[107401] in cryptography@c2.net mail archive
Re: Hushmail in U.S. v. Tyler Stumbo
daemon@ATHENA.MIT.EDU (Allen)
Tue Nov 6 18:12:57 2007
Date: Tue, 06 Nov 2007 12:09:53 -0800
From: Allen <netsecurity@sound-by-design.com>
To: cryptography@metzdowd.com
CC: Arshad Noor <arshad.noor@strongauth.com>
In-Reply-To: <20071102051724.39DAC63B0E@panta-rhei.eu.org>
StealthMonger wrote:
[snip]
> The larger truth is that a consequence of using Hushmail is that
> record of when, with whom, and the size of each communication is
> available to Hush, even though the content is concealed.
So the obvious point is that Hushmail, and systems like it,
become "concentrators" and possible single points of failure.
If, on the other hand, you handled your own PKI to send
symmetrical keys to your correspondents and managed the keys with
something like StrongKey, then one could use a vast number of
ISPs/SMTP points so that they may never get a clear path of send
and reply through a single ISP.
As Jon Callas said, "If the system is strong, it all comes down
to your operational security."
Security is not a thing, it is a process that uses tools and
procedures to accomplish the goal. As I like to say, "Security is
lot like democracy - everyone's for it but few understand that
you have to work at it constantly."
Best,
Allen
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
