Re: pgp signing in van
Phillip Hallam-Baker <hallam@gmail.com> Fri, 06 September 2013 02:27 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FC4711E821A for <ietf@ietfa.amsl.com>; Thu, 5 Sep 2013 19:27:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a31pLgpL8amB for <ietf@ietfa.amsl.com>; Thu, 5 Sep 2013 19:27:20 -0700 (PDT)
Received: from mail-la0-x232.google.com (mail-la0-x232.google.com [IPv6:2a00:1450:4010:c03::232]) by ietfa.amsl.com (Postfix) with ESMTP id 6658C11E8218 for <ietf@ietf.org>; Thu, 5 Sep 2013 19:27:19 -0700 (PDT)
Received: by mail-la0-f50.google.com with SMTP id es20so2326068lab.9 for <ietf@ietf.org>; Thu, 05 Sep 2013 19:27:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=9KZ/tym7U/xVsAa126zLZumW9LoAC28Oks6Lw9++IfY=; b=vhXVlnWIzMbm9iUONokT3sPzAyK57XVRTxyAb4xS8TRLGKsXfhha1a4fL/7WGNvE/9 /svybfq3efL6APSfK8Rl0G72IfuGXimAbZK6PttEXpDE46pclkw3AKwBzdebraUeF4rv SERExVdnjsHn45AmzyM/a29KjsRJ7K8rqLAbemu7etPWWIZSm1q0OwphVBTfpUCcA8+P 7D6HwjPOMIobQxHemf8y9rIC3wItmhBlngxHQZhZrFsmPOPsHZm+wge2++gbv+p64VQD W5wsmr8MpJEJ/gF3VUZwskmYGpzf/ZS1vOiifElcFOX/4wbwrsxpkf4i/SEAGVu6nqLg H/sA==
MIME-Version: 1.0
X-Received: by 10.112.143.3 with SMTP id sa3mr850252lbb.12.1378434432716; Thu, 05 Sep 2013 19:27:12 -0700 (PDT)
Received: by 10.112.148.165 with HTTP; Thu, 5 Sep 2013 19:27:12 -0700 (PDT)
In-Reply-To: <m2zjrq22wp.wl%randy@psg.com>
References: <m2zjrq22wp.wl%randy@psg.com>
Date: Thu, 05 Sep 2013 22:27:12 -0400
Message-ID: <CAMm+Lwiu0QvAF-jH+iiq44Mku77gD1QdAWiqPRe95d0moKXCfw@mail.gmail.com>
Subject: Re: pgp signing in van
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Randy Bush <randy@psg.com>
Content-Type: multipart/alternative; boundary="089e011827aeb556a504e5adc6a5"
Cc: IETF Disgust <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 02:27:21 -0000
On Thu, Sep 5, 2013 at 8:45 PM, Randy Bush <randy@psg.com> wrote: > so, it might be a good idea to hold a pgp signing party in van. but > there are interesting issues in doing so. we have done lots of parties > so have the social protocols and n00b cheat sheets. but that is the > trivial tip of the iceberg. > > o is pgp compromised? just because it is not listed in [0] is not > very strong assurance in these dark days. > > o what are the hashes of audited software, and who did the audits? > > o what are the recommended algs/digest/keylen parameters? > > o do we really need eliptical, or is that a poison pill? > > o your questions go here ... > I think our problems now go a lot further. The NSA is allegedly spending $250 million a year infiltrating vendors and standards bodies. They have also been pretty aggressive in hiring IETF folk for various consulting contracts. The big risk I see here is that there is a lot of finger pointing and every bad decision that was made in the past that delayed the deployment of strong crypto is now considered prima facie evidence of being a mole. Not being a US citizen I see no reason to allow the NSA a backdoor in anything I do. But looking at the carelessness and incompetence with which they have guarded their own secrets I would not be anxious to allow them access to mine even if I was a US citizen. Seriously, this type of activity is an attack on the trust that is necessary for collaboration. I doubt that the people who design and deploy these programs had the slightest understanding of or concern for the costs or consequences of their actions. -- Website: http://hallambaker.com/
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Melinda Shore
- pgp signing in van Randy Bush
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Dave Crocker
- Re: pgp signing in van Scott Kitterman
- RE: pgp signing in van l.wood
- Re: pgp signing in van Russ Housley
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Joe Touch
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Joe Touch
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Scott Brim
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Pete Resnick
- Re: pgp signing in van Theodore Ts'o
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van John C Klensin
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Måns Nilsson
- RE: pgp signing in van l.wood
- Re: pgp signing in van Anshuman Pratap Chaudhary
- Re: pgp signing in van Måns Nilsson
- Re: pgp signing in van Brian Trammell
- Re: pgp signing in van Andrew Sullivan
- Re: pgp signing in van Cyrus Daboo
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van John Levine
- Re: pgp signing in van David Conrad
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Richard Barnes
- Re: pgp signing in van Scott Brim
- Re: [IETF] Re: pgp signing in van Warren Kumari
- What real users think [was: Re: pgp signing in va… Brian E Carpenter
- Re: pgp signing in van Dan York
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Steve Crocker
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: What real users think [was: Re: pgp signing i… Hector Santos
- Re: What real users think [was: Re: pgp signing i… Steve Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Brian E Carpenter
- Re: What real users think [was: Re: pgp signing i… John C Klensin
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: pgp signing in van David Morris
- Re: What real users think [was: Re: pgp signing i… SM
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: not really pgp signing in van John Levine
- Re: not really pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… John R. Levine
- Re: pgp signing in van Arturo Servin
- Re: not really pgp signing in van Scott Kitterman
- Re: What real users think [was: Re: pgp signing i… Phillip Hallam-Baker
- Re: not really pgp signing in van John Levine
- Re: What real users think [was: Re: pgp signing i… John Levine
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van John R Levine
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van John R Levine
- Re: What real users think [was: Re: pgp signing i… Fernando Gont
- Re: pgp signing in van Fernando Gont
- Re: pgp signing in van Ted Lemon
- Re: not really pgp signing in van Brian Trammell
- Re: pgp signing in van t.p.
- Re: not really pgp signing in van Måns Nilsson
- Re: pgp signing in van Ted Lemon
- the evil of html was Re: pgp signing in van t.p.
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Paul Wouters
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Martin Thomson
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van John R Levine
- Re: not really pgp signing in van manning bill
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Theodore Ts'o
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Yoav Nir
- was: not really pgp signing in van SM
- Re: was: not really pgp signing in van Phillip Hallam-Baker