http://www.al.com/redstone/index.ssf?/base/news/1132827506165260.xml&coll=1

As a government employee, you've heard it all before * lock your computer screen, protect your computer password, shred unwanted government documents, be careful about what is discussed in unclassified phone calls and e-mails, and practice vigilance in all matters related to workplace security.

Government employee? These are the bare essentials that any one who’s in contact with technology for more than 10 minutes a month should practice. Of course, you’d replace “shred unwanted government documents” with “shred everything but the newspaper”, “unclassified phone calls and e-mails” with “anything that isn’t encrypted with a 2048 bit key”, and “workplace security” with “personal security”.

Since Dreamhost doesn’t support any sort of secure SMTP, I’ve been tunneling it through ssh for the past month or so.

ssh -f -N -L 9999:mail.myserver.com:25 myserver.com -l user

9999 is the local port, mail.myserver.com is the mail server, 25 is the remote port, myserver.com is where your shell is, user is your username on the server. Then, just tell Thunderbird (or whatever mail app you use) that your smtp server is localhost:9999

I have this run at bootup, so that all I have to do is type in my key when I boot up and all my mail is encrypted (Dreamhost does support IMAPS).

You could, of course, setup your ssh account to have no key, but this is a rather large sacrifice of security (as soon as the attacker acquires your private key, he has access to your ssh account)– especially if your primary computer is a laptop, like mine.

“Signed in 1947 and known as the UKUSA Agreement, it brought together under a single umberlla the SIGINT organizations of the United States, Britain, Canada, Australia, and New Zealand. Under the pact, the five nations carved up the earth into spheres of cryptologic influence, each country assigned specific targets according to its potential for maximum intercept coverage.

The UKUSA Agreement…has never been officialy acknowledged by any country even today…” Page 391, Jame Bamford’s Puzzle Palace

http://www.schneier.com/crypto-gram-0407.html#3

Cryptographers and U.S. Immigration Seems like cryptographers are being questioned when they enter the U.S. these days. Recently I received this (anonymous) comment: "It seems that the U.S. State Department has a keen interest in foreign cryptographers: Yesterday I tried to renew my visa to the States, and after standing in line and getting fingerprinted, my interviewer, upon hearing that my company sells [a cryptography product], informed me that "due to new regulations," Washington needs to approve my visa application, and that to do so, they need to know exactly which companies I plan to visit in the States, points of contact, etc. etc. Quite a change from my last visa application, for which I didn't even have to show up." I'm curious if any of my foreign readers have similar stories. There are international cryptography conferences held in the United States all the time. It would be a shame if they lost much of their value because of visa regulations.

My new GPG key is up here. I had to revoke the old one.