On Tue, 11 Aug 1998, Vladimir Z. Nuri wrote:
MG: it's a question: do you imlement security top down, or bottom up? which is the top? the internet, or the computer?
it's very taoist-- I don't think there is a correct answer.
The answer depends very much on what your goals are.
I do think however that crypto *everywhere* over the internet is a major part of the solution. and yes, NSA is not fully responsible for the lack of it. the patent system & greed is involved in some of the deficiency. but the NSA is responsible for far more than most people realize. are you aware they regularly visit software companies developing crypto to squelch any innovation? basically, through bribes that they call "grants" or "purchase agreements"...
I am aware of the allegations, yes. I would not be surprised if they use this tactic. If I were in their position, and my job were to at least try to read every message sent by every foreign governments, especially those under crypto I suspect I would try very hard to limit the amount of strong crypto that these governments have. This may mean limiting the amount of crypto that the citizens of the U.S. have. So be it then. The NSA does not have the job of ensuring unbreakable kick-ass privacy and crypto to the public. Their job is to read the Other Guy's messages, and to make sure the Other Guy can't read Uncle Sam's messages. We speculate that they do both reasonably well. I am reminded of the cypherpunk's charter. We have to create privacy for ourselves. We can't expect others to not get in our way or to help us out. This is reality.
you're against commerce on the internet? what are you, a luddite? <g> seriously, I don't have much to say to you, if you oppose it. the internet is already the backbone of a new economy.
Then you have little to say to me. I do not see the wisdom in running commerce over a shit-box communication system like our internet is. The technology sucks. The protocols suck. The implementation of those protocols suck even more.
crypto will help secure it further.
This implies that it is not secure now, yes? Why the hell would you run commerce over something that you know is fundamentally flawed? It lacks wisdom.
Lets be factual: NSA doesn't regulate authentication technology and most of what we need to fix these problems is secure authentication, not confidentiality.
it's an artificial distinction. it's all crypto. standing in front of any of it is standing in front of all of it. the NSA doesn't lead, they block. get out of the way!!
Right. Whatever. So then I suspect that you support any jackass running around with a duffel full of C4 then, right? After all .. its all technology. Science is pure; technology is using science as a means to an end. That end defines whether or not we are talking about a psycho with a bunch of C4 or a responsible civil engineer preparing to take down a building in a controlled fashion. This is not to imply that crypto is like C4 .. it isn't .. however we must remember that while the mathematics of crypto are pure, we can use that basis for a variety of things. One of them is authentication the other is confidentiality. The FBI has no problems with the engineering having dynamite out on the street, but they will get really pissed if it is some average Joe. The NSA doesn't care about American's using strong crypto (presumably) and they don't care about foreigners using authentication technology. This 'artificial distinction' is a very real one.. it is the difference between a terrorist authenticating himself as a terrorist or keeping the fact that he is a terrorist (and his next target) a secret. I am not claiming that I think misuse of crypto is a legitimate reason to bottle it up, but one must be reasonable and look at it from NSA's perspective.
you say, a taxpayer of the US should consider himself "getting his money's worth" out of the NSA if the NSA can crack 2048 bit keys. well hee, hee. that's pretty funny. what if they find the bazillionth prime number? would you be getting your money's worth then too? it's the same technology, no?
If the NSA is so far ahead of the general public in mathematics, then yes.. considering that the NSA's job is to break crypto, we should feel that we are getting our money's worth. Now, whether or not we want to spend our money on that in the first place is a different story. Selling me a champion racehorse for $1 is a damn good deal, and it is worth the money.. but I don't have much use for a horse.
death to the NSA leeches!!! the US taxpayers have been submitting to government-originated *bloodletting* for too long
Then don't pay taxes. It is a rather simple fix. I don't like big government much myself, but I'll be damned if I am going to piss and moan and claim that it is the root of our evils. It isn't .. rather, our evils give birth to such monstrosities in the first place. Michael J. Graffam (mgraffam@mhv.net) http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc "Let your life be a counter-friction to stop the machine." Henry David Thoreau "Civil Disobedience"