(I've taken the liberty of renaming Hal Finney's thread, mainly since I wasn't sure _what_ it was named...it arrived via the -request list and was missing some headers....) Hal Finney writes:
Headline: "Clipper Considered Harmful"
...so what else is new, huh?
But I was thinking specifically of Cypherpunks. Reading the article about the group in the Whole Earth Review, an article written before the advent of the Clipper proposal, reminded me of all the things we were working on before the Clipper forced them onto the back burner.
Anonymous mail, anonymous posting, steganography, digital cash, whistle- blowers, encryption itself - all the ingredients of Tim's "crypto anarchy" - in many of these areas it seemed we had a certain amount of momentum which has been lost. If "Cypherpunks write code", how much code has been written lately? Now it seems like our motto is changing to "Cypherpunks write letters", to their congressmen. ...stuff elided to save space....
I claim that our best response to the threat posed by Clipper is a hearty "screw you" and a rededication to the Cypherpunks goals. Let the powers that be know that we are not intimidated or cowed by their threats. We must continue to oppose Clipper, but at the same time we must make progress on the crypto privacy front. Otherwise our opponents are winning, regardless of the eventual political outcome.
I think Hal is right, though the Clipper controversy has generated a lot of new interest in crypto issues and perhaps even in this list. My guess would be that many of today's readers are on this list now because of the rude awakening Clipper gave them. Having said this, I agree that our real strength lies in technical areas (I'm referring to folks like Hal, Eric Hughes, Miron Cuperman, all the others who're writing C and Perl code, and all those running remailers and the like). The anti-Clipper work is related, but probably isn't the core...fortunately, I doubt there's any conflict, as people will work on what interests them, so the Clipper stuff probably isn't affecting work on other core issues. Maybe at the next Cypherpunks physical meeting we can get some idea of what others are doing? For example, perhaps Hal Finney could communicate by phone for a few minutes? (We did this with the Boston and D.C. Cypherpunks at the emergency Clipper meeting and it worked well.) Others could also call in, or vice versa. Things like digital money will require a lot of effort, probably two or three times what PGP took (just a guess). Wide deployment is even more problematic. These are "social" issues, not just technical issues, of course, so progress is hard to predict. It may take a while. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it.
If "Cypherpunks write code", how much code has been written lately?
this is not a major hack, but a fun one. i've never been big on the details of pgp's trust model, with "trusted", "sort of trusted", etc. the keys i trust most are those i have signed. by extension, what i want to know is the "signature distance" of a given key. so here's my hack, a shell script that uses pgp and pathalias to compute signature distance. here's a sample: reno:; ./pgpwho hughes@soda honey peter honeyman <honey@citi.umich.edu> Phil Karn <karn@qualcomm.com> Tom Jennings <tomj@fido.wps.com> Eric Hughes <hughes@soda.berkeley.edu> actually, it's much more verbose than that, but that will change. so far, i find the script useful. here it is. peter =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= #!/bin/sh # usage: pgpwho [ who [ me ] ] # @(#)pgpwho 1.1 93/05/31 # public domain. send comments to honey@citi.umich.edu. case $# in 0) argwho= arglocal=;; 1) argwho=$1 arglocal=;; 2) arglocal=$2 if [ "$1" != "-" ]; then argwho=$1 else argwho= fi;; *) echo usage: pgpwho [ who [ me ] ] exit 1;; esac find kvv pain reach -size 0 -exec rm -f '{}' ';' >/dev/null 2>&1 if [ ! -r kvv ]; then kvv= else kvv=`find kvv -newer $PGPPATH/pubring.pgp -print` fi case "$kvv" in kvv) echo "kvv is up to date";; *) echo "dumping keys (pgp -kvv) ..." pgp -kvv > kvv;; esac if [ ! -r pain ]; then pain= else pain=`find pain -newer kvv -print` fi case "$pain" in pain) echo "pain is up to date";; *) echo "massaging kvv into pain (pathalias input) ..." cat kvv | awk ' $1 == "pub" { num = split($2, bitskeyid, "/"); if (num != 2) { print "???", $0 next; } nkeys++; keyid = bitskeyid[2] user = ""; for (j = 4; j <= NF; j++) user = user " " $j userid[keyid] = user; } $1 == "sig" { if ($2 != keyid) print $2, keyid, "(1)" } END { for (i in userid) print "#", i, userid[i]; } ' > pain;; esac while :; do if [ -z "$arglocal" ]; then echo -n "what is your pgp id? " read arglocal fi grep -i "^pub.*$arglocal" kvv | tee tmp case `wc -l < tmp|sed 's/ //g'` in 0) echo $arglocal not found, try again;; 1) break;; *) echo too many matches for id $arglocal, please narrow it down;; esac arglocal= done local=`awk '{print $2}' tmp | sed 's/.*\///'` while :; do if [ -z "$argwho" ]; then echo -n "who? " read argwho fi grep -i "^pub.*$argwho" kvv | tee tmp case `wc -l < tmp|sed 's/ //g'` in 0) echo $argwho not found, try again;; 1) break;; *) echo too many matches for $argwho, please narrow it down;; esac argwho= done who=`grep "^pub" tmp | awk '{print $2}' | sed 's/.*\///'` if [ ! -r reach ]; then reach= else reach=`find reach -newer pain -print` fi case "$reach" in reach) echo "reach is up to date";; *) echo "running pathalias ..." pathalias -l $local -c pain 2>xxx-errs | tee xxx | awk '$1 < 10000 {print}' > reach;; esac echo "searching for $who ..." grep " $who " reach | sed -e 's/.* //' -e 's/%s//' -e 's/!/ /g' > tmp case `wc -l < tmp|sed 's/ //g'` in 0) echo no signature path to $who exit 1;; 1) ;; *) echo weird error exit -1;; esac set `cat tmp` grep "^# $local" pain | sed -e 's/..........//' for i in $*; do grep "^# $i" pain | sed -e 's/..........//' done rm -f tmp exit
The anti-Clipper work is related, but probably isn't the core...fortunately, I doubt there's any conflict, as people will work on what interests them, so the Clipper stuff probably isn't affecting work on other core issues.
We are trying to build a sandbox, and the government is trying to restrict the use of sand. My apologies to non-US readers for the diatribe on US politics. Unfortunately, if the US restricts cryptography, others are likely to follow, either by coercion or by example. I had dinner last night with, among others, John Gilmore and John Barlow, who have just been to DC with the rest of the EFF Board to talk to politicos. Without being too specific (I leave it to those who were there to decide the propriety of the details), but several things became clear. 1. Clinton has signed onto Clipper full-bore 100%. Bush started it, but Clinton, the ever-moderate, has told the eavesdropping community that he can take their side on some issues. 2. They're going to deploy Clipper without regard to public sentiment. That means that to be influenced by public sentiment, it is going to have to be huge. Educational efforts are going to have to be large. 3. Our government is looking at the "example of other governments" to justify that restrictions on cryptography are not beyond the pale. This is serious, make no mistake. If, as in the White House statement as reprinted in the Post, the government does restrict everything to be Clipper, all anonymity and pseudonymity efforts are worthless. That said, I also urge those who are writing code to continue. To those of you not writing code, however, I say start talking to your friends and neighbors and communities and newspapers. Now. Eric
participants (3)
-
Eric Hughes -
peter honeyman -
tcmay@netcom.com