29 Years of the Digest ... founded August 21, 1981

Classified Ads
TD Extra News

Add this Digest to your personal   or  

 



The Telecom Digest for February 02, 2011
Volume 30 : Issue 29 : "text" Format

Messages in this Issue:

Re: Let's talk about privacy(John Mayson)
Re: Let's talk about privacy(David Clayton)
Re: Let's talk about privacy(John Mayson)
Re: Let's talk about privacy(Fred Atkinson)
Re: Let's talk about privacy(Garrett Wollman)


====== 29 years of TELECOM Digest -- Founded August 21, 1981 ====== Telecom and VOIP (Voice over Internet Protocol) Digest for the Internet. All contents here are copyrighted by Bill Horne and the individual writers/correspondents. Articles may be used in other journals or newsgroups, provided the writer's name and the Digest are included in the fair use quote. By using -any name or email address- included herein for -any- reason other than responding to an article herein, you agree to pay a hundred dollars to the recipients of the email. =========================== Addresses herein are not to be added to any mailing list, nor to be sold or given away without explicit written consent. Chain letters, viruses, porn, spam, and miscellaneous junk are definitely unwelcome. We must fight spam for the same reason we fight crime: not because we are naive enough to believe that we will ever stamp it out, but because we do not want the kind of world that results when no one stands against crime. Geoffrey Welsh =========================== See the bottom of this issue for subscription and archive details and the name of our lawyer, and other stuff of interest.

Date: Tue, 1 Feb 2011 08:42:49 -0600 From: John Mayson <john@mayson.us> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Re: Let's talk about privacy Message-ID: <AANLkTinex8WYZ=o5yQnwG-7FSt4QFTGW4PrPqvTJ1m5Z@mail.gmail.com> I used to be very paranoid about this. I downloaded all email to my computer, deleted the copies from the server, and even created encrypted backups. I finally rationalized this fear away. Just because I'm doing this doesn't mean the friend I correspond with all the time is. Email is easily intercepted and for all I know there's a folder on an FBI hard drive with my name on it full of email. And lastly, while this logic makes privacy advocates cringe: I'm not doing anything wrong. I don't do anything online that I wouldn't want my wife, kids, or parents knowing about. I live pretty openly in cyberspace. You can find all about me at http://johnmayson.com. -- John Mayson <john@mayson.us> Austin, Texas, USA
Date: Tue, 01 Feb 2011 19:01:14 +1100 From: David Clayton <dcstar@myrealbox.com> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Re: Let's talk about privacy Message-ID: <pan.2011.02.01.08.01.10.737069@myrealbox.com> On Tue, 01 Feb 2011 05:07:07 +0000, Garrett Wollman wrote: ......... > What I haven't done, and should, is configure opportunistic encryption on > the mail server -- as it stands, the bad cops will just tap my ISP. > Whatever happened to the push to have everyone using PGP keys and having their e-mail encrypted? That seemed to be pushing along quite nicely about a dozen years ago and once you get it sorted out it is quite easy to use with most e-mail clients these days. It would certainly add in a massive increase in protection of any e-mail contents as it would still take anyone a lot of processing power to decode messages encrypted with the currently available methods. -- Regards, David. David Clayton Melbourne, Victoria, Australia. Knowledge is a measure of how many answers you have, intelligence is a measure of how many questions you have. ***** Moderator's Note ***** Yes, encryption - i.e., Public Key Infrastructure, or "PKI"-based encryption, was going well around Y2K. I was a Thawte Notary, and would certify applicants' ID's for personal email certificates. It all sort of died, and I don't know why. Perhaps users were so leary of the "black magic" of PKI, or of disclosing their identity details to an unfamiliar company in order to use PKI, that they felt it was better to have an unsecure email (which they could deny sending), rather than a secure email (which a recipient could prove they had sent). PKI will come back eventually, although it will almost certainly be via X.509 certificates managed through the existing commercial companies such as Verisign. I predict the public will trust bankers as "neutral third parties" to verify identities - after all, they already have all the information - and that the need to secure electronic commerce will be the driving force. The only question is when: either there will be a major meltdown of the electronic banking system, with attendent loses, or various governments will demand that all electronic communication be traceable to a person at its origin. Bill Horne Moderator
Date: Tue, 1 Feb 2011 12:53:43 -0600 From: John Mayson <john@mayson.us> To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Re: Let's talk about privacy Message-ID: <AANLkTi=jcZG9tecN7zes+tW9GMOhGyXfjeQk0ZZ5fVL=@mail.gmail.com> On Tue, Feb 1, 2011 at 2:01 AM, David Clayton <dcstar@myrealbox.com> wrote: > Whatever happened to the push to have everyone using PGP keys and having > their e-mail encrypted? > > That seemed to be pushing along quite nicely about a dozen years ago and > once you get it sorted out it is quite easy to use with most e-mail > clients these days. > > It would certainly add in a massive increase in protection of any e-mail > contents as it would still take anyone a lot of processing power to > decode messages encrypted with the currently available methods. In the mid-90s I discovered PGP. I started using it. Wow. First problem was it was like playing volleyball by myself. When no one else uses it, it's sort of pointless. But secondly all it did was raise eyebrows. This was the era of the first WTC bombing, Waco, Ruby Ridge, and Oklahoma City. "Why is John suddenly so interested in encrypting his email?". I dropped it, but started using GnuPG around the turn of the century, just in time for the next WTC disaster. And I had the same problem. No one play encryption with and it was just raising eyebrows. The final nail in the coffin was when I switched to Gmail. I can use an email client and use GnuPG that way. And there are browser plug-ins that support it with webmail. But since few do it I figure why bother. IMHO, all email should be signed and encrypted, but I'm sort of weird that way. John -- John Mayson <john@mayson.us> Austin, Texas, USA
Date: Tue, 1 Feb 2011 13:21:42 -0700 From: fatkinson.remove-this@and-this-too.mishmash.com To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Re: Let's talk about privacy Message-ID: <716d5ff302558588cfec58b77a000a3d.squirrel@webmail.mishmash.com> > On Tue, 01 Feb 2011 05:07:07 +0000, Garrett Wollman wrote: > ......... >> What I haven't done, and should, is configure opportunistic encryption >> on >> the mail server -- as it stands, the bad cops will just tap my ISP. >> > Whatever happened to the push to have everyone using PGP keys and having > their e-mail encrypted? > > That seemed to be pushing along quite nicely about a dozen years ago and > once you get it sorted out it is quite easy to use with most e-mail > clients these days. > > It would certainly add in a massive increase in protection of any e-mail > contents as it would still take anyone a lot of processing power to > decode messages encrypted with the currently available methods. > > -- > Regards, David. > > David Clayton > Melbourne, Victoria, Australia. > Knowledge is a measure of how many answers you have, intelligence is a > measure of how many questions you have. > > ***** Moderator's Note ***** > > Yes, encryption - i.e., Public Key Infrastructure, or "PKI"-based > encryption, was going well around Y2K. I was a Thawte Notary, and > would certify applicants' ID's for personal email certificates. > > It all sort of died, and I don't know why. Perhaps users were so leary > of the "black magic" of PKI, or of disclosing their identity details > to an unfamiliar company in order to use PKI, that they felt it was > better to have an unsecure email (which they could deny sending), > rather than a secure email (which a recipient could prove they had > sent). > > PKI will come back eventually, although it will almost certainly be > via X.509 certificates managed through the existing commercial > companies such as Verisign. I predict the public will trust bankers as > "neutral third parties" to verify identities - after all, they already > have all the information - and that the need to secure electronic > commerce will be the driving force. The only question is when: either > there will be a major meltdown of the electronic banking system, with > attendent loses, or various governments will demand that all > electronic communication be traceable to a person at its origin. > > Bill Horne > Moderator I don't understand why. After I completed my graduate studies at Hopkins (in my Network Security course, I wrote a paper about the use of PGP), I put together a PGP course for the CPCUG (Capital PC Users Group) in Washington, DC some years back. I was getting excellent ratings on it from my students. One of them wrote a blurb in the CPCUG Monitor about how easy it was to use PGP after completing my course. The first turnout for it had engineering people, LAN people, mathematicians, and someone from Amnesty International. The attendance at the subsequent seminars were much lower. Finally, there was no more demand for it. So the course died a natural death although I've used the slides I developed for the course when I've done presentations on PGP. It was disappointing. Fred ***** Moderator's Note ***** I'm tempted to say that PGP/GPG is too difficult for non-techies to use, but X.509 PKI didn't fare any better, and that capability is already built-in to every common email client. We need a Psychologist: there must be some subtle problem with users' perceptions of encryption that scares them away from it. Perhaps users are scared of admitting that they don't understand their expensive computers as well as they like to think, or maybe they're reluctant to ask those at the other end of the link to educate themselves in order to decrypt the emails. Come to think of it, I'm amazed that the U.S. Government didn't make digital signatures mandatory after 9/11: it would have made all emails traceable to at least some level of "identity" verification, and could have eliminated spam in the bargain. Of course, digital signatures use the same process as digital encryption, and maybe Uncle Sam was afraid of repeating the "Clipper chip" debacle. Bill Horne Moderator
Date: Tue, 1 Feb 2011 19:05:40 +0000 (UTC) From: wollman@bimajority.org (Garrett Wollman) To: telecomdigestmoderator.remove-this@and-this-too.telecom-digest.org. Subject: Re: Let's talk about privacy Message-ID: <ii9li4$io$1@grapevine.csail.mit.edu> In article <pan.2011.02.01.08.01.10.737069@myrealbox.com>, David Clayton <dcstar@myrealbox.com> wrote: >Yes, encryption - i.e., Public Key Infrastructure, or "PKI"-based >encryption, was going well around Y2K. I was a Thawte Notary, and >would certify applicants' ID's for personal email certificates. PGP has always been much more popular than X.509-based systems (which isn't saying much). >PKI will come back eventually, although it will almost certainly be >via X.509 certificates managed through the existing commercial >companies such as Verisign. Almost certainly not. People might use X.509 certificates, but they will be self-signed (from X.509's perspective) with the actual authentication taking place through the DNS. DNSsec is here today for many top-level domains, and will be universal soon; it solves most of the problems that X.509 creates, including the VeriSlime (near-)monopoly. -GAWollman -- Garrett A. Wollman | What intellectual phenomenon can be older, or more oft wollman@bimajority.org| repeated, than the story of a large research program Opinions not shared by| that impaled itself upon a false central assumption my employers. | accepted by all practitioners? - S.J. Gould, 1993
TELECOM Digest is an electronic journal devoted mostly to telecom- munications topics. It is circulated anywhere there is email, in addition to Usenet, where it appears as the moderated newsgroup 'comp.dcom.telecom'. TELECOM Digest is a not-for-profit, mostly non-commercial educational service offered to the Internet by Bill Horne. All the contents of the Digest are compilation-copyrighted. You may reprint articles in some other media on an occasional basis, but please attribute my work and that of the original author. The Telecom Digest is moderated by Bill Horne. Contact information: Bill Horne Telecom Digest 43 Deerfield Road Sharon MA 02067-2301 781-784-7287 bill at horne dot net Subscribe: telecom-request@telecom-digest.org?body=subscribe telecom Unsubscribe: telecom-request@telecom-digest.org?body=unsubscribe telecom This Digest is the oldest continuing e-journal about telecomm- unications on the Internet, having been founded in August, 1981 and published continuously since then. Our archives are available for your review/research. We believe we are the oldest e-zine/mailing list on the internet in any category! URL information: http://telecom-digest.org Copyright (C) 2009 TELECOM Digest. All rights reserved. Our attorney is Bill Levant, of Blue Bell, PA. --------------------------------------------------------------- Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of fifty dollars per year per reader is considered appropriate. See our address above. Please make at least a single donation to cover the cost of processing your name to the mailing list. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization.
End of The Telecom Digest (5 messages)

Return to Archives ** Older Issues