Timothy C. May writes:

Freeh must be removed by any means necessary. His calling for mandatory (or involuntary) key escrow marks him as unworthy of continued tenure. He is marked for deletion.

Dan Quayle was Bush's life insurance. Who is Freeh's? ----- And now, cryptography fans, I am appending a message I posted at least 8 times to the list yesterday, with nothing appearing except one message with no body attached. In case someone out there has actually been getting all of them, I apologize in advance. Subject: Cypherpunk Action Items Timothy C. May writes:

OK, you asked. This isn't a comprehensive list.

1. Fully secure machine to machine connections for the Net, as in Gilmore's "SWAN" project. This makes the Net unsnoopable by the NSA and other TLAs, and makes encryption an automatic (at this level...individual users will of course still encrypt on top of this, as relying on others is never enough).

Sounds reasonable. I presume we are talking about end-to-end encryption being the default for connections, and not link encryption over various hops of the Net here.

2. A usable form of Chaum's cash, a la Goldberg's or Schear's or Back's or whomever's implementation. An evolution of Magic Money, Hashcash, etc., using full strength algorithms. Backing can be decentralized. Less emphasis on deals with banks, more emphasis on guerilla deployment, a la PGP.

Nice, but who is going to be the first to back modular exponents with actual money? I recall this being a big stumbling block back when Chaumiam Cash discussions appeared previously on the list. Something like NetCash (The agents.com flavor, not the Netcash/Netcheque paper), although not very anonymous, is infinitely more suited to micropayments and integration into various transport protocols.

3. Distributed, decentralized data bases, a la Eternity, Blacknet, etc. My number one candidate: a commercial credit rating data base not bound by the U.S.' "Fair Credit Reporting Act." Let lenders and landlords find out the dirt on those who welshed on loans or who skipped out on leases, regardless of what the FCRA says. (This could technically be located today in any non-U.S. country, practically, but access by U.S. persons and corporations would have to be done circumspectly. A good use for blinded cash, of the _fully_ untraceable sort, e.g. payer- and payee-anonymous sort.)

I'm still a fan of my "Network Cache Server" approach to anonymous message pools and distributed data bases, even if only to reduce spam and provide a completely reliable Usenet. This then embeds into the Net three levels of communication, with varying degrees of latency and reliability. UDP: Alice says, "Here's some octets for Bob. I hope they don't get lost in transit." TCP: Alice and Bob are within sight of each other and toss octets back and forth, each replacing any the other fails to catch. NCS: Alice says to her local cache service, "Here are some octets which expire in 10 minutes and a micropayment." Alice gets a 256 bit receipt, which may be presented to any other cache server to retrieve Alice's octets in the next 10 minutes.

4. Wider use of persisistent pseudonyms. Most of the "anonymous" posts we see are signed in cleartext with names like "TruthMonger," "BombMonger," etc., with little use of PGP sigs to ensure persistence. Spoofing is trivial. Checking sigs is up to the *end reader*, for example, to see that "Pr0duct Cipher" really is the same nym that's in the past posted as Pr0duct Cipher, but it might be useful for us to start really making more use of this sig checking, and even to maintain our own data base of nyms and their public keys, as a kind of demonstration testbed.

This is really a user action item, not a Cyperpunks action item. The techology to do this already exists. Like most people, I will start signing all my posts if I am spoofed in a believable way, and enjoy the plausable deniability that comes with not signing them if I am not.

What I meant be "the wrong stuff" is the recent focus on breaking simple ciphers that were known to be breakable 20 years ago...just a matter of applying the computons in the right way.

Correct. This continuous brute-forcing of wider and wider keys has ceased to entertain. Unless someone comes up with a way to make less computing power do more keys, I'm really not interested in hearing about it. Of course, the first such efforts served to show how distributed efforts could be mounted on the Net, how much computing power you could snarf for free, and other interesting things. However, now that these things are known, repeating the experiment every week is not necessary. -- Mike Duvos $ PGP 2.6 Public Key available $ enoch@zipcon.com $ via Finger $ {Free Cypherpunk Political Prisoner Jim Bell}