Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ciphire, A Transparent, Easy PGP Alternative

Posted by timothy on from the not-just-translucent dept.

mixter writes "Hi. I'd like to point your attention to Ciphire, a fully free and soon-to-be-audited-OpenSource 'Global PKI' project I've been working on for the last three years. As the first three or four thousand geeks started using Ciphire and seem happy, with some tech articles written, I guess the /. community might find this interesting, too. Ciphire hopes to have solved the problems that prevented PGP from a broader deployment, with even higher security standards - as already confirmed by crypto experts Housley & Ferguson. More useful information, e.g. in Wired or in the Nerd^H^H^H^Hexperts FAQ."

10 of 345 comments (clear)

  1. GPG? by Anonymous Coward · · Score: 5, Insightful

    What's wrong with the GNU Privacy Guard?

  2. Re:yeah right... by dq5+studios · · Score: 5, Funny
    so how exactly are you getting it installed and turned on by default in Outlook and Outlook Express?


    A new e-mail worm?
  3. Useless... by gst · · Score: 5, Insightful

    And what are the advantages? We already have the OpenPGP standard which is implemented by GnuPG and PGP. People who prefer free software are able to use GnuPG which is licensed under the GPL. If someone prefers commercial software he can use PGP - it even comes with a nice GUI if you use it on Windows. So let's look at your product: Non-free, No-source code, not standards complient, binaries only available for a limit number of platforms. So - in your posting you say "OpenSource" - on the webpage you write that you may publish the source in the future, but that it will only be free for non-commercial users. This is NOT OpenSource - see http://www.opensource.org/docs/definition.php for the definition what OpenSource means. Anyway, are there ANY advantages why I should even bother do download your product? Ah - don't mind - I just noticed that there aren't any LinuxPPC binaries, so I can't use it.

    1. Re:Useless... by mark*workfire · · Score: 5, Insightful

      PGP is a known secure cryptosystem. Fact of the matter, there is no need for new cryptosystems.

      Well, I guess all that needs to be invented has been invented. We already have an operating system majority (Windows). There's already a major chip vendor (Intel). Antec makes the best cases, so lets just tell all the others to stop.

      Maybe, just maybe, a little mind opening is needed here? Perhaps there's something about (Cipher) that can be used in PGP, or vice versa. Slashdot is full of 'competition is a good thing' type quotes, and I'd say it applies here.

  4. How is it free or open source? by art6217 · · Score: 5, Informative

    From their pages: "Ciphire Mail will always be free for private users, non-profit organizations, educational institutions, and the press".

  5. I'll stick to GPG and SSH protocols, thank you. by Spicerun · · Score: 5, Interesting

    Gee, why I'm not enthralled with Ciphire protocols:

    1) Another 'works perfectly program with WinXp, WinXX, etc.' that claims it will also support Linux/xBSD with no catches....where have I heard that one before?

    2) Another Certificates laden protocol in the footsteps of SSL. (ie - you can have security if you pay us the megabucks for that 3 month term Certificate, but ignore those Certificates easily faked, etc.) I wish SSL would die instead of being a Certificate money making machine.

    3) Another program that promises it will do everything SSH already does without the certificates....just buy a certificate to make Ciphire work.

  6. Not OpenPGP Compliant and no Good reason by Equinox11 · · Score: 5, Insightful

    I think this product would of been great if they would of made it OpenPGP compliant, and have a method of signing your keys for a particular email address(verify email address, send a web link, click on link and you're done) If they would of implemented all the automatic sender email matching, automatic decryption, automatic signing, etc. with the current(OpenPGP) standards it would be great.. You would already have a compatible userbase & everything. But as of now I have to support two standards S/MIME and OpenPGP when communicating with people.. Why would I want to recommend to a less technical friend a 3rd one? I'll just set them up with Thunderbird/Mozilla and Enigmail(http://enigmail.mozdev.org) If you havent looked at enigmail check it out.. I'm very impressed with it, and it works fine under windos too.

  7. free as in "free beer"? by g2ek · · Score: 5, Informative

    2. LICENSE GRANT

    (a) Subject to all of the terms and conditions set forth in this Agreement, Licensor grants to Licensee a non-exclusive, personal, non-transferable, non-sublicensable right, during the term of this Agreement, to use the Software, and the Services solely for Licensee's own Personal Use and in accordance with the applicable documentation and instructions made available by Licensor.

    (b) In no event shall Licensee distribute, display, or otherwise make available to any third party, the Software (including any copy, portion, extract, or derivative thereof).

    (c) Licensee shall not, and shall not assist, enable or otherwise permit or allow any third party to, (i) alter, adapt, modify, translate, create derivative works of, (ii) except to the extent expressly permitted by mandatory applicable law notwithstanding an agreement to the contrary, decompile, disassemble or otherwise reverse engineer or attempt to derive the source code of, or any technical data, know-how, trade secrets, processes, techniques, specifications, protocols, Key and data-formats, methods, algorithms, interfaces, ideas, solutions, structures or other information embedded or used in, (iii) rent, lend, loan, lease, sell, distribute or sublicense, or (iv) remove, alter or obscure any proprietary or restrictive notices affixed to or contained in, the Software or any copy, portion, extract or derivative thereof. In addition, Licensee shall not provide, disclose or otherwise make available the Software or any copy, portion, extract or derivative thereof, or permit use of any of the foregoing by or for the benefit of any third party (including, without limitation, on a hosting, service-bureau, time-sharing or subscription service basis).

    (d) The Software is licensed as a single product package and Licensee shall not, and shall not assist, enable or otherwise permit or allow any third party to, separate the Software, or use any component parts thereof other than as part of the Software as and in the form provided by Licensor.

    (e) Licensee shall not use the Software other than in connection with the Key-Data and the Services provided by Licensor under this Agreement.

    https://www.ciphirebeta.com/about/eula.html

  8. Centralized directories are bad ! by louarnkoz · · Score: 5, Insightful
    If you look at the little pictues "how it works" on the ciphire site, it appears that before sending a mail to Bob, Alice retrieves Bob's certificate from the ciphire central server. Really? And that is private e-mail? They must be kidding!

    What do you think will happen if someone, say in the name of the war on drugs, wants to interfere? Presto, they can convince the central server to yank Bob's key from the directory and replace it by one of their choosing. Some privacy!

  9. I'm also worried about.... by TVC15 · · Score: 5, Insightful

    8. PRIVACY Licensee hereby expressly agrees and acknowledges that Licensor may collect, store, disclose to third parties and otherwise use and process (collectively "Process") Personal Data in connection with the Services, this Agreement and Licensee's use of the Software, and Licensee hereby authorizes Licensor (including its officers, directors, employees and agents and its suppliers and licensors) to Process Personal Data to the extent reasonably required or useful in connection with the provision of the Services and/or the execution of this Agreement, and in compliance with Licensor's current privacy policy as shown on Licensor's website (www.ciphire.com).

    whats that about?