-----BEGIN PGP SIGNED MESSAGE----- I notice in these discussions of security on the web that the topic blurs back and forth between authentication and encryption. Particularly when discussing using MIME with security extensions to "secure" a document by pre-signing it, this form of security does not add privacy. It does provide a useful service by allowing you to verify authorship, but my interests are in using cryptography to protect privacy. I think it is useful to keep a clearer distinction between these. I notice that the people who come to this topic from an institutional point of view tend to be more interested in the authentication aspects. This seems to fit better into the control-oriented mindset. With authentication you can track what people are doing better; non-repudiable signatures could actually work in some ways against the signer. I think that may be one reason Phil Zimmermann is famous for not signing his messages. :-) But encryption can actually work against institutional interests (compared to individual ones) by making it harder to keep track of people's activities. I exchanged email on this with Vint Cerf during the PEM standardization process. I objected to the fact that with PEM you could not encrypt a message unless you signed it. Now of course you can always fake the signature if you need to but the principle seemed skewed to me. Cerf honestly could not understand why you would ever want to do this. What security could there be if the message were not signed, he wondered. To me the issues are separate. Encryption is used to make sure the message is seen by only those for whom it is intended, and signatures are used to verify the source of the message. The choice of which of these two transformations to apply should be up to the users. I don't speak for other cypherpunks, but my interests with regard to web security extensions would lie in the following areas. I want to be able to use the web and maintain my privacy. I don't want snoopers on the net or on my local machine to know which web sites I visit or what material I download. (This ties into the electronic cash issue - what use is "anonymous" cash if everyone can see where I'm spending it and what I'm buying?) I also want to be able to hide my identity from the web servers themselves, at least if this is mutually agreeable. If a server wants to accept only authenticated connections where it knows who the users are that it is serving, fine. But I want the options to be there. I want to be able to make payments to access and download information while protecting my privacy. I don't want to be put onto mailing lists or get my name into databases of people who like X without my permission. This implies a range of payment mechanisms including credit cards, digital checks, and digital cash. And it also requires the privacy and anonymity features above. I want these features to be a matter of mutual negotiation between client and server. The protocols should not build in veto power for either side over how much privacy the transaction includes (although either side may choose not to participate if mutually agreeable terms can't be worked out). And therefore these features should not be restricted to just a small fraction of transactions, where we drop into "secure mode" momentarily so I can send my credit card number. I want to be in secure mode all the time. This is IMO the standard cypherpunks wish list as applied to the WWW. But it does not seem to match up with either the commercial or institutional interests which are driving the standards process. I hope those CP's who are involved in these efforts can work to spotlight the need for individual privacy. We should give as much power, choice, and control as possible to the individual end-users of the web. Otherwise privacy is going to be very difficult to maintain in this world of electronic commerce. Hal Finney hfinney@shell.portal.com -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLu3dHRnMLJtOy9MBAQGZlwH+PYN4FahcHflm4XFPkaJE3h/QLY3lMZV5 BY4U7w7OwpVSTEUqDKd7SvjIg4tt14QI/DGGj0jyHbIS9lWew8U3rQ== =QbAD -----END PGP SIGNATURE-----