On Fri, 3 Aug 2001, Aimee Farr wrote:
Hiding or secrecy as a total strategy has historically been limited by the Rule Of Secrets/Least Safe Principle, and the equally-important "well, doesn't this look suspicious!" -- a rule of natural law and human disposition. Crypto is not a person, object and asset invisibility machine.
The real problem with hiding or secrecy as a total strategy is that there can be no community. Your lovely crypto-auction protocol is no damn good unless you can get a critical mass of people to participate in a marketplace, and rather useless unless those people can be anonymous. Ebay may be a good thing, but can you imagine how useless it would be if it had to be kept secret from law-enforcement types? You'd pretty much have to keep it secret from the whole public, and then of course nobody would use it. I've got a nice protocol for running a fully-encrypted mailing list stegoized in images on a web/FTP site, which would be totally invisible to non-participants - but such a list can't be announced publicly so of course nobody could find out about it and join it, without also letting the law know about it and join it. And the list goes on. Every time you try to get something used by more than a dozen people, it cannot be secret. What cannot be secret, you can't keep the law from knowing about. What you can't keep the law from knowing about, you can't keep the law from trying to regulate. And regulation of anything on the internet can happen, because EVERY IP address is in principle traceable. Oh, it may take a week or two -- they may have to slap your ISP with an order to preserve logs and wait for the next time something happens if you're on DHCP, or they may have to get the cooperation of one or more other governments if your login trail runs outside their jurisdiction -- but ultimately, it's traceable. Bear