From: "Frank O'Dwyer" <fod@brd.ie>
However, what if there was a safe scripting language with bignum arithmetic and other cryptographic primitives, and what if lots of people ran a service that would accept scripts in that language and respond with the answer? Say, a Safe-TCL interface to Peter Gutmann's cryptlib, running at idle priority? Sort of like a distributed batch queue, and also a bit like the way jobs are (were?) submitted to Crays. The Cypherpunks Super Computer. It need not be significantly slower than raw code if the primitives are high level enough.
A few years ago I coded up a TCL interface to Pr0duct Cypher's PGPTOOLS library. It did bignum arithmetic from the command line, and also let you use MD5 and IDEA on files and buffers. Unfortunately I had a major disk crash and was never able to recover my last version, and I never got back to it. Safe-TCL has never gotten the scrutiny of Java, but IMO if it ever does it will be found to suffer from its own flaws. At this point I think Java is farther along the path to safety. I do like the idea of a widely available, installed, crypto-capable scripting language. This would be an ideal basis for trying out new crypto protocols and algorithms, without having to write a whole program from scratch. We have been talking about setting up DC nets for years, for example. The concept is so simple as to be almost trivial. But the infrastructure is the hard part - dealing with the I/O issues, the multiple architectures, all the configuration issues. I suspect that Java, when it gets its security API, may be a good candidate for this kind of system. It's already got high level socket I/O, and with a bignum package and some basic crypto primitives like one way functions, you could do a lot with it. You still have the problem of trading off safety for utility, though. Hal