At 5:43 AM -0700 9/2/97, Robert Hettinga wrote:
At 12:42 am -0400 on 9/2/97, Tim May wrote:
Chaumian, identity-protecting technologies need to be deployed.
Frankly, I think Cypherpunks are getting off track with all the recent focus on "old" technologies (which I'll leave unspecified, as my point is not to attack certain pet projects).
The real stuff is going undone.
So, Tim, what should we all be working on, in particular?
OK, you asked. This isn't a comprehensive list. 1. Fully secure machine to machine connections for the Net, as in Gilmore's "SWAN" project. This makes the Net unsnoopable by the NSA and other TLAs, and makes encryption an automatic (at this level...individual users will of course still encrypt on top of this, as relying on others is never enough). 2. A usable form of Chaum's cash, a la Goldberg's or Schear's or Back's or whomever's implementation. An evolution of Magic Money, Hashcash, etc., using full strength algorithms. Backing can be decentralized. Less emphasis on deals with banks, more emphasis on guerilla deployment, a la PGP. (Initial uses may be for illegal things, which may be a good thing for deployment. Sex, for example, historically drives technologies like this. Thus, one might imagine combining blinded (no puns, please) cash with message pools to allow users to anonymously purchase JPEG images and have the resultant images placed in a pool for their later browsing. If done on a per image basis, for small amounts of digital cash, this could help users get their feet wet and gain familiarity. Integration into browsers would help.) 3. Distributed, decentralized data bases, a la Eternity, Blacknet, etc. My number one candidate: a commercial credit rating data base not bound by the U.S.' "Fair Credit Reporting Act." Let lenders and landlords find out the dirt on those who welshed on loans or who skipped out on leases, regardless of what the FCRA says. (This could technically be located today in any non-U.S. country, practically, but access by U.S. persons and corporations would have to be done circumspectly. A good use for blinded cash, of the _fully_ untraceable sort, e.g. payer- and payee-anonymous sort.) Ditto for ratings of doctors and lawyers. Some states in the U.S. are doing this, but under their strict state control. Why not laissez faire approaches, with user-inputted information? (I've written about this extensively. Cf. my Cyphernomicon, for example.) 4. Wider use of persisistent pseudonyms. Most of the "anonymous" posts we see are signed in cleartext with names like "TruthMonger," "BombMonger," etc., with little use of PGP sigs to ensure persistence. Spoofing is trivial. Checking sigs is up to the *end reader*, for example, to see that "Pr0duct Cipher" really is the same nym that's in the past posted as Pr0duct Cipher, but it might be useful for us to start really making more use of this sig checking, and even to maintain our own data base of nyms and their public keys, as a kind of demonstration testbed. 5. And so on. Cf. the archives, etc. for many, many things. What I meant be "the wrong stuff" is the recent focus on breaking simple ciphers that were known to be breakable 20 years ago...just a matter of applying the computons in the right way. All credit to Goldberg and all, but hardly accomplishing very interesting goals (helps Ian get a good job, that's certainly true). Maybe it'll cause slightly stronger crypto to be allowed for export...I don't really care too much about that. In fact, the whole focus on _exports_ and doing things to make exports easier is a _detour_, even a _derailment_. As I've said, I'll start worrying about Netscape getting a license when they start paying me. Until then, foreigners should just bypass what Netscape provides and use drop-ins. (In fact, monkeywrenching the status quo is better than helping Netscape and Microsoft get stronger crypto. For lots of obvious reasons.) My list above is not meant to be a "Strategic Plan." But clearly the Cypherpunks list has been slowly devolving into a gossip list, and a dumping ground for anonymous insults, drunken rambles, and a cheerleading group for predictable accomplishments and for corporate plans. (In particular, a large fraction of the Bay Area contingent now work(s) for various companies in crypto capacitites, even for crypto-focussed companies, and their edge, or at least their public utterance edge, has been dulled. One can speculate on some reasons. Too much talk about how to "help" PGP, Inc., for example, when PGP, Inc. is doing fairly ordinary crypto things and is in fact participating at some level in GAK talks. (I may get a nastygram from Phil on this, courtesy of helpful forwarders of my words to him...it's what I think.) Also, 95% of the crap about "digital commerce" is merely a distraction. The wrong direction, the wrong technology. Just "Visa on the Net," and hence of no real use for our sorts of goals. Worse, the wrong direction. I could rant on, but will spare you all. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."