Re: Hushmail in U.S. v. Tyler Stumbo

Thread: Re: Hushmail in U.S. v. Tyler Stumbo

Search this list only Search all lists
Re: Hushmail in U.S. v. Tyler Stumbo
	2007-11-02 00:17:24
Jon Callas <joncallas.org> writes: > Hushmail is not a scam. They do a very good job of explaining what > they do, what they cannot do, and against which threats they > protect. You may quibble all you want with its effectiveness but > they are not a scam. A scam is being dishonest. Failure to tell the whole truth is a form of dishonesty, just as is telling a lie. By silently, implicitly adopting a narrow definition of "security", Hush are able to claim "Only Hush's solution provides such a high level of security combined with total ease of use." [1] The larger truth is that a consequence of using Hushmail is that record of when, with whom, and the size of each communication is available to Hush, even though the content is concealed. According to the original poster, it's these kinds of data that Hushmail was required to turn over to the US DEA. -- StealthMonger <StealthMongerhod.aarg.net> <StealthMongernym.panta-rhei.eu.org> <StealthMongernym.alias.net> -- stealthmail: Scripts to hide whether you're doing email, or when, or with whom. http://stealthsui te.afflictions.org [1] http://www.hushmail .com/about-how ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

Re: Hushmail in U.S. v. Tyler Stumbo
United States	2007-11-06 14:09:53
StealthMonger wrote: [snip] > The larger truth is that a consequence of using Hushmail is that > record of when, with whom, and the size of each communication is > available to Hush, even though the content is concealed. So the obvious point is that Hushmail, and systems like it, become "concentrators" and possible single points of failure. If, on the other hand, you handled your own PKI to send symmetrical keys to your correspondents and managed the keys with something like StrongKey, then one could use a vast number of ISPs/SMTP points so that they may never get a clear path of send and reply through a single ISP. As Jon Callas said, "If the system is strong, it all comes down to your operational security." Security is not a thing, it is a process that uses tools and procedures to accomplish the goal. As I like to say, "Security is lot like democracy - everyone's for it but few understand that you have to work at it constantly." Best, Allen ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )