Internet and e-mail policy and practice
including Notes on Internet E-mail


2019
Months
Dec

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home

24 Oct 2019

Crypto back doors are still a bad idea Security

In the always interesting Lawfare blog, former FBI counsel Jim Baker in a piece called Rethinking Encryption reiterates his take on the encrpytion debates. There's a certain amount that makes me want to bang my head against the wall, e.g.

After working on the going dark problem for years, I'm confident that this problem can be addressed from a technical perspective. In most cases, it's just software, and software can be rewritten.

But it's worth reading to remind us of what the other side is thinking, even with a lot of motivated reasoning that makes him conclude that Congress can pass some laws and the going dark problem will be solved.

A reader who is relatively new to this fight asked me is there's a short and accessible explanation of why crypto back doors can't work.

See more ...


posted at: 12:05 :: permanent link to this entry :: 0 comments
Stable link is https://www.jl.ly/Security/noback.html

25 Sep 2019

Interview about EAI and Universal Acceptance Internet

Earlier this year I gave a talk as a UASG Ambassador at the eco talk at the CSA summit in Cologne. We did a video interview which they finally finished editing and put on their web site here.

eco have a little more info their web site at https://www.dotmagazine.online/issues/digital-identities/ipv6/EAI.

The camera angle is a little odd but other than that I think it came out well.


posted at: 20:47 :: permanent link to this entry :: 0 comments
Stable link is https://www.jl.ly/Internet/uainterview.html

07 Sep 2019

Fewer bad examples for mail Email

The DNS has always had a few names for use as examples in documentation, domains example.com, example.net, example.org, and example.edu. In 1999 RFC 2606 formally reserved the first three.

There's nothing technically special about these names, which have normal WHOIS and DNS entries, managed by IANA. Until recently, that meant that even though none of them handle any e-mail, mail sent to them by mistake worked badly.

See more ...


posted at: 05:56 :: permanent link to this entry :: 0 comments
Stable link is https://www.jl.ly/Email/exampnull.html

22 Aug 2019

What does blockchain have to do with voting? Internet

Apropos of recent news stories about a blockchain based voting system that was hacked before its first election, someone asked:

Perhaps final recognition that a lot of blockchain is hype? Or simply an interesting side-story?

A blockchain can ensure that the lies you see are the same lies that were published, but that doesn't have much to do with voting.

Voting has a very peculiar security model -- you need to verify that each person voted at most once, you need to count all of the votes for each candidate, and you need not to link the two. A lot of very bad voting systems are built by people who wrongly assume that its security model is similar to something else, which it is not.

An obvious example is Diebold who built voting machines that worked like ATMs, which was a disaster, since the way you audit ATMs depends on the details of each transaction being linked to the person doing it.

Paper ballots have a lot to recommend them. It's easy for poll workers to observe that each voter puts one ballot into the box, they're relatively easy to count (we use mark sense machines here) and compared to the spaghetti code in direct recording machines, they're quite tamper resistant.


posted at: 20:26 :: permanent link to this entry :: 0 comments
Stable link is https://www.jl.ly/Internet/notvote.html

28 May 2019

What does it mean to Deploy DMARC? Email
The IETF's
DMARC working group is thinking about a maintenance update to the DMARC spec, fixing bits that are unclear and perhaps changing it where what mail servers do doesn't exactly agree with what it says. Someone noted that a lot of mailers claim to have ``deployed DMARC'', and it's not at at all clear what that really means.

See more ...


posted at: 23:32 :: permanent link to this entry :: 0 comments
Stable link is https://www.jl.ly/Email/dmarcwhat.html

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access
52 days ago

A keen grasp of the obvious
My high security debit card
358 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.