From zenadsl6186 at zen.co.uk  Sun Mar  2 05:02:08 2014
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Sun, 02 Mar 2014 05:02:08 +0000
Subject: GCHQ YAHOO image collection - legal?
In-Reply-To: <6C5FE864-612B-40A9-98C2-E16835EDFEB1@gmail.com>
References: <5310320B.2010907@zen.co.uk>
	<6C5FE864-612B-40A9-98C2-E16835EDFEB1@gmail.com>
Message-ID: <5312BB50.1070201@zen.co.uk>

On 28/02/14 08:24, Dj Walker-Morgan wrote:
>
> Secret strap1 is a security classification, not the name of the people running the project.
>
> http://electrospaces.blogspot.co.uk/2013/12/the-british-classification-marking-strap.html


Thanks for the correction. OMG, no!, I didn't mean it that way!

I don't know whether it makes very much difference though - is the rest 
of secret strap-on at least potentially pervy too?

-- Peter Fairbrother


>
> Dj
>
>> On 28 Feb 2014, at 06:51, Peter Fairbrother <zenadsl6186 at zen.co.uk> wrote:
>>
>> http://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo
>>
>> (And the people running it are called "secret strap-one". Not kidding. Pervy, or what?)
>>
>>
>
>

? Material included large quantity of sexually explicit images"


From chris-ukcrypto at lists.skipnote.org  Fri Mar  7 12:18:22 2014
From: chris-ukcrypto at lists.skipnote.org (Chris Edwards)
Date: Fri, 7 Mar 2014 12:18:22 +0000 (GMT)
Subject: Cutting crime with road cameras
Message-ID: <E1WLtjM-0006Jk-Ih@skipnote.org>

So the Mayor of London wants "views on his proposals to allow the 
Metropolitan Police to have access to Automatic Number Plate Recognition 
(ANPR) cameras for crime prevention reasons."

 http://www.london.gov.uk/priorities/policing-crime/consultations/cutting-crime-with-road-cameras

> "We want London to be the safest big city in the world. "
> [...]
> The Met Police already use Automatic Number Plate Recognition (ANPR) 
> data to help keep London safe.
> [...]
> If London's police also had access to Transport for London (TfL)s 1,300 
> ANPR cameras, it would triple their level of coverage. These cameras are 
> currently used to enforce the capitals congestion and low emission 
> charges. They could also be used to solve and prevent crime."

Am I missing something here - shurely RIPA already allows Met Police to 
access this TfL data, as appropriate.  In which case, presumably the 
consultation is really about granting some higher level of access, 
possibly with less oversight than RIPA currently requires.

Of course, most reasonable people would agree Police should have "access", 
and will answer yes, without realising the question was *actually* 
regarding "more access"...

Chris



From nigel at dotdot.it  Fri Mar  7 12:45:52 2014
From: nigel at dotdot.it (Nigel Metheringham)
Date: Fri, 07 Mar 2014 12:45:52 +0000
Subject: Cutting crime with road cameras
In-Reply-To: <E1WLtjM-0006Jk-Ih@skipnote.org>
References: <E1WLtjM-0006Jk-Ih@skipnote.org>
Message-ID: <5319BF80.7050500@dotdot.it>


Chris Edwards wrote:
...
> Am I missing something here - shurely RIPA already allows Met Police to
> access this TfL data, as appropriate.  In which case, presumably the
> consultation is really about granting some higher level of access,
> possibly with less oversight than RIPA currently requires.

RIPA would almost certainly allow them to get the data after the event - 
as in 'hand me the data for 1 Jan'.  This looks more like having them 
set up to receive the data stream as its produced.  It would need to be 
done within an appropriate data protection framework, and the ICO have 
been known to be more than a little dubious regarding blanket collection 
of ANPR for anti-crime reasons

 
http://ico.org.uk/news/latest_news/2013/Police-use-of-Ring-of-Steel-is-disproportionate-and-must-be-reviewed-24072013

It might also trigger complaints/investigations of the existing 
retention policy for this data.  In terms of the existing reason for 
collecting it - enforcement of congestion/low-emission charges - there 
is not a good reason for keeping it substantially longer than the 
payment/appeal process

	Nigel.
-- 
[ Nigel Metheringham ------------------------------ nigel at dotdot.it ]
[                 Ellipsis Intangible Technologies                  ]


From prunesquallor at proproco.co.uk  Fri Mar  7 13:25:02 2014
From: prunesquallor at proproco.co.uk (John Brazier)
Date: Fri, 7 Mar 2014 13:25:02 -0000
Subject: Cutting crime with road cameras
In-Reply-To: <E1WLtjM-0006Jk-Ih@skipnote.org>
References: <E1WLtjM-0006Jk-Ih@skipnote.org>
Message-ID: <004801cf3a08$a5ac0fe0$f1042fa0$@proproco.co.uk>

http://www.abluestar.com/blog/sql-injection-license-plate/


-----Original Message-----
From: ukcrypto-bounces at chiark.greenend.org.uk
[mailto:ukcrypto-bounces at chiark.greenend.org.uk] On Behalf Of Chris Edwards
Sent: 07 March 2014 12:18
To: ukcrypto at chiark.greenend.org.uk
Subject: Cutting crime with road cameras

So the Mayor of London wants "views on his proposals to allow the
Metropolitan Police to have access to Automatic Number Plate Recognition
(ANPR) cameras for crime prevention reasons."

 
http://www.london.gov.uk/priorities/policing-crime/consultations/cutting-cri
me-with-road-cameras

> "We want London to be the safest big city in the world. "
> [...]
> The Met Police already use Automatic Number Plate Recognition (ANPR) 
> data to help keep London safe.
> [...]
> If London's police also had access to Transport for London (TfL)s 
> 1,300 ANPR cameras, it would triple their level of coverage. These 
> cameras are currently used to enforce the capitals congestion and low 
> emission charges. They could also be used to solve and prevent crime."

Am I missing something here - shurely RIPA already allows Met Police to
access this TfL data, as appropriate.  In which case, presumably the
consultation is really about granting some higher level of access, possibly
with less oversight than RIPA currently requires.

Of course, most reasonable people would agree Police should have "access",
and will answer yes, without realising the question was *actually* regarding
"more access"...

Chris





From jj.gray at shc.qinetiq-tim.com  Mon Mar 10 08:49:02 2014
From: jj.gray at shc.qinetiq-tim.com (JJ Gray)
Date: Mon, 10 Mar 2014 08:49:02 +0000
Subject: Cutting crime with road cameras
In-Reply-To: <004801cf3a08$a5ac0fe0$f1042fa0$@proproco.co.uk>
References: <E1WLtjM-0006Jk-Ih@skipnote.org>
	<004801cf3a08$a5ac0fe0$f1042fa0$@proproco.co.uk>
Message-ID: <531D7C7E.10201@shc.qinetiq-tim.com>

On 07/03/2014 13:25, John Brazier wrote:
> http://www.abluestar.com/blog/sql-injection-license-plate/

Nice idea, very old news [1], unlikely to work due to detection area
constraints and valid registration regexp. Personally I think Bobby
Tables was better. In unrelated news, the transcript of Dan Geer's RSA
speech is up for those that may be interested.

.We Are All Intelligence Officers Now
.Dan Geer, 28 February 14, RSA/San Francisco

http://geer.tinho.net/geer.rsa.28ii14.txt

Cheers,
		JJ

[1] https://www.schneier.com/blog/archives/2008/04/sql_injection_a_1.html



From prunesquallor at proproco.co.uk  Fri Mar 14 21:49:02 2014
From: prunesquallor at proproco.co.uk (John Brazier)
Date: Fri, 14 Mar 2014 21:49:02 -0000
Subject: Cutting crime with road cameras
In-Reply-To: <531D7C7E.10201@shc.qinetiq-tim.com>
References: <E1WLtjM-0006Jk-Ih@skipnote.org>	<004801cf3a08$a5ac0fe0$f1042fa0$@proproco.co.uk>
	<531D7C7E.10201@shc.qinetiq-tim.com>
Message-ID: <023101cf3fcf$376ffce0$a64ff6a0$@proproco.co.uk>

Thank you. 

I abase myself before your extraordinary intellect and all-encompassing
knowledge. I recognise my horrendous mistake in opening up the idea to
people who may have not come across SQL attacks in unusual ways. I apologise
for wasting your time, and I assure you, I won't do it again.

Cheers

JB

-----Original Message-----
From: ukcrypto-bounces at chiark.greenend.org.uk
[mailto:ukcrypto-bounces at chiark.greenend.org.uk] On Behalf Of JJ Gray
Sent: 10 March 2014 08:49
To: UK Cryptography Policy Discussion Group
Subject: Re: Cutting crime with road cameras

On 07/03/2014 13:25, John Brazier wrote:
> http://www.abluestar.com/blog/sql-injection-license-plate/

Nice idea, very old news [1], unlikely to work due to detection area
constraints and valid registration regexp. Personally I think Bobby Tables
was better. In unrelated news, the transcript of Dan Geer's RSA speech is up
for those that may be interested.

.We Are All Intelligence Officers Now
.Dan Geer, 28 February 14, RSA/San Francisco

http://geer.tinho.net/geer.rsa.28ii14.txt

Cheers,
		JJ

[1] https://www.schneier.com/blog/archives/2008/04/sql_injection_a_1.html





From lists at casparbowden.net  Sun Mar 16 08:55:07 2014
From: lists at casparbowden.net (Caspar Bowden (lists))
Date: Sun, 16 Mar 2014 08:55:07 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
Message-ID: <532566EB.9080101@casparbowden.net>

http://www.bbc.com/news/magazine-26581130 by @gordoncorera

Especially like the line "and activists began building systems for 
/people/ to use..."

BBC Online write-up doesn't mention
- Cocks & Williamson
- Clipper
- Labour Information Superhighway pledge not to do key escrow
- "Licensing of Trusted Third Parties" consultation and Labour's 
conversion to key-escrow
- Reversing burden of proof on key possession in RIPA

@gordoncorera evidently thought he should report on Ladar Levinson's 
doomed attempt to create server-side-secure encrypted email, rather than 
the UK's own virulent role in crypto-wars, and in 2013 twice re-assured 
the public that UK has a "no-spy" deal with US, and refused to correct 
this even after disproved by Snowden docs and disavowed by Obama

Will any ukcrypto people Tweet him some of his omissions, and ask why 
BBC is airbrushing the UK's own crypto-wars out of history?

[During Crypto-wars UK, Newsnight preferred to waste 8 minutes on a 
rugged helicopter ride to see Sealand crypto-rebels rather than explain 
the policy options]

Caspar




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20140316/57d86f37/attachment.html>

From pwt at iosis.co.uk  Mon Mar 17 09:09:54 2014
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Mon, 17 Mar 2014 09:09:54 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <532566EB.9080101@casparbowden.net>
References: <532566EB.9080101@casparbowden.net>
Message-ID: <5326BBE2.5080000@iosis.co.uk>

I didn't see that Newsnight segment, unfortunately, but did read the 
article and then listen to the BBC R4 program. Its now available online at:

http://www.bbc.co.uk/programmes/b03xzyy5

and I found that it reported on the USA battle: NSA v the people.

I would appreciate any informed comment about accuracy of the program, 
plus a view from this side of the pond. (I was during the 90s involved 
in a project - the Mondex bank cash card scheme - that depended on PKI, 
and from 2000 in the use of smart cards (and soon other devices) in 
ticketing for public transport.)

Peter

On 16/03/2014 08:55, Caspar Bowden (lists) wrote:
> http://www.bbc.com/news/magazine-26581130 by @gordoncorera
>
> Especially like the line "and activists began building systems for 
> /people/ to use..."
>
> BBC Online write-up doesn't mention
> - Cocks & Williamson
> - Clipper
> - Labour Information Superhighway pledge not to do key escrow
> - "Licensing of Trusted Third Parties" consultation and Labour's 
> conversion to key-escrow
> - Reversing burden of proof on key possession in RIPA
>
> @gordoncorera evidently thought he should report on Ladar Levinson's 
> doomed attempt to create server-side-secure encrypted email, rather 
> than the UK's own virulent role in crypto-wars, and in 2013 twice 
> re-assured the public that UK has a "no-spy" deal with US, and refused 
> to correct this even after disproved by Snowden docs and disavowed by 
> Obama
>
> Will any ukcrypto people Tweet him some of his omissions, and ask why 
> BBC is airbrushing the UK's own crypto-wars out of history?
>
> [During Crypto-wars UK, Newsnight preferred to waste 8 minutes on a 
> rugged helicopter ride to see Sealand crypto-rebels rather than 
> explain the policy options]
>
> Caspar
>
>
>
>



From zenadsl6186 at zen.co.uk  Mon Mar 17 15:52:10 2014
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Mon, 17 Mar 2014 15:52:10 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <532566EB.9080101@casparbowden.net>
References: <532566EB.9080101@casparbowden.net>
Message-ID: <53271A2A.3040701@zen.co.uk>

Hi Caspar,

There are many omissions and over-simplifications, but at 4.41 
@gordoncorera says:

"The Levinson case goes to the heart of a fundamental clash between two 
opposing sides - there are those who want our electronic communications 
to be entirely private, so that absolutely no-one apart from the 
recipient can know what's benig said. Set against them are those who 
think the State should be able to get access, for instance when it says 
it's investigating crime or protecting national security.


I think that's it in a nutshell - and on that basis, with the demands 
for keys in RIPA we lost the crypto wars in the UK.


Oh, and what about if the State says it is bugging Angela Merkel's phone 
"for the purpose of safeguarding the economic well-being of the United 
Kingdom"?




At a later point he is talking to a NSA wonk who says  "pedophiles are 
particularly savvy for reasons I don't understand".

Two comments on that - first, from the little I have seen they aren't 
actually all that savvy, they just use some crypto where most people 
don't use any.

But second, they are highly targeted and there is then a darwinian 
process - if they don't use encryption effectively then they won't 
remain at large. In the US it's fairly easy to use crypto effectively, 
just encrypt everything, as in general Court-enforced revealing of keys 
is regarded as testifying against oneself and against the Fifth Amendment.

It's a little harder to use crypto effectively in the UK because of the 
key demands in RIPA Part 2 - but only a little, you don't have to be any 
kind of nerd, eg truecrypt seems to do that job OK if used properly.


(I disagree with the extent of pedophile targeting, which I think is 
politically- rather than harm- driven -- if some pedo wants to rot his 
brain masturbating to pseudo-child imagery I can't see that that's any 
of the state's business unless he actually does something to real children.

Any supposed link between watching kiddy porn and actual child abuse is 
by no means proven - the little evidence we have actually strongly 
suggests otherwise. I digress, but pedophilia is often misused as an 
excuse to increase surveillance powers because of it's political impact.)





Of course the crypto wars are only a part of a larger privacy issue, eg 
can NSA/GCHQ use electronic communications to track people's movements? 
Can they track who you are talking to? Can they track everybody's 
movemnents and contacts? Technically yes to all the above, even when 
there is no suspicion about you, but should they be able to?



Another "horseman" is terrorism, but again it's more about politics than 
actual harm reduction. From Bruce Scheneier's CRYPTO-GRAM, January 15, 2014

" We have no evidence that any of this surveillance makes us safer. NSA 
Director General Keith Alexander responded to these stories in June by 
claiming that he disrupted 54 terrorist plots. In October, he revised 
that number downward to 13, and then to "one or two." At this point, the 
only "plot" prevented was that of a San Diego man sending $8,500 to 
support a Somali militant group.

We have been repeatedly told that these surveillance programs would have 
been able to stop 9/11, yet the NSA didn't detect the Boston bombings -- 
even though one of the two terrorists was on the watch list and the 
other had a sloppy social media trail. Bulk collection of data and 
metadata is an ineffective counterterrorism tool. "


That's something I think Baroness Manningham-Buller would agree with; 
but perhaps Charles Farr, who is far more power-hungry (and who would 
love to bug Angela Merkel's phone), might publicly disagree.




I don't tweet, but I'll cc this to @gordoncorera.


BTW, why do you think the Darkmail effort is doomed? I kinda agree, but 
I'd like to know what you think.


-- Peter Fairbrother




On 16/03/14 08:55, Caspar Bowden (lists) wrote:
> http://www.bbc.com/news/magazine-26581130 by @gordoncorera
>
> Especially like the line "and activists began building systems for
> /people/ to use..."
>
> BBC Online write-up doesn't mention
> - Cocks & Williamson
> - Clipper
> - Labour Information Superhighway pledge not to do key escrow
> - "Licensing of Trusted Third Parties" consultation and Labour's
> conversion to key-escrow
> - Reversing burden of proof on key possession in RIPA
>
> @gordoncorera evidently thought he should report on Ladar Levinson's
> doomed attempt to create server-side-secure encrypted email, rather than
> the UK's own virulent role in crypto-wars, and in 2013 twice re-assured
> the public that UK has a "no-spy" deal with US, and refused to correct
> this even after disproved by Snowden docs and disavowed by Obama
>
> Will any ukcrypto people Tweet him some of his omissions, and ask why
> BBC is airbrushing the UK's own crypto-wars out of history?
>
> [During Crypto-wars UK, Newsnight preferred to waste 8 minutes on a
> rugged helicopter ride to see Sealand crypto-rebels rather than explain
> the policy options]
>
> Caspar
>
>
>
>



From lists at internetpolicyagency.com  Mon Mar 17 20:08:01 2014
From: lists at internetpolicyagency.com (Roland Perry)
Date: Mon, 17 Mar 2014 20:08:01 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <53271A2A.3040701@zen.co.uk>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
Message-ID: <MtqqprGhY1JTFAco@perry.co.uk>

In article <53271A2A.3040701 at zen.co.uk>, Peter Fairbrother 
<zenadsl6186 at zen.co.uk> writes
>with the demands for keys in RIPA we lost the crypto wars in the UK.

I thought the Crypto Wars were about making its usage legal, at all. Not 
about who could ask criminals to open their safe with the evidence 
inside.
-- 
Roland Perry


From zenadsl6186 at zen.co.uk  Mon Mar 17 20:46:36 2014
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Mon, 17 Mar 2014 20:46:36 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <MtqqprGhY1JTFAco@perry.co.uk>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<MtqqprGhY1JTFAco@perry.co.uk>
Message-ID: <53275F2C.5030407@zen.co.uk>

On 17/03/14 20:08, Roland Perry wrote:
> In article <53271A2A.3040701 at zen.co.uk>, Peter Fairbrother
> <zenadsl6186 at zen.co.uk> writes
>> with the demands for keys in RIPA we lost the crypto wars in the UK.
>
> I thought the Crypto Wars were about making its usage legal, at all.


I'm pretty sure there was legal crypto before the wars - which were more 
about making it illegal.


> Not
> about who could ask criminals to open their safe with the evidence inside.

Criminals? Whatever happened to presumption of innocence? Until the safe 
is opened there is no evidence that they are criminals.


And indeed they may not be. RIPA part 2 doesn't just apply to criminals.


-- Peter Fairbrother





From zenadsl6186 at zen.co.uk  Mon Mar 17 20:49:50 2014
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Mon, 17 Mar 2014 20:49:50 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <MtqqprGhY1JTFAco@perry.co.uk>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<MtqqprGhY1JTFAco@perry.co.uk>
Message-ID: <53275FEE.90800@zen.co.uk>

On 17/03/14 20:08, Roland Perry wrote:
> In article <53271A2A.3040701 at zen.co.uk>, Peter Fairbrother
> <zenadsl6186 at zen.co.uk> writes
>> with the demands for keys in RIPA we lost the crypto wars in the UK.
>
> I thought the Crypto Wars were about making its usage legal, at all. Not
> about who could ask criminals to open their safe with the evidence inside.


Oh, and there was (and is afaik) no power to force people to open the 
safe. The Courts could issue a warrant or other power so that the Police 
etc could open the safe, if they could - but they could not force the 
owner to open it.


-- Peter Fairbrother





From brg at gladman.plus.com  Mon Mar 17 19:52:11 2014
From: brg at gladman.plus.com (Brian Gladman)
Date: Mon, 17 Mar 2014 19:52:11 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <53271A2A.3040701@zen.co.uk>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
Message-ID: <5327526B.1010905@gladman.plus.com>

On 17/03/2014 15:52, Peter Fairbrother wrote:
> Hi Caspar,
> 
> There are many omissions and over-simplifications, but at 4.41 
> @gordoncorera says:
> 
> "The Levinson case goes to the heart of a fundamental clash between
> two opposing sides - there are those who want our electronic
> communications to be entirely private, so that absolutely no-one
> apart from the recipient can know what's benig said. Set against
> them are those who think the State should be able to get access,
> for instance when it says it's investigating crime or protecting
> national security.
> 
> I think that's it in a nutshell - and on that basis, with the
> demands for keys in RIPA we lost the crypto wars in the UK.

Hi Peter,

I don't see RIPA as having the significance you attach to it in the
context of the Crypto Wars.  Various means of State sponsored coercion
to force people to reveal their secrets have been in existence for a
few thousand years prior to the Crypto Wars so why would adding one
more be such a big deal?

In my view the Crypto Wars were primarily about removing the controls
that the US, the UK and some other governments were seeking to
maintain on cryptographic and related technologies.

There were no doubt some who thought that this was about 'privacy for
the masses' but those with more real world experience knew only too
well that winning the Crypto Wars was only the first of several wars
that would have to be won if this was ever going to be achieved (and
the subsequent wars would be a _lot_ harder to win).

[snip]
> It's a little harder to use crypto effectively in the UK because of
> the key demands in RIPA Part 2 - but only a little, you don't have
> to be any kind of nerd, eg truecrypt seems to do that job OK if
> used properly.

There is surely little if any real difference - Levinson's keys were
seized in the US under US law so how does RIPA make things harder here?

I do, of course, agree that it is a real shame that the BBC programme
failed to even mention what was going on here in the UK. Especially so
given that this list was an intrinsic part of our Crypto Wars.

   Brian



From wendyg at pelicancrossing.net  Mon Mar 17 20:28:09 2014
From: wendyg at pelicancrossing.net (Wendy M. Grossman)
Date: Mon, 17 Mar 2014 20:28:09 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <MtqqprGhY1JTFAco@perry.co.uk>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<MtqqprGhY1JTFAco@perry.co.uk>
Message-ID: <53275AD9.8010603@pelicancrossing.net>

On 3/17/2014 20:08 PM, Roland Perry wrote:
> In article <53271A2A.3040701 at zen.co.uk>, Peter Fairbrother
> <zenadsl6186 at zen.co.uk> writes
>> with the demands for keys in RIPA we lost the crypto wars in the UK.
> 
> I thought the Crypto Wars were about making its usage legal, at all. Not
> about who could ask criminals to open their safe with the evidence inside.

Not in the UK. There was a significant push for key escrow and licensed
trusted third parties in the UK - the govt imagined we'd want banks to
serve in that function because we trusted them. There were big debates
about those, and also whether you could be compelled to hand over your key.

In the US, the export regulations were also a big deal, and PRZ put out
PGP when he did because there was a threat to ban domestic use of
encryption. By the time the crypto wars reached the UK PGP was already here.

wg
-- 
www.pelicancrossing.net <-- all about me
Twitter: @wendyg


From rl.hird at orpheusmail.co.uk  Mon Mar 17 21:34:47 2014
From: rl.hird at orpheusmail.co.uk (Roger Hird)
Date: Mon, 17 Mar 2014 21:34:47 +0000 (GMT)
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <53275F2C.5030407@zen.co.uk>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<MtqqprGhY1JTFAco@perry.co.uk> <53275F2C.5030407@zen.co.uk>
Message-ID: <53e9ff008frl.hird@orpheusmail.co.uk>

In article <53275F2C.5030407 at zen.co.uk>,
   Peter Fairbrother <zenadsl6186 at zen.co.uk> wrote:
> Criminals? Whatever happened to presumption of innocence? Until the safe 
> is opened there is no evidence that they are criminals.

Isn't the "presumption of innocence" a forensic convention relating to how
judges and juries make up their minds about guilt?  It doesn't stop us
locking up suspects in serious cases or searching their homes under warrant
- ortunately.

I'm old fashioned enough to think that the protection of life and property
- and the security of the nation - in the face of clear threats rather
trumps private privacy.

-- 
Roger Hird
rl.hird at orpheusmail.co.uk
Website: http://roger.hird.orpheusweb.co.uk



From lists at internetpolicyagency.com  Tue Mar 18 08:37:23 2014
From: lists at internetpolicyagency.com (Roland Perry)
Date: Tue, 18 Mar 2014 08:37:23 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <53275F2C.5030407@zen.co.uk>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<MtqqprGhY1JTFAco@perry.co.uk> <53275F2C.5030407@zen.co.uk>
Message-ID: <B4x5chGDXAKTFA0Q@perry.co.uk>

In article <53275F2C.5030407 at zen.co.uk>, Peter Fairbrother 
<zenadsl6186 at zen.co.uk> writes
>> Not
>> about who could ask criminals to open their safe with the evidence inside.
>
>Criminals? Whatever happened to presumption of innocence? Until the 
>safe is opened there is no evidence that they are criminals.

The means to gather evidence (based on reasonable suspicion) is firmly 
entrenched in our legal system. cont'd "search warrants"...
-- 
Roland Perry


From lists at internetpolicyagency.com  Tue Mar 18 08:38:48 2014
From: lists at internetpolicyagency.com (Roland Perry)
Date: Tue, 18 Mar 2014 08:38:48 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <53275FEE.90800@zen.co.uk>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<MtqqprGhY1JTFAco@perry.co.uk> <53275FEE.90800@zen.co.uk>
Message-ID: <UIn8wIHYYAKTFAVa@perry.co.uk>

In article <53275FEE.90800 at zen.co.uk>, Peter Fairbrother 
<zenadsl6186 at zen.co.uk> writes
>Oh, and there was (and is afaik) no power to force people to open the 
>safe. The Courts could issue a warrant or other power so that the 
>Police etc could open the safe, if they could - but they could not 
>force the owner to open it.

Are you sure that a court can't order a person to open their safe, on 
pain of being in contempt of court?
-- 
Roland Perry


From fjmd1a at gmail.com  Tue Mar 18 08:46:05 2014
From: fjmd1a at gmail.com (Francis Davey)
Date: Tue, 18 Mar 2014 08:46:05 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <UIn8wIHYYAKTFAVa@perry.co.uk>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<MtqqprGhY1JTFAco@perry.co.uk> <53275FEE.90800@zen.co.uk>
	<UIn8wIHYYAKTFAVa@perry.co.uk>
Message-ID: <CAEWR3ktyTXyHauc9ecQXwc8Sy9ZDw2D-Aej2Ue1zU=+Wuw4yng@mail.gmail.com>

2014-03-18 8:38 GMT+00:00 Roland Perry <lists at internetpolicyagency.com>:
>
>
> Are you sure that a court can't order a person to open their safe, on pain
> of being in contempt of court?


In some circumstances a court could order someone to hand over what is in
the safe to another person, yes. Failure to obey the order would be a
contempt and could be dealt with by imprisonment.

Example: you lend me your Faberge egg and I don't give it back when I
should. You obtain an injunction for delivery up of your property. I refuse
etc.


-- 
Francis Davey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20140318/66ec9ec6/attachment.html>

From igb at batten.eu.org  Tue Mar 18 09:15:21 2014
From: igb at batten.eu.org (Ian Batten)
Date: Tue, 18 Mar 2014 09:15:21 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <UIn8wIHYYAKTFAVa@perry.co.uk>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<MtqqprGhY1JTFAco@perry.co.uk> <53275FEE.90800@zen.co.uk>
	<UIn8wIHYYAKTFAVa@perry.co.uk>
Message-ID: <EC6BBF31-EDD8-47BE-B47D-EE035A88E4E6@batten.eu.org>


On 18 Mar 2014, at 08:38, Roland Perry <lists at internetpolicyagency.com> wrote:

> In article <53275FEE.90800 at zen.co.uk>, Peter Fairbrother <zenadsl6186 at zen.co.uk> writes
>> Oh, and there was (and is afaik) no power to force people to open the safe. The Courts could issue a warrant or other power so that the Police etc could open the safe, if they could - but they could not force the owner to open it.
> 
> Are you sure that a court can't order a person to open their safe, on pain of being in contempt of court?

I suspect it doesn't matter, because there are no (for practical purposes) safes which cannot be opened given large, but achievable, resources if you have physical access to the safe.   Very secure storage facilities (the safe in Area 51 where they keep the alien autopsy report) don't rely on super-sekrit safes that governments can't break into, they rely on defence in depth with fences, dogs, laws, CCTV and men with guns.   The problem safe-crackers have is not in opening the safe, but in opening the safe without being detected before they finish the job.  

Whereas with crypto it's possible to secure material such that no amount of resource can decrypt it.  In principle it's trivial, but we're all grown-up enough to know that key management and practical issues of implementation make it distinctly non-trivial.  However, it's certainly possible.

ian



From lists at internetpolicyagency.com  Tue Mar 18 09:20:02 2014
From: lists at internetpolicyagency.com (Roland Perry)
Date: Tue, 18 Mar 2014 09:20:02 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <53275AD9.8010603@pelicancrossing.net>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<MtqqprGhY1JTFAco@perry.co.uk> <53275AD9.8010603@pelicancrossing.net>
Message-ID: <arBPYtJC$AKTFA3r@perry.co.uk>

In article <53275AD9.8010603 at pelicancrossing.net>, Wendy M. Grossman 
<wendyg at pelicancrossing.net> writes
>> I thought the Crypto Wars were about making its usage legal, at all. Not
>> about who could ask criminals to open their safe with the evidence inside.
>
>Not in the UK. There was a significant push for key escrow and licensed
>trusted third parties in the UK - the govt imagined we'd want banks to
>serve in that function because we trusted them. There were big debates
>about those, and also whether you could be compelled to hand over your key.

How about "making its continued use illegal, unless you subscribed to an 
approved key escrow system".
-- 
Roland Perry


From lists at casparbowden.net  Tue Mar 18 10:25:44 2014
From: lists at casparbowden.net (Caspar Bowden (lists))
Date: Tue, 18 Mar 2014 10:25:44 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <53271A2A.3040701@zen.co.uk>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
Message-ID: <53281F28.3060106@casparbowden.net>

On 03/17/14 15:52, Peter Fairbrother wrote:
> ...
> "The Levinson case goes to the heart of a fundamental clash between 
> two opposing sides - there are those who want our electronic 
> communications to be entirely private, so that absolutely no-one apart 
> from the recipient can know what's benig said. Set against them are 
> those who think the State should be able to get access, for instance 
> when it says it's investigating crime or protecting national security.
>
> I think that's it in a nutshell - and on that basis, with the demands 
> for keys in RIPA we lost the crypto wars in the UK.

The trouble is that states the problem without the context of the UK 
being in forefront to neutralize civilian crypto last 20 years, and the 
drawbacks and hinterland of every policy option

> ...
> BTW, why do you think the Darkmail effort is doomed? I kinda agree, 
> but I'd like to know what you think.

I don't know what they are doing, but shouldn't trust crypto against 
decryption powers unless trust platform+binary+source+keymat resilient 
to those powers

Confidentiality is orthogonal to what an email service provider can 
provide (but a special network service might provide anonymity)

CB


From clive at davros.org  Tue Mar 18 10:32:24 2014
From: clive at davros.org (Clive D.W. Feather)
Date: Tue, 18 Mar 2014 10:32:24 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <EC6BBF31-EDD8-47BE-B47D-EE035A88E4E6@batten.eu.org>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<MtqqprGhY1JTFAco@perry.co.uk> <53275FEE.90800@zen.co.uk>
	<UIn8wIHYYAKTFAVa@perry.co.uk>
	<EC6BBF31-EDD8-47BE-B47D-EE035A88E4E6@batten.eu.org>
Message-ID: <20140318103224.GD43373@davros.org>

Ian Batten said:
> I suspect it doesn't matter, because there are no (for practical purposes) safes which cannot be opened given large, but achievable, resources if you have physical access to the safe.   Very secure storage facilities (the safe in Area 51 where they keep the alien autopsy report) don't rely on super-sekrit safes that governments can't break into, they rely on defence in depth with fences, dogs, laws, CCTV and men with guns.   The problem safe-crackers have is not in opening the safe, but in opening the safe without being detected before they finish the job.  

Which is why, apparently, safes are rated for value versus time - how much
resources are required to open the safe within that time. So if a safe is
rated for ?200,000 for one hour, ?50,000 for 3 hours, or ?10,000
for 2 days, the owner knows whether to have a guard or patrol and how often
to make checks.

-- 
Clive D.W. Feather          | If you lie to the compiler,
Email: clive at davros.org     | it will get its revenge.
Web: http://www.davros.org  |   - Henry Spencer
Mobile: +44 7973 377646


From amidgley at gmail.com  Wed Mar 19 05:19:12 2014
From: amidgley at gmail.com (Adrian Midgley)
Date: Wed, 19 Mar 2014 05:19:12 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <53275AD9.8010603@pelicancrossing.net>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<MtqqprGhY1JTFAco@perry.co.uk>
	<53275AD9.8010603@pelicancrossing.net>
Message-ID: <CAN2jWyiQeajp3BmsH1xPc++thUqQQNna_ff6Au+-UH0+inPjGA@mail.gmail.com>

Back then I recall some people did trust some banks.

>From Dr Adrian Midgley's hand
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20140319/ddf439be/attachment.html>

From pwt at iosis.co.uk  Wed Mar 19 05:54:06 2014
From: pwt at iosis.co.uk (Peter Tomlinson)
Date: Wed, 19 Mar 2014 05:54:06 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <CAN2jWyiQeajp3BmsH1xPc++thUqQQNna_ff6Au+-UH0+inPjGA@mail.gmail.com>
References: <532566EB.9080101@casparbowden.net>
	<53271A2A.3040701@zen.co.uk><MtqqprGhY1JTFAco@perry.co.uk><53275AD9.8010603@pelicancrossing.net>
	<CAN2jWyiQeajp3BmsH1xPc++thUqQQNna_ff6Au+-UH0+inPjGA@mail.gmail.com>
Message-ID: <532930FE.3010304@iosis.co.uk>

Of course, but I'm biased: my uncle worked for one of them then...

Peter

On 19/03/2014 05:19, Adrian Midgley wrote:
>
> Back then I recall some people did trust some banks.
>
> From Dr Adrian Midgley's hand
>



From igb at batten.eu.org  Thu Mar 20 15:50:44 2014
From: igb at batten.eu.org (Ian Batten)
Date: Thu, 20 Mar 2014 15:50:44 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <20140318103224.GD43373@davros.org>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<MtqqprGhY1JTFAco@perry.co.uk> <53275FEE.90800@zen.co.uk>
	<UIn8wIHYYAKTFAVa@perry.co.uk>
	<EC6BBF31-EDD8-47BE-B47D-EE035A88E4E6@batten.eu.org>
	<20140318103224.GD43373@davros.org>
Message-ID: <B9A289EF-1969-4724-93B5-2A787D208EC6@batten.eu.org>


On 18 Mar 2014, at 10:32, Clive D.W. Feather <clive at davros.org> wrote:

> Ian Batten said:
>> I suspect it doesn't matter, because there are no (for practical purposes) safes which cannot be opened given large, but achievable, resources if you have physical access to the safe.   Very secure storage facilities (the safe in Area 51 where they keep the alien autopsy report) don't rely on super-sekrit safes that governments can't break into, they rely on defence in depth with fences, dogs, laws, CCTV and men with guns.   The problem safe-crackers have is not in opening the safe, but in opening the safe without being detected before they finish the job.  
> 
> Which is why, apparently, safes are rated for value versus time - how much
> resources are required to open the safe within that time.

And the more secure safes are according to that formulation, the expensive they are, both in capital and operational terms.  The point about crypto which makes analogies with safes unhelpful is the extreme disparity of cost between the attacker and the defender.  A thirty quid Raspberry Pi will run AES256-CBC at about 7MB/sec, and subject to the keys being well chosen (a big "subject") there are no brute force attacks that don't involve the conversion of solar systems into computers.  I'm guessing that a thirty quid safe from Amazon opens when shown a thirty bob hammer.

ian

From matthew at pemble.net  Thu Mar 20 21:01:40 2014
From: matthew at pemble.net (Matthew Pemble)
Date: Thu, 20 Mar 2014 21:01:40 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <B9A289EF-1969-4724-93B5-2A787D208EC6@batten.eu.org>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<MtqqprGhY1JTFAco@perry.co.uk> <53275FEE.90800@zen.co.uk>
	<UIn8wIHYYAKTFAVa@perry.co.uk>
	<EC6BBF31-EDD8-47BE-B47D-EE035A88E4E6@batten.eu.org>
	<20140318103224.GD43373@davros.org>
	<B9A289EF-1969-4724-93B5-2A787D208EC6@batten.eu.org>
Message-ID: <2F58B9D8-5648-453F-A087-2920F715CB6A@googlemail.com>

>  I'm guessing that a thirty quid safe from Amazon opens when shown a thirty bob hammer.

A Class 4 safe with a Class 4 lock will open quite easily when you show* somebody who knows the combination a thirty bob hammer. 

* Some "showing" may need to be more active than others. 

M

---

Matthew Pemble
Tel: +44 7595 652175

Chained to the desk by iPhone(TM)!

From zenadsl6186 at zen.co.uk  Thu Mar 20 22:46:46 2014
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Thu, 20 Mar 2014 22:46:46 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <53281F28.3060106@casparbowden.net>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<53281F28.3060106@casparbowden.net>
Message-ID: <532B6FD6.6080009@zen.co.uk>

On 18/03/14 10:25, Caspar Bowden (lists) wrote:
> On 03/17/14 15:52, Peter Fairbrother wrote:
>> ...
>> "The Levinson case goes to the heart of a fundamental clash between
>> two opposing sides - there are those who want our electronic
>> communications to be entirely private, so that absolutely no-one apart
>> from the recipient can know what's benig said. Set against them are
>> those who think the State should be able to get access, for instance
>> when it says it's investigating crime or protecting national security.
>>
>> I think that's it in a nutshell - and on that basis, with the demands
>> for keys in RIPA we lost the crypto wars in the UK.
>
> The trouble is that states the problem without the context of the UK
> being in forefront to neutralize civilian crypto last 20 years, and the
> drawbacks and hinterland of every policy option


I disagree - and I think it really is quite simple. The state should not 
have any right to know what's being said.

None.

No "it's okay with a warrant". No "we need to do it for xyz reason".

Now that is not saying that the state can't try - just that it has no 
right to succeed.

Because if it has such a right, it's like it's saying "bend over, so we 
can stick it up you if we want to".

And then we all have to bend over.


>
>> ...
>> BTW, why do you think the Darkmail effort is doomed? I kinda agree,
>> but I'd like to know what you think.
>
> I don't know what they are doing, but shouldn't trust crypto against
> decryption powers unless trust platform+binary+source+keymat resilient
> to those powers

I'd go with trust platform to start, the rest can come in time. assuming 
free and open-source, that is - which is a bit problematic here, some of 
the protagonists seem to be more into making money these days. Sadly, 
that seems to include Mr Zimmerman :(



As to free and open-source, if it isn't both then Waasseennaar  (I can 
never remember where the double letters go) still applies.


>
> Confidentiality is orthogonal to what an email service provider can
> provide (but a special network service might provide anonymity)


I think it can do both - in fact I know it can, and how to do it, but 
whether it gets adopted is another matter.

Heck, does it matter if newsupersecureemail runs on email, http, ftp, 
whatever? You'll have to write the clients anyway, what matters is what 
they look like to the users.

eg, what happens if someone sends you an unencrypted email on your 
encrypted service?


-- Peter Fairbrother


From zenadsl6186 at zen.co.uk  Thu Mar 20 22:46:47 2014
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Thu, 20 Mar 2014 22:46:47 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <CAEWR3ktyTXyHauc9ecQXwc8Sy9ZDw2D-Aej2Ue1zU=+Wuw4yng@mail.gmail.com>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<MtqqprGhY1JTFAco@perry.co.uk> <53275FEE.90800@zen.co.uk>
	<UIn8wIHYYAKTFAVa@perry.co.uk>
	<CAEWR3ktyTXyHauc9ecQXwc8Sy9ZDw2D-Aej2Ue1zU=+Wuw4yng@mail.gmail.com>
Message-ID: <532B6FD7.3040707@zen.co.uk>

On 18/03/14 08:46, Francis Davey wrote:
> 2014-03-18 8:38 GMT+00:00 Roland Perry <lists at internetpolicyagency.com
> <mailto:lists at internetpolicyagency.com>>:
>
>
>     Are you sure that a court can't order a person to open their safe,
>     on pain of being in contempt of court?
>
>
> In some circumstances a court could order someone to hand over what is
> in the safe to another person, yes. Failure to obey the order would be a
> contempt and could be dealt with by imprisonment.
>
> Example: you lend me your Faberge egg and I don't give it back when I
> should. You obtain an injunction for delivery up of your property. I
> refuse etc.


Suppose I say that the egg is not in the safe? Could a Court order me to 
open the safe? I'm pretty sure it could order some baillifs or whoever 
to open it, but order me?



Suppose you can't prove, beyond reasonable doubt, that some evidence 
against me is in the safe until you see it - and the only way to see it 
is if I open the safe?


-- Peter F


From zenadsl6186 at zen.co.uk  Thu Mar 20 22:46:48 2014
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Thu, 20 Mar 2014 22:46:48 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <5327526B.1010905@gladman.plus.com>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<5327526B.1010905@gladman.plus.com>
Message-ID: <532B6FD8.30400@zen.co.uk>

On 17/03/14 19:52, Brian Gladman wrote:
> On 17/03/2014 15:52, Peter Fairbrother wrote:
>> Hi Caspar,
>>
>> There are many omissions and over-simplifications, but at 4.41
>> @gordoncorera says:
>>
>> "The Levinson case goes to the heart of a fundamental clash between
>> two opposing sides - there are those who want our electronic
>> communications to be entirely private, so that absolutely no-one
>> apart from the recipient can know what's benig said. Set against
>> them are those who think the State should be able to get access,
>> for instance when it says it's investigating crime or protecting
>> national security.
>>
>> I think that's it in a nutshell - and on that basis, with the
>> demands for keys in RIPA we lost the crypto wars in the UK.
>
> Hi Peter,

Hi Brian,
>
> I don't see RIPA as having the significance you attach to it in the
> context of the Crypto Wars.  Various means of State sponsored coercion
> to force people to reveal their secrets have been in existence for a
> few thousand years prior to the Crypto Wars so why would adding one
> more be such a big deal?


Suppose you hide the McGuffin. In the old days maybe they would torture 
you for it's location, but in more civilised times they would look for 
it. If they find it you go to jail, if you have hidden it well enough 
that they can't find it you go free.

Nobody would think it right that someone should be punished, or punished 
more, for trying to hide the McGuffin - that really would be something 
out of 1984.

Something similar should happen when the McGuffin is data. However under 
RIPA if you use encryption to hide it they still torture you for it - if 
a threat of imprisonment isn't torture, it isn't far away from it.

It is uncivilised.

>
> In my view the Crypto Wars were primarily about removing the controls
> that the US, the UK and some other governments were seeking to
> maintain on cryptographic and related technologies.
>
> There were no doubt some who thought that this was about 'privacy for
> the masses' but those with more real world experience knew only too
> well that winning the Crypto Wars was only the first of several wars
> that would have to be won if this was ever going to be achieved (and
> the subsequent wars would be a _lot_ harder to win).
>
> [snip]
>> It's a little harder to use crypto effectively in the UK because of
>> the key demands in RIPA Part 2 - but only a little, you don't have
>> to be any kind of nerd, eg truecrypt seems to do that job OK if
>> used properly.
>
> There is surely little if any real difference - Levinson's keys were
> seized in the US under US law so how does RIPA make things harder here?

Levinson's keys weren't protecting Levinson's secrets, and more 
particularly they weren't protecting any potential evidence against him 
- they were protecting Snowden's secrets (and those of the rest of L's 
users).

If they had been, most likely the warrant would not have been issued. If 
it had, it would still be in appeal.


>
> I do, of course, agree that it is a real shame that the BBC programme
> failed to even mention what was going on here in the UK. Especially so
> given that this list was an intrinsic part of our Crypto Wars.


Da.


-- Peter Fairbrother


From brg at gladman.plus.com  Fri Mar 21 00:08:03 2014
From: brg at gladman.plus.com (Brian Gladman)
Date: Fri, 21 Mar 2014 00:08:03 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <532B6FD8.30400@zen.co.uk>
References: <532566EB.9080101@casparbowden.net>
	<53271A2A.3040701@zen.co.uk>	<5327526B.1010905@gladman.plus.com>
	<532B6FD8.30400@zen.co.uk>
Message-ID: <532B82E3.5080802@gladman.plus.com>

On 20/03/2014 22:46, Peter Fairbrother wrote:

>> I don't see RIPA as having the significance you attach to it in the
>> context of the Crypto Wars.  Various means of State sponsored coercion
>> to force people to reveal their secrets have been in existence for a
>> few thousand years prior to the Crypto Wars so why would adding one
>> more be such a big deal?
> 
> Suppose you hide the McGuffin. In the old days maybe they would torture
> you for it's location, but in more civilised times they would look for
> it. If they find it you go to jail, if you have hidden it well enough
> that they can't find it you go free.
> 
> Nobody would think it right that someone should be punished, or punished
> more, for trying to hide the McGuffin - that really would be something
> out of 1984.
> 
> Something similar should happen when the McGuffin is data. However under
> RIPA if you use encryption to hide it they still torture you for it - if
> a threat of imprisonment isn't torture, it isn't far away from it.

If you have used the right sort of keys and the right procedures (and
can show that you do this as a matter of routine), they can ask for your
keys but you won't be able to provide them because they no longer exist.

I admit that it is a real pain that we have to use special techniques to
achieve this.

>> In my view the Crypto Wars were primarily about removing the controls
>> that the US, the UK and some other governments were seeking to
>> maintain on cryptographic and related technologies.
>>
>> There were no doubt some who thought that this was about 'privacy for
>> the masses' but those with more real world experience knew only too
>> well that winning the Crypto Wars was only the first of several wars
>> that would have to be won if this was ever going to be achieved (and
>> the subsequent wars would be a _lot_ harder to win).
>>
>> [snip]
>>> It's a little harder to use crypto effectively in the UK because of
>>> the key demands in RIPA Part 2 - but only a little, you don't have
>>> to be any kind of nerd, eg truecrypt seems to do that job OK if
>>> used properly.
>>
>> There is surely little if any real difference - Levinson's keys were
>> seized in the US under US law so how does RIPA make things harder here?
> 
> Levinson's keys weren't protecting Levinson's secrets, and more
> particularly they weren't protecting any potential evidence against him
> - they were protecting Snowden's secrets (and those of the rest of L's
> users).
> 
> If they had been, most likely the warrant would not have been issued. If
> it had, it would still be in appeal.

But they were root keys affecting (potentially) all of Levinson's users
- more significantn than those of a single user.  And it would seem that
it is possible to seize such keys in the US.  As far as I can see, this
is not so different to RIPA.  And, of course, the US still induldges in
physical torture if you are an alleged terrorist.

   Brian



From lists at casparbowden.net  Fri Mar 21 07:10:15 2014
From: lists at casparbowden.net (Caspar Bowden (lists))
Date: Fri, 21 Mar 2014 07:10:15 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <532B6FD6.6080009@zen.co.uk>
References: <532566EB.9080101@casparbowden.net>
	<53271A2A.3040701@zen.co.uk>	<53281F28.3060106@casparbowden.net>
	<532B6FD6.6080009@zen.co.uk>
Message-ID: <532BE5D7.1040505@casparbowden.net>

On 03/20/14 22:46, Peter Fairbrother wrote:
> On 18/03/14 10:25, Caspar Bowden (lists) wrote:
>> On 03/17/14 15:52, Peter Fairbrother wrote:
>>> ...
>>> "The Levinson case goes to the heart of a fundamental clash between
>>> two opposing sides - there are those who want our electronic
>>> communications to be entirely private, so that absolutely no-one apart
>>> from the recipient can know what's benig said. Set against them are
>>> those who think the State should be able to get access, for instance
>>> when it says it's investigating crime or protecting national security.
>>>
>>> I think that's it in a nutshell - and on that basis, with the demands
>>> for keys in RIPA we lost the crypto wars in the UK.
>>
>> The trouble is that states the problem without the context of the UK
>> being in forefront to neutralize civilian crypto last 20 years, and the
>> drawbacks and hinterland of every policy option
>
>
> I disagree - and I think it really is quite simple. The state should 
> not have any right to know what's being said.
>
> None.
>
> No "it's okay with a warrant". No "we need to do it for xyz reason".
>
> Now that is not saying that the state can't try - just that it has no 
> right to succeed.

Agreed. But states will try, and 1 state in particular has utterly 
different legal standards for its own citizens...
>>> BTW, why do you think the Darkmail effort is doomed? I kinda agree,
>>> but I'd like to know what you think.
>>
>> I don't know what they are doing, but shouldn't trust crypto against
>> decryption powers unless trust platform+binary+source+keymat resilient
>> to those powers
>
> I'd go with trust platform to start, the rest can come in time. 
...
>>
>> Confidentiality is orthogonal to what an email service provider can
>> provide (but a special network service might provide anonymity)
>
> I think it can do both - in fact I know it can, and how to do it, but 
> whether it gets adopted is another matter.

But FISA 702 in particular can force arbitrary service provider 
"co-operation" (as per Hushmail case, but that was actually Canada - 
anyone get to the bottom of that?)

So anything you depend on the email service provider to do for your 
confidentiality can be subverted by law

> eg, what happens if someone sends you an unencrypted email on your 
> encrypted service?

Would be nice to have an autoresponder which bounced mail without right 
GPG header?

Caspar


From lists at internetpolicyagency.com  Fri Mar 21 09:25:30 2014
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 21 Mar 2014 09:25:30 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <532B6FD7.3040707@zen.co.uk>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<MtqqprGhY1JTFAco@perry.co.uk> <53275FEE.90800@zen.co.uk>
	<UIn8wIHYYAKTFAVa@perry.co.uk>
	<CAEWR3ktyTXyHauc9ecQXwc8Sy9ZDw2D-Aej2Ue1zU=+Wuw4yng@mail.gmail.com>
	<532B6FD7.3040707@zen.co.uk>
Message-ID: <umCSrZ8KWALTFAZl@perry.co.uk>

In article <532B6FD7.3040707 at zen.co.uk>, Peter Fairbrother 
<zenadsl6186 at zen.co.uk> writes
>Suppose you can't prove, beyond reasonable doubt, that some evidence 
>against me is in the safe until you see it - and the only way to see it 
>is if I open the safe?

Reasonable doubt kicks in at the trial, the gathering of evidence is 
done at a much lower level of probability of success in finding it.
-- 
Roland Perry


From nbohm at ernest.net  Fri Mar 21 12:37:42 2014
From: nbohm at ernest.net (Nicholas Bohm)
Date: Fri, 21 Mar 2014 12:37:42 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <532B6FD7.3040707@zen.co.uk>
References: <532566EB.9080101@casparbowden.net>
	<53271A2A.3040701@zen.co.uk>	<MtqqprGhY1JTFAco@perry.co.uk>
	<53275FEE.90800@zen.co.uk>	<UIn8wIHYYAKTFAVa@perry.co.uk>	<CAEWR3ktyTXyHauc9ecQXwc8Sy9ZDw2D-Aej2Ue1zU=+Wuw4yng@mail.gmail.com>
	<532B6FD7.3040707@zen.co.uk>
Message-ID: <532C3296.9090803@ernest.net>

An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20140321/4851b68b/attachment.html>

From zenadsl6186 at zen.co.uk  Sat Mar 22 01:19:11 2014
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Sat, 22 Mar 2014 01:19:11 +0000
Subject: Fwd: Fwd: Delivery Status Notification (Failure)
In-Reply-To: <CAEWR3kve=8=tQhKOKTst_vDOZc4aEmO32Zv64hnUPrqS3sfYLA@mail.gmail.com>
References: <CAEWR3kve=8=tQhKOKTst_vDOZc4aEmO32Zv64hnUPrqS3sfYLA@mail.gmail.com>
Message-ID: <532CE50F.7030206@zen.co.uk>




-------- Original Message --------
Subject: 	Fwd: Delivery Status Notification (Failure)
Date: 	Fri, 21 Mar 2014 17:32:14 +0000
From: 	Francis Davey <fjmd1a at gmail.com>
To: 	Peter Fairbrother <zenadsl6186 at zen.co.uk>



I tried to answer your question but gmail has clearly been held in contempt.

Francis

---------- Forwarded message ----------
From: *Mail Delivery Subsystem* <mailer-daemon at googlemail.com
<mailto:mailer-daemon at googlemail.com>>
Date: 2014-03-21 9:57 GMT+00:00
Subject: Delivery Status Notification (Failure)
To: fjmd1a at gmail.com <mailto:fjmd1a at gmail.com>


Delivery to the following recipient failed permanently:

ukcrypto at chiark.greenend.org.uk <mailto:ukcrypto at chiark.greenend.org.uk>

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server
for the recipient domain chiark.greenend.org.uk
<http://chiark.greenend.org.uk> by mx-relay.chiark.greenend.org.uk
<http://mx-relay.chiark.greenend.org.uk>. [212.13.197.229].

The error that the other server returned was:
550 Blacklisted site `[209.85.216.54]' [Irritated]

----- Original message -----

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
          d=gmail.com <http://gmail.com>; s=20120113;

h=mime-version:in-reply-to:references:date:message-id:subject:from:to
           :content-type;
          bh=7UuDjVfvR7fMCX2CWyaHTJOaOT649aOSs5bM5V3bwoY=;

b=QbBcVruYIPqM19GCwbohuZa8iUjhnhl0o9U4dtM1IuD6BBtfxiZig3ZK3Ma5N/ZAfi

   dFdBxpHguXMualDLSvQKJgqZyEaVYmS/gvY7KISA9A+7/CrWXRTqCVmHDSQ8Oh28nJ+c

   LeYkV5I0F5vXUPHMW0UMwaZ53tRaUK9MSrPvPYjiQgoGSbhm0pgvD83nEhcVhLt13x+W

   BbcsT1WqGmZGf4zX4nqghB6O+bNfZZo6TafW0JwO1NcQuOAslW+jeyPzcPr9RiMcZnSj

   w9HdySWXx44fqs7OsIhhD+nPssI43XVSBMiSh4PKDOXklOAez1x1HmRFC3xfLWMkYDIQ
           PhGg==
MIME-Version: 1.0
X-Received: by 10.229.28.2 with SMTP id
k2mr53840299qcc.16.1395395853558; Fri,
   21 Mar 2014 02:57:33 -0700 (PDT)
Received: by 10.140.30.97 with HTTP; Fri, 21 Mar 2014 02:57:33 -0700 (PDT)
In-Reply-To: <532B6FD7.3040707 at zen.co.uk
<mailto:532B6FD7.3040707 at zen.co.uk>>
References: <532566EB.9080101 at casparbowden.net
<mailto:532566EB.9080101 at casparbowden.net>>
          <53271A2A.3040701 at zen.co.uk <mailto:53271A2A.3040701 at zen.co.uk>>
          <MtqqprGhY1JTFAco at perry.co.uk
<mailto:MtqqprGhY1JTFAco at perry.co.uk>>
          <53275FEE.90800 at zen.co.uk <mailto:53275FEE.90800 at zen.co.uk>>
          <UIn8wIHYYAKTFAVa at perry.co.uk
<mailto:UIn8wIHYYAKTFAVa at perry.co.uk>>

<CAEWR3ktyTXyHauc9ecQXwc8Sy9ZDw2D-Aej2Ue1zU=+Wuw4yng at mail.gmail.com
<mailto:Wuw4yng at mail.gmail.com>>
          <532B6FD7.3040707 at zen.co.uk <mailto:532B6FD7.3040707 at zen.co.uk>>
Date: Fri, 21 Mar 2014 09:57:33 +0000
Message-ID:
<CAEWR3ktAaxw9VMtiSpi0xLAOA=+ASO3hqEZ6HBsPykGRh4cB6g at mail.gmail.com
<mailto:ASO3hqEZ6HBsPykGRh4cB6g at mail.gmail.com>>
Subject: Re: BBCR4 on Crypto-wars today at 13:30
From: Francis Davey <fjmd1a at gmail.com <mailto:fjmd1a at gmail.com>>
To: UK Cryptography Policy Discussion Group
<ukcrypto at chiark.greenend.org.uk <mailto:ukcrypto at chiark.greenend.org.uk>>
Content-Type: multipart/alternative; boundary=001a1133bbd02c44a404f51aea3f

2014-03-20 22:46 GMT+00:00 Peter Fairbrother <zenadsl6186 at zen.co.uk
<mailto:zenadsl6186 at zen.co.uk>>:
  >
  >
  > Suppose I say that the egg is not in the safe? Could a Court order me to
  > open the safe? I'm pretty sure it could order some baillifs or 
whoever to
  > open it, but order me?
  >

In principle, I suspect yes the court could order you to do that. Courts
have been quite innovative at using injunctions over the years.

In practice, in the example I gave, the court would almost certainly order
you to hand over the *egg* rather than open the safe. The court won't care
(and the claimant won't have any legitimate interest) in where you have put
it, just that you give it back.

I picked a detinue/torts interference with goods act 1977 case for a
concrete example. It *might* be possible to manufacture a cause of action
where the safe must be opened but I can't see one offhand.

In making the order the court will have had to decide whether or not you
had the egg. If the injunction was an interim injunction there'll have been
a different exercise than if the injunction is a final injunction. Take the
final injunction as an example: the court will have to be satisfied on
"balance of probabilities" (i.e. P(you have the egg|evidence available to
the court) > 0.5) that you have the egg. If satisfied they will almost
certainly make an order for delivery up.

If you say you don't have it - well that will already have been decided.



  >
  >
  > Suppose you can't prove, beyond reasonable doubt, that some evidence
  > against me is in the safe until you see it - and the only way to see
it is
  > if I open the safe?
  >
  >
  >
In the *egg* case, at committal for contempt, the court would have to find
(on the criminal standard) that you were in contempt, ie. that you had the
egg and were refusing to comply with the order to give it up. If the court
so finds you could be jailed.

In terms of "evidence against" you - not the egg case. The legal framework
is different. If it were (say) a civil claim for disclosure of evidence,

----- Message truncated -----




-- 
Francis Davey





From lists at internetpolicyagency.com  Sat Mar 22 11:23:26 2014
From: lists at internetpolicyagency.com (Roland Perry)
Date: Sat, 22 Mar 2014 11:23:26 +0000
Subject: Fwd: Fwd: Delivery Status Notification (Failure)
In-Reply-To: <532CE50F.7030206@zen.co.uk>
References: <CAEWR3kve=8=tQhKOKTst_vDOZc4aEmO32Zv64hnUPrqS3sfYLA@mail.gmail.com>
	<532CE50F.7030206@zen.co.uk>
Message-ID: <1y7U+HwuKXLTFAqC@perry.co.uk>

In article <532CE50F.7030206 at zen.co.uk>, Peter Fairbrother 
<zenadsl6186 at zen.co.uk> writes
>In practice, in the example I gave, the court would almost certainly order
>you to hand over the *egg* rather than open the safe. The court won't care
>(and the claimant won't have any legitimate interest) in where you have put
>it, just that you give it back.

Which seems entirely consistent with starting by requesting plaintext, 
rather than the key.
-- 
Roland Perry


From zenadsl6186 at zen.co.uk  Sun Mar 23 23:59:45 2014
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Sun, 23 Mar 2014 23:59:45 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <532BE5D7.1040505@casparbowden.net>
References: <532566EB.9080101@casparbowden.net>
	<53271A2A.3040701@zen.co.uk>	<53281F28.3060106@casparbowden.net>
	<532B6FD6.6080009@zen.co.uk> <532BE5D7.1040505@casparbowden.net>
Message-ID: <532F7571.1090505@zen.co.uk>

On 21/03/14 07:10, Caspar Bowden (lists) wrote:
> On 03/20/14 22:46, Peter Fairbrother wrote:
[...]

> But FISA 702 in particular can force arbitrary service provider
> "co-operation" (as per Hushmail case, but that was actually Canada -
> anyone get to the bottom of that?)
>
> So anything you depend on the email service provider to do for your
> confidentiality can be subverted by law


Yes, that can be a problem.

A suggestion, a distributed key service.

Each keyserver accepts keys from (and generated by) users, sends them a 
confirm message to the email address attached to the key, then on 
receipt of the (signed) confirm reply adds the key to the shared list.

Each shared list entry consists of: email address, server, date added, 
key. The list is hashed and updated between servers a bit like the 
bitcoin list (which might also pay for the key servers, eg the right to 
send spam).

When a user wants to send an email he contacts his list server, the 
recipient's list server, and another list server chosen at random and 
asks each for the key. The recipient's key server also replies with a 
signed-by-the-recipient ephemeral key as well as the recipient's key.

If there is only one key for the email address, and the three responses 
match, and the sender's own copy of the recipient's key (if he has one) 
all match, then he uses the signed and dated ephemeral key provided by 
the recipients key server.

The replies from the servers are all signed, so if they don't match we 
want to know why - the replies can then be published, so if a server 
cheats then it can be found out and shamed.

There is a little more, eg when there is no key or more than one key 
attached to a single email address, but that's basically how to find a 
new correspondent's key from his email address.

Note that the key servers are separate from the email servers which just 
work in the normal way.



*_You'll have to write some decent email and webmail clients_*  but 
after that in most cases it can be almost entirely transparent to the 
user - in that respect the gpg etc clients/addons/etc, not to put too 
fine a point on it, suck.

I think most of the people who write secure email software don't spend 
nearly enough time and effort writing good clients, and good clients are 
essential if their solution is to be used.

>
>> eg, what happens if someone sends you an unencrypted email on your
>> encrypted service?
>
> Would be nice to have an autoresponder which bounced mail without right
> GPG header?

I don't know. That's the "security" answer, but it isn't necessarily 
correct - I don't know whether there is a single correct answer.

The idea is to get people to use it, and use it in a secure manner. If 
eg secure m-messages are presented onscreen in red in one window, and 
insecure messages are in black in a differently-designed window, and the 
user both knows this and uses it correctly - then there is no need for 
an autoresponder-rejecter.

Also, does it have to be secure all the time? If the idea is to have a 
generally secure encrypted email service on which you can send highly 
secure emails, the rest of the mails don't have to be super-secure 
against eg malware or phishing - especially if the supersecure and 
normally-secure versions look the same to an attacker. There is room 
there for some unencrypted emails too.

But I can also think of situations where an autoresponder-rejecter is 
the correct solution.


-- Peter



From zenadsl6186 at zen.co.uk  Mon Mar 24 00:10:13 2014
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Mon, 24 Mar 2014 00:10:13 +0000
Subject: Fwd: Fwd: Delivery Status Notification (Failure)
In-Reply-To: <532CE50F.7030206@zen.co.uk>
References: <CAEWR3kve=8=tQhKOKTst_vDOZc4aEmO32Zv64hnUPrqS3sfYLA@mail.gmail.com>
	<532CE50F.7030206@zen.co.uk>
Message-ID: <532F77E5.90405@zen.co.uk>

On 22/03/14 01:19,Francis Davey wrote:

> 2014-03-20 22:46 GMT+00:00 Peter Fairbrother <zenadsl6186 at zen.co.uk
> <mailto:zenadsl6186 at zen.co.uk>>:
>>
>> Suppose I say that the egg is not in the safe? Could a Court order
>> me to open the safe? I'm pretty sure it could order some baillifs or
>> whoever to open it, but order me?
>>
>
> In principle, I suspect yes the court could order you to do that.
> Courts have been quite innovative at using injunctions over the
> years.
>
> In practice, in the example I gave, the court would almost certainly
> order you to hand over the *egg* rather than open the safe. The court
> won't care (and the claimant won't have any legitimate interest) in
> where you have put it, just that you give it back.
>
> I picked a detinue/torts interference with goods act 1977 case for a
> concrete example. It *might* be possible to manufacture a cause of
> action where the safe must be opened but I can't see one offhand.
>
> In making the order the court will have had to decide whether or not
> you had the egg. If the injunction was an interim injunction there'll
> have been a different exercise than if the injunction is a final
> injunction. Take the final injunction as an example: the court will
> have to be satisfied on "balance of probabilities" (i.e. P(you have
> the egg|evidence available to the court) > 0.5) that you have the
> egg. If satisfied they will almost certainly make an order for
> delivery up.
>
> If you say you don't have it - well that will already have been
> decided.
>
>>
>> Suppose you can't prove, beyond reasonable doubt, that some
>> evidence against me is in the safe until you see it - and the only
>> way to see it is if I open the safe?
>
> In the *egg* case, at committal for contempt, the court would have to
> find (on the criminal standard) that you were in contempt, ie. that
> you had the egg and were refusing to comply with the order to give it
> up. If the court so finds you could be jailed.

OK.

> In terms of "evidence against" you - not the egg case. The legal
> framework is different. If it were (say) a civil claim for disclosure
> of evidence,
>
> ----- Message truncated -----

Aaarrgh, just when it got interesting.

Just one point, in the "evidence against you" case, if they can prove to 
criminal standards it is in the safe, they don't need to get you to open 
the safe - they can just convict you on the evidence.

It's when they can't prove that that it gets interesting. In the civil 
case, assuming that they can't get you to open the safe - Nicholas 
thinks they might be able to - you can only be convicted (of contempt) 
if they can prove the egg is in the safe.


-- Peter Fairbrother




From ukcrypto at absent-minded.com  Mon Mar 24 04:16:03 2014
From: ukcrypto at absent-minded.com (Mark Lomas)
Date: Mon, 24 Mar 2014 00:16:03 -0400
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <532F7571.1090505@zen.co.uk>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<53281F28.3060106@casparbowden.net> <532B6FD6.6080009@zen.co.uk>
	<532BE5D7.1040505@casparbowden.net> <532F7571.1090505@zen.co.uk>
Message-ID: <CACAki+uSCqZBBB1yTys3EE0pFpOrMHUEJnqCMN771NYKsL2-9g@mail.gmail.com>

If you are willing to use distributed key servers you might build on an
observation by Gus Simmons.

The RSA scheme usually generates a pair of keys, (d,n) and (e,n), where p
and q are two large primes, n=p.q, and d.e is congruent to (p-1).(q-1).
Encrypt by computing c = (m**e) mod n; decrypt by computing m = (c**d) mod
n. Message padding is needed to guard again certain attacks, but is
irrelevant to this example.

Simmons observed that you can construct three or more keys the same way:
(d,n), (e,n), (f,n) where d.e.f is congruent to (p-1)(q-1).

I can give a server (f,n), declare (e,n) to be my public key, and retain
(d,n) for myself. Together (d,n) and (f,n) comprise my private key. Encrypt
as normal c = (m**e) mod n; decrypt by computing m = (((c**f) mod n) ** d)
mod n. The server participates in decryption but can't complete the
decryption operation. I can add further servers in a similar manner.

What I like about Simmons's scheme is that (e,n) is a normal RSA key so I
may publish an S/MIME certificate for it. People who wish to send me
encrypted messages don't need special software; they don't even need to be
aware that my decryption is unusual.

Mark




On 23 March 2014 19:59, Peter Fairbrother <zenadsl6186 at zen.co.uk> wrote:

> On 21/03/14 07:10, Caspar Bowden (lists) wrote:
>
>> On 03/20/14 22:46, Peter Fairbrother wrote:
>>
> [...]
>
>
>  But FISA 702 in particular can force arbitrary service provider
>> "co-operation" (as per Hushmail case, but that was actually Canada -
>> anyone get to the bottom of that?)
>>
>> So anything you depend on the email service provider to do for your
>> confidentiality can be subverted by law
>>
>
>
> Yes, that can be a problem.
>
> A suggestion, a distributed key service.
>
> Each keyserver accepts keys from (and generated by) users, sends them a
> confirm message to the email address attached to the key, then on receipt
> of the (signed) confirm reply adds the key to the shared list.
>
> Each shared list entry consists of: email address, server, date added,
> key. The list is hashed and updated between servers a bit like the bitcoin
> list (which might also pay for the key servers, eg the right to send spam).
>
> When a user wants to send an email he contacts his list server, the
> recipient's list server, and another list server chosen at random and asks
> each for the key. The recipient's key server also replies with a
> signed-by-the-recipient ephemeral key as well as the recipient's key.
>
> If there is only one key for the email address, and the three responses
> match, and the sender's own copy of the recipient's key (if he has one) all
> match, then he uses the signed and dated ephemeral key provided by the
> recipients key server.
>
> The replies from the servers are all signed, so if they don't match we
> want to know why - the replies can then be published, so if a server cheats
> then it can be found out and shamed.
>
> There is a little more, eg when there is no key or more than one key
> attached to a single email address, but that's basically how to find a new
> correspondent's key from his email address.
>
> Note that the key servers are separate from the email servers which just
> work in the normal way.
>
>
>
> *_You'll have to write some decent email and webmail clients_*  but after
> that in most cases it can be almost entirely transparent to the user - in
> that respect the gpg etc clients/addons/etc, not to put too fine a point on
> it, suck.
>
> I think most of the people who write secure email software don't spend
> nearly enough time and effort writing good clients, and good clients are
> essential if their solution is to be used.
>
>
>
>>  eg, what happens if someone sends you an unencrypted email on your
>>> encrypted service?
>>>
>>
>> Would be nice to have an autoresponder which bounced mail without right
>> GPG header?
>>
>
> I don't know. That's the "security" answer, but it isn't necessarily
> correct - I don't know whether there is a single correct answer.
>
> The idea is to get people to use it, and use it in a secure manner. If eg
> secure m-messages are presented onscreen in red in one window, and insecure
> messages are in black in a differently-designed window, and the user both
> knows this and uses it correctly - then there is no need for an
> autoresponder-rejecter.
>
> Also, does it have to be secure all the time? If the idea is to have a
> generally secure encrypted email service on which you can send highly
> secure emails, the rest of the mails don't have to be super-secure against
> eg malware or phishing - especially if the supersecure and normally-secure
> versions look the same to an attacker. There is room there for some
> unencrypted emails too.
>
> But I can also think of situations where an autoresponder-rejecter is the
> correct solution.
>
>
> -- Peter
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20140324/70368253/attachment.html>

From lists at internetpolicyagency.com  Mon Mar 24 08:23:13 2014
From: lists at internetpolicyagency.com (Roland Perry)
Date: Mon, 24 Mar 2014 08:23:13 +0000
Subject: Fwd: Fwd: Delivery Status Notification (Failure)
In-Reply-To: <532F77E5.90405@zen.co.uk>
References: <CAEWR3kve=8=tQhKOKTst_vDOZc4aEmO32Zv64hnUPrqS3sfYLA@mail.gmail.com>
	<532CE50F.7030206@zen.co.uk> <532F77E5.90405@zen.co.uk>
Message-ID: <6rMHImyxt+LTFAbk@perry.co.uk>

In article <532F77E5.90405 at zen.co.uk>, Peter Fairbrother 
<zenadsl6186 at zen.co.uk> writes
>Just one point, in the "evidence against you" case, if they can prove 
>to criminal standards it is in the safe, they don't need to get you to 
>open the safe - they can just convict you on the evidence.

In a criminal case they don't need criminal standard evidence to be able 
to request opening the safe.

>It's when they can't prove that that it gets interesting. In the civil 
>case, assuming that they can't get you to open the safe - Nicholas 
>thinks they might be able to - you can only be convicted (of contempt) 
>if they can prove the egg is in the safe.

No, the contempt is failing to obey the order, even if it turns out 
there's no egg inside.
-- 
Roland Perry


From fjmd1a at gmail.com  Mon Mar 24 09:48:11 2014
From: fjmd1a at gmail.com (Francis Davey)
Date: Mon, 24 Mar 2014 09:48:11 +0000
Subject: Common law powers to force disclosure etc
Message-ID: <CAEWR3ku2WhD-2=EBNGUmniV+uoj2OOgau4BA0gQYw9scT75Uhg@mail.gmail.com>

[hopefully this will get through - edited title]


>
> Just one point, in the "evidence against you" case, if they can prove to
> criminal standards it is in the safe, they don't need to get you to open
> the safe - they can just convict you on the evidence.
>

I think that shortcuts things slightly (see below)


>
> It's when they can't prove that that it gets interesting. In the civil
> case, assuming that they can't get you to open the safe - Nicholas thinks
> they might be able to - you can only be convicted (of contempt) if they can
> prove the egg is in the safe.
>
>
To elaborate: this discussion originated out of the question whether the
courts had a power _at common law_ to force someone to give up an
encryption key. As it happens they did, but it would have been very unusual
for circumstances to arise where that would happen - it may be more common
now.

Historically courts had numerous inherent powers to order people to do
things. So many it would be impossible to go through them all. I have
mentioned the power to order the production of goods which existed even in
the early Mediaeval period (eg by writ of detinue) and was certainly
something which the courts of equity did order when they became the
principal court making coercive orders of that kind.

Of course a writ of detinue couldn't have been used for an encryption key
because it is not a chose in possession so cannot be wrongfully detained.

I gave the example of the egg in the safe to illustrate the fact that a
court might be interested in ordering you to produce an egg than to open
the safe. I.e. it might not make an order detailing how you were to carry
out an action, but simply order the result of the action. In the normal run
of things where you are keeping the object you are wrongly detaining won't
matter to the court one bit. If you are capable of producing it, then that
is what they are likely to order.

Injunctions are very fact sensitive. Some are very detailed. For example
the blocking injunction first made by Arnold J against BT required the use
of a specific filtering technology (Cleanfeed) and a specific mechanism (by
URL specifically - thus making the order useless against https a point
realised in later cases).

So, sticking with wrongful interference of goods for the moment, you can
imagine a case where you, the defendant, were sued for wrongful detention
of a Faberge egg. In extremely contrived circumstances a court might
conclude that you don't in fact know whether you have it but that it is in
a particular safe you can open. You *might* be ordered to open the safe as
being all you can do to satisfy the claimant who wants their egg. If the
egg has been taken (eg by someone else with the combination) already, you
cannot be blamed.

Indeed your legal representative might try to narrow the order to just that.

Now, on to encryption keys. The courts have a general power to require the
production of evidence in civil proceedings. They have much more limited
powers (a) in criminal proceedings and (b) in situations where disclosure
might incriminate. There are exceptions (this is complex field) eg the
privilege against self-incrimination does not apply to intellectual
property claims as was exampled in the Mulcaire case.

So, in a civil proceeding, the court won't normally want a key, they will
order disclosure of evidence. If you don't disclose evidence you should do
you will be in breach of the court's order. Most of the time this will be
dealt with procedurally (eg you may end up loosing the case but that's
all), but sometimes you may be held in contempt.

Note that civil contempt is not a crime. Though you can be (rarely)
imprisoned for it or fined, it is not a crime and you aren't "convicted".
Though proof is required to a criminal standard as an exception to the
normal rule on civil proof.

But again you could contrive situations where a court would want the key
not the evidence protected by the key and where failure to disclose the key
would be a contempt and could be coerced.

So the power is there in some circumstances. Whether you could have
persuaded a judge of the Common Please in 1300 of the point is another
matter.

-- 
Francis Davey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20140324/9b750b9d/attachment.html>

From zenadsl6186 at zen.co.uk  Mon Mar 24 15:36:12 2014
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Mon, 24 Mar 2014 15:36:12 +0000
Subject: Fwd: Fwd: Delivery Status Notification (Failure)
In-Reply-To: <6rMHImyxt+LTFAbk@perry.co.uk>
References: <CAEWR3kve=8=tQhKOKTst_vDOZc4aEmO32Zv64hnUPrqS3sfYLA@mail.gmail.com>
	<532CE50F.7030206@zen.co.uk> <532F77E5.90405@zen.co.uk>
	<6rMHImyxt+LTFAbk@perry.co.uk>
Message-ID: <533050EC.7010407@zen.co.uk>

On 24/03/14 08:23, Roland Perry wrote:
> In article <532F77E5.90405 at zen.co.uk>, Peter Fairbrother
> <zenadsl6186 at zen.co.uk> writes
>> Just one point, in the "evidence against you" case, if they can prove
>> to criminal standards it is in the safe, they don't need to get you to
>> open the safe - they can just convict you on the evidence.
>
> In a criminal case they don't need criminal standard evidence to be able
> to request opening the safe.

No - but there is no way they can demand that you open it. They can get 
a warrant to attack it with crowbars, but they can't force you to open it.

>> It's when they can't prove that that it gets interesting. In the civil
>> case, assuming that they can't get you to open the safe - Nicholas
>> thinks they might be able to - you can only be convicted (of contempt)
>> if they can prove the egg is in the safe.
>
> No, the contempt is failing to obey the order, even if it turns out
> there's no egg inside.

That's not my reading of what Francis said.

-- Peter Fairbrother





From lists at internetpolicyagency.com  Mon Mar 24 16:08:03 2014
From: lists at internetpolicyagency.com (Roland Perry)
Date: Mon, 24 Mar 2014 16:08:03 +0000
Subject: Fwd: Fwd: Delivery Status Notification (Failure)
In-Reply-To: <533050EC.7010407@zen.co.uk>
References: <CAEWR3kve=8=tQhKOKTst_vDOZc4aEmO32Zv64hnUPrqS3sfYLA@mail.gmail.com>
	<532CE50F.7030206@zen.co.uk> <532F77E5.90405@zen.co.uk>
	<6rMHImyxt+LTFAbk@perry.co.uk> <533050EC.7010407@zen.co.uk>
Message-ID: <A+vZ9+JjhFMTFAUA@perry.co.uk>

In article <533050EC.7010407 at zen.co.uk>, Peter Fairbrother 
<zenadsl6186 at zen.co.uk> writes
>> In a criminal case they don't need criminal standard evidence to be able
>> to request opening the safe.
>
>No - but there is no way they can demand that you open it. They can get 
>a warrant to attack it with crowbars, but they can't force you to open 
>it.

That's why I carefully drafted "request opening of the safe" (which 
could be by anyone).

>>> It's when they can't prove that that it gets interesting. In the civil
>>> case, assuming that they can't get you to open the safe - Nicholas
>>> thinks they might be able to - you can only be convicted (of contempt)
>>> if they can prove the egg is in the safe.
>>
>> No, the contempt is failing to obey the order, even if it turns out
>> there's no egg inside.
>
>That's not my reading of what Francis said.

Too many levels of indirection.

If a court order says "produce something" and you don't, that's 
contempt.
-- 
Roland Perry


From fjmd1a at gmail.com  Mon Mar 24 18:43:38 2014
From: fjmd1a at gmail.com (Francis Davey)
Date: Mon, 24 Mar 2014 18:43:38 +0000
Subject: Fwd: Fwd: Delivery Status Notification (Failure)
In-Reply-To: <A+vZ9+JjhFMTFAUA@perry.co.uk>
References: <CAEWR3kve=8=tQhKOKTst_vDOZc4aEmO32Zv64hnUPrqS3sfYLA@mail.gmail.com>
	<532CE50F.7030206@zen.co.uk> <532F77E5.90405@zen.co.uk>
	<6rMHImyxt+LTFAbk@perry.co.uk> <533050EC.7010407@zen.co.uk>
	<A+vZ9+JjhFMTFAUA@perry.co.uk>
Message-ID: <CAEWR3kuk_m8KbOWFmkZMjEm4GT-FdSkAq5Ot5x6vcvnsoEWTNg@mail.gmail.com>

2014-03-24 16:08 GMT+00:00 Roland Perry <lists at internetpolicyagency.com>:
>
>
> If a court order says "produce something" and you don't, that's contempt.


To be held in contempt you have to have disobeyed an order that you were
capable of obeying.

-- 
Francis Davey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20140324/1fc3217d/attachment.html>

From zenadsl6186 at zen.co.uk  Tue Mar 25 03:41:23 2014
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Tue, 25 Mar 2014 03:41:23 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <CACAki+uSCqZBBB1yTys3EE0pFpOrMHUEJnqCMN771NYKsL2-9g@mail.gmail.com>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<53281F28.3060106@casparbowden.net> <532B6FD6.6080009@zen.co.uk>
	<532BE5D7.1040505@casparbowden.net> <532F7571.1090505@zen.co.uk>
	<CACAki+uSCqZBBB1yTys3EE0pFpOrMHUEJnqCMN771NYKsL2-9g@mail.gmail.com>
Message-ID: <5330FAE3.6060707@zen.co.uk>

On 24/03/14 04:16, Mark Lomas wrote:
> If you are willing to use distributed key servers you might build on an
> observation by Gus Simmons.
>
> The RSA scheme usually generates a pair of keys, (d,n) and (e,n), where
> p and q are two large primes, n=p.q, and d.e is congruent to
> (p-1).(q-1). Encrypt by computing c = (m**e) mod n; decrypt by computing
> m = (c**d) mod n. Message padding is needed to guard again certain
> attacks, but is irrelevant to this example.
>
> Simmons observed that you can construct three or more keys the same way:
> (d,n), (e,n), (f,n) where d.e.f is congruent to (p-1)(q-1).
>
> I can give a server (f,n), declare (e,n) to be my public key, and retain
> (d,n) for myself. Together (d,n) and (f,n) comprise my private key.
> Encrypt as normal c = (m**e) mod n; decrypt by computing m = (((c**f)
> mod n) ** d) mod n. The server participates in decryption but can't
> complete the decryption operation. I can add further servers in a
> similar manner.


That's cool, but it isn't much use here, and the resulting key can still 
be used for encryption - we need a key which can't be used for 
encryption here, only for signatures (else it can be demanded).

> What I like about Simmons's scheme is that (e,n) is a normal RSA key so
> I may publish an S/MIME certificate for it. People who wish to send me
> encrypted messages don't need special software; they don't even need to
> be aware that my decryption is unusual.


That is a neat property though, and may well find a use in some other 
privacy-enhancing technique.



I just read of an idea, I don't know who by, about making RSA keys 
shorter - choose the first prime at random, then choose the second prime 
so that the first 2n/3 bits of n are some fixed, shared value.


-- Peter Fairbrother




From zenadsl6186 at zen.co.uk  Tue Mar 25 03:50:34 2014
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Tue, 25 Mar 2014 03:50:34 +0000
Subject: Common law powers to force disclosure etc
In-Reply-To: <CAEWR3ku2WhD-2=EBNGUmniV+uoj2OOgau4BA0gQYw9scT75Uhg@mail.gmail.com>
References: <CAEWR3ku2WhD-2=EBNGUmniV+uoj2OOgau4BA0gQYw9scT75Uhg@mail.gmail.com>
Message-ID: <5330FD0A.9010908@zen.co.uk>

On 24/03/14 09:48, Francis Davey wrote:


Francis, thanks for the detailed answer.

[...]

> Of course a writ of detinue couldn't have been used for an encryption
> key because it is not a chose in possession so cannot be wrongfully
> detained.

Didn't someone from the Home Office once argue that it was?

I'm a bit fuzzy on this, but the existence of the key as a separate 
entity was essential to some argument that in demanding a key they were 
forcing people to give up an object rather than providing testimony 
against themselves.

Though I don't know whether they could order you to give up the key to a 
safe with evidence inside it.

-- Peter Fairbrother


From ben at links.org  Tue Mar 25 03:58:06 2014
From: ben at links.org (Ben Laurie)
Date: Tue, 25 Mar 2014 03:58:06 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <5330FAE3.6060707@zen.co.uk>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<53281F28.3060106@casparbowden.net> <532B6FD6.6080009@zen.co.uk>
	<532BE5D7.1040505@casparbowden.net> <532F7571.1090505@zen.co.uk>
	<CACAki+uSCqZBBB1yTys3EE0pFpOrMHUEJnqCMN771NYKsL2-9g@mail.gmail.com>
	<5330FAE3.6060707@zen.co.uk>
Message-ID: <CAG5KPzyj58R2BNd9OUuf=J0CEoc9KbeqmVcO6vd4zdvK=rDuTw@mail.gmail.com>

On 25 March 2014 03:41, Peter Fairbrother <zenadsl6186 at zen.co.uk> wrote:
> That's cool, but it isn't much use here, and the resulting key can still be
> used for encryption - we need a key which can't be used for encryption here,
> only for signatures (else it can be demanded).

a) DSA

b) If you can sign, you can encrypt
(http://en.wikipedia.org/wiki/Chaffing_and_winnowing)


From lists at internetpolicyagency.com  Tue Mar 25 09:33:53 2014
From: lists at internetpolicyagency.com (Roland Perry)
Date: Tue, 25 Mar 2014 09:33:53 +0000
Subject: Fwd: Fwd: Delivery Status Notification (Failure)
In-Reply-To: <CAEWR3kuk_m8KbOWFmkZMjEm4GT-FdSkAq5Ot5x6vcvnsoEWTNg@mail.gmail.com>
References: <CAEWR3kve=8=tQhKOKTst_vDOZc4aEmO32Zv64hnUPrqS3sfYLA@mail.gmail.com>
	<532CE50F.7030206@zen.co.uk> <532F77E5.90405@zen.co.uk>
	<6rMHImyxt+LTFAbk@perry.co.uk> <533050EC.7010407@zen.co.uk>
	<A+vZ9+JjhFMTFAUA@perry.co.uk>
	<CAEWR3kuk_m8KbOWFmkZMjEm4GT-FdSkAq5Ot5x6vcvnsoEWTNg@mail.gmail.com>
Message-ID: <CFHpzogB2UMTFAmX@perry.co.uk>

In article 
<CAEWR3kuk_m8KbOWFmkZMjEm4GT-FdSkAq5Ot5x6vcvnsoEWTNg at mail.gmail.com>, 
Francis Davey <fjmd1a at gmail.com> writes

 >>If a court order says "produce something" and you don't, that's 
 >>contempt.
>
>To be held in contempt you have to have disobeyed an order that you 
>were capable of obeying. ?

That's taken for granted. We aren't discussing people without keys (be 
they physical or digital), but those unwilling to use them voluntarily.
-- 
Roland Perry


From alan.braggins at gmail.com  Tue Mar 25 11:59:07 2014
From: alan.braggins at gmail.com (Alan Braggins)
Date: Tue, 25 Mar 2014 11:59:07 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <5330FAE3.6060707@zen.co.uk>
References: <532566EB.9080101@casparbowden.net>
	<53271A2A.3040701@zen.co.uk>	<53281F28.3060106@casparbowden.net>
	<532B6FD6.6080009@zen.co.uk>	<532BE5D7.1040505@casparbowden.net>
	<532F7571.1090505@zen.co.uk>	<CACAki+uSCqZBBB1yTys3EE0pFpOrMHUEJnqCMN771NYKsL2-9g@mail.gmail.com>
	<5330FAE3.6060707@zen.co.uk>
Message-ID: <53316F8B.2090106@gmail.com>

On 25/03/14 03:41, Peter Fairbrother wrote:
> I just read of an idea, I don't know who by, about making RSA keys
> shorter - choose the first prime at random, then choose the second prime
> so that the first 2n/3 bits of n are some fixed, shared value.

http://joye.site88.net/papers/Joy08rsacompr.pdf says "Bernstein reports
an unpublished result by Coppersmith for specifying  up to 2n/3 bits
using lattice reduction" (with references to slides for a couple of
talks by Bernstein).

http://cr.yp.to/sigs/rwsota-20080131.pdf says "Coppersmith 2003"
for the lattice reduction, but doesn't seem to list that in the
references.

http://cr.yp.to/talks/2005.11.06/slides.pdf explains the actual
method, on a slide titled "Primes in lattices".

For n/2, Joye says "presented at ASIACRYPT '98 by Lenstra",
and "reinvented many times".
Bernstein just says "widely known" for n/2.



From zenadsl6186 at zen.co.uk  Tue Mar 25 21:37:00 2014
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Tue, 25 Mar 2014 21:37:00 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <CAG5KPzyj58R2BNd9OUuf=J0CEoc9KbeqmVcO6vd4zdvK=rDuTw@mail.gmail.com>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<53281F28.3060106@casparbowden.net> <532B6FD6.6080009@zen.co.uk>
	<532BE5D7.1040505@casparbowden.net> <532F7571.1090505@zen.co.uk>
	<CACAki+uSCqZBBB1yTys3EE0pFpOrMHUEJnqCMN771NYKsL2-9g@mail.gmail.com>
	<5330FAE3.6060707@zen.co.uk>
	<CAG5KPzyj58R2BNd9OUuf=J0CEoc9KbeqmVcO6vd4zdvK=rDuTw@mail.gmail.com>
Message-ID: <5331F6FC.4000809@zen.co.uk>

On 25/03/14 03:58, Ben Laurie wrote:
> On 25 March 2014 03:41, Peter Fairbrother <zenadsl6186 at zen.co.uk> wrote:
>> That's cool, but it isn't much use here, and the resulting key can still be
>> used for encryption - we need a key which can't be used for encryption here,
>> only for signatures (else it can be demanded).
>
> a) DSA
>
> b) If you can sign, you can encrypt
> (http://en.wikipedia.org/wiki/Chaffing_and_winnowing)
>

Yep - the bigger problem is when other people use your signing key to 
encrypt :(


Separately, to Alan B., thanks for the info.


below is a kinda-draft, ignore if not interested.

-- Peter Fairbrother




Improved email:

Objectives:

1) to eventually get a majority of all email sent end-to-end encrypted 
to a minimum security standard, such that active measures are needed to 
intercept and read it.

2) to be usable in a highly secure manner if and when that is required.

3) to resist demands for decryptions and for keys.

4) to be as future-proof as possible.

5) we think anonymity is not immediately practicable.



In order to achieve these objectives the following requirements must be met:


** Legal requirements:

To be entirely open source and free, as in BSD or similar license.

    If not then Wassenaar and/or other crypto export requirements may 
apply, defeating objective 1)



** Software requirements:

A] be as widely compatible as possible, so that many people will use it

B] be easy to use, indeed almost transparent to the user, so that many 
people will use it

C) well-developed email reader and webmail clients are essential. If 
they aren't consumer-grade consumers won't use them,  writing 
non-consumer-grade clients is just a waste of time and effort.

D) must be compatible with normal email, but default to encrypted mode

E) must be cheap to install and operate, and not require normal email 
servers to do anything



** Cryptographic and security requirements:

a) an automatic key server, probably distributed/shared. We don't want 
the user to have to do anything to obtain a relevant key, otherwise he 
may not bother [1]

b) ephemeral keys, signature-only keys [2]

c) high-secure mode must look the same as low-secure mode to an attacker

d) clear distinction to the user between security modes in use





notes:

[1] A suggestion, a distributed key service.

Each keyserver accepts keys from (and generated by) users, sends them a 
confirm message to the email address attached to the key, then on 
receipt of the (signed) confirm reply adds the key to the shared list.

Each shared list entry consists of: email address, server, date added, 
key. The list is hashed and updated between servers a bit like the 
bitcoin list (which might also pay for the key servers, eg the right to 
send spam).

When a user wants to send an email he contacts his list server, the 
recipient's list server, and another list server chosen at random and 
asks each for the key. The recipient's key server also replies with a 
signed-by-the-recipient ephemeral key as well as the recipient's key.

If there is only one key for the email address, and the three responses 
match, and the sender's own copy of the recipient's key (if he has one) 
all match, then he uses the signed and dated ephemeral key provided by 
the recipients key server.

The replies from the servers are all signed, so if they don't match we 
want to know why - the replies can then be published, so if a server 
cheats then it can be found out and shamed.

There is a little more, eg when there is no key or more than one key 
attached to a single email address, but that's basically how to find a 
new correspondent's key from his email address.

Note that the key servers are separate from the email servers which just 
work in the normal way.

Though perhaps the security level of the key server isn't that great, 
it's better than nothing. If the user wants better key security he can 
get it in many ways, eg by sharing keys in person, which can be 
displayed in a menu somewhere onscreen.




[2] ephemeral keys for resistance to subject-matter-key demands, 
signature-only keys to prevent legal demands for keys which authenticate 
the ephemeral keys.

Ephemeral keys are updated automatically, the user should need to make 
no input to update the keys.






From igb at batten.eu.org  Tue Mar 25 21:51:23 2014
From: igb at batten.eu.org (Ian Batten)
Date: Tue, 25 Mar 2014 21:51:23 +0000
Subject: BBCR4 on Crypto-wars today at 13:30
In-Reply-To: <5330FAE3.6060707@zen.co.uk>
References: <532566EB.9080101@casparbowden.net> <53271A2A.3040701@zen.co.uk>
	<53281F28.3060106@casparbowden.net> <532B6FD6.6080009@zen.co.uk>
	<532BE5D7.1040505@casparbowden.net> <532F7571.1090505@zen.co.uk>
	<CACAki+uSCqZBBB1yTys3EE0pFpOrMHUEJnqCMN771NYKsL2-9g@mail.gmail.com>
	<5330FAE3.6060707@zen.co.uk>
Message-ID: <B671C860-8F1B-4A31-85E4-E18D7B1108C4@batten.eu.org>


On 25 Mar 2014, at 03:41, Peter Fairbrother <zenadsl6186 at zen.co.uk> wrote:
> 
> I just read of an idea, I don't know who by, about making RSA keys shorter - choose the first prime at random, then choose the second prime so that the first 2n/3 bits of n are some fixed, shared value.

As someone else mentioned, 

http://joye.site88.net/papers/Joy08rsacompr.pdf

In 2014, however, is a limiting factor on adoption of encryption really the difference between RSA keys fitting in 86 bytes rather than 256 bytes (as the abstract claims)?  I'm sure there are use-cases where this matters, but it doesn't seem like a terribly common problem.

ian





From Richard.Hopkins at bristol.ac.uk  Fri Mar 28 09:07:51 2014
From: Richard.Hopkins at bristol.ac.uk (Richard Hopkins)
Date: Fri, 28 Mar 2014 09:07:51 +0000
Subject: Google blocking 7zip
Message-ID: <72419DAAA38CA755736CE91A@IT001040.users.bris.ac.uk>


Some time this week, Google started blocking 7zip encrypted archives (.7z). 
You can no longer send or receive emails which contain 7zip encrypted 
attachments nor share them using Google Drive.

I haven't seen any announcement about this...nor any discussion, but it's 
causing us (as a Google Apps for Education "customer") pain.

Google are, of course, only doing this for our protection. What other 
reason could there possibly be?

Richard

http://www.bris.ac.uk/infosec



From codepope at gmail.com  Fri Mar 28 10:30:32 2014
From: codepope at gmail.com (Gmail)
Date: Fri, 28 Mar 2014 10:30:32 +0000
Subject: Google blocking 7zip
In-Reply-To: <72419DAAA38CA755736CE91A@IT001040.users.bris.ac.uk>
References: <72419DAAA38CA755736CE91A@IT001040.users.bris.ac.uk>
Message-ID: <etPan.53354f48.7f4e6e76.1a63@Mothra.local>

Google scans zip and other archives for particular executable file extensions.

https://support.google.com/a/answer/6590?hl=en

"You can't send or receive the following file types:
.ade, .adp, .bat, .chm, .cmd, .com, .cpl, .exe, .hta, .ins, .isp, .jse, .lib, .lnk, .mde, .msc, .msp, .mst, .pif, .scr, .sct, .shb, .sys, .vb, .vbe, .vbs, .vxd, .wsc, .wsf, .wsh
Messages containing the types of files listed above will be bounced back and returned to the sender automatically. Gmail won't accept these file types even if they're sent in a zipped format. Here are some examples of zipped formats:

.zip, .tar, .tgz, .taz, .z, .gz, .rar"
One assumes this has expanded to .7z files and that the archive contains one of the <dramatic music> banned extensions.?

Dj

On 28 March 2014 at 10:16:20, Richard Hopkins (richard.hopkins at bristol.ac.uk) wrote:


Some time this week, Google started blocking 7zip encrypted archives (.7z).  
You can no longer send or receive emails which contain 7zip encrypted  
attachments nor share them using Google Drive.  

I haven't seen any announcement about this...nor any discussion, but it's  
causing us (as a Google Apps for Education "customer") pain.  

Google are, of course, only doing this for our protection. What other  
reason could there possibly be?  

Richard  

http://www.bris.ac.uk/infosec  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20140328/5726f9e5/attachment.html>

From Richard.Hopkins at bristol.ac.uk  Fri Mar 28 11:04:20 2014
From: Richard.Hopkins at bristol.ac.uk (Richard Hopkins)
Date: Fri, 28 Mar 2014 11:04:20 +0000
Subject: Google blocking 7zip
In-Reply-To: <etPan.53354f48.7f4e6e76.1a63@Mothra.local>
References: <72419DAAA38CA755736CE91A@IT001040.users.bris.ac.uk>
	<etPan.53354f48.7f4e6e76.1a63@Mothra.local>
Message-ID: <03A8F9F91408976BAF68708F@IT001040.users.bris.ac.uk>

--On 28 March 2014 10:30 +0000 Gmail <codepope at gmail.com> wrote:

> One assumes this has expanded to .7z files and that the archive contains
> one of the <dramatic music> banned extensions.?

Yes, I kind of assumed the same (that .7z had been added to the list, but 
the webpage hasn't been updated to reflect).

However, *all* .7z (encrypted) archives are blocked, whether they contain 
"dangerous" attachments or not.

I'm hoping that Google have made a mistake here which they will recognise 
and fix real soon.

Cheers,

Richard


Richard

http://www.bris.ac.uk/infosec



From alan.braggins at gmail.com  Fri Mar 28 11:09:57 2014
From: alan.braggins at gmail.com (Alan Braggins)
Date: Fri, 28 Mar 2014 11:09:57 +0000
Subject: Google blocking 7zip
In-Reply-To: <03A8F9F91408976BAF68708F@IT001040.users.bris.ac.uk>
References: <72419DAAA38CA755736CE91A@IT001040.users.bris.ac.uk>	<etPan.53354f48.7f4e6e76.1a63@Mothra.local>
	<03A8F9F91408976BAF68708F@IT001040.users.bris.ac.uk>
Message-ID: <53355885.6050903@gmail.com>

On 28/03/14 11:04, Richard Hopkins wrote:
> --On 28 March 2014 10:30 +0000 Gmail <codepope at gmail.com> wrote:
>
>> One assumes this has expanded to .7z files and that the archive contains
>> one of the <dramatic music> banned extensions.
>
> Yes, I kind of assumed the same (that .7z had been added to the list,
> but the webpage hasn't been updated to reflect).

The web page does say "examples" of zipped formats, implying it's not
a complete list.


> However, *all* .7z (encrypted) archives are blocked, whether they
> contain "dangerous" attachments or not.

Depending on the encryption scheme used, it may be impossible to tell
what file extensions exist within the archive. cf. "It isn't possible
to send a password-protected zip file containing a zip file. Please
de-compress all files or remove the password protection if possible."



From codepope at gmail.com  Fri Mar 28 11:13:00 2014
From: codepope at gmail.com (Gmail)
Date: Fri, 28 Mar 2014 11:13:00 +0000
Subject: Google blocking 7zip
In-Reply-To: <03A8F9F91408976BAF68708F@IT001040.users.bris.ac.uk>
References: <72419DAAA38CA755736CE91A@IT001040.users.bris.ac.uk>
	<etPan.53354f48.7f4e6e76.1a63@Mothra.local>
	<03A8F9F91408976BAF68708F@IT001040.users.bris.ac.uk>
Message-ID: <etPan.5335593c.3116b2dd.1a63@Mothra.local>

Well, there is another option and that is that something in your 7z archives is tripping
the scanning... Google may have turned on some of the VirusTotal scanning. Have you tried
dropping a smaller 7z archive into?https://www.virustotal.com/?and seeing if it flags anything?

Dj


On 28 March 2014 at 11:04:35, Richard Hopkins (richard.hopkins at bristol.ac.uk) wrote:

--On 28 March 2014 10:30 +0000 Gmail <codepope at gmail.com> wrote:  

> One assumes this has expanded to .7z files and that the archive contains  
> one of the <dramatic music> banned extensions.?  

Yes, I kind of assumed the same (that .7z had been added to the list, but  
the webpage hasn't been updated to reflect).  

However, *all* .7z (encrypted) archives are blocked, whether they contain  
"dangerous" attachments or not.  

I'm hoping that Google have made a mistake here which they will recognise  
and fix real soon.  

Cheers,  

Richard  


Richard  

http://www.bris.ac.uk/infosec  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20140328/9b2a315c/attachment.html>

From Richard.Hopkins at bristol.ac.uk  Fri Mar 28 11:19:22 2014
From: Richard.Hopkins at bristol.ac.uk (Richard Hopkins)
Date: Fri, 28 Mar 2014 11:19:22 +0000
Subject: Google blocking 7zip
In-Reply-To: <etPan.5335593c.3116b2dd.1a63@Mothra.local>
References: <72419DAAA38CA755736CE91A@IT001040.users.bris.ac.uk>
	<etPan.53354f48.7f4e6e76.1a63@Mothra.local>
	<03A8F9F91408976BAF68708F@IT001040.users.bris.ac.uk>
	<etPan.5335593c.3116b2dd.1a63@Mothra.local>
Message-ID: <1673560E9BCC0522DDF6E55C@IT001040.users.bris.ac.uk>

--On 28 March 2014 11:13 +0000 Gmail <codepope at gmail.com> wrote:

> Well, there is another option and that is that something in your 7z
> archives is tripping the scanning... Google may have turned on some of
> the VirusTotal scanning. Have you tried dropping a smaller 7z archive
> into?https://www.virustotal.com/?and seeing if it flags anything?

I'm confident that this isn't the problem.

One other (off list) has confirmed the exact same problem - send a 7z 
archive without a password set and there's no problem. Send the same 
archive with a password and it's blocked.

Richard

http://www.bris.ac.uk/infosec



From roger at hayter.org  Fri Mar 28 11:20:05 2014
From: roger at hayter.org (Roger Hayter)
Date: Fri, 28 Mar 2014 11:20:05 +0000
Subject: Google blocking 7zip
In-Reply-To: <etPan.5335593c.3116b2dd.1a63@Mothra.local>
References: <72419DAAA38CA755736CE91A@IT001040.users.bris.ac.uk>
	<etPan.53354f48.7f4e6e76.1a63@Mothra.local>
	<03A8F9F91408976BAF68708F@IT001040.users.bris.ac.uk>
	<etPan.5335593c.3116b2dd.1a63@Mothra.local>
Message-ID: <07578D36-3AD2-4617-8A83-78554287D2B1@hayter.org>

Do gmail block encrypted files equipped with an 'inoffensive' extension?  Not claiming to be compressed or archived files? 

-- 

Roger Hayter




On 28 Mar 2014, at 11:13, Gmail <codepope at gmail.com> wrote:

> Well, there is another option and that is that something in your 7z archives is tripping
> the scanning... Google may have turned on some of the VirusTotal scanning. Have you tried
> dropping a smaller 7z archive into https://www.virustotal.com/ and seeing if it flags anything?
> 
> Dj
> 
> 
> On 28 March 2014 at 11:04:35, Richard Hopkins (richard.hopkins at bristol.ac.uk) wrote:
> 
>> --On 28 March 2014 10:30 +0000 Gmail <codepope at gmail.com> wrote: 
>> 
>> > One assumes this has expanded to .7z files and that the archive contains 
>> > one of the <dramatic music> banned extensions.  
>> 
>> Yes, I kind of assumed the same (that .7z had been added to the list, but 
>> the webpage hasn't been updated to reflect). 
>> 
>> However, *all* .7z (encrypted) archives are blocked, whether they contain 
>> "dangerous" attachments or not. 
>> 
>> I'm hoping that Google have made a mistake here which they will recognise 
>> and fix real soon. 
>> 
>> Cheers, 
>> 
>> Richard 
>> 
>> 
>> Richard 
>> 
>> http://www.bris.ac.uk/infosec



From ben at links.org  Fri Mar 28 11:32:06 2014
From: ben at links.org (Ben Laurie)
Date: Fri, 28 Mar 2014 11:32:06 +0000
Subject: Google blocking 7zip
In-Reply-To: <07578D36-3AD2-4617-8A83-78554287D2B1@hayter.org>
References: <72419DAAA38CA755736CE91A@IT001040.users.bris.ac.uk>
	<etPan.53354f48.7f4e6e76.1a63@Mothra.local>
	<03A8F9F91408976BAF68708F@IT001040.users.bris.ac.uk>
	<etPan.5335593c.3116b2dd.1a63@Mothra.local>
	<07578D36-3AD2-4617-8A83-78554287D2B1@hayter.org>
Message-ID: <CAG5KPzyYtPwrFnai6HKviEtYMgGuzZQdARw4MnFwAKfDPTNW9w@mail.gmail.com>

On 28 March 2014 11:20, Roger Hayter <roger at hayter.org> wrote:
> Do gmail block encrypted files equipped with an 'inoffensive' extension?  Not claiming to be compressed or archived files?

GMail allows PGP.

>
> --
>
> Roger Hayter
>
>
>
>
> On 28 Mar 2014, at 11:13, Gmail <codepope at gmail.com> wrote:
>
>> Well, there is another option and that is that something in your 7z archives is tripping
>> the scanning... Google may have turned on some of the VirusTotal scanning. Have you tried
>> dropping a smaller 7z archive into https://www.virustotal.com/ and seeing if it flags anything?
>>
>> Dj
>>
>>
>> On 28 March 2014 at 11:04:35, Richard Hopkins (richard.hopkins at bristol.ac.uk) wrote:
>>
>>> --On 28 March 2014 10:30 +0000 Gmail <codepope at gmail.com> wrote:
>>>
>>> > One assumes this has expanded to .7z files and that the archive contains
>>> > one of the <dramatic music> banned extensions.
>>>
>>> Yes, I kind of assumed the same (that .7z had been added to the list, but
>>> the webpage hasn't been updated to reflect).
>>>
>>> However, *all* .7z (encrypted) archives are blocked, whether they contain
>>> "dangerous" attachments or not.
>>>
>>> I'm hoping that Google have made a mistake here which they will recognise
>>> and fix real soon.
>>>
>>> Cheers,
>>>
>>> Richard
>>>
>>>
>>> Richard
>>>
>>> http://www.bris.ac.uk/infosec
>
>


From lists at internetpolicyagency.com  Fri Mar 28 13:42:29 2014
From: lists at internetpolicyagency.com (Roland Perry)
Date: Fri, 28 Mar 2014 13:42:29 +0000
Subject: Google blocking 7zip
In-Reply-To: <etPan.53354f48.7f4e6e76.1a63@Mothra.local>
References: <72419DAAA38CA755736CE91A@IT001040.users.bris.ac.uk>
	<etPan.53354f48.7f4e6e76.1a63@Mothra.local>
Message-ID: <uAHyyE6FxXNTFA7s@perry.co.uk>

In article <etPan.53354f48.7f4e6e76.1a63 at Mothra.local>, Gmail 
<codepope at gmail.com> writes
>"You can't send or receive the following file types:
>.ade, .adp, .bat, .chm, .cmd, .com, .cpl, .exe, .hta, .ins, .isp, .jse, 
>.lib, .lnk, .mde, .msc, .msp, .mst, .pif, .scr, .sct, .shb, .sys, .vb, 
>.vbe, .vbs, .vxd, .wsc, .wsf, .wsh
>
>Messages containing the types of files listed above will be bounced 
>back and returned to the sender automatically. Gmail won't accept these 
>file types even if they're sent in a zipped format. Here are some 
>examples of zipped formats:
>
>.zip, .tar, .tgz, .taz, .z, .gz, .rar"
>
>One assumes this has expanded to .7z files and that the archive 
>contains one of the <dramatic music> banned extensions.?

I suppose that's marginally better than banning all "zip" files (which 
is a slightly blunter instrument, and assumes zip files are sent 
exclusively to make malware more receivable).

-- 
Roland Perry


From chl at clerew.man.ac.uk  Fri Mar 28 15:18:42 2014
From: chl at clerew.man.ac.uk (Charles Lindsey)
Date: Fri, 28 Mar 2014 15:18:42 -0000
Subject: Google blocking 7zip
In-Reply-To: <CAG5KPzyYtPwrFnai6HKviEtYMgGuzZQdARw4MnFwAKfDPTNW9w@mail.gmail.com>
References: <72419DAAA38CA755736CE91A@IT001040.users.bris.ac.uk>
	<etPan.53354f48.7f4e6e76.1a63@Mothra.local>
	<03A8F9F91408976BAF68708F@IT001040.users.bris.ac.uk>
	<etPan.5335593c.3116b2dd.1a63@Mothra.local>
	<07578D36-3AD2-4617-8A83-78554287D2B1@hayter.org>
	<CAG5KPzyYtPwrFnai6HKviEtYMgGuzZQdARw4MnFwAKfDPTNW9w@mail.gmail.com>
Message-ID: <op.xdft5gg56hl8nm@clerew.man.ac.uk>

On Fri, 28 Mar 2014 11:32:06 -0000, Ben Laurie <ben at links.org> wrote:

> On 28 March 2014 11:20, Roger Hayter <roger at hayter.org> wrote:
>> Do gmail block encrypted files equipped with an 'inoffensive'  
>> extension?  Not claiming to be compressed or archived files?
>
> GMail allows PGP.

Then wrap it up in PGP, or make it look like an application/octet-stream,  
or other innocuous object.

I cn't see why they are so bothered by tar balls. The problem with zips is  
that Windoze is likely of open them up and obey and .exe found inside.

-- 
Charles H. Lindsey ---------At Home, doing my own  
thing------------------------
Tel: +44 161 436 6131                         Web:  
http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU,  
U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4  
AB A5


From igb at batten.eu.org  Fri Mar 28 15:33:22 2014
From: igb at batten.eu.org (Ian Batten)
Date: Fri, 28 Mar 2014 15:33:22 +0000
Subject: Google blocking 7zip
In-Reply-To: <72419DAAA38CA755736CE91A@IT001040.users.bris.ac.uk>
References: <72419DAAA38CA755736CE91A@IT001040.users.bris.ac.uk>
Message-ID: <4A138EB1-EAF4-4993-B1EE-AF159C66E510@batten.eu.org>


On 28 Mar 2014, at 09:07, Richard Hopkins <richard.hopkins at bristol.ac.uk> wrote:

> 
> Some time this week, Google started blocking 7zip encrypted archives (.7z). You can no longer send or receive emails which contain 7zip encrypted attachments nor share them using Google Drive.
> 
> I haven't seen any announcement about this...nor any discussion, but it's causing us (as a Google Apps for Education "customer") pain.

Earth to Amphitheatre Parkway: email content policies suitable for protecting naive end users might not be ideal for computer science departments.  And vice versa.

ian



From Richard.Hopkins at bristol.ac.uk  Mon Mar 31 08:40:31 2014
From: Richard.Hopkins at bristol.ac.uk (Richard Hopkins)
Date: Mon, 31 Mar 2014 08:40:31 +0100
Subject: Google blocking 7zip
In-Reply-To: <4A138EB1-EAF4-4993-B1EE-AF159C66E510@batten.eu.org>
References: <72419DAAA38CA755736CE91A@IT001040.users.bris.ac.uk>
	<4A138EB1-EAF4-4993-B1EE-AF159C66E510@batten.eu.org>
Message-ID: <C09E410BD9135E0CE08DF63D@IT001040.users.bris.ac.uk>

--On 28 March 2014 15:33 +0000 Ian Batten <igb at batten.eu.org> wrote:

>> I haven't seen any announcement about this...nor any discussion, but
>> it's causing us (as a Google Apps for Education "customer") pain.
>
> Earth to Amphitheatre Parkway: email content policies suitable for
> protecting naive end users might not be ideal for computer science
> departments.  And vice versa.

Indeed. Our non-technical users can manage simple encryption (7zip), but 
not PGP. Seems a nonsense to suggest that we can protect our users more 
effectively by telling them to encrypt using ZIP rather than 7zip (or in 
our case, use 7zip to create encrypted .zip archives rather than encrypted 
.7z archives).

Richard

http://www.bris.ac.uk/infosec