It pains me to often be the one who throws cold water on what seems to be a good idea, and what comes from a well-intentioned person. But I have to call 'em as I see 'em. And maybe I'm wrong. But here are my thoughts. At 10:16 PM 3/26/96, aba@atlas.ex.ac.uk wrote:

The idea of putting together a CD with crypto stuff is an excellent IDEA, and one which I very much welcome.

However a question .. are you (Ben) located in the US? If so...

that rules out overseas buyers unless you fancy messing with ITAR... Is it possible that you could come to some arrangement with some one outside the ITAR fence who has a CD writer (any one reading have one?) put together the same CD for those outside the US?

A CD-ROM containing crypto programs, source code, etc. sounds like a nice idea. But it falls apart for various reasons. For brevity, I'll just list some: 1. The CD-ROM "freezes" the various programs, archives, etc. at the moment the files are finalized and the CD-ROMs are pressed (or burned individually on a CD-R, at somewhat higher per-copy price). If the author of the CD-ROM is not committed to updating the CD-ROM at frequent intervals--say, every few months--then the programs will exhibit "version decay" and be nearly useless. The next point is the reason. 2. The Web does a better job at making the latest versions instantly accessible. True, a CD-ROM will generally have faster access, but I care more about getting the _latest_ version of PGP, even if takes a minute or two to snarf off the Web. That I could get an _older_ version of PGP in fractions of a second off this CD-ROM is not compelling to me. (And fractions of a second is too charitable: in actuality, I'd have to locate the CD-ROM, dismount anything already mounted, mount the CD-ROM, search it for "PGP," etc. Probably not even faster than using Alta Vista and downloading.) 3. Where CD-ROMs really shine over modem alternatives is, of course, for very large files. Images, MPEG or Quicktime movies, etc. "Multimedia" being the operative term. For crypto, this is not an issue. (Except for list archives, where having a few hundred megabytes of articles might be nice. However, the absolute KILLER of this idea is the staleness problem mentione in Point #1: if the archives on CD-ROM lack the most recent month or two, their usefullness drops precipitously. If the CD-ROM is a year old, and no updates have appeared, then its archives are useful only to list historians. (In other words, I will almost always go to up-to-date archives on a Web site rather than dusting off a CD-ROM that was issued several months ago. And a CD-ROM every several months is more than I think we can hope for. Or pay for.) 4. The Web approach allows powerful search engines, links from other pages, and--importantly--multiple jurisdictions. The PGP could come from the U.S., the Digital Postage code from Sweden, and so on. And, again as noted in # 1, the developers could keep improving and iterating the code. And so on....I can think of more problems, but these are enough. I have no interest in quashing the enthusiasm of Mr. Holiday. Nor do I have the power to do so, except by my comments. But I'd hate to see him invest several months of his life preparing this CD-ROM only to find that it is a novelty item, ordered by some people to be "cool," with actual downloads of the latest versions of software being done the way it is now done--the Web. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."