Forwarded message:

Date: Wed, 9 Dec 1998 07:33:32 -0500 From: Robert Hettinga <rah@shipwright.com> Subject: Re: Building crypto archives worldwide to foil US-built Berlin Walls

====

Q: Is it better for the providers of crypto resources to alarm/log accesses to their websites or not?

I'd strongly argue not; Team Despot will disguise itself and we are surveilled as we speak; Team Legion loses if it creates targets for harvesting.

====

From a security standpoint it is advised to log access and all resource use for about 4-5 days so you can get a sample big enough to look for under_the_radar_hacking. On the flip side you don't want to keep them longer than that because they could be used in an incriminating manner, whether an actual criminal act occured or not. I use the default buffer time (4 days) for my mail package as my ttl value. Once that time is past the files are bye bye.

If the security of the site is compromised then it's pretty worthless as an archive.

Q: Is coordinated integrity control (code signing) a Good Thing?

I'd weakly argue not;

Alternative argument;

====

The code shouldn't be signed by any of the archive sites, they shouldn't put their butts on the line. The code should be signed by the originators of same. This verifies that ALL the archive sites have the same package and not individualy modified ones. The archive sites should provide some sort of hash to verify successful transfers.

Q: Should requestors routinely avoid surveilled identification?

====

There isn't any way around this one. If the site is up and it's advertised and publicly accessible then expect to be identified. Either the owner of the domain/network resources you're using or your registration to the relevant domain name authorities will provide ample pointers. Of course there is the strategy of registering the domain for a year only and then each year register a new one. Then you could provide bogus address and owner information. This of course won't slow a packet sniffer down for long. Onion and CROWDS won't help here unless you're connected directly to the anonymizer. If you're that close they'll find you by following the wires.

it. If one of us goes off the air, step into their place.

You so glibly throw people away...it's better to fix a system such that there is a legal ramification (ie resistance) for the LEA's applying the pressure; a fight in court. Beside shutting the sites down another primary goal of LEA's is to keep the conflict off the evening news. There is ample evidence of LEA's dropping charges because the group made it known they were going to use their day in court as a platform for espousing their agenda. ____________________________________________________________________ If I can put in one word what has always infuriated me in any person, any group, any movement, or any nation, it is: bullying Howard Zinn The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------