Hushmail in U.S. v. Tyler Stumbo
Allen
netsecurity at sound-by-design.com
Tue Nov 6 15:09:53 EST 2007
StealthMonger wrote:
[snip]
> The larger truth is that a consequence of using Hushmail is that
> record of when, with whom, and the size of each communication is
> available to Hush, even though the content is concealed.
So the obvious point is that Hushmail, and systems like it,
become "concentrators" and possible single points of failure.
If, on the other hand, you handled your own PKI to send
symmetrical keys to your correspondents and managed the keys with
something like StrongKey, then one could use a vast number of
ISPs/SMTP points so that they may never get a clear path of send
and reply through a single ISP.
As Jon Callas said, "If the system is strong, it all comes down
to your operational security."
Security is not a thing, it is a process that uses tools and
procedures to accomplish the goal. As I like to say, "Security is
lot like democracy - everyone's for it but few understand that
you have to work at it constantly."
Best,
Allen
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list