[cryptography] Non-governmental exploitation of crypto flaws?

Ed Stone temp at synernet.com
Tue Nov 29 08:04:21 EST 2011


Possibly like NSA warrantless hoovering (ex: the San Francisco splitter), this mailman "feature" is not used to evil ends and is no worry.

Alternatively, privacy may be more vulnerable to simple user oversights than short keys.

On Nov 28, 2011, at 9:27 PM, cryptography-request at randombit.net wrote:

> Date: Mon, 28 Nov 2011 20:40:45 -0500
> From: Steven Bellovin <smb at cs.columbia.edu>
> To: Crypto discussion list <cryptography at randombit.net>
> Subject: Re: [cryptography] Non-governmental exploitation of crypto
> 	flaws?
> Message-ID: <E195C770-6CCD-435E-AF69-B57D272AC5F1 at cs.columbia.edu>
> Content-Type: text/plain; charset=us-ascii
> 
> 
> On Nov 28, 2011, at 8:03 PM, Nico Williams wrote:
> 
>> The list is configured to set Reply-To.  This is bad, and in some
>> cases has had humorous results.  I recommend the list owners change
>> this ASAP.
> 
> 
> Agree, strongly.  The mailman documentation agrees with us.  I'm on the
> verge of unsubscribing on the grounds that the list is a privacy violation
> in action.
> 
> 		--Steve Bellovin, https://www.cs.columbia.edu/~smb




More information about the cryptography mailing list