-----BEGIN ??? SIGNED MESSAGE----- I want to apologize to Eric and Tim for intimating that their motives in exploring the possibility of closer ties to RSADSI were due to pressure from that company and its officers. I had apparently misinterpreted Eric's statements about the popularity of the Cypherpunks FTP directories to conclude that it was a major distribution site for PGP. I am glad to hear that Eric and Tim are not facing any immediate legal problems due to their support for this software. Turning to the issue under discussion, I do have a couple of other thoughts. First, I don't see that the interests of RSADSI are fully aligned with ours regarding Clipper. Despite PKP's success in accumulating patents, Clipper per se does not appear to infringe, being based on a new symmetric cryptosystem. So they don't have any direct leverage over the use of Clipper. Now, Clipper-based phones presumably need some way to exchange keys, and here PKP's patents are likely to be relevant. But I was under the impression that AT&T, at least, was already producing secure telephones. I don't see why whatever arrangements they made for key exchange under their previous technology would have to be changed with Clipper. In fact, Clipper in some ways represents a major market opportunity for PKP. To the extent that the publicity leads to increased sales of encrypting phones, PKP may benefit from the success of the Clipper. (The follow-on Capstone project does appear to pose a greater threat to PKP, since it will use DSS (for key exchange???).) Furthermore, in any future government prohibition on non-Clipper cryptography, our greatest nightmare, it is plausible that the government would "take care" of PKP by making sure that they get a nice piece of the pie. I could easily imagine a situation in which non-Clipper crypto is banned, Clipper is widely distributed, and PKP is doing very well financially with a slice of the profits from every sale. Even if Jim Bidzos were personally committed to widespread, strong, public cryptography, and opposed Clipper for fundamental philosophical reasons (just like us), he would be faced with a conflict of interest. As several people have pointed out here, Bidzos has a fiduciary responsibility to his shareholders to maximize profits for his twin companies. If it comes down to a choice between opposing Clipper on principle and accepting it along with guaranteed profits, he may be forced (in the same sense in which he is forced to send threats to Stanton McCandlish) to back Clipper. So, even if Bidzos is personally a nice guy I think we need to remember that his company may not be a natural ally of ours. One final point, for now. I like Tim's .sig and all it represents. But frankly, it is hard for me to square a commitment to radical change with the proposed alliance with PKP. Part of the trouble is that I still don't understand exactly what our relationship with RSADSI is proposed to become. But at a minimum it sounds like we would avoid supporting activities which would infringe on their patents. That means that when we want to start working on some of those things in Tim's .sig, we are in many cases going to have to get Jim Bidzos's permission. Can you imagine asking something like this: "Dear Jim: We request permission to use the RSA algorithm for an implementation of digital cash which we will distribute in an underground way among BBS's all over the world, with the goal being the support of "information markets, black markets, [and] smashing of governments" (to quote Tim's excellent .sig). "Please sign on the dotted line below. Yours truly, an anonymous Cypherpunk." Obviously there is no way Bidzos could give such approval. Even if he personally were a card-carrying member of the Anarchist Party he could not bear the legal liability that someone in his position would take if he granted this request. How, exactly, are we supposed to progress towards Crypto Anarchy if we have to be sure not to step on PKP's toes? Do we just not ask him for permission (in which case we are in PGP's boat)? Do we ask for permission without revealing the full scope of the project (in which case it may be rescinded later)? I am not being facetious here. I honestly don't see how you can carry out Cypherpunk activities with a corporate sponsor. I guess that's enough for now... Hal 74076.1041@compuserve.com -----BEGIN ??? SIGNATURE----- Version: 2.2 iQCVAgUBK+HUu6gTA69YIUw3AQF9hAP+K6HXxXxjpK2qmjtFmj6LnWFW10KG09P+ o09BpbCJsiXTulv85XEtDfTyqus+T9o2dp01xaJaj0T/En3nKPs7NjKlgNciLmhV 3gzAAuv3VedheUR4cLuZOKxk6MkcwywRB4T/PHPomJ411FeYHI1DgBxZEbpM25e0 Y5mk4vQP+oo= =zKde -----END ??? SIGNATURE-----