lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: steve.wray at paradise.net.nz (Steve Wray)
Subject: a PGP signed mail? Has to be spam!

> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 
> onedo@....net
> I had to notice something today that really disturbed me. A friend of 
> mine(working for a very big company) complained, that she 
> doesn't get any mails from me anymore. It turned out, that apparently
my 
> mails went straight into the spam filter, as I signed everyone of
them. When I 
> sent unsigned mails, she got them. What do we learn? Crypto is bad
m'kay?
> But for real, does that mean that we won't be able to sign 
> any mails anymore soon, due to the spam problem(and stupid admins)?

About... oh 3 maybe 4 months ago I think...

I recently encountered a similar problem where an ISP silently
implemented
"drop all the pgp signed or encrypted email and don't tell anyone"
policy.
For corporate customers.

We detected it because we use encryption a fair bit so when people don't
get emails they notice.

The wierdest thing was that they were not just filtering out MIME
attached
PGP signatures and messages; they were filtering out email that had
ASCII armored PGP in the body of the email. There was no attachment.

The ISPs line was that they basically admitted incompetence "An upgrade
to
the software set these defaults" and the 'feature' was turned off; for
people
that *asked* for it to be turned off. IIRC, they actually tried to
charge
a (not insignificant) fee to do so.



> 'EGovernment' is the big word everywhere nowadays. The 
> electronic signature is mentioned as a way to ensure the credidibility
of sender and 
> receiver. Now what?

PGP is an unregulated system for something that is a governments 'stock
in trade';
the verification and identity of individuals. They issue passports and
construct 
electoral rolls. I think that they'd like to do it *their* way and
regulate it.
Otherwise who knows? Think of the children.


> Guys(and girls), the situation sucks. What do you think? And, 
> most important 
> of all, do you see any way to fight this behaviour? Because 
> honestly, I 
> don't. 
> Greets
> 
> $me
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Powered by blists - more mailing lists