Let me phrase the issue in slightly different terms. Which of the following strategies do you folks think will best improve the chances that strong crypto remains legal? 1. CONFRONTATION: We fight RSADSI at every step. We engage them in legal battles, we distribute infringing code whenever possible. We get PGP spread to thousands of users, perhaps tens of thousands of users at bootleg, underground sites. (Remember that businesses cannot use PGP without fear of prosecution, fines, whatever...unless the Cypherpunks win their lawsuit against RSADSI, sometime around 1997 or so, at the rate these cases move through the courts.) 2. REALPOLITIK: We concentrate instead on spreading strong crypto into as many ecological niches as possible: individuals, corporations, e-mail packages, attorney-client transactions, and so on. We emphasize the legal, constitutional right to communicate messages in the language of our choice (that is, we have no obligation to speak in languages eavesdroppers can more easily understand). To head off government moves to act against PGP and similar systems, the parts of PGP that conflict with RSA's patents are modified, thus becoming legal to use (and Phil even has a chance to make some money, which he sure as hell can't do now). *** So spoke Tim May. I don't see these issues as mutually exclusive. What may be necessary is to seperate the efforts, to bring the PGP operation farther underground. To remove the connection between PGP distrubtuion and the more "Realpolitik" move to keep crypto legal. I admit that some users like Tim, and the more progfessional of us might find this impossible, but for the academics and others who don't have to don a suit and work everyday, underground crypto might be the only real answer. Consider this, no one ever wins when you fight the government at its own game. If they plan to outlaw crypto (a very real possibility in my view, regardless of more realpolitik efforts) all that we have to rely on is the underground channels. It's time (IMHO) to find ways to disguise PGP output in other types of data, pict or whatever. At the same time, it is possible to pursue more overt and legit methods, my fear is these will produce less in terms of real crypto than will the underground movements. *** All I've argued is that the "in your face" approach has its limits. Most of the PGP users are, I think we'll all agree, hobbyists and hackers who downloaded it, played with it, learned some crypto from it, exchanged keys, etc. Probably not too many critical uses, YET. But the popularity suggests a hunger for strong crypto. *** So spoke Tim May. Yes... yes... LEARNED SOME CRYPTO FROM IT. This is the KEY point here. How many people out there joined cypherpunks and became interested in crypto because of PGP? (I'm raising my hand) Sure I was interested and even tinkered with my own code before I knew cypherpunks existed, but it was PGP that did it. Education is the key. I said before, and I will say again: Most people could give a squirt about crypto. 99% of people is my guess. You all saw how pro Clipper most of the newspaper reports were, how willing they were to change phrases like "more secure than many of the algorithms on the market" to "the most secure algorithm to date." A real politik method is limited because most people could give a care about the issue. The people who seem most passionate about it, in my experience are the ones who have played with PGP. I, for one cant seem to get anyone else to care. I've talked to about 15 people outside the internet about Clipper, and most forgot all about it when the next beer came. No one will learn jack from the bullshit crypto that Clipper represents. It will become a transparent process that anyone could care less about with regard to security. Back to the days of the Black Chamber. The Clipper/Capstone move indicates the government wants to head this off at the pass. The question is whether the bootleg and infringing PGP (and Phil admits to all this in his docs, obviously) has a better chance of succeeding than a fully legal and already spreading RSA solution? ^^^ So spoke Tim May. I don't think either will make much difference. Clipper has caught us before the danger has become apparent to most. You really think an RSA solution that is really secure is going to catch, especially if it conflicts with Clipper, if the government has anything to say about it? I've got to be real honest. I'm beginning to be afraid to open my mouth on this subject anymore. Maybe I'm paranoid, but I look at how hard the government is trying to sell Clipper and processes like it and I am stunned. Nothing works this fast. A company like AT&T is NOT about to jump on the bandwagon quickly unless they KNOW something. To me its plain that the intent is to regulate crypto. Before then I plan (hope) that PGP finds its way into MANY hands. That's the only real weapon I see. Consider it a safety net to catch us if Tim's REALPOLITIK fails. I hope it doesn't, Tim, I hope not but I'm going to hope for the best and prepare for the worst. I intend to use strong crypto when I like. uni (Dark)