Hushmail in U.S. v. Tyler Stumbo

Allen netsecurity at
Tue Nov 6 15:09:53 EST 2007

StealthMonger wrote:

> The larger truth is that a consequence of using Hushmail is that
> record of when, with whom, and the size of each communication is
> available to Hush, even though the content is concealed.

So the obvious point is that Hushmail, and systems like it, 
become "concentrators" and possible single points of failure.

If, on the other hand, you handled your own PKI to send 
symmetrical keys to your correspondents and managed the keys with 
something like StrongKey, then one could use a vast number of 
ISPs/SMTP points so that they may never get a clear path of send 
and reply through a single ISP.

As Jon Callas said, "If the system is strong, it all comes down 
to your operational security."

Security is not a thing, it is a process that uses tools and 
procedures to accomplish the goal. As I like to say, "Security is 
lot like democracy - everyone's for it but few understand that 
you have to work at it constantly."



The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list