Re: propose: `cypherpunks license' (Re: Wanted: Twofish source code)
Frank O'Dwyer writes:
Agreed. For example, having SSLeay (say) used in some proprietary program or other would achieve very little in the way of "cypherpunk goals" (unless perhaps the company voluntarily published improvements and bug fixes for SSLeay).
Excuse me? What exactly to you think the "cypherpunk goals" are? It seems to me that promoting the adoption of strong crypto by everyone is high on the list and when we say "everyone" we mean to include the vast majority of users who are using propriatary and closed-source programs. That means that if a proprietary program uses SSLeay or any other crypto library to give the program strong crypto then the "cypherpunk goals" are being achienved. I don't give a damn whether the application is "free" or not, I care whether or not it provides users with good security and privacy. The relative freedom of the program (regardless of who is defining the word freedom) is incidental to the matter. If Microsoft came out with a statement that they were going to use SSLeay to provide all users (foreign and domestic) with strong crypto at all levels of the OS I am quite certain that Eric would be quite happy with this outcome even though no source would be shared and no improvements or bug fixes would come back from Redmond. jim
Jim McCoy wrote:
Frank O'Dwyer writes:
Agreed. For example, having SSLeay (say) used in some proprietary program or other would achieve very little in the way of "cypherpunk goals" (unless perhaps the company voluntarily published improvements and bug fixes for SSLeay).
Excuse me? What exactly to you think the "cypherpunk goals" are? It seems to me that promoting the adoption of strong crypto by everyone is high on the list and when we say "everyone" we mean to include the vast majority of users who are using propriatary and closed-source programs. That means that if a proprietary program uses SSLeay or any other crypto library to give the program strong crypto then the "cypherpunk goals" are being achienved.
No, it doesn't, because no crypto library gives any application "strong crypto". It has to be used correctly and appropriately for one thing. For another, it needs to be free of back doors, whether intentionally placed there or otherwise. In the long run, full disclosure of source code provides the best assurance that this is so.
I don't give a damn whether the application is "free" or not, I care whether or not it provides users with good security and privacy.
As the original poster commented, those two agendas may have more in common than you might think.
The relative freedom of the program (regardless of who is defining the word freedom) is incidental to the matter. If Microsoft came out with a statement that they were going to use SSLeay to provide all users (foreign and domestic) with strong crypto [...]
Microsoft is a good case in point; they are already using strong crypto, yet as far as I can tell they have yet to produce a secure OS or a secure product of any kind. Cheers, Frank O'Dwyer.
[Coderpunks distribution removed]. On Wed, 7 Oct 1998, Frank O'Dwyer wrote:
No, it doesn't, because no crypto library gives any application "strong crypto". It has to be used correctly and appropriately for one thing. For another, it needs to be free of back doors, whether intentionally placed there or otherwise. In the long run, full disclosure of source code provides the best assurance that this is so.
Of course source availablility aids greatly in evaluating the overall security of software. However, Jim was correct in pointing out that /requirin/g source availability of products by licensing restrictions employed in crypto component freeware is counterproductive. May companies will not be able to source contaminated by GNU-style licensing restrictions. Consequently, alternatives would be found. Some of those alternatives, include using no crypto at all or using crypto written by somebody that does not understand crytography. Hardly the outcome a Cypherpunk would desire. We should all thank Eric for making SSLeay available under a BSD-style license. The world probably would have half as many internationally available strong cryptographic products had Eric used GPL. The bottom line is that GNU-licensing is more restrictive than BSD/SSLeay-style licensing. Hence identical freeware will see less deployment under GNU than under BSD. Cyphpunks believe that more strong crypto is better. The conclusion in the GNU vs. BSD/SSLeay/etc. license debate should be clear. -- Lucky Green mailto:shamrock@netcom.com PGP encrypted mail preferred
Lucky Green wrote:
[Coderpunks distribution removed]. On Wed, 7 Oct 1998, Frank O'Dwyer wrote:
No, it doesn't, because no crypto library gives any application "strong crypto". It has to be used correctly and appropriately for one thing. For another, it needs to be free of back doors, whether intentionally placed there or otherwise. In the long run, full disclosure of source code provides the best assurance that this is so.
Of course source availablility aids greatly in evaluating the overall security of software. However, Jim was correct in pointing out that /requirin/g source availability of products by licensing restrictions employed in crypto component freeware is counterproductive. May companies will not be able to source contaminated by GNU-style licensing restrictions.
[I agree with this point re GPL - hopefully that was clear from the rest of what I wrote.] [...]
We should all thank Eric for making SSLeay available under a BSD-style license. The world probably would have half as many internationally available strong cryptographic products had Eric used GPL.
I also agree that BSD licencing is better for SSLeay, and crypto components in general, than GPL (false dichotomy, btw--there are other licences). My interest in this issue is not so much in crypto components, but in licensing of open-source "product quality" standalone applications that employ crypto, since I am trying to write one. I think the issues for such programs may be different than for components. None of the freeware licences seem ideal to me, but the MozPL seems like a good compromise between GPL and BSD-style. (The main sticking point for me is that it states that disputes regarding the licence should be resolved in the States.) But I think that BSD/'X' might be overly liberal for a self-contained program, and GPL has the usual issues for any useful components that might be in the program. Having said that I do question whether take-up of free crypto components by commercial companies genuinely results in "strong cryptographic products". I'm not meaning to denigrate Eric's work in any way, but in my experience the likes of SSLeay is very often shovelled into products by companies who don't understand crypto, don't understand SSL, and barely understand SSLeay. Even those who do understand what they are doing are typically working "on Internet time". Certainly merely linking to SSLeay does NOT result in a "strong cryptographic product", not by any stretch of the imagination.
The bottom line is that GNU-licensing is more restrictive than BSD/SSLeay-style licensing. Hence identical freeware will see less deployment under GNU than under BSD.
Cyphpunks believe that more strong crypto is better.
Well then, "Cypherpunks write code". Wide deployment of crypto components in closed-source programs (especially by cluebags) is neither necessary nor sufficient to achieve "more strong crypto" in the sense that Cypherpunks mean it, in my opinion. (Yes, it's better than nothing, but not much better.)
The conclusion in the GNU vs. BSD/SSLeay/etc. license debate should be clear.
Well, it clearly isn't, as evidenced by the large number of fairly bright people arguing about it. :) Cheers, Frank O'Dwyer.
Mr Johnny Come Lately writes:
Having said that I do question whether take-up of free crypto components by commercial companies genuinely results in "strong cryptographic products". I'm not meaning to denigrate Eric's work in any way, but in my experience the likes of SSLeay is very often shovelled into products by companies who don't understand crypto, don't understand SSL, and barely understand SSLeay. Even those who do understand what they are doing are typically working "on Internet time". Certainly merely linking to SSLeay does NOT result in a "strong cryptographic product", not by any stretch of the imagination.
Let me clue you in here: you are talking to the Caped Green one, who currently is working for C2Net, which just happens to be selling Stronghold, a commercial version of Apache, which is the most widely used secure web server in the world. Guess what: Apache uses SSLeay, and Stronghold also inherits this. I would also rate the folks at C2Net as pretty crypto clueful, btw. 2nd hint: C2Net is currently employing Eric Young also, and Eric's SSLeay still has the same license.
The bottom line is that GNU-licensing is more restrictive than BSD/SSLeay-style licensing. Hence identical freeware will see less deployment under GNU than under BSD.
Cyphpunks believe that more strong crypto is better.
Well then, "Cypherpunks write code". Wide deployment of crypto components in closed-source programs (especially by cluebags) is neither necessary nor sufficient to achieve "more strong crypto" in the sense that Cypherpunks mean it, in my opinion. (Yes, it's better than nothing, but not much better.)
What sense do cypherpunks mean strong crypto in then? Perhaps you could educate us? They mean lots of crypto out there firstly, so that the when the government tries the next GAK initiative the government has less chance of pushing it through, as more people know what crypto is, and understand how outrageous mandatory domestic GAK is. Secondly they mean strong crypto, as in full key strengths, and no flaws. But mainly their interest in deploying strong crypto by whatever means available (commercial, freeware, or whatever) for a purpose: to undermine the power of the state, to allow people to go about the business unhindered by the state. Cypherpunks also get involved in breaking crypto, and this is usually enough to get massively commercially deployed strong crypto with unintentional flaws converted quickly into massively deployed crypto without the flaws. eg. Netscape's random number generator weakness, which netscape fixed immediately.
The conclusion in the GNU vs. BSD/SSLeay/etc. license debate should be clear.
Well, it clearly isn't, as evidenced by the large number of fairly bright people arguing about it. :)
It's clear to pretty much all the cypherpunks I've seen contribute to the thread, Eric, Perry, Adam Shostack, Jim McCoy, Bruce Schneier. Probably there were some others who contributed to the thread also. You don't get it, but then have you ever written any crypto code with the objective of undermining the power of the state? Is this your aim in writing your open source application code that you name dropped? This is what I meant by my short rant about coderpunks detracting from the cypherpunk objective: siphons off 'punks from cypherpunks into a crypto-politically neutral environment. Then it gets increasingly more crypto-politically neutral subscribers, and anyone reminding or commenting that the original aim of the game was to distribute strong crypto to undermine the state, gets told by the local retro moderators that political stuff isn't welcome. Try reading the cyphernomicon (*), if you haven't. Adam (*) http://www.oberlin.edu/~brchkind/cyphernomicon/
Adam Back wrote:
Mr Johnny Come Lately writes:
Adam, in future please spare me your warrantless insults. Thanks.
Having said that I do question whether take-up of free crypto components by commercial companies genuinely results in "strong cryptographic products". I'm not meaning to denigrate Eric's work in any way, but in my experience the likes of SSLeay is very often shovelled into products by companies who don't understand crypto, don't understand SSL, and barely understand SSLeay. Even those who do understand what they are doing are typically working "on Internet time". Certainly merely linking to SSLeay does NOT result in a "strong cryptographic product", not by any stretch of the imagination.
Let me clue you in here: you are talking to the Caped Green one, who currently is working for C2Net, which just happens to be selling Stronghold, a commercial version of Apache, which is the most widely used secure web server in the world. Guess what: Apache uses SSLeay, and Stronghold also inherits this.
I'm familiar with C2Net. If Stronghold is any good, that is because C2net and/or the Apache team know what they are doing, not just because they picked up a free SSL library on the net. It's easy to build insecure products on good crypto, and many other companies are busy doing just that. In fact, it's funny that you tout a "secure web server" as "strong crypto" since in that context SSL is usually vulnerable to being end-run by web spoofing. Oops. Oh well, it uses strong crypto, so it must be good.
The bottom line is that GNU-licensing is more restrictive than BSD/SSLeay-style licensing. Hence identical freeware will see less deployment under GNU than under BSD.
Cyphpunks believe that more strong crypto is better.
Well then, "Cypherpunks write code". Wide deployment of crypto components in closed-source programs (especially by cluebags) is neither necessary nor sufficient to achieve "more strong crypto" in the sense that Cypherpunks mean it, in my opinion. (Yes, it's better than nothing, but not much better.)
What sense do cypherpunks mean strong crypto in then? Perhaps you could educate us?
They mean lots of crypto out there firstly, so that the when the government tries the next GAK initiative the government has less chance of pushing it through, as more people know what crypto is, and understand how outrageous mandatory domestic GAK is. Secondly they mean strong crypto, as in full key strengths, and no flaws. But mainly their interest in deploying strong crypto by whatever means available (commercial, freeware, or whatever) for a purpose: to undermine the power of the state, to allow people to go about the business unhindered by the state.
Then I guess you agree that closed-source deployment is neither necessary nor sufficient to achieve "strong crypto". Not really sure why you're arguing in that case.
Cypherpunks also get involved in breaking crypto, and this is usually enough to get massively commercially deployed strong crypto with unintentional flaws converted quickly into massively deployed crypto without the flaws. eg. Netscape's random number generator weakness, which netscape fixed immediately.
That's condescending and irrelevant. Did anyone ever fix web spoofing?
The conclusion in the GNU vs. BSD/SSLeay/etc. license debate should be clear.
Well, it clearly isn't, as evidenced by the large number of fairly bright people arguing about it. :)
It's clear to pretty much all the cypherpunks I've seen contribute to the thread, Eric, Perry, Adam Shostack, Jim McCoy, Bruce Schneier. Probably there were some others who contributed to the thread also.
You don't get it, but then have you ever written any crypto code with the objective of undermining the power of the state? Is this your aim in writing your open source application code that you name dropped?
Yes, and yes. (I don't think you understand the term "name dropped" btw. But given the name-dropping and appeal-to-authority tone of your whole post, I wonder if you understand the term "irony"). Cheers, Frank O'Dwyer.
At 4:12 AM -0800 10/8/98, Frank O'Dwyer wrote:
Lucky Green wrote:
The conclusion in the GNU vs. BSD/SSLeay/etc. license debate should be clear.
Well, it clearly isn't, as evidenced by the large number of fairly bright people arguing about it. :)
In the case of Open E http://www.erights.org, the choice came down to which license Electric Communities was comfortable with. We ended up with a Mozilla style license. ------------------------------------------------------------------------- Bill Frantz | If hate must be my prison | Periwinkle -- Consulting (408)356-8506 | lock, then love must be | 16345 Englewood Ave. frantz@netcom.com | the key. - Phil Ochs | Los Gatos, CA 95032, USA
Frank O'Dwyer writes:
I'm familiar with C2Net. If Stronghold is any good, that is because C2net and/or the Apache team know what they are doing, not just because they picked up a free SSL library on the net. It's easy to build insecure products on good crypto, and many other companies are busy doing just that.
Perry recently posted a summary of his views on the appropriateness of GPL vs BSD vs other licenses for achieving various aims, "free software" under the GNU meaning, vs crypto software deployment. I found Perrys summary to be the clearest on the topic so far. You appear to be arguing with another aim in mind. You seem to be arguing that the primary goal should be to have best security, from the outset. ie one gets the impression from reading your previous two posts that you consider ultimate security more important than deployment. If this is what you are saying, I disagree. As I argued further down, I think cypherpunk type goals are better met my getting people to deploy first, then if they bodge it to encourage them to fix it, and I gave the example of the Netscape RNG weakness which was very quicly fixed once it was found:
Cypherpunks also get involved in breaking crypto, and this is usually enough to get massively commercially deployed strong crypto with unintentional flaws converted quickly into massively deployed crypto without the flaws. eg. Netscape's random number generator weakness, which netscape fixed immediately.
That's condescending and irrelevant. Did anyone ever fix web spoofing?
Which is not in the least condescending or irrelevant as it gives an example showing that having what turns out to be less than perfect security can be fairly quickly remedied. And security is hard, even competent people make mistakes. The important thing is to admit and quickly fix such mistakes. I've taken your comments on web spoofing to another post.
Then I guess you agree that closed-source deployment is neither necessary nor sufficient to achieve "strong crypto". Not really sure why you're arguing in that case.
I don't think anyone suggesed that closed source deployment was in anyway better than open source, and obviously open source is better for verifying the quality of crypto software. However, as was previously suggested, if deployment is the goal, and if one uses for example a GNU license it tends to discourage commercial (typically closed source) deployers, and as Lucky said: : Many companies will not be able to source contaminated by GNU-style : licensing restrictions. Consequently, alternatives would be : found. Some of those alternatives, include using no crypto at all or : using crypto written by somebody that does not understand : crytography. Hardly the outcome a Cypherpunk would desire. And I think at this stage something is vastly better than nothing.
You don't get it, but then have you ever written any crypto code with the objective of undermining the power of the state? Is this your aim in writing your open source application code that you name dropped?
Yes, and yes.
Cool, what application area are these in? Got a URL?
(I don't think you understand the term "name dropped" btw.
Just a comment on the Rick Smith (of Secure Computing) syndrome (read crytopgraphy list you'll know about the book he wrote, because every other post he makes involves it). Perhaps not appropriate in your case, but if people mention software, it is nice to know some details: why should we be interested in your software etc.
But given the name-dropping and appeal-to-authority tone of your whole post, I wonder if you understand the term "irony").
Irony? Your post was intended to be ironic? What is ironic about
arguing that first cut security is more important than deployment?
This is cypherpunks, people tend to speak their mind, and usually
aren't too delicate about it -- welcome to the cypherpunks list.
Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0
Frank O'Dwyer writes:
In fact, it's funny that you tout a "secure web server" as "strong crypto" since in that context SSL is usually vulnerable to being end-run by web spoofing. Oops. Oh well, it uses strong crypto, so it must be good.
As to your web spoofing comments, (which I just read, see:
http://www.brd.ie/papers/sslpaper/sslpaper.html
) this is a specific instance of the mapping problem, ie. how do you
know that the web page you ended up at belongs to the company you
heard about, or found by a web search or hypertext link on someones
page. The hierarchical CA model says that you believe it is so
because the CA tells you it is so.
(Franks comment on the (in)security of following an unsecured
hypertext link was that the unsecured hypertext reference could be
modified in an active attack to point to their own (secured) page, and
then accept your payment instead of the company you intended to buy
from).
Netscape 4 behaves in the following way, depending on the situation.
1) the site is using a cert signed by a CA the browser does not
recognise
In this case it shows you through a nice series of dialog box (in
microsofts wizard style), which is quite useful in explaining the
issues.
2) the site is using a cert signed by a CA the browser does recognise
In this case the browser does one of two things depending on whether
you are currently viewing a secure page, or not:
a) from insecure page shows dialog box telling you you are visiting a
secured page, and to click security for more info (clicking security
will show you the cert content, company name, CA details).
b) from secure page shows _nothing_, just goes right into the page
without further comment! (default setup, freshly installed netscape
4.04 / linux).
(I tried this going from c2net, then typing in cypherpunks.to (Lucky's
site)), if you do click on security button you then get the cert info
again.
www.cypherpunks.to
Cypherpunks Jihad
Cypherpunks Tonga
Cyberspace, none, TO
Part b) I view as a problem because it doesn't even by default show
you anything. They could at least present the click through. They
seem to be treating the secure / insecure as a binary state.
Could someone verify this in later revisions of netscape?
The basic problem though is that even if you do the `nagging dialog
box' click throughs with option to disable, chances are most people
will disable them, because they will get annoyed.
The simplest way to reduce this risk would be for a company to secure
all of it's web pages. But this isn't going to do that much, because
people often don't know the web page URL. (Frank notes all this).
Also spoofed company names which look similar to companies in real
life also are possible, for example there was a case of a BT Telekom
or something trying to spoof customers into parting with their money.
This is a problem with gullible consumers.
But if people started from print media advertisement, and typed in the
URL and the URL was signed by a CA then they are at least as secure as
the non-net situation.
In general though, I think there is a solution to this problem:
encrypt all the pages.
The other hard problem is now that you know you are visiting the web
page of FooBar Inc, as attested by Thawte (or whoever), how do you
know that FooBar won't take your money and run. This is a general
reputation question, with the normal solutions. If it's an expensive
item, you perhaps check them out, ask around for others experiences,
check with any reputation ratings services (trade groups, etc).
Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0
Adam Back wrote:
You seem to be arguing that the primary goal should be to have best security, from the outset. ie one gets the impression from reading your previous two posts that you consider ultimate security more important than deployment. If this is what you are saying, I disagree.
No, I am arguing that if deployment of privacy is your goal, then you need _some_ base level of security before you've really deployed privacy. Deploying crypto is not the same thing. I do agree that it's important to get stuff "out there" in whatever form (partly to get it fixed, but mainly so it can't be shut down). I just think the closed source route is a dead end. I also think that the free crypto libraries exist, and now it would be nice to see free crypto applications. By that I mean turnkey stuff with Windows installation programs and GUIs that normal people can use--and *source* (turnkey for developers too). Make it easy to have privacy, basically. [...]
if people mention software, it is nice to know some details: why should we be interested in your software etc.
Well, it's early days (I am just designing and prototyping now), but my goal is to make a decentralised secure messaging client that ordinary ISP users can use without any special resources. Something like icq, but with crypto and without any central server, the intention being that it would be easier to set up and harder to filter or shut down. I have in mind an abstract messaging service that can be extended to use whatever channel or drop-point happens to be available (e.g. irc, direct sockets, email, remailers, ftp, usenet, intermediaries, icq). So for example you could use irc just to rendezvous with someone (or meet them in the first place), then use diffie-hellman to establish a private channel for a real-time chat, then subsequently use an ftp site or a newsgroup to exchange offline messages. The challenge is to make this easy. It's something I want for myself, but I figure with the addition of a nice GUI and an installer etc., it could be of wider interest. (And no, I have no idea when I'll have some code to show, but I guess now I've mentioned it I better finish it :) Cheers, Frank O'Dwyer.
Frank writes:
I do agree that it's important to get stuff "out there" in whatever form (partly to get it fixed, but mainly so it can't be shut down).
Yup, so it can't be shut down is what I was getting at.
need _some_ base level of security before you've really deployed privacy. Deploying crypto is not the same thing.
Well if you personally have any influence over the design or code, make it as secure as you can, forward secrecy, generous key sizes, decentralised design, source code included etc. I'd take that as a given. But I think a company slotting crypto into a product, or re-selling a crypto application (like say Stronghold) is useful too, and doesn't conflict with the first aim. I don't think anyone is proposing not distribute code, rather just noting that encouraging companies to include crypto in their applications where they would not otherwise do so all helps. And in general a free-er license means more people will use the code.
I also think that the free crypto libraries exist, and now it would be nice to see free crypto applications. By that I mean turnkey stuff with Windows installation programs and GUIs that normal people can use--and *source* (turnkey for developers too). Make it easy to have privacy, basically.
This is all important, I agree. Many cypherpunks type coding efforts end up being usuable only by unix hackers, or whatever. eg Magic Money by pr0duct cypher. As I think someone noted recently this tends to happen because the fun part to the coder is implementing the crypto part and getting it working. After that GUIs and stuff is boring slog, so tends to not get done.
if people mention software, it is nice to know some details: why should we be interested in your software etc.
Well, it's early days (I am just designing and prototyping now), but my goal is to make a decentralised secure messaging client that ordinary ISP users can use without any special resources. Something like icq, but with crypto and without any central server, the intention being that it would be easier to set up and harder to filter or shut down.
OK, I take it back... you are a cypherpunk after all :-) Some people are working on this, I seem to be getting Cc'd on their discussions, which included lately a reasonably detailed spec. Perhaps you could merge projects. Adam
The SSLeay license is not a BSD-style license. The BSD license is not a typical non-copyleft free license; it has a particular problem. For an explanation, see http://www.gnu.org/philosophy/bsd.html. If you want to release a program as non-copylefted free software, please use the X11 license, not the BSD license. The X11 license is the best of these licenses.
participants (6)
-
Adam Back -
Bill Frantz -
Frank O'Dwyer -
Jim McCoy -
Lucky Green -
Richard Stallman