind for the verified key.
Yes :-) .
--
erythrocyte
__
On 3/11/2010 11:36 PM, erythrocyte wrote:
> On 3/12/2010 10:54 AM, Doug Barton wrote:
>> "Secure" in this context is a relative term. (Note, I'm a long time user
>> of pidgin+OTR and a longer-time user of PGP, so I'm actually familiar
>> with what you're proposing.) If you know the person you're IM
> you live. If you belong to a minority people susceptible to persecution
> by a state agency, then yea sure there are many records of wrongful
> detention and arbitrary human rights abuses based on false pretenses.
Sure. But the problem here isn't spoofed emails. The problem here is living
in
On 3/12/2010 5:33 PM, Robert J. Hansen wrote:
>> I don't think OTR technology can claim to solve the gun-to-the-head
>> scenario. Although it claims to give users the benefit of
>> perfect-forward-secrecy and repudiation, I think such things matter
>> little in a court of law. People get convicted
> I don't think OTR technology can claim to solve the gun-to-the-head
> scenario. Although it claims to give users the benefit of
> perfect-forward-secrecy and repudiation, I think such things matter
> little in a court of law. People get convicted either wrongly or
> rightly, based on spoofed emai
On 3/12/2010 10:54 AM, Doug Barton wrote:
> "Secure" in this context is a relative term. (Note, I'm a long time user
> of pidgin+OTR and a longer-time user of PGP, so I'm actually familiar
> with what you're proposing.) If you know the person you're IM'ing well
> enough, you can do a pretty good jo
On 3/11/2010 12:20 AM, erythrocyte wrote:
But what if there was no way to meet in person, make a phone call or a
VoIP call. I was wondering if using Pidgin with the OTR plugin (and
authenticating the OTR session using the Q&A method; see above link)
could be considered a secure channel to exchang
28 matches
Mail list logo
