Tracerneo writes: | On 7 January 2016 at 05:51, grarpamp wrote: | >online privacy | >encryption scheme | >backdoor that allows anyone..to have their anonymity and privacy stripped | altogether | | I don't know, maybe I'm retarded, but this doesn't compute. | | What I'm afraid though, is that such abominations might catch on, | because people like adopting flawed things, that give them illusion of | control. With respect, the stripping involved requires unanimity amongst the nine sites, each much different than the other. If one is to dismiss Chaum's scheme due to the possibility of 9-way unanimous collusion, then, in like manner, all threshold (split-key) cryptosystems are unacceptable. And then there is the DNS where the possibility of collusion amongst all root servers would also trigger disavowal of the DNS. I'm probably missing your point. --dan

Actually, the nine servers are not operated by Chaum. They're operated by "highly skilled people in this room who know how to build and run a secure data center". At least that's what he said at the talk I witnessed where he unveiled it. Additionally, Chaum's design allows an entity operating one of the servers to introduce their own policy - "it's not up to me what policy you want to introduce; the system is neutral". So, first of all there's Chaum's obvious failure to recognize that in the same room are the exact people who could hack into a "secure data center". Second, he implied that, with the use of these policies, if a message were to traverse a network with nodes operated by the US, Canada, Egypt, India, Pakistan, Iran, Russia, China and Japan, it would require the admins from those countries to all agree to decrypt, turning the solution into a political - not mathematical - one. Now, I'm personally hardly a supporter of the idea, and hate the fact that Chaum's idea lends credibility to Comey's "smart people just need to work on it" position. In fact, I consider any sort of backdoored system tantamount to treason to cryptography, and antithetical to its purpose. But I do think it's important to debate on the actual facts at hand. - A On Saturday, January 9, 2016 3:58:46 PM PST Travis Biehn wrote:

Dan, The 9 servers are operated by Chaum, and is the software and OS config open source and 3rd party verifiable as being the same as running on the servers?

9 servers will be operated in 9 different jurisdictions, not by 9 separate unrelated 'entities'.

'Trust us' is just something we've become accustomed to not needing.

Travis

On Fri, Jan 8, 2016, 11:48 PM wrote:

...

Tracerneo writes: | On 7 January 2016 at 05:51, grarpamp wrote: | >online privacy | >encryption scheme | >backdoor that allows anyone..to have their anonymity and privacy

stripped

| altogether | | I don't know, maybe I'm retarded, but this doesn't compute. | | What I'm afraid though, is that such abominations might catch on, | because people like adopting flawed things, that give them illusion of | control.

With respect, the stripping involved requires unanimity amongst the nine sites, each much different than the other. If one is to dismiss Chaum's scheme due to the possibility of 9-way unanimous collusion, then, in like manner, all threshold (split-key) cryptosystems are unacceptable. And then there is the DNS where the possibility of collusion amongst all root servers would also trigger disavowal of the DNS.

I'm probably missing your point.

--dan

Point is the technology is neutral/agnostic to its location and operator - and that a key part of the solution is in fact political. Hell, I'm still wondering who would use such a system in the first place without the imposition of regulation? On Tuesday, January 12, 2016 3:31:49 AM PST juan wrote:

On Mon, 11 Jan 2016 22:15:36 -0800

Alex Stahl wrote:

...

Second, he implied that, with the use of these policies, if a message were to traverse a network with nodes operated by the US, Canada, Egypt, India, Pakistan, Iran, Russia, China and Japan,

I think the actual network would be more like washington, boston, new york, los angeles, london, panama, puerto rico, marshal islands and maybe brussels.

Sounds like we're in agreement then that crypto systems with political solutions aren't actually crypto solutions at all then? Anyone else (dis)agree? On Tuesday, January 12, 2016 4:56:06 AM PST juan wrote:

On Mon, 11 Jan 2016 23:30:49 -0800

Alex Stahl wrote:

...

Point is the technology is neutral/agnostic to its location and operator - and that a key part of the solution is in fact political.

Oh yes, I do see that. And it's based on the 'division-of-power' and 'checks-and-balances' doctrine, which I don't find especially convincing or effective.

...

Hell, I'm still wondering who would use such a system in the first place without the imposition of regulation?

Well, the leaders of the liberal democracies might be able to create a few laws and regulations to adopt chaum's system and save the children from digital terrorism. Or something.

...

On Tuesday, January 12, 2016 3:31:49 AM PST juan wrote:

...

On Mon, 11 Jan 2016 22:15:36 -0800

Alex Stahl wrote:

...

Second, he implied that, with the use of these policies, if a message were to traverse a network with nodes operated by the US, Canada, Egypt, India, Pakistan, Iran, Russia, China and Japan,

I think the actual network would be more like washington, boston, new york, los angeles, london, panama, puerto rico, marshal islands and maybe brussels.

On Tue, 12 Jan 2016 00:13:28 -0800 Alex Stahl wrote:

Sounds like we're in agreement

We are.

then that crypto systems with> political solutions aren't actually crypto solutions at all then?

Anyone else (dis)agree?

The 9 servers are operated by Chaum, and is the software and OS config open source and 3rd party verifiable as being the same as running on the servers?

9 servers will be operated in 9 different jurisdictions, not by 9 separate unrelated 'entities'.

'Trust us' is just something we've become accustomed to not needing.

I'm not going to disagree with that at all, but here's the thing: There has to be a root of trust in some way even if (or particularly if) that root is math, pure math, and nothing but the math so help me God. That being said, I would suspect that any system which permits absolutely zero recourse against things done with it that a super majority of citizens considers abhorrent is a system that will not be long tolerated and thus will not long exist. What then is a useful model of recourse? The essential idea of checks and balances is that of prevention, viz., that no one entity can permanently subvert the workings of democratic society. (Here I have to ask to please spare me the anti-democratic invective.) I have to agree with some poster or other who said that Chaum's system only works if it is the only system, otherwise the evil will just run down some other pipe than his. Fair enough, but if one is brilliant and paranoid, then a system that invests absolutism in no single party is a design goal, and a worthy design goal at that. At the same time, if one's paranoia, existential or otherwise, gets the better of you, then you will want keep your hand on the tiller even while delegating fragments of your authority all about. So it is, I suspect, the case here. In other words, if you are too paranoid then you will never be able to turn the whole thing over to its fate as embodied in its design and its design alone -- you will wreck it all out of the kind of paternalism that does seem to be irreducible core of nearly every argument in the public sphere about safety. Seriously, I am not arguing for cMix or Mr. Chaum. I am saying, carefully and calmly, that some understandable form of recourse is an unavoidable condition for willing public acquiescence. Chaum made a proposal. Comey made a proposal. Proposals are likely to now sprout like wildflowers. Make one. Thinking out loud, --dan

On 01/15/2016 04:17 PM, dan@geer.org wrote: <SNIP>

That being said, I would suspect that any system which permits absolutely zero recourse against things done with it that a super majority of citizens considers abhorrent is a system that will not be long tolerated and thus will not long exist. What then is a useful model of recourse?

That may be so. But rather than a "useful model of recourse", what's needed are anonymity systems that super majorities can't compromise or take down.