[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[zs-p2p] Forward Secrecy

Hash: SHA1

On 07/25/2013 12:55 AM, grarpamp wrote:
> Check your preferences are set. Somehow I bet there will be a move
> to this rather soon.

I have my doubts.  Newer SSL libraries have PFS support but whether or
not admins or hosting providers will upgrade to them (or enable PFS
ciphersuites) in a reasonable period of time remains to be seen.  For
example, Dreamhost has no immediate plans to upgrade their server
infrastructure to include releases of OpenSSL that support PFS.

I've lately started to explore SSL configurations around the Net with
this addon for Firefox: https://calomel.org/firefox_ssl_validation.html

> Yet note, Dec, a provider simply logging the session keys is still
> possible.

On the server side, or in their production networks?

> Though much costlier for evil pursue that cheap route if there are
> lots of small mail providers out there for people to use... who
> says you have to use the big three, or cannot run a mail service?

There is nothing that says that you have to use the big three, but
running a personal mail service is problematic today for several
reasons.  Firstly, the CPU power required to perform decent spam
filtering is significant.  Not all providers can provide that kind of
horsepower without charging you through the sinuses.  From a purely
cost-based perspective, it makes more sense to buy the services of a
provider who factors that in.  Second, if your server is on a net in
CONUS, it can be blackbagged.  Evidence suggests that this is already
a known and used tactic.  Third, antispam blacklists are notorious for
deciding that an IP is hostile and blacklisting it for such criteria
as the phase of the moon or whether or not the winning score of the
local sports team was prime or composite last week (this is why I
stopped running my own, incidentally - fewer and fewer people were
receiving mail from me).

> Or a distributed social / call / sharing platform, etc? Next topic,
> DHT p2p tech... we are 'always on' right?

There are a few such solutions in existance right now.  A few of us
have been testing Retroshare (http://retroshare.sf.net/), which uses
the BitTorrent DHT to find peers (among other methods) and its
realtime chat, message boards, and VoIP capabilities are pretty good,
though we've also been discovering lots of bugs scattered across a
number of platforms during the course of testing.  We've also run into
problems with firewalls that are supposed to support UPnP not actually
doing so.

I've been playing around with GnuNET for a couple of days, but the
documentation is, to be honest, kind of pants.  I've yet to make any
real headway with it because the docs don't seem to line up with the
codebase anymore.

- -- 
The Doctor [412/724/301/703] [ZS]

PGP: 0xF1F922F2 / CABE 73FB 2D68 D1EF 3956  A468 7B1F DFE8 F1F9 22F2
WWW: https://drwho.virtadpt.net/

The future belongs to the brave.

Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

zs-p2p mailing list
[email protected]