Jon Callas wrote:
At 11:45 PM 10/15/97 +0100, Adam Back wrote:
Okay, Adam, I'll be civil here, but here's something I want to note:
You've ranted, raved, politicized, propagandized, given ad hominem attacks, and stated the opinion that anyone who disagrees with you is evil. You've sent flames to our internal development lists, which is at least impolite. Yet you say, "constructive criticism only." Sure. I'd like an apology from you, though. Deal?
Praise the Lord! The CypherPunks mailing list dialogue re: CMR/PGP is CypherPissing at its finest. As a cryptographer, I am pretty much a carpetbagging pretender, but, up to now, I have managed to fool quite a number of people into thinking that I may understand the issues involved in privacy, security and encryption. Now that the shit has seriously hit the fan, however, I find that I am completely clueless as to the true import of the latest developments which will decide the future of encryption. (And I suspect that I am not alone in this.) I believe that my philosophical viewpoints of encryption issues are valid in many ways (and probably irrelevant in other ways), but the current nadir point in encryption development is one in which there is no possibility of many of us making sound decisions as to what position we should ethically take, unless those who truly have a solid grounding in the underlying technology manage to accurately explain the issues involved to those of us who *don't* dream in algorithms. I am extremely pleased with Adam Back's in-your-face, "I'm from Missouri...show me!" attitude, since I think that this issue is important enough that no one should give an inch of ground until their philosophical opponents have given them valid cause for doing so. I am also pleased that Adam is honestly and openly asking for those who *can* 'show' him, to do so. I am also every bit as interested in hearing and learning from the position that Jon Callas is taking, based upon his own knowledge of what CMR/PGP is, and is not. I honestly do not care in the least whether Adam and Jon are 'both right', whether they are both 'half-right', or none of the above. What I *do* care about is that they both honestly state their case to the extent that I have enough information to make my own decision as to what future course of action I should take on these issues. My depth of concern in this matter springs from the following: I care...and I act. As a result, my actions have effects, for which I consider myself responsible. I truly believe that abortion results in the extinguishing/murder of a divine spark of human/spiritual life energy. Yet I risked my life and my freedom, helping my sister smuggle home-abortion literature into a predominantly Catholic country behind the Iron Curtain. Why? Because it is not up to me to make the decisions for *everyone*, and I do not believe that it is in the interest of humanity to have *two* spirits die because those who choose to do home abortions do not have access to information that will preserve their life. The 'Right To Life' faction will publish *their* statistics and opinions, as will the 'Pro Choice' faction, but I refuse to take the easy way out and convince myself that I can flip a coin to decide which faction will bear the responsibility for *my* own decision in the matter. The coming developments in information technology will undoubtably make George Orwell look like an optomist. We have to make our decisions without having the benefit of hindsight that history affords us. If Hitler had indeed only wanted 'Austria', then the concessions that world leaders of the time made might have proven to have saved many needless deaths. History has proven this to be wrong, but those of us who did not live through that time would have a difficult time divining who was 'honestly wrong' and who 'sold out.' How many guilty men should go free in order to guarantee that a single innocent man is not imprisoned? My answer: "More than one, less than a million." (ymmv)
Fair-warning. In my first missive, I talked about my own principles, and one of them is the "fair-warning" principle. It states that users should know what is going on. If you have a key that is used in this system, there is nothing in it that tells me that your company can read a message I send you. I see this as a flaw, and one that I consider to be a *very* big deal. Full disclosure is one of my hot buttons.
I could be wrong, *but*: With PGP 5.0, I found that if someone sent me a message that was encrypted to someone else, I would get a message telling me that I didn't have the proper key, but would not tell me who the message *was* encrypted to. I could drop into PGP 2.6.2 and get a message saying (paraphrased), "Encrypted to John Doe <jd@dev.null>, you don't have that key." (OK, *badly* paraphrased.) With PGP 2.6.2, I routinely used a bogus password in my first pass at decyphering messages, so that I could find out who all the message was encrypted to. It makes me nervous that one has to 'make a mistake' in order to get 'the rest of the story', rather than automatically be informed when a message is also encrypted to others. Also, as a 'teaser', I would like to announce to one and all that the quickly closing saga of 'InfoWar' will include an epilogue chapter titled, "I Broke PGP," written by myself. Believe it or not, I speak the truth, although not in a way that it direct and obvious. If you think I am bullshiting, then stop washing your asshole, starting today, because if you can show me I am wrong, I will kiss your ugly, hairy ass. Love and Kisses, TruthMangler