No Subject

UCX_SMTP at crc.monroecc.edu UCX_SMTP at crc.monroecc.edu
Thu Jul 22 18:01:32 PDT 1993



---- Transcript of session follows ----

196608  %NONAME-W-NOMSG, Message number 00000000
-SYSTEM-S-NORMAL, normal successful completion

---- Unsent message follows ----

Received: from toad.com by relay2.UU.NET with SMTP
	(5.61/UUNET-internet-primary) id AA06943; Wed, 21 Jul 93 23:22:44 -0400
Received: by toad.com id AA21927; Wed, 21 Jul 93 19:16:03 PDT
Received: by toad.com id AA21680; Wed, 21 Jul 93 19:02:20 PDT
Received: from decwrl.UUCP by toad.com id AA21676; Wed, 21 Jul 93 19:02:19 PDT
Received: by uucp-gw-2.pa.dec.com; id AA18750; Wed, 21 Jul 93 19:00:31 -0700
Received: from emory.UUCP by merlin.gatech.edu with UUCP id AA03218
  (5.65c/IDA-1.4.4 for decvax!decwrl!hoptoad!CYPHERPUNKS); Wed, 21 Jul 1993 21:36:21 -0400
Received: from indigo.UUCP by
	emory.mathcs.emory.edu (5.65/Emory_mathcs.3.4.11) via UUCP
	id AA16552 ; Wed, 21 Jul 93 21:27:59 -0400
Resent-Message-Id: <9307220127.AA16552 at emory.mathcs.emory.edu>
Received: by indigo.mese.com (DECUS UUCP /2.0/2.0/2.0/);
          Wed, 21 Jul 93 21:25:09 EDT
Resent-Date: Wed, 21 Jul 1993 21:21:26 EDT
Resent-From: <cypherpunks at indigo.mese.com>
Resent-To: <CYPHERPUNKS at toad.com>
Received: by INDIGO.MESE.COM (MX V3.1) with UUCP; Wed, 21 Jul 1993 21:21:18 EDT
Received: from relay2.UU.NET by emory.mathcs.emory.edu
          (5.65/Emory_mathcs.3.4.11) via SMTP id AA12591 ; Wed, 21 Jul 93
          20:34:47 -0400
Received: from toad.com by relay2.UU.NET with SMTP
          (5.61/UUNET-internet-primary) id AA14330; Wed, 21 Jul 93 20:31:29
          -0400
Received: by toad.com id AA18642; Wed, 21 Jul 93 16:09:44 PDT
Received: by toad.com id AA18609; Wed, 21 Jul 93 16:07:26 PDT
Return-Path: <lock60!snark!boojum!esr at gvls1.VFL.Paramax.COM>
Received: from gvls1.VFL.Paramax.COM ([128.126.220.104]) by toad.com id
          AA18605; Wed, 21 Jul 93 16:07:15 PDT
Received: from lock60.UUCP by gvls1.VFL.Paramax.COM (4.1/mls/4.0) id AA04653;
          Wed, 21 Jul 93 19:07:13 EDT
X-Info: VFL.Paramax.COM is the new name for GVL.Unisys.COM Please change any
          mailing lists or aliases. Both the old and the new addresses will work for
          a short time.
Received: by lock60.Canal.Org (smail2.5) id AA16551; 21 Jul 93 18:50:24 EDT
          (Wed)
Received: by snark.thyrsus.com (/\==/\ Smail3.1.21.1 #21.19) id
          <m0oIjLP-00020KC at snark.thyrsus.com>; Wed, 21 Jul 93 14:56 EDT
Received: by boojum.uucp (Smail3.1.28.1 #2) id m0oIiVK-000BQZC; Wed, 21 Jul 93
          14:03 EDT
Message-Id: <m0oIiVK-000BQZC at boojum.uucp>
From: <boojum!esr at gvls1.VFL.Paramax.COM>
Subject: FAQ, round 2
To: boojum!cypherpunks at uunet.uu.net
Date: Wed, 21 Jul 93 14:03:02 EDT
X-Mailer: ELM [version 2.3 PL11]

I've written some more material for it.  Criticisms and additions
welcome.

--- DRAFT VERSION ---- DRAFT VERSION ---- DRAFT VERSION ---- DRAFT VERSION ---
From: esr at snark.thyrsus.com (Eric S. Raymond)
Newsgroups: news.answers
Followup-To: poster

This is the Cypherpunks FAQ.  It explains the projects and purposes of the
Cypherpunks mailing list.  It is also intended to serve as a general
introduction to privacy and encryption issues.

For details on the technical and theoretical aspects of computer cryptography,
see the sci.crypt FAQ, available for FTP from rtfm.mit.edu (18.172.1.27) in the
directory pub/usenet-by-group/sci.crypt.

The cypherpunks archive is available for FTP at

	soda.berkeley.edu:pub/cypherpunks

This site contains code, information, rants, and other miscellany, including
the most up-to-date version of this FAQ.

This FAQ is maintained by Eric S. Raymond <esr at snark.thyrsus.com>; send
additions and corrections to that address.  Sections contributed by others are
credited to individual authors.  We gratefully acknowledge, in addition,
feedback and comments from David Mandl <dmandl at lehman.com> and Eric Hughes
<hughes at soda.berkeley.edu>.

Here is a table of contents for this FAQ:

1. Why cypherpunks?

2. What are the essentials of privacy software?
   a. Public-key cryptosystems for secure communication.
   b. Unforgeable electronic signatures for message authentication.
   c. DC-net or similar protocols to thwart spoofing.

3. What are the potential applications of good privacy software?
   a. Secure communications.
   b. Digital cash.
   c. Electronic voting.
   d. Electronic contracts.
   e. Secure anonymous remailers and posters.
   f. <more?>

4. What are the key algorithms, tools, and implementations for privacy
   software?
   a. RSA
   b. DES
   c. Clipper/Capstone/DSS
   d. PGP
   e. Possible non-RSA trapdoor functions.

5. What are the social and political implications of good privacy software?
   a. Drastically lower transaction costs for trade.
   b. Expansion of the counter-economy.
   c. Disempowerment of government.
   d. Anonymity for whistleblowers.

6. What are the legal, political, and technical obstacles?
   a. The Clipper/Capstone/DSS power grab.
   b. The RSA patent and the PGP/RSA fight.
   c. RSA's base problem may not be NP-complete.

7. What can I do to help?
   a. Work on cryptographic software.
   b. Agitate against the Clipper/Capstone/DES proposals.
   c. Promote the use of encrypted communication.

To join the cypherpunks mailing list, send a request to:

	cypherpunks-request at toad.com

Working with us could be your best shot at stopping Big Brother.  So if you
have skills to contribute, act now.  The freedom you save could be your own.

1. Why cypherpunks?

   Because privacy is essential to freedom.

   If the government (or any other oppressor that behaves like one) can
effectively monitor communications, it can control or suppress them.  And it
will do so, because the natural tendency of controllers is always to seek more
control.

   The government cannot be relied on to protect your privacy rights.  Nor
can anyone else --- certainly not your employer, or the corporations that
want to know all about you so they can sell you things.

   Given half the chance, governments and corporations will always push
for security standards that protect *them*, but not *you*.

   Computer technology can help protect you against would-be snoopers, but only
if somebody is sufficiently smart and dedicated to build the tools.

   The Cypherpunks list exists to build and propagate privacy software.  Our
aim is to give you the tools to keep your private information private, and to
communicate with other people and computers in ways snoopers cannot tap.

2. What are the essentials of privacy software?

a. Public-key cryptosystems for secure communication.

   A conventional cryptosystem consists of an encoding/decoding method and
a single key.  Two users who share a key can exchange private messages.

   A public-key cryptosystem uses a *pair* of keys; one private, one public.
Anyone with either key can decode messages encoded with the other.  For
privacy, it must be impossible (or at least impractical) to deduce the private
key from the public one.

   Public-key cryptosystems imply many exciting things --- unforgeable
electronic signatures, digital cash, and secure electronic contracts are among
them.  The basic idea behind all of these is that, as long as your private key
is secure, people can verify that an encoded message containg known text came
from you by decoding with your public key.

   In the remainder of this FAQ we use `PKC' as an abbreviation for `Public
Key Cryptosystem'.

   The best-known PKCs are the RSA system, the Federal Government's DES
standard, and the government's Clipper proposal.  We'll discuss these, and
others, in more detail below.

b. Unforgeable electronic signatures for message authentication.

   There are many circumstances in which you want to be able to check a public
clear-text message for tampering.  To do this, the message must contain a
`digital signature' or `message digest code' or `message hash' derived from its
clear text, which can be checked against the clear text by a receiver.  For
security, the message hash should have the property that no one knows how
to modify a message in a way that preserves its hash.

   PKCs give you unforgeable signatures as a side-effect.  Unfortunately, known
PKCs are too slow to use practically for message hashing.

   Thus, there is a separate category of `Digital Signature Systems'.
The three major DSS techniques are Snefru, MD5, and DSS.  Snefru, invented
by Ralph Merkle at Xerox PARC, is of historical interest only as it has been
broken.

   MD5 is described in Internet RFC 1321, which also gives a reference
implementation in C.  As of July 1993 it is believed to be secure, but
has not been *proved* to be secure.

   DSS is a Federal Government proposed standard associated with the Clipper
proposal.  <more needed here>

c. DC-net or similar protocols to thwart spoofing.

<more needed here>

3. What are the potential applications of good privacy software?

a. Secure communications.

   With a PKC, you can send a message that no one but the intended receiver
can decrypt by encoding it with the receiver's public key.  If you encode
it with *your* public key, the receiver can verify that it came from you.

   This means that it is possible to do secure communications even over public
channels.  Neither nosy neighbors, business competitors, nor the government or
any (other) criminal gang can interfere with it.

b. Digital cash.

   Unforgeable messages also imply digital cash.  You could use a PKC to send
to the receiver a code permitting them to draw a particular amount of money
from your bank account.  The bank, with access to both yours and the payee's
public keys, can verify that the order is genuine.

   This means that it is possible to do trade over electronic links, without
any part trusting any other party beyond the bounds of normal commercial
risk.

c. Electronic voting.

   Unforgeable messages also imply secure electronic voting.  If you encode
your voting form with a PKC, the vote-collecting authority can verify it
with your public key.

d. Electronic contracts.

   If two or more people encode known text with their private keys applied in
succession, all their public keys will be required to decode it.  This is
an unforgeable contract.  Furthermore, it is an unforgeable *private* contract.

e. Secure anonymous remailers and posters.

<more needed here>

4. What are the key algorithms, tools, and implementations for privacy
   software?

a. RSA

   RSA stands for `Rivest-Shamir-Adelson', the names of the three computer
scientists who developed the technique.  RSA has withstood determined attacks
for over a decade and is widely believed to be secure.  It has been proposed
as an Internet standard.

   The RSA technique is patented.  The patents are held by RSA, Inc. <contact
information should go here>.  An implemenation in C called RSAREF is
available for research and certain noncommercial uses.

b. DES

<more needed here>

c. Clipper/Capstone/DSS

<more needed here>

d. PGP

<more needed here>

e. Possible non-RSA trapdoor functions.

<more needed here>

5. What are the social and political implications of good privacy software?

a. Drastically lower transaction costs for trade.

<more needed here>

b. Expansion of the counter-economy.

<more needed here>

c. Disempowerment of government.

<more needed here>

d. Anonymity for whistleblowers.

<more needed here>

6. What are the legal, political, and technical obstacles?

<more needed here>

a. The Clipper/Capstone/DSS power grab.

<more needed here>

b. The RSA patent and the PGP/RSA fight.

<more needed here>

c. RSA's base problem may not be NP-complete.

<more needed here>

7. What can I do to help?

a. Work on cryptographic software.

<list of current projects should go here>

b. Agitate against the Clipper/Capstone/DES proposals.

<more needed here>

c. Promote the routine use of encrypted communication.

<more needed here>

   You can help spread PGP and other appropriate tools far and wide
(both to help get a better foothold to thwart the Clipper proposal and
its ilk, and to work towards making crypto as commonplace as
envelopes).

--- DRAFT VERSION ---- DRAFT VERSION ---- DRAFT VERSION ---- DRAFT VERSION ---
--
						>>eric>>






More information about the cypherpunks-legacy mailing list