[Discuss] email privacy/security

Bill Bogstad bogstad at pobox.com
Mon Aug 5 14:42:38 EDT 2013


On Mon, Aug 5, 2013 at 12:39 PM, Kent Borg <kentborg at borg.org> wrote:
> On 08/05/2013 11:30 AM, Richard Pieri wrote:
>>
>> S/MIME is that it depends on a certificate authority to issue X.509
>> certificates.
>.......
> Good cryptography is great. Flawed cryptography--even just using obscure
> non-standard compression and binary data formats--makes your foes work for
> it.  And active MitM attacks completely changed the economics.  Don't give
> them plaintext for the price of a tap and a data path back to their servers.
> Make them work for it.  Make them wonder whether the work will even be worth
> it (because maybe you are using good cryptography with a good key).  Send
> pure high-quality random data if you are so inclined, just to worry them.

Or you could slap a header on the front that makes it look like it is
encrypted with a decent (but brute forceable) cypher.   Some news
reports have suggested that "they" are permanently storing everything
that is encrypted for possible future decryption.   Get all your
friends to do this and then buy stock in companies that sell archival
storage systems.   Fill up the silos with plenty of hay and they may
never have the resources use wholesale decryption to find the actual
needles in those hay stacks of S/MIME or PGP "encrypted" messages.

Bill Bogstad



More information about the Discuss mailing list