At 3:53 PM -0700 6/22/97, William H. Geiger III wrote:

-----BEGIN PGP SIGNED MESSAGE-----

In <199706222220.AAA26096@basement.replay.com>, on 06/23/97 at 12:20 AM, nobody@REPLAY.COM (Anonymous) said:

...

...

Digital Commerce *is* Financial Cryptography, Financial Cryptography *is* Strong Cryptography, therefore, Digital Commerce *is* Strong Cryptography. and, therefore, No Strong Cryptography, no Digital Commerce.

...

Why can't escrowed ecash support digital commerce? Strong crypto with a government backdoor. That's what you're offered. Prove it can't work.

Because no one with any sence is going to trust their finacial transactions to third party access and minipulation.

People do it all the time. The "third parties" are called "bankers." (And escrow agents, and loan officers, and bank guards, and so on.) I agree with "anonymous" that Bob Hettinga's syllogism is unconvincing. Now, I happen to believe that untraceable, strong communications and monetary instruments allow for amazing things. But claiming that digital commerce is impossible with an escrowed key system is not a very persuasive argument. (It is true that some major hacks of the escrowed system would undermine confidence in e-commerce, but so would major hacks of today's SWIFT or similar systems. So?) Bob's syllogism is just too simplistic, and it won't be convicing to people who have to deal with human weak links in existing systems, and even with government interference and government ability to intervene (FinCEN, freezing of assets, regulation, etc.). Beware too much simplification. It may make for nice t-shirts, but.... --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."

At 11:57 pm -0400 on 6/22/97, Tim May wrote:

...

In <199706222220.AAA26096@basement.replay.com>, on 06/23/97 at 12:20 AM, nobody@REPLAY.COM (Anonymous) said:

...

...

Digital Commerce *is* Financial Cryptography, Financial Cryptography *is* Strong Cryptography, therefore, Digital Commerce *is* Strong Cryptography. and, therefore, No Strong Cryptography, no Digital Commerce.

...

Why can't escrowed ecash support digital commerce? Strong crypto with a government backdoor. That's what you're offered. Prove it can't work.

First of all, Anonymous, proving a negative is logically impossible. :-). Second of all, in general, escrow is H1, and strong crypto, the status quo, is H0, so it's up to *proponents* of escrow to prove that it'll have the same, or actually significantly better, results, than strong crypto would. The same thing holds true for bearer certificates, in general. The difference in cost between traceable and and anonymous digital bearer certificate technology is lost in the noise of the enormous benefit of not using book-entries for transaction settlement anymore. Since they're the same price, and anonymous bearer certificates are more secure, people will probably select anonymous certificate protocols for the extra security. Okay, now on to Tim...

I agree with "anonymous" that Bob Hettinga's syllogism is unconvincing.

*This* should be fun...

Now, I happen to believe that untraceable, strong communications and monetary instruments allow for amazing things.

Amen. I also expect that the very definition of "amazing" will be in greater utility (horrors!) to mankind. Progress, in other words. Which, of course, is defined almost any way you cut it as more stuff for less work, and which is usually measured in the price of things on an open market. (Yes, I know. Money isn't everything, and freedom is probably the most important thing there is. However, in a literal sense, freedom is not priceless. It must be paid for. Fortunately, since people demand it so much, progress can also reduce the price of freedom, just like it does with other goods. :-).)

But claiming that digital commerce is impossible with an escrowed key system is not a very persuasive argument.

One only needs to see the recent IBM FUDomercial about fear of commerce on the net, or any of the other equivalent niggling stuff in the press on digital commerce, to give the lie to that argument. Again, if there's no material difference between the cost of weak cryptography and strong cryptography, which one are you going to choose? Occam's razor, and all that. We've demonstrated time and time again that the cost of audit trails in book entries is necessary for non-repudiation. "And then you go to jail" is the error-handler we all have to live with in our transaction architecture, because we couldn't move paper bearer certificates down a wire, and storage of paper costs more money than numbers in a book or database. We pay for that enforcement "subroutine" with taxes. With bearer certificates, none of that cost, database storage, access/authentication -- or law enforcement -- is necessary. If you *do* want audit trails with bearer certificates, you have to put them back in as some type of kludge. Or, even if you figure out how to leave them out, like Dan Simon did, you gain no material cost advantage over anonymous certificates. So why do it? Just 'cause the government wants it isn't an answer. Nation states have always wanted to do lots of things which are economically impossible, and those things haven't happened either. Reality is not optional.

(It is true that some major hacks of the escrowed system would undermine confidence in e-commerce, but so would major hacks of today's SWIFT or similar systems. So?)

Well, I've already answered this using, horrors, utilitarian arguments, but, directly on the merits of your argument, the most sweeping commerce protocols will be peer-to-peer ones, checks, cash, and the like. That leaves a lot of points of weakness to the system. Not the least of which would be any central place where the transactions are reported. Theft could be done unobtrusively and on a large scale, and the nagging fear of that is exactly what stuff like the IBM FUDomercial preys on, causing a "chilling" effect on commerce in general. The answer is strong cryptography, which costs the same anyway. So, Financial Cryptography is Strong Cryptography.

Bob's syllogism is just too simplistic, and it won't be convicing to people who have to deal with human weak links in existing systems, and even with government interference and government ability to intervene (FinCEN, freezing of assets, regulation, etc.).

They can do all they want, but eventually, it boils down to whether strong cryptography makes more money than weak crypto. I'm firmly convinced that that is the case. Hence the syllogism.

Beware too much simplification. It may make for nice t-shirts, but....

Frankly, simple is usually right. Progress in science is usually about replacing klunky complex ideas with more simple and elegant ones. Einsteinian space-time distortion is simple to visualize, so too is the double helix, or Newton's Laws, or the efficient market hypothesis, or Coase's stuff. Complexity is usually a symptom of cluttered and thus ineffective theory. Otherwise, we'd still be calculating orbits with epicycles... Occam's Razor. It's not just a good idea, it's the only idea. :-). Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/