At 5:58 AM 9/5/95, Sandy Sandfort wrote:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
C'punks,
This is not a crypto post, but those interested in threat models and counter-measures might want to read on.
This brings up an important issue. Sorry it is not written in C, or even TCL. I actually agree with a point the noted tentacle VZNuri ("visionary," obviously) wrote, namely, that people are getting entirely too apologetic (myself included, though most of my "apologies" have had an ironic edge to them) about posting things that are other than about coding in C, writing sockets for Windows, or breaking SSL. Folks, this list is about a _lot more_ than just some facet of writing software. It started as a wide-ranging list, with many topics, many interests. I don't think I need to try to list the topics, but they obviously include things such as legal issues, policy, PGP, remailers, digital money, money laundering, regulatory arbitrage, data havens, steganography, languages, frameworks, Unix utilities, and dozens of other related topics. We've covered hundreds of topics, and are probably the only such list on the planet that routinely considers the ramifications and ways of actually building the exciting ideas that the academics at the Crypto conferences discover and write about. (I can tell you that one of the main motivations we (Eric and I) had in starting the group was to take the academic abstractions, things like "bit commitment" and "dining cryptographers networks" and reify them into actual blocks of code, or running programs.) Some have argued that "Cypherpunks write code," which has been a short slogan making it clear that one of our main interests is in actually building and deploying these methods. This was a major goal in the spring of 1992 when Eric (Hughes, for any newcomers) and I spent time hashing out what is needed in crypto. As far as I'm concerned, we're on track. Remailers have advanced far beyond the early remailers, and that they exist at all is an accomplishment. The "theory" of remailers is immensely accelerated by having actual remailers in actual use to test theories against and to see real world behaviors. Likewise, message pools have been built. A working anonymous market (BlackNet, for example) has been instantiated, albeit not proliferated. Digital money in various forms (Magic Money, work with Chaum's DigiCash, etc.) has been used. Lots of other examples. PGP, hooks to mail programs (though a lot more are needed), key escrow considerations, etc. Of course, things have gone more slowly in some areas than in others. Digital money, and financial instruments in general, have proceeded in fits and starts. I suspect this indicates that things like money are not done lightly, and that many non-coding issues are intertwined in such a way as to make any "amateur" efforts problematic. But it's only through trying that the obstacles can be seen, so even our failures are useful. Is this "writing code" in all cases? Of course not. Not everything is coding. Planning and preparing is just as important. And consideration of threat models is part and parcel of writing code, else one will not know where to start writing code. Thus, for example, the hundreds of posts here on key escrow (and some of us anticipated Clipper six months before it was announced, allowing the Cypherpunks to hit the ground running as soon as it was announced) and GAK are useful in countering the arguments of those who have spent years planning such escrow (GAK) policies. What I'm getting at is that the "Cypherpunks write code" mantra does not mean that _only_ the few dozen folks actively writing C code can contribute. Indeed, many of the folks now writing code have _claimed_ that they were inspired to write some code in some area--remailers, digital cash, SSL challenges, whatever--by the discussions here on this list. Would they have been so inspired if all political, legal, and cultural discussions had been expunged, if only the arcania of programming and C were being discussed? After all, sci.crypt already exists, and even sci.crypt.research, so why should the Cypherpunks list even exist, as these groups are already ostensibly focussed on pure crypto issues. No, Cypherpunks is about more than just C programming, about more than just IETF issues, about more than just algorithms. I think it great that so much programming discussion occurs, that so much progress is being made. I just think some list.cops are going a bit overboard in their denunciations of "off-topic" posts, and their increasing shrillness in saying that anyone not out there writing Unix crypto programs should stop posting. Those who only want to read about "malloc" and "struct" are encouraged to use the filtering tools which they surely have access to and to stop telling us in shrill voices that posts are "off-topic." --Tim May ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."