sorry if this appears twice; I sent a copy through one of the new anonymous remailers last night and it looks like it didn't make it. Or I messed up somehow ;) -----BEGIN PGP SIGNED MESSAGE----- Tim May brings up some interesting and valid points about crypto protocols. I think there are several reasons surrounding the slow pace of crypto protocol (particularly software) development; rather than list them let me explain the difficulties in setting up a "data haven" (as far as I can see): I - Difficulties 1. The usual stuff like finding the time to code and maintain software, including getting access to a workstation (or whatever, some net connected computer given that my home computer is a PC running MSDOS). 2. Say all this code gets written. To really be able to run a data haven, I'd need to own the machine it runs on, to have the power to call all the shots. Yes, maybe my internet provider charges $x per megabyte, but I seriously doubt I'd be allowed to use up 100 Megs of disk space, even if I payed (and charged a bit more for storeage to cover my expenses). Now I can get a SLIP account for about $50 a month where I live, and so if I had a spare computer to devote, I'd be set, sort of. I'd definitely need the machine to be available on a network, otherwise it would be too inconvenient and nobody would use it. Of course, I'd also need an easy to use digital cash system to accept payments. Same thing with top-notch anonymous remailers; to be able to turn off logging, and be in control of a hundred details, I need to own the machine. Same thing with digital banks. Who would use a bank that runs off of an account from an internet provider? Besides, I'd need to own the machine to setup the appropriate security measures, etc. 3. Legal issues. This is the biggest problem. By running a data haven (and this applies to many other cryptographic protocols, particularly ones that guarentee anonymity, etc.) I pretty much open myself up to a legal can of worms. All it takes is one person to store pirated software, one person to send death threats through my "strong" anonymous remailer, one person to forward Clarinet posts to usenet, and I'm potentially in for a battle. Craig Neidorf (phrack) went to court and racked up a legal bill of $100,000, all for the government to drop its case. Consider if somebody posted anonymous soliciting pirated software. Let's say in a year, I set up an anonymous remailer and digital bank, and it really is anonymous. Somebody posts, soliciting the source code for Chicago (just an example), offering $10 million dollars. Some anonymous person sends it off, and receives payment. Neither party is traceable, and both are very happy. Except me. How screwed do you think I'd be facing the legal department of Microsoft? Yeah, the solution is to relocate off-shore; this is not feasible for me. This is only the tip of it since a large number of the more interesting and useful protocols are patented. Sure, maybe the concept of software patents suck, but the fact it, it's legal until a court overturns it. And I don't have the money to mount a legal battle. There is a balance to be struck between offering totally anonymous remailing (for example) and keeping enough logs to keep out of potential legal trouble. The problem is that the balance falls closer to the logging side, which would scare off potential users/customers. II - Incentives Really, what are the incentives for running these services? None as far as I can tell, other than the satisfaction of doing it. Johan Helsingus (Julf of anon.penet.fi) spends hours a day maintaining his site, responding to complaints, etc. He provides a valuable service, which obviously is very popular... all the same, I'll bet when he asked for a donation of $5 per account to help defray costs, he got almost no response. III - Usage Why aren't people using DC-Nets, data havens, etc.? Because I don't think there is a reason to. I'm not saying that it's a waste of time to develop this software; it's just for now it'll be confined to experimental usage, research purposes, or just as a challenge to surmount. I mean, I know what a DC-Net is, but I can't think of a single reason I'd actually use one, other than for the heck of it. IV - Platforms Well, for me, it would be MS-DOS. I love UNIX too, but my home computer is 10 times more convenient to develop for.

it all...remailers appear and then vanish when the students go away or lose their accounts, features added make past learning useless, and so on. Life

All I can say is for the near future, I don't see any of this stuff being done by anybody other than "hobbyists". "The Internet Casino" This sounds great, in fact, I've thought of writing a crypto version of roulette or blackjack... something that would use a bit-committment protocol to committ to a shuffle or sequence of random number, and play you. Afterwards, you could check logs to verify you weren't cheated. Maybe I'll actually find some time this summer to write it,

Later protocols have not fared as well. Why this is so is of great importance.

I'm interested in hearing your theories about this, Tim. I too wish things were different, but I just can't do much about it. I still think we are in a "ease of use" phase. Most people on this list don't even pgp sign their messages, largely because it isn't convenient. It isn't surprising later protocols aren't faring well. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLchxHIOA7OpLWtYzAQGP1QP9HbB+1eHhF5otXP9ShcC7mu5vSDVTeIf2 SNr4u28WOgRRHFP4MQcsvYp7VM0ELNhIdMXpCiThgl2kVj0oomLNboCpW0HNW9jn 4dux0K0hGJqsoxeZhqvNEybIQiVPHg0VFdkwI6q79V+oHynlOOaNZyJXad6ZFwsv xxUlGjLdmK8= =AAzE -----END PGP SIGNATURE-----