An interesting thread concerning M-o-o-t can be found at http://www.topica.com/lists/m-o-o-t-os-group/read Of particular interest to cypherpunks may be the "Threats and Weaknesses" analysis begun in Dec 2000 Threats and Weaknesses ====================== Workstation: · Hardware/firmware traps either built-in or add-on (eg keystroke data capture plugs) · Execution on a virtual machine designed to compromise the application · Surveillance techniques (camera, electronic monitoring, "Tempest") · Trojan horse software via doctored compiler · Trojan horse software via doctored CD Server: · Undetected impostors or other subversion of security software · Key captures · Billing/Account/Payment tracing and trawling Network: · Denial of service attacks on the havens · DNS and routing attacks (eg via ARPS, spoofing etc) · false packet etc protocol attacks · traffic analysis · monkey in the middle attacks User: · Criminalise this product · Criminalise encryption · Problem of creating a personal identifier that cannot be copied, forged or usurped by force · Billing systems may expose usage details Data: · Data entry and exit to the unsecure world - need to have anonymous methods for this · Is the data going to be locked up too tightly to be useful? · Can the data be manageable but still secure? Eg, individual directories may be necessary but a security risk. If there is no good built-in management system, people will create hazardous insecure out-of-system ones. · How can data availability be guaranteed over long periods of time? Encryption: · How can keys be securely created, managed and protected from mis-use? · Are there sufficiently top-class cryptographers on tap to implement new secure systems? Project: · Is it too ambitious for the resources? · Can it be staged to produce useful (and profitable) subsets more quickly? · Does it conflict with other similar developments? · Can it be managed in an insecure environment in a jurisdiction that is hostile to its purpose? steve