User talk:Jdcc
|
Greetings, and thanks for your contributions to PGP and OpenPGP; welcome to Wikipedia! Your additions and corrections are much appreciated. I've removed a couple of phrases along the lines of "PGP's design has been (and remains) cryptographically excellent"; it would be better if we could replace such assertions with things like "PGP has been recommended for use by independent group of cryptographic experts X" or "Report Y by cryptographer Z finds no problems with the design of PGP". Have a look at Neutral_point_of_view#Characterizing_opinions_of_people's_work. Some coordination for cryptography here is done at WikiProject Cryptography, as well, of course, as on the various talk pages. — Matt 08:53, 4 May 2004 (UTC)
Matt -- I don't mind your removing that phrase. I didn't write it, someone else did. All I did was fail to delete it. :-) I was mildly uncomfortable with it, but I thought it was both flattering to PGP and I agreed with it, so I left it there. If you want it gone, sure. I'm happy to put in some other things like that PGP is one of the two NIST-approved standards for message encryption (S/MIME is the other one).
I tried very hard to correct things that I knew were mistakes, and fill in things that are part of the historical gray area of PGP. Simson's book ends at the beginning of '95. The Z-affaire ended in January '96. I did some work with them (being a fan) at that time and being a crypto guy at Apple. I left Apple for PGP Inc. in Jan '97, and consequently there are lots of things that were never adequately explained. Now the story can be told. Some stuff I changed because it was partially true -- for example, the explanation of digital signatures describes RSA but not DSA signatures. Thanks for leaving my edits predominately.
- I've copied some bits and replied at Talk:Pretty Good Privacy, just to try and keep these things in a place where future editors can find them! — Matt 11:32, 7 May 2004 (UTC)
I'm happy to help with the other projects as well.
-- Jon
jdcc,
Likewise thank you for your edits. And likewise an invitation (if you're willing) to join the valiant crew (in your mind's eye -- Arvindn, Imran, Matt, Securiger, ww, ... standing tall and peering myopically into the sunset) struggling to explain crypto to the masses. With the looming of mandatory digital rights management expected in Longhorn, it will become more than merely an enthusiasm of the odd.
I too have made some changes in the article you left (mostly wording and tightening up here and there). I'd appreciate it if you looked over the article and checked to make sure none of the assumptions I made about what was meant were wrong.
I'd like to nominate this article for WP 'featured' status, and so if you agree that none of Matt's, or my, changes have done violence to the information here, I'll go ahead and do so.
Thanks again.
ww 17:40, 4 May 2004 (UTC)
WW -- I would like it if you did nominate it for 'featured.' I'm going back through and making some other edits.
For example: Elgamal is properly thus. I asked Taher years ago, and also worked for him. He is Egyptian by birth, and originally it would be "El Gamal". When he came to the US, two-word surnames are a hassle, so he went to "ElGamal" but that wasn't really any better. So now his legal name is "Elgamal". Yes, I know that Schneier spells it with the intra-cap. That is not the way Taher now spells his name.
The RSA patent wasn't merely "partially controlled" by MIT, they owned it. RSADSI (typo corrected, too) were the sole licensee who then sublicensed. Professors at MIT personally stared down RSADSI in those days.
The security problems with PGP 2 have not been patched. They are still there, and I believe that unless you are already a PGP 2 user, you shouldn't. They are:
- PGP 2 uses MD5, which is known to have flaws.
- The fingerprint of the PGP 2 keys is the MD5 hash of the public key data, but not its length. This means that it can be spoofed.
- The key id of a key is the low 64 bits of the public modulus, which can be spoofed. In the new keys, it's a truncated hash.
- The Katz attack works best against PGP 2, and is thwarted with MDC in OpenPGP.
None of these can be patched. None of them are "oh, my god, bar the door!" flaws, but they're flaws.
There are some flaws that could be patched against, like the Klima attack to get the private key. But realistically, that fix isn't in the average copy of 2.6.whatever. Also, realistically, no one is going to do a Klima attack against you who can't do something more interesting. The Klima attack requires write access to the disk. Nonetheless, no new user should be using PGP 2, any more than they should be using Windows 3.1, Mac OS 7.5, or Linux 0.99 (which all date from the same era).
- J, (is it Jon or jdcc?) I've replied to some of this at Talk:PGP. The ownership v control issue was more complicated then you suggest for reasons (legal and commercial) more complicated still. I've seen ElGamal in several forms, so I'm glad you've clarified it all. Glad to see you're willing to pitch in on, and help in, the crypto corner.
- Where do you stand on the question of the hour, cypher or cipher?
- Welcome. ww 14:18, 7 May 2004 (UTC)
- It's Jon. When I started the OpenPGP working group in the IETF, I asked Taher. I'm more than happy to pitch in.
- To my knowledge, cipher is the American spelling and cypher the British one. I personally prefer the y because I like the way it looks, but usually use the i to appease editors.
- Jon, I wasn't really serious about the spelling question, though some people are. See Talk:Cryptography for some back and forth. Both have a long history in English and it's one of those insane English orthography things. I too prefer y and use it in all my writing on the subject -- even though I'm an AE speaker. I've replied to your comment on PKP at Talk:PGP.
- If you're glazed over on the PGP article, try another in your copious spare time. WP will be glad to soak it up!
- At the moment, the articles which are closest to featured status nomination (aside from PGP) are, in my view, secret sharing and perhaps Enigma, though this last needs a pruning -- it's on my honeydew list. See the talk page for both for some history of how things got there. The comment by jwr at Talk:Enigma isn't yet implemented. ww 15:36, 8 May 2004 (UTC)
- Jon, The spelling thing has acquired some formality in an attempt to settle it, I think. Anyway, you might want to check in if only to be certain your view has been correctly noted. Best wishes. ww 20:54, 25 May 2004 (UTC)
Jon, PGP has been nominated and has gotten generally favorable responses. See featured article nominations. jwr made some comments to which I replied with a series of edits, of which he approved, and has changed his comment to support. Matt opposed on 'not brilliant enough prose' grounds. Some were addressed by edits made by isomorphic and myself, but Matt's objection continues. See Talk:PGP and User Talk:Matt Crypto at 'PGP comment'. You may want to look into the assorted activity to see that no one has too badly bent the facts and perhaps to address some of Matt's remaining concerns.
On other issues, I have turned up several crypto articles which seem to me to be almost ready for prime time. They are listed, with comments, at Wikiproject Cryptography. Any of them might be appropriate for your attentions as well, assuming you have any time available.
Thanks, ww 16:35, 21 May 2004 (UTC)
WikiProject Cryptography mailshot
Hi, quick note to let you know about what's happening with the WikiReader in Cryptography. There's now a provisional Table of Contents to work with, and for the next 68 days or so there'll be an "Article of the Day" scheme: each day there'll be a particular article highlighted for reviewing and fixing. There's two templates for this purpose: Template:WikiReaderCryptographyAOTD and Template:WikiReaderCryptographyAOTD-Verbose. The smaller one looks like this:
|
These articles are likely to be some of the earliest English Wikipedia content to get turned into a print version, and any help in making them as good as possible would be much appreciated. Thanks! — Matt 01:50, 29 Jul 2004 (UTC)
New Mathematics Wikiportal
I noticed you've done some work on Mathematics articles. I wanted to point out to you the new Mathematics Wikiportal- more specifically, to the Mathematics Collaboration of the Week page. I'm looking for any math-related stubs or non-existant articles that you would like to see on Wikipedia. Additionally, I wondered if you'd be willing to help out on some of the Collaboration of the Week pages.
I encourage you to vote on the current Collaboration of the Week, because I'm very interested in which articles you think need to be written or added to, and because I understand that I cannot do the enormous amount of work required on some of the Math stubs alone. I'm asking for your help, and also your critiques on the way the portal is set up.
Please direct all comments to my user-talk page, the Math Wikiportal talk page, or the Math Collaboration of the Week talk page. Thanks a lot for your support! ral315 02:54, Feb 11, 2005 (UTC)