Ed Carp writes: ...
The problem is, unless you're very careful about distributions and such, you can easily clog the net with zillions of public-key-encryptions to alt.security.pgp.messages <grin>. But then again, I suppose it's not any more traffic than alt.sex.pictures.erotica.* generates. :)
It would be trivial to write a script to be put in your .login to automatically skim that newsgroup for anything encrypted with your public key. Hmmm...
Yes, Ed is right. Easy to spot messages intended for you. And the volumes involved in this "crypto classfieds" are not unreasonable. Several comments: 1. As Ed points out, not such a large volume compared to the GIFs and JPEGs (and now even MPEGs) being posted. A "classifed ad" is small for what it carries (in terms of commercial information). That is, all the ads we could write as individuals in a year would be less than a single large JPEG image. And of course the ads could be packed in the bits of such images, but I digress. And as Hal Finney notes, steganography is not the main issue. Ironically, though, these "crypto classifieds" represent a kind of steganography, in that the authorities may _suspect_ the meaningless bits are related to tax evasion, or solicitation of murders (untraceable!), or sales of Stealth bomber plans, but they can't prove this. The cyphertext could just as easily be love letters, encrypted notes to lawyers (attorney-client privilege), psychiatric records (the law now requires due diligence in keeping them secure, so encryption is increasing here), or the "digital confessionals" of networked churches! (These "legal covers" for crypto will be _very_ hard to stop, even if the Administration wants to ban strong crypto. Telling a priest or a lawyer that his communications with his client must be wire-tappable will not go over well, and may be ipso facto thrown out.) 2. By analogy with publishing real classified ads in real newspapers, imagine a "pool" site, reachable by ftp, that could contain gigabytes of such encrypted "junk." (Incrimination of those who use such a site can be eliminated by having it used for all kinds of things, and encouraging everyone who retrieves something that's actually of interest to them to randomly take a bunch of other stuff. This could be cumbersome, I'll grant you.) (Probably easier to just use UseNet, unless and until the volumes get really large. When we last discussed this in a major way, probably around last November or so, Miron Cuperman proposed "pools" that people would subscribe to, automatically getting _all_ messages sent to the pool. Incrimination is avoided, as above. However, using idle UseNet groups ("alt.fan.chaum"?) will work just about as well, modulo some concerns that who reads what newsgroups is theoretically observable.) 3. Satellite distribution, as with all kinds of feeds. (These various alternative distribution systems--satellite, pool, newsgroup, ftp site--are all just variations on the idea that nobody knows who's reading what ads in a newspaper-type system, a batched transmission system.) 4. How does the target of a message know where to look? Must he scan through all messages? Obviously not, as many indexing schemes can be used which do not compromise the security. For example, he may know that messages he can read will start with "BARTER FOR SOFTWARE." The sender's security is still maintained (remailers) and so is the recipient's (he takes many messages, or downloads a large chunk of them to his local machine, where he can extract the message meant for him). (And the messages may also be apparently meaningless junk, readable only to the intended recipient. So that he won't have to decrypt each and every message to see which ones he can open--and he may have multiple transactions in the pipeline, all with their own unique keys to use!--there can be simple headers which are very quickly decrypted Or the two communicants, once a channel is established, can agree to put keywords in their messages, outside the cypertext. Again, this is exactly what those communicating with newspaper ads do: they use codes.) Enough for now. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it.