--- begin forwarded text To: John Young <jya@pipeline.com> Cc: cryptography@c2.net, John Gilmore <gnu@toad.com> Subject: Re: Building crypto archives worldwide to foil US-built Berlin Walls Date: Tue, 08 Dec 1998 19:36:23 -0500 From: Dan Geer <geer@world.std.com> Sender: owner-cryptography@c2.net Tradeoff time. ==== Q: Is it better for the providers of crypto resources to alarm/log accesses to their websites or not? I'd strongly argue not; Team Despot will disguise itself and we are surveilled as we speak; Team Legion loses if it creates targets for harvesting. ==== Q: Is coordinated integrity control (code signing) a Good Thing? I'd weakly argue not; The absence of a coordinated signing strategy does not preclude verification so avoiding common-mode fraud, e.g., long-running denial of service attacks on the central signing agent, seems advantageous. Alternative argument; Integrity of crypto code can be signed via quorumed split-key means so that no single actor fraud is effective yet only the minimum quorum need be online at any given time; this has the advantage that a completed split-key signature cannot be attributed to which quorum subset made it yet is verifiable by ordinary client means once complete. Since intermediate (partial signing) results do not leak fragment holder identity, quorum members can indirectly communicate through commonly held dead-drops. ==== Q: Should requestors routinely avoid surveilled identification? I'd argue strongly for: We, Team Legion, must commit to a cell organization with pseudonymity coverage such as through the "Crowds" system; to avoid any one of us being guilty we must all be. ==== Getting the problem statement right for this endeavor is the most important thing we have left to do. If the above sample is misguided, say so. To the extent it is incomplete, fix it. If one of us goes off the air, step into their place. It is time for us to walk the fine line between undue paranoia and a heightened state of awareness. --dan --- end forwarded text ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'