From shamrock at netcom.com Mon Aug 1 00:22:04 1994 From: shamrock at netcom.com (Lucky Green) Date: Mon, 1 Aug 94 00:22:04 PDT Subject: Lady Di's medical records Message-ID: <199408010722.AAA01452@netcom7.netcom.com> > I understand that in California, shrinks have a duty to protect > records. I expect encryption is spreading. I also expect that many of > them are worried about the trend to force disclosure of patient > records. (Such as with the Tarasoff ruling on patients who make > threats, the various other loopholes for breaking doctor-patient > privilege, the various "discovery" procedures in court cases, and so > on.) I personally know individuals that are avoiding medical care because of concerns about confidentiality. It seems the loopholes are extending. Patient records stay around for years. Who knows what the requirements will be five years from now? It would not surprise me if individuals who have been seeking drug treatment within the last, say, five years would have to be reported to the Klinton Kommunal Kare agency. > (Watch for software key escrow to fold this in: mandated encryption > of records, but American Psychiatric Association and California State > Mental Health Association the designated escrow sites. For example.) To be examined by the above supervisory agency upon "reasonable suspicion", no doubt. -- Lucky Green PGP public key by finger From a.brown at nexor.co.uk Mon Aug 1 02:11:52 1994 From: a.brown at nexor.co.uk (Andrew Brown) Date: Mon, 1 Aug 94 02:11:52 PDT Subject: What kind of encryption to incorporate? In-Reply-To: <199407291656.MAA03632@freud.bwh.harvard.edu> Message-ID: On Fri, 29 Jul 1994, Adam Shostack wrote: > A filename and length give away the fact that something is > hidden. If you only hide encrypted data, and no plaintext of any > sort, then the file can not be automatically detected; it can ony be > seen by someone who can decrypt it. ... well almost. It's trivial to write a program that extracts the LSB's from a GIF file and then determine their randomness. Truly random data gives away the presence of an encrypted file. The solution is to choose the LSB's that you alter according to the output from a decent random number generator so that each LSB has a probability of being altered. - Andy From frissell at panix.com Mon Aug 1 04:27:58 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 1 Aug 94 04:27:58 PDT Subject: Philadelphia Enquirer Story on Clipper Message-ID: <199408011125.AA11517@panix.com> At 11:46 PM 7/31/94 -0700, Lucky Green wrote: >> Dorothy E. Denning, chairman of the computer-science department at >> Georgetown University and a supporter of the Clipper plan, said such >> a world [with unbreakable encryption] would be like ''highways without >>traffic lights and people >> without driver's licenses.'' > >Let me predict it here today: there will be the day that you will need a >license to access the Net. Yeah. I can imagine it. It would be like New York City today where the tabs are telling us that seemingly half the population is "driving while license suspended." Course the 1st Amend. was specifically designed to eliminate the nasty British habit of licensing newspapers. Driving licenses weren't mentioned in that document. Have their been any licensing proposals for the Information Stupor Highway yet? If the Supremes will let me burn a cross, isn't it likely that they will let me log on? DCF "On the Information Super Highway, there will have no speed limits, there will be no rest areas, there will be no troopers. But there will be a passing lane, a passing lane." -- Network MCI From paul at poboy.b17c.ingr.com Mon Aug 1 05:28:06 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Mon, 1 Aug 94 05:28:06 PDT Subject: FW: No SKE in Daytona and other goodies In-Reply-To: <9407292105.AA29978@netmail2.microsoft.com> Message-ID: <199408011228.AA17694@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- Blanc Weber said: > You could also, like the Luddites, pressure the inventors of computers > not to make any more of these new-fangled, fearsome things. Because > you just *know* what they'll be used for, once they develop some > database "features" and make it possible to send messages anonymously. All right, then, I'm a key escrow Luddite. To me, key escrow is like a host of other "new-fangled things": its disadvantages and dangers outweigh its benefits. - -Paul - -- Paul Robichaux, KD4JZG | "Information is the currency of democracy." perobich at ingr.com | - some old guy named Thomas Jefferson Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLjzqgafb4pLe9tolAQFtIAP/TZNaTw3YLUcOiAAwPl0MKTbkoYXuirJ4 Lpfj5tovRb/Hyiuaa7z9/iuvNMPqjvEzU0ueeCh8VWVVKVGt8U0O9/UchO5x3NNw WfLwxjXPPQP0/F4o2tZzwQKAzJIrRALEUsJElsL4MJ3onDFGzFTGjB/B8oL1TJ8F jOBS/VWkeho= =LQar -----END PGP SIGNATURE----- From m5 at vail.tivoli.com Mon Aug 1 05:32:37 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 1 Aug 94 05:32:37 PDT Subject: Children and the Net In-Reply-To: <199407311826.LAA24798@netcom10.netcom.com> Message-ID: <9408011231.AA08947@vail.tivoli.com> Mike Duvos writes: > Had it not been for the fact that having children covered with > scars, welts, and bruises is not considered child abuse in the > state of Texas, I know it's chic to refer to Texas as the last bastion of barbarian living, but I'd like to see some citation for the above if you really believe it's true. Note also that I've heard tell kids get beat up in other states too, though that might just be rumor. | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From werner at mc.ab.com Mon Aug 1 07:29:25 1994 From: werner at mc.ab.com (tim werner) Date: Mon, 1 Aug 94 07:29:25 PDT Subject: Survey: what free scientific, mathematical, statistical software is wanted? Message-ID: <199408011428.KAA13225@sparcserver.mc.ab.com> This was not cross-posted to any crypto groups, so I thought I would post to the list. Hope it's appropriate. Article 491 in gnu.announce (moderated): Date: Sun, 31 Jul 94 17:23:58 EDT Distribution: world Newsgroups: gnu.announce,gnu.misc.discuss,sci.stat.math,sci.stat.consult,sci.stat.edu,alt. iams,comp.lang.fortran,comp.graphics.gnuplot,comp.software Followup-To: poster From: lenk at gnu.ai.mit.edu Subject: Survey: what free scientific, mathematical, statistical software is wanted? Lines: 25 [ Please repost this wherever you think is appropriate! ] Project GNU of the Free Software Foundation is conducting a survey to determine the kinds of mathematical software commonly utilized by scientists and mathematicians. Your answers will help us to determine the programming tasks we present to our volunteers. This will ultimately result in a more complete set of math programs and subroutines available as free software. Please answer the following questions with regard to scientific, mathematical, and/or statistical software: 1. What packages are commonly used? 2. What programs and subroutines are desired, but not available? 3. What freeware currently exists? 4. Where else can we ask these questions? Please give as much detail as you can, including package name, author, language, and where it can be found. Send responses to math-sw-survey at gnu.ai.mit.edu Thank you! From talon57 at well.sf.ca.us Mon Aug 1 08:01:01 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Mon, 1 Aug 94 08:01:01 PDT Subject: swell discusions Message-ID: <199408011500.IAA08747@well.sf.ca.us> Gee, I'd sure like to participate in all these neat discussions going on here on cypherpunks today, but I'm busy examining these disgusting GIF'S that some sick mind uploaded to all these sites in Tennessee...... Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced communication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth From hfinney at shell.portal.com Mon Aug 1 08:09:38 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 1 Aug 94 08:09:38 PDT Subject: Lawsuits Against PKP In-Reply-To: Message-ID: <199408011509.IAA23874@jobe.shell.portal.com> schneier at chinet.chinet.com (Bruce Schneier) writes: >Two lawsuits were recently filed in federal court, northern district >of Calif, which may cripple Public Key Partners. >Cylink v. RSA Data Security, C-94-02332-CW, June 30, 1994, San Fran. >It alleges that the RSA patent is invalid. RSA Data had denied Cylink >a patent license. >Schlafly v. Public Key Partners, C-94-20512-SW, July 27, 1994, San Jose. >It alleges that almost all of the PKP patent claims are invalid and >unenforceable. That makes my day. The name Schlafly sounds familiar (I don't mean Phyllis). Roger? Does anyone know a crypto person with this name? It would be interesting to know whether anyone else could join in these lawsuits on a class-action basis, or at least send support to the plaintiffs. Hal From dave at marvin.jta.edd.ca.gov Mon Aug 1 08:11:24 1994 From: dave at marvin.jta.edd.ca.gov (Dave Otto) Date: Mon, 1 Aug 94 08:11:24 PDT Subject: "Just say 'No' to key escrow." In-Reply-To: <9407300232.AA01640@ua.MIT.EDU> Message-ID: <9408011509.AA28632@marvin.jta.edd.ca.gov> on Fri, 29 Jul 1994 22:32:25 -0400 (EDT) solman at MIT.EDU wrote: > Jesus people are paranoid. I happen to be of the opinion that A) if escrow As a member of the "religious right", I am *NOT* paranoid (at least any more so than most members of this list :-). I do make an attempt to screen the media my children have access to. I do NOT advocate "sequestering" nor do I support ANY governmental censorship. Long live the PFLC! -- the dave who is tired of these non-crypto rants Dave Otto -- dave at marvin.jta.edd.ca.gov -- daveotto at acm.org "Pay no attention to the man behind the curtain!" [the Great Oz] finger DaveOtto at ACM.org for PGP 2.6 key <0x3300e841> fingerprint = 78 71 3A 5B FD 8A 9A F1 8F BC E8 6A C7 BD A4 DD From frissell at panix.com Mon Aug 1 08:18:11 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 1 Aug 94 08:18:11 PDT Subject: Philadelphia Enquirer Story on Clipper Message-ID: <199408011516.AA29716@panix.com> At 06:55 AM 8/1/94 -0400, Duncan Frissell wrote: >Course the 1st Amend. was specifically designed to eliminate the nasty >British habit of licensing newspapers. Driving licenses weren't mentioned >in that document. Have their been any licensing proposals for the >Information Stupor Highway yet? If the Supremes will let me burn a cross, >isn't it likely that they will let me log on? To further answer myself... Note that we have had telephones for more than 100 years without any licensing of telephones in this country. In fact, the telephone companies were prohibited from denying service save on a number of narrow grounds. And that was in a much tighter regulatory environment than seems destined to exist in the future. DCF "License Communists -- not Workstations" From gtoal at an-teallach.com Mon Aug 1 08:43:02 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 1 Aug 94 08:43:02 PDT Subject: Children and the Net Message-ID: <199408011541.QAA17580@an-teallach.com> From: "James A. Donald" Yep. They thought that was really great. > Will you be upset > if they try this at home? At the age of three Jim figured out that death was permanent and extremely serious. It was just a real shame you had to kill your kid's dog with a sharp spike up one nostril to make the point though ;-) G From smb at research.att.com Mon Aug 1 08:48:02 1994 From: smb at research.att.com (smb at research.att.com) Date: Mon, 1 Aug 94 08:48:02 PDT Subject: Lawsuits Against PKP Message-ID: <9408011547.AA22209@toad.com> Two lawsuits were recently filed in federal court, northern district of Calif, which may cripple Public Key Partners. Cylink v. RSA Data Security, C-94-02332-CW, June 30, 1994, San Fran. It alleges that the RSA patent is invalid. RSA Data had denied Cylink a patent license. This one is really fascinating -- Cylink is one of the owners of PKP, along with RSADSI... From gtoal at an-teallach.com Mon Aug 1 08:52:47 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 1 Aug 94 08:52:47 PDT Subject: Children and the Net Message-ID: <199408011533.QAA17440@an-teallach.com> From: Mike Duvos A doctor at Baylor University Medical Center was asked later why this didn't cause the removal of the children, and said that while such behavior would certainly be considered abuse in a medical sense, it did not meet the legal definition of abuse according to the laws of the State of Texas. Texas, of course, is the leader on the national corporal punishment bandwagon and dishes out over 250,000 state-sponsored beatings every year in its public school system. So far all efforts to ban the practice have been successfully opposed by the teachers union. Come off it, the benefits of a teacher giving your kid the strap at the time of an offence far outweigh the harm done. I find it really hard to believe there are places in the world where it's criminally illegal for teachers - in some places, even parents - to apply corporal punishment when necessary. Anyway, it's biggest benefit is that it teaches kids a healthy disrespect of authority and shows them the pretence behind politics, 'voluntary' taxation etc etc. The people with the physical force are in charge. I think that's a lesson all kids should be made to learn the hard way. G From jdd at aiki.demon.co.uk Mon Aug 1 09:10:21 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Mon, 1 Aug 94 09:10:21 PDT Subject: Anonymous code name allocated. // penet hack Message-ID: <3147@aiki.demon.co.uk> > You have sent a message using the anonymous contact service. > You have been allocated the code name an118905. ... and so forth I did not send any message using the remailer and I would be grateful if the account were killed. Is everybody on the cypherpunks list getting this sort of harassment or is it just me? -- Jim Dixon From berzerk at xmission.xmission.com Mon Aug 1 09:15:46 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Mon, 1 Aug 94 09:15:46 PDT Subject: Labeling Usenet articles. In-Reply-To: <9408010229.AA19967@netmail2.microsoft.com> Message-ID: OK, so I want to enable the recieving of articles in conjunction with a censorship service. I guess the way to do this is a sig. of the article number, as this is the most copact way I can think of. Does anyone have some good ideas for the sig. method? I was thinking about the government one, so as to render patents moot. The other problem is coming up with a standard format so that newsreaders(for unix, at least 6, for dos, mac, etc) can be easily modified. Anyone have some interest in this? Lets get the tools of crypto out there in advance. Berzerk. From blancw at microsoft.com Mon Aug 1 09:28:43 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 1 Aug 94 09:28:43 PDT Subject: Big Brother's Escrow Systems Message-ID: <9408011629.AA00655@netmail2.microsoft.com> From: Greg Broiles Humm. Do Microsoft shareholders know that the company is being run in order to empower folks, as oppposed to making money? I must confess that I was (until now) unaware of that. .................................................................... Shareholders only know that software with uncalculable benefits is being produced & being widely accepted for no discernible reason, with profit being an unintended side effect which they can take advantage of. Blanc [Disclaimer: I can't represent my employer from here, but wait till I get my own pc.] From sidney at taurus.apple.com Mon Aug 1 09:35:00 1994 From: sidney at taurus.apple.com (Sidney Markowitz) Date: Mon, 1 Aug 94 09:35:00 PDT Subject: Lawsuits Against PKP Message-ID: <9408011634.AA23517@toad.com> Hal writes: >That makes my day. The name Schlafly sounds familiar (I don't mean >Phyllis). Roger? Does anyone know a crypto person with this name? I haven't yet seen the details on the lawsuit, but I would guess that it is Roger Schlafly, unless the name is more common than I think. He was at Borland when I used to work there, and was into numerical methods kind of stuff. I was told that he is Phyllis Schlafly's son, but he did not give the impression being someone of her political or cultural orientation, not that I ever heard him talk about political issues. -- sidney From nobody at shell.portal.com Mon Aug 1 09:36:02 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Mon, 1 Aug 94 09:36:02 PDT Subject: Children and the Net Message-ID: <199408011635.JAA28519@jobe.shell.portal.com> gtoal writes: "Come off it, the benefits of a teacher giving your kid the strap at the time of an offence far outweigh the harm done." i disagree. how do you know corporal punishment wont be 'appealing' to the children, so like when they grow up they cant wait to take a strap to their kids and so on down the line? strapping is not a solution to a childs problems, if you cant help a child work out his problems through verbalization youre a pathetic parent! From berzerk at xmission.xmission.com Mon Aug 1 09:36:43 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Mon, 1 Aug 94 09:36:43 PDT Subject: Children and the Net In-Reply-To: <9408011231.AA08947@vail.tivoli.com> Message-ID: On Mon, 1 Aug 1994, Mike McNally wrote: > Mike Duvos writes: > > Had it not been for the fact that having children covered with > > scars, welts, and bruises is not considered child abuse in the > > state of Texas, > I know it's chic to refer to Texas as the last bastion of barbarian > living, but I'd like to see some citation for the above if you really > believe it's true. Note also that I've heard tell kids get beat up in > other states too, though that might just be rumor. As far as I know, the above was NOT the case, and no evidence existed of abuse. The search warrent talks about having guns and "clandestine" *publications* and neve authorizes breaking into windows to serve a NORMAL search warrent. Berzerk. From jrochkin at cs.oberlin.edu Mon Aug 1 09:47:58 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Mon, 1 Aug 94 09:47:58 PDT Subject: Labeling Usenet articles. Message-ID: <199408011647.MAA07134@cs.oberlin.edu> > OK, so I want to enable the recieving of articles in conjunction with a > censorship service. I guess the way to do this is a sig. of the article [...] > Lets get the tools of crypto out there in advance. How is crypto involved? You want to have everything arrive at your site encrypted, and only be able to decrypt the stuff that you are permitted by the censor to read? Why bother, why not just only send stuff to your site that the censor permits you to read? If you don't want your entire site censored, but just want particular readers at your site to be censored, then the sysadmin should just set something up so users are only allowed to read what the censor has allowed that user to read. I dont' see how crypto comes into it at all. I think you are going to have a lot of trouble getting any help with this plan from this list. For one thing, it doesn't seem to require crypto to implement, and for another, very few people on this list are going to be interested in developing a censorship system. I don't think anyone thinks you should be disallowed from doing so either, but people put their time and energy into developing software that interests them and excites them, and for most cypherpunks I don't think a censorship system does either. From Eric_Weaver at avtc.sel.sony.com Mon Aug 1 10:07:30 1994 From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver) Date: Mon, 1 Aug 94 10:07:30 PDT Subject: No SKE in Daytona and other goodies In-Reply-To: Message-ID: <9408011707.AA06544@sosfc.avtc.sel.sony.com> Date: Sat, 30 Jul 1994 00:16:38 -0400 (EDT) From: Aron Freed On Fri, 29 Jul 1994, Eric Weaver wrote: > The government should NOT be viewed similarly to an employer in its > relationship with citizens. Employees are free to quit and make their > income some other way. Yeah and since when has this country been so easy to quit and find a new job with the same relative pay???? Do you think it's that easy??? Uh I don't think so.. duh huh... I can't even get a summer job working at a computer store and I'm very computer literate for my age. Did I SAY that it would be easy? But nobody will stop you from quitting a JOB. A government may well try to stop a citizen of its country from leaving. That's my point. From mark at unicorn.com Mon Aug 1 10:26:17 1994 From: mark at unicorn.com (Mark Grant) Date: Mon, 1 Aug 94 10:26:17 PDT Subject: Labeling Usenet articles. Message-ID: On Mon, 1 Aug 1994, Jonathan Rochkind wrote: > How is crypto involved? You want to have everything arrive at your site > encrypted, and only be able to decrypt the stuff that you are permitted > by the censor to read? Why bother, why not just only send stuff to your site > that the censor permits you to read? If you don't want your entire site censored, but just want particular readers at your site to be censored, then the > sysadmin should just set something up so users are only allowed to read > what the censor has allowed that user to read. I dont' see how crypto > comes into it at all. No, I think he's essentially talking about a 'secure' moderated newsgroup. That is, the moderator(s) would sign each 'authorised' message with a special key, and the newsreader would verify that it was signed by a moderator before allowing you to read it. The current moderation system is supposed to ignore unmoderated articles, but without crypto it's easy to get round. > I think you are going to have a lot of trouble getting any help with this > plan from this list. For one thing, it doesn't seem to require crypto > to implement, and for another, very few people on this list are going to > be interested in developing a censorship system. I'm not sure if it's a good idea or not, but it seems to me that I'd rather be able to say to people 'Ok, you want to create your own secure moderated groups safe for kids/fundamentalists/chthulhu-worshippers, or whatever, here's the software to do so' than have them (try to) make it compulsory for everyone, everywhere. I'd suggest using PGP now that it's legal, rather than creating some new system. I've got C-source for Unix that will call PGP to verify signatures, if the original poster wants to hack it into trn or something - the code was written for 2.3a though, so it may need a few changes for 2.6 (or those who aren't worried about legalities can link it with PGP Tools instead). It would, of course, have the side effect of helping to spread PGP further before SKE comes along. Mark From berzerk at xmission.xmission.com Mon Aug 1 10:53:42 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Mon, 1 Aug 94 10:53:42 PDT Subject: Labeling Usenet articles. In-Reply-To: <199408011647.MAA07134@cs.oberlin.edu> Message-ID: On Mon, 1 Aug 1994, Jonathan Rochkind wrote: > > OK, so I want to enable the recieving of articles in conjunction with a > > censorship service. I guess the way to do this is a sig. of the article > > Lets get the tools of crypto out there in advance. > How is crypto involved? You want to have everything arrive at your site > encrypted, and only be able to decrypt the stuff that you are permitted Strawman. I am talking about OTHER information PROVIDED by CENSORS. There is nothing mandatory here, I am talking about geting a service out there so that they can buy it. > by the censor to read? Why bother, why not just only send stuff to your site > that the censor permits you to read? If you don't want your entire site censored, but just want particular readers at your site to be censored, then the > sysadmin should just set something up so users are only allowed to read > what the censor has allowed that user to read. I dont' see how crypto > comes into it at all. Secure exchange of information. I Was thinking about something like this.
{sig of article number with key} ... A whole list that could be mailed to fundies, muslums, or kinky people saying "this is good/evil information"(for them) fufilling there need for self-censorship, and at the same time making money, as you only give out monthly keys.:-) Berzerk. From cme at tis.com Mon Aug 1 11:00:51 1994 From: cme at tis.com (Carl Ellison) Date: Mon, 1 Aug 94 11:00:51 PDT Subject: GAK Message-ID: <9408011759.AA14547@tis.com> My mother (an English major) raised me to be very careful about language. The gov't's use of the word "escrow" for key registration is as offensive to me now as it was in April of 93 -- perhaps more so, through repetition. I've decided to use the term GAK (Government Access to Keys) as my name for the real issue here -- and let "escrow" stand for the act of doing something for me (cf., the dictionary definition). (Besides, GAK has onomatopoeic value. :-) Anyone care to join me? - Carl From jamesd at netcom.com Mon Aug 1 11:00:53 1994 From: jamesd at netcom.com (James A. Donald) Date: Mon, 1 Aug 94 11:00:53 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <3147@aiki.demon.co.uk> Message-ID: <199408011800.LAA26048@netcom8.netcom.com> Jim Dixon writes > I did not send any message using the remailer and I would be grateful > if the account were killed. Is everybody on the cypherpunks list > getting this sort of harassment or is it just me? Yes. Everyone. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From paul at hawksbill.sprintmrn.com Mon Aug 1 11:20:30 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Mon, 1 Aug 94 11:20:30 PDT Subject: GAK In-Reply-To: <9408011759.AA14547@tis.com> Message-ID: <9408011923.AA25108@hawksbill.sprintmrn.com> > > My mother (an English major) raised me to be very careful about language. > > The gov't's use of the word "escrow" for key registration is as offensive to > me now as it was in April of 93 -- perhaps more so, through repetition. > > I've decided to use the term > > GAK > > (Government Access to Keys) > > as my name for the real issue here -- and let "escrow" stand for the act > of doing something for me (cf., the dictionary definition). (Besides, GAK > has onomatopoeic value. :-) > > Anyone care to join me? > Sorry, can't. GAK (tm) is already trademarked by Nickelodeon for that nice, slimy green stuff that my kids manage to get into the carpet. ,-) - paul From sameer at c2.org Mon Aug 1 11:24:25 1994 From: sameer at c2.org (sameer) Date: Mon, 1 Aug 94 11:24:25 PDT Subject: Soda.Berekely Mailer Up...Or Down??? In-Reply-To: Message-ID: <199408011822.LAA06414@infinity.c2.org> > > Is the remailer at soda.berkeley up now? I've had a couple of messages > returned from that site saying it was down or something. If you would actually *read* the deferral messages you received, they would have told you that the UCB CS Department is moving to a new building and a number of cs computers (including soda.csua.berkeley.edu) will be down for a few days, and mail directed to that computer will be held on campus until the computer is back up for delivery in a few days. -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-841-0909 http://www.c2.org (or login as "guest") sameer at c2.org From perry at imsi.com Mon Aug 1 11:30:53 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 1 Aug 94 11:30:53 PDT Subject: Lawsuits Against PKP In-Reply-To: <9408011547.AA22209@toad.com> Message-ID: <9408011830.AA08636@snark.imsi.com> smb at research.att.com says: > Two lawsuits were recently filed in federal court, northern district > of Calif, which may cripple Public Key Partners. > > Cylink v. RSA Data Security, C-94-02332-CW, June 30, 1994, San Fran. > It alleges that the RSA patent is invalid. RSA Data had denied Cylink > a patent license. > > This one is really fascinating -- Cylink is one of the owners of PKP, along > with RSADSI... "Owners" is not strictly speaking the case -- they are a partner in PKP. Since the PKP partnership agreement is secret (or at least I am told it is secret), it is impossible to determine precisely what the rules of the partnership are, but I had assumed that free cross licensing had been part of it. I believe that Cylink has used RSA as part of various security products in the past, so they appear to have *HAD* a license. If Bruce has access to the exact language in the suit, it would be of interest to hear what it says. (Since the court papers are all public domain, perhaps a person with a scanner might want to put them on line...) Perry From jrochkin at cs.oberlin.edu Mon Aug 1 11:39:59 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Mon, 1 Aug 94 11:39:59 PDT Subject: Labeling Usenet articles. Message-ID: <199408011839.OAA08892@cs.oberlin.edu> > No, I think he's essentially talking about a 'secure' moderated newsgroup. > That is, the moderator(s) would sign each 'authorised' message with a > special key, and the newsreader would verify that it was signed by a Ah, now I understand, thanks. Actually, now that I see what you're getting at, this _does_ seem like a good idea. I think moderated newsgroups can be useful in some circumstances (sure, including a fundie newsgroup), and it would be nice to have a cryptographically secure system of doing this, that cant' be easily circumvented like the present one. And I agree that scripts using PGP do seem capable of doing this, rather then writing some new software. This actually is quite a good idea. From perry at imsi.com Mon Aug 1 11:48:51 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 1 Aug 94 11:48:51 PDT Subject: Labeling Usenet articles. In-Reply-To: <199408011839.OAA08892@cs.oberlin.edu> Message-ID: <9408011846.AA08709@snark.imsi.com> Anyone interested in using PGP with netnews, or with E-Mail in the long run, should be looking at the new internet drafts on security multipart extensions to MIME. Perry Jonathan Rochkind says: > > No, I think he's essentially talking about a 'secure' moderated newsgroup. > > That is, the moderator(s) would sign each 'authorised' message with a > > special key, and the newsreader would verify that it was signed by a > > Ah, now I understand, thanks. Actually, now that I see what you're getting > at, this _does_ seem like a good idea. I think moderated newsgroups can > be useful in some circumstances (sure, including a fundie newsgroup), and > it would be nice to have a cryptographically secure system of doing this, > that cant' be easily circumvented like the present one. > > And I agree that scripts using PGP do seem capable of doing this, rather then > writing some new software. This actually is quite a good idea. From rah at shipwright.com Mon Aug 1 11:52:04 1994 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 1 Aug 94 11:52:04 PDT Subject: GAK Message-ID: <199408011850.OAA02292@zork.tiac.net> At 2:23 PM 8/1/94 -0500, Paul Ferguson wrote: >Sorry, can't. GAK (tm) is already trademarked by Nickelodeon for that >nice, slimy green stuff that my kids manage to get into the carpet. ,-) I believe you'll find that substance in the OED under: "GACK, n., 1.) putrid excrescence used as a visual emetic for prepubescent american television viewers. 2.) a rational human's response to american republican platform planks regarding abortion since 1980, 3.) the sound made when civil libertarians contemplate any cryptographic scheme using government access to keys (see GAK)" Cheers, Robert Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From merriman at metronet.com Mon Aug 1 12:14:15 1994 From: merriman at metronet.com (David Merriman) Date: Mon, 1 Aug 94 12:14:15 PDT Subject: GAK In-Reply-To: <9408011923.AA25108@hawksbill.sprintmrn.com> Message-ID: <199408011912.AA15566@metronet.com> > > > > > > My mother (an English major) raised me to be very careful about language. > > > > The gov't's use of the word "escrow" for key registration is as offensive to > > me now as it was in April of 93 -- perhaps more so, through repetition. > > > > I've decided to use the term > > > > GAK > > > > (Government Access to Keys) > > > > as my name for the real issue here -- and let "escrow" stand for the act > > of doing something for me (cf., the dictionary definition). (Besides, GAK > > has onomatopoeic value. :-) > > > > Anyone care to join me? > > > > > Sorry, can't. GAK (tm) is already trademarked by Nickelodeon for that > nice, slimy green stuff that my kids manage to get into the carpet. ,-) > > How 'bout GIC (Gov't Interference with Crypto)? or Federal Usage of Keys? Dave Merriman From solman at MIT.EDU Mon Aug 1 12:35:56 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Mon, 1 Aug 94 12:35:56 PDT Subject: "Just say 'No' to key escrow." In-Reply-To: <9408011509.AA28632@marvin.jta.edd.ca.gov> Message-ID: <9408011935.AA13714@ua.MIT.EDU> > on Fri, 29 Jul 1994 22:32:25 -0400 (EDT) solman at MIT.EDU wrote: > > Jesus people are paranoid. I happen to be of the opinion that A) if escrow > As a member of the "religious right", I am *NOT* paranoid (at least any more > so than most members of this list :-). I do make an attempt to screen the > media my children have access to. I do NOT advocate "sequestering" nor do I > support ANY governmental censorship. Hey, don't complain to me. I'm the one whose toiling away 12 hours a day on a system which amongst other things will either: A) Teach your children to be first rate hackers or B) give you as much control as you want over what they get off of the net. JWS From cme at tis.com Mon Aug 1 12:45:20 1994 From: cme at tis.com (Carl Ellison) Date: Mon, 1 Aug 94 12:45:20 PDT Subject: Lady Di's medical records In-Reply-To: <199408010722.AAA01452@netcom7.netcom.com> Message-ID: <9408011944.AA27883@tis.com> >Date: Mon, 1 Aug 1994 00:22:06 -0700 >From: shamrock at netcom.com (Lucky Green) >Subject: Re: Lady Di's medical records >I personally know individuals that are avoiding medical care because of >concerns about confidentiality. It seems the loopholes are extending. >Patient records stay around for years. Who knows what the requirements will >be five years from now? It would not surprise me if individuals who have >been seeking drug treatment within the last, say, five years would have to >be reported to the Klinton Kommunal Kare agency. Then there are security clearances --- "Answers to questions in items 18 through 22 are NOT limited to the last 5, 10 or 15 years, but pertain to your entire life. (See DEATILED INSTRUCTIONS.) [...] "20. DRUG/ALCOHOL USE AND MENTAL HEALTH ("YES" answers must be explained in accordance with DETAILED INSTRUCTIONS.) "a. Have you ever tried or used or possessed any narcotic (to include herion or cocaine), depressant (in include quaaludes), stimulant, hallucinogen (to include LSD or PCP), or cannabis (to include marijuana or hashish), or any mind-altering substance (to include glue or paint), even one-time or on an experimental basis, except as prescribed by a licensed physician? ... "e. Have you ever been treated for a mental, emotional, psychological or personality disorder/condition/problem? "f. Have you ever consulted or been counseled by any mental health professional?" ---------- in the DETAILED INSTRUCTIONS ---------------- "e and f. Mental Health. If 'Yes" is answered to either e or f, provide, in item 14 [an empty box], the following information: o Exact problem (including name of disorder, if known) o Name and address of primary physician, therapist, counselor, or other mental health professional who treated you of from whom you received counseling. o Date(s) of treatment/counseling. o If treatment/counseling is still continuing, so indicate and provide frequency of visits. o Name and address of any hospital, clinic, and/or agency where treated/counseled as an in-patient. o Date(s) of hospitalization and/or in-patient treatment/counseling." ============================================================================== Clearly, to aid all those joining the military and otherwise getting a security clearance, it would help to have all citizens' central gov't health-care database contain all these details, so that when you fill out your security clearance forms, you can just hand over your health-care smart-card giving them access to the whole database. Right? Who are we to make life hard for those dedicated, young Americans who have to go through all this work? - Carl From mpd at netcom.com Mon Aug 1 12:48:06 1994 From: mpd at netcom.com (Mike Duvos) Date: Mon, 1 Aug 94 12:48:06 PDT Subject: GAK In-Reply-To: <199408011912.AA15566@metronet.com> Message-ID: <199408011948.MAA21123@netcom16.netcom.com> > or Federal Usage of Keys? Shouldn't that be "Federal Usage of Cryptographic Keys"? (learning to hate 1200 baud) -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From cme at tis.com Mon Aug 1 12:52:01 1994 From: cme at tis.com (Carl Ellison) Date: Mon, 1 Aug 94 12:52:01 PDT Subject: GAK In-Reply-To: <199408011912.AA15566@metronet.com> Message-ID: <9408011950.AA29270@tis.com> >How 'bout GIC (Gov't Interference with Crypto)? >or Federal Usage of Keys? Clearly -- Federal Usage of Citizens' Keys From solman at MIT.EDU Mon Aug 1 12:52:03 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Mon, 1 Aug 94 12:52:03 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <3147@aiki.demon.co.uk> Message-ID: <9408011950.AA13959@ua.MIT.EDU> > > You have sent a message using the anonymous contact service. > > You have been allocated the code name an118905. > ... and so forth > > I did not send any message using the remailer and I would be grateful > if the account were killed. Is everybody on the cypherpunks list > getting this sort of harassment or is it just me? me too, me too, but I don't use anonymous remailers anyway. From paul at hawksbill.sprintmrn.com Mon Aug 1 13:05:32 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Mon, 1 Aug 94 13:05:32 PDT Subject: GAK In-Reply-To: <199408011948.MAA21123@netcom16.netcom.com> Message-ID: <9408012107.AA25934@hawksbill.sprintmrn.com> > > > or Federal Usage of Keys? > > Shouldn't that be "Federal Usage of Cryptographic Keys"? > I like it. - paul From doug at OpenMind.com Mon Aug 1 13:09:46 1994 From: doug at OpenMind.com (Doug Cutrell) Date: Mon, 1 Aug 94 13:09:46 PDT Subject: GAK Message-ID: >>How 'bout GIC (Gov't Interference with Crypto)? >>or Federal Usage of Keys? > >Clearly -- > > Federal Usage of Citizens' Keys OK, one more: CRyptographic Access Police Doug From jamiel at sybase.com Mon Aug 1 13:10:05 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Mon, 1 Aug 94 13:10:05 PDT Subject: Children and the Net Message-ID: <9408012006.AB23396@ralph.sybgate.sybase.com> At 7:49 PM 07/31/94 -0400, Perry E. Metzger wrote: >I find this trend among cypherpunks, who are SUPPOSED to be defenders >of diversity and freedom, rather odd. I would have expected people to >limit themselves to calmly stating that Mr. Zooks should find another >way to accomplish the goal of raising his children free from >influences he dislikes. Instead they seem to have taken it upon >themselves to decide whether or not his religion or personality >requires realignment, and some have, yes, even gone so far as to >suggest that he doesn't know how to raise his own kids. I think this is almost a first- I *never* agree with Perry. I may have tons of opinions about any number of people fucking up thier kids' lives, but the day I find out that teaching a child a certain way is gonna get me in trouble is the day I move... And I will never have children. >Perry So... anyone up for a hot discussion of RSA? ;) -j -- "Blah Blah Blah" ___________________________________________________________________ Jamie Lawrence From schneier at chinet.chinet.com Mon Aug 1 13:16:03 1994 From: schneier at chinet.chinet.com (Bruce Schneier) Date: Mon, 1 Aug 94 13:16:03 PDT Subject: PKP/Cylink Lawsuit Message-ID: It is strange. Actually, Caro-Kann and RSADSI are partners, as Cylink apparently formed a subsidiary just to shelter themselves from the liability of being partners with Bidzos. Cylink has some RSA-based products, and Bidzos had formally threatened (in writing) a lawsuit claiming Cylink doesn't have an RSA license. Cylink claims Bidzos denied them a license, even though they have agreements which obligate him otherwise. It is unclear to me whether this is just a royalty dispute (ie Cylink wants a *free* license) or whether Bidzos doesn't want them in the RSA business. At any rate, they appear to be bitter enemies now. They have jeapordized all of their future patent royalties by going to court. Bruce From shamrock at netcom.com Mon Aug 1 13:25:02 1994 From: shamrock at netcom.com (Lucky Green) Date: Mon, 1 Aug 94 13:25:02 PDT Subject: Children and the Net Message-ID: <199408012025.NAA29946@netcom7.netcom.com> Berzerk wrote: > The search warrent talks about having guns and "clandestine" >*publications* and neve authorizes breaking into windows to serve a >NORMAL search warrent. > What kind of publications are we talking about? -- Lucky Green PGP public key by finger From berzerk at xmission.xmission.com Mon Aug 1 13:46:02 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Mon, 1 Aug 94 13:46:02 PDT Subject: Labeling Usenet articles. In-Reply-To: <199408011839.OAA08892@cs.oberlin.edu> Message-ID: On Mon, 1 Aug 1994, Jonathan Rochkind wrote: > And I agree that scripts using PGP do seem capable of doing this, rather then > writing some new software. This actually is quite a good idea. The main problem with this is size and access. I am actuall talking about a system where there is no moderation, or moderation does not stop the flow of information, but only modifies what you want to look at. This could also be used as a service to help people pick out usefull technical articles. You need to be able to get the article lists from ftp, mail, modem, or newsgroup, so that people can pay or not pay. Basically, this is support for meta-information. Berzerk. From berzerk at xmission.xmission.com Mon Aug 1 13:56:09 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Mon, 1 Aug 94 13:56:09 PDT Subject: Children and the Net In-Reply-To: <199408012025.NAA29946@netcom7.netcom.com> Message-ID: On Mon, 1 Aug 1994, Lucky Green wrote: > Berzerk wrote: > > The search warrent talks about having guns and "clandestine" > >*publications* and neve authorizes breaking into windows to serve a > >NORMAL search warrent. > What kind of publications are we talking about? Shotgun News, as one of them sold guns. It is like the computer shoper of guns. Do you have a guide to crypto hardware? Berzerk. From baum at apple.com Mon Aug 1 14:16:13 1994 From: baum at apple.com (Allen J. Baum) Date: Mon, 1 Aug 94 14:16:13 PDT Subject: Encrypted text illegal across US borders? Message-ID: <9408012111.AA22350@newton.apple.com> I've been told that it is illegal for us to transmit encrypted text to locations outside the borders of the US (i.e. sending email across the Atlantic that is encrypted). Is this true? ************************************************** * Allen J. Baum tel. (408)974-3385 * * Apple Computer, MS/305-3B * * 1 Infinite Loop * * Cupertino, CA 95014 baum at apple.com * ************************************************** From perry at imsi.com Mon Aug 1 14:31:36 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 1 Aug 94 14:31:36 PDT Subject: Encrypted text illegal across US borders? In-Reply-To: <9408012111.AA22350@newton.apple.com> Message-ID: <9408012129.AA09017@snark.imsi.com> Allen J. Baum says: > I've been told that it is illegal for us to transmit encrypted text to > locations outside the borders of the US (i.e. sending email across the > Atlantic that is encrypted). > > Is this true? No US laws prohibit transmitting encrypted text, although some kinds of text may be illegal to transmit, encrypted or non-encrypted. Other countries may have laws prohibiting the transport of encrypted text across THEIR borders, but the US isn't one. Perry From cme at tis.com Mon Aug 1 14:49:18 1994 From: cme at tis.com (Carl Ellison) Date: Mon, 1 Aug 94 14:49:18 PDT Subject: Encrypted text illegal across US borders? In-Reply-To: <9408012111.AA22350@newton.apple.com> Message-ID: <9408012148.AA09416@tis.com> >Date: Mon, 1 Aug 94 14:11:44 PDT >From: baum at apple.com (Allen J. Baum) >Subject: Encrypted text illegal across US borders? >I've been told that it is illegal for us to transmit encrypted text to >locations outside the borders of the US (i.e. sending email across the >Atlantic that is encrypted). > >Is this true? I'm no lawyer, but no, this is not true. (There are some foreign countries which take a dim view of encrypted traffic coming in, but the US has no laws against it.) Who told you this? - Carl From lrh at crl.com Mon Aug 1 14:50:02 1994 From: lrh at crl.com (Lyman Hazelton) Date: Mon, 1 Aug 94 14:50:02 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <3147@aiki.demon.co.uk> Message-ID: On Mon, 1 Aug 1994, Jim Dixon wrote: > > You have sent a message using the anonymous contact service. > > You have been allocated the code name an118905. > ... and so forth > > I did not send any message using the remailer and I would be grateful > if the account were killed. Is everybody on the cypherpunks list > getting this sort of harassment or is it just me? > -- > Jim Dixon > I, too have gotten a similar message, and only after sending my first message to the cypherpunks mailing list. I most certainly *DID NOT* send any message using the anonymous contact service and I DEFINITELY want that code name killed. I'll send the code number to Julf in a separate message. Jim, you are not alone! Lyman Finger lrh at crl.com for PGP 2.4 Public Key Block. From jgostin at eternal.pha.pa.us Mon Aug 1 14:57:50 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Mon, 1 Aug 94 14:57:50 PDT Subject: Philadelphia Enquirer Story on Clipper Message-ID: <940801133823e7Fjgostin@eternal.pha.pa.us> shamrock at netcom.com (Lucky Green) writes: >> She said the public was far more >> concerned with crime than*privacy.* > > It gives me the chills everytime I read that quote. I just can't get used to > it. Damn right you can't, because it starts a rather attrocious slippery slope. Sure, right now it's phone calls. Next, corner "papers please" checks. Finally, open random house checks, and thought police. Sorry, but I didn't elect Orwell to be god, er, president. Of course, I didn't elect Clinton either... --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From lrh at crl.com Mon Aug 1 15:09:42 1994 From: lrh at crl.com (Lyman Hazelton) Date: Mon, 1 Aug 94 15:09:42 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <9408011950.AA13959@ua.MIT.EDU> Message-ID: On Mon, 1 Aug 1994 solman at MIT.EDU wrote: > > > You have sent a message using the anonymous contact service. > > > You have been allocated the code name an118905. > > ... and so forth > > > > I did not send any message using the remailer and I would be grateful > > if the account were killed. Is everybody on the cypherpunks list > > getting this sort of harassment or is it just me? > > me too, me too, but I don't use anonymous remailers anyway. > No, and I don't either, but now someone else can use those accounts and LOOK like they are you or me (or anyone else here). Now suppose some twit decides to use one or more of those accounts to send threatening messages to the president or some other stupid thing... who are they going to come after, do you suppose? NOT a nice scenario! Lyman Finger lrh at crl.com for PGP 2.4 Public Key Block. From Richard.Johnson at Colorado.EDU Mon Aug 1 15:23:54 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Mon, 1 Aug 94 15:23:54 PDT Subject: Anonymous message failed (wrong password) (fwd) Message-ID: <199408012223.QAA21710@spot.Colorado.EDU> ------- Forwarded message: | From: daemon at anon.penet.fi | Date: Mon, 1 Aug 94 22:15:07 +0300 | Subject: Anonymous message failed (wrong password) | | The message you sent to the anonymous server could not be processed, as your | password (in the X-Anon-Password: header) didn't match the one stored in the | server. Either you have made a mistake, or somebody has used your account and | changed the password. If the latter is the case, please contact | admin at anon.penet.fi. Julf - You need to add something to that message. I made no mistake, and no-one has changed my password. I simply mailed to a mailing list that has an anXXXXX at penet.fi address subscribed. Your service is too insecure to notice :-), and automatically 'out's anyone who unknowingly posts to such a list. All someone has to do is subscribe via an anon ID, and via a non-anon ID, then compare messages to associate anon IDs with regular addresses. How about adding: "Either you mailed to a list to which an anonymous ID has been subscribed, you have made a mistake, or...." I'd also strongly suggest that you stop automatically allocating anon IDs for folks who don't mail directly to your service. Perhaps you could reduce the load on your machine (and increase user security) by sending directly to the bit-bucket any messages where the Sender: and From: headers don't at least come from the same domain? From adam at bwh.harvard.edu Mon Aug 1 15:31:30 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 1 Aug 94 15:31:30 PDT Subject: Labeling Usenet articles. In-Reply-To: Message-ID: <199408012229.SAA17999@duke.bwh.harvard.edu> Berzerk: | On Mon, 1 Aug 1994, Jonathan Rochkind wrote: | > And I agree that scripts using PGP do seem capable of doing this, rather then | > writing some new software. This actually is quite a good idea. | The main problem with this is size and access. I am actuall talking | about a system where there is no moderation, or moderation does not stop | the flow of information, but only modifies what you want to look at. | This could also be used as a service to help people pick out usefull | technical articles. | | You need to be able to get the article lists from ftp, mail, modem, or | newsgroup, so that people can pay or not pay. Carry the information with news. Either within each article (X-Christian-rating) or within a set of control groups for this information to flow in. If you want to charge for the information, encrypt it as it goes out. (300 bit rsa keys + des or blowfish would work well. The value of the information is probably low enough that thousands of MIPS years/month is more than it would cost to buy the keys.) Actually, encrypting it as it goes out has the potential to create huge gobs of information if the system has even a couple of hundered subscribers. Would it be feasable to use a shared key amongst groups of subscribers? Some sort of 'raise your hand while we count users' protocol? Distribution by site with clari* style rewards for turning in cheaters? Ok, maybe Bezerk is right, and we do need to have multiple transports available. But are there protocols which address this sort of broadcast only to subscriber systems that are cheap/easy to implement? How do the cable networks do pay per view? -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From jgostin at eternal.pha.pa.us Mon Aug 1 15:36:32 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Mon, 1 Aug 94 15:36:32 PDT Subject: GAK Message-ID: <940801180900C9Tjgostin@eternal.pha.pa.us> doug at OpenMind.com (Doug Cutrell) writes: > OK, one more: CRyptographic Access Police How about just calling it what it is: pure, unadulterated bullshit. From paul at hawksbill.sprintmrn.com Mon Aug 1 15:41:39 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Mon, 1 Aug 94 15:41:39 PDT Subject: Encrypted text illegal across US borders? In-Reply-To: <9408012111.AA22350@newton.apple.com> Message-ID: <9408012343.AA26730@hawksbill.sprintmrn.com> > > I've been told that it is illegal for us to transmit encrypted text to > locations outside the borders of the US (i.e. sending email across the > Atlantic that is encrypted). > > Is this true? > No. Not only is it not true, it would be virtually impossible to enforce were it actually true. You should slap the person who told you this with a yard stick. ,-) - paul From adam at bwh.harvard.edu Mon Aug 1 15:41:49 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 1 Aug 94 15:41:49 PDT Subject: Philadelphia Enquirer Story on Clipper Message-ID: <199408012241.SAA18016@duke.bwh.harvard.edu> Jeff Gostin: | Damn right you can't, because it starts a rather attrocious slippery | slope. Sure, right now it's phone calls. Next, corner "papers please" | checks. Finally, open random house checks, and thought police. Sorry, but | I didn't elect Orwell to be god, er, president. Of course, I didn't elect | Clinton either... Not that I'm a Clinton fan, but most of his orwellan proposals have been around, simmering, for a while. Both Clipper & Post Office national ID cards first came up under Bush. health ID cards are, of course, Hillary's. The problem is not any one particular idiot in office, but a strong public desire to give up a little freedom for a little security. My response to these concerns to to point out that we have one of the highest incarceration rates in the world right now, and more crime & problems than 15 years ago, when we had far, far fewer people in jail. Many, if not most of the people in jail, are there for selling drugs, often as a result of 'zero tolerance for pot.' (Interesting article on this, btw, in the current & upcoming issues of the Atlantic, titled 'Reefer Madness') reforming the laws so that violent criminals go to jail for longer than drug criminals should be pushed constantly. (Talking about *gasp* legalizing or decriminalizing drugs tends to be counter productive except with old style conservatives, far leftists, and libertarians.) Talking about violent v. non-violent crime often has better results in terms of opening peoples eyes. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From patrick at CS.MsState.Edu Mon Aug 1 15:43:18 1994 From: patrick at CS.MsState.Edu (Patrick G. Bridges) Date: Mon, 1 Aug 94 15:43:18 PDT Subject: Encryption in Fiction (DKM's _The Long Run_) Message-ID: <9408012242.AA05532@Walt.CS.MsState.Edu> As a sideline to all of this serious discussion: I was re-reading one of my favorite SF books the other day, Daniel Keys Moran's _The Long Run_ (published by Bantam, ~1989, now out of print, despite its popularity) and it has an interesting anecedote to the Clipper debate: In _The Long Run _(tLR), the Network on Earth is essentially uncontrolled despite the best efforts of the government because it was created without their direct control; it's creation was over and done with before they could get their nosy little fingers involved. Meanwhile, the Lunar network (separate from the Earth network becasue of the time it takes data to go from earth to the moon and back) is stricly controlled by the Lunar Information Network Key (LINK), an encryption system which monitors all traffic on the network and must approve all transactions. (Of course, all government transactions are "pre-approved"...) Sounds sort of cliiper-esque, eh? Of course, the hero of the book, Trent, doesn't like this system... :-) If I get a chance and there's the demand, I'll type in Moran's description of the LINK... Good reading if you can find it. -- *** Patrick G. Bridges patrick at CS.MsState.Edu *** *** PGP 2.6 public key available via finger or server *** *** PGP 2.6 Public Key Fingerprint: *** *** D6 09 C7 1F 4C 18 D5 18 7E 02 50 E6 B1 AB A5 2C *** *** #include *** From hayden at vorlon.mankato.msus.edu Mon Aug 1 15:53:04 1994 From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden) Date: Mon, 1 Aug 94 15:53:04 PDT Subject: GAK In-Reply-To: <199408011912.AA15566@metronet.com> Message-ID: On Mon, 1 Aug 1994, David Merriman wrote: > How 'bout GIC (Gov't Interference with Crypto)? > or Federal Usage of Keys? How about 'Big Brother.' ____ Robert A. Hayden <=> hayden at vorlon.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or anyone else, dammit -=-=-=-=-=-=-=- (GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++ j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++** From jamiel at sybase.com Mon Aug 1 16:20:52 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Mon, 1 Aug 94 16:20:52 PDT Subject: Anonymous code name allocated. // penet hack Message-ID: <9408012320.AA13591@ralph.sybgate.sybase.com> At 2:53 PM 08/01/94 -0700, Lyman Hazelton wrote: > No, and I don't either, but now someone else can use those accounts and >LOOK like they are you or me (or anyone else here). Now suppose some >twit decides to use one or more of those accounts to send threatening >messages to the president or some other stupid thing... who are they >going to come after, do you suppose? NOT a nice scenario! Looks like the perfect way to 'prove' the need for stamping out anonymous communications...Run a hack like this, turn it into a huge madia event, realize an innocent was falsely accused becuase of some psycho pervert computer geek, and push through your law. Slicker than Polly Klaas, and almost as good for re- election material (apologies to non-Californians). From sandfort at crl.com Mon Aug 1 16:26:27 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 1 Aug 94 16:26:27 PDT Subject: SALT LAKE CITY Message-ID: C'punks, Anyone on this channel live in or near Salt Lake City? I'm planning my trip across the continent, and I'm looking for a place to spend the night in the Salt Lake area. Any takers? S a n d y From mimir at io.com Mon Aug 1 16:46:09 1994 From: mimir at io.com (Al Billings) Date: Mon, 1 Aug 94 16:46:09 PDT Subject: Encryption in Fiction (DKM's _The Long Run_) In-Reply-To: <9408012242.AA05532@Walt.CS.MsState.Edu> Message-ID: On Mon, 1 Aug 1994, Patrick G. Bridges wrote: > In _The Long Run _(tLR), the Network on Earth is essentially uncontrolled > despite the best efforts of the government because it was created without their > direct control; it's creation was over and done with before they could get > their nosy little fingers involved. Meanwhile, the Lunar network (separate from > the Earth network becasue of the time it takes data to go from earth to the > moon and back) is stricly controlled by the Lunar Information Network Key > (LINK), an encryption system which monitors all traffic on the network and must > approve all transactions. (Of course, all government transactions are > "pre-approved"...) > > Sounds sort of cliiper-esque, eh? > > Of course, the hero of the book, Trent, doesn't like this system... :-) This is one of my favorite books as well.. You should have mentioned that Trent (the uncatchable) dislikes LINK so much that he STEALS it from under the nose of the government to free the Lunar network. No LINK, no monitoring and while the network is in chaos, the other hackers (players) and such can reorganize the system. -- Al Billings mimir at io.com http://io.com/user/mimir/asatru.html Nerd-Alberich Admin for Troth - The Asatru E-mail List Lord of the Nerd-Alfar Sysop of The Sacred Grove - (206)322-5450 Poetic-Terrorist Lodge-Master, Friends of Loki Society From merriman at metronet.com Mon Aug 1 17:02:59 1994 From: merriman at metronet.com (David K. Merriman) Date: Mon, 1 Aug 94 17:02:59 PDT Subject: GAK Message-ID: <199408020005.AA26995@metronet.com> >>>How 'bout GIC (Gov't Interference with Crypto)? >>>or Federal Usage of Keys? >> >>Clearly -- >> >> Federal Usage of Citizens' Keys > >OK, one more: CRyptographic Access Police > >Doug > Perhaps: Cryptographic Resource Available to Police ? Finger merriman at metronet.com for PGP2.6ui/RIPEM public keys/fingerprints. From paul at hawksbill.sprintmrn.com Mon Aug 1 17:03:20 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Mon, 1 Aug 94 17:03:20 PDT Subject: Encryption in Fiction (DKM's _The Long Run_) In-Reply-To: Message-ID: <9408020106.AA27181@hawksbill.sprintmrn.com> > > This is one of my favorite books as well.. You should have mentioned that > Trent (the uncatchable) dislikes LINK so much that he STEALS it from > under the nose of the government to free the Lunar network. No LINK, no > monitoring and while the network is in chaos, the other hackers (players) > and such can reorganize the system. > > -- > Al Billings mimir at io.com http://io.com/user/mimir/asatru.html > Nerd-Alberich Admin for Troth - The Asatru E-mail List > Lord of the Nerd-Alfar Sysop of The Sacred Grove - (206)322-5450 > Poetic-Terrorist Lodge-Master, Friends of Loki Society > > Man, you fucking science-fiction afectionados scare me. "Baaad things, man, Baaad things." ,-) - paul From jdwilson at gold.chem.hawaii.edu Mon Aug 1 18:05:36 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Mon, 1 Aug 94 18:05:36 PDT Subject: NYET to censors, REPOST In-Reply-To: <199407300507.WAA07462@netcom7.netcom.com> Message-ID: On Fri, 29 Jul 1994, Lucky Green wrote: > I am not sure if explaining this under my own name would be wise at this > point in time. Perhaps someone else would like to elaborate through a > remailer? > Does it require SCUBA gear? -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.4: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From hermes at selway.umt.edu Mon Aug 1 18:18:19 1994 From: hermes at selway.umt.edu (Christopher P Howard) Date: Mon, 1 Aug 94 18:18:19 PDT Subject: Please assist In-Reply-To: <199407292040.NAA22401@netcom9.netcom.com> Message-ID: Someone hacked me into this list, but I am no longer interested in this stuff. I never received anything instructional regarding how to remove myself from the list. Assistance would be appreciated. Thanks. !!!!!!!!!!!!!!!!!!!!!!!!!!FNORD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Tommy the cat is my name, /\ To achieve independence from alien domination And I say unto Thee: / \ and to consolidate revolutionary gains, five -----------------------/ MediaK \ steps are necessary: --------------------- From merriman at metronet.com Mon Aug 1 18:33:46 1994 From: merriman at metronet.com (David K. Merriman) Date: Mon, 1 Aug 94 18:33:46 PDT Subject: NYET to censors, REPOST Message-ID: <199408020136.AA10997@metronet.com> > >On Fri, 29 Jul 1994, Lucky Green wrote: > >> I am not sure if explaining this under my own name would be wise at this >> point in time. Perhaps someone else would like to elaborate through a >> remailer? >> > >Does it require SCUBA gear? No, but it does involve several small appliances, a notarized waiver of liability, 5 gallons of cooking oil, and the Dallas Cowboys Cheerleaders :-) Dave "You'd never guess I was in the Navy" Merriman Finger merriman at metronet.com for PGP2.6ui/RIPEM public keys/fingerprints. From yusuf921 at raven.csrv.uidaho.edu Mon Aug 1 19:13:14 1994 From: yusuf921 at raven.csrv.uidaho.edu (CatAshleigh) Date: Mon, 1 Aug 94 19:13:14 PDT Subject: The Terrorists are coming! In-Reply-To: <9407312127.AA24733@bilbo.suite.com> Message-ID: On Sun, 31 Jul 1994, Jim Miller wrote: > Today's broadcast of "The McClaughlin(sp?) Group" had a short segment > discussing the likelihood that terrorists will get and detonate a nuclear > device. first of all the only "muslim" (NOT ARAB, NO ARABS HAVE NUKES, the only country with nukes in the middle east is Israel) country with a nuclear program is pakistan, and they're years away from anything that could be stolen. second of all there are more deaths caused by lighting on golf courses, ask any insurance agency. some call it pork barrel, I call it consperasy theory to protray muslims as terroists. > The opinions of the five journalists varied from "not likely" to > "almost certain". At the end of the show, when the journalists are asked > to make their predictions, one of them said that due to the terrorist > threat, the US needs a larger and more powerful intelligence capability > that ever before. > > wonderful > > Jim_Miller at suite.com > -- Finger yusuf921 at raven.csrv.uidaho.edu for PGP public key 2.6ui GJ/GP -d+ H+ g? au0 a- w+++ v+(?)(*) C++++ U++1/2 N++++ M-- -po+ Y+++ - t++ 5-- j++ R b+++ D+ B--- e+(*) u** h* r+++ y? From rarachel at prism.poly.edu Mon Aug 1 19:55:11 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Mon, 1 Aug 94 19:55:11 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <3147@aiki.demon.co.uk> Message-ID: <9408020242.AA16016@prism.poly.edu> I didn't get any notices of being subscribed to penet.fi, so I guess not everyone on the cpunx list was hit. Either that or the mail daemon here found too much email in my mailbox and decided to digest the tuna or whatever the fuck message. From nobody at c2.org Mon Aug 1 20:07:31 1994 From: nobody at c2.org (Anonymous User) Date: Mon, 1 Aug 94 20:07:31 PDT Subject: Unknown Subject Message-ID: <199408020305.UAA03429@zero.c2.org> Cypherpunks in San Francisco/Bay Area? Are there any? Should I start one? E-Mail to , and I will start a group. This e-mail address will be good for 30 hours and will be terminated at 2230 HRS, 02AUG94 PDT. From rarachel at prism.poly.edu Mon Aug 1 20:07:40 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Mon, 1 Aug 94 20:07:40 PDT Subject: MS Escrow Message-ID: <9408020254.AA16162@prism.poly.edu> Folks, we should keep one thing in mind. Microsoft would love to be the ONE software monopoly whose applications are on every computer.. If this means kissing the NSA's fat ass, you can bet they will do so. However, they need to achieve goal #1 first, which means that if they piss off their users, they won't be able to do much, so the best thing to do is to tell them outright that we are against any such thing as a software escrow and that any attempt on their part to use anything but strong, uncompromised crypto will result in an instant boycott of >ALL< their products, and that we'd rather switch to Novell's DR DOS or OS/half before use MS Escrow. Now I realize that they are UNLIKELY to be volunteering to insert any sort of a escrow in any of their products, but knowing them, they'd probably rather use cheap encryption than pay licensing fees unless they can get more back. Remember, they run a business, they're not in the business of giving anything away to Uncle Sam or to Joe Bloe User. However we should still make our voice heard incase something will change in the future and the NSA would be twisting their arm. We should demand open crypto hooks to which we could attach PGP or anything we damn like. A simpl e fax sent to them from each of us will cause enough attention to make the point. I'm not advocating spamming MS's fax machines here. There are only 700 or so cpunx, and one fax each should be more than enough feedback for them to take the poinot, no? Anyone have a customer relations fax number? or a PR fax #? Now we should mention that we are aware that Ms Escrow is just speculation, but that we want MS to know that we are adamant enough to not take any such shit now, or ever. From rarachel at prism.poly.edu Mon Aug 1 20:23:25 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Mon, 1 Aug 94 20:23:25 PDT Subject: Lawsuits Against PKP In-Reply-To: Message-ID: <9408020310.AA16494@prism.poly.edu> If this article (the 270 page fax) is not-copyrighted by Kinko's, could someone put it up in some digitaly viable form on some anon ftp site? From mclow at san_marcos.csusm.edu Mon Aug 1 20:37:45 1994 From: mclow at san_marcos.csusm.edu (Marshall Clow) Date: Mon, 1 Aug 94 20:37:45 PDT Subject: Encryption in Fiction (DKM's _The Long Run_) Message-ID: How about a quote from Vernor Vinge's "True Names" (a must read for any cypherpunk, happily now back in print): "Like most folks, honest citizens or warlocks, he had no trust for the government standard encryption routines, but preferred the schemes that had leaked out of academia -- over the NSA's petulant objections -- over the last fifteen years". This from a book that was published in 1981. Marshall Clow Aladdin Systems mclow at san_marcos.csusm.edu From rarachel at prism.poly.edu Mon Aug 1 20:39:21 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Mon, 1 Aug 94 20:39:21 PDT Subject: What kind of encryption to incorporate? In-Reply-To: Message-ID: <9408020326.AA16906@prism.poly.edu> > ... well almost. It's trivial to write a program that extracts the LSB's > from a GIF file and then determine their randomness. Truly random data > gives away the presence of an encrypted file. The solution is to choose > the LSB's that you alter according to the output from a decent random > number generator so that each LSB has a probability of being altered. Take a look at WNSTORM (WNS210.ZIP) which contains the WNINJECT program. It, along with WNSTORM can be used to build a decent steganography system that makes use of existing LSB's to hide the presence of stego. If you like, feel free to build a GIF module for it. (WNINJECT uses PCX right now and I haven't had the time to mess with GIFs.) If you guys are seriously interested, I'm more than willing to lend a hand. You can certainly use WNSTORM and it's tools to build something better (as long as you give me some credit for the original work. :-) Basically you first use WNINJECT to extract the LSB's out of a PCX image, then you feed those LSB's into WNSTORM which encrypts into them but leaves most of them untouched and doctors some of the bits against statistical analysis) then you take the output from WNSTORM and WNINJECT's it back into the PCX giving you a stegoe'd image that closely matches the original and which is hard to detect that it has a change unless you have the original. From Jacob.Levy at Eng.Sun.COM Mon Aug 1 20:52:16 1994 From: Jacob.Levy at Eng.Sun.COM (Jacob Levy) Date: Mon, 1 Aug 94 20:52:16 PDT Subject: The Terrorists are coming! In-Reply-To: Message-ID: <9408020355.AA25053@burgess.Eng.Sun.COM> Hi Yusuf I don't recall the Jim's article mentioning "muslim" terrorists specifically. Or are only "muslims" terrorist in your book? :-) --JYL CatAshleigh writes: > > On Sun, 31 Jul 1994, Jim Miller wrote: > > > Today's broadcast of "The McClaughlin(sp?) Group" had a short segment > > discussing the likelihood that terrorists will get and detonate a nuclear > > device. > > first of all the only "muslim" (NOT ARAB, NO ARABS HAVE NUKES, the only > country with nukes in the middle east is Israel) country > with a nuclear program is pakistan, and they're years away from anything > that could be stolen. > > second of all there are more deaths caused by lighting on golf courses, > ask any insurance agency. > > some call it pork barrel, I call it consperasy theory to protray muslims > as terroists. > > > The opinions of the five journalists varied from "not likely" to > > "almost certain". At the end of the show, when the journalists are asked > > to make their predictions, one of them said that due to the terrorist > > threat, the US needs a larger and more powerful intelligence capability > > that ever before. > > > > wonderful > > > > Jim_Miller at suite.com > > > > -- > Finger yusuf921 at raven.csrv.uidaho.edu for PGP public key 2.6ui > GJ/GP -d+ H+ g? au0 a- w+++ v+(?)(*) C++++ U++1/2 N++++ M-- -po+ Y+++ > - t++ 5-- j++ R b+++ D+ B--- e+(*) u** h* r+++ y? > From yusuf921 at raven.csrv.uidaho.edu Mon Aug 1 21:24:42 1994 From: yusuf921 at raven.csrv.uidaho.edu (CatAshleigh) Date: Mon, 1 Aug 94 21:24:42 PDT Subject: The Terrorists are coming! In-Reply-To: <9408020355.AA25053@burgess.Eng.Sun.COM> Message-ID: On Mon, 1 Aug 1994, Jacob Levy wrote: > Hi Yusuf > > I don't recall the Jim's article mentioning "muslim" terrorists > specifically. Or are only "muslims" terrorist in your book? :-) > The only other people who are called terroist are the IRA, and I don't see the FBI scrambling to protect Great Britian's consulet in DC when a car bomb goes off in London I'd rather respond to anything further on this thread by e-mail rather then spam the Cypher mailing list. - Finger yusuf921 at raven.csrv.uidaho.edu for PGP public key 2.6ui Duct tape is like the force. It has a light side, and a dark side, and it holds the universe together ... -- Carl Zwanzig From M.Gream at uts.EDU.AU Mon Aug 1 21:40:07 1994 From: M.Gream at uts.EDU.AU (Matthew Gream) Date: Mon, 1 Aug 94 21:40:07 PDT Subject: Keystone Kops suck up Internet traffic Message-ID: <9408020442.AA27475@acacia.itd.uts.EDU.AU> *laugh* The following was forwarded to me from aarnet-contacts at aarnet.edu.au, a mailing list for organisations connected to AARNet (Australian Academic and Research Network) -- the local Internet -- which provides our gateway to the world. fyi: The AFP (Australian Federal Police) currently have a machine on the network, and have for some time, it has no DNS records but its registered domain is in the NIC. [..] Recently, Geoff Huston wrote: > It would appear that through a problem in routing configurations (and a > basic issue with routing capability on the site) there is a backdoor > between the State Computing Systems of Tas, SA and NT. This backdoor is > via a network operated by the Australian Federal Police, This backdoor > however is configured with packet filters which although it allows > routing, it traps and kill all consequent transit traffic. So what we > are now talking about is a black hole which uses a sufficiently low > metric that transit traffic will not use AARNet even though AARNet > connectivity is available. [..] Matthew. -- Matthew Gream -- Consent Technologies, (02) 821-2043 Disclaimer: I'm only a student at UTS, and don't represent them. From khijol!erc at apple.com Mon Aug 1 23:09:28 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Mon, 1 Aug 94 23:09:28 PDT Subject: Children and the Net In-Reply-To: <9408011231.AA08947@vail.tivoli.com> Message-ID: > Mike Duvos writes: > > Had it not been for the fact that having children covered with > > scars, welts, and bruises is not considered child abuse in the > > state of Texas, > > I know it's chic to refer to Texas as the last bastion of barbarian > living, but I'd like to see some citation for the above if you really > believe it's true. Note also that I've heard tell kids get beat up in > other states too, though that might just be rumor. I'd like to throw my $0.02 into this, too. I've lived in Texas for most of my life, and I can assure you that what Mike Duvos says is most certainly *not* true! -- Ed Carp, N7EKG/VE3 ecarp at netcom.com, Ed.Carp at linux.org "What's the sense of trying hard to find your dreams without someone to share it with, tell me, what does it mean?" -- Whitney Houston, "Run To You" From khijol!erc at apple.com Mon Aug 1 23:16:08 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Mon, 1 Aug 94 23:16:08 PDT Subject: The Terrorists are coming! In-Reply-To: Message-ID: > On Sun, 31 Jul 1994, Jim Miller wrote: > > > Today's broadcast of "The McClaughlin(sp?) Group" had a short segment > > discussing the likelihood that terrorists will get and detonate a nuclear > > device. > > first of all the only "muslim" (NOT ARAB, NO ARABS HAVE NUKES, the only > country with nukes in the middle east is Israel) country > with a nuclear program is pakistan, and they're years away from anything > that could be stolen. True, but only because they haven't gotten their hands on any yet. It is well known in certain international arms circles that Kadaffi or Hussein would absolutely *love* to have their own means of producing nuclear weapons. And they aren't alone. > some call it pork barrel, I call it consperasy theory to protray muslims > as terroists. I don't think so. Most of the world's terrorists (with the exception of the IRA and a handful of others) are recruited and trained by folks in the Middle East. It may be true that they have gotten more than their share of publicity in the past, but the fact remains - the Middle East is *the* training ground for that sort of thing, and there isn't a fundamentalist over there who wouldn't like to shove a suitcase nuke up Bill's ass. Haven't you heard? America *is* THE ENEMY to a majority of the folks over in that part of the world. If you don't believe me, travel to that part of the world carrying an American passport and see what happens. -- Ed Carp, N7EKG/VE3 ecarp at netcom.com, Ed.Carp at linux.org "What's the sense of trying hard to find your dreams without someone to share it with, tell me, what does it mean?" -- Whitney Houston, "Run To You" From jgostin at eternal.pha.pa.us Tue Aug 2 00:50:47 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Tue, 2 Aug 94 00:50:47 PDT Subject: Philadelphia Enquirer Story on Clipper Message-ID: <940802022145Y0Vjgostin@eternal.pha.pa.us> Adam Shostack writes: > Not that I'm a Clinton fan, but most of his orwellan proposals > have been around, simmering, for a while. Both Clipper & Post Office > national ID cards first came up under Bush. health ID cards are, of > course, Hillary's. That's very true. The fact that they have been simmering is one thing. Clinton's administration wants to raise the heat and boil the issue. Just like every tax payer bears the burden of debt for every taxpayer before him, so too does every politician bear the burden of the old ideas he proposes as new ones. > The problem is not any one particular idiot in office, but a > strong public desire to give up a little freedom for a little > security. And it's funny: When phrased that way, most people see little SECURITY, and ignore the first half. When phrased as "A little security only costs a little freedom", all of a sudden, people are up in arms. *sigh* --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From albright at scf.usc.edu Tue Aug 2 01:55:36 1994 From: albright at scf.usc.edu (Julietta) Date: Tue, 2 Aug 94 01:55:36 PDT Subject: The Infamous 'Sue D. Nym' Spam In-Reply-To: <199407200005.RAA01838@zero.c2.org> Message-ID: <199408020850.BAA17572@nunki.usc.edu> Uuh.. just wanted to say that I as a woman have posted in the past quite a few times to cypherpunks, and I must say that the guys here have all been very respectful and kind to me. No problem at all. ::shrug:: Oh well- I guess everyone always has their own experience of life on the Net. Just don't be too quick to call these guys anti-woman just because there aren't many women here. It is pretty typical of the Net to have men outnumbering women by up to 30 to 1. :) Ciao, Julie ___________________________________________________________________________ Julie M. Albright Sociologist/ Net Scholar University of Southern California albright at usc.edu From a.brown at nexor.co.uk Tue Aug 2 01:56:53 1994 From: a.brown at nexor.co.uk (Andrew Brown) Date: Tue, 2 Aug 94 01:56:53 PDT Subject: Steganography (Was Re: What kind of encryption to incorporate?) In-Reply-To: <9408020326.AA16906@prism.poly.edu> Message-ID: On Mon, 1 Aug 1994, Arsen Ray Arachelian wrote: > Take a look at WNSTORM (WNS210.ZIP) which contains the WNINJECT program. > It, along with WNSTORM can be used to build a decent steganography system > that makes use of existing LSB's to hide the presence of stego. If you > like, feel free to build a GIF module for it. (WNINJECT uses PCX right now > and I haven't had the time to mess with GIFs.) I've seen it. I'm the guy that wrote s-tools (available from ftp.dsi.unimi.it). My package will hide files in GIFs, BMPs and WAVs, using the probabalistic method that I described, and using decent (but damn slow) quantization to reduce the original colour resolution. Built-in encryption methods are IDEA, DES, 3DES, MPJ2 (128, 256, 384, 512 bit keys) and NSEA. Operating modes are selectable from ECB, CBB, CFB, OFB and PCBC. If you are going to download it, make sure you get version 2. I'm currently on the look out for new steganography ideas (you might have seen the patches I wrote that allow files to be hidden in gzip compressed files). I thought of a load of obvious stuff like adding/not adding spaces at the end of lines of a text file, carefully choosing assembler instructions where two are available, etc. Has anyone got any more ideas? Regards, - Andy From frissell at panix.com Tue Aug 2 02:06:31 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 2 Aug 94 02:06:31 PDT Subject: In the news... Message-ID: <199408020906.AA17343@panix.com> "The FBI is examining his computer to uncover links to other people." Said of the Abortion Doctor slaying suspect. DCF From jdd at aiki.demon.co.uk Tue Aug 2 03:40:51 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 2 Aug 94 03:40:51 PDT Subject: The Terrorists are coming! Message-ID: <3294@aiki.demon.co.uk> In message CatAshleigh writes: > first of all the only "muslim" (NOT ARAB, NO ARABS HAVE NUKES, the only How do you know? > country with nukes in the middle east is Israel) country > with a nuclear program is pakistan, and they're years away from anything > that could be stolen. Ahem. Uzbekistan is Muslim, and is also the third or fourth largest nuclear power, and also is in a part of the world where there is a long tradition of ... how do I say it gently ... greasing the palm. I spent quite a while next door in Afghanistan and am familiar with the culture. A large part of the former USSR was Muslim and there were strategic and tactical nuclear weapons scattered all over the place (tactical weapons are used as mines, fired from artillery pieces, carried by short range missiles, and dropped from fighter bombers). If none of these is unaccounted for, it is a genuine miracle. Also, there has been quite a lot of press coverage here in the UK of the defector from Saudi Arabia who claims that (a) the Saudis backed both the Iraqi and the Pakistani nuclear programs and (b) the Saudis at least have some nuclear materials. > second of all there are more deaths caused by lighting on golf courses, > ask any insurance agency. Also not true. The total number killed directly and indirectly in Japan alone by atomic bombs is certainly over 100,000. I can't believe that that many people have been killed by lightning on golf courses! Then again, we are talking about elementary arithmetic. Yes, the probability of someone being killed by lightning on a golf course tomorrow is much much higher than that of the detonation of a nuclear weapon in a populated area. But when that nuclear weapon goes off, it's not going to be just one golfer that gets scorched. > some call it pork barrel, I call it consperasy theory to protray muslims > as terroists. Pork barrel? -- Jim Dixon From jdd at aiki.demon.co.uk Tue Aug 2 03:41:23 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 2 Aug 94 03:41:23 PDT Subject: The Terrorists are coming! Message-ID: <3296@aiki.demon.co.uk> In message CatAshleigh writes: > > > I don't recall the Jim's article mentioning "muslim" terrorists > > specifically. Or are only "muslims" terrorist in your book? :-) > > The only other people who are called terroist are the IRA, and I don't see > the FBI scrambling to protect Great Britian's consulet in DC when a > car bomb goes off in London Here in the UK we read about lots of terrorist groups, not just the IRA: ETA in Spain, Kurds (blew up someone in London a few months ago), Iranis (killed someone in Paris recently), Chchernians (spelling?? -- assasinated someone in London a couple of months ago), the Mafia, North Koreas (two separate events in the last few years, a hundred or so people killed each time), the Animal Liberation Front (blew up a bomb here in Bristol, injuring a baby), ... there are lots of them. Maybe you should subscribe to a London newspaper. -- Jim Dixon From perry at imsi.com Tue Aug 2 05:28:27 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 2 Aug 94 05:28:27 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <9408020242.AA16016@prism.poly.edu> Message-ID: <9408021227.AA09891@snark.imsi.com> Arsen Ray Arachelian says: > I didn't get any notices of being subscribed to penet.fi, so I guess not > everyone on the cpunx list was hit. Either that or the mail daemon here > found too much email in my mailbox and decided to digest the tuna or > whatever the fuck message. Much more likely that you already had a penet address and it was compromised. Perry From Rolf.Michelsen at delab.sintef.no Tue Aug 2 05:50:40 1994 From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen) Date: Tue, 2 Aug 94 05:50:40 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <9408021227.AA09891@snark.imsi.com> Message-ID: Perry E. Metzger says: > Arsen Ray Arachelian says: > > I didn't get any notices of being subscribed to penet.fi, so I guess not > > everyone on the cpunx list was hit. Either that or the mail daemon here > > found too much email in my mailbox and decided to digest the tuna or > > whatever the fuck message. > > Much more likely that you already had a penet address and it was > compromised. Well, I have never been assigned a penet id -- not now and not earlier. (I've only been on this account for almost a year, and my memory isn't *that* bad.) This probably rules out the "who cypherpunks" attack. But then I haven't posted much to this group -- perhaps, whoever he/she is, is more interested in frequent/recent posters? -- Rolf (who is wondering if this post will result in a penet id...) ---------------------------------------------------------------------- Rolf Michelsen "Nostalgia isn't what it Email: rolf.michelsen at delab.sintef.no used to be..." Phone: +47 73 59 87 33 ---------------------------------------------------------------------- From s009amf at discover.wright.edu Tue Aug 2 06:24:43 1994 From: s009amf at discover.wright.edu (Aron Freed) Date: Tue, 2 Aug 94 06:24:43 PDT Subject: New Threat on the Horizon: Software Key Escrow In-Reply-To: <199407261933.MAA17765@netcom8.netcom.com> Message-ID: On Tue, 26 Jul 1994, Timothy C. May wrote: > Here's the rub: > > * Suppose the various software vendors are "incentivized" to include > this in upcoming releases. For example, in 30 million copies of > Microsoft's "Chicago" (Windows 4.0) that will hit the streets early in > '95 (betas are being used today by many). > > * This solves the "infrastructure" or "fax effect" problem--key escrow > gets widely deployed, in a way that Clipper was apparently never going > to be (did any of you know _anybody_ planning to buy a "Surety" > phone?). > > (Why would _anyone_ ever use a voluntary key escrow system? Lots of > reasons, which is why I don't condemn key escrow automatically. > Partners in a business may want access under the right circumstances > to files. Corporations may want corporate encryption accessible under > emergencyy circumstances (e.g., Accounting and Legal are escrow > agencies). And individuals who forget their keys--which happens all > the time--may want the emergency option of asking their friends who > agreed to hold the key escrow stuff to help them. Lots of other > reasons. And lots of chances for abuse, independent of mandatory key escrow.) > > But there are extreme dangers in having the infrastructure of a > software key escrow system widely deployed. > > I can't see how a widely-deployed (e.g., all copies of Chicago, etc.) > "voluntary key escrow" system would remain voluntary for long. It > looks to me that the strategy is to get the infrastructure widely > deployed with no mention of a government role, and then to bring the > government in as a key holder. > > > I was the one who posted the Dorothy Denning "trial balloon" stuff to > sci.crypt, in October of 1992, six months before it all became real > with the announcement of Clipper. This generated more than a thousand > postings, not all of them useful (:-}), and helped prepare us for the > shock of the Clipper proposal the following April. > > I see this software-based key escrow the same way. Time to start > I was just reading through my mail when it hit me. If the NSA and the FBI want to put their software based key-escrow systems into software like Chicago, why don't we create pamphlets to send out to businesses and the people of the United States. In the pamphlet, there is a little glossary for some of the terms and acronyms used and explanation of the Govt. would like to do with Clipper Chip and YOUR phones and computers. Or we could try another route. Most radio stations and TV stations give groups free air time for public service anouncements. We could create videos about what we are talking about to make the public aware.... Aaron From mpd at netcom.com Tue Aug 2 06:28:56 1994 From: mpd at netcom.com (Mike Duvos) Date: Tue, 2 Aug 94 06:28:56 PDT Subject: Children and the Net In-Reply-To: Message-ID: <199408021329.GAA28106@netcom14.netcom.com> > > Mike Duvos writes: > > > Had it not been for the fact that having children covered with > > > scars, welts, and bruises is not considered child abuse in the > > > state of Texas, > > > > I know it's chic to refer to Texas as the last bastion of barbarian > > living, but I'd like to see some citation for the above if you really > > believe it's true. Note also that I've heard tell kids get beat up in > > other states too, though that might just be rumor. > > I'd like to throw my $0.02 into this, too. I've lived in Texas for most > of my life, and I can assure you that what Mike Duvos says is most certainly > *not* true! The behavior of the Branch Davidians towards their children is well documented, both by child welfare workers in Texas and by sworn testimony of former members. "I've lived in Texas and therefore none of this is true..." is neither relevant, accurate, nor compelling. The Branch Davidians were proclaimed "cleared" of charges of child abuse by Texas authorities in the presense of physical evidence which would have been considered abuse in most other states. Declaring that one has lived in Texas does not change any of this, nor does it change the well-documented statistics on corporal punishment in the Texas public school system, in which Texas is the nation's leader. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From s009amf at discover.wright.edu Tue Aug 2 06:40:28 1994 From: s009amf at discover.wright.edu (Aron Freed) Date: Tue, 2 Aug 94 06:40:28 PDT Subject: Questions about Microsoft and Software Key Escrow In-Reply-To: <199407281915.MAA13890@netcom10.netcom.com> Message-ID: On Thu, 28 Jul 1994, Timothy C. May wrote: > > I don't believe the folks at MS are lying--I believe they are telling > the truth as they see it. In fact, the paralegal guy told me a lot of > stuff about the possible justifications for SKE, the export issues > (Feds want SKE for exported products....don't ask me why), etc. He > thought, I guess, that this would _convince_ me that Microsoft's > motives were not evil--which I have never thought was the case, > ironically. Instead, he just confirmed to me via his arguments that > some kind of SKE scheme is being talked about, negotiated with one or > more federal agencies, and may or may not be planned for future > products. Here's another possibility.. We put out the word that we don't buy Chicago or any somftware that has SKE built in. KEep your old stuff or make your own operating system. I think most of the computer programmers could on joint effort create something better than what is on the market anyway. We live in a democracy. We should be telling those assholes in Washington DC how we want the country run, not them telling us that we need NIST. Who are they representing anyway??? Aaron From landmann at facstaff.wisc.edu Tue Aug 2 07:00:55 1994 From: landmann at facstaff.wisc.edu (Thomas Landmann) Date: Tue, 2 Aug 94 07:00:55 PDT Subject: Children and the Net Message-ID: <199408021356.IAA19569@audumla.students.wisc.edu> First of all, what does this have to do with crypto.. At 06:29 8/2/94 -0700, Mike Duvos wrote: >The behavior of the Branch Davidians towards their children is well >documented, both by child welfare workers in Texas and by sworn >testimony of former members. Apparently this is your (presently unsubstantiated) opinion. How about some references that don't involve ATF employee testimonys? >The Branch Davidians were proclaimed "cleared" of charges of child >abuse by Texas authorities in the presense of physical evidence which >would have been considered abuse in most other states. In many places, spanking a child (with restraint and compassion, as a parent) is considered child abuse, so I suppose this statement could be considered true. I am not alone, however, in my belief that corporal punishment is sometimes a necessary part of parenting. While I don't share the Davidians religious beliefs, I'd like to see more evidence that the ATF was justified in their assault. I'm not yet convinced. -Tom ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Thomas Landmann :: E-mail: landmann at facstaff.wisc.edu :: :: DoIT Network Systems Technology :: Compuserve: 76020,2055 :: :: 1210 W Dayton Street, Rm 4220 :: AX.25: N9UDL @ WD9ESU.#SCWI.WI.NOAM:: :: Office: 608.263.1650 :: Home: 608.277.1115 :: ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: >>> Waiting for "Chicago"? Try Linux *NOW* instead! <<< From danielce at ee.mu.oz.au Tue Aug 2 07:25:58 1994 From: danielce at ee.mu.oz.au (Daniel Carosone) Date: Tue, 2 Aug 94 07:25:58 PDT Subject: Questions about Microsoft and Software Key Escrow In-Reply-To: <199407281915.MAA13890@netcom10.netcom.com> Message-ID: <199408021436.AAA09246@anarres> Aron Freed writes: > Here's another possibility.. We put out the word that we don't buy > Chicago or any somftware that has SKE built in. KEep your old stuff or > make your own operating system. I think most of the computer programmers > could on joint effort create something better than what is on the market > anyway. An off-topic aside: this is already done. Check out the NetBSD and Linux projects sometime. NetBSD is about to release 1.0, the first fully-working unencumbered release of bsd 4.4 for several platforms. Linux is well known by now. I have both, they are far superior for my needs than any MS product. -- Dan. From mpd at netcom.com Tue Aug 2 07:30:54 1994 From: mpd at netcom.com (Mike Duvos) Date: Tue, 2 Aug 94 07:30:54 PDT Subject: Children and the Net In-Reply-To: <199408021356.IAA19569@audumla.students.wisc.edu> Message-ID: <199408021430.HAA02313@netcom14.netcom.com> > First of all, what does this have to do with crypto.. Absolutely nothing. > At 06:29 8/2/94 -0700, Mike Duvos wrote: > >The behavior of the Branch Davidians towards their children is well > >documented, both by child welfare workers in Texas and by sworn > >testimony of former members. > Apparently this is your (presently unsubstantiated) opinion. How about > some references that don't involve ATF employee testimonys? I wasn't aware that child welfare workers and former Branch Davidians were members of the ATF. > >The Branch Davidians were proclaimed "cleared" of charges of child > >abuse by Texas authorities in the presense of physical evidence which > >would have been considered abuse in most other states. > In many places, spanking a child (with restraint and compassion, as a > parent) is considered child abuse, so I suppose this statement could be > considered true. One mother reported that Koresh ordered her to spank her one year old baby with a wooden paddle and wouldn't let her stop until the child was bleeding. This was because the child had cried while Koresh was giving a sermon. I see no "restraint" or "compassion" here. > While I don't share the Davidians religious beliefs, I'd like to see more > evidence that the ATF was justified in their assault. The ATF was completely unjustified in their assault. That, of course, does not refute any of the charges that the Branch Davidians were not particularly nice to the younger members of their congregation. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From hfinney at shell.portal.com Tue Aug 2 07:32:33 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 2 Aug 94 07:32:33 PDT Subject: Steganography In-Reply-To: Message-ID: <199408021432.HAA23712@jobe.shell.portal.com> Andrew Brown writes: >I'm currently on the look out for new steganography ideas (you might have >seen the patches I wrote that allow files to be hidden in gzip compressed >files). I thought of a load of obvious stuff like adding/not adding >spaces at the end of lines of a text file, carefully choosing assembler >instructions where two are available, etc. Has anyone got any more ideas? One possibility would be to right-justify your text, as a few people like to do, then to tweak the algorithm for inserting spaces into lines to depend on the next bits of the embedded mes- sage. Generally, you have N spaces to insert into M word breaks. If M divides N, you don't have any choice, but otherwise you have N mod M "leftovers" to distribute among M. This would allow several bits per line. Hal From rfb at lehman.com Tue Aug 2 07:52:22 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Tue, 2 Aug 94 07:52:22 PDT Subject: Lawsuits Against PKP In-Reply-To: <199408011509.IAA23874@jobe.shell.portal.com> Message-ID: <9408021450.AA08017@fnord.lehman.com> Date: Mon, 1 Aug 1994 08:09:30 -0700 From: Hal schneier at chinet.chinet.com (Bruce Schneier) writes: >Schlafly v. Public Key Partners, C-94-20512-SW, July 27, 1994, San Jose. >It alleges that almost all of the PKP patent claims are invalid and >unenforceable. That makes my day. The name Schlafly sounds familiar (I don't mean Phyllis). Roger? Does anyone know a crypto person with this name? Well, FWIW, the woman who spends most of the year traveling around the country telling other women to stay home has gained at least a slight interest in crypto lately. The Phyllis Schlafly Report recently posted an announcement taking an anti-Clipper position and referring to an online `report' that they've prepared concerning Clipper. I didn't see anything to indicate that she'd be interested in going after PKP however, so Roger is probably a better guess. I have no idea whether Roger is her son or how similar their political ideas are. Rick From rfb at lehman.com Tue Aug 2 08:12:18 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Tue, 2 Aug 94 08:12:18 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: Message-ID: <9408021510.AA08249@fnord.lehman.com> Date: Tue, 2 Aug 1994 14:50:02 +0200 (MET DST) From: Rolf Michelsen Perry E. Metzger says: > Arsen Ray Arachelian says: > > I didn't get any notices > > likely that you already had a penet address and it was compromised. Well, I have never been assigned a penet id . . . . This probably rules out the "who cypherpunks" attack. If by "who cypherpunks" attack you mean that someone could be subscribed using an an*@anon.penet.fi, you most certainly cannot rule that out. an111447 at anon.penet.fi continues to be subscribed: Date: Tue, 2 Aug 94 07:58:00 PDT From: Majordomo at toad.com Subject: Majordomo results: who cypherpunks . . . an111447 at anon.penet.fi Perhaps someone could remove this address (or replace it with na111447 at anon.penet.fi) and/or get the anon.penet.fi administrator to beat on this person (electronically of course). Rick From nzook at math.utexas.edu Tue Aug 2 08:22:05 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 2 Aug 94 08:22:05 PDT Subject: "Anon" fake... Message-ID: <9408021519.AA26481@pelican.ma.utexas.edu> From jya at pipeline.com Tue Aug 2 08:27:24 1994 From: jya at pipeline.com (John Young) Date: Tue, 2 Aug 94 08:27:24 PDT Subject: Steganography (Was Re: What kind of encryption to incorporate?) Message-ID: <199408021526.LAA17483@pipe1.pipeline.com> Responding to msg by a.brown at nexor.co.uk (Andrew Brown) on Tue, 2 Aug 9:55 AM >Has anyone got any more ideas? Andy: Some features of CAD programs such as AutoCad may be useful for concealment. Want to discuss here or by e-mail? Caution: I'm crypto impaired, but quite devious advantaged. John From perry at imsi.com Tue Aug 2 08:28:38 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 2 Aug 94 08:28:38 PDT Subject: "Anon" fake... In-Reply-To: <9408021519.AA26481@pelican.ma.utexas.edu> Message-ID: <9408021528.AA10247@snark.imsi.com> nzook at fireant.ma.utexas.edu says: > Folks, we GOTTA do something about this... The obvious and simple fix is to put code into the Majordomo implementation to prevent the subscription of an*@anon.penet.fi (note -- this wouldn't prevent subscriptions as na*@anon.penet.fi). I've pointed this out before -- unfortunately, the list maintainers don't have time to do it. Maybe someone could volunteer to do the change? You'd have to talk to Eric Hughes about how to do the work. Perry From cactus at bb.com Tue Aug 2 09:00:52 1994 From: cactus at bb.com (L. Todd Masco) Date: Tue, 2 Aug 94 09:00:52 PDT Subject: Anonymous code name allocated. // penet hack Message-ID: <199408021604.MAA21569@bb.com> Rick: > Perhaps someone could remove this address (or replace it with > na111447 at anon.penet.fi) and/or get the anon.penet.fi administrator to > beat on this person (electronically of course). In addition to writing code, Cypherpunks can telnet to port 25. Toad.com's sendmail doesn't seem to do reverse lookups on the IP address. -- L. Todd Masco | Bibliobytes books on computer, on any UNIX host with e-mail cactus at bb.com | "Information wants to be free, but authors want to be paid." From berzerk at xmission.xmission.com Tue Aug 2 09:16:40 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Tue, 2 Aug 94 09:16:40 PDT Subject: Children and the Net In-Reply-To: <199408021430.HAA02313@netcom14.netcom.com> Message-ID: On Tue, 2 Aug 1994, Mike Duvos wrote: > One mother reported that Koresh ordered her to spank her one year > old baby with a wooden paddle and wouldn't let her stop until the > child was bleeding. This was because the child had cried while > Koresh was giving a sermon. I see no "restraint" or "compassion" here. I am very interested in this case. I have seen no such alligation. If you could be so kind as to post or send through private e-mail your source for this comment, I would be greatfull. Berzerk. From berzerk at xmission.xmission.com Tue Aug 2 09:19:17 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Tue, 2 Aug 94 09:19:17 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <9408021510.AA08249@fnord.lehman.com> Message-ID: On Tue, 2 Aug 1994, Rick Busdiecker wrote: > Perhaps someone could remove this address (or replace it with > na111447 at anon.penet.fi) and/or get the anon.penet.fi administrator to Sounds great. I think THIS LIST needs to take action like this. As far as I am concerned, mailing lists suck right now as there is almost no security. Someone can subscribe like this, they can subscribe someone else, or other things. Why hasn't he been yanked yet? Berzerk. From hughes at ah.com Tue Aug 2 09:55:52 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 2 Aug 94 09:55:52 PDT Subject: "Anon" fake... In-Reply-To: <9408021528.AA10247@snark.imsi.com> Message-ID: <9408021624.AA09621@ah.com> I've pointed this out before -- unfortunately, the list maintainers don't have time to do it. Maybe someone could volunteer to do the change? You'd have to talk to Eric Hughes about how to do the work. Hugh Daniel (hugh at toad.com) is the one who maintains the mailing list software on toad.com. Hugh is very busy, so don't pester him if you don't have something constructive. For the record, and to prevent future misunderstandings, I don't have root on toad.com. Eric From cactus at bb.com Tue Aug 2 10:02:49 1994 From: cactus at bb.com (L. Todd Masco) Date: Tue, 2 Aug 94 10:02:49 PDT Subject: Children and the Net Message-ID: <199408021705.NAA22137@bb.com> Am I the only one that's struck by the similarity between the propaganda about the Waco massacre and the propaganda preceding the Persion Gulf massacre? [For those who don't know, a good deal of the stories about Iraqi attrocities were totally manufactured. Read "Second Front" (author last name "Truman", I believe) for an account from a reporter's perspective of how the Pentagon manipluated stories and therefore public opionion] -- L. Todd Masco | Bibliobytes books on computer, on any UNIX host with e-mail cactus at bb.com | "Information wants to be free, but authors want to be paid." [Not obviously C'punk related, but it really is: we must understand the propaganda machine that the US government has working for it if we hope to oppose them successfully on crypto issues] From lrh at crl.com Tue Aug 2 10:18:54 1994 From: lrh at crl.com (Lyman Hazelton) Date: Tue, 2 Aug 94 10:18:54 PDT Subject: "Anon" fake... In-Reply-To: <9408021528.AA10247@snark.imsi.com> Message-ID: On Tue, 2 Aug 1994, Perry E. Metzger wrote: > > nzook at fireant.ma.utexas.edu says: > > Folks, we GOTTA do something about this... > > The obvious and simple fix is to put code into the Majordomo > implementation to prevent the subscription of an*@anon.penet.fi (note > -- this wouldn't prevent subscriptions as na*@anon.penet.fi). I've > pointed this out before -- unfortunately, the list maintainers don't > have time to do it. Maybe someone could volunteer to do the change? > You'd have to talk to Eric Hughes about how to do the work. > > Perry > Perry (and other c'punks), I don't think the mechanism employed by the hacker is using "who" at all. Rather, it is someone who is subscribed to the list and has a program which looks at the author of each message to see if it is someone already in their database. If it is someone new, it automatically sends a message for that person into the anon service. If not, it simply ignores the message. There are LOTS of silent listeners on the list and it could be ANY of them. Stoping this is not going to be easy. I don't suppose Julf at penet.fi would be interested in recording the name of the site where all these requests are originating? Any other ideas? Lyman Finger lrh at crl.com for PGP 2.4 Public Key Block. From tcmay at netcom.com Tue Aug 2 10:50:12 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 2 Aug 94 10:50:12 PDT Subject: Tuna fish spams a growing fact of life In-Reply-To: Message-ID: <199408021750.KAA26146@netcom12.netcom.com> Lyman Hazelton wrote: > a message for that person into the anon service. If not, it simply > ignores the message. There are LOTS of silent listeners on the list and > it could be ANY of them. Stoping this is not going to be easy. I don't > suppose Julf at penet.fi would be interested in recording the name of the > site where all these requests are originating? Any other ideas? > Stopping attacks like this will not be easy: * the attacker is using alt.test (as I recall) to report results...this is precisely the "anonymous pool" we argue for, for untraceability. * if he's as smart as I suspect, he's also bouncing the messages to penet through Cypherpunks-type remailers first. This makes it harder (a little harder now, with our fragile remailers, *much* harder someday) for Julf to "record the name of the site where all these requests are originating." The fragility of the Net exposes it to spamming attacks. And I think Julf agrees that a rewrite of the code at his site is overdue....he's mentioned this here, and is seeking donations. (Personally, I think the "volunteer" aspect is at fault here: tens of thousands of users use it for "free," while the software can't be rewritten or maintained adequately. Why not a commercial service? And the same arguments apply, as always, for the Cypherpunks model of remailers.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From perry at imsi.com Tue Aug 2 10:57:35 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 2 Aug 94 10:57:35 PDT Subject: "Anon" fake... In-Reply-To: Message-ID: <9408021756.AA10719@snark.imsi.com> Lyman Hazelton says: > Perry (and other c'punks), > > I don't think the mechanism employed by the hacker is using "who" at > all. The mechanism employed was obvious and simple -- someone subscribed an anXXX address to the list. Anyone looking at the subscription list can tell that, on their own. This technique has been used before. Perry From perry at imsi.com Tue Aug 2 11:01:50 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 2 Aug 94 11:01:50 PDT Subject: "Anon" fake... In-Reply-To: <9408021756.AA10719@snark.imsi.com> Message-ID: <9408021801.AA10751@snark.imsi.com> "Perry E. Metzger" says: > > Lyman Hazelton says: > > Perry (and other c'punks), > > > > I don't think the mechanism employed by the hacker is using "who" at > > all. > > The mechanism employed was obvious and simple -- someone subscribed an > anXXX address to the list. Anyone looking at the subscription list can > tell that, on their own. This technique has been used before. BTW, this is not to say that other techniques aren't being employed by others right now using alt.test -- I'm just refering to what happened last week on this mailing list... Perry From jamiel at sybase.com Tue Aug 2 11:03:07 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Tue, 2 Aug 94 11:03:07 PDT Subject: Schalfly's son (Was: Re: Lawsuits Against PKP) Message-ID: <9408021801.AB09523@ralph.sybgate.sybase.com> At 10:50 AM 08/02/94 -0400, Rick Busdiecker wrote: >I have no idea whether Roger is her son or how similar their political >ideas are. I forget her son's name, but I know that his views are almost diametric opposite of dear old mom's. He is gay and rather outspoken, and has been *very* critical of mum's family values trip. -j -- "Blah Blah Blah" ___________________________________________________________________ Jamie Lawrence From doug at OpenMind.com Tue Aug 2 11:03:38 1994 From: doug at OpenMind.com (Doug Cutrell) Date: Tue, 2 Aug 94 11:03:38 PDT Subject: Anonymous code name allocated. // penet hack Message-ID: Rick Busdiecker writes: >If by "who cypherpunks" attack you mean that someone could be >subscribed using an an*@anon.penet.fi, you most certainly cannot rule >that out. an111447 at anon.penet.fi continues to be subscribed... I just did a "who cypherpunks", and an111447 at anon.penet.fi has apparently been unsusbscribed as of 10:20 a.m. PST (not by me, though I considered it...) Doug ___________________________________________________________________ Doug Cutrell General Partner doug at OpenMind.com Open Mind, Santa Cruz =================================================================== From nzook at math.utexas.edu Tue Aug 2 11:05:19 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 2 Aug 94 11:05:19 PDT Subject: AA BBS Message-ID: <9408021802.AA27018@pelican.ma.utexas.edu> is back on line, according to hkhenson at cup.portal.com... From hayden at vorlon.mankato.msus.edu Tue Aug 2 11:42:17 1994 From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden) Date: Tue, 2 Aug 94 11:42:17 PDT Subject: AA BBS In-Reply-To: <9408021802.AA27018@pelican.ma.utexas.edu> Message-ID: On Tue, 2 Aug 1994 nzook at fireant.ma.utexas.edu wrote: > is back on line, according to hkhenson at cup.portal.com... How'd they manage that? I thought that Tenessee siezed all of the equipment and stuff. ____ Robert A. Hayden <=> hayden at vorlon.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or anyone else, dammit -=-=-=-=-=-=-=- (GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++ j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++** From berzerk at xmission.xmission.com Tue Aug 2 12:24:37 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Tue, 2 Aug 94 12:24:37 PDT Subject: "Anon" fake... In-Reply-To: Message-ID: On Tue, 2 Aug 1994, Lyman Hazelton wrote: > I don't think the mechanism employed by the hacker is using "who" at > all. Rather, it is someone who is subscribed to the list and has a > program which looks at the author of each message to see if it is someone > already in their database. If it is someone new, it automatically sends > a message for that person into the anon service. If not, it simply > ignores the message. There are LOTS of silent listeners on the list and > it could be ANY of them. Stoping this is not going to be easy. I don't Send out 9 barium messages, coded by the binary representation the number of the person sendig to, with 0 being no message. You have them. Berzerk. From pdn at msmail.dr.att.com Tue Aug 2 12:28:25 1994 From: pdn at msmail.dr.att.com (Philippe Nave) Date: Tue, 2 Aug 94 12:28:25 PDT Subject: Majordomo and Julf's remailer Message-ID: <2E3E9DE5@mspost.dr.att.com> Assumption: (maybe incorrect, but what the hell..) The trouble with having an anonymous penet subscriber on the list is due to the fact that cypherpunks messages appear to be 'from' the individual that posted the message as opposed to the list itself. Thus, when I post a message and it goes out to the list, it heads out to anxxx at penet.fi and generates an anon ID if I didn't have one before. If this is the case, is there any way to change the setup of the cypherpunks list on toad.com such that the list messages appear to be 'from' cypherpunks at toad.com instead of from the person who sent the message? If we got another anxxx subscriber, penet.fi would start seeing hundreds of messages from 'cypherpunks at toad.com' and probably generate an anonymous ID, but it wouldn't foul up the original poster. I'm not advocating majordomo code changes here; I just wonder if there's an option setting that could be tweaked in the cypherpunks list definition. I have been on mailing lists before where the traffic always appeared to be 'from' the list, and the only thing odd about it was that you had to CC: the author to send a direct reply. If this idea is all wet, so be it... it just occurred to me this morning. -Philippe From eichin at paycheck.cygnus.com Tue Aug 2 12:32:33 1994 From: eichin at paycheck.cygnus.com (Mark W. Eichin) Date: Tue, 2 Aug 94 12:32:33 PDT Subject: "Anon" fake... In-Reply-To: <9408021624.AA09621@ah.com> Message-ID: <9408021930.AA04439@paycheck.cygnus.com> Now that an??? is alleged to be off the list, I'll post this; I sent it to Hugh earlier, but it should be of use to anyone running a security-related majordomo: It should be simple enough to change RetMailAddr in majordomo.pl; right before it returns $ReplyTo, adding $ReplyTo =~ s/an(\d+)@anon.penet.fi/na\1 at anon.penet.fi/; will switch an* addresses to na* ones... This lets an address subscribe, they just get automatically converted to na forms. (Alternatively, one can always drop in an abort in the ValidAddress function (if I remember that name right) to just abort on anything that matches penet.fi, but that would be rude, and merely escalate the problem...) _Mark_ ps. Has anyone added pgp support to majordomo? I might consider it... there are lots of issues -- but change the subject line if you want to talk about it on the list :-) From jdd at aiki.demon.co.uk Tue Aug 2 12:33:57 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 2 Aug 94 12:33:57 PDT Subject: Children and the Net Message-ID: <3362@aiki.demon.co.uk> In message <199408021705.NAA22137 at bb.com> "L. Todd Masco" writes: > Am I the only one that's struck by the similarity between the propaganda > about the Waco massacre and the propaganda preceding the Persion Gulf > massacre? ... > [Not obviously C'punk related, but it really is: we must understand the > propaganda machine that the US government has working for it if we > hope to oppose them successfully on crypto issues] It's a much more general phenomenon that that. Two or three years ago, two doctors working for the National Health Service in the northeast of England began applying new diagnostic techniques routinely while examining children. They found that some children had been sexually abused and the children were taken into care. They began widening the use of the techniques and more children were taken into care with formal charges against parents etc being prepared by the police. The number of people involved expanded rapidly until it became clear that the two doctors were claiming that at least 20% (and climbing) of the population were sexually abusing their children. At this point credibility disappeared, support vanished, and the doctors were moved to new jobs. At the high point, children who fell off their bikes were being snatched out of emergency units, checked for "signs of sexual abuse", and usually found to have them. Then they were transferred to social workers who used extremely suggestive interrogation techniques which confirmed the doctors' [wacky] diagnoses. The doctors and social workers claimed to have the interests of the children in mind, and they looked sincere. But at some point the insanity of what they were doing became utterly apparent. They took children away from their parents because they were being abused. The children were put into foster homes. The doctors examined them again and found that they were still being abused. So the children were moved again. It became apparent that soon all of the children in the North East were going to have to be put into care, and most of the adults were going to be charged with child abuse. The people at the center of the affair never saw that they were wrong. At more or less the same time, social workers raided an island off the Scottish coast and took most of the children, claiming that the islanders were engaging in devil worship. The same type of aggressive interviewing techniques were used -- suggestive demonstrations, questions repeated on into the night until the 'right' answer was supplied, sweets and other rewards given for telling the right story. Although a commission later found that the charges were without substance, many of the children still have not been returned. It's not just the US government. Personally I believe that some fraction of the population is authoritarian in temperament and some fraction is credulous, and that these attributes are uncorrelated and distributed at random. The credulous authoritarian types can be very dangerous. They like uniforms. -- Jim Dixon From mpd at netcom.com Tue Aug 2 12:42:47 1994 From: mpd at netcom.com (Mike Duvos) Date: Tue, 2 Aug 94 12:42:47 PDT Subject: Truth, Justice, and the Waco Way Message-ID: <199408021942.MAA21100@netcom5.netcom.com> Events like Waco and the Persian Gulf War, in which an authoritarian superpower obliterates a mostly harmless and largely defenseless group of people, translate with relative ease to the cyberspacial realm. Seems like a valid Cypherpunks topic to me, so I will take a crack at responding to the following message L. Todd Masco writes: > Am I the only one that's struck by the similarity between > the propaganda about the Waco massacre and the propaganda > preceding the Persion Gulf massacre? Not at all. We should remember Herbert's Two Laws here. 1. All governments lie. 2. If you think you have found a counterexample, please reread law number one. Also worth remembering is the old saying that "a liar who lies one hundred percent of the time is unlikely to be a successful liar." The trick, therefore, is learning to separate the lies from the truth in a mixture of both. The quintessential lie from the Persian Gulf War was of course the memorable "baby incubator" story, recited tearfully on the floor of the Congress by a supposedly uninvolved eyewitness who later was revealed to be the daughter of the Kuwaiti ambassador. The alleged events, which never happened, turned the tide in Congress with regard to support for the war. Of course lies abounded in the Waco case as well, with Koresh being portrayed as a heavily armed lunatic yearning to fulfill Biblical prophecy by perishing in battle with all his followers. In reality, they simply wished to live their lives and be left alone. The pitfall here, which is to be avoided, is to start characterizing every negative thing said about the folks in Waco or Iraq as false, or to start suggesting that negative comments are a ploy to absolve government of all responsibility for what took place. Some of the negative things said in both these cases were certainly truthful. For instance, political opponents of Saddam Hussein in Iraq certainly had a markedly shortened life expectancy, and the Branch Davidians certainly took a Biblical fire and brimstone approach towards signs of independent thought or action in their offspring. Not a reason for lots of people to be killed, but not a reason to recommend their canonization either. The lesson to be learned here is that societies based on a diffuse "Web of Trust" organization are far less dangerous than those based on a powerful centralized authority. A powerful centralized authority inevitably devolves into interacting with its subjects using the protocol... Do What We Say Or We'll Kill You! Or in its more tasteful two-part form... 1. Do What We Say. 2. You're Under Arrest, And If You Resist, We'll Kill You. At that point, Wars, Wacos, Encryption Bans, and BBS Porno Show trials lurk just around the corner. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From will at thinkmedia.com Tue Aug 2 13:44:02 1994 From: will at thinkmedia.com (thinkmedia.com) Date: Tue, 2 Aug 94 13:44:02 PDT Subject: clarification please Message-ID: <199408022043.NAA06405@scruz.net> Woah, >Events like Waco and the Persian Gulf War, in which an >authoritarian superpower obliterates a mostly harmless and >largely defenseless group of people, translate with relative ease >to the cyberspacial realm. I remember reading a Scientific American article about two years before Iraq invaded Kuwait, in which it was made clear Iraq had and were developing missiles with ranges paralleling only U.S., Russia and China. I don't think harmless and defenseless quite fits the description. Maybe wannabe super power would be more accurate. ______________________________________________________________________________ Opinion is a flitting thing, Thinking Media Research But Truth, outlasts the Sun-- will at thinkmedia.com If then we cannot own them both-- (408) 423 3720 Possess the oldest one-- Emily Dickinson From nobody at shell.portal.com Tue Aug 2 13:45:05 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 2 Aug 94 13:45:05 PDT Subject: Majordomo and Julf's remailer Message-ID: <199408022044.NAA28101@jobe.shell.portal.com> * I'm not advocating majordomo code changes here; I just wonder if * there's an option setting that could be tweaked in the cypherpunks * list definition. I have been on mailing lists before where the * traffic always appeared to be 'from' the list, and the only thing * odd about it was that you had to CC: the author to send a direct * reply. should be fairly simple, extropians works that way. From lcottrell at popmail.ucsd.edu Tue Aug 2 13:48:38 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Tue, 2 Aug 94 13:48:38 PDT Subject: penet.fi attack Message-ID: <199408022047.NAA03976@ucsd.edu> This was clearly not just ignorance. Check out alt.test. The Anon and real ID of hundreds of people has been posted there. -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From mpd at netcom.com Tue Aug 2 14:11:44 1994 From: mpd at netcom.com (Mike Duvos) Date: Tue, 2 Aug 94 14:11:44 PDT Subject: Uniforms, Authority, and System "X" In-Reply-To: <3362@aiki.demon.co.uk> Message-ID: <199408022111.OAA05387@netcom15.netcom.com> jdd at aiki.demon.co.uk (Jim Dixon) writes: > It's a much more general phenomenon that that. Two or > three years ago, two doctors working for the National Health > Service in the northeast of England began applying new > diagnostic techniques routinely while examining children. > They found that some children had been sexually abused and > the children were taken into care. The same thing happened in the United States a number of years back. Sex abuse "experts" began taking note of microscopic abrasions and other signs of wear and tear on the genitals of children who had been sexually abused. They found that almost all children who had been sexually abused showed such signs and wrote lengthy papers on the subject. They also appeared in court with impressive diagrams and pointers and expounded at length about the new "scientific evidence of abuse." "So and so", they would proclaim, "showed a thickening of the skin" or "a small scratch" which obviously proved something sexual and inappropriate had taken place. Lots of people went straight to jail. Then the scientists happened to examine a population of children who had not been sexually abused and to their horror, they showed the same statistical incidence of such findings as the "abused" children did. Mostly from normal self-exploration and play with other kids their own age. There was gigantic embarassment all around and the scientists retreated. Looks like England is going through the same learning curve. > The people at the center of the affair never saw that they > were wrong. Well, there is a certain professional humiliation factor to be contended with here. :) > It's not just the US government. Most of the really goofy stuff along these lines seems to happen in the US and Great Britain. Other countries participate occasionally, like Italy. The Scandinavian countries and the Netherlands seem mostly immune. > Personally I believe that some fraction of the population is > authoritarian in temperament and some fraction is credulous, > and that these attributes are uncorrelated and distributed > at random. The credulous authoritarian types can be very > dangerous. They like uniforms. Back during the "Gays in the Miliary" flamefest, someone wrote a very funny parody suggesting that membership in the Republican party was genetically determined. I personally believe there is a large correlation between genetically determined personality traits and an attraction to right wing political thought. All right wing memes seem to have as their underlying reproductive mechanism the following schema... A. Doomed are those who do not embrace System "X" B. Anything I do to cause others to embrace System "X" is justified. The classic Christian case is of course Pascal's Wager, where avoiding any finite probability of eternal damnation outweighs the benefits of agnosticism not only for oneself, but for the rest of humanity as well. It would seem quite likely that such anxiety-producing logic would thrive best in a mind that is already predisposed to some degree of nervous excitement and insecurity. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From lrh at crl.com Tue Aug 2 14:13:38 1994 From: lrh at crl.com (Lyman Hazelton) Date: Tue, 2 Aug 94 14:13:38 PDT Subject: Adding PGP capability to Majordomo Message-ID: This sounds great, though I am somewhat confused about the mechanism and effect... just giving Majordomo a keyset would not (at least to my understanding) cure the problem of an??? recipients resulting in new an??? accounts. Perhaps I am missing something fundamental here, but what would this buy us? Lyman Finger lrh at crl.com for PGP 2.4 Public Key Block. From rah at shipwright.com Tue Aug 2 14:57:43 1994 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 2 Aug 94 14:57:43 PDT Subject: SpamlessPointer: Internet Shopkeeper Message-ID: <199408022156.RAA11984@zork.tiac.net> In the interest of spam-less info citations, please check out the posting in biz.comp.services for "Internet Shopkeeper", which allows people to set up their own internet malls (mini-malls already???), not just buy a shop in someone else's mall. No mention about transaction security in their post, really. I have a copy if anyone misses it. When I get some time, I'll put on my dumpster diving outfit and see what I can find out. If you get there before I do, share all... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From jya at pipeline.com Tue Aug 2 15:01:10 1994 From: jya at pipeline.com (John Young) Date: Tue, 2 Aug 94 15:01:10 PDT Subject: Children and the Net Message-ID: <199408022200.SAA02694@pipe1.pipeline.com> Responding to msg by cactus at bibliob.slip.netcom.com ("L. Todd Masco") on Tue, 2 Aug 1:5 PM > >Am I the only one that's struck by the similarity >between the propaganda about the Waco massacre and the >propaganda preceding the Persion Gulf massacre? Along with post-massacre spin on the slaughter to teach lasting fear of the killers beyond the event: don't fuck with us, obey or die. Captives an be terrorized into adoration of their captors, whether kids, soldiers or citizens, and propaganda is an uncontrolled munition. From crame001 at hio.tem.nhl.nl Tue Aug 2 15:20:03 1994 From: crame001 at hio.tem.nhl.nl (ER CRAMER) Date: Tue, 2 Aug 94 15:20:03 PDT Subject: Ann: PGS v0.99e Message-ID: <9408022318.AA01754@hio.tem.nhl.nl> -----BEGIN PGP SIGNED MESSAGE----- Just another release of Pretty Good PGP Shell: PGS v0.99e is the bug fix for the public beta version of PGS v0.99d. PGS is a very good shell for PGP. PGS has an advanced keyring management system and reads keyring it selves!!! PGS is very easy to use! PGS supports PGP versions 2.3a 2.6MIT 2.6ui. And ViaCrypt PGP versions 2.4 and 2.7. Special requirements: 80286 or up. Changes: A few minor bugs where fixed. The major memory leak in the key information section has been fixed. Because some users did have some problem with PGS changing the color pallet a new color mode has build in that uses standard (STD) colors. It is now possible to save the color mode (PGS, STD (default) or MONO) in the configuration file. PGS v0.99e is available for download at the following sites: Internet: (Right now) wuarchive.wustl.edu:/pub/msdos_uploads/pgs/pgs099ee.zip 128.252.135.4:/pub/msdos_uploads/pgs/pgs099ee.zip (notice that the filename is pgs099eE.zip and not pgs099e.zip, pgs099e.zip was not uploaded correctly). Fidonet: 2:282/317 Request: PGS099E.* 2:280/202 Request: PGS099E.* - -- ... If you outlaw Privacy, only Outlaws will have Privacy! Eelco Cramer ------ - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLj7UH4DAdPKe9hHLAQFowQP/Qm2AYxxRGBCf8tMFUE5KJGPd97GsXOkZ 9fnG/ofYHkpVgTRNc/jiTWd7502zQdcI95DM0WZoDirnHVjw1Iqxq8HXaxJ9h37X N+d/ClHTfWao9BTXN4FiO0urY/383kFWSlanZYSTQxatHeiIC/9BRVWoIbj8DndX sRMrKVSfrTY= =csjx -----END PGP SIGNATURE----- From kkirksey at world.std.com Tue Aug 2 15:33:18 1994 From: kkirksey at world.std.com (Ken Kirksey) Date: Tue, 2 Aug 94 15:33:18 PDT Subject: Children and the Net Message-ID: <199408022232.AA14753@world.std.com> -----BEGIN PGP SIGNED MESSAGE----- >> On Sun, 31 Jul 1994, Mike Duvos wrote: > >> > Had it not been for the fact that having children covered with >> > scars, welts, and bruises is not considered child abuse in the >> > state of Texas, all the children would have been removed from the >> > compound prior to the raid, and only the adults would have been >> > toasted. > >> Puh-leeze! There has been little to no evidence of ANY abuse of the >> Branch Davidian children. The only thing we know is that Koresh liked his >> mates young but that doesn't mean the rest of hte children were abused >> and, of course, Koresh's kink is quite normal in quite a few places. Are >> you forgetting that the BDs were investigated for child abuse and cleared >> earlier? > >These facts were well documented. Child welfare workers visited the >compound and examined the children. Signs of previous physical >punishment were noted as well as a room devoted to that purpose and ^^^^^^^^^^ >the appropriate paraphernalia. We were talking about physical ABUSE, not physical PUNISHMENT. There is a difference, unless of course you're one of those people that believe that they're one in the same and that parents shouldn't be allowed to physically discipline their children in any manner whatsoever. When I was a child, we had a room devoted to the physical discipline of us children: my parents bedroom. And in that room, specifially the closet, my father kept the appropriate paraphenalia: belts. Do you believe my parents should have been arrested for "child abuse"? I don't. The fact stands that there was no evidence that the children in the compound were ABUSED. The Texas department of child welfare cleared Koresh of all such charges. If you have any documentation to the contrary, I would certainly be interested in seeing it. I don't want to see evidence of PUNISHMENT, only ABUSE. Ken ============================================================================= Ken Kirksey kkirksey at world.std.com Mac Guru & Developer - ----------------------------------------------------------------------------- "This country, with its institutions, belongs to the people who inhabit it. Whenever they shall grow weary of the existing government, they can exercise their constitutional right of amending it, or their revolutionary right to dismember it or overthrow it." - Abraham Lincoln -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLj7FhusZNYlu+zuBAQGENgP/V6G/gCuFJ40+AeY0rs++AB73260q9jzk iLScYWfPwQ0JyMd3XJ9K4GW0eVaiV+LmWbAIFXj0FdBOVmzAnpFtw2zWTZep4UMO awrUFsp0UioGi3web3q2cfgxi3Z5YQiaZQN6rvpAeECsXyi+mutG8dQ8HdYgNY1N TRiTwsf+5pk= =86cK -----END PGP SIGNATURE----- From cactus at bb.com Tue Aug 2 16:42:31 1994 From: cactus at bb.com (L. Todd Masco) Date: Tue, 2 Aug 94 16:42:31 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: Message-ID: <199408022345.TAA25986@bb.com> Doug Cutrell writes: > >So, in between my check and yours, Todd posted the cypherpunks hack > >telnet 25 and the anonymous id disappeared. Hmmmmm. I wonder how > >that happened? :-) > > > >Thanks Todd! > > > > Rick > > I'd like to understand what Todd's "hack" means... I assume that he's > talking about telnetting to the sendmail port. But I thought that anyone > could unsubscribe anyone from cypherpunks by simply sending a message with: > > unsubscribe cypherpunks obnoxious at jerk.com > > It isn't even necessary to forge the return address, because majordomo > doesn't check. I just pulled majordomo's help file. It's appended below. In my experience, listservers will clear any commands that don't come from the person affected by passing them on for processing by the list maintainer as a security precaution. I had assumed majordomo did this, but I'm not certain. -- Todd From roy at sendai.cybrspc.mn.org Tue Aug 2 16:54:31 1994 From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail) Date: Tue, 2 Aug 94 16:54:31 PDT Subject: My light bulb goes on... (was:Re: Tuna fish...) In-Reply-To: <199408021750.KAA26146@netcom12.netcom.com> Message-ID: <940802.173235.9o1.rusnews.w165w@sendai.cybrspc.mn.org> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, Tim strikes gold: > (Personally, I think the "volunteer" aspect is at fault here: tens of > thousands of users use it for "free," while the software can't be > rewritten or maintained adequately. Why not a commercial service? And > the same arguments apply, as always, for the Cypherpunks model of > remailers.) Is this not the killer app that would get ecash off and running? A commercial service selling cyberspatial privacy and accepting anonymous ecash for the service sounds like a natural! - -- Roy M. Silvernail [ ] roy at sendai.cybrspc.mn.org PGP public key available by mail echo /get /pub/pubkey.asc | mail file-request at cybrspc.mn.org These are, of course, my opinions (and my machines) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLj7KmRvikii9febJAQELhQP+KhmOsjCGK14WxJtObmmzhhqZ3szhU7LE XgryCYddLuy7XJlj2ANcdSIu47OClyBO+eCl4vr/mUEorNxFkpb4MAQPxyrP3Ha3 gsl1MfLavlO2tZhUWKkPN2XGuInYoFbyYi0lljOD4LRuH/pGlxUtdRZnEp91vPXJ LathIAIzPBQ= =0SGR -----END PGP SIGNATURE----- From jpb at gate.net Tue Aug 2 17:30:19 1994 From: jpb at gate.net (Joseph Block) Date: Tue, 2 Aug 94 17:30:19 PDT Subject: Chaum ecash Message-ID: <199408030029.UAA46883@inca.gate.net> Sorry to clutter the list but: I had sent email about beta-testing Chaum's ecash scheme. I've since lost my copy of the original announcement (had a drive crash - joy!) and have never received a reply. Could some kind soul send me a copy of the announcement? thanks jpb at gate.net From jpb at gate.net Tue Aug 2 17:33:07 1994 From: jpb at gate.net (Joseph Block) Date: Tue, 2 Aug 94 17:33:07 PDT Subject: One last acronym... Message-ID: <199408030032.UAA69668@inca.gate.net> Federal Usurpation of Citizen's Keys Eliminates Real Security " " " " " " Secrecy From hayden at vorlon.mankato.msus.edu Tue Aug 2 17:33:26 1994 From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden) Date: Tue, 2 Aug 94 17:33:26 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <199408022345.TAA25986@bb.com> Message-ID: On Tue, 2 Aug 1994, L. Todd Masco wrote: > Doug Cutrell writes: > > I'd like to understand what Todd's "hack" means... I assume that he's > > talking about telnetting to the sendmail port. But I thought that anyone > > could unsubscribe anyone from cypherpunks by simply sending a message with: > > > > unsubscribe cypherpunks obnoxious at jerk.com > > > > It isn't even necessary to forge the return address, because majordomo > > doesn't check. I just pulled majordomo's help file. It's appended below. > > In my experience, listservers will clear any commands that don't come from > the person affected by passing them on for processing by the list > maintainer as a security precaution. I had assumed majordomo > did this, but I'm not certain. NOTE: all versions of majordomo do not permit this. I know that for the majordomo lists I run, it does do some internal checking to see that the address that mailed the unsubscribe command matches the one in the subscription roles, and if it doesn't, it forwards that message to the majordmo-owner address to be dealt with. BUT, you can turn off this 'feature' and have majordomo automatically recognize and execute all commands pertaining to that list. ____ Robert A. Hayden <=> hayden at vorlon.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or anyone else, dammit -=-=-=-=-=-=-=- (GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++ j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++** From tcmay at netcom.com Tue Aug 2 17:43:10 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 2 Aug 94 17:43:10 PDT Subject: My light bulb goes on... (was:Re: Tuna fish...) In-Reply-To: <940802.173235.9o1.rusnews.w165w@sendai.cybrspc.mn.org> Message-ID: <199408030043.RAA03037@netcom15.netcom.com> Roy Silvernail writes: > In list.cypherpunks, Tim strikes gold: > > > (Personally, I think the "volunteer" aspect is at fault here: tens of > > thousands of users use it for "free," while the software can't be > > rewritten or maintained adequately. Why not a commercial service? And > > the same arguments apply, as always, for the Cypherpunks model of > > remailers.) > > Is this not the killer app that would get ecash off and running? A > commercial service selling cyberspatial privacy and accepting anonymous > ecash for the service sounds like a natural! Thanks, Roy, but I've been arguing this for a -long_ time, as have others. The "digital postage" proposal (stamps, coupons, simple digital cash) fits right in. Current remailers are run in a haphazard way, with poorly-stated policies in some cases, with haphazard maintenance, and with no profit motive to push for higher performance, better reliability, and, critically, with a commitment to service and long-term viability that a real business would have. (To pick one example, without picking on particular people, it's real hard to take a remailer seriously when it goes up and down, when it bounces mail, or when a terse message is broadcast saying: "My remailer is going down for a while because I'm taking my laptop to Portugal for the summer." I'm not picking on these folks, who are running remailers as an experiment and as a free service, but this is part of the overall problem we face.) There are many issues about remailers that have been written about. Feature sets such as padding, types of encryption, reordering, etc. I've written long posts on this, and so have such folks as Hal Finney, Ray Cromwell, Matthew Ghio, Graham Toal, and others. (We get a lot of "Say, what if remailers waited a while before remailing?" comments, which sometimes get responded to, but which are often dismissed. Suffice it to say that a taxonomy of features can be developed, but casual analyses of just part of the situation tend not be helpful.) "Mom and Pop remailers" is my term for the for-profit remailer services which people could install in their homes, hook up to the Net, and operate for profit. Digital postage, at a rate they choose and others can then accept or not accept (and thus not use them). Yes, a good opportunity for an entrepreneurial Cypherpunk. Lots of good issues to consider. (I'll throw out one random idea, one of many: a bunch of remailer operators (henceforth, just "remailers") can organize themselves into a kind of "Remailer's Guild." Purely voluntary, as all aspects of remailers are. The 100 or so members, for instance, could agree to meet certain standards of confidentiality, and kick out anyone who violates this standard. For example. Spamming is reduced in a couple of ways. First, all messages are "paid for" by digital postage (set at different rates, or by the Guild, all self-arranged). Second, targetting of any single remailer by a malicious attacker can be solved by the Guild's arrangement to distribute traffic amongst themselves, especially before what is likely to be a "final" delivery. I have a clear idea of this scenario, and why it helps a lot to distribute risk, but this brief paragraph may not be sufficient to make the points clearly enough. If there's enough interest, I'll elaborate more carefully.) I hope this helps. But newcomers should understand that hundreds of posts have been made about these subjects. Perhaps the archive sites mentioned here have some of them. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From doug at OpenMind.com Tue Aug 2 17:46:09 1994 From: doug at OpenMind.com (Doug Cutrell) Date: Tue, 2 Aug 94 17:46:09 PDT Subject: Anonymous code name allocated. // penet hack Message-ID: >On Tue, 2 Aug 1994, L. Todd Masco wrote: > >> > It isn't even necessary to forge the return address, because majordomo >> > doesn't check. >> In my experience, listservers will clear any commands that don't come from >> the person affected by passing them on for processing by the list >> maintainer as a security precaution. I had assumed majordomo >> did this, but I'm not certain. Tod and Robert are right, I was wrong... I just checked this by creating a dummy account from a different address. When I tried to unsubscribe the dummy account from my usual account, I got a message telling me the request had been deferred to the list owner. So it's not *totally* trivial to mess with the list... Doug From yusuf921 at raven.csrv.uidaho.edu Tue Aug 2 18:01:31 1994 From: yusuf921 at raven.csrv.uidaho.edu (CatAshleigh) Date: Tue, 2 Aug 94 18:01:31 PDT Subject: One last acronym... In-Reply-To: <199408030032.UAA69668@inca.gate.net> Message-ID: On Tue, 2 Aug 1994, Joseph Block wrote: > > Federal Usurpation of Citizen's Keys Eliminates Real Security > " " " " " " Secrecy you missed an obvious one: Federal Usurpation of Citizen's Keys ! there, now read it crossword Duct tape is like the force. It has a light side, and a dark side, and it holds the universe together ... -- Carl Zwanzig From ianf at simple.sydney.sgi.com Tue Aug 2 18:35:24 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Tue, 2 Aug 94 18:35:24 PDT Subject: The Terrorists are coming! In-Reply-To: <3294@aiki.demon.co.uk> Message-ID: <9408031132.ZM695@simple.sydney.sgi.com> On Aug 1, 10:07pm, Jim Dixon wrote: > A large part of the former USSR was Muslim and there were strategic and > tactical nuclear weapons scattered all over the place (tactical weapons > are used as mines, fired from artillery pieces, carried by short range > missiles, and dropped from fighter bombers). If none of these is > unaccounted for, it is a genuine miracle. Out of curiousity, is anyone aware of whether the USSR employed PAL's (Permissive Activation Links) in their strategic nuclear weaponary? If so, is anyone aware of how secure the PAL's the Soviets actually used were? There was a rumor on USENET some time back that the Soviets were using RSA in their PAL's, but it sounded too much like an urban myth to me. Ian. From jamesh at netcom.com Tue Aug 2 18:37:05 1994 From: jamesh at netcom.com (James Hightower) Date: Tue, 2 Aug 94 18:37:05 PDT Subject: clarification please In-Reply-To: <199408022043.NAA06405@scruz.net> Message-ID: <199408030137.SAA24056@netcom13.netcom.com> Will at thinkmedia.com writes: > Woah, > > I remember reading a Scientific American article about two years before > Iraq invaded Kuwait, in which it was made clear Iraq had and were > developing missiles with ranges paralleling only U.S., Russia and China. I > don't think harmless and defenseless quite fits the description. Maybe > wannabe super power would be more accurate. Or perhaps the propaganda had started more than two years prior the invasion. JJH -- From yusuf921 at raven.csrv.uidaho.edu Tue Aug 2 19:03:01 1994 From: yusuf921 at raven.csrv.uidaho.edu (CatAshleigh) Date: Tue, 2 Aug 94 19:03:01 PDT Subject: The Terrorists are coming! (fwd) Message-ID: Duct tape is like the force. It has a light side, and a dark side, and it holds the universe together ... -- Carl Zwanzig ---------- Forwarded message ---------- Date: Tue, 2 Aug 1994 18:12:39 -0700 (PDT) From: CatAshleigh To: Subject: Re: The Terrorists are coming! I was originally going to e-mail this to the people who made the comments, and would recognise what they had said, so I didn't preserve the distinction of who said what, but after re-reading I think it's directly related to Big Brother's attempts at limiting our privacy the >> are my comments, the > are responces and the ones without any >> at all are my counter porposals. sorry if there's any confusion > > first of all the only "muslim" (NOT ARAB, NO ARABS HAVE NUKES, the only > > country with nukes in the middle east is Israel) country > > with a nuclear program is pakistan, and they're years away from anything > > that could be stolen. > > True, but only because they haven't gotten their hands on any yet. It is > well known in certain international arms circles that Kadaffi or Hussein > would absolutely *love* to have their own means of producing nuclear > weapons. And they aren't alone. We built Hussein, and I believe that Kadaffi was still struggeling to build chemial when we bombed him in '86, or so, but I believe I could be mistaken. > > some call it pork barrel, I call it consperasy theory to protray muslims > > as terroists. > > I don't think so. Most of the world's terrorists (with the exception of the > IRA and a handful of others) are recruited and trained by folks in the > Middle East. It may be true that they have gotten more than their share of > publicity in the past, but the fact remains - the Middle East is *the* > training ground for that sort of thing, and there isn't a fundamentalist > over there who wouldn't like to shove a suitcase nuke up Bill's ass. Every orginization which exists in the middle east has a purpose, Hezbullah's purpose is the liberation of Palestine, using nukes would be counter produtive, like in the movie "red dawn" USSR invaded, but USA wouldn't use nukes on it's own territory, because that would make it worthless land. think critically, 1) What would be gained by nuking the US? there are more Muslims here then there are Jews 2) the objective of "terror tactics" is to destroy a lot of property with as few injuries as possible, something akin to "counting coup" to demonstrate that "IF their intention had been to kill people, alot more bodies would be found, which (ie more fatalities) is easly accomplised by simply packing the bomb with shrapnal. could you be more specific about which "fundamentalists" you're talking about? > Haven't you heard? America *is* THE ENEMY to a majority of the folks over > in that part of the world. If you don't believe me, travel to that part of > the world carrying an American passport and see what happens. OY! please don't make generalizations. Iran had a popular revolution and overthrew the Shah (it's well documeted that he tortured prisoners in his jails) and replaced it with a democratic parlement, and implemented Islamic law, the USA urged Saddam Hussein to attack them and refused to extridite the Shah to be tried for his crimes. Would you expect any less after that? Who else called the USA a satan? the "ENEMY" is dictators who suppress the people from democratic elections and the countries who back them. therefore keep your eye on Egypt, but they're not very conserned about the USA because there's not much the USA can do to interfere there. > In message > CatAshleigh writes: > > > first of all the only "muslim" (NOT ARAB, NO ARABS HAVE NUKES, the only > > How do you know? > that's common knowlage, when Iraq got close to developing them, Israel bombed them. the only country the usa is throwing a hissyfit about is Pakistan. (and N. Korea) > Ahem. Uzbekistan is Muslim, and is also the third or fourth largest > nuclear power, and also is in a part of the world where there is a > long tradition of ... how do I say it gently ... greasing the palm. > I spent quite a while next door in Afghanistan and am familiar with > the culture. > the 5 largest nuclear powers are 1) USA 2) Russia 3) china 4) India 5) Israel (believed to have about 100 warheads) Uzbek was part of the USSR, and that's where they deposited some of their permanent sites, Uzbek refused to return them when the federation broke apart because they (they're smart) don't trust the russians farther then they can throw a nuke at them, after all they wanted nothing to do with USSR and were forced into the USSR by the soviets invading. Nukes are their insurance, they're not going to be parting with those any time soon. China is who they should be keeping an eye on. Smaller weapons certainly, such as stinger missiles, but that's capitalism :) A large part of the former USSR was Muslim and there were strategic and tactical nuclear weapons scattered all over the place (tactical weapons are used as mines, fired from artillery pieces, carried by short range missiles, and dropped from fighter bombers). If none of these is unaccounted for, it is a genuine miracle. It was my understanding that only the USA was incompetent enough to develop "tactical" nuclear weapons where any grunt can drop them and KABLEWY > Also, there has been quite a lot of press coverage here in the UK of > the defector from Saudi Arabia who claims that (a) the Saudis backed both > the Iraqi and the Pakistani nuclear programs and (b) the Saudis at > least have some nuclear materials. > The "defector" is an idiot, saudies were too busy building infrastructure to waist money backing other people's weapons development. The Saudies backed Iraq because they were fighting Iran and saudies aren't too fond of Shi'a. It might also be noted that the USA is similarly guilty. > > second of all there are more deaths caused by lighting on golf courses, > > ask any insurance agency. > > Also not true. The total number killed directly and indirectly in > Japan alone by atomic bombs is certainly over 100,000. I can't believe > that that many people have been killed by lightning on golf courses! > that's deaths from lightning on golf courses verses "terrorist attacks" I should have made that more clear, sorry. I'm glad that you mentioned that though, lets remember that it was the USA who was the "terroist" who bombed the civilians at Nagasaki and Heroshima (terrorist as defined in the dictionary) > > some call it pork barrel, I call it consperasy theory to protray muslims > > as terroists. > > Pork barrel? by inflating the NSA, and CIA, more people in your department, more job security. > -- > Jim Dixon > ---------- > > > The only other people who are called terroist are the IRA, and I don't see > > the FBI scrambling to protect Great Britian's consulet in DC when a > > car bomb goes off in London > > Here in the UK we read about lots of terrorist groups, not just the IRA: > ETA in Spain ... At least not called terrorist in USA papers, in fact only the British news agencies call the IRA terrorists, american papers seem to take a neutral attitude to the situation. my paragraph was in responce so automaticaly equating "nessisary step-ups in security against terrorists" as a codeword for "spying on arabs and muslims" by the FBI and CIA. > Maybe you should subscribe to a London newspaper. > The internet is better. > --- > Jim Dixon > > Duct tape is like the force. It has a light side, and a dark side, and it holds the universe together ... -- Carl Zwanzig From berzerk at xmission.xmission.com Tue Aug 2 19:14:34 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Tue, 2 Aug 94 19:14:34 PDT Subject: Uniforms, Authority, and System "X" In-Reply-To: <199408022111.OAA05387@netcom15.netcom.com> Message-ID: After spending a great leingth of time talking about the child abuse mania that is poluting out culture, On Tue, 2 Aug 1994, Mike Duvos wrote: > I personally believe there is a large correlation between > genetically determined personality traits and an attraction to > right wing political thought. Funny, most the people I know here that procalim this the loudest are LEFT wing people talking right wing mormons. Berzerk. From Banisar at epic.org Tue Aug 2 19:21:37 1994 From: Banisar at epic.org (David Banisar) Date: Tue, 2 Aug 94 19:21:37 PDT Subject: ID Card Hearing 8/3/94 Message-ID: <9408022222.AA21355@Hacker2.cpsr.digex.net> National ID Card Hearing 8/3/94 Barbara Jordon, Chairwoman of the US Commission on Immigration Reform will be testifying before the Senate Judiciary Committee tomorrow on the Commissions recomendations on verifying workers are eligible. Drafts of Ms. Jordon's testimony reveal that the Commission has backed off its initial proposal to require a national id card. Rather, the Commission will recommend a pilot program for the 5 states "most harmed by illegal immigration." It appears that this "pilot program" is only an attempt to limit initial opposition to the proposal with a future plan to implement it to other states as possible. In fact, when the national id proposal was first floated, the plan was to implement it step by step. Assuming that this will include Florida, California and Texas, a sizable percentage of the US population will be affected by the proposal. The Hearing will be held in Hart Senate Office Building, Room 216 at 10:15 am From rarachel at prism.poly.edu Tue Aug 2 19:29:50 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Tue, 2 Aug 94 19:29:50 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <9408020355.AA25057@burgess.Eng.Sun.COM> Message-ID: <9408030217.AA09048@prism.poly.edu> I don't think I have a code allocated, unless I accidentally replied to some message from penet... If (suppose) I had one allocated, what would happen with the tuna spam? Would anything alert me that it was tried? From tcmay at netcom.com Tue Aug 2 19:33:07 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 2 Aug 94 19:33:07 PDT Subject: Attention Bay Area (and West Coast?) Cypherpunks Message-ID: <199408030233.TAA14003@netcom16.netcom.com> The "Nova" PBS is tonight, at 8 p.m., repeating "The Codebreakers." On Channel 9, KQED, in San Francisco, and maybe elswhere...depends on when your area shows 'nova." I only mention this because last time it was on, a bunch of folks asked if anyone could send them copies, so there must be some interest. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From mimir at io.com Tue Aug 2 20:04:16 1994 From: mimir at io.com (Al Billings) Date: Tue, 2 Aug 94 20:04:16 PDT Subject: In the news... In-Reply-To: <199408020906.AA17343@panix.com> Message-ID: On Tue, 2 Aug 1994, Duncan Frissell wrote: > "The FBI is examining his computer to uncover links to other people." > > Said of the Abortion Doctor slaying suspect. Not much of a "suspect" given the evidence and such. From nobody at shell.portal.com Tue Aug 2 20:46:58 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 2 Aug 94 20:46:58 PDT Subject: 'Anon' Fake Message-ID: <199408030346.UAA09985@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- > The mechanism employed was obvious and simple -- someone subscribed an > anXXX address to the list. Anyone looking at the subscription list can > tell that, on their own. This technique has been used before. Is there any evidence to link this anxxxx person to the "tuna fish" spam? Given the fact that by doing a "who cypherpunks" will yield anyone, including various TLAs a list of potential "troublemakers" (by their standards), might this subscriber merely be trying to protect his real identity from prying eyes? Actually, I had thought of doing so myself, but didn't want to over-burden Julf's server with such a high volume of mail, plus having the mesages get cut off whenever a dashed line was encountered. FWIW, other list servers have a "set conceal" option which, upon request, keeps a person's address from becoming public through the "who" command. - -- Diogenes -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLj70d+Rsd2rRFQ1JAQFSlwP+NkXJSaKlUKuFnLhzHWjGxd6X+prUlPiV NsKGBXON6ATKGTvcCE8IG+A17MwkxNi4PxnOvmdCyyI+940Rz9uDmZo8qSW5EWip 7oQ/mEFGnxRY7wkw+99QHpASxBE/9nJSvuCM0AwGfZ5/0rMSUE1t2M52PAfZcELa 9G+cEM9GiPM= =tzW7 -----END PGP SIGNATURE----- From jamesd at netcom.com Tue Aug 2 21:30:04 1994 From: jamesd at netcom.com (James A. Donald) Date: Tue, 2 Aug 94 21:30:04 PDT Subject: Children and the Net In-Reply-To: <199408022232.AA14753@world.std.com> Message-ID: <199408030430.VAA12681@netcom14.netcom.com> Lately there has been much tedious back and forth concerning child abuse. This has very little to do with cryptography. It has however something to do with privacy. Should they government meddle in peoples homes and make sure they are bringing up children in the proper government approved fashion? Regarding child abuse and Koresh: The government was fishing for stuff to get him on. The Davidians were charged, came to court, and were aquitted. The infamous warrant that led to the Davidian children being crispy fried concerned guns, not child abuse. If we look at famous child abuse cases in California they are mostly cases of gross abuse by government. Do children get abused: Yep, almost always by step parents, as in the wicked stepmother. We are unsurprised when someone murders a rival. We take for granted that two women under one roof will lead to grave trouble. Yet a stepchild is a more formidable rival for a spouses attentions than any lover could be. In fact, step parents are more strongly motivated to murder step children than they are to murder their wife or husbands other lovers. For this reason the evil step parent has for centuries been a stock character to make the plot move along. Until recently anybody who read a book would take for granted that step parents were a hazard to life and limb. And when I talk to a kid who is hanging out a long way from home, a common reason is to avoid being alone with a step parent. Step parents are still a hazard to life and limb. Yet in todays literature and TV shows and movies, it is generally assumed that step parents and step children will get along tolerably well. For a reason that is very unclear to me, this obvious fact is being systematicly denied in Western culture generally, and in American culture in particular. To support this fiction, it appears to me that "Child Protective Services" agencies make a deliberate effort to go after natural parents. It appears to me that they are trying to make some kind of quota so as to create the appearance that child abuse is not biologically driven problem. Similarly, when a natural parent abuses their child, this receives vastly more media attention than step parent abuse, in a disproportion similar to the extreme disproportion given to incidents of white racial violence against blacks as compared to black racial violence against whites. Yep. Its a conspiracy. But what is the point of such a conspiracy? From nobody at shell.portal.com Tue Aug 2 21:55:16 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 2 Aug 94 21:55:16 PDT Subject: Uniforms, Authority, and 'System X' Message-ID: <199408030455.VAA15985@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- Berzerk wrote: > Funny, most the people I know here that procalim this the loudest are > LEFT wing people talking right wing mormons. > ^^^^^^^ > Berzerk. Did you intend to say "morons" or "Mormons"? --- Diogenes -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLj8Z3+Rsd2rRFQ1JAQHb3wP8DT9tnoskwHnfGFA2kFxU3A/JEPUWpWcD zGcqVm2nJXxYfWMUT5B3XNL9mlMr0kuiL/+WLEtRnpqmc3ia3pE7VHAfa/rJW9Kq kV1F8KrVLt3r5OH/Hldmj0obfA035FLYejJXlSB9hGHBCnMYmFto2VWhyyye7Ca7 qCtyUST5PJM= =mBp5 -----END PGP SIGNATURE----- From a.brown at nexor.co.uk Wed Aug 3 00:58:52 1994 From: a.brown at nexor.co.uk (Andrew Brown) Date: Wed, 3 Aug 94 00:58:52 PDT Subject: Steganography Message-ID: Great, I just lost 18 hours worth of messages. If anyone replied to this thread in that time I'd really appreciate a repost, thanks. - Andy From jdd at aiki.demon.co.uk Wed Aug 3 03:06:55 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 3 Aug 94 03:06:55 PDT Subject: The Terrorists are coming! Message-ID: <3496@aiki.demon.co.uk> In message CatAshleigh writes: > > > first of all the only "muslim" (NOT ARAB, NO ARABS HAVE NUKES, the only > > > > How do you know? > > > that's common knowlage, when Iraq got close to developing them, Israel > bombed them. In this case, "common knowledge" = "not true". > > Ahem. Uzbekistan is Muslim, and is also the third or fourth largest > > nuclear power, and also is in a part of the world where there is a > > long tradition of ... how do I say it gently ... greasing the palm. > > the 5 largest nuclear powers are 1) USA 2) Russia 3) china 4) India > 5) Israel (believed to have about 100 warheads) Uzbekistan has several ICBM sites. Some of the ICBMs are MIRVed, with maybe 10 warheads each. I think that Uzbekistan may outclass China. I have never heard claims that India had more than 100 warheads. The Ukraine also has many ICBMs and I would assume outranks India and Israel. I also believe that France outclasses both India and Israel. And Britain has nuclear submarines carrying thermonuclear weapons, tactical weapons carried by fighter/bombers, etc. What is your authority for this ranking?? > > A large part of the former USSR was Muslim and there were strategic and > > tactical nuclear weapons scattered all over the place (tactical weapons > > are used as mines, fired from artillery pieces, carried by short range > > missiles, and dropped from fighter bombers). If none of these is > > unaccounted for, it is a genuine miracle. > > It was my understanding that only the USA was incompetent enough to develop > "tactical" nuclear weapons where any grunt can drop them and KABLEWY. I DEFINED the term "tactical". I mentioned no grunts. The Soviets certainly had tactical nuclear weapons of every type that I mentioned, and more (nuclear torpedoes, for example). Their plans for the invasion of Europe have been published. These plans included the heavy use of tactical nuclear weapons in every theater. Their strategic weapons would have been used on America. > > Also, there has been quite a lot of press coverage here in the UK of > > the defector from Saudi Arabia who claims that (a) the Saudis backed both > > the Iraqi and the Pakistani nuclear programs and (b) the Saudis at > > least have some nuclear materials. > > The "defector" is an idiot, I saw him interviewed on TV, his IQ seemed to be fairly high. 130+ ? > saudies were too busy building infrastructure > to waist money backing other people's weapons development. But ... no one disputes the claim that the Saudis backed weapons development in Iraq; the Saudis freely admit it. They deny only the reports about nasty (nuclear, chemical, and biological) weapons. > The Saudies backed Iraq because they were fighting Iran and saudies > aren't too fond of Shi'a. And in the next line you admit it yourself. > It might also be noted that the USA is similarly > guilty. By this point, you've lost track of what you are saying. The USA is similarly guilty of funding Iraqi development of nuclear weapons?? [I made a reference to the atomic bombing of Japan] > I'm glad that you mentioned that though, lets remember that it was the > USA who was the "terroist" who bombed the civilians at Nagasaki and > Heroshima (terrorist as defined in the dictionary) My dictionary does not define the term 'terrorist' that way. The Japanese started the war with the US by bombing Pearl Harbor, the US ended it by bombing Hiroshima and Nagasaki. It was a nasty war on all sides. Any soldier knows that the best way to win is to induce terror in your opponent. But the term 'terrorist' is not used for soldiers engaged in open warfare. It normally refers to those who make clandestine attacks with the purpose of inducing terror in civilians. If you hijack an airliner, you are a terrorist. If you firebomb Dresden, what you have done may be sickening, but you are not a terrorist. You are a soldier in a brutal war. Most wars of any length get brutal. The style of argument used here is very 1984. Words are used in abnormal ways, people are demonized (Israel, America), contradictions are stated in the same sentence, vilification replaces logic. And also, comments were asked to be sent by email, and then edited before being replied to in public. Not good. -- Jim Dixon From jkreznar at ininx.com Wed Aug 3 03:40:55 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Wed, 3 Aug 94 03:40:55 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408021942.MAA21100@netcom5.netcom.com> Message-ID: <9408031040.AA25684@ininx> -----BEGIN PGP SIGNED MESSAGE----- In Message-Id: <199407312314.QAA16264 at netcom4.netcom.com>, Mike Duvos wrote: > No personal attack intended. I am a strong supporter of > egalitarian societies with strong social safety nets, and think > that youth emancipation will likely be the next big civil rights > movement in this country. I am also willing to pay high taxes in > order to feel secure that all citizen-units are suitably housed, > well-fed, and taken care of. This is entirely self-serving on my > part, since it cuts down on social unrest and street crime. Yet in the present message he observes that > The lesson to be learned here is that societies based on a > diffuse "Web of Trust" organization are far less dangerous than > those based on a powerful centralized authority. A powerful > centralized authority inevitably devolves into interacting with > its subjects using the protocol... > Do What We Say Or We'll Kill You! > Or in its more tasteful two-part form... > 1. Do What We Say. > 2. You're Under Arrest, And If You Resist, > We'll Kill You. > At that point, Wars, Wacos, Encryption Bans, and BBS Porno Show > trials lurk just around the corner. Mike Duvos, how I wish I had the time to try to understand how you reconcile these seemingly incompatible sentiments! How can you achieve ``egalitarian societies with strong social safety nets'' without using ``powerful centralized authority''? As a proponent of ``high taxes'', how can you also favor strong cryptography? Do you doubt that expropriating ``high taxes'' from your neighbor will be made more difficult in a world with strong cryptography? In view of the natural diversity among people, how can you achieve an ``egalitarian society'' without someone who says ``Do What We Say Or We'll Kill You!''? John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLj9zc8Dhz44ugybJAQE/fwP/TA+yCerTZk8pH1Gi2yunA0FE8FqKm7i+ Gy8URq3jFOUPYDHy6fkFPsfX8NB404e1eGFFBNx6U0FE360FmYKO7eI+q5dUJ9gE fBLKlQYL/HSGyoPs6P4ZYJxNwY0svCUwOnOTIcVAb2UEHdHlDF+cvsogOFJk3WIy w/9kwSsE20s= =TM1s -----END PGP SIGNATURE----- From mlshew at netcom.com Wed Aug 3 04:03:33 1994 From: mlshew at netcom.com (Mark Shewmaker) Date: Wed, 3 Aug 94 04:03:33 PDT Subject: Clobbered my mail. Anyone have archives? Message-ID: <199408031103.EAA08660@netcom8.netcom.com> Apologes for the bandwidth, but I just destroyed 2 weeks worth of cypherpunks, extropians, and general semantics mail. (Everything from July 20 to August 3.) Would someone with archives please contact me? Thanks. Mark Shewmaker mlshew at netcom.com Helpful household tip for the day: When adding files to archives, it is wise to use "lha a ...", instead of "lha m ..." From a.brown at nexor.co.uk Wed Aug 3 05:18:41 1994 From: a.brown at nexor.co.uk (Andrew Brown) Date: Wed, 3 Aug 94 05:18:41 PDT Subject: Steganography (Was Re: What kind of encryption to incorporate?) In-Reply-To: <199408021526.LAA17483@pipe1.pipeline.com> Message-ID: On Tue, 2 Aug 1994, John Young wrote: > Some features of CAD programs such as AutoCad may be useful for > concealment. Hmmm, hadn't thought about that possibility. > Want to discuss here or by e-mail? Here should be fine, there seems enough interest. - Andy From perry at imsi.com Wed Aug 3 05:38:59 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 3 Aug 94 05:38:59 PDT Subject: My light bulb goes on... (was:Re: Tuna fish...) In-Reply-To: <940802.173235.9o1.rusnews.w165w@sendai.cybrspc.mn.org> Message-ID: <9408031238.AA12045@snark.imsi.com> Roy M. Silvernail says: > In list.cypherpunks, Tim strikes gold: > > > (Personally, I think the "volunteer" aspect is at fault here: tens of > > thousands of users use it for "free," while the software can't be > > rewritten or maintained adequately. Why not a commercial service? And > > the same arguments apply, as always, for the Cypherpunks model of > > remailers.) > > Is this not the killer app that would get ecash off and running? A > commercial service selling cyberspatial privacy and accepting anonymous > ecash for the service sounds like a natural! The problem is not a need for a killer app -- there are dozens. The obstacle is regulatory problems, and finding a large and reputable sponsoring organization (like a big bank). Perry From jdd at aiki.demon.co.uk Wed Aug 3 06:20:35 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 3 Aug 94 06:20:35 PDT Subject: Egalitarianism vs. Strong Cryptography Message-ID: <3514@aiki.demon.co.uk> In message <9408031040.AA25684 at ininx> "John E. Kreznar" writes: > In Message-Id: <199407312314.QAA16264 at netcom4.netcom.com>, Mike Duvos > wrote: > > > No personal attack intended. I am a strong supporter of > > egalitarian societies with strong social safety nets, and think > > that youth emancipation will likely be the next big civil rights > > movement in this country. I am also willing to pay high taxes in > > order to feel secure that all citizen-units are suitably housed, [etc] > > Yet in the present message he observes that > > > The lesson to be learned here is that societies based on a > > diffuse "Web of Trust" organization are far less dangerous than > > those based on a powerful centralized authority. [etc] > > Mike Duvos, how I wish I had the time to try to understand how you > reconcile these seemingly incompatible sentiments! Look closely. He says that (a) he likes strong, centralized societies but (b) they are dangerous. Sometimes you like dangerous things. > ... As a proponent > of ``high taxes'', how can you also favor strong cryptography? Do you > doubt that expropriating ``high taxes'' from your neighbor will be made > more difficult in a world with strong cryptography? Personally I am very much against high taxes, but once again there is no real contradiction in these viewpoints. You will need the high taxes to pay for all the tax inspectors trained in cryptography. > In view of the > natural diversity among people, how can you achieve an ``egalitarian > society'' without someone who says ``Do What We Say Or We'll Kill > You!''? You can't, unless you are willing to kill everyone with any spirit. But you can vote him down. -- Jim Dixon From paul at poboy.b17c.ingr.com Wed Aug 3 06:43:40 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Wed, 3 Aug 94 06:43:40 PDT Subject: The Terrorists are coming! In-Reply-To: <9408031132.ZM695@simple.sydney.sgi.com> Message-ID: <199408031339.AA05228@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > Out of curiousity, is anyone aware of whether the USSR employed PAL's > (Permissive Activation Links) in their strategic nuclear weaponary? If so, > is anyone aware of how secure the PAL's the Soviets actually used were? > There was a rumor on USENET some time back that the Soviets were using RSA > in their PAL's, but it sounded too much like an urban myth to me. I suspect they must have had a PAL-like mechanism, although at least some of their weapons rely on interlocks which can only be triggered by a KGB-controlled activator. I remember the USENET rumor as being that the _US_ was using RSA as a component of the comm systems used to transmit Emergency War Orders (EWOs) to US forces. No one has confirmed that, but it certainly seems plausible. Come to think of it, the PALs on US weapons are primarily electromechanical in nature. You get the EWO, you punch in the supplied code into the PAL, and off you go. I'm not sure that RSA would a whole lot of use as part of the PAL mechanism itself (except for signature verification, which is certainly important.) - -Paul - -- Paul Robichaux, KD4JZG | "Information is the currency of democracy." perobich at ingr.com | - some old guy named Thomas Jefferson Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLj+d86fb4pLe9tolAQEllwQAmrjDgCgTwdER8RfyUKybdY9IyVtahYdz OfrdFi813sHZqKCw+ONzCL5sPlIAtLeZzNsqUL8MarM66EbSGzdSilMxVc32eAKe p1j7SXvIVj9gWKM2AS+i0AcEv9HIla417zovTGtowi2stlp34KmhHK7WWGuWqxD+ iWLFcWh9mcg= =BONM -----END PGP SIGNATURE----- From blane at squeaky.free.org Wed Aug 3 08:07:50 1994 From: blane at squeaky.free.org (Brian Lane) Date: Wed, 3 Aug 94 08:07:50 PDT Subject: Steganography (Was Re: What kind of encryption to incorporate?) In-Reply-To: Message-ID: On Wed, 3 Aug 1994, Andrew Brown wrote: > On Tue, 2 Aug 1994, John Young wrote: > > > Some features of CAD programs such as AutoCad may be useful for > > concealment. > > Hmmm, hadn't thought about that possibility. > > > Want to discuss here or by e-mail? > > Here should be fine, there seems enough interest. > Please keep discussing it here! There's only so much of this other stuff that I can take - my brain needs refreshment. How about hiding data in digitized audio? With enough audio the data wouldn't degrade the signal noticably. Brian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From a.brown at nexor.co.uk Wed Aug 3 08:12:57 1994 From: a.brown at nexor.co.uk (Andrew Brown) Date: Wed, 3 Aug 94 08:12:57 PDT Subject: Steganography (Was Re: What kind of encryption to incorporate?) In-Reply-To: Message-ID: On Wed, 3 Aug 1994, Brian Lane wrote: > How about hiding data in digitized audio? With enough audio the data > wouldn't degrade the signal noticably. I've already done that, it's included in the s-tools v2 package as a module to conceal information in .WAV files. The effect on quality when using the LSB of an 8 bit 11Khz mono sample is not noticeable unless the original sound is highly pure (e.g. downloaded from a synth). Even then it only shows up as _very_ faint interference that needs a good hi-fi to hear and the original sample for comparison. Regards, - Andy From mpd at netcom.com Wed Aug 3 08:46:16 1994 From: mpd at netcom.com (Mike Duvos) Date: Wed, 3 Aug 94 08:46:16 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <9408031040.AA25684@ininx> Message-ID: <199408031545.IAA17162@netcom11.netcom.com> jkreznar at ininx.com (John E. Kreznar) asks: > Mike Duvos, how I wish I had the time to try to understand > how you reconcile these seemingly incompatible sentiments! > How can you achieve ``egalitarian societies with strong > social safety nets'' without using ``powerful centralized > authority''? As a proponent of ``high taxes'', how can you > also favor strong cryptography? Do you doubt that > expropriating ``high taxes'' from your neighbor will be made > more difficult in a world with strong cryptography? In > view of the natural diversity among people, how can you > achieve an ``egalitarian society'' without someone who says >``Do What We Say Or We'll Kill You!''? Excellent questions! I view society as a collection of services provided to individuals. Things like education, housing, medical care, food, legal services, locating appropriate employment, and others. To the extent that these services are provided in an efficient manner at a reasonable price, citizens live well. I also think these services should be provided by the private sector and not by any centralized government. In fact, I think the centralized government should be as small as possible and reduced primarily to ceremonial functions. An egalitarian society can then be achieved by simply not making certain groups of people, like the young, exceptions to the laws which protect everyone else, and giving them equal access to the courts and other social institutions. Egalitarianism should always be approached by providing "equality of opportunity" and never by legislating "equality of result." Taxation should be small, uniform, and applied to transactions and never to the earnings of individuals. Income tax is not necessary to generate revenue and exists primarily to justify government snooping into the private business of citizens and secret police organizations like the IRS. A VAT would do the trick nicely and could be easily built into the DigiCash system of the future. I also favor a small guaranteed annual income which would allow citizens to live just slightly better than they do in prison. Incarceration can never be a deterent if it is a step upward in ones standard of living, something the US seems to have lost sight of. As for strong cryptography, it should be unrestricted and used whenever approprate. If individuals wish to go to the trouble of avoiding taxes setting up secret businesses that encrypt all transactions, more power to them. The small number of people who will bother to do this will not have any real impact on taxation. If taxes are reasonable and the money is used for things that people support, people will be suitably incentivised not to avoid them. Thus strong crypto, egalitarianism, less government, and tolerable taxes can all live happily together in our future. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From jya at pipeline.com Wed Aug 3 08:56:59 1994 From: jya at pipeline.com (John Young) Date: Wed, 3 Aug 94 08:56:59 PDT Subject: Steganography by CAD Message-ID: <199408031555.LAA08226@pipe2.pipeline.com> Responding to msg by a.brown at nexor.co.uk (Andrew Brown) on Wed, 3 Aug 1:17 PM Andy: Features for concealment of plain or cyphertext by CAD programs: 1. Plain or cyphertext can be imported by each letter, by sentence, by block of text; then manipulated by the CAD program as one or multiple concealed CAD entities. 2. Text manipulation includes: Reduce to any scale. Place on hidden layers. Hide by other entities. Distort to a variety of shapes. And otherwise disfigure the text into non-recognizable forms. 3. In addition, there are a host of CAD-features for further, multiple, transformations of the text, including algorithmic permutations. 4. Subsequent manipulation of the CAD document may include exporting to other proprietary and generic CAD formats. 5. CAD document may then be transmitted plain (in the selected CAD format) or encrypted for transmission. 6. The recipient uses a CAD program (and decryption program if needed) to restore the concealed text to its original encrypted form. It is exported to the original encryption program for decryption. 7. Caveat 1: While this manipulation will be invisible or camouflaged in the CAD document the underlying code of the program will provide clues. However, it should be possible to encrypt these clues. 8. Caveat 2: Sender and recipient will need to exchange protocols, by encrypted transmission probably, for restoring the concealed text. 9. Caveat 3: This is not elegant and requires little or no crypto competency. But it can be easily done by a CAD operator to help conceal sophisticated crypto. Comments? John, an architect of the building codes domain. From jrochkin at cs.oberlin.edu Wed Aug 3 09:13:53 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 3 Aug 94 09:13:53 PDT Subject: encryption and Ham Radio Message-ID: <199408031613.MAA14343@cs.oberlin.edu> A while ago I thought about getting a Ham Radio license for doing TCP/IP over the airwaves. I never got around to learning the details, but I know that it is possible, and that many Hams in big cities have detailed digital nets running over the airwaves, using TCP/IP, or other protocols. There are even some gateways onto the internet. When I was investigating getting a license, it came to my attention that FCC rules prohibit encrypting any digital data you send over the airwaves in this way. I don't know exactly how far this prohibition reaches, but I know you can lose your ham license for sending encrypted data over the digital ham network. I haven't actually seen any mention of this by the EFF and other groups like that, where I'd expect it. Or on cypherpunks, for that matter. Maybe it's because no one knows about it. So I'm telling you. I think that this is a pretty terrible state of affairs, because ham radio TCP/IP provides a low cost (if really low bandwith) permanent connection to the internet, and currently anyone who accesses the internet this way is _prohibited_ from using encryption. Bad. [Oh, they are also prohibited form broadcasting "bad" words in digital form. Which causes endless problems for people with usenet gateways onto these digital ham nets. They need automated software robots searching out all posts for Carlins 7 bad words, and deleting them.] From kentborg at world.std.com Wed Aug 3 10:22:56 1994 From: kentborg at world.std.com (Kent Borg) Date: Wed, 3 Aug 94 10:22:56 PDT Subject: DES Flames Message-ID: <199408031722.AA10579@world.std.com> It seems I made two mistakes. 1) I didn't word my question clearly enough. 2) I posted from my AOL account. (Note that this is sent from a Genuine Hard to Use Unix Machine as Terribly Sophisticated Proof the I am not a Complete Fool...boy, some people are naive.) I try again. Given: 1) Some people worry about the strength of DES. (Correct?) 2) DES is within striking distance of a brute-force attack, this is far-and-away its most serious weakness. (Correct?) 3) 3-DES is nowhere near soon being vulnerable to a brute-force attack. (Correct?) It follows then that: 3-DES is a trivial fix of DES' ills. (Correct?) Now, I repeat my puzzle. If there really was a Great Government Gnashing of teeth over how to replace DES, what was the problem? Is it that 3-DES is too good? (But then why the great worry over DES in the first place? 56-bits is not something easy to break off the shelf. Are we worried about the French or Japanese or somebody?) Something doesn't add up here--and it isn't the fact that one of my six or eight internet addresses is an AOL account. My tentative answer: DES is *generally* too strong for the TLA's taste, but specifically 56-bits worth of DES is too little. They were in a paradox of wanting something the US spooks could read but others can't. But then why the long delay before back-door systems like Clipper are rushed out? It still doesn't add up. Another possible answer: the threat to DES was not its weakness, rather the combination of its *strength* and the fact that regular folks would start using it, a la PGP and RIPEM. When it first came out only banks and stuff were interested, not plain old citizens. In other words, DES' fault was how strong it is. (ObStupidWarning: Yes, 56-bits is too few to really trust, but 3-DES is a trivial variation.) -kb, the Kent who no longer has Perry's permission to post -- Kent Borg +1 (617) 776-6899 kentborg at world.std.com kentborg at aol.com Proud to claim 39:30 hours of TV viewing so far in 1994! From tcmay at netcom.com Wed Aug 3 10:30:50 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 3 Aug 94 10:30:50 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408031545.IAA17162@netcom11.netcom.com> Message-ID: <199408031702.KAA29908@netcom3.netcom.com> Mike Duvos writes: (Good sentiments about small government elided....) > Taxation should be small, uniform, and applied to transactions > and never to the earnings of individuals. Income tax is not > necessary to generate revenue and exists primarily to justify > government snooping into the private business of citizens and > secret police organizations like the IRS. A VAT would do the > trick nicely and could be easily built into the DigiCash system ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > of the future. ^^^^^^^^^^^^^^ Not the untraceable cash systems most of us are interested in, that's for sure. Since transactions between "Alice" and "Bob" are invisible to outsiders, and they may not even know the identity of the other, then it's hard to imagine how the Tax Man interjects himself. Unless of course some "escrow" system is mandated, and independent schemes are extirpated ruthlessly. Not a pretty sight. > I also favor a small guaranteed annual income which would allow > citizens to live just slightly better than they do in prison. > Incarceration can never be a deterent if it is a step upward in > ones standard of living, something the US seems to have lost > sight of. In the crypto anarchist future I envision, this will never happen. Mike and his friends are of course free to donate some or all of their earnings to provide a "guaranteed annual income" for others, but not me. But this gets into basic ideological issues, so I'll stop now. The crypto significance is that strong crypto makes many things Mike wants essentially impossible to achieve, fortunately. > As for strong cryptography, it should be unrestricted and used ^^^^^^^^^^^^ > whenever approprate. If individuals wish to go to the trouble of > avoiding taxes setting up secret businesses that encrypt all > transactions, more power to them. The small number of people who > will bother to do this will not have any real impact on taxation. > If taxes are reasonable and the money is used for things that > people support, people will be suitably incentivised not to avoid > them. Huh? This paragraph does not compute. > Thus strong crypto, egalitarianism, less government, and > tolerable taxes can all live happily together in our future. > In your dreams. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From pstemari at bismark.cbis.com Wed Aug 3 10:34:44 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Wed, 3 Aug 94 10:34:44 PDT Subject: broadcast encryption In-Reply-To: Message-ID: <9408031734.AA18504@focis.sda.cbis.COM> > The US is a signatory to the International Telecommunications Union > (ITU) treaties that allocate various parts of the radio spectrum for > different uses around the world. One of those treaties (or some part > of one; I forget which) prohibits the use of encryption to "obscure > meaning." So how is it that the satellite companies are allowed to encrypt their signals, while individuals are not? Another example where corporations have greater rights than individuals? --Paul From mdfnlysn at Mcs.Net Wed Aug 3 11:07:16 1994 From: mdfnlysn at Mcs.Net (Matthew D. Finlayson) Date: Wed, 3 Aug 94 11:07:16 PDT Subject: broadcast encryption In-Reply-To: <9408031734.AA18504@focis.sda.cbis.COM> Message-ID: On Wed, 3 Aug 1994, Paul J. Ste. Marie wrote: > > The US is a signatory to the International Telecommunications Union > > (ITU) treaties that allocate various parts of the radio spectrum for > > different uses around the world. One of those treaties (or some part > > of one; I forget which) prohibits the use of encryption to "obscure > > meaning." > > So how is it that the satellite companies are allowed to encrypt their > signals, while individuals are not? Another example where > corporations have greater rights than individuals? > > --Paul > > Who are these satellite companies? I work for a major international record carrier and I have no encryption on any of the earth stations in my inventory. --Matt From snyderra at dunx1.ocs.drexel.edu Wed Aug 3 11:07:16 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Wed, 3 Aug 94 11:07:16 PDT Subject: encryption and Ham Radio In-Reply-To: <199408031613.MAA14343@cs.oberlin.edu> Message-ID: <199408031805.OAA17997@dunx1.ocs.drexel.edu> Jonathan Rochkind scribbles: > A while ago I thought about getting a Ham Radio license for doing TCP/IP over the airwaves. I never got around to learning the details, but I know that it is > possible, and that many Hams in big cities have detailed digital nets running > over the airwaves, using TCP/IP, or other protocols. There are even some > gateways onto the internet. Yup. All sorts of nifty stuff available for digital ham radio bands, though if you're looking for a replacement for a SLIP/PPP connection to the net, you'll probably be disappointed. > When I was investigating getting a license, it came to my attention that FCC > rules prohibit encrypting any digital data you send over the airwaves in this > way. I don't know exactly how far this prohibition reaches, but I know > you can lose your ham license for sending encrypted data over the digital > ham network. Actually, I think it's "obscure the meaning." My reading of this is that certain forms/uses of cryptography, like digital signature, would be permitted. > I haven't actually seen any mention of this by the EFF and other groups like > that, where I'd expect it. Or on cypherpunks, for that matter. Maybe it's > because no one knows about it. So I'm telling you. I think that this is a > pretty terrible state of affairs, because ham radio TCP/IP provides a low > cost (if really low bandwith) permanent connection to the internet, and > currently anyone who accesses the internet this way is _prohibited_ from using > encryption. Bad. I don't currently have a TNC to connect up, though I probably will soon. I don't think I would ever use my connection to do raw IP from my machine to the Internet, primarily because of the prohibition on commercial traffic, which is difficult to guard against, and that you are responsible for your transmittions, regardless of the actual origin of the traffic. Makes for a dnagerous combination. > [Oh, they are also prohibited form broadcasting "bad" words in digital form. > Which causes endless problems for people with usenet gateways onto these > digital ham nets. They need automated software robots searching out all posts > for Carlins 7 bad words, and deleting them.] This doesn't protect them. For example, that C&S spam from a while ago would have placed any Usenet gateway in violation of FCC rules. Loss of license, and some hefty fines (though they are usually waived if you can't afford it or it wasn't malicious) Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From pstemari at bismark.cbis.com Wed Aug 3 11:20:06 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Wed, 3 Aug 94 11:20:06 PDT Subject: broadcast encryption In-Reply-To: Message-ID: <9408031819.AA18977@focis.sda.cbis.COM> > Who are these satellite companies? > > I work for a major international record carrier and I have no encryption on > any of the earth stations in my inventory. CBS, HBO, etc, either already are encrypting their satellite distribution signals, or they are in the process of doing so. so they can force people to license the signals for a fee. The satellite receivers now have provisions for loading a decryption key. --Paul From tcmay at netcom.com Wed Aug 3 11:23:30 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 3 Aug 94 11:23:30 PDT Subject: broadcast encryption In-Reply-To: <9408031734.AA18504@focis.sda.cbis.COM> Message-ID: <199408031823.LAA18061@netcom12.netcom.com> > > > The US is a signatory to the International Telecommunications Union > > (ITU) treaties that allocate various parts of the radio spectrum for > > different uses around the world. One of those treaties (or some part > > of one; I forget which) prohibits the use of encryption to "obscure > > meaning." > > So how is it that the satellite companies are allowed to encrypt their > signals, while individuals are not? Another example where > corporations have greater rights than individuals? > > --Paul My recollection is that scrambling/encrypting over the broadcast spectrum is allowed if the key is provided to the authorities. (I have no idea how this works, if and how they would take a PGP key, etc.) Clearly the satellite scrambling people (who operate from 22,500 miles out, which makes this story have other interesting ramifications) can trivially show what they are actually broadcasting, merely be providing to FCC/WARC/UN/etc. a decoder box. With the rapid rise in wireless LANs, radiomail, and dozens of other wireless systems, I'm not sure how any of this ban-on-encryption stuff is meaningful or enforceable. Compression looks like encryption, and vice versa. And a thousand different formats make interceptions and understanding a challenge. (I've heard specifically that wireless LANs have no restrictions on encryption. Wonder what this means for Teledesic, which is targetted for computer communication?) I'm not a ham person (except as Klaus! or Shabbaz), nor am I lawyer. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From mdfnlysn at Mcs.Net Wed Aug 3 11:27:14 1994 From: mdfnlysn at Mcs.Net (Matthew D. Finlayson) Date: Wed, 3 Aug 94 11:27:14 PDT Subject: broadcast encryption In-Reply-To: <9408031819.AA18977@focis.sda.cbis.COM> Message-ID: Paul, After I sent my reply I realized you all were speaking of video. We are not encrypting any of the data or voice we are pumping up to overseas. Matt From Ben.Goren at asu.edu Wed Aug 3 11:31:08 1994 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Wed, 3 Aug 94 11:31:08 PDT Subject: broadcast encryption Message-ID: At 11:06 AM 8/3/94, Matthew D. Finlayson wrote: >On Wed, 3 Aug 1994, Paul J. Ste. Marie wrote: >>>The US is a signatory to the International Telecommunications Union >>>(ITU) treaties that allocate various parts of the radio spectrum for >>>different uses around the world. One of those treaties (or some part >>>of one; I forget which) prohibits the use of encryption to "obscure >>>meaning." >> >>So how is it that the satellite companies are allowed to encrypt their >>signals, while individuals are not? Another example where >>corporations have greater rights than individuals? >> >> --Paul > >Who are these satellite companies? > >I work for a major international record carrier and I have no encryption on >any of the earth stations in my inventory. > > --Matt You mean that pay-per-view satellite TV is *not* encrypted? b& -- Ben.Goren at asu.edu, Arizona State University School of Music net.proselytizing (write for info): We won! Clipper is dead! BUT! Just say no to key escrow. And stamp out spamming, too. Finger ben at tux.music.asu.edu for PGP 2.3a (soon 2.6) public key. From cknight at crl.com Wed Aug 3 12:18:12 1994 From: cknight at crl.com (Chris Knight) Date: Wed, 3 Aug 94 12:18:12 PDT Subject: broadcast encryption In-Reply-To: <9408031734.AA18504@focis.sda.cbis.COM> Message-ID: On Wed, 3 Aug 1994, Paul J. Ste. Marie wrote: > So how is it that the satellite companies are allowed to encrypt their > signals, while individuals are not? Another example where > corporations have greater rights than individuals? > > --Paul > I'm sure I'll get corrected if I'm wrong, since my only claim to HAM knowledge is a couple of freinds and attendance at countless midwest HAM-fests... I believe a HAM license allows you to transmit on certain semi-publicly allocated frequency ranges. Companies encrypting their satalite uplink/downlink have paid for an exclusive license for that particular frequency, and can therefore scramble transmissions to protect their commercial interest. So, do I get flamed now? -ck From blane at squeaky.free.org Wed Aug 3 12:31:57 1994 From: blane at squeaky.free.org (Brian Lane) Date: Wed, 3 Aug 94 12:31:57 PDT Subject: Steganography (Was Re: What kind of encryption to incorporate?) In-Reply-To: Message-ID: On Wed, 3 Aug 1994, Andrew Brown wrote: > > On Wed, 3 Aug 1994, Brian Lane wrote: > > > How about hiding data in digitized audio? With enough audio the data > > wouldn't degrade the signal noticably. > > I've already done that, it's included in the s-tools v2 package as a > module to conceal information in .WAV files. is this a DOS only program, or are you distributing source? Where can I FTP it from? Brian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From jdd at aiki.demon.co.uk Wed Aug 3 12:37:36 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 3 Aug 94 12:37:36 PDT Subject: encryption and Ham Radio Message-ID: <3546@aiki.demon.co.uk> In message <199408031613.MAA14343 at cs.oberlin.edu> Jonathan Rochkind writes: > A while ago I thought about getting a Ham Radio license for doing TCP/IP over the airwaves. I never got around to learning the details, but I know that it is > possible, and that many Hams in big cities have detailed digital nets running > over the airwaves, using TCP/IP, or other protocols. There are even some > gateways onto the internet. > For those interested in wireless Internet communications, this might be of interest: In message James Horton writes: < The next gereration of RF devices will make wireless, point to < point links, of 5-20 miles, very inexpensive. Small businesses < and individuals can build their own AS and negotiate with < national operators to get inter-connectivity! Options are increasing < daily, I just hope the RF chipsets can be purchased in the USA < and WE will not have to go overseas! < < CFTnet, the ISP of which I'm part of, is currently prototyping < an inexpensive board that combines, modems, ethernet, a unix OS, < ISDN ports, T1 or 56K ports, and network security features, into a < single system. I'm certain other designers are being creative < concurrently. < < The marketing strategy with this board is to offer, FLAT RATE < access, in every city in America. The board operates on 48VDC, < for telco co-location, or 115vac. Hopefully, the board will be in < production in 3-5 months. It seems that several of the < 'behind the technology innovation curve' telcos are interested in < jumping into the flat rate party. < Names withheld > < < Communication systems will continue to get less expensive, as < technology progresses and RF spectrum gets re-allocated to < non-licensed uses. Append to this argument: the 'HDSL, High Data-rate < Subscriber Line chipsets that convert ordinary POTS into T1 lines and dark < fiber companies and you get an enormous increase in bandwidth, at reduced < prices. [much stuff snipped] < Packet filtering may just give the internet hacker/cracker < community a new target. I've heard that now the Ci--- routers have < been comprimised and that 'source routing and virtual interfaces' < are the latest tool of the DARK side of the NET? ... < ******************************************************************* < * Creative Friendly Technologies 813 980 1317 * < * James Horton, CFTnet Operations horton at cftnet.com * < ******************************************************************* It is interesting that if in fact the FCC does forbid encryption of wireless Internet traffic, it opens the way for hacking on a massive scale. -- Jim Dixon From sidney at taurus.apple.com Wed Aug 3 12:37:58 1994 From: sidney at taurus.apple.com (Sidney Markowitz) Date: Wed, 3 Aug 94 12:37:58 PDT Subject: broadcast encryption Message-ID: <9408031931.AA09915@apple.com> The idea behind allocating frequencies for amateur use is that hams could engage in a hobby with no commercial use which provides an infrastructure for emergency public service communications. To prevent any commercial use of those frequencies, to facilitate enforcement of the rules, and to facilitate the participation by anyone who obtains the proper knowledge and equipment, it is illegal to transmit in a way that "obscures the meaning" of the transmission to people who would want to listen in. So, for example, morse code and ASCII are the only exceptable digital codes, and various modulation techniques are standardized as the technologies are developed. In any case, the amateur frequencies are specifically reserved for non-private communications and are subject to restrictions that have nothing to do with the terms under which other commercial frequencies are licensed. Those frequencies may be licensed for uses that include private communications of some sort. And, since the regulations are based on the principal that broadcast spectrum is a fixed, limited resource, none of this applies to communications carriers who do not operate by broadcasting over the air. -- sidney From blane at squeaky.free.org Wed Aug 3 12:38:44 1994 From: blane at squeaky.free.org (Brian Lane) Date: Wed, 3 Aug 94 12:38:44 PDT Subject: broadcast encryption In-Reply-To: <9408031734.AA18504@focis.sda.cbis.COM> Message-ID: On Wed, 3 Aug 1994, Paul J. Ste. Marie wrote: > > The US is a signatory to the International Telecommunications Union > > (ITU) treaties that allocate various parts of the radio spectrum for > > different uses around the world. One of those treaties (or some part > > of one; I forget which) prohibits the use of encryption to "obscure > > meaning." > > So how is it that the satellite companies are allowed to encrypt their > signals, while individuals are not? Another example where > corporations have greater rights than individuals? > > --Paul > > They can do this because the FCC has SOLD part of our airwaves to the company. They can do pretty much anything they want to do with it. The deceptive signals rules apply to Amateurs only. I'm currently studying for my no-code ham license so that I can start playing with on air TCP/IP and my Linux system. Maybe they'll changes the rules if enough 'new' hams could get together. I say 'new' because there are alot of old hams who like things the way they are - they even fought the change in rules that allow no-code users to get a license without having to take morse code(a waste of time in my opinion). Brian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From cjl at welchlink.welch.jhu.edu Wed Aug 3 13:28:16 1994 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Wed, 3 Aug 94 13:28:16 PDT Subject: Remailer traffic analysis foiling Message-ID: Remailer hackers, I've been thinking about the problem of traffic analysis of anonymous remailers and I have a question to pose to those of you whose thoughts on this topic are "more frequent or fully-formed". Would there be any advantage to giving remailers a MIRV capability? The idea goes like this: The message arrives, the PGP wrapper is removed, the message is scanned for some specific token imbedded in the text (ala Matt Ghio's Cutmarks function). That token is a divider between two outbound messages. These messages are sent along their respective ways. The result is something like a 10K message coming in, and a 7K and a 3K message leaving. If one of these goes to the bit bucket, it is like having added padding stripped off. Alternately they each could be part of the real message, previously split and then sent via different paths to reduce chances of complete message interception. I guess the issues involved are: 1) How difficult would this be to code? [Yeah, yeah "Cypherpunks write code"(TM), but some of us write genetic code, not computer code :-)] 2) What is the credible threat of traffic analysis? a) Does multiplication of messages and their routing schemes create problems of scale for these alleged eavesdropers? b) Do you assume that if it's not a compromised server, that what goes on inside the machine is hidden? Now before the Zippos start flicking, I've followed the the latency vs. reordering argument, and accept that latency *may* acheive reordering, but not necessarily. In this system though, different latencies after the split would seem to acheive something because without reliable size in/out information it would be harder to correlate message in with messages out. Comments (incendiary or or otherwise) requested. C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From cactus at bb.com Wed Aug 3 13:32:03 1994 From: cactus at bb.com (L. Todd Masco) Date: Wed, 3 Aug 94 13:32:03 PDT Subject: clarification please Message-ID: <199408032035.QAA09103@bb.com> From: will at thinkmedia.com (thinkmedia.com): >> Events like Waco and the Persian Gulf War, in which an >> authoritarian superpower obliterates a mostly harmless and >> largely defenseless group of people, translate with relative ease >> to the cyberspacial realm. > > I remember reading a Scientific American article about two years before > Iraq invaded Kuwait, in which it was made clear Iraq had and were > developing missiles with ranges paralleling only U.S., Russia and China. I > don't think harmless and defenseless quite fits the description. Maybe > wannabe super power would be more accurate. Harmless and defensive is how I would describe the 100s of thousands of civilians masscred by the United States. The really dangerous people were safe inside their bunkers. It's an important point: regardless of the threat that the Iraqi government posed, the US government chose to destory the country rather than making a real attack against only the government. They were able to do this for two big reasons, both directly attributable to political factors (as well as the fact that there is not a large vocal Iraqi population in the US): 1) Very few US lives were lost (the "vietnam/cambodia" lesson) or at risk. 2) The US government managed to make, through direct censorship and disinformation, the US people identify the residents of Iraq with the government of Iraq. Thus, the wholesale bombing of civilian centers that posed no direct to the United States became acceptable as long as it was reported in emotionally comfortable terms. It's really not so different than the War On Some Drugs or half a dozen other power-plays... and this is the propaganda machine that we will have to face if we're unlucky enough that Clinton/Gore actual get their act together enough and get the rest of the government behind them to make a real PR effort (as opposed to the clumsy scare tactics we've soon so far). -- L. Todd Masco | Bibliobytes books on computer, on any UNIX host with e-mail cactus at bb.com | "Information wants to be free, but authors want to be paid." From hughes at ah.com Wed Aug 3 13:39:01 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 3 Aug 94 13:39:01 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408031545.IAA17162@netcom11.netcom.com> Message-ID: <9408032008.AA11522@ah.com> Taxation should be small, uniform, and applied to transactions and never to the earnings of individuals. The earnings of individuals, however, _are_ exactly one sort of transaction tax. If you wish to make an exception for personal income, then you wish to make an exception out of every transaction where one of things exchanged is labor. Therefore, you would have to have a certificate which said "this is labor being exchanged." My suspicion is that the amount of the economy performed as labor would skyrocket. Either you tax each and every motion of money or you require an intrusive anti-privacy system in order to determine taxability. I can tell you now, large interbank transfers aren't going to be taxed. Intra-corporate transfers aren't going to be taxed. In order to tax transactions you have to know what the transactions are. A transfer of money is not always a transaction. The simplest case is where I move money from an account at one bank to an account at another. That's merely a transfer; there is nothing exchanged. A VAT would do the trick nicely and could be easily built into the DigiCash system of the future. Such a "compromise" (read, sell-out) could technically be built into a transfer scheme. Requiring VAT on all transactions through this scheme would effectively restrict it to consumer level sales. Businesses wouldn't use it for wholesale transfers, and individuals wouldn't use it amongst themselves. Thus there would be alternate ways of transferring money, and these ways could be used to settle transactions. If individuals wish to go to the trouble of avoiding taxes setting up secret businesses that encrypt all transactions, more power to them. The small number of people who will bother to do this will not have any real impact on taxation. Really? It would be small? Suppose we assume unrestricted encryption, as you suppose. Assume the USA for purposes of discussion. Further suppose that's it's really easy to set up a digital account, denominated in dollars, in a non-USA jurisdiction, say, China. All the transactions are encrypted, and China's not talking to USA authorities--they don't have to. I think the interesting question here is how soon the USA government has to change its regulations because so much business (and hence capital) has left the USA. When capital flight for the individual is easy (and it's not right yet), expect to see rapid changes. Eric From mccoy at io.com Wed Aug 3 13:40:49 1994 From: mccoy at io.com (Jim McCoy) Date: Wed, 3 Aug 94 13:40:49 PDT Subject: broadcast encryption In-Reply-To: <9408031734.AA18504@focis.sda.cbis.COM> Message-ID: <199408032040.PAA15739@pentagon.io.com> > > The US is a signatory to the International Telecommunications Union > > (ITU) treaties that allocate various parts of the radio spectrum for > > different uses around the world. One of those treaties (or some part > > of one; I forget which) prohibits the use of encryption to "obscure > > meaning." > > So how is it that the satellite companies are allowed to encrypt their > signals, while individuals are not? Another example where > corporations have greater rights than individuals? Well, it is a bit complicated and involves a bit of obfuscation, but there is a little bit of info regarding this in the August Wired issue (pg 127). For starters, a treaty that the US may sign is not "law" in the formal sense of the word, Congress must do a bit of legislative juggling to codify the treaty into the USC. So, for the prohibition on encrypting wireless transmissions we go to the 1934 Communications Act which banned the use of encryption and scrambling for wireless communications. Skip forward 50 years to the 1984 Cable Communications Act; this set of laws makes private communications secure and allows one to encrypt private communications outside the "hobby" bandwidths. This bill basically defined satellite broadcasts as private communications because thier primary purpose (at the time the bill was written) is to provide a communication channel to the local cable companies. Of course, since the time the bill was passed things have changed quite a bit. How something like the the direct broadcast satellite tv system will fit into this is also unclear. jim From mpd at netcom.com Wed Aug 3 13:56:00 1994 From: mpd at netcom.com (Mike Duvos) Date: Wed, 3 Aug 94 13:56:00 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408031702.KAA29908@netcom3.netcom.com> Message-ID: <199408032055.NAA15886@netcom6.netcom.com> Timothy C. May writes: > (Good sentiments about small government elided....) Thank-you. >> Taxation should be small, uniform, and applied to >> transactions and never to the earnings of individuals. ... A >> VAT would do the trick nicely and could be easily built into >> the DigiCash system of the future. > Not the untraceable cash systems most of us are interested > in, that's for sure. Since transactions between "Alice" and > "Bob" are invisible to outsiders, and they may not even know > the identity of the other, then it's hard to imagine how the > Tax Man interjects himself. The theoretical possibility of untraceable cash systems and the absence of legal sanctions against those who use them do not imply that such systems will become the standard in the future. Even in the obnoxious political climate which prevails in this country today, strong crypto is in the hands of only a few percent of the citizens. In a society with a "user-friendly" government, most people wouldn't even be interested. If given a choice between ordering a pizza by clicking ones air mouse while tuned to the Pizza Channel, and ordering one via Tim's Strong Crypto Pizza Service in order to avoid a small VAT, most people will choose the easy way. A good analogy to this in our current society is the enforcement of copyright laws. Most people buy paperback books instead of xeroxing them because they are reasonably priced and it isn't worth the aggrevation. If paperback books cost $100, this would no longer be the case. Most people buy computer software priced under $100 instead of copying it from a friend because they get a nice set of bound printed manuals. Network shopping services which use strong crypto and non-standard DigiCash protocols to avoid a painless VAT will have poor propagation, limited access, negative PR, and few customers. It's like trying to set up your machine on the Internet without using TCP/IP. Few people will take the trouble to talk to you and you won't be able to talk to anyone else. Sure you could do it, but why bother? > Unless of course some "escrow" system is mandated, and > independent schemes are extirpated ruthlessly. Not a pretty > sight. Neither of these things will be necessary to get the majority of the population to use the default means of doing things. You greatly underestimate the power of human sloth. > In the crypto anarchist future I envision, this will never > happen. Mike and his friends are of course free to donate > some or all of their earnings to provide a "guaranteed > annual income" for others, but not me. Again Tim and his friends are free to conduct all their transactions via unbreakable protocols of their own construction, avoid all taxes, and do business only with others who cooperate. As long as the percentage of similarly minded individuals is appropriately small, it has no real effect on society and probably costs a lot less than an enforcement agency would. Of course Tim won't be watching HBO or Showtime, shopping with a major credit card, or helping his broker churn his account at Smith-Barney. Not my problem. You are never going to get the majority of people in this country to agree to design the default protocols for commerce on the Net with the specific intent of making it possible for people to avoid taxes using strong cryptography. You'd have more luck persuading them to tear up their health insurance or burn down their houses. > Huh? This paragraph does not compute. I seem to have accidently deleted a word somewhere. Oh well. >> Thus strong crypto, egalitarianism, less government, and >> tolerable taxes can all live happily together in our future. >In your dreams. Many good ideas have started with dreams. Benzene rings, for instance. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From rfb at lehman.com Wed Aug 3 13:58:42 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 3 Aug 94 13:58:42 PDT Subject: Message pool: alt.anonymous.messages Message-ID: <9408032057.AA08958@fnord.lehman.com> I newgrouped alt.anonymous.messages as a simple implementation of a message pool. I imagine that it will take a while to propagate, but once it's accessible from the mail-to-news gateways, it should serve as a more reasonable place than alt.security.pgp or alt.test for anonymous communication that's less subject to traffic analysis on the recipient side. Rick From perry at imsi.com Wed Aug 3 14:11:35 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 3 Aug 94 14:11:35 PDT Subject: broadcast encryption In-Reply-To: <199408032040.PAA15739@pentagon.io.com> Message-ID: <9408032110.AA13116@snark.imsi.com> Jim McCoy says: > For starters, a treaty that the US may sign is not "law" in the formal > sense of the word, Congress must do a bit of legislative juggling to codify > the treaty into the USC. Actually, a treaty, once ratified by the Senate, is "the supreme law of the land", ranking with the constitution in superceeding all other law. If Congress does not pass enabling legislation, the courts will happily enforce the treaty. This has nothing to do with cryptography, however, so I'd suggest that further discussion of this should take place in private mail. Perry From jamiel at sybase.com Wed Aug 3 14:18:20 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Wed, 3 Aug 94 14:18:20 PDT Subject: clarification please Message-ID: <9408032116.AA19332@ralph.sybgate.sybase.com> At 4:35 PM 08/03/94 -0400, L. Todd Masco wrote: >It's really not so different than the War On Some Drugs or half a dozen > other power-plays... and this is the propaganda machine that we will have > to face if we're unlucky enough that Clinton/Gore actual get their act > together enough and get the rest of the government behind them to make a > real PR effort (as opposed to the clumsy scare tactics we've soon so far). I understand what you are saying, but it is fascinating that Clinton gets (by inplication) blamed for Iraq and the war on drugs, when those are both Republican creations. Granted, Clinton is carrying through on the WOD, but he kind of has to, considering 'nessessary political games, washinton style.' Not that I am a clinton fan, I merely like giving credit where credit is due, and much of this (including, as has been oft stated here, the beginnings of clipper) belongs to those 12 years of republican mess making that got Clinton in office in the first place. -j -- "Blah Blah Blah" ___________________________________________________________________ Jamie Lawrence From yusuf921 at raven.csrv.uidaho.edu Wed Aug 3 14:33:35 1994 From: yusuf921 at raven.csrv.uidaho.edu (Jidan) Date: Wed, 3 Aug 94 14:33:35 PDT Subject: Remailer traffic analysis foiling In-Reply-To: Message-ID: On Wed, 3 Aug 1994, cjl wrote: > Remailer hackers, > > Would there be any advantage to giving remailers a MIRV capability? > > [deleted] > I guess the issues involved are: > [ deleted] > 2) What is the credible threat of traffic analysis? > a) Does multiplication of messages and their routing schemes create > problems of scale for these alleged eavesdropers? > b) Do you assume that if it's not a compromised server, that > what goes on inside the machine is hidden? > for total anon post/mail How workable is setting up remailers with psudo-cooperation so that when it recieves an anon mail it waits 20 or so min and then randomly sends copies of it to 5 other remailers of which the original reciever randomly decides which 1 of the 6 will post and the rest simply discard. a 5 fold increase in traffic will make it harder to analize if 80% is just noise Duct tape is like the force. It has a light side, and a dark side, and it holds the universe together ... -- Carl Zwanzig From perry at imsi.com Wed Aug 3 14:49:20 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 3 Aug 94 14:49:20 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408032055.NAA15886@netcom6.netcom.com> Message-ID: <9408032148.AA13199@snark.imsi.com> Not that I wanted to get in to this, but Mike was begging for it. Mike Duvos says: > The theoretical possibility of untraceable cash systems and the > absence of legal sanctions against those who use them do not > imply that such systems will become the standard in the future. > Even in the obnoxious political climate which prevails in this > country today, strong crypto is in the hands of only a few > percent of the citizens. In a society with a "user-friendly" > government, most people wouldn't even be interested. Ahem. If I told you that I could save you tens of thousands of dollars a year just by using some simple to use software, would you do it? Well, if you had some simple to use software system that allowed you to escape from the above ground economy, you could personally save tens of thousands a year. > If given a choice between ordering a pizza by clicking ones air > mouse while tuned to the Pizza Channel, and ordering one via > Tim's Strong Crypto Pizza Service in order to avoid a small VAT, > most people will choose the easy way. 1) What makes you think the VAT will be small? Assuming that you have to pay for a government the size of the current one, only using VATs, you are going to have to take about half the cost of all goods and services in accumulated VAT by the time the goods hit the consumer. (This is for the obvious reason that the government spends half the GDP in the US.) 2) What makes you think it will be inconvenient? I know of two pizza places in Manhattan where they very likely don't pay taxes and where you can also buy drugs. (No, I'm not going to tell you where they are, and no, I don't buy drugs from them. I don't go telling the police such things, however.) The underground economy in the U.S. is huge -- enormous, in fact. Most of us interact with it every day without even realizing it. As a small example, the clothing manufacture industry in New York survives on illegal factories running almost entirely underground. Ever tip a waiter in cash? Ever pay for a haircut in cash? Ever make a purchase from a Mom & Pop grocery in cash? > Again Tim and his friends are free to conduct all their > transactions via unbreakable protocols of their own construction, > avoid all taxes, and do business only with others who cooperate. > As long as the percentage of similarly minded individuals is > appropriately small, it has no real effect on society and > probably costs a lot less than an enforcement agency would. There are tens of millions of people completely evading taxes now, and the percentage of the population who underreport or patronize services that underreport aproaches 100%. > Of course Tim won't be watching HBO or Showtime, shopping with a > major credit card, or helping his broker churn his account at > Smith-Barney. Not my problem. Tim will likely pay his broker to churn his account in Switzerland and do just as well. He'll have a credit card from a bank in the Bahamas. He'll probably do just fine watching HBO and Showtime, too. Perry From cjl at welchlink.welch.jhu.edu Wed Aug 3 14:53:10 1994 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Wed, 3 Aug 94 14:53:10 PDT Subject: Remailer traffic analysis foiling In-Reply-To: Message-ID: On Wed, 3 Aug 1994, Jidan wrote: > > for total anon post/mail > How workable is setting up remailers with psudo-cooperation > so that when it recieves an anon mail it waits 20 or so min > and then randomly sends copies of it to 5 other remailers of which > the original reciever randomly decides which 1 of the 6 will post > and the rest simply discard. > a 5 fold increase in traffic will make it harder to analize if > 80% is just noise I think that sending many copies of the same message sounds like a good way of making sure that it ends up being monitored by some alleged surveillance net. Sending dummy messages is another matter. A fivefold increase in traffic may or may not have an impact on analysis, depending on your assumptions about the adversary's capabilities. Anyway, you still have a message of fixed size going in one end, coming out the other, and landing in someone's mailbox. The superfluous messages may in fact be easy to identify if they are addressed to bit.bucket at dev.null. C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From jrochkin at cs.oberlin.edu Wed Aug 3 14:55:22 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 3 Aug 94 14:55:22 PDT Subject: broadcast encryption Message-ID: <199408032155.RAA20784@cs.oberlin.edu> > of those frequencies, to facilitate enforcement of the rules, and to > facilitate the participation by anyone who obtains the proper knowledge and > equipment, it is illegal to transmit in a way that "obscures the meaning" > of the transmission to people who would want to listen in. So, for example, > morse code and ASCII are the only exceptable digital codes, and various > modulation techniques are standardized as the technologies are developed. That kind of explains why encryption is not allowed on ham bands, but it doesn't satisfy me. The difference between ham and other bands, is to use other frequencies I've got to pay the FCC major money for a license, or pay some commercial service provider who payed the FCC major money. With ham, I don't have to pay no one nothing, except maybe $10 for a ham license. ham, or some other frequency reserved to work like ham, could easily serve as a poor man's connection to the internet. Anyone with a desktop PC can invest another hundred dollars or so, and have a really low bandwith (2400bps) direct connection to the internet. You can do IP over ham, although it's really dificult to do so currently without breaking the law and losing your license. A public ham or ham-like radio band would seem to be something the cypherpunks would really like. It would definitely facillitate the creation of a sort of blacknet type thing. The government has given the public citizens band, and ham radio, if they're not going to open up ham so it can be used in the ways I'm thinking of, why not take another hunk of spectrum and give it to the public, specifically intended for digital transmissions (IP or otherwise). This seems to be something we should be campaigning for, and the EFF should be lobbying for. Of course, the reason "why not" is because the government can make tons of money by selling the spectrum to Microsoft instead. From cjl at welchlink.welch.jhu.edu Wed Aug 3 15:01:52 1994 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Wed, 3 Aug 94 15:01:52 PDT Subject: Remailer traffic analysis foiling In-Reply-To: Message-ID: Since it was posted twice I guess I can reply twice :-) On Wed, 3 Aug 1994, Jidan wrote: > for total anon post/mail > How workable is setting up remailers with psudo-cooperation > so that when it recieves an anon mail it waits 20 or so min > and then randomly sends copies of it to 5 other remailers of which > the original reciever randomly decides which 1 of the 6 will post > and the rest simply discard. > a 5 fold increase in traffic will make it harder to analize if > 80% is just noise This scheme wouldn't be workable in the currently fragile and ephemeral net of remailers. They would have to spend a lot of time talking to each other and making sure that they all had up-to-date lists of valid remailers. That's too much of a burden to put on the net.philanthropists that are currently operating mailing lists. Any validation of a chained remailer pathway is up to the user (not exactly *caveat emptor* cause you ain't paying for anything, but you get the idea) C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From jrochkin at cs.oberlin.edu Wed Aug 3 15:10:59 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 3 Aug 94 15:10:59 PDT Subject: Remailer traffic analysis foiling Message-ID: <199408032210.SAA21183@cs.oberlin.edu> > How workable is setting up remailers with psudo-cooperation > so that when it recieves an anon mail it waits 20 or so min > and then randomly sends copies of it to 5 other remailers of which > the original reciever randomly decides which 1 of the 6 will post > and the rest simply discard. Part of the problem with any scheme that involves remailers automatically sending traffic onward to other remailers (whether a plan like yours, or just adding links to the remailer chain automagically), is that there seem to be only a few stable and reliable remailers. The rest come and go periodically. To get the best use of a plan like this, you've got to keep track of which remailers are up right now, so as to have the most remailers to use for this purpose. Or, really, you've got to have a way for your remailer to do this automatically without your intervention. Most people seem to think this problem will go away eventually, and remailers will become more stable and reliable. I dont' think this is neccesarily true. It's true that remailers which charge money for the service will probably be more secure and reliable (because they need to be to get business), but I think we should work to develop a sort of "remailer net" that doesn't need reliability to operate, that can operate in more dificult circumstances. One idea I came up with to achieve this goal is a sort of remailer control newsgroup, call it alt.anonremailer.net. Every participating remailer would periodically post an "I am here" message to the newsgroup. Say, once every 24 hours. The message could include the anon remailers address, and public key. A participating anon remailer would periodically scan this newsgroup, and keep track of remailers which are verified to have been working properly sometime in the last 24 hours. The remailers could check signatures on the message to be sure that it's signed by the real mccoy, and when a new remailer is encountered on alt.anonremailer.net, signatures on it's public key could be checked, and the remailer wont' be used unless it's signed by trusted people. The old web of trust. The more I think about this, the better an idea it seems to me. It seems a way of creating a remailer net that is reliable even in unreliable circumstances, and also makes using remailers more automized then it is now. Every use who uses anon mailers could have a daemon running to keep track of this newsgroup, and auto-generate remailer-chains that are composed of guaranteed-working remailers. It seems like a spiffy idea. But last time I posted it, no one responded. Maybe I'm overlooking something, and it's actually a really stupid idea. If that's the case, can someone say so and explain why? From berzerk at xmission.xmission.com Wed Aug 3 15:32:20 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Wed, 3 Aug 94 15:32:20 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408031702.KAA29908@netcom3.netcom.com> Message-ID: On Wed, 3 Aug 1994, Timothy C. May wrote: > > secret police organizations like the IRS. A VAT would do the > > trick nicely and could be easily built into the DigiCash system > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > of the future. > ^^^^^^^^^^^^^^ > Not the untraceable cash systems most of us are interested in, that's > for sure. Since transactions between "Alice" and "Bob" are invisible > to outsiders, and they may not even know the identity of the other, > then it's hard to imagine how the Tax Man interjects himself. Which is a good reason to tax only property and government services. Yes, I am a communist Libertarian, and favor a 1%ish 100 year tax on land, water, and sky.(but not the information content of the land or wood, so a house is the same as a field is the same as a skyscraper). Berzerk. From sidney at taurus.apple.com Wed Aug 3 15:43:20 1994 From: sidney at taurus.apple.com (Sidney Markowitz) Date: Wed, 3 Aug 94 15:43:20 PDT Subject: Remailer traffic analysis foiling Message-ID: <9408032242.AA06825@toad.com> I was under the impression that remailers already allowed for multiple messages with separate destinations to be batched in one message with appropriate embedded demarcation headings. How about if a remailer reordered incoming messages, batched groups of messages, and sent the batches to different remailers for chaining? That would achieve the effects on traffic analysis without multiplying traffic. If you want to keep chaining strictly under the senders' control, the batching could be done with messages that are marked by the sender as being destined for chaining through the same remailer. But I don't like that as much. Jonathan Rochkind suggested that the remailers could signal their availability via posts to a special alt newsgroup. I think it would be easier and more reliable if instead the remailers contacted each other directly in some way to check for availabity. Perhaps they could listen on some port, perhaps a finger daemon, anything that would let one remailer ask another for some sort of status check. Automated chaining between mailers that confirm availabilty before passing on messages would be more reliable than a user choosing the entire chaining path before mailing off the message. And it would allow the chained messages to be reordered and batched. -- sidney From sidney at taurus.apple.com Wed Aug 3 15:48:06 1994 From: sidney at taurus.apple.com (Sidney Markowitz) Date: Wed, 3 Aug 94 15:48:06 PDT Subject: broadcast encryption Message-ID: <9408032247.AA06921@toad.com> Jonathan Rochkind wrote about why amateur frequencies should be available for a peoples Internet access: The problem with the radio spectrum is that it is not free, it is a limited resource. If the allowed use of some portion of the spectrum became too easy, too useful, too profitable, then that portion would soon become overloaded with traffic. That is one reason why hams cannot use their frequencies for any kind of commercial transaction. Once there could be people making money from the airwaves, they would quickly crowd out the amateurs. If the government is going to subsidize public access to communications internetworks, they would do much better to subsidize a technology that is better suited to point-to-point switched routing. Of course, that may be in the form of broadcast electromagnetic signals at line-of-sight frequencoes, whether something like the current cellular telephone network with higher frequencies and smaller cells, or lots of small satellites, or it could involve subsidizing lots of fiber all over the place. It is the case that there is a lot of pressure for the FCC to make money privatizing sections of the spectrum. The recent auction of licenses for newly allocated spectrum earned them much more than was predicted, and will make it that much harder for hams to hold on to much of the spectrum that they already have. -- sidney markowitz KD6AVY From ianf at simple.sydney.sgi.com Wed Aug 3 15:57:10 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Wed, 3 Aug 94 15:57:10 PDT Subject: DES Flames In-Reply-To: <199408031722.AA10579@world.std.com> Message-ID: <9408040854.ZM1879@simple.sydney.sgi.com> On Aug 3, 1:22pm, Kent Borg wrote: > Given: > 1) Some people worry about the strength of DES. (Correct?) As a cipher which is completely secure against all levels of attack, yes. DES would still be suitable for tactical encryption where the lifetime of the information is less than a few minutes (and is useless past that time), or in situations where your adversary known, unique and is not well funded. Outside these categories, I would say that most, not "some", people who are familiar with the issues worry about the strength of DES. > 2) DES is within striking distance of a brute-force attack, > this is far-and-away its most serious weakness. (Correct?) Always has been, which was a point (Diffie?) made right at the beginning. The problem is that it has now reached the point where the resources needed to construct a brute-force search engine are commercially available. Given the current development of FPGA's and so forth, I would predict that within three to five years you will be able to do a brute-force search using commercially available off-the-shelf FPGA arrays. > 3) 3-DES is nowhere near soon being vulnerable to a > brute-force attack. (Correct?) That is the supposition. DES is not a group (proven), and so it is assumed that 3DES gives a keyspace to search which is not practical even in the distant future. > It follows then that: > 3-DES is a trivial fix of DES' ills. (Correct?) Perhaps. > Now, I repeat my puzzle. If there really was a Great Government > Gnashing of teeth over how to replace DES, what was the problem? Options: 1. 3DES is not as secure as we think. I do not believe that NIST has said anything about this one way or the other, and their silence is rather interesting. 2. 3DES IS as secure as we think (or nearly so), and they know it, and they are keeping us in the dark because they do not want to give any of us strong non-escrowed encryption. The FUD principle. 3. 3DES is stronger than DES, but not as strong as we all think. The NSA is not willing to specify a cipher whose key entropy is not a substantial portion of it's keysize. Let's assume (2). What makes me wonder is that the NSA was obviously aware of the possibilities of superencryption back in the 1970's, and I would have expected them specify the production of a cipher which WAS a group to defeat this. Options: a. It is not possible to produce a secure cipher which is a group (anyone got any comments on this thought? I must admit that it is not something I have given a lot of thought to, and I certainly have no mathematical backing for this supposition.) b. The NSA didn't know how to produce a cipher which was a groups. Let's not have any "the NSA can do anything" arguments, please. I am positive that they have quite amazing skills in cipher design, but they're not all powerful. Because of this, they're sitting tight and hoping that we won't notice. c. The NSA didn't care (unlikely). d. The NSA did care, expected to specify it when DES became unviable (which is a really neat solution, if you consider the installed base and the fact that it is mostly a software update in the drivers even for the hardware implementations). Then the political climate changed in the USA, civilian crypto started to make the management nervous, and they shelved the idea. I go for (d). Anyone else? Ian. From gnu Wed Aug 3 16:03:04 1994 From: gnu (gnu) Date: Wed, 3 Aug 94 16:03:04 PDT Subject: Digital Telephony bill, August 1 draft Message-ID: <9408032302.AA07275@toad.com> FYI. -- John Gilmore DRAFT - August 1, 1994 SECTION 1. INTERCEPTING DIGITAL AND OTHER COMMUNICATIONS. Title 18, United States Code, is amended by adding the following new chapter: "CHAPTER 120 -- TELECOMMUNICATIONS CARRIER ASSISTANCE TO THE GOVERNMENT "Sec. 2601. Assistance requirements. "(a) CAPABILITY REQUIREMENTS. -- Except as provided in subsections (b), (c) and (d) of this section and subsection (c) of section 2606, a telecommunications carrier shall ensure that its services or facilities that provide a customer or subscriber with the ability to originate, terminate or direct communications have the capability to -- (i) expeditiously isolate and enable the government to intercept, to the exclusion of any other communications, all wire and electronic communications carried by the carrier within a service area to or from equipment, facilities or services of a subscriber of such carrier concurrent with their transmission to or from the subscriber's service, facility or equipment or at such later time as may be acceptable to the government; (ii) expeditiously isolate and enable the government to access call identifying information which is reasonably available to the carrier -- (1) either before, during or immediately after the transmission of a wire or electronic communication (or at such later time as may be acceptable to the government); and (2) in a manner that allows it to be associated with the communication to which it pertains, except that, with regard to information acquired solely pursuant to the authority for pen registers and trap and trace devices as defined in chapter 206 of this title, such call identifying information shall not include any information that may disclose the physical location of the subscriber, beyond what may be determined from the telephone number; (iii) deliver intercepted communications and call identifying information to the government in a format such that they may be transmitted by means of facilities or services procured by the government to a location away from the premises of the carrier; and (iv) facilitate authorized communications interceptions and call identifying information access unobtrusively and with a minimum of interference with any subscriber's telecommunications service and in a manner that protects the privacy and security of communications and call identifying information not authorized to be intercepted and protects information regarding the government's interception of communications and access to call identifying information. "(b) LIMITATIONS. This chapter does not authorize any law enforcement agency or officer to require the specific design of features or system configurations to be adopted by providers of wire or electronic communication service, nor does it authorize any law enforcement agency or officer to prohibit the adoption of any feature or service by providers of wire or electronic communication service. The requirements of subsection (a) do not apply to (i) information services or (ii) services or facilities that support the transport or switching of communications for the sole purpose of interconnecting telecommunications carriers or private networks. "(c) EMERGENCY OR EXIGENT CIRCUMSTANCES. In emergency or exigent circumstances, including but not limited to those described in sections 2518(7), 2518(11)(b) and 3125 of this title or in section 1805(e) of title 50, a carrier may fulfill its responsibilities under subparagraph (a)(iii) by allowing monitoring at its premises if that is the only means of accomplishing the interception or access. "(d) MOBILE SERVICE ASSISTANCE REQUIREMENTS. A telecommunications carrier offering a feature or service that allows subscribers to redirect, hand off, or assign their wire or electronic communications to another service area or another service provider, or to utilize facilities in another service area or of another service provider, shall ensure that, when the carrier that had been providing assistance for the interception of wire or electronic communications or access to call identifying information pursuant to a court order or lawful authorization no longer has access to the content of such communications or call identifying information within the service area where interception has been occurring as a result of the subscriber's use of such feature or service, information is available to the government, either before, during or immediately after the transfer of such communications, identifying the provider of wire or electronic communication service that has acquired access to the communications. "Sec. 2602. Notice of capacity requirements. "(a) NOTICE OF MAXIMUM AND INITIAL CAPACITY REQUIREMENTS. Within one year from the date of enactment of this Act, and after consulting with state and local law enforcement agencies, telecommunications carriers, providers of telecommunications support services, and manufacturers of telecommunications equipment, the Attorney General shall publish in the Federal Register and provide to appropriate telecommunications carrier associations, standards bodies and fora -- (i) notice of the maximum capacity required to accommodate all the communications interceptions, pen registers and trap and trace devices that the Attorney General estimates government agencies authorized to conduct electronic surveillance may conduct and use simultaneously; and (ii) notice of the number of all communications interceptions, pen registers, and trap and traces devices, representing a portion of the maximum capacity set pursuant to (a)(i), that the Attorney General estimates government agencies authorized to conduct electronic surveillance may conduct and use simultaneously four years from the date of enactment of this Act. Such notices may be based upon the type of equipment, type of service, number of subscribers, geographic location, or other measure. "(b) COMPLIANCE WITH CAPACITY NOTICES. Within three years of the publication by the Attorney General of a notice of capacity needs, or within four years from the date of enactment of this Act, whichever is longer, a telecommunications carrier shall ensure that its systems are capable of -- (i) expanding to the maximum capacity set forth in the notice provided pursuant to section (a)(i); and (ii) accommodating simultaneously the number of interceptions, pen registers and trap and trace devices for which notice has been provided pursuant to section (a)(ii). Thereafter, a telecommunications carrier shall ensure that it can accommodate expeditiously any increase in the number of interceptions, pen registers and trap and trace devices that authorized agencies may seek to conduct and use, up to the maximum capacity specified pursuant to section (a)(i). "(c) PERIODIC INCREASES IN NOTICE OF MAXIMUM CAPACITY REQUIREMENTS. The Attorney General shall periodically provide to telecommunications carriers written notice of any necessary increases in the maximum capacity specified pursuant to section (a)(i). Within three years after receiving written notice of such increased capacity requirements, or within such longer time period as may be specified by the Attorney General, a telecommunications carrier shall ensure that its systems are capable of expanding to the increased maximum capacity set forth in such notice. "Sec. 2603. Systems security and integrity. "A telecommunications carrier shall ensure that any court ordered or lawfully authorized interception of communications or access to call identifying information effected within its switching premises can be activated only with the affirmative intervention of an individual officer or employee of such carrier. "Sec. 2604. Cooperation of equipment manufacturers and providers of telecommunications support services. "A telecommunications carrier shall consult, as necessary, in a timely fashion with manufacturers of its telecommunications transmission and switching equipment and its providers of telecommunications support services for the purpose of identifying any service or equipment, including hardware and software, that may require modification so as to permit compliance with the provisions of this chapter. A manufacturer of telecommunications transmission or switching equipment and a provider of telecommunications support services shall, on a reasonably timely basis and at a reasonable charge, make available to the telecommunications carriers using its equipment or services such modifications as are necessary to permit such carriers to comply with the provisions of this section. "Section 2605. Technical requirements and standards for implementation of section 2601 requirements. "(a) SAFE HARBOR. To ensure the efficient and industry-wide implementation of the requirements established in section 2601 of title 18, United States Code, the Attorney General, in coordination with other Federal, State, and local law enforcement agencies, shall consult with appropriate associations and standards setting bodies of the telecommunications industry. A telecommunications carrier shall be in compliance with the capability requirements of section 2601 if it is in compliance with publicly available technical requirements or standards which meet the requirements of section 2601 adopted by an industry association or standards setting body. The absence of technical requirements or standards for implementing the requirements of section 2601 shall not preclude any carrier from deploying a technology or service nor shall the absence of standards relieve any carrier of the obligations imposed by section 2601. "(b) FCC AUTHORITY. In the event of a dispute about technical requirements or standards or if industry associations or bodies fail to issue technical requirements or standards, any person may petition the Federal Communications Commission to establish, by notice and comment rulemaking or other such proceedings as it may be authorized to conduct, specifications or standards that meet the requirements established in section 2601 of title 18, United States Code, protect the privacy and security of communications not authorized to be intercepted, and serve the policy of the United States to encourage the provision of new technologies and services to the public. In a proceeding under this section initiated by a telecommunications carrier, manufacturer of telecommunications transmission and switching equipment, or provider of telecommunications support services, the Commission, to recover the costs of its actions under this section, may assess and collect a fee against the carriers, manufacturers or providers that are parties to the proceeding. Such fee shall be deposited as an offsetting collection in, and credited to, the account providing appropriations to carry out the functions of the Commission and shall be available without fiscal year limitation. "(c) EXTENSION OF COMPLIANCE DATE FOR FEATURES AND SERVICES. A telecommunications carrier proposing to deploy, or having deployed, a feature or service within four years after the date of enactment of this Act may petition the Commission for one or more extensions of the deadline for complying with the requirements established in section 2601 of title 18, United States Code. The Commission may, after affording a full opportunity for hearing and after consultation with the Attorney General, grant an extension under this paragraph, if it determines that compliance with the requirements of section 2601 of title 18, United States Code, is not reasonably achievable through application of technology available within the compliance period. An extension under this paragraph shall extend for no longer than the earlier of (i) the date determined by the Commission as necessary for the carrier to comply with the requirements of section 2601 of title 18, United States Code; or (ii) in no event beyond two years after the date on which the initial extension is granted. An extension under this subsection shall apply to only that part of the carrier's business on which the new feature or service is used. "Sec. 2606. Enforcement orders. "(a) If a court authorizing an interception under chapter 119, under a State statute, or under the Foreign Intelligence Surveillance Act, or authorizing use of a pen register or a trap and trace device under chapter 206 or under a state statute finds that a telecommunications carrier has failed to comply with the requirements in this chapter, the court may direct that the carrier comply forthwith and may direct that a provider of support services to such carrier or the manufacturer of the carrier's transmission or switching equipment furnish forthwith modifications necessary for the carrier to comply. "(b) The Attorney General may apply to the appropriate United States District Court for, and the District Courts shall have jurisdiction to issue, an order directing that a telecommunications carrier, a provider of telecommunications carrier support services or a manufacturer of telecommunications transmission or switching equipment comply with this chapter. "(c) A court shall issue an order under subsections (a) or (b) only if it finds that -- (i) alternative technologies or capabilities or the facilities of another carrier are not reasonably available to law enforcement for implementing the interception of communications or access to call identifying information; and (ii) compliance with the requirements of this chapter is reasonably achievable through the application of available technology to the feature or service at issue or would have been reasonably achievable if timely action had been taken. A court may not issue an order where the government's demands for interception of communications and acquisition of call identifying information exceed the capacity for which notice has been provided under section 2602. "(d) A court issuing an order under this section may impose a civil penalty of up to $10,000 per day for each day in violation after the issuance of the order or after such future date as the court may specify. In determining whether to impose a fine and in determining its amount, the court shall take into account the nature, circumstances, and extent of the violation, and, with respect to the violator, ability to pay, good faith efforts to comply in a timely manner, effect on ability to continue to do business, the degree of culpability or delay in undertaking efforts to comply, and such other matters as justice may require. The Attorney General may file a civil action in the appropriate United States District Court to collect, and the United States District Courts shall have jurisdiction to impose, such fines. "Sec. 2607. Definitions. "As used in this chapter -- "(1) the terms defined in section 2510 of this title have, respectively, the definitions given such terms in that section; "(2) 'telecommunications carrier' means any person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire, as defined by section 3(h) of the Communications Act of 1934, and includes (i) any person or entity engaged in providing commercial mobile service, as defined in section 6002(b) of Public Law 103-66, and (ii) any person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest to deem such person or entity to be a common carrier for purposes of this Act. "(3) 'provider of telecommunications support services' means any person or entity that provides products, software, or services to a telecommunications carrier that are integral to the switching or transmission of wire or electronic communications; "(4) 'government' means the Government of the United States and any agency or instrumentality thereof, the District of Columbia, any commonwealth, territory or possession of the United States, and any state or political subdivision thereof authorized by law to conduct electronic surveillance; "(5) 'information services' means the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications, and includes electronic publishing, but does not include any use of any such capability for the management, control or operation of a telecommunications system or the management of a telecommunications service; "(6) 'call identifying information' means all dialing or signalling information associated with the origin, direction, destination, or termination of each communication generated or received by the subscriber equipment, facility or service of such carrier that is the subject of a court order or lawful authorization, but does not include any information that may disclose the physical location of the subscriber beyond what may be inferred from the telephone number." SECTION 2. EFFECTIVE DATE. Sections 2601 and 2603 of title 18 as added by section 1 of this Act shall take effect four years after the date of enactment of this Act. Unless otherwise specified, all other provisions of this Act shall become effective on the date of enactment. SECTION 3. REIMBURSEMENT AND FUNDING. (a) The Attorney General shall reimburse telecommunications carriers for all reasonable costs directly associated with (1) the modifications performed by carriers prior to the effective date of section 2601 or prior to the expiration of any extension granted under section 2605(c) of title 18, United States Code, as added by this Act, to establish the capabilities necessary to comply with section 2601; (2) establishing the maximum capacity requirements set pursuant to section 2602 of title 18; and (3) expanding existing facilities to accommodate simultaneously the number of interceptions, pen registers and trap and trace devices for which notice has been provided pursuant to section 2602. Notwithstanding any other provision of law, the Attorney General is authorized to establish any procedures and regulations deemed necessary to effectuate timely and cost-efficient reimbursement to telecommunications carriers for reimbursable costs incurred under this Act, under chapters 119 and 121 of Title 18, United States Code, and under the Foreign Intelligence Surveillance Act. If there is a dispute between the Attorney General and a telecommunications carrier regarding the amount of reasonable costs to be reimbursed, the dispute shall be resolved and the amount determined, in a proceeding initiated at the Federal Communications Commission under section 2605 of title 18 or by the court from which an enforcement order is sought under section 2606. (b) For fiscal years 1995 through 1998, there are authorized to be appropriated a total of $500,000,000. For fiscal years 1999 and thereafter, there are authorized to be appropriated such sums as may be necessary to carry out the purposes of this Act. (c)(i) On or before November 30, 1995, and on or before the same day each year for five years thereafter, the Attorney General shall submit to the Congress a report on the amounts paid during the preceding fiscal year in reimbursement to carriers for costs incurred in making modifications to comply with the provisions of this Act. Said reports shall include but not be limited to (1) a detailed accounting of the amounts paid to each carrier and the technology, feature or service for which the amounts were paid and (2) projections of the amounts expected to be paid in the then ongoing fiscal year, the carriers to which reimbursement is expected to be paid, and the technologies, services, or features for which reimbursement is expected to be paid. (ii) On or before April 1, 1996 and April 1, 1998, the General Accounting Office shall, after consultation with the Attorney General and the telecommunications industry, submit to the Congress a report reflecting its audit of the sums paid by the Attorney General to carriers in reimbursement. Such report shall include the findings and conclusions of the Comptroller General on the costs to be incurred after the compliance date, including projections of the amounts expected to be incurred and the technologies, services, or features for which expenses are expected to be incurred. SECTION 4. DEFINITION. Section 2510(4) of title 18 is amended by adding at the end thereof, before the semicolon, ", except that with regard to the transmission of a communication encrypted by a subscriber, a telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, the communication, unless the encryption was provided by the service provider and the service provider possesses the information necessary to decrypt the communication". SECTION 5. CORDLESS TELEPHONES. (a) Definitions. - Section 2510 of title 18, United States Code, is amended - (1) in paragraph (1), by striking "but such term does not include" and all that follows through "base unit"; and (2) in paragraph (12), by striking subparagraph (A) and redesignating subparagraphs (B) through (D) as subparagraphs (A) through (C) respectively. (b) Penalty. - Section 2511 of title 18, United States Code, is amended - (1) in subsection (4)(b)(i), by inserting "a cordless telephone communication that is transmitted between the cordless telephone handset and the base unit," after "cellular telephone communication,"; and (2) in subsection (4)(b)(ii), by inserting "a cordless telephone communication that is transmitted between the cordless telephone handset and the base unit," after "cellular telephone communication,". SECTION 6. RADIO-BASED DATA COMMUNICATIONS. Section 2510(16) of title 18, United States Code, is amended by striking the word "or" at the end of subparagraph (D) and inserting an "or" at the end of subparagraph (E) and adding the following new subparagraph: "(F) an electronic communication;" SECTION 7. PENALTIES FOR MONITORING RADIO COMMUNICATIONS THAT ARE NOT SCRAMBLED, ENCRYPTED, OR NON-PUBLIC. Section 2511(4)(b) of title 18, United States Code is amended by deleting the phrase "or encrypted, then -" and inserting the following: ", encrypted, or transmitted using modulation techniques whose essential parameters have been withheld from the public with the intention of preserving the privacy of such communication, then -" SECTION 8. TECHNICAL CORRECTION. Section 2511(2)(a)(i) of title 18 is amended by striking out "used in the transmission of a wire communication" and inserting in lieu thereof "used in the transmission of a wire or electronic communication". SECTION 9. FRAUDULENT ALTERATION OF COMMERCIAL MOBILE RADIO INSTRUMENTS. (a) Section 1029(a) of title 18 is amended by striking the word "or" at the end of subparagraph (3) and adding the following new subparagraphs: "(5) knowingly and with intent to defraud uses, produces, traffics in, has control or custody of, or possesses a telecommunications instrument that has been modified or altered to obtain unauthorized use of telecommunications services; or "(6) knowingly and with intent to defraud uses, produces, traffics in, has control or custody of, or possesses (i) a scanning receiver or (ii) hardware or software used for altering or modifying telecommunications instruments to obtain unauthorized access to telecommunications services." (b) Section 1029(c)(2) of title 18 is amended by striking "(a)(1) or (a)(4)" and inserting in lieu thereof "(a)(1), (a)(4), (a)(5) or (a)(6)". (c) Section 1029(e)(1) of title 18 is amended by inserting "electronic serial number, mobile identification number, personal identification number, or other telecommunications service, equipment, or instrument identifier," after "account number,". (d) Section 1029(e) of title 18 is amended by striking the word "and" at the end of subparagraph (5), by striking the period at the end of subparagraph (6) and adding "; and", and by adding the following new subparagraph: "(7) the term 'scanning receiver' means any device or apparatus that can be used to intercept a wire or electronic communication in violation of chapter 119 of this title." SECTION 10. TRANSACTIONAL DATA. (a) Section 2703(c)(1)(B) of title 18, United States Code, is amended by adding at the end thereof the following: "Records or other information disclosed under this subparagraph shall not include any interactive information generated by the subscriber or customer or any information identifying services used by the subscriber or customer, except the dialling or signalling information utilized in call or message processing."; (b) Section 3121 of title 18, United States Code, is amended by redesignating subsection (c) as (d), and adding a new subsection (c) as follows: "(c) Limitation. -- A government agency authorized to install and use a pen register under this chapter, or under state law, shall use technology reasonably available to it that restricts the recording or decoding of electronic or other impulses to the dialling and signalling information utilized in call processing." SECTION 11. REPORTING OF INTERCEPTIONS ENCOUNTERING ELECTRONICALLY ENCRYPTED COMMUNICATIONS. Section 2519(2) of title 18, United States Code, is amended by deleting everything after the semicolon in subparagraph (f) and inserting the following: "(g)the number of interceptions encountering electronically encrypted communications, specifying the number of such interceptions that could not be decrypted; and "(h)The information required by paragraphs (b) through (g) of this subsection with respect to orders or extensions obtained in a preceding calendar year." From mpd at netcom.com Wed Aug 3 16:05:26 1994 From: mpd at netcom.com (Mike Duvos) Date: Wed, 3 Aug 94 16:05:26 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <9408032148.AA13199@snark.imsi.com> Message-ID: <199408032305.QAA18526@netcom15.netcom.com> Perry E. Metzger writes: > Not that I wanted to get in to this, but Mike was begging > for it. > If I told you that I could save you tens of thousands of > dollars a year just by using some simple to use software, > would you do it? Well, if you had some simple to use > software system that allowed you to escape from the above > ground economy, you could personally save tens of thousands > a year. I am not convinced such software exists, that most major businesses would offer to interface with it, or that it would of necessity be "simple" or "easy to use". Once standards are created for commerce over the Net and the collection of the VAT, you are pretty much locked into using them if you wish to do business with any vendor of significant size. > What makes you think the VAT will be small? Bear in mind we are talking about a Utopian society of the future with a downsized government. Trying to support the current level of wasteful government spending from a VAT would send people fleeing for the borders. > What makes you think it will be inconvenient? I know of two > pizza places in Manhattan where they very likely don't pay > taxes and where you can also buy drugs. I know of some places on the Internet where I can chat with people using a version of Unix talk which encrypts. But if I want to talk to some random person, I am probably stuck with using the default version which does not. I have little hope of convincing people to make the encrypted one a standard, in spite of the fact that all they would have to do is spend a few minutes to FTP it. Encrypting everytime I use "talk" is therefore somewhat inconvenient. A complete escape from the above-ground economy in a society heavily dependent on electronic transactions would be even more so. Again, you are free to try, but most people probably won't bother. > The underground economy in the U.S. is huge -- enormous, in > fact. Most of us interact with it every day without even > realizing it. As a small example, the clothing manufacture > industry in New York survives on illegal factories running > almost entirely underground. Ever tip a waiter in cash? Ever > pay for a haircut in cash? Ever make a purchase from a Mom & > Pop grocery in cash? The size of the underground economy is largely a function of the repressive and outrageous monetary and tax system we have in this country. When families can barely make ends meet with all the adults working multiple full-time jobs, there is an enormous incentive to shave costs. In a society where taxes were managable, and put to a use all citizens felt was worthy, such forces would be much less and there would be enormous peer pressure on individual citizens to do their fair share. Kind of like the days when income tax was two percent and functioned on the honor system. Just decriminalizing drug use and the sex industry would get rid of a very large chunk of the underground economy. > Tim will likely pay his broker to churn his account in > Switzerland and do just as well. He'll have a credit card > from a bank in the Bahamas. He'll probably do just fine > watching HBO and Showtime, too. The majority of US citizens who use local financial services and get their cable TV through a wire from the street will generate all the revenue we need. We could even give Tim a guaranteed annual income. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From mccoy at io.com Wed Aug 3 16:22:07 1994 From: mccoy at io.com (Jim McCoy) Date: Wed, 3 Aug 94 16:22:07 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408032055.NAA15886@netcom6.netcom.com> Message-ID: <199408032321.SAA01552@pentagon.io.com> mpd at netcom.com (Mike Duvos) writes: [...] > Network shopping services which use strong crypto and > non-standard DigiCash protocols to avoid a painless VAT will have > poor propagation, limited access, negative PR, and few customers. Wanna bet? All it would take is one entity to set up a service of converting untracable digicash tokens into the appropriate tracable tokens under the name of a pseudo-account at the service. Now I can use my digicash tokens for everything under the regulated system, _and_ I can use them at digicash-only services... jim From jim at bilbo.suite.com Wed Aug 3 16:25:23 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Wed, 3 Aug 94 16:25:23 PDT Subject: anonymous anonymous remailers? Message-ID: <9408032324.AA03913@bilbo.suite.com> Here's an interesting idea... Assume we create the alt.anonremailer.net newsgroup mechanism that Jonathan Rochkind recently suggested (and it worked). Could we then not use the newsgroup, in combination with a net of well-known remailers, to give us the capability to have some remailers at unknown locations by having some remailers post encrypted reply blocks as their "addresses"? Just a thought, Jim_Miller at suite.com From hughes at ah.com Wed Aug 3 17:06:37 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 3 Aug 94 17:06:37 PDT Subject: My light bulb goes on... (was:Re: Tuna fish...) In-Reply-To: <9408031238.AA12045@snark.imsi.com> Message-ID: <9408032336.AA11878@ah.com> > Is this not the killer app that would get ecash off and running? The problem is not a need for a killer app -- there are dozens. The obstacle is regulatory problems, and finding a large and reputable sponsoring organization (like a big bank). And these two issues are related. Bank regulations in this country are kept deliberately somewhat vague. The regulator's word is the deciding principle, not a detailed interpretation of statute. The lines are fuzzy, and because they are fuzzy, the banks don't press on them nearly as hard as when there's clear statutory language available to be interpreted in a court. The uncertainty in the regulatory environment _increases_ the hold the regulators have over the banks. And the regulators are known for being decidedly finicky. Their decisions are largely not subject to appeal (except for the flagrant stuff, which the regulators are smart enough not to do too often), and there's no protection against cross-linking issues. If a bank does something untoward in, say, mortgage banking, they may find, say, their interstate branching possibilities seem suddenly much dimmer. The Dept. of Treasury doesn't want untraceable transactions. Need I say more? Probably. It's very unlikely that a USA bank will be the one to deploy anonymous digital dollars first. It's much more likely that the first dollar digital cash will be issued overseas, possibly London. By the same token, the non-dollar regulation on banks in this country is not the same as the dollar regulation, so it's quite possible that the New York banks may be the first issuers of digital cash, in pounds sterling, say. There will be two stages in actually deploying digital cash. By digital cash, here, I mean a retail phenomenon, available anybody. The first will be to digitize money, and the second will be to anonymize it. Efforts are already well underway to make more-or-less secure digital funds transfers with reasonably low transaction fees (not transaction costs, which are much more than just fees). These efforts, as long as they retain some traceability, will almost certainly succeed first in the marketplace, because (and this is vital) the regulatory environment against anonymity is not compromised. Once, however, money has been digitized, one of the services available for purchase can be the anonymous transfer of funds. I expect that the first digitization of money won't be fully fungible. For example, if you allow me to take money out of your checking account by automatic debit, there is risk that the money won't be there when I ask for it. Therefore that kind of money won't be completely fungible, because money authorized from one person won't be completely identical with money from another. It may be a risk issue, it may be a timeliness issue, it may be a fee issue; I don't know, but it's unlikely to be perfect. Now, as the characteristic size of a business decreases, the relative costs of dealing with whatever imperfection there is will be greater. To wit, the small player will still have some problem getting paid, although certainly less than now. Digital cash solves many of these problems. The clearing is immediate and final (no transaction reversals). The number of entities to deal with is greatly reduced, hopefully to one. The need and risk and cost of accounts receivables is eliminated. It's anonymous. There will be services which will desire these advantages, enough to support a digital cash infrastructure. Eric From rah at shipwright.com Wed Aug 3 17:14:47 1994 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 3 Aug 94 17:14:47 PDT Subject: Mall-builders are hiring... Message-ID: <199408040013.UAA08704@zork.tiac.net> Saw this rooting around for contracts to do. Aren't these guys the mall-builders for CommerceNet? Cheers, Bob Hettinga > > EMPLOYMENT OPEN HOUSE > ===================== > > Where: Enterprise Integration Technologies > 800 El Camino Real > Menlo Park, California > > When: Tuesday, August 9 > 5:00pm - 8:00pm > > What: Demonstrations, refreshments, > and opportunities to interview > with hiring managers > >Enterprise Integration Technologies is a rapidly growing company specializing >in software and services which help companies do business on the Internet. > >We have several openings for exceptional programmers to help us develop the >next generation of applications and services for electronic commerce on >the Internet. > > >Basic requirements >------------------ >You must have: > >- a BSCS or equivalent, >- at least 5 years of industry experience developing products in C or C++ for > Windows, Macintosh, and/or UNIX, and >- been a leader or key contributor to small software development teams that > have shipped successful products. > > >Technology experience >--------------------- >We are looking for people who have significant experience with one or more >of the following technology areas: > >- development and application of network services and protocols (especially > TCP/IP and Netware) >- computer security and cryptography (especially public key) >- relational database management systems >- document management and search/retrieval systems >- WWW servers >- platform-independence and interoperability development tools >- messaging and directory technologies >- distributed object technologies >- commercial software development tools >- scripting or prototyping languages > > >Industry background >------------------- >We are especially interested in people who have professional experience >in one or more of the following industries: > >- CAD/CAM >- information services >- publishing >- manufacturing >- electronic commerce >- financial institutions > > >Interpersonal qualities >----------------------- >We are seeking people who have successfully worked in one or more of the >following environments: > >- on multiple projects >- in cross-functional development teams >- with end-users, value-added resellers, licensees, and other customers >- with independent software vendors, original equipment manufacturers, > and other development partners > > >For more information >-------------------- >EIT offers competitive salaries and benefits including stock options and >bonuses, and an opportunity to help shape the Internet of the future. > >For more information about Enterprise Integration Technologies, visit our >world wide web server at http://www.eit.com/ or send mail to info at eit.com. > > >For driving directions to EIT >----------------------------- >For directions to EIT, look at our map in http://www.eit.com/maps/roadmap.html >or send mail to open-house at eit.com. > > >If you're interested but cannot attend >-------------------------------------- >If you cannot attend the open house, then send your resume and cover letter >by e-mail (ASCII only, please) to jobs at eit.com or by FAX to (415)617-8019. >-- >-Brian Smithson brian at eit.com > Enterprise Integration Technologies +1 415 617 8009 > 800 El Camino Real FAX +1 415 617 8019 > Menlo Park, CA 94025 URL: http://www.eit.com/ > > ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From solman at MIT.EDU Wed Aug 3 18:59:51 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Wed, 3 Aug 94 18:59:51 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <9408032148.AA13199@snark.imsi.com> Message-ID: <9408040158.AA01264@ua.MIT.EDU> > > Not that I wanted to get in to this, but Mike was begging for it. > > Mike Duvos says: > > The theoretical possibility of untraceable cash systems and the > > absence of legal sanctions against those who use them do not > > imply that such systems will become the standard in the future. > > Even in the obnoxious political climate which prevails in this > > country today, strong crypto is in the hands of only a few > > percent of the citizens. In a society with a "user-friendly" > > government, most people wouldn't even be interested. > If I told you that I could save you tens of thousands of dollars a > year just by using some simple to use software, would you do it? Well, > if you had some simple to use software system that allowed you to > escape from the above ground economy, you could personally save tens > of thousands a year. For large numbers of Americans, the answer is yes. Even if the system of government that they were supporting was a screwed up as our current one. Add to this the possibility that the government mandate also include a requirement that when conducting a transaction with somebody who is not paying the tax, you charge them a little extra and this amount will go higher. (If both the buyer and seller are paying the tax, then X% of the money exchanged goes to the government. If only one is then 2*X% of the money exchanged goes to the government.) Identities could easily be set up so that reputation is not transferable between a tax paying organizations and their evading pseudonyms. And that's if government doesn't improve as it enters cyberspace. Imagine if the government stopped trying to force people to join it. Or imagine if they tied decision making power to how much you pay in taxes. The more you pay, the more say you get. After accepting the idea that government is a product by which you get the warm fuzzies of giving to society, government could make itself into a more desireable product by undertaking changes like these. The possibilities are endless in this reguard. Its very easy for me to imagine a government in cyberspace which is substantially more successful at collecting taxes than the IRS. JWS From solman at MIT.EDU Wed Aug 3 19:07:27 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Wed, 3 Aug 94 19:07:27 PDT Subject: anonymous anonymous remailers? In-Reply-To: <9408032324.AA03913@bilbo.suite.com> Message-ID: <9408040206.AA01377@ua.MIT.EDU> > Here's an interesting idea... > > Assume we create the alt.anonremailer.net newsgroup mechanism that > Jonathan Rochkind recently suggested (and it worked). > > Could we then not use the newsgroup, in combination with a net of > well-known remailers, to give us the capability to have some remailers at > unknown locations by having some remailers post encrypted reply blocks as > their "addresses"? This is just painfully non-scalable. Sure it will work for now, but its not something that will last once large numbers of people begin using it. JWS From cactus at bb.com Wed Aug 3 19:18:07 1994 From: cactus at bb.com (L. Todd Masco) Date: Wed, 3 Aug 94 19:18:07 PDT Subject: clarification please In-Reply-To: <9408032116.AA19332@ralph.sybgate.sybase.com> Message-ID: <199408040221.WAA12343@bb.com> Jamie Lawrence writes: > At 4:35 PM 08/03/94 -0400, L. Todd Masco wrote: > > >It's really not so different than the War On Some Drugs or half a dozen > > other power-plays... and this is the propaganda machine that we will have > > to face if we're unlucky enough that Clinton/Gore actual get their act > > together enough and get the rest of the government behind them to make a > > real PR effort (as opposed to the clumsy scare tactics we've soon so far). > > I understand what you are saying, but it is fascinating > that Clinton gets (by inplication) blamed for Iraq and > the war on drugs, when those are both Republican creations.[...] Make no mistake: I'm blaming Clinton for neither the War On Some Drugs, the Persian Gulf massacre, nor the Waco massacre. Government controls all that it can and grows however it's able: it's the nature of governments. It doesn't matter what control freak is at the helm, they'll use whatever means are available to control the world and the nation. This is why we have a Bill Of Rights. It is also why the Bill Of Rights in is tatters. One of the most insidious details is that you usually can't point to one person and say "it's their fault." Everyone is "just doing their job." I'm one of those who sees no fundamental difference between the Republicrats and the Democans. Their rhetoric is different, but all they want in the end is for everybody to behave they believe is right: they have no respect for the freedom of diversity in beliefs that it is at the core of America. What is important for us to observe is the methods that they use to control us and for us to figure out how to undermine these methods as well as we are able. The nets themselves are a good start: without centralized communications, it's more difficult to tell people what to think. Strong crypto for everyone added to the nets is a good step, too: especially when you can authenticate sources according to an information "web of trust" (IE, I'd trust something Noam Chomski recommended over something Dorothy Denning recommended). -- L. Todd Masco | Bibliobytes books on computer, on any UNIX host with e-mail cactus at bb.com | "Information wants to be free, but authors want to be paid." From mpd at netcom.com Wed Aug 3 19:44:51 1994 From: mpd at netcom.com (Mike Duvos) Date: Wed, 3 Aug 94 19:44:51 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <9408040158.AA01264@ua.MIT.EDU> Message-ID: <199408040244.TAA12714@netcom7.netcom.com> solman at MIT.EDU writes: [other excellent stuff elided] > Imagine if the government stopped trying to force people to > join it. Or imagine if they tied decision making power to > how much you pay in taxes. The more you pay, the more say > you get. After accepting the idea that government is a > product by which you get the warm fuzzies of giving to > society, government could make itself into a more desireable > product by undertaking changes like these. The possibilities > are endless in this reguard. Its very easy for me to imagine > a government in cyberspace which is substantially more > successful at collecting taxes than the IRS. The notion of government as a product which must compete on an equal footing with others in society definitely wins "Nifty Idea of the Week" in my book. Reminds me of something TS Eliott once said. "If only we had a system so perfect it did not require that people be good." Perhaps "government in cyberspace" will be the first working example of this paradigm. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From jrochkin at cs.oberlin.edu Wed Aug 3 20:15:54 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 3 Aug 94 20:15:54 PDT Subject: anonymous anonymous remailers? Message-ID: <199408040315.XAA24952@cs.oberlin.edu> > > Assume we create the alt.anonremailer.net newsgroup mechanism that > > Jonathan Rochkind recently suggested (and it worked). > > Could we > then not use the newsgroup, in combination with a net of > > well-known remailers, to give us the capability to have some remailers > at > unknown locations by having some remailers post encrypted reply > blocks as > their "addresses"? > > This is just painfully non-scalable. Sure it will work for now, but > its not something that will last once large numbers of people begin > using it. Why? Which part, the whole idea of a remailer control newsgroup, or just the idea of remailers with unknown locations? I'm not sure how reliable remailers with unknown locatoins would be (one remailer in the chain goes down, your unknown remailer can't be contacted, and there's no easy way to verify whether the chain is still intact any more), but I'm not sure I actually see anything non-scalable about it. Nor about the "alt.anonremailer" concept. If you've got 500 remailers posting once a day, your still not the largest newsgroup out there. And when combined with a realtime verification system (you get the address of the remailer from the newsgroup, and _then_ you connect to a certain port and get an acknowledgement message, to make sure the remailer is up), you could lower traffic yet further. Maybe you only need to post once every ten days with the "my remailer is here" message. This could then accomodate some 3000 remailers and still not be as high traffic as comp.sys.mac.hardware. And I think by the time there are 3000 remailers to be accomodated, the net will be easily handling full motion video, and people will be exchanging 20 minute long quicktime movies in the newsgroups, and we wont' have a bandwith problem at all. But maybe I'm missing something obvious. Enlighten me. From solman at MIT.EDU Wed Aug 3 20:32:26 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Wed, 3 Aug 94 20:32:26 PDT Subject: anonymous anonymous remailers? In-Reply-To: <199408040315.XAA24952@cs.oberlin.edu> Message-ID: <9408040331.AA01790@ua.MIT.EDU> > > > Assume we create the alt.anonremailer.net newsgroup mechanism that > > > Jonathan Rochkind recently suggested (and it worked). > > Could we > > then not use the newsgroup, in combination with a net of > > > well-known remailers, to give us the capability to have some remailers > > at > unknown locations by having some remailers post encrypted reply > > blocks as > their "addresses"? > > > > This is just painfully non-scalable. Sure it will work for now, but > > its not something that will last once large numbers of people begin > > using it. > > Why? Which part, the whole idea of a remailer control newsgroup, or just > the idea of remailers with unknown locations? I'm sorry, I thought you were talking about posting the encrypted messages themselves to the newgroup and having the unlocatable remailer pick out the messages that are supposed to belong to it thus making it so that NOBODY knows where the remailer is. Clearly this wouldn't scale. But if we're talking about having some remailers know where the hidden remailers are and only having the hidden remailers post the information that allows it to be addressed, I guess there isn't a problem. Sorry. JWS From rarachel at prism.poly.edu Wed Aug 3 21:24:24 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 3 Aug 94 21:24:24 PDT Subject: CIA eating internet email & usenet news Message-ID: It's started. The >CIA< (nevermind that we suspect the NSA has done this already) admitedly is starting an internet site(s) where they will monitor email and usenet feeds. Supposedly this is for "reasearch" purposes where agents would "post" questions in such a way as to not give away their real questions. See this week's Computerworld. Anyone have a scanner they can post this article up with? I'm not up to typing it... =============================================================================== | + ^ + || ' . . . . . . . Ray (Arsen) Arachelian || | \|/ || . . . ' . ' . : . . rarachel at photon.poly.edu || |<--+-->||. . . |' '| .' . . ... ___ sunder at intercom.com || | /|\ || . . \___/ . . . : .... __[R] || | + v + || . oOOo /o.O\ oOOo :. : .. |A| "And bugs to kill before I sleep"|| =========/---vvvv-------VVVV------------|I|----------------------------------/ / . : . ' : ' |D| This signature pannel is / / The Next Bug to kill(tm) --- now open. / /___________________________________________________________________/ From sandfort at crl.com Wed Aug 3 21:43:45 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 3 Aug 94 21:43:45 PDT Subject: clarification please In-Reply-To: <9408032116.AA19332@ralph.sybgate.sybase.com> Message-ID: C'punks, On Wed, 3 Aug 1994, Jamie Lawrence wrote: > ... Not that I am a clinton fan, I merely like giving > credit where credit is due, and much of this (including, as has > been oft stated here, the beginnings of clipper) belongs to those > 12 years of republican mess making that got Clinton in office in > the first place. I don't think much is accomplished by arguing which set of liars got us into any particular mess. However, it was the *democrats* who dominated the legislative and judicial branchs of government, as well as the entrenched bureaucracy for the Ragan/Bush years. I think that is a more accurate version of "giving credit where credit is due." Nevertheless, please be advised, I dispise them all (and so should you). Now get cracking and write some code. S a n d y From blane at squeaky.free.org.free.org Wed Aug 3 21:53:34 1994 From: blane at squeaky.free.org.free.org (Brian Lane) Date: Wed, 3 Aug 94 21:53:34 PDT Subject: CIA eating internet email & usenet news In-Reply-To: Message-ID: On Thu, 4 Aug 1994, Arsen Ray Arachelian wrote: > > It's started. The >CIA< (nevermind that we suspect the NSA has done this > already) admitedly is starting an internet site(s) where they will monitor > email and usenet feeds. Supposedly this is for "reasearch" purposes where > agents would "post" questions in such a way as to not give away their real > questions. > > See this week's Computerworld. Anyone have a scanner they can post this > article up with? I'm not up to typing it... What do you mean by email monitoring, their own or ours? Maybe we should bombard them with encrypted copies of the Digital Telephony bill? Brian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From rarachel at prism.poly.edu Wed Aug 3 21:54:19 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 3 Aug 94 21:54:19 PDT Subject: SueDNym messages and our friend In-Reply-To: <9408021343.AA19309@Central.KeyWest.MPGN.COM> Message-ID: This is the output of the program Medusa's Tentacles. This isn't complete. The 1st "level" is buggy or I'm doing something wrong in the data gathering. I will however fix this up later. This is basically a sneak previous at what Medusa produced: SOURCE TEXT: det30 FUZZYBASE : det 1: 6136990.06793633 deg of closeness [TOKEN TOUPLES] 2: 0.00025409 deg of difference [TOKEN FREQ ] SOURCE TEXT: suednym FUZZYBASE : det 1: 425581.03653014 deg of closeness [TOKEN TOUPLES] 2: 0.00021086 deg of difference [TOKEN FREQ ] SOURCE TEXT: tcmay.txt FUZZYBASE : det 1: 264235.00574214 deg of closeness [TOKEN TOUPLES] 2: 0.00016356 deg of difference [TOKEN FREQ ] SOURCE TEXT: c:\autoexec.bat FUZZYBASE : det 1: 14771672.69300460 deg of closeness [TOKEN TOUPLES] 2: 0.00035529 deg of difference [TOKEN FREQ ] SOURCE TEXT: c:\config.sys FUZZYBASE : det 1: 10857800.74279867 deg of closeness [TOKEN TOUPLES] 2: 0.00035317 deg of difference [TOKEN FREQ ] Again, please ignore the 1: stats for now as I have to further investigate their validity. Fuzzybase "det" is the collected statistics based on the detweiler archives collected by Rishab Aiyer Ghosh. det30 is a portion of that collection, so I'm comparing it with the collection to see how different a small portion will be when comparing it to the whole. This gives a difference level of 0.00025409 suednym is one of the messages Sue sent. NOTICE that the level of difference is 0.00021086. These two "differences" are very very close when compared to the others. Autoexec and config.sys are thrown in as sanity checks. If I got low numbers on these I'd expect something was terribly wrong. Weirdly enough TC May's post about the bleak future which includes tons of paranoid like words matches most of Detweiler's posts more closely than one of his own messages. However lets not jump to conclusions here because Detweiler's own message showed a differences of 0.002... and Sue matched it. With this sort of data it's hard to separate the subjects from the authors from the language. Language is easy to detect, but two people who constantly post the same kind of material based on the same subject might show up with the same difference levels. Again this is only ONE sample so please no lynching Sue just yet (although this was already a moot point.) Remember, Medusa is still under construction. This is only a preview. If you'd like to preview the sources/executables to medusa please email me and I'll somehow get them to you. =============================================================================== | + ^ + || ' . . . . . . . Ray (Arsen) Arachelian || | \|/ || . . . ' . ' . : . . rarachel at photon.poly.edu || |<--+-->||. . . |' '| .' . . ... ___ sunder at intercom.com || | /|\ || . . \___/ . . . : .... __[R] || | + v + || . oOOo /o.O\ oOOo :. : .. |A| "And bugs to kill before I sleep"|| =========/---vvvv-------VVVV------------|I|----------------------------------/ / . : . ' : ' |D| This signature pannel is / / The Next Bug to kill(tm) --- now open. / /___________________________________________________________________/ From die at pig.jjm.com Wed Aug 3 22:11:53 1994 From: die at pig.jjm.com (Dave Emery) Date: Wed, 3 Aug 94 22:11:53 PDT Subject: Radio Encryption Message-ID: <9408040509.AA07870@pig.jjm.com> Many US private and governmental radio services licensed by the FCC permit encryption, especially if the license applicant can show some need. As far as I am aware, there are absolutely no requirements in the FCC regulations mandating key escrow, disclosure, or retention or any restrictions on the strength or type of crypto used. At most there may be a requirement to disclose the type and/or technical details of the crypto system as part of a license filing, but no requirement for key disclosure at any time. As any ham knows, the amateur radio service is the one major exception to this rule. Hams are not permitted to encrypt or deliberately obscure the meaning of a communication by any other technique. This is usually justified as a measure to protect the amateur radio service against abuse by commercial interests who might otherwise be able to transmit encrypted traffic on ham frequencies with relative impugnity, and as a means of ensuring that the rules and regulations can be enforced. This regulation probably had its origin in the 1920s or 1930s, however, and may have been originally actually primarily intended to prevent use of coded long distance radio communications by rum-runners and spies. Many current generation private point to point commercial microwave and domestic satellite systems use encryption or at least provide it as an option; I have never heard of any requirement for key escrow or disclosure here either. And, of course, an increasing number of radio delivered broadcast or multicast services such as stock quotations and sports scores transmitted over SCA subcarriers and satellite transmissions of cable TV programming and sports events are being encrypted to protect the commercial interests of the copyright holders against real or imagined losses from piracy. I do not know whether cypherpunks believe in intellectual property or not, but to many others this is understandable, and in fact more understandable than passing laws making mere interception of radio signals a crime. Further, there is no current restriction preventing a user of the current analog cell phone system from transmitting strongly encrypted data with a modem over a voice channel or even low bit rate encrypted digital voice. This is not illegal or restricted by any US or state tariffs that I have ever heard of. Recently the FCC has allocated certain frequency ranges for completely unlicensed use (notably the band between 902-928 mhz) by devices radiating limited power. Devices operating in this band may use any kind of encryption the user desires and do not require anything other than FCC type approval (you can't build them yourself or modify them without going through a formal (and expensive) type approval process however). Using correct antennas and a path free of major obstuctions such as hills or a large building these spread spectrum devices can securely communicate over ranges measured in miles without any kind of license being required. And in the near future certain other regions of the spectrum will open up to low power unlicensed use, again without any restrictions on encryption. I have a friend who has obtained a FCC license for using DES encrypted HT's on the itinerant VHF frequencies allocated for temporary business at random places use by such things as road-show crews and construction companies; all he had to do was explain that he bids at surplus auctions and needs to keep his future bids confidential and he got the license without trouble. He certainly has had no requirement to disclose or archive the keys he uses or even certify that the radios are actually using DES in a particular mode (he could use 3-DES). So it is simply not true that use of encrypted radio transmissions within the domestic US is restricted or forbidden by treaty or even inaccessible to private citizens of ordinary means. Encrypted international radio communications may be another matter, however, but domestic stuff is fine. Dave Emery N1PRE die at pig.jjm.com From khijol!erc at apple.com Wed Aug 3 23:09:28 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Wed, 3 Aug 94 23:09:28 PDT Subject: broadcast encryption In-Reply-To: <9408031931.AA09915@apple.com> Message-ID: > The idea behind allocating frequencies for amateur use is that hams could > engage in a hobby with no commercial use which provides an infrastructure > for emergency public service communications. To prevent any commercial use > of those frequencies, to facilitate enforcement of the rules, and to > facilitate the participation by anyone who obtains the proper knowledge and > equipment, it is illegal to transmit in a way that "obscures the meaning" > of the transmission to people who would want to listen in. So, for example, > morse code and ASCII are the only exceptable digital codes, and various > modulation techniques are standardized as the technologies are developed. Actually, data compression doesn't fall under this restriction, because the primary intent is not to obscure the meaning - it is to facilitate more efficient of the spectrum. If you want to apply for an STA (which I hear the FCC is pretty liberal about) you can do pretty much what you want to do. If memory serves, this is how ASCII packet was developed and also spread spectrum. -- Ed Carp, N7EKG ecarp at netcom.com, Ed.Carp at linux.org "What's the sense of trying hard to find your dreams without someone to share it with, tell me, what does it mean?" -- Whitney Houston, "Run To You" From j.hastings6 at genie.geis.com Thu Aug 4 00:14:40 1994 From: j.hastings6 at genie.geis.com (j.hastings6 at genie.geis.com) Date: Thu, 4 Aug 94 00:14:40 PDT Subject: L.A. area Karl Hess Club Message-ID: <199408040714.AA160904452@relay2.geis.com> -----BEGIN PGP SIGNED MESSAGE----- "Extremism in the defense of liberty is no vice, and let me remind you, moderation in the pursuit of justice is no virtue." - - Karl Hess Cypherpunk-related meeting in LOS ANGELES (West side) CALIFORNIA U-S-A- - ----------------------------------------------------------------------- The following text was written by SEK3: - --- T H E K A R L H E S S C L U B --- invites you to attend our third meeting on Monday, August 15, 1994 beginning the first in a series of debates on current libertarian movement issues: How Does THIS Smash the State? To be fair we start with a division within the Agorist Institute itself... Resolved: TECHNOLOGY will ABOLISH Government. For the Positive: J. Kent Hastings, Assistant Director, AI; author of "The Information Underground Railroad" in Agorist Quarterly #1 For the Negative: Samuel Edward Konkin III, Executive Director, AI; Editor, AQ#1; creator, New Libertarian. Will cypherpunks drag David Rockefeller kicking and screaming from the Trilateral offices to face justice? Will you be able to pay for this dinner by an e-mail check? Cheer the brilliant young hacker, future of our movement, or the grizzled old movement founder, or our favorite candidate--None of the Above! [Next debate: Working from Within] TIMES: 7 pm, dinner. 8 pm Agorist Institute presentation. 8:15 announcements. 8:30 pm DEBATE PLACE: Hasmik's Family Restaurant, 9824 National Boulevard In Cheviot Hills Center, National Exit from Santa Monica (10) Freeway. (310) 204-1591. Order from menu: "No menu item over $9" Beer and wine available. Photography, si! Only two rule changes: Leave at 11 rather than midnight and (gasp!) no smoking! Smokers will be invited to nearby private luxury apartment after 11 pm--non-smokers are always tolerated. Buses: Note that MTA buses are running; however, the closest route is the Santa Monica (blue buses) #12 route until 7 p.m. Busers will have a car shuttle to Venice Blvd. for nearby all-night service. Kent - j.hastings6 at genie.geis.com Ham radio AX25: WA6ZFY @ WB6YMH.#SOCA.CA.USA.NA -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLkAlfDQYUX1dU7vxAQHnXQQAl2i9lgWoNqRPePv+wDP4a9TkHLcPK7KM K+JOpNQGGn78jvdmWXGjdRKs7w9sYjzV8aPNdHHkd8W06r/GQ7wToe3WmFCsCNbJ SCVEEHq6EUt9pkdcqu6T7a37LSrZTzYB/dVZ3jo3hMaYNyGf2cU+fYWB1743kXwu 6rRNuu6Qd2c= =sfqy -----END PGP SIGNATURE----- From a.brown at nexor.co.uk Thu Aug 4 01:01:41 1994 From: a.brown at nexor.co.uk (Andrew Brown) Date: Thu, 4 Aug 94 01:01:41 PDT Subject: Steganography (Was Re: What kind of encryption to incorporate?) In-Reply-To: Message-ID: On Wed, 3 Aug 1994, Brian Lane wrote: > is this a DOS only program, or are you distributing source? > Where can I FTP it from? Windows 3.1 shareware, you get source if you register. If you want to take a look then try: ftp.dsi.unimi.it /pub/security/code/s-tools2.zip (I think!) The gzip steganography patches that I made are freely available from: ftp.netcom.com /pub/qwerty/Steganography I was particularly pleased with myself when these worked, since it demonstrates that you don't need sampled data in order to hide information. Regards, - Andy From greg at ideath.goldenbear.com Thu Aug 4 01:28:13 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Thu, 4 Aug 94 01:28:13 PDT Subject: Remailer stuff Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Sorry if I'm being dense - will someone please E-mail me and tell me why outgoing-only (or incoming-address-unavailable) remailers are useful? Also, with respect to getting the addresses of working remailers from a newsgroup - it may not be a good idea to treat any address advertising itself as a remailer as a useful remailer. Remailer 'x' may well be run by a remailer-hater who publishes its traffic openly, archives it for sale to the highest bidder, is a front for the NSA, etc. I'm only inclined to trust remailers run by people I trust; or maybe those with keys signed by "C-punx Remailer Certifying Service". It's important to let the user have some degree of control over which remailers are used. (The newsgroup does seem like a nice way for remailers to indicate they're still active, though.) Are people really interested enough in more advanced measures to protect privacy that they're willing to pay for them? The digital-postage remailer stuff sounds interesting to me - but I have a hard time believing that people will pay (and go through extra hassle) to get the same functionality they already get with existing remailers. I've also considered setting up a privacy-friendly Internet site; I believe that Sameer Parekh has already done so. I don't remember seeing anyone but Sameer post from his site, however. I don't mention this to slam Sameer but to point out that perhaps people aren't interested enough in privacy to want to go to much extra trouble to get it. (Of course, everyone posting to the list now is already known as a list member - switching to a privacy site wouldn't add much.) I agree that it would be nice to have privacy-friendly Internet access available - I agree strongly enough that I'm willing to work towards providing it - but I'm reluctant to commit hundreds of dollars per month to set up a site that won't attract enough business to even be self-supporting. Would it be worth $5 or $10 per month to folks to have a mailbox they used via IMAP or POP, or $20 or so for a shell account on a box at the end of a 56K feed? (I don't see C-punks as a very big fraction of the customers of such a site, but I'm surprised that there doesn't seem to be more interest in practical privacy stuff.) -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLkChoH3YhjZY3fMNAQFVvQP/b2g8rgUaxWkdBR34DqMfR6T8bDZOhDmo gATzHduPlbFTWsz2BV6ME/XgHJAxJAT14kZx8vTEKy/y3PgR7tg4zz0pcj+shZWB BZlatH8EpZNffxO+yBF0B9Ur7HC7QrwixhVu7LjFmDwgKEnpRF/w54K8I0eXTfEh PpMXeFvVKkw= =T9pL -----END PGP SIGNATURE----- From tcmay at localhost.netcom.com Thu Aug 4 02:09:41 1994 From: tcmay at localhost.netcom.com (Timothy C. May) Date: Thu, 4 Aug 94 02:09:41 PDT Subject: Voluntary Governments? Message-ID: <199408040909.CAA25693@netcom5.netcom.com> [If you don't want to read about this stuff, don't. Just don't claim it's not a valid list topic, as some are wont to do...often after first making their own comments :-}. The issues of taxation, government, anarchy, and cyberspatial institutions are important topics for a list like "Cypherpunks." If the *beliefs* are not to be talked about, but only code is to be written, then _what_ code? Code that helps ensure tax compliance? Code that helps government control "cyberspace criminals"? We've seen recent discussions about religion, the need for values, etc. Many of us are opposed to the specific views raised, but since there is no "official party line," the way we work on these issues is through discussion. Besides, any arguments people actually type in themselves are worth at least deciding whether to read them or not....I'll change my opinion if completely off-topic posts on topics like abortion, the purported need for national health care, and the war in Bosnia begin to dominate the discussion. Until then...] Where to begin? Jason Solinsky and Mike Duvos argue for a kind of voluntary, donation-supported, non-coercive, service-providing government, funded voluntarily by citizens who presumably think they are getting their money's worth. Well, this is first of all a *very nonstandard* interpretation of "government"...more on this later (and how the idea of "privately-produced law" figures in). I'm skeptical that governments would give up their current use of coercion, or threat of coercion (the fallback position that gives their various edicts more teeth than, for example, my edicts or your edicts). I'm even more skeptical that the current bloated state could be funded by the small fraction of the population that--in my opinion--would make donations. (Mike has argued elsewhere that his concept is of a utopian state much smaller than we have today....an even less likely possibility unless that bloated state is starved to death by the methods many of us advocate...but this is another discussion.) >solman at MIT.EDU writes: > >[other excellent stuff elided] > > > Imagine if the government stopped trying to force people to > > join it. Or imagine if they tied decision making power to > > how much you pay in taxes. The more you pay, the more say > > you get. After accepting the idea that government is a Without the legal monopoly on coercion, this so-called "government" would be just another service provider, like Safeway or Goodyear or K-Mart. Economies of scale work against a large, slow-moving bureaucracy, so the so-called goverment would devolve quickly into multiple small pieces. This is the "anarcho-capitalism" many of us argue for, so I won't argue against it here. I just wouldn't call it "the government" anymore. As soon as "the government" gives up its use of force, allows competitors in all areas, and is run by donations or fees, it is no longer "the government." [I promised to mention "private produced law," or PPL. This is the notion of multiple, competing legal systems. A fictional treatment of this can be found in Neal Stephenson's novel "Snow Crash," and a more scholarly treatment can be found in David Friedman's "The Machinery of Freedom" and in Bruce Benson's "The Enterprise of Law." I don't have time now to go into this in more detail.] The specific point about "imagine if they tied decision making power to how much you pay in taxes" was tried a while back: only tax-payers could vote. I'm all in favor of this, but I doubt many of my fellow citizens are. (And to some extent we have this, through bribes and influence-buying. Campaign contributions, etc.) Would anyone choose to pay more in taxes for an increased voting share? Hardly. Do the math on how influential any one vote is in an election. For specific cases, maybe. Again, that's how influence-peddling arises. Not a very healthy development, even for a cynic like me. (I view governments as protection rackets. The last thing we need is a bidding war between various sides in a dispute.) > > product by which you get the warm fuzzies of giving to > > society, government could make itself into a more desireable > > product by undertaking changes like these. The possibilities > > are endless in this reguard. Its very easy for me to imagine > > a government in cyberspace which is substantially more > > successful at collecting taxes than the IRS. For a very few services, this could be so, with the caveat mentioned above, that "the government" would cease to exist as a monolithic organization. If for some reason it was required to remain a large, monolithic organization, then I'm quite sure it would collect much less revenue than it now does. The people paying the taxes would seek alternative providers for almost everything, leaving only a few areas "better" served by "the government." (And maybe not even these, as things like roads, defense, etc. couldn't be held as a monopoly by the Feds unless coercion was used...in Jason's purely voluntary system, the government would lose even these valuable properties. But I digress.) Mike D. enthusiastically endorses Jason's ideas: >The notion of government as a product which must compete on an >equal footing with others in society definitely wins "Nifty Idea >of the Week" in my book. > >Reminds me of something TS Eliott once said. "If only we had a >system so perfect it did not require that people be good." >Perhaps "government in cyberspace" will be the first working >example of this paradigm. I have a problem with the whole notion of calling a voluntary, self-selected, market-driven system a "government" of any kind. Yes, it is something people may voluntarily join, but so are country clubs, book reading groups, and mailing lists. And the decision to shop at Safeway one day is a temporary joining of such an instantiated group. But these things ain't governments! This is not just semantic quibbling. If we say that such groups are voluntary, but can vote on "rules" or "laws" which all must follow, then the voluntary nature means people can freely leave, can choose not to abide by the rules, etc. Hence the rules are toothless. There *are* forms of organization in which bad behavior has implications, such as banishment, shunning, etc. But this is true of the country club, or this mailing list...acting like a bozo has implications. Some might call these governments of a sort, but I don't. (Iceland in the Midle Ages is often cited as such a thing, Cf. Friedman.) But it is simply poor strategy as well as being poor semantics to label the voluntary social and economic interactions as being some kind of "government." Call them what they are: market interactions, agoric systems, or voluntary associations. Normal life is like this...families, girlfriends and boyfriends, freedom to associate as one pleases, free markets, anarchy in book and music selection, etc. And these systems work pretty well--or at least a lot better than the corruptions and absurdities of government-run programs. They don't require that people be "good," only that people understand the consequences of their actions, the value of a good reputation, and the punishment that will be meted out to the few who nevertheless transgress against a few basic rules. (I mention the need for violence because without some punishment, or removal by some affordable means, the "wolves" proliferate. To make this less abstract: no laws except for a very few laws about murder, theft, rape, etc. Enforce those laws ruthlessly, and the wolf population is kept in check. a fedback mechanism suppresses wolf formation. Ignore these laws, delay justice, and proliferate thousands of economic and social laws--such as the "dietary laws" also known as drug laws--and the wolf population will proliferate. A feedback mechanism that encourages more wolves to form Look at inner cities. Look at South-Central L.A.) (No offense meant to wolves or other predators here.) And these systems don't have to wait for implementation at some future time in cyberspace....they already exist all around us. Just don't call them governments, because they ain't. "Why doth governments never prosper? For if governments doth prosper,none dare call it government." --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From Stu at nemesis.wimsey.com Thu Aug 4 04:45:31 1994 From: Stu at nemesis.wimsey.com (Stuart Smith) Date: Thu, 4 Aug 94 04:45:31 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) In-Reply-To: <199407282120.RAA07884@cs.oberlin.edu> Message-ID: <2e3ff46f.nemesis@nemesis.wimsey.com> -----BEGIN PGP SIGNED MESSAGE----- In article <199407282120.RAA07884 at cs.oberlin.edu> you write: >One naive solution would be for remailers to have a "ping" function. I could >send a remailer a "ping" message, and it would just bounce some acknowledgement >back. More likely, my software could do this periodically, and keep track >of which remailers are down, or non existent, and not use those. >The problem here is that an eavesdropper could get knowledge of which remailers >I am planning on using, which could help traffic analysis enormously. >The "ping" function could support anon encryption block, so that I can >ping a remailer through several other remailers anonymously. This is an >improvement, but the traffic generated by lots of people periodically doing >this is going to be enormous. As it is in any implementation of this sort. >[If you wanted to, you could make the remailers "ping" now by yourslef, just >have a message resent to yourself. But we can't all do this automatically often, >simply because of the traffic it woudl generate. I think.] I thought extra useless junk traffic was one main objective of a remailing network? The more the better.. As far as the idea that an eavesdropper could tell which remailers you are going to use - they already know. They can ping the same sites you do and as long as you ping *every* site you know of, instead of just the ones you'd like to use on any given message, this doesn't give the spooks one iota of new information. >All participating remailers would post an "i'm here" message on it >periodically, say once every 24 hours. This message would include the >remailers public key as well. My local software could scan this newsgroup. As long as the key isn't trusted just because it was in the newsgroup - this sounds workable. Or, each remailer could have a mailing list of addresses it sends the "i'm here" message to. Again, this gets the spooks no new information - if you use a remailer even once, you have to assume that if some one was watching closely enough, they *know* you used the system, and they *know* your chosen destination received a message from the system. They just can't figure out who sent what to who. >at the idea solution, but there's got to be some way to create a remailer-net >that will allow my local software to generate long remailer chains to remailers >that are all still existent (now, if one of the remailers included in my This seems backwards to me - I think what you want is local software that is smart enough to figure out the state of the remailer-net. You needn't rip apart nor rebuild the whole net, just write some code :) - -- Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba E7 E3 90 7E 16 2E F3 45 * 28 24 2E C6 03 02 37 5C Stuart Smith -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkACeai5iP4JtEWBAQHmFAQApaJMGuDPGHCtEBcfFV6kfGNAwx0fuTgO jQ8yp10UHbe8ItfmjTZBFdHY4zfnPFIL6htn+6gcmOygj6OFEu320r+hA4u3Q7s/ opSaL72kAM53MQOHLabnZ80eEWQts3PWE1i4SfuGomkHKi5BZOUA5HwC+5DF4zTk 7RkW5E7f7a8= =xUgv -----END PGP SIGNATURE----- From Stu at nemesis.wimsey.com Thu Aug 4 04:45:35 1994 From: Stu at nemesis.wimsey.com (Stuart Smith) Date: Thu, 4 Aug 94 04:45:35 PDT Subject: Please verify key for remailer@soda In-Reply-To: Message-ID: <2e3ff22c.nemesis@nemesis.wimsey.com> -----BEGIN PGP SIGNED MESSAGE----- > Hello fellow C'punks! As my last message said (for those who read >it), I'm just getting into anon remailers. I just picked up the docs and >PGP key for the remailer at soda. I would appreciate it if people would send >me fingerprints of the key. This is so that I know it hasn't been tampered >with, or at least can be reasonably sure. Thanx, in advance! I hope we're all clever enough to realize that this is not very good key verification. If a spoofer has managed to spoof the key to soda that you got, then he will spoof the fingerprints that everyone sends you. Finding a way to do this that can't be spoofed is nontrivial. However, you can take some reasurance, IMO, in the idea that if someone was spoofing any given widely held key, such as that to a remailer, someone would, eventually, smell something fishy. i.e. one day you go to mail a message to a soda from a different account only to have it fail because your other account provider was spoofing you. - -- Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba E7 E3 90 7E 16 2E F3 45 * 28 24 2E C6 03 02 37 5C Stuart Smith -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkAANqi5iP4JtEWBAQEKmgQAlFGaYWRv9PzupM20SWghzP/oJg/j9B8u +bXXMLHFEAk3tXhv3iYHr33f1Gs3D1IhCdz1tFbmyqwVjxUBxjU5s5EF1DEaPWA6 EMt6IFRwYS3WR2qhDsxn5QDeEMzETrO1xzGyNYbCERxlGAqgr6K5EGtzshoAxOmq 6VkURwSe3rY= =R3sY -----END PGP SIGNATURE----- From perry at imsi.com Thu Aug 4 05:01:41 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 4 Aug 94 05:01:41 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408032305.QAA18526@netcom15.netcom.com> Message-ID: <9408041201.AA14145@snark.imsi.com> Mike Duvos says: > Perry E. Metzger writes: > > > If I told you that I could save you tens of thousands of > > dollars a year just by using some simple to use software, > > would you do it? Well, if you had some simple to use > > software system that allowed you to escape from the above > > ground economy, you could personally save tens of thousands > > a year. > > I am not convinced such software exists, Of course it doesn't exist yet. > or that it would of necessity be "simple" or "easy to use". Thats a simple matter of programming, not a matter of infeasability. > Once standards are created for commerce over the Net and the > collection of the VAT, you are pretty much locked into using them if > you wish to do business with any vendor of significant size. I'm not certain you understand the tremendous economic pressure that taxes bring to bear. > > What makes you think the VAT will be small? > > Bear in mind we are talking about a Utopian society of the future > with a downsized government. Since such a society is unlikely to show up any time soon, I'd say that the odds of my scenario of the future coming true exceed the odds of your vision of the future coming true. > > What makes you think it will be inconvenient? I know of two > > pizza places in Manhattan where they very likely don't pay > > taxes and where you can also buy drugs. > > I know of some places on the Internet where I can chat with > people using a version of Unix talk which encrypts. But if I > want to talk to some random person, I am probably stuck with > using the default version which does not. > I have little hope of convincing people to make the encrypted one a > standard, in spite of the fact that all they would have to do is > spend a few minutes to FTP it. Well, not for long. The IETF Working Group on IP security has just come to consensus on an IPSP protocol -- in the not that distant future it won't be necessary to alter any applications software in order to have it operate over an encrypted channel. > Encrypting everytime I use "talk" is therefore somewhat > inconvenient. A complete escape from the above-ground economy in > a society heavily dependent on electronic transactions would be > even more so. Thats not a valid analogy. There are tens of millions of people in the underground economy right now -- in a society already highly dependant on electronic transactions. There is no economic incentive for most people to encrypt their talk sessions -- but there is a great economic incentive to evade taxes. > In a society where taxes were managable, and put to a use all > citizens felt was worthy, such forces would be much less and > there would be enormous peer pressure on individual citizens to > do their fair share. And if my grandmother had wheels she'd be a bicycle. It isn't happening now -- the trend is towards larger taxes, bigger government and more repression, not less. You can't wave a wand and have your vision implemented -- nor is there anything you could personally do towards implementing your vision. On the other hand, the only thing standing between my scenario and reality is someone hacking for about six months, and some offshore banks deciding to go into the business. Perry From paul at poboy.b17c.ingr.com Thu Aug 4 05:56:15 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Thu, 4 Aug 94 05:56:15 PDT Subject: New book on public key law Message-ID: <199408041258.AA09638@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- There's an announcement in the latest comp.risks digest about a new book on public key law & policy. I've reproduced parts of the abstract below. It sounds pretty interesting. - -Paul >Date: Sun, 31 Jul 1994 08:51:33 -0400 (EDT) >From: Michael S Baum >Subject: Report Released on Public Key Law and Policy > **NEW INFO. SECURITY BOOK ON PUBLIC KEY LAW & POLICY** TITLE: FEDERAL CERTIFICATION AUTHORITY LIABILITY AND POLICY -- Law and Policy of Certificate-Based Public Key and Digital Signatures AUTHOR: MICHAEL S. BAUM, J.D., M.B.A. Independent Monitoring Report No. NIST-GCR-94-654 450+ pages, highly annotated; multiple appendices; indexed. U.S. DEPARTMENT OF COMMERCE National Institute of Standards and Technology Produced in support of the Federal Government's public key infrastructure study, this book identifies diverse technical, legal and policy issues affecting a certificate-based public key cryptographic infrastructure utilizing digital signatures supported by "trusted entities." It examines potential legal implications, surveys existing legal paradigms and the structures and roles of relevant governmental agencies and presents various institutional approaches to controlling liability. It considers the underpinnings of a legal and policy framework which might serve as a foundation for security policies and their implementation and concludes with a series of recommendations, both general and specific concerning certificate-based public key. Both public and private sector issues are addressed. [ .. elided .. ] SUMMARY OF CONTENTS: - - PREFACE - - ACKNOWLEDGMENTS - - TABLE OF CONTENTS I. INTRODUCTION II. SCOPE III. DEFINITIONS IV. ASSUMPTIONS V. SURVEY OF FCA ACTIVITIES CREATING LIABILITY EXPOSURE VI. LEGAL CONSIDERATIONS VII. FCA INFRASTRUCTURE - PROPOSALS AND PARADIGMS VIII. SURVEY OF, AND APPROACHES TO, TRUSTED ENTITY LIABILITY IX. OTHER APPROACHES TO MITIGATE LIABILITY X. CONCLUSIONS AND RECOMMENDATIONS XI. APPENDICES XII. GLOSSARY XIII. INDEX OBTAINING COPIES: Copies may be purchased through the National Technical Information Service, Springfield, Virginia 22161, U.S.A., Phone +1 (703) 487-4650 or 1-800-553-6847. Request NTIS Document No: PB94-191-202. Cost: $61.00 [ .. ABOUT THE AUTHOR elided .. ] - -- Paul Robichaux, KD4JZG | "Information is the currency of democracy." perobich at ingr.com | - some old guy named Thomas Jefferson Of course I don't speak for Intergraph. - -- Paul Robichaux, KD4JZG | "Information is the currency of democracy." perobich at ingr.com | - some old guy named Thomas Jefferson Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkDl46fb4pLe9tolAQFMgQQAvjuMgOxXArhyu3GXZHdpNf3ZgZpQMI4H E/DXESVRsK0adydt3cexOXMVxlzEPYM7IEqnumAx2qX3Mx0l0xAKtPnn9f09BS92 dwG/hOInI6dekvkB/4xJOGLWYfM0z3k+QuyzK+xyhEhNHspHDJIvpc7Yo3jr0GJz 1p5A0OZYa1o= =j4Qb -----END PGP SIGNATURE----- From solman at MIT.EDU Thu Aug 4 06:30:37 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Thu, 4 Aug 94 06:30:37 PDT Subject: Voluntary Governments? In-Reply-To: <199408040909.CAA25693@netcom5.netcom.com> Message-ID: <9408041330.AA03044@ua.MIT.EDU> > > > Imagine if the government stopped trying to force people to > > > join it. Or imagine if they tied decision making power to > > > how much you pay in taxes. The more you pay, the more say > > > you get. After accepting the idea that government is a > > Without the legal monopoly on coercion, this so-called "government" would > be just another service provider, like Safeway or Goodyear or K-Mart. Well isn't that how its supposed to be? The entire justification for having a monopoly in the "government market" (:-) in the physical realm is that it would be impractical to have multiple governments in one physical location. Nobody would know who is following which laws and confusion would reign. In cyberspace, the default condition is that there is no interaction. Communication requires agreement by both parties. During this agreement, the laws (contracts, whatever) that the two parties follow can be communicated by each party to the other, and if party A does not feel that party B's laws provide him with enough protection from B, he can refuse contact until B agrees (at least for the duration of the communication) to more constraining laws. The cost of such a transaction will likely be negligible in cyberspace. There is thus no longer a problem with different following different laws coexisting in the same place at the same time, and it no longer makes sense to allow one entity to have a monopoly on government. > Economies of scale work against a large, slow-moving bureaucracy, so the > so-called goverment would devolve quickly into multiple small pieces. Kewl. > The specific point about "imagine if they tied decision making power to > how much you pay in taxes" was tried a while back: only tax-payers could > vote. I'm all in favor of this, but I doubt many of my fellow citizens are. I remember reading a short story a long time ago which was about an individual filing his taxes and about how proud and excited he was to do so. The government in the future had changed things to allow citizens to specify where they wanted their tax dollars to go to and the result was that they came to view filing taxes as a positive event. Now clearly this one change would not suddenly convince everbody that taxes were a positive event, but it would go a long way towards that and it would be an excellent marketing ploy for a non-monopoly government (or civic enterprise if your prefer). [Side note, I am in the process of convincing the MIT UA to adopt a similar measure where students would control where up to 70% of the per student money goes. It turns out that such a change would have a minimal impact in terms of where the money actually goes, but it would have an enourmous impact upon the feelings of the student body towards the UA (or the civic enterprise as the case may be). So when I say marketing ploy, I really mean it.] > I have a problem with the whole notion of calling a voluntary, > self-selected, market-driven system a "government" of any kind. Yes, it is > something people may voluntarily join, but so are country clubs, book > reading groups, and mailing lists. And the decision to shop at Safeway one > day is a temporary joining of such an instantiated group. But these things > ain't governments! > > This is not just semantic quibbling. If we say that such groups are > voluntary, but can vote on "rules" or "laws" which all must follow, then > the voluntary nature means people can freely leave, can choose not to abide > by the rules, etc. Hence the rules are toothless. First of all, I think that government is in a very specific business, the business of providing security (note, infact, how many of the government's programs are labled "insurance" of some kind). FDA restrictions, welfare, medicaid, anti-gun laws, the military... they are all intended to make sure that the citizenry need not worry about these things, to make sure the the people feel secure. For now, however, I'd like to define governments as entities that try to use some form of coercion to get others to follow its rules. My definition of government is as follows: governments are civic service providers which by their design attempt to impose a consistent set of rules on a diverse group of entities. In the physical world, the word impose usually translates into puting a gun by your head. In cyberspace, the word impose translates into placing stipulations on contact between people who follow the rules of the government and people who do not. Charging "aliens" penalty taxes during economic transactions, and refusing contact altogether are examples of cyberspatial government imposition. I do not find it difficult to imagine extremely large cyberpatial governments that depend entirely on these voluntary economic forms of coercion. In fact, unless some sort of enourmous cultural change were to occur, I find it extremelly likely that except for some fringe groups (like ourselves :) most citizens of Western nations would wind up belonging to large cyberspatial "nations", each with international treaties that govern the interaction between "citizens" of different "nations". So my claim is this: Without extreme cultural upheaval, it is highly probable that voluntary economic coercion alone will be sufficient to allow big government to move from the physical realm into cyberspace. Certainly the relationship between the citizenry and the government will change when government becomes voluntary. But when Joe Average gets wired, he will happily join whatever government that the authorities that be tell him is the right one for him to join without giving a second thought about the philosophy behind the existence of government. Nor will Joe think about how difficult it would be to create an annonymous pseudonym that was not a "citizen" of a "cybernation" and could not be linked back to his own identity or damage his primary identity's reputation. Joe probably won't even know what the word escrow means when the personal government agent he choses (because it was convieniently labled USA) secret splits his private key and sends the halves to the NSA and the FBI. JWS From jacksch at insom.eastern.com Thu Aug 4 04:04:07 1994 From: jacksch at insom.eastern.com (Eric Jacksch) Date: Thu, 4 Aug 1994 07:04:07 -0400 Subject: Encryption Message-ID: Dear Sir: I read with interest your article in July/August 94 Internet World regarding the CLIPPER chip. I presently operate a small systems consulting and software development business in Toronto, Canada. I have a background in Criminology, and an avid interest in data security. With the present state of technology, and the trends with regard to industrial espionage and invasion of personal privacy, I believe that individuals and businesses should have the ability to protect their electronic data with the best availible technology. I am extremely concerned with recent events in the United States and the apparent attempts to handicap the computer security industry. It bothers me that the U.S. administration wants this type of access to encrypted data. While I certainly support our law enforcement agencies in many of their noble efforts, I have difficulty with the implications of the CLIPPER chip with respect to personal privacy and I find it an alarming precident. As a Canadian business, I am not effected by the same repressive export restrictions faced by U.S. manufacturers of encryption products. As such, I am exploring the role that we could take with regard to this issue. I am interested in contacting Americans, particulary in the encryption area, who would perhaps like to see state-of-the-art encryption products availible from Canada for the international market. If you have any suggestions, or know anyone that I could contact, it would be greatly appreciated. Sincerely, Eric Jacksch P.O. Box 27539 Yorkdale Toronto, Ontario M6A 3B8 Voice: (416) 248-9720 Fax: (416) 248-4805 From jeffb at sware.com Thu Aug 4 07:18:07 1994 From: jeffb at sware.com (Jeff Barber) Date: Thu, 4 Aug 94 07:18:07 PDT Subject: Voluntary Governments? In-Reply-To: <9408041330.AA03044@ua.MIT.EDU> Message-ID: <9408041413.AA08474@wombat.sware.com> solman at MIT.EDU writes: [ > T.C.May writes: ] > > Without the legal monopoly on coercion, this so-called "government" would > > be just another service provider, like Safeway or Goodyear or K-Mart. > In cyberspace, the default condition is that there is no interaction. > Communication requires agreement by both parties. During this > agreement, the laws (contracts, whatever) that the two parties > follow can be communicated by each party to the other, and if > party A does not feel that party B's laws provide him with > enough protection from B, he can refuse contact until B agrees > (at least for the duration of the communication) to more > constraining laws. The cost of such a transaction will likely > be negligible in cyberspace. Huh? This is gobbledygook. Get specific. What is it that party A is providing that would motivate party B to "agree to more constraining laws?" Or do I have it backwards; I can't even tell which of these parties is supposed to be a "government". > My definition of government is as follows: governments are civic service > providers which by their design attempt to impose a consistent set of > rules on a diverse group of entities. In the physical world, the word > impose usually translates into puting a gun by your head. In cyberspace, > the word impose translates into placing stipulations on contact between > people who follow the rules of the government and people who do not. > Charging "aliens" penalty taxes during economic transactions, > and refusing contact altogether are examples of cyberspatial government > imposition. This is just gobbledygook again. Please describe how a "voluntary" government would prevent "aliens" from conducting their own economic transactions completely outside this system. And what is meant by the phrase "refusing contact?" Does this mean that the government to which I don't "belong" will refuse to receive communications from me? How is this a penalty? > So my claim is this: > > Without extreme cultural upheaval, it is highly probable that voluntary > economic coercion alone will be sufficient to allow big government > to move from the physical realm into cyberspace. Perhaps. You certainly haven't explained how. ("voluntary" and "coercion" in the same sentence?) -- Jeff From jya at pipeline.com Thu Aug 4 07:40:12 1994 From: jya at pipeline.com (John Young) Date: Thu, 4 Aug 94 07:40:12 PDT Subject: US Postal Public Key Message-ID: <199408041439.KAA11110@pipe1.pipeline.com> The list Cyberia posted an article yesterday on the US Postal Service's plan to use a public key system for email. If anyone wants the full posting, email me; it's about 25K. Below are excerpts: Quote: Quebec City, Canada, August 3, 1994--The U.S. Postal Service has dramatically increased its commitment to the security of communications on the NII, with the announcement of Postal Electronic Commerce Services ("Postal ECS"), which will offer a nationwide public key certification service for the authentication of digital signatures used in paperless electronic commerce. Richard Rothwell, Senior Director of Technology Integration for the USPS, officially released the news today in Quebec City, in a paper delivered to an international working group of the Information Security Committee of the American Bar Association's Section of Science and Technology, which has been developing guidelines for public key certification authorities. [Speech is all in uppercase] * * * AS MANY EXPERTS HAVE NOTED, INCLUDING MANY OF YOU IN THIS ROOM, DIGITAL FILES AS A RULE ARE NEITHER AS SECURE NOR AS ELECTRONIC COMMERCE CONVEYS. BUT WITHOUT SOME METHOD OF SEALING A DIGITAL FILE TO ESTABLISH ITS CONTENTS, AUTHOR, AND TIME OF TRANSMITTAL, THE BENEFITS OF ELECTRONIC COMMERCE WILL INEVITABLY BE LIMITED TO HIGHLY STRUCTURED TRANSACTIONS BETWEEN PARTIES THAT KNOW AND TRUST ONE ANOTHER. * * * THE POSTAL SERVICE IS USING PUBLIC KEY ENCRYPTION TECHNOLOGY, AND RELATED TECHNOLOGIES, TO DEVELOP A PUBLIC KEY CERTIFICATION AUTHORITY AND A SET OF ASSOCIATED TRUSTED THIRD PARTY SERVICES WHICH WE CALL POSTAL ELECTRONIC COMMERCE SERVICES (POSTAL ECS). WHEN INITIALLY DEPLOYED, POSTAL ECS WILL PROVIDE A BASIS FOR ELECTRONIC ASSURANCES WITHIN AND AMONG GOVERNMENT AGENCIES, AND BETWEEN GOVERNMENT AGENCIES AND THEIR CONSTITUENTS. IN PARTICULAR, THE POSTAL SERVICE HAS DEVELOPED THE ABILITY TO:  ISSUE PUBLIC KEY CERTIFICATES AND STORE THEM IN A PUBLIC DIRECTORY;  PROVIDE FOR THE "SEALING" OF SELECTED DOCUMENTS OR OTHER ELECTRONIC OBJECTS AND ASSOCIATING THEM WITH A DIGITAL SIGNATURE AND A TRUSTED TIME AND DATE STAMP;  PROVIDE SERVICES FOR PUBLIC KEY CERTIFICATE PUBLICATION AND REVOCATION; AND,  PROVIDE THE ABILITY TO ENCRYPT CONFIDENTIAL INFORMATION MOVING BETWEEN THE USER ENVIRONMENT AND THE POSTAL ECS MANAGEMENT SYSTEM.  FINALLY, PROVIDE NEAR REAL-TIME ACCESS TO CERTIFICATES AND THEIR STATUS. THE CERTIFICATION AUTHORITY WILL ISSUE AND MANAGE X.509 PUBLIC KEY CERTIFICATES CONTAINING A PERSON'S X.500 DISTINGUISHED NAME, PUBLIC KEY, AND OTHER IDENTIFYING INFORMATION. USERS CAN THEN RETRIEVE A CERTIFICATE FROM THE POSTAL SERVICE, AND USE ITS PUBLIC KEY TO AUTHENTICATE A DIGITAL SIGNATURE GENERATED BY THE COMPLEMENTARY PRIVATE KEY. * * * THESE USER AGENTS CONTAIN STANDARD PROGRAMMING INTERFACES THAT LINK USER APPLICATIONS, CRYPTOGRAPHIC ROUTINES, AND ECS SERVICES TOGETHER. OUR INITIAL IMPLEMENTATION IS BASED ON THE DIGITAL SIGNATURE STANDARD (DSS) ALGORITHM SET; BUT OUR PLAN IS TO SUPPORT OTHER CRYPTOGRAPHIC OPTIONS SUCH AS RSA IN THE NEAR FUTURE. * * * IN KEEPING WITH THE PHILOSOPHY I HAVE ARTICULATED, LET ME SAY THAT THE POSTAL SERVICE, IN ANY DEVELOPMENT OF THESE PRODUCTS, INTENDS TO SUPPORT MULTIPLE CRYPTOGRAPHIC PRODUCTS IN THE MARKET PLACE. IN ADDITION, WE WILL NOT COMPETE WITH NETWORK SERVICE PROVIDERS, NOR WILL WE BECOME A NETWORK OR CARRIER. * * * End Quote. From frissell at panix.com Thu Aug 4 07:40:46 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 4 Aug 94 07:40:46 PDT Subject: I sell out Message-ID: <199408041439.AA17839@panix.com> They finally got to me. after fretting for years about how (melanin-rich) hordes of illegal aliens were poised to steal *my* job, I've decided that something has to be done. The turning point came this morning while reading about the report of the Commission on Immigration Reform. They have proposed a brilliant idea -- a national registry of the names and SS numbers of all *Real* Americans (as well as those sneaky legal aliens) so that employers can (would have to) verify that their prospective employees are legal. Since this is such a fabulous idea, I thought that we might help out by creating a Social Security Number Server on the nets to make valid names and SS numbers available to *everyone*. Nice WWW interface with forms support, etc. After all, since it's such a good thing to do, we should *help* the Feds by doing more of it. As you may know, there's a guy on alt.privacy who has been collecting SS numbers for a while (a perfectly legal activity). I will be contacting him to see if he would be interested in contributing the numbers that he has collected. Anyone else interested contact me. DCF Who is among the 2% of Americans (it's actually higher) not covered by the Social Security Act and who will be part of the 5% of Americans (again it will be much higher) not covered by the Health Security Act. From rfb at lehman.com Thu Aug 4 08:12:49 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Thu, 4 Aug 94 08:12:49 PDT Subject: I sell out In-Reply-To: <199408041439.AA17839@panix.com> Message-ID: <9408041510.AA29446@fnord.lehman.com> Date: Thu, 04 Aug 1994 10:39:00 -0400 From: Duncan Frissell . . . As you may know, there's a guy on alt.privacy who has been collecting SS numbers for a while (a perfectly legal activity). I will be contacting him to see if he would be interested in contributing the numbers that he has collected. Doubtful, according to his Q&A sheet. He will, however, trade one-for-one. Rick From dance at cicero.spc.uchicago.edu Thu Aug 4 08:16:09 1994 From: dance at cicero.spc.uchicago.edu (Squeal) Date: Thu, 4 Aug 94 08:16:09 PDT Subject: Voluntary Governments? Message-ID: <9408041515.AA10173@cicero.spc.uchicago.edu> >> > > Imagine if the government stopped trying to force people to >> > > join it. Or imagine if they tied decision making power to >> > > how much you pay in taxes. The more you pay, the more say >> > > you get. After accepting the idea that government is a >> >> Without the legal monopoly on coercion, this so-called "government" would >> be just another service provider, like Safeway or Goodyear or K-Mart. [JWS writes:] >Well isn't that how its supposed to be? [....] No. The object of government is to limit the freedom of the people it governs. The word is derived from "govern" which means "3. To control the actions or behavior of 4. To keep under control; *restrain*" [American Heritage Dict.] It would be great if government could be a service provider, or simply feel responsible for those it governs--but then it would not be a government any longer. It would also be nice if I won the lotto. ;) _/_/_/ _/_/_/ _/_/_/ _/ _/ All men recognize the right of _/ _/ _/ _/ _/_/ _/ revolution; that is, the right _/_/_/ _/ _/ _/_/_/ _/ _/ _/ to refuse allegiance to, and to _/ _/ _/ _/ _/_/_/_/ _/ resist, the government, when its _/_/_/ _/_/_/ _/_/_/ _/ _/ _/_/_/ tyranny or its inefficiency are _/ great and unendurable. --Thoreau, Civil Disobedience From hughes at ah.com Thu Aug 4 08:20:28 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 4 Aug 94 08:20:28 PDT Subject: Remailer stuff In-Reply-To: Message-ID: <9408041450.AA12817@ah.com> Sorry if I'm being dense - will someone please E-mail me and tell me why outgoing-only (or incoming-address-unavailable) remailers are useful? The original intention of remailers is to allow people _who already know each other_ to do so without revealing that fact to the outside world. I would suggest that this use of remailers, rather than pseudonymity, it much easier to integrate into existing mail software, and would at this point be a good next step. But we don't even have encryption and signing well integrated yet, so I'm not too hopeful today. My criterion for a successful deployment is when the authors of a mailer distribute encryption, signing, and remailing support as a basic part of their packages. True pseudonymity further reduces risk of linking physical identity to online identity, but simply concealing communication patterns accomplishes a lot of that already. Eric From snyderra at dunx1.ocs.drexel.edu Thu Aug 4 08:28:22 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Thu, 4 Aug 94 08:28:22 PDT Subject: broadcast encryption Message-ID: At 5:55 PM 8/3/94, Jonathan Rochkind wrote: >That kind of explains why encryption is not allowed on ham bands, but it >doesn't satisfy me. The difference between ham and other bands, is to use >other frequencies I've got to pay the FCC major money for a license, or >pay some commercial service provider who payed the FCC major money. Not quite. As someone else noted, there are unregulated (except for power and equipment) bands where no license at all is required. >With ham, I don't have to pay no one nothing, except maybe $10 for a ham >license. ham, or some other frequency reserved to work like ham, could easily >serve as a poor man's connection to the internet. Anyone with a desktop >PC can invest another hundred dollars or so, and have a really low >bandwith (2400bps) direct connection to the internet. You can do IP >over ham, although it's really dificult to do so currently without breaking >the law and losing your license. Doing IP over the amateur bands is easy, and is done by many people. Doing a connection to the Internet over amateur bands is hard. >A public ham or ham-like radio band would seem to be something the cypherpunks >would really like. It would definitely facillitate the creation of a sort >of blacknet type thing. The government has given the public citizens band, and >ham radio, if they're not going to open up ham so it can be used in the ways >I'm thinking of, why not take another hunk of spectrum and give it to the >public, specifically intended for digital transmissions (IP or otherwise). >This seems to be something we should be campaigning for, and the EFF >should be lobbying for. I don't object to your goals, but honestly, I think the EFF should be lobbying harder for some more important things, like killing the FBI's wiretap bill and getting cryptological export control lifted. Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From snyderra at dunx1.ocs.drexel.edu Thu Aug 4 08:30:39 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Thu, 4 Aug 94 08:30:39 PDT Subject: broadcast encryption Message-ID: At 3:37 PM 8/3/94, Brian Lane wrote: >and my Linux system. Maybe they'll changes the rules if enough 'new' hams >could get together. I say 'new' because there are alot of old hams who >like things the way they are - they even fought the change in rules that >allow no-code users to get a license without having to take morse code(a >waste of time in my opinion). This may be blasphomey on this list, but I don't have a problem with the restriction on obscuring the meaning of transmissions on the amateur bands. My reading of the rules (and I'd probably double-check with the appropriate persons at the American Radio Relay League before doing so) is that cryptology that doesn't obscure the message, like digital signature, is permitted. After all, the encrypted portion of the message is easily computed or decoded, so its meaning would not be obscured; it just couldn't be generated by anyone else. This could be a solution to a problem I've always had with the digital amateur radio operations: the ease with which someone could be spoof. It's very easy to configure your system to transmit with the callsign of another, or even with a non-existant callsign. This is possible with wired networks as well, but requires access to the machines or cables on the network. With wireless, you can do it from anywhere, and as long as you keep connections short, not get tracked down. With digital signatures, it is possible to authenticate every message, or even better, every packet, and ignore unsigned message/packets. Getting a ham radio license (within the US) is fairly simple. You take a test the questions come from a pool which is public knowledge, pay the volunteer examiners ~$5 to cover the cost of the test(s), and wait for the FCC to send you your 10 year license. No fee for the license itself, and no renewal fee. Given the public nature of amateur traffic, I don't see a problem with the restrictions. There is no such thing as "private communications" on the ham bands. Never has been. If you want such privacy, use one of the commercial bands where it's allowed. Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From jrochkin at cs.oberlin.edu Thu Aug 4 08:54:45 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Thu, 4 Aug 94 08:54:45 PDT Subject: Remailer stuff Message-ID: <199408041553.LAA01801@cs.oberlin.edu> > Sorry if I'm being dense - will someone please E-mail me and tell me > why outgoing-only (or incoming-address-unavailable) remailers are > useful? I'm not sure that they are. The idea is, that some people might want to philanthropically provide a remailing service without revealing their identity. (or, heck, do it for a profit with anonymous ecash). This is currently pretty much unworkable. If a system that provided a reliable decentralized remailer infrastructure (like I _think_ the one I've proposed does), then it might become more workable, but I'm not certain if it would cross the boundry into something actually practical. But it's an interesting idea. > Also, with respect to getting the addresses of working remailers from > a newsgroup - it may not be a good idea to treat any address > advertising itself as a remailer as a useful remailer. Remailer 'x' > may well be run by a remailer-hater who publishes its traffic openly, This is a valid point, but it exists in _any_ remailer system or infrastructure. It's safest to assume that some cypherpunks list members who set up remailers are actually NSA agents. If you chain your message through 15 or 20 remailers, as long as 3 or 4 of them are not "evil", you are probably in good shape. But there's certainly a chance that all 20 are evil; I don't see how the "alt.anonremailer.net" concept changes the odds of getting a chain of all evil remailers. And, yes, I agree that the wise person wouldn't indiscriminately use remailers from this newsgroup, but only use those whose keys are signed by someone he trusts. It's obviously up to the user _how_ to use this hypothetical infrastructure, and there are ways that it could be used that wouldn't give you very much security. But I'm confident that if used properly it wouldn't give you any _less_ security then the current system, which is basically people telling each other about new remailers, and manualy adding them to their PGP rings and such. From kkirksey at world.std.com Thu Aug 4 09:19:16 1994 From: kkirksey at world.std.com (Ken Kirksey) Date: Thu, 4 Aug 94 09:19:16 PDT Subject: Voluntary Governments Message-ID: <199408041618.AA29934@world.std.com> -----BEGIN PGP SIGNED MESSAGE----- >The specific point about "imagine if they tied decision making power to >how much you pay in taxes" was tried a while back: only tax-payers could >vote. I'm all in favor of this, but I doubt many of my fellow citizens are. > >(And to some extent we have this, through bribes and influence-buying. >Campaign contributions, etc.) > >Would anyone choose to pay more in taxes for an increased voting share? >Hardly. Do the math on how influential any one vote is in an election. For >specific cases, maybe. Again, that's how influence-peddling arises. Not a >very healthy development, even for a cynic like me. Heinlein suggested something similar (along with a few other "alternative" forms of government) in the afterword to "Who Are The Heirs of Patrick Henry" in _Expanded Universe_. Heinlein suggests: "A State where anyone can buy for cash (or lay-away installment plan) one or more franchises, and this is the government's sole source of income other than services sold competitively and non-monopolistically. This would produce a new type of government with several rabbits tucked away in the hat. Rich people would take over the government? Would the, now? Is a wealthy man going to impoverish himself for the privilege of casting a couple of hundred votes? Buying an election today, under the warm body (and tombstone) system is much cheaper than buying a controlling number of franchises would be. The arithmetic on this one becomes unsolvable...but I suspect that paying a stiff price (call it 20,000 swiss francs) for a franchise would be even less popular than serving for two years." Personally, I favor his government that requires an intelligence/knowledge test before a person can vote. I especially like his "Improving the Breed" variation on this one. :-) BTW, he also suggests the government in Twain's _The Curious Republic of Gondor_, but I've never read this book. Can anyone describe the goverment posited in this book? Ken ============================================================================= Ken Kirksey kkirksey at world.std.com Mac Guru & Developer - ----------------------------------------------------------------------------- And the Clinton administration launched an attak on people in Texas because those people were religious nuts with guns. Hell, this country was FOUNDED by religious nuts with guns. - P.J. O'Rourke -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkD2AusZNYlu+zuBAQHsoQP9F/DcR8QUMpdCz7nfLlsUE1+kbJRDb6FC h3/613tR3IqRcKCj15nIg0QLYGH+OtcgPRskAJypPupZOS7+IZkeUk2bOPg57K0t H8UQbXY/xoc2WOUBKGsnXQnoBYQPvftU/M0V7t9ygVqGVFKIMapoVt+nXxYIsBLa EV54B/+2fsg= =KhXR -----END PGP SIGNATURE----- From jim at bilbo.suite.com Thu Aug 4 09:43:35 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 4 Aug 94 09:43:35 PDT Subject: alt.anonremailer.net Message-ID: <9408041643.AA19502@bilbo.suite.com> > I'm not sure how big of a problem this is. A remailer which > was there 3 or 4 days ago is _probably_ still going to be > around. The software can look at the date on the article, > and ignore articles that took an enormous amount of time > to get there, like say 2 weeks or something. But I think 3 or > 4 days might be acceptable. What do you think? > It is certainly better than anything we have now. One nice thing about your idea is that it can be brought online in steps. It doesn't require all remailers to suddenly switch over to using alt.anonremailer.net. > I'm not sure what you mean by "ping". Any of the "ping" mechanisms you mentioned would work (some better than others). There's no need to limit the "ping" to a single mechanism. The "I am here" messages could have a field indicating the different "ping" mechanisms the remailer supports. Again, this could start out to by a NULL field, and could be added to incrementally, as remailers get more sophisticated. Jim_Miller at suite.com From corpuz at internex.net Thu Aug 4 10:11:11 1994 From: corpuz at internex.net (Chris Corpuz) Date: Thu, 4 Aug 94 10:11:11 PDT Subject: URGENT: Please Tell Congress to Allow Encryption Export Message-ID: <9408041706.AA05151@infobase.InterNex.net> House Intelligence Committee holds key to Crypto Export ask at eff.org June 9, 1994 *DISTRIBUTE WIDELY* Today, the U.S. State Department controls the export of most encryption, working closely with the National Security Agency (NSA) to limit products that provide real privacy, from cell-phones to PC software. A bill introduced by Rep. Maria Cantwell would instead give authority over non-military crypto exports to the Commerce Department. Commerce has much more reasonable regulations, with "First Amendment"-style unlimited publishing of publicly available software, including PGP, Kerberos, RIPEM, RSAREF, and mass-market commercial software. The bill also prevents the Commerce Dept. from tightening the regulations even if NSA somehow gets its tentacles into Commerce. A few months ago, you-all sent over 5600 messages to Rep. Cantwell in support of her bill, H.R. 3627. As a result, on May 18, the bill passed the House Foreign Affairs Committee by being incorporated into the Export Administration Act of 1994, H.R. 3937. Now the battle has become more intense. This portion of H.R. 3937 has been referred to the House Intelligence Committee with the intent to kill or severely maim it. We need your help again, to urge the Intelligence Committee to keep crypto export liberalization intact. The House and Senate Intelligence Committees, the only watchdogs for the NSA, tend to follow the agency's wishes when they wave the magic "national security" wand. They need plenty of input from the public that tells them that the nation will be *more* secure with good encryption, even though the NSA will be less happy. Not just computer users, but all users of telephones, cable TV, health care, and credit information systems would benefit from this change. The security of these applications is built on the foundation laid by the operating systems and network protocols on which they run. If this bill is passed, you will see high quality encryption built into Microsoft Windows, into the MacOS, into major Unix workstations, into the Internet, into cellular phones, into interactive television. The software already exists for confidentiality, privacy, and security of local and networked information, but it's not built-in to these systems because of the export ban. Today, each company could build two operating systems, one gutted for international use, but this would be costly and confusing for them and their customers, and would not allow international networks such as the Internet or telephones to be made secure and private. With this bill, these limits disappear. Furthermore, the Clinton Administration plans to permit high volume exports of Clipper products, while continuing to require tedious paperwork for truly secure encryption products. The bill would give Clipper and other crypto software more even-handed treatment. The bill also eliminates a senseless situation on the Internet. Today, crypto software can only be freely distributed from non-U.S. archive sites. It would eliminate that problem as well as the threat of prosecution against U.S. freeware authors of crypto software. This is the dream we've all been working toward. Here's how you can help to make this dream a reality. The Intelligence Committee must make its decision on the bill before June 17, so time is critical: 1) Fax a short letter TODAY to the chair of the Intelligence Committee, Representative Dan Glickman (D-KS). Ask him in your own words to leave the encryption provisions of H.R. 3937 intact. Use a positive tone ("Please support...") rather than a flame or a rant. One paragraph is fine. State your title and organization if you will look more important or better informed than the average citizen. Rep. Glickman's committee fax number is +1 202 225 1991. This is the best option, since individual letters are given the most weight by members of Congress, particularly when sent on letterhead paper. 2) If you are unable to fax a letter, send an e-mail message to Rep. Glickman at glickman at eff.org. Software or staff at the Electronic Frontier Foundation will either fax it in, or print it out and hand-deliver it for you. 3) Send a copy of this message to everyone you know in Kansas, and personally urge them to write to Rep. Glickman today. Letters from constituents get a lot more weight, since they are from people who could actually vote for or against him in the next election. 4) If your own Representative is on the Intelligence Committee, send him or her a copy of what you sent Rep. Glickman. There's a list of all such Reps. below. Even if we lose this battle, you will have started educating your own Rep. about crypto policy. 5) Become a member of EFF. Our strength comes from our members' strength. Send a note to membership at eff.org asking how to join. Thanks again for your help! You can check at any time on the current status of the campaign at the location below. Send any comments on this campaign to campaign at eff.org. John Gilmore Chairman, EFF Crypto Committee EFF Board of Directors Member of Computer Professionals for Social Responsibility Member of International Association for Cryptologic Research House Intelligence Committee Members ------------------------------------ Subcommittee phone: +1 202 225 4121 Subcommittee fax: +1 202 225 1991 <== send your fax HERE <== p st name phone fax ___________________________________________________________________________ D KS Glickman, Daniel +1 202 225 6216 private Chair D WA Dicks, Norman D. +1 202 225 5916 +1 202 226 1176 D CA Dixon, Julian C. +1 202 225 7084 +1 202 225 4091 D NJ Torricelli, Robert +1 202 224 5061 +1 202 225 0843 D TX Coleman, Ronald D. +1 202 225 4831 +1 202 225 4831 D CO Skaggs, David E. +1 202 225 2161 +1 202 225 9127 D NV Bilbray, James H. +1 202 225 5965 +1 202 225 8808 D CA Pelosi, Nancy +1 202 225 4965 +1 202 225 8259 D TX Laughlin, Gregory H. +1 202 225 2831 +1 202 225 1108 D AL Cramer Jr, Robert (Bud) +1 202 225 4801 private D RI Reed, John F. +1 202 225 2735 +1 202 225 9580 D MO Gephardt, Richard A. +1 202 225 2671 +1 202 225 7452 R TX Combest, Larry +1 202 225 4005 +1 202 225 9615 R NE Bereuter, Douglas +1 202 225 4806 +1 202 226 1148 R CA Dornan, Robert K. +1 202 225 2965 +1 202 225 3694 R FL Young, C. W. (Bill) +1 202 225 5961 +1 202 225 9764 R PA Gekas, George W. +1 202 225 4315 +1 202 225 8440 R UT Hansen, James V. +1 202 225 0453 +1 202 225 5857 R CA Lewis, Jerry +1 202 225 5861 +1 202 225 6498 R IL Michel, Robert H. +1 202 225 6201 +1 202 225 9461 The full text of this alert is stored at: ftp.eff.org, /pub/Alerts/export.alert gopher.eff.org, 1/Alerts, export.alert http://www.eff.org/pub/Alerts/export.alert BBS (+1 202 638 6120, 8N1): "Alerts" file area, export.alt The actual text of this part of H.R. 3937 is at: ftp: ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export, hr3937_crypto.excerpt http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt BBS: "Privacy--Crypto" file area, hr3937.crp For current status on the bill: ftp.eff.org, /pub/Alerts/export_alert.update gopher.eff.org, 1/Alerts, export_alert.update http://www.eff.org/pub/Alerts/export_alert.update BBS: "Alerts" file area, export.upd A general Web page on crypto export policy is at: http://www.cygnus.com/~gnu/export.html ----- End Included Message ----- ************************************ Chris Corpuz * InterNex Information Services, Inc.* 1050 Chestnut St., Suite 202 * Menlo Park, CA 94025 * v.(415) 473-3060 * f.(415) 473-3062 * ************************************ From perry at imsi.com Thu Aug 4 10:32:31 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 4 Aug 94 10:32:31 PDT Subject: URGENT: Please Tell Congress to Allow Encryption Export In-Reply-To: <9408041706.AA05151@infobase.InterNex.net> Message-ID: <9408041729.AA14818@snark.imsi.com> LOOK AT THE DATE. This is OLD! The events it talks of are all over! Why are you distributing it again? The intelligence committee already gutted the bill a long time ago. Its too late. Please do NOT repost messages like this, especially not ones that contain old information that has already been sent to all the people you are sending the message to. Perry Metzger Chris Corpuz says: > House Intelligence Committee holds key to Crypto Export > ask at eff.org June 9, 1994 *DISTRIBUTE WIDELY* > > Today, the U.S. State Department controls the export of most > encryption, working closely with the National Security Agency (NSA) to > limit products that provide real privacy, from cell-phones to PC > software. A bill introduced by Rep. Maria Cantwell would instead give > authority over non-military crypto exports to the Commerce Department. > Commerce has much more reasonable regulations, with "First > Amendment"-style unlimited publishing of publicly available software, > including PGP, Kerberos, RIPEM, RSAREF, and mass-market commercial > software. The bill also prevents the Commerce Dept. from tightening > the regulations even if NSA somehow gets its tentacles into Commerce. > > A few months ago, you-all sent over 5600 messages to Rep. Cantwell in > support of her bill, H.R. 3627. As a result, on May 18, the bill > passed the House Foreign Affairs Committee by being incorporated into > the Export Administration Act of 1994, H.R. 3937. > > Now the battle has become more intense. This portion of H.R. 3937 has > been referred to the House Intelligence Committee with the intent to > kill or severely maim it. We need your help again, to urge the > Intelligence Committee to keep crypto export liberalization intact. > > The House and Senate Intelligence Committees, the only watchdogs for > the NSA, tend to follow the agency's wishes when they wave the magic > "national security" wand. They need plenty of input from the public > that tells them that the nation will be *more* secure with good > encryption, even though the NSA will be less happy. > > Not just computer users, but all users of telephones, cable TV, health > care, and credit information systems would benefit from this change. > The security of these applications is built on the foundation laid by > the operating systems and network protocols on which they run. If > this bill is passed, you will see high quality encryption built into > Microsoft Windows, into the MacOS, into major Unix workstations, into > the Internet, into cellular phones, into interactive television. The > software already exists for confidentiality, privacy, and security of > local and networked information, but it's not built-in to these > systems because of the export ban. Today, each company could build > two operating systems, one gutted for international use, but this > would be costly and confusing for them and their customers, and would > not allow international networks such as the Internet or telephones to > be made secure and private. With this bill, these limits disappear. > > Furthermore, the Clinton Administration plans to permit high volume > exports of Clipper products, while continuing to require tedious > paperwork for truly secure encryption products. The bill would give > Clipper and other crypto software more even-handed treatment. > > The bill also eliminates a senseless situation on the Internet. > Today, crypto software can only be freely distributed from non-U.S. > archive sites. It would eliminate that problem as well as the threat > of prosecution against U.S. freeware authors of crypto software. > > This is the dream we've all been working toward. Here's how you can > help to make this dream a reality. The Intelligence Committee must > make its decision on the bill before June 17, so time is critical: > > 1) Fax a short letter TODAY to the chair of the Intelligence > Committee, Representative Dan Glickman (D-KS). Ask him in your own > words to leave the encryption provisions of H.R. 3937 intact. Use a > positive tone ("Please support...") rather than a flame or a rant. > One paragraph is fine. State your title and organization if you will > look more important or better informed than the average citizen. Rep. > Glickman's committee fax number is +1 202 225 1991. This is the best > option, since individual letters are given the most weight by members > of Congress, particularly when sent on letterhead paper. > > 2) If you are unable to fax a letter, send an e-mail message to Rep. > Glickman at glickman at eff.org. Software or staff at the Electronic > Frontier Foundation will either fax it in, or print it out and > hand-deliver it for you. > > 3) Send a copy of this message to everyone you know in Kansas, and > personally urge them to write to Rep. Glickman today. Letters from > constituents get a lot more weight, since they are from people who > could actually vote for or against him in the next election. > > 4) If your own Representative is on the Intelligence Committee, send > him or her a copy of what you sent Rep. Glickman. There's a list of all > such Reps. below. Even if we lose this battle, you will have started > educating your own Rep. about crypto policy. > > 5) Become a member of EFF. Our strength comes from our members' strength. > Send a note to membership at eff.org asking how to join. > > Thanks again for your help! You can check at any time on the current > status of the campaign at the location below. Send any comments on > this campaign to campaign at eff.org. > > > John Gilmore > Chairman, EFF Crypto Committee > EFF Board of Directors > Member of Computer Professionals for Social Responsibility > Member of International Association for Cryptologic Research > > > House Intelligence Committee Members > ------------------------------------ > > Subcommittee phone: +1 202 225 4121 > Subcommittee fax: +1 202 225 1991 <== send your fax HERE <== > > p st name phone fax > ___________________________________________________________________________ > D KS Glickman, Daniel +1 202 225 6216 private Chair > D WA Dicks, Norman D. +1 202 225 5916 +1 202 226 1176 > D CA Dixon, Julian C. +1 202 225 7084 +1 202 225 4091 > D NJ Torricelli, Robert +1 202 224 5061 +1 202 225 0843 > D TX Coleman, Ronald D. +1 202 225 4831 +1 202 225 4831 > D CO Skaggs, David E. +1 202 225 2161 +1 202 225 9127 > D NV Bilbray, James H. +1 202 225 5965 +1 202 225 8808 > D CA Pelosi, Nancy +1 202 225 4965 +1 202 225 8259 > D TX Laughlin, Gregory H. +1 202 225 2831 +1 202 225 1108 > D AL Cramer Jr, Robert (Bud) +1 202 225 4801 private > D RI Reed, John F. +1 202 225 2735 +1 202 225 9580 > D MO Gephardt, Richard A. +1 202 225 2671 +1 202 225 7452 > R TX Combest, Larry +1 202 225 4005 +1 202 225 9615 > R NE Bereuter, Douglas +1 202 225 4806 +1 202 226 1148 > R CA Dornan, Robert K. +1 202 225 2965 +1 202 225 3694 > R FL Young, C. W. (Bill) +1 202 225 5961 +1 202 225 9764 > R PA Gekas, George W. +1 202 225 4315 +1 202 225 8440 > R UT Hansen, James V. +1 202 225 0453 +1 202 225 5857 > R CA Lewis, Jerry +1 202 225 5861 +1 202 225 6498 > R IL Michel, Robert H. +1 202 225 6201 +1 202 225 9461 > > The full text of this alert is stored at: > > ftp.eff.org, /pub/Alerts/export.alert > gopher.eff.org, 1/Alerts, export.alert > http://www.eff.org/pub/Alerts/export.alert > BBS (+1 202 638 6120, 8N1): "Alerts" file area, export.alt > > The actual text of this part of H.R. 3937 is at: > > ftp: ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt > gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export, hr3937_crypto.excerpt > http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt > BBS: "Privacy--Crypto" file area, hr3937.crp > > For current status on the bill: > > ftp.eff.org, /pub/Alerts/export_alert.update > gopher.eff.org, 1/Alerts, export_alert.update > http://www.eff.org/pub/Alerts/export_alert.update > BBS: "Alerts" file area, export.upd > > A general Web page on crypto export policy is at: > > http://www.cygnus.com/~gnu/export.html > > > > ----- End Included Message ----- > > > > ************************************ > Chris Corpuz * > InterNex Information Services, Inc.* > 1050 Chestnut St., Suite 202 * > Menlo Park, CA 94025 * > v.(415) 473-3060 * > f.(415) 473-3062 * > ************************************ > > From mech at eff.org Thu Aug 4 10:41:24 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 4 Aug 94 10:41:24 PDT Subject: USPS digital signature annoucement Message-ID: <199408041740.NAA19691@eff.org> [This is just an informational forward, and does not represent official EFF positions or statements in any way.] Forwarded message: Date: Thu, 4 Aug 1994 10:46:48 -0400 From: cmerri01 at reach.com (Charles Merrill -- McCarter ^ English - Newark ) Subject: USPS Elec Comm Serv Quebec City, Canada, August 3, 1994--The U.S. Postal Service has dramatically increased its commitment to the security of communications on the NII, with the announcement of Postal Electronic Commerce Services ("Postal ECS"), which will offer a nationwide public key certification service for the authentication of digital signatures used in paperless electronic commerce. Richard Rothwell, Senior Director of Technology Integration for the USPS, officially released the news today in Quebec City, in a paper delivered to an international working group of the Information Security Committee of the American Bar Association's Section of Science and Technology, which has been developing guidelines for public key certification authorities. "Our initial implementation is based on the Digital Signature Standard (DSS) Algorithm set; but our plan is to support other cryptographic options such as RSA in the near future," Rothwell said. Public key digital signatures serve to authenticate the originator of a digital communication, validate the integrity of the message, fix the time and date of the message, and prevent the sender from subsequently repudiating the communication - all features which are critical to increasing trust in electronic commerce. The full text of the USPS announcement on Postal ECS follows, which may be duplicated and disseminated widely, so long as the entire text is included. Address to Information Security Committee, EDI/IT Division American Bar Association Section of Science and Technology Quebec City, Canada, August 3, 1994 GOOD AFTERNOON MY NAME IS RICHARD ROTHWELL. I AM SENIOR DIRECTOR OF TECHNOLOGY INTEGRATION FOR THE UNITED STATES POSTAL SERVICE. I DOUBT THERE ARE MANY GROUPS MORE AWARE OF THE SWEEPING CHANGES TAKING PLACE IN COMMUNICATIONS THAN THIS ONE, OR HOW THOSE CHANGES AFFECT THE WAY THAT ALL OF US WILL DO BUSINESS IN THE FUTURE. TODAY I WANT TO SHARE WITH YOU MY THOUGHTS ON THE ROLE OF THE POSTAL SERVICE IN THIS NEW AGE, AND PARTICULARLY, THE ROLE THAT WE ARE BEING ASKED TO ASSUME IN HELPING TO FACILITATE THE EMERGING WORLD OF ELECTRONIC COMMERCE. THE POSTAL SERVICE WAS ESTABLISHED, AT THE BIRTH OF THE UNITED STATES, WITH THE MISSION OF BINDING TOGETHER A DIVERSE AND FAR- FLUNG NATION THROUGH THE CORRESPONDENCE OF THE PEOPLE. IT WAS, AND IS, A BROAD-BASED MISSION. OVER A CENTURY AGO, THEN ACTING ATTORNEY GENERAL WILLIAM HOWARD TAFT WROTE THAT "THE MAKERS OF THE CONSTITUTION ... HAD IN MIND THE COMPREHENSIVE VIEW WHICH REGARDED POST OFFICES ... AS INSTRUMENTS FOR THE TRANSMISSION OF INTELLIGENCE," A MISSION THEY EXPRESSED "IN VERY COMPREHENSIVE TERMS..." TODAY WE ARE BEING ASKED BY OUR CUSTOMERS TO CONSIDER NEW WAYS OF CARRYING OUT THIS MISSION. TODAY WE LIVE IN A COMPLEX, COST CONSCIOUS, INTERDEPENDENT SOCIETY WHICH IS DEVELOPING NEW ELECTRONIC COMMUNICATION SYSTEMS AND RE-INVENTING COMMERCIAL PRACTICES. FOR MANY APPLICATIONS, THE NEW EFFICIENCIES OF ELECTRONIC DATA COMMUNICATION, THE BENEFITS THAT IT HAS PROVIDED TO ITS EARLY ADOPTERS, AND THE COMPETITIVE PRESSURES THAT THIS EVOLUTION HAS CREATED ARE DRIVING CORPORATIONS, GOVERNMENTS, AND INDIVIDUALS TO EXPLORE NEW WAYS OF CONDUCTING BUSINESS, AND SERVING THEIR CUSTOMERS AND CONSTITUENTS. YET, AS MANY EXPERTS HAVE NOTED, INCLUDING MANY OF YOU IN THIS ROOM, DIGITAL FILES AS A RULE ARE NEITHER AS SECURE NOR AS RELIABLE AS THEIR PAPER COUNTERPARTS. DIGITAL FILES ARE DESIGNED TO BE EASILY MANIPULATED BY USERS ON DIFFERENT COMPUTERS. THIS IS, OF COURSE, AN ESSENTIAL ELEMENT OF THE EFFICIENCY THAT ELECTRONIC COMMERCE CONVEYS. BUT WITHOUT SOME METHOD OF SEALING A DIGITAL FILE TO ESTABLISH ITS CONTENTS, AUTHOR, AND TIME OF TRANSMITTAL, THE BENEFITS OF ELECTRONIC COMMERCE WILL INEVITABLY BE LIMITED TO HIGHLY STRUCTURED TRANSACTIONS BETWEEN PARTIES THAT KNOW AND TRUST ON ANOTHER. SUCH LIMITS WILL SEVERELY CONSTRAIN OR WIPE OUT THE BENEFITS OF ELECTRONIC DATA INTERCHANGE. A RECENT ARTICLE IN GOVERNMENT COMPUTER NEWS NOTED THAT THE USE OF TRADING PARTNER AGREEMENTS TO STRUCTURE EDI AGREEMENTS COULD REQUIRE THE SERVICES OF HUNDREDS OF LAWYERS TO NEGOTIATE, WRITE, AND ARGUE ABOUT THE AGREEMENTS JUST FOR GOVERNMENT PROCUREMENT. THIS IS EVIDENCE OF THE GREAT DEGREE OF TRANSACTIONAL FRICTION THAT MUST INEVITABLY ACCOMPANY SUCH AN APPROACH. IF ELECTRONIC COMMERCE IS NOT GOING TO BE LIMITED TO HIGHLY STRUCTURED TRANSACTIONS BETWEEN WELL KNOWN AND TRUSTED PARTIES, OTHER SOLUTIONS MUST BE DEVELOPED TO CREATE AN EFFECTIVE LEGAL FRAMEWORK AND ELECTRONIC INFRASTRUCTURE. ELECTRONIC COMMUNICATION MEDIA CANNOT BECOME A RELIABLE BASIS FOR WIDESPREAD BUSINESS USE WITHOUT A TRUSTED METHOD OF SEALING DIGITAL CONTENTS, VERIFYING THE PARTIES INVOLVED, AND ESTABLISHING AN OFFICIAL DATE AND TIME FOR THE TRANSACTION. GOVERNMENT HAS SIMILAR NEEDS. TRUST AND SECURITY ARE ESSENTIAL TO THE SUCCESS OF THE NATIONAL INFORMATION INFRASTRUCTURE, THE REFORM OF GOVERNMENT PERFORMANCE, AND A NUMBER OF OTHER CRITICAL FUNCTIONS, SUCH AS THE IMPLEMENTATION OF HEALTH CARE REFORM. PERSONAL, EDUCATIONAL, LITERARY, AND BUSINESS CORRESPONDENCE TRAVELING ON THE INFORMATION SUPERHIGHWAY MUST BE ELECTRONICALLY GUARDED SO THAT ALL CITIZENS ARE REASONABLY ASSURED OF THE INTEGRITY OF THEIR RECORDS. THE TIMELY DELIVERY OF IMPORTANT ELECTRONIC INFORMATION, AND THE IDENTITY AND AUTHORITY OF THE PEOPLE WITH WHOM THEY COMMUNICATE ARE EQUALLY IMPORTANT. WITHOUT TRUST AND SECURITY, ALL OF THE SUPERCOMPUTERS AND ALL OF THE HIGH-SPEED NETWORKS IN THE WORLD CANNOT MAKE THE N.I.I. SUCCEED ON THE BROAD FUNCTIONAL BASIS FOR WHICH IT WAS CONCEIVED. AS ONE OF THE NATION'S LARGEST ORGANIZATIONS, THE UNITED STATES POSTAL SERVICE SHARES MANY OF THE CONCERNS OF BOTH BUSINESS AND GOVERNMENT. THE POSTAL SERVICE MUST MANAGE TRANSACTIONS WITH THOUSANDS OF ORGANIZATIONS ON A DAILY BASIS IN THE PROCESS OF ANNUALLY DOING $49 BILLION OF BUSINESS MOVING 171 BILLION PIECES OF MAIL. BUT OUR CONCERNS ARE NO DIFFERENT FROM THOSE OF ANY LARGE ENTERPRISE IN THE WORLD TODAY TRYING TO MAKE ITS OPERATIONS MORE EFFICIENT. THERE ARE NOT LIKELY TO BE MANY IN THIS ROOM WHO DO NOT BELIEVE IN THE NEED FOR A MECHANISM FOR ESTABLISHING THE RELIABILITY OF AN ELECTRONIC TRANSMISSION, AND BINDING AN INDIVIDUAL TO IT. I THEREFORE DO NOT BELIEVE THAT IT WILL BE NECESSARY TO CONDUCT A DETAILED EXPLORATION OF THE ADVANTAGES OF BUILDING A PUBLIC KEY INFRASTRUCTURE AS A SOLUTION TO THE TECHNICAL PROBLEMS OF PROVIDING SECURITY FOR ELECTRONIC DOCUMENTS. WHAT I WILL TALK TO YOU ABOUT IS THE ROLE THE POSTAL SERVICE CAN PLAY IN PROVIDING THESE TECHNICAL SOLUTIONS WHERE THEY ARE NEEDED. THERE ARE SEVERAL REASONS WHY THE POSTAL SERVICE IS DEVELOPING PLATFORMS FOR PROVIDING SOLUTIONS TO THESE PROBLEMS. FIRST, OUR GENERAL DUTY TO "BIND THE NATION TOGETHER THROUGH THE PERSONAL, EDUCATIONAL, LITERARY, AND BUSINESS CORRESPONDENCE OF THE PEOPLE" HAS TAKEN ON NEW MEANING NOW THAT A HYBRID INFORMATION HIGHWAY, PART PAPER AND PART ELECTRONIC, HAS BECOME A REALITY AND WILL CONTINUE TO BE FOR AT LEAST THE NEXT DECADE. SECOND, NOT SURPRISINGLY, OUR CUSTOMERS ARE ASKING US TO PLAY AN EXPANDED ROLE IN FACILITATING PAPER AND ELECTRONIC COMMERCE BECAUSE WE HAVE UNIQUE LEGAL AND INSTITUTIONAL RESOURCES TO ACCOMPLISH THE TASK. AND THIRD, WE HAVE TO DEVELOP ELECTRONIC SERVICES TO MEET OUR CUSTOMERS' NEEDS FOR FASTER, MORE EFFICIENT HANDLING OF THEIR PRODUCTS. A CORE FUNCTION OF THE POSTAL SERVICE WILL REMAIN THE TRANSMISSION OF HARD COPY MESSAGES TO AND FROM RESIDENCES AND BUSINESSES IN AMERICA. AS I'VE NOTED, THAT FUNCTION FLOWS OUT OF OUR CORE MISSION TO BIND THE NATION TOGETHER. THE POSTAL SERVICE HAS OTHER MISSIONS AS WELL. WE ARE TASKED TO PROVIDE SERVICE ON A UNIVERSAL BASIS TO PATRONS IN ALL AREAS AND TO ALL COMMUNITIES. WE ARE REQUIRED TO USE EVERY EFFORT TO PROVIDE EFFICIENT AND EXPEDITIOUS DELIVERY OF CORRESPONDENCE. WE ARE CHARGED WITH PROTECTING THE PRIVACY OF POSTAL CUSTOMERS AND MAY NOT MAKE AVAILABLE TO THE PUBLIC BY ANY MEANS OR FOR ANY PURPOSE ANY MAILING OR OTHER LIST OF NAMES OR ADDRESSES, PAST OR PRESENT, OF POSTAL PATRONS OR OTHER PERSONS. AND WE ARE CHARGED WITH MAINTAINING THE SECURITY AND INTEGRITY OF THE MAILS, AND INVESTIGATING POSTAL OFFENSES AND CIVIL MATTERS RELATING TO THE POSTAL SERVICE. AS A CONSEQUENCE OF THESE MISSIONS, THE POSTAL SERVICE HAS AT LEAST THREE ASSETS WHICH MAKE US A LIKELY CANDIDATE TO PLAY A ROLE IN THIS EMERGING FIELD. FIRST, THE POSTAL SERVICE ALREADY HAS MUCH OF THE LEGAL AND INSTITUTIONAL INFRASTRUCTURE NECESSARY TO ASSIST IN THE DEVELOPMENT OF WIDESPREAD ELECTRONIC COMMERCE. SECOND, OUR SIZE AND WIDELY DISTRIBUTED RESOURCES GIVE US THE PRACTICAL TOOLS TO PROVIDE A MUCH-NEEDED SERVICE ON A UNIVERSAL BASIS. THIRD, WE ARE UNIQUELY SITUATED TO PROTECT CORE VALUES SUCH AS SECURITY AND INDIVIDUAL PRIVACY AS WELL AS UNIVERSAL ACCESS TO THE TOOLS OF ELECTRONIC COMMERCE. LET ME DISCUSS THESE ONE AT A TIME. FIRST, THE POSTAL SERVICE HAS THE LEGAL STRUCTURE TO PERFORM THE DUTIES OF MANAGING A CERTIFICATE AUTHORITY. THE POST OFFICE WAS ORIGINALLY ESTABLISHED BY THE CONTINENTAL CONGRESS AS THE UNITED STATE'S FIRST INFORMATION HIGHWAY. FOR OVER TWO HUNDRED YEARS, A SOPHISTICATED REGIME OF STATUTES, REGULATIONS, AND POLICIES HAS DEVELOPED TO PROVIDE THE INFRASTRUCTURE WHICH ENABLES SECURE, EFFICIENT, AND INEXPENSIVE TRANSMISSION OF PAPER COMMUNICATIONS. FOR 200 YEARS, THE UNITED STATES POSTAL SERVICE HAS CERTIFIED MAIL, SEALED IT WITH THE POWER AND AUTHORITY OF LAW, PROVIDED RESPONSIBLE AND TIMELY MAIL DELIVERY, AND INSURED PATRONS AGAINST LOSS OR THEFT. A RELIABLE AND TRUSTED MAIL SYSTEM REMARKABLY FREE OF CORRUPTION OR ABUSE HAS ACCOMPANIED THE DEVELOPMENT OF A SYSTEM OF COMMERCE IN THE UNITED STATES WHICH IS SECOND TO NONE IN THE WORLD. FOR HARDCOPY COMMUNICATIONS, THE LEGAL FRAMEWORK IS ALREADY IN PLACE TO HANDLE ISSUES SUCH AS LIABILITY, INDEMNITY, CONFIDENTIALITY, FRAUDULENT USE, THEFT, DEFINITE DATING, ETC. A SIMILAR FRAMEWORK WILL BE REQUIRED TO SUPPORT ELECTRONIC COMMERCE. CUSTOMERS HAVE SUGGESTED THAT THE POSTAL SERVICE MAY BE IN A UNIQUE POSITION TO PROVIDE PART OF THAT STRUCTURE. FOR EXAMPLE, SOME CUSTOMERS HAVE SUGGESTED THAT THEY ARE CONCERNED WITH THEIR OWN CAPACITY TO HANDLE LIABILITY ISSUES, AND THAT THE POSTAL SERVICE PROVIDES A READY-MADE SOLUTION TO THIS PROBLEM. OTHERS HAVE EXPRESSED CONCERN ABOUT THE CONFIDENTIALITY PROBLEMS INHERENT IN DEALING WITH OTHER COMPANIES, WHILE STILL OTHERS HAVE ASKED FOR A REGIME FOR CONTROLLING FRAUD WHICH IS AS STRONG AND CONVENIENT AS THAT IN PLACE FOR MAIL FRAUD. THUS, THE STRONG LEGAL FRAMEWORK ESTABLISHED FOR HANDLING PAPER COMMUNICATIONS CAN PROVIDE SIMILAR BENEFITS FOR ELECTRONIC COMMERCE. SECOND, OUR CUSTOMERS ARE ASKING FOR OUR ASSISTANCE IN THIS AREA BECAUSE WE HAVE UNIQUE PRACTICAL ASSETS, INCLUDING:  THE 40,000 RETAIL FACILITIES DISTRIBUTED NATIONWIDE  UNIVERSAL PRESENCE AND THE CAPACITY TO ACHIEVE SIGNIFICANT SCALE  THE RESOURCES OF AN EXISTING NATIONAL INFORMATION INFRASTRUCTURE  A VERY STRONG VERIFICATION PROCESS CURRENTLY USED FOR PASSPORTS, THAT INVOLVES PROOF OF ID AND OTHER INFORMATION TO A FEDERAL EMPLOYEE.  THE EXPERIENCE, POLICIES, AND ABILITY TO ARCHIVE RECORDS WITHOUT RISK THAT THEY WOULD BE USED FOR COLLATERAL COMMERCIAL PURPOSES. THE POSTAL SERVICE IS ALSO A REMARKABLY LONG-LIVED ORGANIZATION, AND THOSE OF YOU WHO HAVE STRUGGLED WITH ARCHIVING POLICIES WILL RECOGNIZE THAT TO BE AN IMPORTANT ADVANTAGE. AS BOB JUENEMAN HAS SAID ON THE INTERNET, "CERTIFICATES 'R US" MAY BE GONE TOMORROW. IF YOU HAVE TO PROVE THAT A CERTIFICATE WAS REGISTERED ON A CERTAIN DATE, AND YOU ARE SEEKING AN APPROPRIATE ARCHIVING FACILITY, YOU CAN HAVE CONFIDENCE THE POSTAL SERVICE WILL STILL BE AROUND TO SUPPORT YOUR REQUEST. A THIRD STRENGTH THE POSTAL SERVICE BRINGS TO ENABLING ELECTRONIC COMMERCE, AND ANOTHER REASON THAT OUR CUSTOMERS HAVE ASKED FOR HELP, IS OUR CAPACITY TO CREATE CERTIFICATE MANAGEMENT SYSTEMS THAT CAN REACH VIRTUALLY EVERY COMMUNITY IN AMERICA, BECAUSE WE ALREADY HAVE A SUBSTANTIAL PRESENCE IN THOSE COMMUNITIES. WE CAN THEREFORE PROVIDE A SOLUTION TO THE QUESTION OF HOW TO PUT THE TOOLS OF ELECTRONIC COMMERCE, SUCH AS CERTIFICATES, INTO THE HANDS OF EVERYONE. THERE ARE MANY OBSTACLES TO PREVENT CITIZENS FROM TAKING ADVANTAGE OF THE BENEFITS OF ELECTRONIC COMMERCE. CURRENTLY THERE ARE TECHNOLOGICAL, GEOGRAPHIC, ECONOMIC, AND KNOWLEDGE BARRIERS WHICH PREVENT PEOPLE FROM PARTICIPATING IN THE BENEFITS OF ELECTRONIC COMMERCE. TO PROVIDE UNIVERSAL SERVICE TO ELECTRONIC COMMERCE WE MUST PROVIDE ACCESS WHICH IS UNIVERSALLY USABLE AND UBIQUITOUS AND SCALABLE. BY PROVIDING A SOLUTION TO SOME OF THESE ACCESS PROBLEMS, THE POSTAL SERVICE MAY HAVE AN IMPORTANT ROLE TO PLAY IN ENSURING THAT FUTURE COMMUNICATIONS IN AMERICA PROVIDE A CONTINUING FRAMEWORK FOR SUSTAINING A DEMOCRATIC, PARTICIPATORY SOCIETY. THUS, MANY OF THE INSTITUTIONAL FEATURES NEEDED BY AN ENTITY WISHING TO TAKE PART IN CERTIFICATE ISSUANCE AND MANAGEMENT ALREADY EXIST IN THE UNITED STATES POSTAL SERVICE. THE POSTAL SERVICE WAS ESTABLISHED TO PROVIDE VERY SIMILAR SERVICES FOR THE SUPPORT OF CORRESPONDENCE WHEN THE PHYSICAL FRONTIER WAS CHAOTIC AND HARD TO REACH. IT IS READY TO PROVIDE SIMILAR SERVICES ON THE ELECTRONIC FRONTIER. AS THE POSTMASTER GENERAL HAS INFORMED CONGRESS, WE ARE ACTIVELY SUPPORTING THE DEVELOPMENT OF THE N.I.I. TO FACILITATE THE DEVELOPMENT OF OUR OWN BUSINESS AND TO HELP US CARRY OUT OUR MISSION. ON MARCH 24, THE POSTMASTER GENERAL TESTIFIED BEFORE THE SENATE AFFAIRS COMMITTEE THAT "WORKING WITH OTHER FEDERAL AGENCIES, WE MAY BE ABLE TO DEVELOP AN ELECTRONIC COMMERCE SYSTEM." HE ALSO NOTED THAT, THROUGH THE DEVELOPMENT OF A KIOSK PROGRAM THAT MIGHT CARRY OUT POSTAL TRANSACTIONS AND PERHAPS ALSO DISSEMINATE INFORMATION FROM OTHER AGENCIES, OUR POSTAL LOBBIES COULD BECOME "ON-RAMPS" TO THE ELECTRONIC SUPER HIGHWAY. THE POSTMASTER GENERAL HIGHLIGHTED TWO IMPORTANT AREAS IN WHICH THE POSTAL SERVICE MAY BE HELPFUL: SERVING THE REQUIREMENTS OF OTHER GOVERNMENT AGENCIES, AND PROVIDING UNIVERSAL SERVICE TO THOSE CITIZENS WHO ARE IN DANGER OF BEING LEFT OUT OF THE INFORMATION REVOLUTION. TO THESE HE MIGHT HAVE ADDED A THIRD, EQUALLY IMPORTANT AREA: PROTECTING THE PRIVACY OF AMERICAN CITIZENS. THIS CONCERN IS DEEPLY EMBEDDED IN POSTAL TRADITION AND STATUTE. WHEN WE SPEAK OF THE SECURITY OF ELECTRONIC COMMERCE WE SHOULD NOT MISS THE WAY IN WHICH COMMERCIAL SECURITY AND INDIVIDUAL PRIVACY ARE INTERCONNECTED CONCEPTS. WHILE IT IS TOO EARLY TO KNOW WHAT PRECISELY LIES AHEAD, LET ME SHARE WITH YOU A GENERAL DESCRIPTION OF THE SYSTEMS WE ARE DEVELOPING, BOTH FOR OUR OWN USE AND FOR THAT OF OUR CUSTOMERS. THE POSTAL SERVICE IS USING PUBLIC KEY ENCRYPTION TECHNOLOGY, AND RELATED TECHNOLOGIES, TO DEVELOP A PUBLIC KEY CERTIFICATION AUTHORITY AND A SET OF ASSOCIATED TRUSTED THIRD PARTY SERVICES WHICH WE CALL POSTAL ELECTRONIC COMMERCE SERVICES (POSTAL ECS). WHEN INITIALLY DEPLOYED, POSTAL ECS WILL PROVIDE A BASIS FOR ELECTRONIC ASSURANCES WITHIN AND AMONG GOVERNMENT AGENCIES, AND BETWEEN GOVERNMENT AGENCIES AND THEIR CONSTITUENTS. IN PARTICULAR, THE POSTAL SERVICE HAS DEVELOPED THE ABILITY TO:  ISSUE PUBLIC KEY CERTIFICATES AND STORE THEM IN A PUBLIC DIRECTORY;  PROVIDE FOR THE "SEALING" OF SELECTED DOCUMENTS OR OTHER ELECTRONIC OBJECTS AND ASSOCIATING THEM WITH A DIGITAL SIGNATURE AND A TRUSTED TIME AND DATE STAMP;  PROVIDE SERVICES FOR PUBLIC KEY CERTIFICATE PUBLICATION AND REVOCATION; AND,  PROVIDE THE ABILITY TO ENCRYPT CONFIDENTIAL INFORMATION MOVING BETWEEN THE USER ENVIRONMENT AND THE POSTAL ECS MANAGEMENT SYSTEM.  FINALLY, PROVIDE NEAR REAL-TIME ACCESS TO CERTIFICATES AND THEIR STATUS. THE CERTIFICATION AUTHORITY WILL ISSUE AND MANAGE X.509 PUBLIC KEY CERTIFICATES CONTAINING A PERSON'S X.500 DISTINGUISHED NAME, PUBLIC KEY, AND OTHER IDENTIFYING INFORMATION. USERS CAN THEN RETRIEVE A CERTIFICATE FROM THE POSTAL SERVICE, AND USE ITS PUBLIC KEY TO AUTHENTICATE A DIGITAL SIGNATURE GENERATED BY THE COMPLEMENTARY PRIVATE KEY. THE CORRESPONDENCE SERVICE PROVIDED BY THE SYSTEM IS THE POSTAL ECS SEAL WHICH PROVIDES USERS WITH A VALIDATION OF THE ORIGINATOR BASED ON HIS OR HER DIGITAL SIGNATURE. WE ALSO PROVIDE A POSTAL SERVICE DIGITAL SIGNATURE ON THE DIGEST OF AN ELECTRONIC OBJECT THAT ASSURES THAT IT CANNOT BE CHANGED WITHOUT DETECTION. WE ALSO PROVIDE THE POSTAL SERVICE DIGITAL SIGNATURE ON A DATE AND TIME STAMP THAT WE SUPPLY TO ENABLE PROOF OF EXISTENCE AT A POINT IN TIME AND WE PROVIDE ARCHIVING FOR THOSE DATE AND TIME STAMPS. FINALLY, WE PROVIDE NEAR REAL-TIME ACCESS TO CERTIFICATES AND THEIR STATUS. THIS ALLOWS A USER TO GET UP-TO-DATE INFORMATION ON THE VALIDITY OF CERTIFICATES, AND REMOVES THE NEED FOR USERS TO MAINTAIN THEIR OWN CERTIFICATE REVOCATION LISTS. THE POSTAL SERVICE HAS IMPLEMENTED THE CERTIFICATE AUTHORITY SERVICES, THE CORRESPONDENCE SERVICES AND THE SUPPORTING DIRECTORY ON A HOST COMPUTER SYSTEM IN ONE OF OUR MAJOR PRODUCTION DATA CENTERS. WE HAVE ALSO DEVELOPED THREE POSTAL SERVICE-LICENSED USER AGENTS AS REFERENCE MODELS TO BE INSTALLED ON END USER WORKSTATIONS THAT WILL PROVIDE ACCESS TO POSTAL ECS SERVICES. THEY RUN ON MICROSOFT WINDOWS-BASED PC~S AND ACCESS POSTAL ECS SERVICES VIA E-MAIL (EITHER INTERNET OR X.400). WE ARE ALSO WORKING ON AN INTERACTIVE DIAL-UP COMMUNICATION ALTERNATIVE AND EXPECT THIS TO BE AVAILABLE SHORTLY. THESE USER AGENTS CONTAIN STANDARD PROGRAMMING INTERFACES THAT LINK USER APPLICATIONS, CRYPTOGRAPHIC ROUTINES, AND ECS SERVICES TOGETHER. OUR INITIAL IMPLEMENTATION IS BASED ON THE DIGITAL SIGNATURE STANDARD (DSS) ALGORITHM SET; BUT OUR PLAN IS TO SUPPORT OTHER CRYPTOGRAPHIC OPTIONS SUCH AS RSA IN THE NEAR FUTURE. WE ARE NOW MOVING FROM DEVELOPMENTAL WORK TO ACTUAL PROOF OF CONCEPT PILOT TESTING OF THESE SERVICES BOTH INTERNALLY IN THE USPS AND WITH OUR GOVERNMENT AGENCY PARTNERS. OUR PLANS WILL EVOLVE AS WE GAIN EXPERIENCE FROM THESE INITIAL PILOT TESTS AND CONTINUE TO TALK WITH CUSTOMERS, AND EXPERTS IN ENCRYPTION, SOFTWARE DEVELOPMENT, AND COMPUTER SCIENCE. WE HAVE SHARED OUR PLANS WITH CONGRESS, THE ADMINISTRATION, AND THE MEDIA. AND WE HAVE ASKED OURSELVES THREE KEY QUESTIONS:  IS THIS INITIATIVE CRITICAL TO OUR MISSION AND OUR RESPONSIBILITY TO THE PUBLIC?  DO OUR CUSTOMERS HAVE A NEED FOR OUR PARTICIPATION? AND,  WOULD THE COSTS OF PROVIDING THESE SERVICES BE BALANCED BY POTENTIAL REVENUES? CERTAINLY THE RESPONSES THAT WE HAVE RECEIVED TO DATE MORE THAN JUSTIFIES OUR VIEW THAT THIS IS AN AREA IN WHICH WE SHOULD CONTINUE TO BE AN ACTIVE PARTICIPANT. BEFORE CONCLUDING, LET ME DIRECTLY ADDRESS A CONTROVERSIAL PHILOSOPHICAL DISCUSSION ABOUT CERTIFICATE MANAGEMENT SO YOU CAN UNDERSTAND WHAT WE SEE AS THE FUTURE WORLD OF ELECTRONIC COMMERCE. THERE HAS BEEN A GREAT DEAL OF DEBATE ABOUT THE RELATIVE ADVANTAGES OF HIERARCHIAL VERSUS PEER-TO-PEER OR ONE- LEVEL MODELS FOR MANAGEMENT OF DIGITAL SIGNATURE. TO SOME EXTENT, I BELIEVE THIS DEBATE MISSES THE POINT. THE SYSTEM FOR MANAGING X.500 CERTIFICATES THAT WILL EVENTUALLY BE ADOPTED WILL BE ADOPTED ONLY BECAUSE IT MEETS THE BUSINESS NEEDS OF THE USERS. BECAUSE THE COMPLEX COMMUNICATION NEEDS OF THE FUTURE WILL REQUIRE FLEXIBILITY TO MEET INDIVIDUAL DESIRES, SOME MIX OF HIERARCHIAL AND PEER-TO-PEER OR FLAT MANAGEMENT SCHEMES WILL BE ADOPTED. WHAT THE RECIPIENT OF AN ELECTRONIC DOCUMENT SIGNED WITH A DIGITAL SIGNATURE NEEDS TO KNOW IS HOW MUCH WEIGHT TO GIVE THAT SIGNATURE -- OR, IN OTHER WORDS, WHAT ACTIONS TO TAKE BASED ON AN EVALUATION OF THE SENDER. THIS IS EXACTLY THE SAME THING THAT IS DECIDED EVERY DAY BY PEOPLE -- SHOULD WE SELL SECURITIES TO A VOICE OVER THE PHONE? SHOULD WE PLACE AN ORDER WITH A NEW SALESMAN? GIVEN THE INFINITE VARIETY OF POSSIBLE TRANSACTIONS AND ENCOUNTERS, THERE IS NO POINT IN TRYING TO IMPOSE ON ELECTRONIC TRANSACTIONS A SINGLE PARADIGM FOR AUTHENTICATION. DIFFERENT LEVELS OF ASSURANCE, AND DIFFERENT ARCHITECTURES, WILL BE NECESSARY FOR DIFFERENT USES. WHAT IS IMPORTANT IS THAT THE PARTIES TO THE TRANSACTION ARE AWARE OF THE LEVEL OF ASSURANCE PROVIDED. THE POSTAL SERVICE CAN BE OF ASSISTANCE IN FILLING SOME SPECIFIC NEEDS IN THE CERTIFICATE ARENA, BUT IT HAS NO INTENTION OF CONTROLLING OR DOMINATING THAT ARENA. FOR THE NEAR FUTURE THE UNIVERSE OF ELECTRONIC COMMERCE WILL CONTINUE TO HAVE MANY DIFFERENT GALAXIES. MANY VARYING CONCEPTS AND SERVICES WILL BE ABLE TO MAKE VALUABLE CONTRIBUTIONS. MANY OTHER ENTITIES WILL PROVIDE SERVICES IN THIS AREA: AS VICE PRESIDENT GORE HAS NOTED IN NUMEROUS SPEECHES, THERE IS A ROLE FOR BOTH PRIVATE AND PUBLIC ENTITIES. WE PLAN TO PROVIDE SERVICES BASED UPON IDENTIFIED NEEDS, WHICH CUSTOMERS WILL DECIDE WHETHER OR NOT THEY WILL USE. IN KEEPING WITH THE PHILOSOPHY I HAVE ARTICULATED, LET ME SAY THAT THE POSTAL SERVICE, IN ANY DEVELOPMENT OF THESE PRODUCTS, INTENDS TO SUPPORT MULTIPLE CRYPTOGRAPHIC PRODUCTS IN THE MARKET PLACE. IN ADDITION, WE WILL NOT COMPETE WITH NETWORK SERVICE PROVIDERS, NOR WILL WE BECOME A NETWORK OR CARRIER. IN DEVELOPING THESE SERVICES, WE ARE KEENLY INTERESTED IN THE WORK OF THIS GROUP. WHILE THE TECHNOLOGY AND SCALE ISSUES SEEM TO US TO BE MANAGEABLE, WE RECOGNIZE THAT THERE ARE STILL MANY LEGAL QUESTIONS CONCERNING THE WAY IN WHICH THE DESIGN OF A PUBLIC KEY INFRASTRUCTURE MANAGEMENT SERVICE MIGHT BEST WORK. THE LIABILITY ISSUES ARE NOT YET COMPLETELY CLEAR, AND THE DUTIES OF EACH ENTITY IN SUCH AN INFRASTRUCTURE NEED TO BE ARTICULATED. AS CUSTOMERS SEEK OUR SERVICES, WE WILL HAVE TO FACE QUESTIONS OF SCALABILITY, INVESTMENT, AND THE REGULATORY ISSUES ASSOCIATED WITH THE INTRODUCTION OF A NEW SERVICE. CAN THE SERVICE BE MANAGED? WHAT INVESTMENT WILL BE REQUIRED? HOW WILL REGULATORS HAVE US PRESENT THE SERVICE TO THE PUBLIC AND AT WHAT PRICE? WE GREATLY APPRECIATE THE EXCHANGE OF VIEWS THAT THIS FORUM MAKES POSSIBLE. WE ALL HAVE MUCH TO LEARN IN THIS AREA, AND I BELIEVE WE SHOULD WELCOME THE FACT THAT WE LIVE IN SUCH INTERESTING TIMES. [end] -- Stanton McCandlish
mech at eff.org

Electronic Frontier Fndtn.

Online Activist From tcmay at netcom.com Thu Aug 4 11:15:32 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 4 Aug 94 11:15:32 PDT Subject: Voluntary Governments? In-Reply-To: Message-ID: <199408041815.LAA26807@netcom17.netcom.com> Bob Snyder writes: > I think there is a balance that can be struck between code-only talk and > politics. The list seems to be heavily tilted towards politics, probably > because a good portion of the subscribers may not have the math/computer > science background to follow all the code/protocol discussion. I know that > I have a hard time following it some times. But I think opening the list > up to generic, non-cryptological debate is a bad idea. > "Opening the list up"? I've been on the list since the beginning, and anarcho-capitalist, politico-cryptologic themes have _always_ been with us. The role and nature of government in the presence of strong cryptography is a recurring, and important, theme. Those who want to discuss the mathematics and engineering of cryptology are certainly encouraged to do so, but not to stop other threads. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From frissell at panix.com Thu Aug 4 13:26:20 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 4 Aug 94 13:26:20 PDT Subject: US Postal Public Key Message-ID: <199408042025.AA18823@panix.com> At 10:39 AM 8/4/94 -0400, John Young quoted others as writing: >Richard Rothwell, Senior Director of Technology Integration for >the USPS, officially released the news today in Quebec City, in a >paper delivered to an international working group of the Information >Security Committee of the American Bar Association's Section of >Science and Technology, which has been developing guidelines >for public key certification authorities. What is the most important character in the above paragraph? The 's' in 'authorities.' It means no monopoly. DCF Who will be using the (now private) *Dutch* Post Office as (one of) *his* certification authorities. From frissell at panix.com Thu Aug 4 13:26:51 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 4 Aug 94 13:26:51 PDT Subject: Egalitarianism vs. Strong Cryptography Message-ID: <199408042025.AA18791@panix.com> At 08:01 AM 8/4/94 -0400, Perry E. Metzger wrote: > >I'm not certain you understand the tremendous economic pressure that >taxes bring to bear. True enough. Note that untaxed income is worth almost twice as much as taxed income. An efficient market will exert tremedous pressure to shave even 1% off a price spread. Income taxation gives us a juicy 40%+ "price" spread to cut out. Vast profits. >> In a society where taxes were managable, and put to a use all >> citizens felt was worthy, such forces would be much less and >> there would be enormous peer pressure on individual citizens to >> do their fair share. > >And if my grandmother had wheels she'd be a bicycle. It isn't >happening now -- the trend is towards larger taxes, bigger government >and more repression, not less. In a marketing war between private companies and the government in which the government can't use force (because the contest is conducted over the nets), the government loses. It just can't compete. No value added. DCF "Who's proud to be called a social Darwinist by Her Royal Clintoness (HRC)." From jdd at aiki.demon.co.uk Thu Aug 4 13:41:28 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 4 Aug 94 13:41:28 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) Message-ID: <3778@aiki.demon.co.uk> The problem of designing a reliable and trusted remailer network is a generalization of the problem of constructing a reliable Internet and so many of the solutions can be the same. The structure of the Internet has been gone over and over again for twenty years or so and is probably optimal. This suggests that * all packets should be acknowledged * messages should be broken down into packets which are routed independently * users should communicate with trusted gateways * users should be accessible through a hierarchy of logical names which includes the gateway name * gateways should be known to users only through their logical names * the gateways should frequently exchange routing information * that routing information should have an expiry date * gateway operators can choose who they announce routing information to and accept routing information from * users may have accounts with gateways and be charged for gateway usage * gateway operators can settle accounts between each other periodically * system software should be obtained [only] from trusted sites; to make things simpler, it should be possible to distribute bootstrap diskettes that allowed the bulk of the software to be downloaded or updated over the net without being compromised Specifically cryptographic elements are easily added to the system * all inter-gateway traffic should be encoded * packets can be delayed for random intervals * routing of packets can be somewhat stochastic; that is, you don't generally packets by the quickest route, and the choice of forwarding gateway is not 100% predicatable, given the destination gateway * packets can be fragmented and padded with noise at random * noise packets can be added at random * route selection, packet fragmentation, and noise generation can be continuously adjusted to defeat traffic analysis The following suggestions raised in recent postings are included in this scheme: * cjl's MIRV capability (except that it is supplied by the system and not the user) * Jidan's noise injection * Rochkind's stability-from-being-paid and web-of-trust notions * Markowitz's automated contacts between mailers * a form of digital postage * Rochkind's pinging The following are very easily supported by the scheme: * a form of digital cash (the gateway operator would run a tab for users, like a credit card company) * digital signatures * message transfer via custom Internet protocols as well as via the email system * users could specify the degree of confidentiality required and the system would use stronger encryption, increase chaff (anti-traffic analysis measures), and restrict use to more trusted gateways as required Where email is used to transfer messages, the format used should be a subset of that specified in the SMTP RFCs. Restricting the structure of the headers would simplify the remailer software at little cost to the user. The use of alt.x groups to exchange gateway information does not seem to add anything to this system; in fact it would seem to make it easier to spoof the system. There could be multiple remailer nets, some commercial (paid for) and some free. The commercial networks could choose to exchange traffic with the free networks at no charge. Commercial remailers would probably be very concerned with legal issues, both criminal (pornography, etc) and non-criminal (copyright violations). -- Jim Dixon From jamesd at netcom.com Thu Aug 4 14:46:54 1994 From: jamesd at netcom.com (James A. Donald) Date: Thu, 4 Aug 94 14:46:54 PDT Subject: USPS digital signature annoucement In-Reply-To: <199408041740.NAA19691@eff.org> Message-ID: <199408042146.OAA21677@netcom8.netcom.com> > MY NAME IS RICHARD ROTHWELL. I AM SENIOR DIRECTOR OF TECHNOLOGY > INTEGRATION FOR THE UNITED STATES POSTAL SERVICE. > > ... (much excellent and very true commentary deleted) > > THIRD, WE ARE UNIQUELY SITUATED TO PROTECT CORE VALUES > SUCH AS SECURITY AND INDIVIDUAL PRIVACY AS WELL AS UNIVERSAL > ACCESS TO THE TOOLS OF ELECTRONIC COMMERCE. Translation: We never got into bed with the NSA, because steaming letters open was too much like hard work, so give us a job please. A most excellent argument. From jrochkin at cs.oberlin.edu Thu Aug 4 15:01:12 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Thu, 4 Aug 94 15:01:12 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) Message-ID: <199408042200.SAA07928@cs.oberlin.edu> > * Rochkind's stability-from-being-paid and web-of-trust notions I'm not sure I like being credited with the "stability from being paid" notion. I think there _is_ stability from being paid, but I think if the infrastructure depends on it, it's not a good infrastructure. The system should be able to create a stable top-level infrastructure on top of an inherently instable environment, with remailers going up and down, and popping into existence, and dying. It should route around dead remailers, like the internet itself. > Where email is used to transfer messages, the format used should be > a subset of that specified in the SMTP RFCs. Restricting the structure of the headers would simplify the remailer software at little cost to the user. > > The use of alt.x groups to exchange gateway information does not seem > to add anything to this system; in fact it would seem to make it easier > to spoof the system. It _would_ make it easier to spoof the system, but I think it does add several very important things: 1) New remailers can easily announce themselves to the remailernet. [Whether they are to be trusted or not should depend on pgp-signed keys and web of trust, but the newsgroup provides an way to announce yourself to the system, and have that announcment by automatically dealt with by all participating parties] 2) Users (not people operating remailers, people using them) could make use of the newsgroup, to compile a database of remailers, and make long remailer chains. Users could have automated software doing this. [again, taking account of web-of-trust through signatures]. Messages posted to the newsgroup could include information on whether the remailer is free, or whether ecash is charged, and the user's software could automatically take account of this, enclosing ecash certificates in the proper encryption blocks for for-profit remailers. (and reporting costs to user for approval, of course). These are really two facets of the one problem, of allowing a user or remailer who has just arrived on the seen to quickly get a list of remailers, and make use of them, all automatically. That's sort of the super-set problem which encompasses the other two, and whose solution solves the other two. I don't think it's a coincidence that the newsgroup system solves these two problems at the expense of security (the newsgroup makes it easier to spoof). I have a gut feeling that any solution which solves these problems is going to be at the expense of security. But I think these two problems need to be solved if we want to create an easy to use, low-human-maintance, infrastructure in a universe of hundreds of remailers. The fact is, that even remailers exchanging mail _can_ be spoofed, if not quite as easily as the newsgroup idea. It seems to be a premise of cryptographic protocols and schemes, that you've got to assume a worst case and get a system working where even under the worst case, everything works. I think this is a good way to work, and that's why you've got to assume that if it can be spoofed, it will be spoofed. And you've got to build in a web of trust relying on cryptographically secure signatures, instead of relying on false security you get from thinking that it hasn't been spoofed just because it would be a little bit dificult to do so. Once you adopt this frame of mind, the newsgroup method is just as secure as the mail method (both can be spoofed, but you rely on web-of-trust to prevent spoofing from doing any harm), but the newsgroup method solves the two problems I brought up. I agree that it seems a good idea for the SMTP RFCs to be used to exchnage info, and we could post to the alt.remailernet newsgroup with articles that adhere to the SMTP RFCs, even though that isn't exactly what the those RFCs are intended for. Although we almost certainly need some agreed upon standards in addition to the SMTP RFCs, because there is additional information we want to exchange. From ianf at simple.sydney.sgi.com Thu Aug 4 15:35:12 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Thu, 4 Aug 94 15:35:12 PDT Subject: URGENT: Please Tell Congress to Allow Encryption Export In-Reply-To: <9408041706.AA05151@infobase.InterNex.net> Message-ID: <9408050823.ZM6861@simple.sydney.sgi.com> On Aug 4, 10:08am, Chris Corpuz wrote: > The House and Senate Intelligence Committees, the only watchdogs for > the NSA, tend to follow the agency's wishes when they wave the magic > "national security" wand. Reading this, I was reminded that I have rarely seen any mention on the net as to one of the reasons why the "national security" wand is so effective with many politicians. Imagine this: you're a politician. If you're a US politician in particular you will be correctly told that you are, by virtue of your position, a target for a lot of "extremeist" groups and terrorism. You will then be told that one of the main weapons on your side is the tremendous security infrastructure which has been constructed to intercept and prevent acts of violence against the government (ie. you). They'd probably then drop little pieces of information - strictly secret of course to make sure that you treated them with the proper respect - which would leave you with the impression that these guys do such a good job of protecting YOUR ass. They might even have some intelligence showing your name on some documents from some politicial organisation with a violent tendencies, and who wouldn't be a bit worried after that? After this little speech, you'll have had the presence and influence of the various security services entwined with the protection of your very life. It's been personalised for you in a very intimate way, and for most politicians, this is works. It's always worth bearing in mind when you see one of them do an abrupt 180 degree turn after a visit from the spooks. Ian. From nobody at CSUA.Berkeley.EDU Thu Aug 4 17:35:03 1994 From: nobody at CSUA.Berkeley.EDU (Tommy the Tourist (Anon User)) Date: Thu, 4 Aug 94 17:35:03 PDT Subject: Censorship/protecting children is not on topic... Message-ID: <199408050034.RAA20172@soda.CSUA.Berkeley.EDU> This debate about protecting children from censorship, et al is great, but arn't we veering off the charter/topic of this mailing list? ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 8 lines: :: Response-Key: the-clipper-key ====Encrypted-Sender-Begin==== MI@```%E^&2?(E+Y2-*'0G?5^"B%&EG M0_U[L1(6_(\$"))OK>(OA8H+I%T at 3K;%1ON[7^#@]3[:`$.O0\]*<1^R&ZKY $R7JWF@`` ====Encrypted-Sender-End==== From hfinney at shell.portal.com Thu Aug 4 19:43:56 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 4 Aug 94 19:43:56 PDT Subject: Remailer ideas Message-ID: <199408050244.TAA16584@jobe.shell.portal.com> The MIRV idea for messages is not bad, but by itself it does not provide enough cover. If you have a 33K byte message come in and a while later a 21K and a 12K byte message go out, there might not be many other possible messages that could add up to 33K. A more complete solution is to pad all messages to a standard size. If every message which goes into the remailer is the same size, and every message which comes out of the remailer is the same size, and each has no carried-over header or message-body information, then there should be no way of matching up incoming to outgoing message. This was the simple solution in Chaum's original February 1981 CACM paper, which I would strongly suggest that people read. CACM is probably the most widely available of the computer science journals and should be at every university library. Chaum's paper has some interesting aspects that are not often mentioned. He actually proposes two different solutions that differ somewhat. (People should also be aware of his alternative solution to the traffic analysis problem, the "Dining Cryptographers" network. I think Tim may have scanned that in at some point, so it might be on the net. DC nets tend to be high bandwidth and are more suitable for LANs or WANs than email, IMO.) The first solution in Chaum's paper is the "Cascade". In this there is a sequence of "Mixes", what we would call remailers, which are used in a FIXED order by everyone. It's as though everyone first sent their messages to soda, then to portal, then to catalyst, and so on through some specific sequence. Furthermore, these are all sent in a set of batches which stay together as they move through the network. A batch of messages starts at soda, then at a later time that same batch pops out the other end, having been decrypted and shuffled at each step. >From our perspective, this seems like a wasteful way of using the network. By keeping the messages together like this, the whole cascade does no more shuffling than would a single mix. Using the cascade provides no more confusion of messages. But the advantage it does provide comes from the fact that there is no guarantee that the remailers are honest. This is something which is often overlooked by people who make suggestions that remailers should cooperate, should automatically choose the message paths, etc. Chaum uses the cascade so that if even one mailer on the chain is honest and uncorrupted, the whole chain is strong. If you _knew_ you were using a good remailer you wouldn't need a cascade. But by using a cascade you get that much more assurance that you have security. The other reason for using a fixed cascade, I think, has to do with the details of message padding. The problem is that, generally, when you decrypt a message it is not exactly the same size as it was when you started. Particularly with remailer messages, where there may be some encrypted address information along with the message, the output will tend to be smaller than the input. By using a cascade, the messages will all shrink in step as they move along. All of the messages coming in to any mix in the cascade will be the same size, and all the messages going out will be the same size, but the outgoing messages may not be the same size as the incoming ones. It is this size differential which would make it hard to safely combine messages which have gone through different numbers of mixes. Chaum does go on to suggest a solution to this as the second main part of his paper. That part is considerably harder to follow, but the main idea seems to be that the mixes themselves will add padding to the end of the messages so that they stay the same size. Chaum describes this in terms of messages composed of fixed-size blocks, but it would seem that the idea could be generalized to a remailer which added random padding to bring the output message up to the standard size. I can't see any security leaks in this generalization. One interesting idea Chaum suggests is that after the remailer decrypts the messages in its batch, it does not simply send each one to the next address, but rather broadcasts them (perhaps to all of the other remailers). Those remailers try decrypting all of the incoming messages and only those messages for which the decryption succeeds will be sent on. Again, I'd suggest people interested in reamailers read this paper. I believe there were some follow-ups in the Crypto 89 proceedings, but my library is missing that volume so I haven't seen them. Hal From blancw at microsoft.com Fri Aug 5 18:23:25 1994 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 5 Aug 94 18:23:25 PDT Subject: No Subject Message-ID: <9408060028.AA13655@netmail2.microsoft.com> who cypherpunks From paul at hawksbill.sprintmrn.com Fri Aug 5 20:18:01 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Fri, 5 Aug 94 20:18:01 PDT Subject: (fwd) Latest Cyberwire Dispatch Message-ID: <9408060354.AA20180@hawksbill.sprintmrn.com> I couldn't recall this already being posted to the list, so apologies if you've already seen it. As the syaing goes, "Be afraid. Be very afraid." - paul Forwarded message: > From: mech at eff.org (Stanton McCandlish) > Newsgroups: comp.org.eff.talk > Subject: Latest Cyberwire Dispatch (fwd) > Date: 5 Aug 1994 11:18:07 -0500 > Organization: UTexas Mail-to-News Gateway > Lines: 186 > Sender: nobody at cs.utexas.edu > Distribution: inet > Message-ID: <199408051618.MAA21205 at eff.org> > NNTP-Posting-Host: news.cs.utexas.edu > > [This is just an informational forward, and is not an EFF statement.] > > > ****** begin fwd ******* > > CyberWire Dispatch // Copyright (c) 1994 // > > Jacking in from the "The Good, the Bad and the Ugly" Port: > > Washington, DC -- For months now a kind of high stakes privacy poker has > been played out here behind the closed doors of congressional subcommittees > as the FBI, telephone industry executives, congressional staffers and civil > libertarians have played a kind of five card draw with the privacy of all > your future telephone calls, faxes and electronic mail. > > The betting's all but over now; Congress has "called" the hand and laid > its cards on the table: A soon to be introduced bill that will mandate > --forever -- that all the nation's telephone networks be designed to give > the FBI easy wiretap access. The bill's sponsors, Senator Patrick Leahy > (D-Vt.) and Rep. Don Edwards (D- Cal.), have fought through a numbing array > of options, opinions and (FBI) obfuscation in order feel comfortable enough > to sign their names to a bill that, just years ago, was laughed off Capitol > Hill because it was severely flawed. > > My how time changes things. > > It's been two years since the FBI first introduced what amounted to an > "Easy Wiretap America" bill. Now we have a new President, a new FBI > director and suddenly, a new bill that requires the nation's > telecommunications providers to reengineer their facilities so the FBI can > do wiretaps easier. > > The Leahy and Edwards staffs have dumped hundreds of hours of "sweat > equity" into this bill, which could be introduced as early as today > (Friday) but certainly before next Tuesday. > > Leahy and Edwards have never been known to tape "kick me" signs on the back > of American privacy rights. The bill that's been hammered out here -- and > that phrase isn't used lightly -- by Leahy and Edwards is a damn sight > better than the FBI's laughable attempts at drafting legislation. In fact, > it was Leahy and Edwards that stepped into the breach to thwart those early > FBI proposals from being passed "as is." > > An earlier version of this bill, which, among other things, gave the > Justice Department the right to shut down any telephone company's network, > regardless of size, if they didn't comply with the wiretap statute, was set > to be introduced by Sen. Joseph Biden (D-Del.), with heavy support from > others in congress. That bill, if introduced, would have passed, > congressional sources have said. > > But the Leahy and Edwards tag team effort took Sen. Biden off the scent. > So, we get a more palatable bill. Call it the "cod liver oil act" of 1994. > It tastes horrible, but it's necessary, considering the earlier > alternatives. Without this Leahy/Edwards bill our privacy rights would > have really been fucked over. At least now we get kissed. (Sorry, no > tongues.) > > Still Got The Power > ==================== > > A draft copy of the latest bill, obtained by Dispatch, shows that the > Justice Department and FBI still have the tools to intimidate and harass > the future development of the nation's telecommunications infrastructure. > > The bill, as it stands, does keep Justice and law enforcement from > mandating any "specific design of features or system configurations to be > adopted." But the requirements to build wiretap capability into all public > telecommunications carrier systems is steadfast. This means that while the > FBI can't expressly tell a company "how to get there," it can definitely > say, "just get there." > > Never again, under the provisions of this bill, will a telecommunications > provider be able to develop a service or technology without first and > foremost asking the question: How can I design this so that it pops off > the assembly line wiretap ready? > > Read it again. The key word there: Never. > > There is an "out" however, and it comes thanks to Leahy. If a new > technology doesn't fit with the mandate, that is, if you can't make that > new hand held satellite phone wiretap ready and you've made every > "reasonable effort" to make it so, it can still be sold. How? > > "The court can enforce the (wiretap) requirement of this act only if > compliance with the act is 'reasonably achievable' through the application > of 'available technology,'" said Jeff Ward, director of governmental affair > for the Nynex telephone company. > > Ward -- who says the bill has been an "albatross" around his neck for 2 > years -- has focused his efforts during this 2 year time frame, on ensuring > that such "reasonably achievable" provisions allow telephone industry and > equipment makers to be "good corporate citizens." That is, these > companies are required to consider [wiretap] design factors, but if after > "due consideration, we can't do it, we've got to be able to proceed." > > This effort is supported by the bill; however, it is a court of law that > decides what is "reasonable" or not. Such litigation, brought by Justice > no doubt, could tie up a new technology for years while the case is > decided, thus giving Justice and the FBI a kind of de facto control over > the development of new technologies. > > Make That Check Out To... > ========================= > > Then there's cost. The FBI insists that the cost to industry to retrofit > all their networks will be only $500 million. But that's a bullshit figure > and everyone from FBI Director Louis Freeh to the newest line programmer at > AT&T knows it. > > In fact, so many lines of code will have to be written and maintained to > comply with these wiretap mandates that one Internet pioneer, Dave Farber, > has called the FBI proposal "the programmers full employment act." > > Provisions in the bill make it basically a blank check for the FBI. Within > the first 4 years, there is $500 million approved to be spent on > "upgrading" all the nation's telephone systems to provide law enforcement > with easy wiretap access. There are provisions in the bill that require > the government to repay all costs of installing wiretap software throughout > all networks forever, with no cap. What's not clear, however, is what > happens when FBI demands for wiretap capability exceed the $500 million > mark (and it will) during those first 4 years. > > Maybe we'll get some answers when this bill (in whatever language is > finally passed) is discussed at joint hearings to be held by Leahy and > Edwards on it August 11th. > > Take It or Take It > =================== > > Take it or take it. Those are your only choices here. This bill is a slam > dunk for passage. But you didn't lose everything. > > All electronic systems will be exempt from complying with the bill's > mandates. But hold on before you cheer... > > This simply means that the FBI can't tap your Email from, say, America > Online's computers; rather, they can do what they've always been allowed > to do: Snag it off the telephone company's central switch. But at least > we don't have the Internet being hung with "FBI: Tap In Here" signs. > > Transactional data, Dispatch has been told, will get some beefed up > protection. Just how this language shakes out remains to be seen, however. > > > Yeah, but Can They Count? > ========================= > > At the very end of the draft we obtained, the FBI is given a curious > additional reporting requirement under its annual wiretap reports. The > addition, in our draft copy, says the Bureau must quantify "the number of > interceptions encountering electronically encrypted communications, > specifying the number of such interceptions that could not be decrypted." > > Throughout the history of this bill and the now ignominious Clipper Chip > proposal, the FBI has touted the fact that it's investigations are > continually stymied by encryption technologies. Small problem: The Bureau > refuses to provide any kind of documentation to back up those claims. > > At first blush, then, this extra requirement finally means the G- men will > have to give us some concrete numbers. All well and good... *if* that's > what this requirement actually is used for. > > There's potentially a much darker use for these stats... yes, I see all you > Crypto-rebels nodding your anxious heads. You see, such a formal gathering > of statistics could be used by the Bureau or... say, the National Security > Agency, to "prove" that private encryption schemes are just too great a > threat to "catching bad guys." > > Citing these newly gathered statistics the White House could, one day, > order the banning of private encryption methods. Far fetched you say? > > Yeah, it's far-fetched... something on the order of, oh, say a bill that > mandates telephone companies give the FBI easy access to all conversations > from now until forever. > > Meeks out... > > ******* end ******** > > > -- > Stanton McCandlish >

mech at eff.org >

Electronic Frontier Fndtn. >

Online Activist > > From jeffb at sware.com Fri Aug 5 20:23:43 1994 From: jeffb at sware.com (Jeff Barber) Date: Fri, 5 Aug 94 20:23:43 PDT Subject: Voluntary Governments? In-Reply-To: <9408050241.AA07660@ua.MIT.EDU> Message-ID: <9408052101.AA10905@wombat.sware.com> solman at MIT.EDU writes: > That's because neither is. A and B are just two folks who might want to > communicate with each other. Party A may have a "law" that prohibits any > form of fraud and fines violators an amount set by some "politician". > The law that A chooses might be quite restrictive (like many > of the truth in advertising laws we have in the physical realm.) B is just > some random person who wants to communicate with A. Maybe he has something > he wants to sell to A. Suppose that B is not adhering to the laws that A > has chosen. When he attempts communication, A's agents will inform B's > agents that A wouldn't feel safe under B's laws. One of three things will > happen: > 1) B really would like to do business with A so he temporarilly accepts A's > laws. This probably involves giving the following process: I think I now understand what it is you're saying. But the protocol you describe is merely that of a trusted escrow agent, which is not a government. Governments can sometimes act in that capacity (for example, if you default on your mortgage, the govt. will hand over your house to the mortgage holder). One difference between the government and other trusted "adjudicators" is that -- and this goes back to an earlier idea in this thread -- the government has the force of arms to back up its decisions. (If you don't make your monthly payment, the bank goes to the adjudicator [the govt.] who turns over the property to the bank and evicts you. If you refuse to leave, the govt. sends men with guns to your house to force you out.) Any other agent would need to have some economic or other pressure it could apply to you to compel you to follow the "rules" you agreed to. Without the threat of force, though, this can hardly be called a government. You're simply taking an existing concept -- that of a trusted adjudicator, which need have no connection with a government -- and calling it "government". This doesn't make it so. I am reminded of this [Lewis Carroll?] quote Steve Bellovin posted several months ago: ``When *I* use a word,'' Humpty Dumpy said, in rather a scornful tone, ``it means just what I choose it to mean---neither more nor less.'' > > Please describe how a "voluntary" > > government would prevent "aliens" from conducting their own economic > > transactions completely outside this system. > > It wouldn't. But a cyberspatial government could limit the contact > that ailiens have with its citizenry, thus denying the aliens access to > the information and resources of the government's citizenry. In tyranical > cases, the government could even prevent aliens from explaining to the > citizens just how much money they are losing by remaining in the government. This whole scheme rests on the willingness of relatively large groups to put themselves under the control and protection of this cyberspace "government" in the first place. I still don't see what the motivation will be. What advantage to me will there be in allying myself with this government, when I could instead choose a particular trusted arbitrator or adjudicator or escrow agent on a case-by-case basis when and if it's needed? How will one of these governments ever acquire the critical mass necessary to make anyone care what their rules are? And the question of motivation is central to your conclusion, which was: > > > Without extreme cultural upheaval, it is highly probable that voluntary > > > economic coercion alone will be sufficient to allow big government > > > to move from the physical realm into cyberspace. -- Jeff From solman at mit.edu Fri Aug 5 20:23:55 1994 From: solman at mit.edu (solman at mit.edu) Date: Fri, 5 Aug 94 20:23:55 PDT Subject: Voluntary Governments? In-Reply-To: <9408052101.AA10905@wombat.sware.com> Message-ID: <9408052122.AA12980@ua.MIT.EDU> > solman at MIT.EDU writes: > > That's because neither is. A and B are just two folks who might want to > > communicate with each other. Party A may have a "law" that prohibits any > > form of fraud and fines violators an amount set by some "politician". > > The law that A chooses might be quite restrictive (like many > > of the truth in advertising laws we have in the physical realm.) B is just > > some random person who wants to communicate with A. Maybe he has something > > he wants to sell to A. Suppose that B is not adhering to the laws that A > > has chosen. When he attempts communication, A's agents will inform B's > > agents that A wouldn't feel safe under B's laws. One of three things will > > happen: > > > 1) B really would like to do business with A so he temporarilly accepts A's > > laws. This probably involves giving the following process: > > I think I now understand what it is you're saying. But the protocol you > describe is merely that of a trusted escrow agent, which is not a > government. In the protocol I describe, S is obviously a trusted escrow agent, (well an escrow agent anyway, sufficiently distributed secret splitting can eliminate the trust requirement) but P is very definitely a government like organization. P is making, monitoring and enforcing resrictions on the freedom of its citizens. Its entire purpose is to create law and make sure that you follow it. It just isn't able to fall back on physical force. > Governments can sometimes act in that capacity (for example, if you > default on your mortgage, the govt. will hand over your house to the > mortgage holder). One difference between the government and other > trusted "adjudicators" is that -- and this goes back to an earlier idea > in this thread -- the government has the force of arms to back up its > decisions. (If you don't make your monthly payment, the bank goes to > the adjudicator [the govt.] who turns over the property to the bank and > evicts you. If you refuse to leave, the govt. sends men with guns to > your house to force you out.) Any other agent would need to have some > economic or other pressure it could apply to you to compel you to follow > the "rules" you agreed to. Please note (and this is VERY important) that the government and the adjudicators in my model are NOT the same The are fulfilling very different functions. The adjudicators are handling disputes, the government is restricting its citizen's freedom. > > > Please describe how a "voluntary" > > > government would prevent "aliens" from conducting their own economic > > > transactions completely outside this system. > > > > It wouldn't. But a cyberspatial government could limit the contact > > that ailiens have with its citizenry, thus denying the aliens access to > > the information and resources of the government's citizenry. In tyranical > > cases, the government could even prevent aliens from explaining to the > > citizens just how much money they are losing by remaining in the government. > > This whole scheme rests on the willingness of relatively large groups to > put themselves under the control and protection of this cyberspace > "government" in the first place. I still don't see what the motivation > will be. What advantage to me will there be in allying myself with this > government, when I could instead choose a particular trusted arbitrator > or adjudicator or escrow agent on a case-by-case basis when and if it's > needed? How will one of these governments ever acquire the critical mass > necessary to make anyone care what their rules are? > > And the question of motivation is central to your conclusion, which was: > > > > > Without extreme cultural upheaval, it is highly probable that voluntary > > > > economic coercion alone will be sufficient to allow big government > > > > to move from the physical realm into cyberspace. Indeed it is. Without societal changes most Americans would blindly walk from the restrictive government of the physical realm into the open arms of governments in cyberspace. Getting many people to actually exmine the economic benefits of the existance of government would be a major step forward. JWS From jdd at aiki.demon.co.uk Fri Aug 5 20:33:12 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 5 Aug 94 20:33:12 PDT Subject: URGENT: Please Tell Congress to Allow Encryption Export Message-ID: <3923@aiki.demon.co.uk> In message <9408050823.ZM6861 at simple.sydney.sgi.com> Ian Farquhar writes: > On Aug 4, 10:08am, Chris Corpuz wrote: > > The House and Senate Intelligence Committees, the only watchdogs for > > the NSA, tend to follow the agency's wishes when they wave the magic > > "national security" wand. > > Reading this, I was reminded that I have rarely seen any mention on the net > as to one of the reasons why the "national security" wand is so effective with > many politicians. > > Imagine this: you're a politician. If you're a US politician in particular > you will be correctly told that you are, by virtue of your position, a target > for a lot of "extremeist" groups and terrorism. [etc] This has little to do with being a politician and even less with being a US politician. People at all levels everywhere at all times are willing to pay for what they perceive as additional security. Look at the world around you. Just before the USSR collapsed, they were well on their way towards building a world class navy, to counter the "US threat". This was a huge investment. Singapore is armed to the teeth, what the hell, most of Southeast Asia is armed to the teeth. What do the Chinese need nuclear missiles for? At a more prosaic level, people everywhere splash out on life insurance policies. The insurance salesman's patter is much the same as the generals' line when talking to the politicians in Washington. Everyone everywhere will pay for what they perceive as security. -- Jim Dixon From hughes at ah.com Fri Aug 5 20:34:00 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 5 Aug 94 20:34:00 PDT Subject: Latency vs. Reordering Message-ID: <9408051737.AA14793@ah.com> This horse isn't dead yet. The distinction between latency and reordering is if primary importance to the cryptanalysis of a remailer network. To repeat yet again: reordering provides security and latency is a by-product of reordering. I assert that anyone who's given a modicum of thought about how to cryptanalyze a remailer network understands this distinction well. I also assert that those who haven't thought about cryptanalysis don't understand the distinction, even if they do believe in it by authority. One of the oldest maxims in the book is "Don't design ciphers until you've tried to break some." A remailer network is intended to be a cryptographic object, a new kind of cipher. I assert that if you don't understand the distinction between reordering and latency, you've not thought enough about the cryptanalysis of remailers and shouldn't be designing them. Therefore, in the future, from here on out, I will label the promoters of latency as "sellers of snake oil." It's the same fallacy as creating a new cipher by putting lots of complicated operations inside it without understanding where the security comes from. Eric From lcottrell at popmail.ucsd.edu Fri Aug 5 20:34:06 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Fri, 5 Aug 94 20:34:06 PDT Subject: Clipper in the Commics Message-ID: <199408051813.LAA29384@ucsd.edu> -----BEGIN PGP SIGNED MESSAGE----- Well, I guess this is about as mainstream as the issue can get. In today's paper, the comic strip "On the Fast Track" is about the clipper chip. It suggests that we need a way to spy on government in return (other than by bribery). To say that I was surprised to see a clipper statement in the 'toons would be an understatement. Looks like our campaign to inform the public is paying off. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkKPYVVkk3dax7hlAQEg9AP5AXe5mr++9Af3QCcyozIKqKqp5FXadKqG Eaj+2An+loxXafaqNVwuKoZJMemA68yRYKguIZKjk6kQPhw3zp5D1h6Ynj3OoUvI AhPHHnDBiA+ehz5FSZfQESdRJtjM+6qQ/vcbgnSBeFvEEYi4531Q9t36pQJcWB8X n2Jlr6U3jjE= =BVHe -----END PGP SIGNATURE----- -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From hughes at ah.com Fri Aug 5 20:36:16 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 5 Aug 94 20:36:16 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) In-Reply-To: <3778@aiki.demon.co.uk> Message-ID: <9408051716.AA14773@ah.com> Back to the start, I guess. > Specifically cryptographic elements are easily added to the system > * packets can be delayed for random intervals Let me repeat: REORDERING IS OF PRIMARY IMPORTANCE FOR REMAILER SECURITY. ADDING LATENCY IS NOT. And I don't want to hear any excuses that you can say latency and mean reordering, because that's self-delusion. Not only is it false, but misleading. Reordering is necessary for security, and latency is a by-product. You don't get security by adding by-products. Eric From hughes at ah.com Fri Aug 5 20:36:22 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 5 Aug 94 20:36:22 PDT Subject: email packet length size Message-ID: <9408051700.AA14756@ah.com> Message length quantization is necessary for security in a remailer network. Right now there's not enough traffic through the remailers to warrant more than one such quantized length. What length should that be? This information can be readily calculated from the length distribution of the current messages passing through the remailers. If only one or two remailers would instrument their devices in order to record just lengths, that would provide the necessary data. Any volunteers? My complete guess is that it's going to be around 4-5 KB. Eric From s009amf at discover.wright.edu Fri Aug 5 20:37:26 1994 From: s009amf at discover.wright.edu (Aron Freed) Date: Fri, 5 Aug 94 20:37:26 PDT Subject: Announcing: The Censorship Escrow System (CES) In-Reply-To: <199407312249.AA17767@access3.digex.net> Message-ID: On Sun, 31 Jul 1994, Ray wrote: > > The Censorship Escrow System is a new service being provided > by The People for a Better Tommorow and SAVE OUR CHILDREN. CES's goals > are: > > o to provide children with a sanitized world view > o to prepare our children as proper citizens for their government > o to prevent children from developing sexual/political deviancy > o to preclude dangerous independent thinking > o to parent the child in absense of proper parental guidance > > The CES concept is simple. CES will archive all of your children's > books, tv, and educational products. We will also record and archive > all of your child's telephone conversations. If you suspect that > your child is being exposed to Dangerous Ideas, you will provide > us with a key to unlock our archives for your child. We will then review > all of the materials for offending ideas, and then recommend a plan of Who is writing or doing this crap!!!! This is ludicrous... It's brainwashing and it teaches nothing but ignorance... If you want your cchildren to learn things you expose them to everything, but you guide them through it. If you can't do that, you will ultimately fail as a parent. Why hire someone to tell your kids what they should be reading. Soon people will be banning books like Huck Finn, The Crucible, Grapes of Wrath, and many others through this method of CES... THE FUTURE OF TOMORROW WILL BE DOOMED IF THIS THING TAKEN SERIOUSLY FOR USAGE!!!! Aaron From hughes at ah.com Fri Aug 5 20:37:35 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 5 Aug 94 20:37:35 PDT Subject: Remailer ideas In-Reply-To: <3778@aiki.demon.co.uk> Message-ID: <9408051709.AA14763@ah.com> Jim Dixon analogizes between the Internet and remailer networks. The analogy has some merit, but yet breaks down badly with the very first point: * all packets should be acknowledged This is not the way the Internet works. IP, Internet Protocol, is unreliable. TCP, the reliable stream protocol, does not acknowledge individual packets but rather advancement along a sequence. The lesson is that reliable delivery should be built on top of unreliable delivery. Here the analogy breaks down on technical grounds. With TCP, the destination knows the source, yet in a remailer network this may not be the case. A good first cut, though, would be to forgo reliable delivery for remailer-created pseudonymity and work out a reliability mechanism for regular correspondents. In this case the source _is_ known, it's just that it's not shown on the outside of the message. Further, in email, there's currently no notion of a connection. Email message are much more like datagrams than bit streams. In order to do reliable delivery, there would have to be persistent state information on each side of the communication. If I send a message for the first time to a party and there's no reply, I cannot conclude whether the message was not delivered or whether the message was delivered and not answered. Connection-oriented email would be much more complicated than the current systems. It is, perhaps, time for email to become more complex. * messages should be broken down into packets which are routed independently Length quantization is necessary for security in the face of total network monitoring. Multiple quanta may be warranted in the case of high volume, which is certainly not the case right now. So this point holds. * users should communicate with trusted gateways This point is only half true, because the analogy only subsumes one kind of trust. For remailers there is both trust in delivery and trust in silence, the destruction of the message and information about it. On the Internet the only trust required is delivery; there is not a desiderata in the design (although it's certainly in some people's minds) that packet monitoring _not_ be possible. * the gateways should frequently exchange routing information Again, this works for trust in delivery but not for trust in silence. Eric From jrochkin at cs.oberlin.edu Fri Aug 5 20:44:36 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 5 Aug 94 20:44:36 PDT Subject: RemailerNet Message-ID: <199408051528.LAA18523@cs.oberlin.edu> Part of our disagreement/misunderstanding might be in differing conceptions of the form the remailer net should take. > There should be two anonymous IDs, one for sending, one for > receiving. You seem to be talking about a Julf-style anon system, where the system knows who you really are. If the system is corrupt, if Julf were an NSA agent, then the entire system is compromised and useless. I like the cypherpunks remailer concept better, where each link in the chain only knows the next link in the chain, and security is achieved by multiple links. If several of the links are actually NSA agents, your security is reduced, but not compromised completely. If you've got a chain of, say 10 links, even if 7 of them are evil NSA agents, you still can probably retain your anonymity. Return addresses are accomplished by encrypted "resend-to:" blocks. It seems much preferable to have a system where it isn't neccesary to trust any one net entity completely, as it is in a Julf-style anon-ID system. [Of course one could use a combination of both in communications too, but I wouldn't feel safe unless my anonimity was safe even if the Finish FBI raided Julf's site.] When looked at with this goal in mind, I think maybe the newsgroup as a method of passing remailer net information makes a bit more sense. I don't think the possibility of the newsgroup being spoofed is actually fatal to the system. Let's examine ways in which it could be attacked: 1) The Enemy could introduce completely made-up "i'm here" messages, pointing to non-existent remailers. This doesn't harm anything at all when combined with a "ping"ing of remailer sites, as I've suggested. (One idea would be just to periodically mail all your remailers with the resend-to: being yourself, to make sure they exist, and are forwarding mail at least some of the time). 2) The Enemy could announce his own Evil-remailers to the net. These remailers would in fact exist, but would do evil things designed to compromise the net. What could they do? They could publicize all messages they get. Again, as long as you have 3 or 4 non-evil remailers in your chain, this doesn't really compromise your anonymity. You can decrease the risk further by only using remailers whose announced keys were signed by a trusted source. The evil-remailer could also just drop all communications in the bit bucket. This doesn't compromise security, but does make the remailer net unusable. By periodically pinging the remailer sites as I've suggested above, this risk can be minimized. If you've pinged the site 25 times, and all 25 times the remailer has forwarded your ping back to you, then odds are that it isn't dropping any messages in the bitbucket. (remember, the evil-remailer can't tell the difference between your ping a a normal remailer message, if done correctly.) 3) The Enemy could intercept announcement messages from good remailers, and replace their public key with his own. He could then intercept all mail to this good remailer, and read it, and forward it on, or drop it in the bitbucket. Using web-of-trust for signed remailer keys should help minimize this risk. 4) Denial of service: The enemy could intercept the announcement messages, and keep them from getting to the newsgroup. This doesn't compromise the security of the net at all, but is annoying. I can't think of any way to avoid this risk, but I think it might be acceptable, because it doesn't actually compromise any security, and would be fairly dificult for the enemy to do for long without being detected. 5) The enemy could intercept announcement messages from good remailers, and replace both the public key and address with his own. This is really just a combination of several of the previous attacks, nothing new. From mnemonic at eff.org Fri Aug 5 20:45:58 1994 From: mnemonic at eff.org (Mike Godwin) Date: Fri, 5 Aug 94 20:45:58 PDT Subject: Encryption (fwd) Message-ID: <199408051413.KAA18295@eff.org> Received this in the mail today. --Mike Forwarded message: From dance at cicero.spc.uchicago.edu Fri Aug 5 20:46:06 1994 From: dance at cicero.spc.uchicago.edu (Squeal) Date: Fri, 5 Aug 94 20:46:06 PDT Subject: Voluntary Governments? Message-ID: <9408051402.AA12655@cicero.spc.uchicago.edu> [JWS writes:] >Well, yeah. And this is a service. When individuals exercise their >freedoms, they frequently interfere with other people's freedoms. To >resolve this conflict, it is necessary to "control the actions or the >behavior of" individuals such that they don't interfere with each >other's freedoms. So they enter into a contract with each other >under which this is accomplished, but a contract isn't worth the paper >its written on unless somebody enforces it, so they hire a policing agency, >the government. That agency is providing a useful service. Well, as a tribalist, I don't agree that this "useful service" is ultimately necessary. I *do* agree, however, that government is necessary *at the moment.* As a species we have not evolved enough to learn to take personal responsibility for our actions, therefore an external restraint system is necessary. My particular slant on anarchy calls for personal responsibility, which I believe renders an external system of superintendence unnecessary. But as I said before, this species isn't ready. >> It would be great if government could be a service provider, or simply feel >> responsible for those it governs--but then it would not be a government any >> longer. > >I don't agree with that last clause. I would rather have Customer Service than government, but I don't believe I can have both. Write me some more and hear my other stupid ideas. ;) _/_/_/ _/_/_/ _/_/_/ _/ _/ The ancients who wished to _/ _/ _/ _/ _/_/ _/ illustrate illustrious virtue _/_/_/ _/ _/ _/_/_/ _/ _/ _/ throughout the world first _/ _/ _/ _/ _/_/_/_/ _/ ordered well their states. _/_/_/ _/_/_/ _/_/_/ _/ _/ _/_/_/ Wishing to order well their states, they _/ first regulated their families. Wishing to regulate their families, they first cultivated their persons. Wishing to cultivate their persons, they first rectified their minds.... --THE GREAT LEARNING (Text & Commentary, IX) From jdd at aiki.demon.co.uk Fri Aug 5 20:46:21 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 5 Aug 94 20:46:21 PDT Subject: RemailerNet Message-ID: <3906@aiki.demon.co.uk> In message <199408042200.SAA07928 at cs.oberlin.edu> Jonathan Rochkind writes: > > * Rochkind's stability-from-being-paid and web-of-trust notions > > I'm not sure I like being credited with the "stability from being paid" > notion. I think there _is_ stability from being paid, but I think > if the infrastructure depends on it, it's not a good infrastructure. If you look at the history of the Internet, there have been some free Internet services, but the ones that have thrived have been paid. (If the government or your school subsidizes your Internet access, it may appear free to you, but the staff all get their paychecks every month. > The system should be able to create a stable top-level infrastructure > on top of an inherently instable environment, with remailers > going up and down, and popping into existence, and dying. It should > route around dead remailers, like the internet itself. If it is built like the Internet, it will do just that. > > The use of alt.x groups to exchange gateway information does not seem > > to add anything to this system; in fact it would seem to make it easier > > to spoof the system. > > It _would_ make it easier to spoof the system, but I think it does add > several very important things: > 1) New remailers can easily announce themselves to the remailernet. > [Whether they are to be trusted or not should depend on pgp-signed keys > and web of trust, but the newsgroup provides an way to announce yourself > to the system, and have that announcment by automatically dealt with > by all participating parties] There are two things being blurred together here which should be kept distinct. The first is gateway-to-gateway announcements. The second is advertising of the RemailerNet gateways to the wider world. Generally I would expect gateways to introduce themselves to one another privately and negotiate an understanding. Part of this will normally take place off the Net. This is an infrequent event, and so can be time-consuming and expensive. The basic web of trust is that between gateways. Once gateways had entered into a relationship, there would be frequent encrypted private traffic between them which would maintain the trust. Gateways can also announce their presence to the wider world, and publish their public keys. This could be done in alt.RemailerNet or it could be done in alt.internet.services, or any of several other places, or all of these. Any information published in alt.RemailerNet would be suspect, because it could be a complete fabrication or it could be a modified version of the correct posting. Gateways could be started up by anyone and some postings to alt.RemailerNet would be spurious. The "gateway" could be a sink, just tossing traffic sent to it, or it could copy all messages to a TLA before forwarding them. The user-gateway web of trust would therefore be far more problematical. I think that this would function as a market, and unreliable and untrustworthy gateways would be driven out over time. At the same time, there would be a constant bubbling up of new remailer networks, because the software would be freely available and the protocols well defined. The longer lasting gateways that proved trustworthy would in time join established networks. > 2) Users (not people operating remailers, people using them) could make > use of the newsgroup, to compile a database of remailers, and make long > remailer chains. Users could have automated software doing this. Compiling a list of remailers, sure. But if you let the user control how messages are chained, you are inviting real traffic analysis. The user should only be able to specify his destination and the level of security desired. > [snip] > These are really two facets of the one problem, of allowing a user > or remailer who has just arrived on the seen to quickly get a list > of remailers, and make use of them, all automatically. That's sort of the > super-set problem which encompasses the other two, and whose solution solves > the other two. > > I don't think it's a coincidence that the newsgroup system solves these > two problems at the expense of security (the newsgroup makes it easier > to spoof). If the newsgroup is used as described above, RemailerNet itself is not threatened; it is only the users that can be spoofed. This level of risk is unavoidable. But gateways would never use the newsgroup for inter-gateway communications, because (a) it would be redundant (they can talk directly once they know each other and (b) you would have to assume that anything posted to a newsgroup had been compromised. > The fact is, that even remailers exchanging mail _can_ be spoofed, if not > quite as easily as the newsgroup idea. It seems to be a premise of cryptographic > protocols and schemes, that you've got to assume a worst case and get a system > working where even under the worst case, everything works. Well ... if you follow this line of reasoning too far, you are just saying 'nothing can be trusted, so don't bother being careful'. If I were running a remailer and someone posted his address in a public newsgroup and said "hey, here I am, and I run a really good remailer" I wouldn't trust him just because he signed it. I would get in touch with him, ask around about him, maybe run some low-security traffic through his remailer for a while. Then after some time I would raise my estimate of his trustworthyness. If he dropped traffic, if someone reported that something that they had sent privately had been compromised, I would drop him. > I agree that it seems a good idea for the SMTP RFCs to be used to exchnage > info, ... etc You already use the SMTP RFCs to exchange information -- this message comes to you courtesy of those RFCs. Email can have very complex headers and they can be in pretty much any order. This makes it difficult to write email software. I am simply suggesting that we allow only the minimal few headers, with possibly a few added to support RemailerNet protocols. ASSIGNMENT OF ANONYMOUS IDs These types of traffic are possible, where 'known' means your ordinary email address: known --> known known --> anon anon --> known anon --> anon There should be two anonymous IDs, one for sending, one for receiving. I assume that anonymous IDs are never assigned automatically. If you want an anonymous ID pair, you ask the gateway for one, possibly enclosing your public key encrypted with the gateway's public key. The gateway returns your new IDs, encrypted if you you gave it a key. The 'send' anonymous ID is used for sending messages from someone else's account. The gateway converts it into a 'receive' ID before forwarding your message. The 'receive' ID appears on your email after it goes through the gateway and can also be passed to other parties who want to send you remailed messages. Additional security can be added by using a digital signature. The gateway could be instructed ignore messages lacking such a signature or to take some specified action. ELECTRONIC CASH Ecash is easily added to such a system. 'Emints' would generate a message containing a bank identifier and an encrypted value. This would be the ecash. It could be given to anyone or anything. Messages containing ecash would be encrypted. The emint would credit the account of the first person to present it, and would bounce any copies presented subsequently. Giving change would be trivial. -- Jim Dixon From sommerfeld at orchard.medford.ma.us Fri Aug 5 20:47:37 1994 From: sommerfeld at orchard.medford.ma.us (Bill &) Date: Fri, 5 Aug 94 20:47:37 PDT Subject: USPS digital signature annoucement In-Reply-To: <199408041740.NAA19691@eff.org> Message-ID: <199408051245.IAA00379@orchard.medford.ma.us> OUR CUSTOMERS ARE ASKING US TO PLAY AN EXPANDED ROLE IN FACILITATING PAPER AND ELECTRONIC COMMERCE BECAUSE WE HAVE UNIQUE LEGAL AND INSTITUTIONAL RESOURCES TO ACCOMPLISH THE TASK. Would you trust a cyberspacial authority who couldn't figure out how to turn off CAPS LOCK? This speech just screams out for someone to MST3Kify it.. - BIll From tcmay at netcom.com Fri Aug 5 20:56:28 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 5 Aug 94 20:56:28 PDT Subject: What are Appropriate Topics? In-Reply-To: Message-ID: <199408050658.XAA24947@netcom12.netcom.com> First off, my sincere apologies to Bob Snyder for quoting and responding to his e-mail to me, without realizing he had not cc:ed it to the list as well. I'm so used to replying to the author and then having to manually cc: the Cyherpunks list that it was not until I got the message quoted below that I realized his comments were private. I will try to be more careful. Partly it was his civil tone that misled me--it read like a post to the list, and not a personal note. In any case, my apologies to Bob. But I may as well respond to his comments (which I just checked to make sure were sent to the list as well). > I have no problem with politico-cryptologic themes or discussions on the > role and nature of government in the presence of strong cryptography > appearing in Cypherpunks. They certainly beat "PGP good, > Sternlight/Detweiller bad" messages. I only question generic discussions > of forms of government without any reference to cryptography or even > privacy. I don't see that as any more appropriate for the group than > abortion or health care debates, if it doesn't have a cryptological theme. At least in my messages, I was not arguing merely statism vs. libertarianism, or some such stale abstraction, but the specific issue of taxation in the face of strong crypto and privacy, and the oxymoronic nature of "volunteer governments." (I also think there are issues related to privately-produced law which folks on this list ought to know about, as it is the likely form of crypto anarchic law, such as it is. The connections with crypto are quite strong, as it is untraceable communication and commerce which makes these discretionary communities possible.) As for pure crypto being discussed on the list, there's a fair amount of that. I've posted my share of explanations of zero knowledge proof systems, dining cryptographers protocols, complexity theory, etc. I'm not saying this to defend myself, per se, but to note that these topics produced almost no discussion, almost no interest. Make of this what you will. > If you disagree with me, fine, we'll disagree, and I'll mentally filter out > another subject line. :-) It's not all that hard, which is why I > originally responded via direct email rather than sending it to the list. > > Bob As I said, my apologies for quoting Bob's e-mail. At least nothing in his message was embarrassing or compromising or could have done with any changes. My real issue, which is perhaps why I reacted as I did, is with the growing chorus of messages attempting to do "mid-course corrections" on the topics discussed. Too many "We are deviating from the Cypherpunks charter" and "But let's get back to crypto" messages, when in fact the best way to steer discussion in the direction one wants is to write a post or essay that _does_ this. (My major pet peeve is the post which goes on and on and closes with the infamous "But this really has nothing to do with crypto, so let's end this thread.") Cypherpunks is not sci.crypt, nor is it alt.security.pgp. And the oft-quoted mantra of "Cypherpunks write code" is incorrectly applied in many cases. I was present at the founding of our illustrious group, and, speaking for myself and for my understanding of the interests expressed at the September 1992 Oakland meeting (at the home of Eric Hughes), the topics of interest are *much more* than just "Cypherpunks write code." It may be true that boring liberal-conservative, left-right, statism-libertarianism debates are best avoided (not to mention believer-atheist and pro-choice--pro-life debates), but there are numerous politico-cryptologic points of philosophy that merit scrutiny and debate. For example: * what happens to tax collection in an era of unbreakable cyphers? * how will the state react? (seen in the many converging threads involving national ID cards--including more news today on this, the Postal Service plan to take over much of electronic commerce, the software key escrow (SKE-GAK) schemes, the Clipper deal, etc.) [Surely these are Cypherpunk topics? If not, what's left?] * crypto anarchy issues. Hal Finney is more skeptical than I am, and Hal and I had some reasonably good debates....more folks should join in. Again, surely a prime Cypherpunks topic. If not, why do we exist? Or do you all plan to simply accept my views as the official doctrine? (I didn't think so.) [Resolution of some issues surrounding anonymous murder contracts, data havens for medical experiments on humans, etc., is a more interesting and fruitful area that "Can DES be broken?" debates, which were old and boring in 1985. We are apparently the only forum on the planet thinking about these important issues, so it seems foolish to not discuss them merely because some political issues come up.] * what's really holding back the spread of digital cash? * where do we go from here? And a dozen other juicy topics. If people want to debate these and similar issues, we should *encourage* them to, not announce that the topics are deviating from some imagined idea of the charter. In fact, "Cypherpunks write code" is just one manifestation of the idea that we can actually change the world through the technological development of privacy-enhancing systems. For some, it may mean writing Perl or C code. For others, hacking the legal and business systems to figure out how to actually build digital banks. For still others, it means building networks of remailers and digital mixes. It can mean a lot of things. It's generally best, I think, to lead by example. Instead of pronouncing a topic to be off-limits or not consistent with the charter, why not find a way to make what you *are* interested in also interesting to others? That's how we'll move forward into new areas. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From snyderra at dunx1.ocs.drexel.edu Fri Aug 5 20:59:06 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Fri, 5 Aug 94 20:59:06 PDT Subject: Voluntary Governments? Message-ID: At 2:15 PM 8/4/94, Timothy C. May wrote: >"Opening the list up"? I've been on the list since the beginning, and >anarcho-capitalist, politico-cryptologic themes have _always_ been >with us. The role and nature of government in the presence of strong >cryptography is a recurring, and important, theme. I have no problem with politico-cryptologic themes or discussions on the role and nature of government in the presence of strong cryptography appearing in Cypherpunks. They certainly beat "PGP good, Sternlight/Detweiller bad" messages. I only question generic discussions of forms of government without any reference to cryptography or even privacy. I don't see that as any more appropriate for the group than abortion or health care debates, if it doesn't have a cryptological theme. There's no question you've been involved longer than I. I've only been on the mailing list for 3 or 4 months. In fact, I tend to make a concerted effort to read messages from you, because they tend to be concise and reasonable. I'm just not sure that political commentary without a reference to cryptography fits the purpose of the cypherpunks mailing list. If you disagree with me, fine, we'll disagree, and I'll mentally filter out another subject line. :-) It's not all that hard, which is why I originally responded via direct email rather than sending it to the list. Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From corpuz at internex.net Fri Aug 5 21:00:20 1994 From: corpuz at internex.net (Chris Corpuz) Date: Fri, 5 Aug 94 21:00:20 PDT Subject: Mea Culpa; email blunder Message-ID: <9408050015.AA00744@infobase.InterNex.net> I accidentally hit the send again function instead of the delete function on an email file that I was processing. No need to respond -- I am apolitical, didn't even read it, and don't care what it said -- and I will try not to bother you in the future. Again, sorry for any inconvenience. From hfinney at shell.portal.com Fri Aug 5 21:00:33 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 5 Aug 94 21:00:33 PDT Subject: US Postal Public Key In-Reply-To: <199408042025.AA18823@panix.com> Message-ID: <199408050417.VAA22307@jobe.shell.portal.com> frissell at panix.com (Duncan Frissell) writes: >What is the most important character in the above paragraph? >The 's' in 'authorities.' It means no monopoly. Yes, towards the end they made it clear that this was not intended to be a monopolized certification hierarchy, but one of many. There was even a reference to "peer-to-peer" certification, which I thought might refer to a web of trust. It's not nice to make fun of the Post Office; they're such an easy target. But I couldn't help finding that the archaic all-caps format and the little "^G" characters by the bulleted points reminded me of the old 110-baud ASR-33 clankety teletypes I used in college, with each little bulleted point going "ding", "ding", as it printed out (^G being the bell character in ASCII). It didn't exactly bring to mind the streamlined new PO the speaker wanted to convey. Hal From hfinney at shell.portal.com Fri Aug 5 21:00:48 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 5 Aug 94 21:00:48 PDT Subject: Voluntary Governments? In-Reply-To: <9408041330.AA03044@ua.MIT.EDU> Message-ID: <199408050412.VAA22116@jobe.shell.portal.com> solman at MIT.EDU writes: >In cyberspace, the default condition is that there is no interaction. >Communication requires agreement by both parties. During this >agreement, the laws (contracts, whatever) that the two parties >follow can be communicated by each party to the other, and if >party A does not feel that party B's laws provide him with >enough protection from B, he can refuse contact until B agrees >(at least for the duration of the communication) to more >constraining laws. The cost of such a transaction will likely >be negligible in cyberspace. The problem I have with this is that there is no such place as cyberspace. I am not in cyberspace now; I am in California. I am governed by the laws of California and the United States even though I am communicating with another person, whether by postal mail or electronic mail, by telephone or TCP/IP connection. What does it mean to speak of a govern- ment in cyberspace? It is the government in physical space I fear. Its agents carry physical guns which shoot real bullets. Until I am able to live in my computer and eat electrons, I don't see the relevance of cyberspace. Hal From hfinney at shell.portal.com Fri Aug 5 21:00:51 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 5 Aug 94 21:00:51 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) In-Reply-To: <2e3ff46f.nemesis@nemesis.wimsey.com> Message-ID: <199408050412.VAA22070@jobe.shell.portal.com> Re putting remailer aliveness on usenet: What I think is a better idea was proposed here last year, and I think someone was doing it for a while. It is for someone to volunteer to be the keeper of the remailer aliveness information. He runs scripts every day to ping the remailers, keeps lists of which remailers are currently active, and so on. This information is collected and put into a file retrievable by email or finger. This way you need only check a single site to find out which remailers are up, and you don't have the usenet waste of sending stuff all over the world that only a few people are interested in (yes, I know usenet does this already, but it won't forever). Just like people set up web sites that point to interesting resources, some people will (and perhaps are already) run sites which point to good remailers. This is just as useful a service as running a remailer, and a good deal less controversial. This seems like a good solution to the problem of finding running remailers. Hal From solman at MIT.EDU Fri Aug 5 21:02:58 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Fri, 5 Aug 94 21:02:58 PDT Subject: Voluntary Governments? In-Reply-To: <9408041515.AA10173@cicero.spc.uchicago.edu> Message-ID: <9408050251.AA07767@ua.MIT.EDU> > > >> > > Imagine if the government stopped trying to force people to > >> > > join it. Or imagine if they tied decision making power to > >> > > how much you pay in taxes. The more you pay, the more say > >> > > you get. After accepting the idea that government is a > >> > >> Without the legal monopoly on coercion, this so-called "government" would > >> be just another service provider, like Safeway or Goodyear or K-Mart. > > [JWS writes:] > > >Well isn't that how its supposed to be? [....] > > No. The object of government is to limit the freedom of the people it > governs. The word is derived from "govern" which means "3. To control the > actions or behavior of 4. To keep under control; *restrain*" [American > Heritage Dict.] Well, yeah. And this is a service. When individuals exercise their freedoms, they frequently interfere with other people's freedoms. To resolve this conflict, it is necessary to "control the actions or the behavior of" individuals such that they don't interfere with each other's freedoms. So they enter into a contract with each other under which this is accomplished, but a contract isn't worth the paper its written on unless somebody enforces it, so they hire a policing agency, the government. That agency is providing a useful service. > It would be great if government could be a service provider, or simply feel > responsible for those it governs--but then it would not be a government any > longer. I don't agree with that last clause. Cheers, JWS From tcmay at netcom.com Fri Aug 5 21:12:03 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 5 Aug 94 21:12:03 PDT Subject: Latency vs. Reordering (Was: Remailer ideas... In-Reply-To: <9408051716.AA14773@ah.com> Message-ID: <199408060411.VAA09381@netcom11.netcom.com> Eric Hughes writes: > Back to the start, I guess. > > > Specifically cryptographic elements are easily added to the system > > * packets can be delayed for random intervals > > Let me repeat: > > REORDERING IS OF PRIMARY IMPORTANCE FOR REMAILER SECURITY. > > ADDING LATENCY IS NOT. > > And I don't want to hear any excuses that you can say latency and mean > reordering, because that's self-delusion. Not only is it false, but > misleading. Reordering is necessary for security, and latency is a > by-product. You don't get security by adding by-products. I don't understand this. My remailer (snakeoil at klaus.com.edy) gets about 3 or 4 messages a day through it, and I'm very careful to add a latency of 1 hour and sometimes 2 hours...surely this is more than enough! My friend Pandit says he gets 20 messages an hour, and he uses a latency of 1 hour, so why can't I? (Oh, you mean the key is to _randomly reorder_ the messages, not just delay them by an hour when the average number of messages in an hour is less than 1 anyway? Oh, now I see. Never mind!) --Tim May, who is as tired as Eric is of hearing the hoary old chestnuts about 'random delays,' this without regard to calculating the amount of reordering. Part of the problem, I'll grant folks, is that there are few if any papers showing calcultions on this--Chaum's 1981 paper only makes brief mention of reordering effects. I don't think it's a _hard_ calculation, and I've made some estimates of the "diffusion and confusion" deriving from a mix of 10 nodes, each with a diffusivity of 10...with equal packet sizes, and no other identifying clues, a simple analysis suggests 10^10 routes that could be followed. However, if only 10 messages entered the mix labyrinth (my nontechnical term!) and 10 left it, then regardless of the 10^10 routings, a monitor would still "know" that one of the 10 leaving was the targetted message. On the other hand, he would have no certainty as to which one. A condition true even if 2 messages entered a node and 2 left it after being mixed. (It is this latter area, about degrees of uncertaintly, that needs a more sophisticate combinatorial anylysis. Again, not a big project...maybe a nice little Masters thesis for someone to do, to extend Chaum's analysis a bit.) P.S. I presume the list is back up again? -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From nobody at CSUA.Berkeley.EDU Fri Aug 5 21:28:45 1994 From: nobody at CSUA.Berkeley.EDU (Tommy the Tourist (Anon User)) Date: Fri, 5 Aug 94 21:28:45 PDT Subject: A Helpful Tip for Impatient Souls Message-ID: <199408060429.VAA27860@soda.CSUA.Berkeley.EDU> Those wishing perhaps the ultimate in Cypherpunks ease-of-use and greatest peace of mind, may find it useful to simply delete everything that does NOT come from one of the following email addresses: tcmay at netcom.com frissell at panix.com sandfort at crl.com Additionally, you'll probably want to let through posts from Hal Finney, Eric Hughes, and Bruce Schneier, but I forgot their addresses off-hand and am much too lazy to look them up. :) If you're using the "ELM" mailer, you can do this by creating a file called filter-rules in your .elm directory, containing the following text (more or less): if (from contains "sandfort") then save "~/cypher" if (from contains "frissell") then save "~/cypher" if (from contains "tcmay") then save "~/cypher" if (to contains "cypherpunks") then delete Add additional addresses as needed, but be careful of excessive alliteration. ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 8 lines: :: Response-Key: the-clipper-key ====Encrypted-Sender-Begin==== MI@```&]^&2?(EE6`)=?D_W1Y'5P` ====Encrypted-Sender-End==== From tcmay at netcom.com Fri Aug 5 22:09:26 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 5 Aug 94 22:09:26 PDT Subject: Pinging Remailers In-Reply-To: <199408050412.VAA22070@jobe.shell.portal.com> Message-ID: <199408060510.WAA26575@netcom8.netcom.com> Hal Finney writes: > What I think is a better idea was proposed here last year, and I think > someone was doing it for a while. It is for someone to volunteer to > be the keeper of the remailer aliveness information. He runs scripts > every day to ping the remailers, keeps lists of which remailers are > currently active, and so on. This information is collected and put into > a file retrievable by email or finger. This way you need only check a Matthew Ghio was doing this for a while, and posted about it here several times. I told him I'd "subscribe to" a robust, stable, pinging service, one that offered a table of various things, including: - time in operation (important for deciding to use it or not) - successful remails out of last N (e.g., "32 of last 34 attempts were valid") - maybe a _recent_ result (e.g., "5 out of 5 in last 24 hours were valid") - remailer policy, including encryption, logging, etc. I still intend to pay Matthew once I get back to using such remailers (I haven't in a long while) and can confirm that Matthew is indeed offering a stable, robust, useful service. I doubt he'll maintain it just for me, so maybe others of you can help. (I hate donation-based systems, so clearly a true "subscription finger" or "subscription ftp" would be better...and maybe fairly easy to implement, too.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hfinney at shell.portal.com Fri Aug 5 22:11:28 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 5 Aug 94 22:11:28 PDT Subject: Remailer ideas In-Reply-To: <9408051709.AA14763@ah.com> Message-ID: <199408060511.WAA24892@jobe.shell.portal.com> hughes at ah.com (Eric Hughes) writes: >Further, in email, there's currently no notion of a connection. Email >message are much more like datagrams than bit streams. In order to do >reliable delivery, there would have to be persistent state information >on each side of the communication. If I send a message for the first >time to a party and there's no reply, I cannot conclude whether the >message was not delivered or whether the message was delivered and not >answered. >Connection-oriented email would be much more complicated than the >current systems. It is, perhaps, time for email to become more >complex. I would really like to see some kind of system for reliable email. I'm surprised that it doesn't exist yet. How many times have we said, "You didn't get my email? I'll resend it." What are computers for, after all? Automating repetitive tasks, classically. This is a perfect appli- cation. A copy of outgoing email could be kept, acknowledgements received on receipt, and the email deleted or re-transmitted as needed. Serial numbers would distinguish retransmissions so that redundant resendings (where the packets "crossed in the mail", so to speak) would be dropped. All this was designed in an afternoon in Xmodem. It's conceptually easy. The hard part is getting a standard and getting people to build it into their Mail User Agents. Then, once we had this, we could do another layer for crypto protocols. Lots of protocols go in stages. A sends X to B, receives f(X), sends g(Y,f(X)), etc. To do this in email would be impossibly cumbersome now, but the kind of mechanism used for reliable email could be extended to support these kinds of "stateful" protocols. As one obvious need for reliable email, consider the transmission of Chaum-style digital cash. You don't want to erase your copy until you are sure the other guy has received it, otherwise your money is permanently gone (just like when you send cash in postal mail and it is stolen). But keeping track of which cash you have sent to which people, who has gotten theirs, which needs to be re-sent, etc., is painful. A simple reliable email method would solve a big part of this problem. Hal From hughes at ah.com Fri Aug 5 22:37:16 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 5 Aug 94 22:37:16 PDT Subject: What are Appropriate Topics? In-Reply-To: <199408050658.XAA24947@netcom12.netcom.com> Message-ID: <9408060508.AA15993@ah.com> In fact, "Cypherpunks write code" is just one manifestation of the idea that we can actually change the world through the technological development of privacy-enhancing systems. All the coding in the world doesn't matter if we don't know what we want. Political discussions which have some relevance to the technical information structure of society are relevant here. It all reduces to writing code in the end, but it's not all just writing code. I remind everyone that the phrase "cypherpunks write code" is directed at every control freak, tyrant, oppressor, and spy out in the world. I am not going to whine; I am going to do something, and much more than just vote. Let the complainers and the enforcers of dogma leave, and may the doers and thinkers be welcome and remain. Eric From hfinney at shell.portal.com Fri Aug 5 22:42:43 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 5 Aug 94 22:42:43 PDT Subject: RemailerNet In-Reply-To: <3906@aiki.demon.co.uk> Message-ID: <199408060543.WAA26962@jobe.shell.portal.com> I think Jim Dixon has some interesting ideas in the RemailerNet. But I have a philosophical difference. I dislike solutions where the users have to put too much trust in the remailer operators. IMO, as much control as possible should be left in the hands of the users. To make the system easier to use, mail agents should be enhanced to be more powerful, rather than moving more power and control into the remailer network. Trusting a remailer to choose your path through the network is like trusting the sysop at your BBS to create your PGP key for you. Maybe it's OK a lot of the time, but isn't it better to do it yourself? Jim Dixon writes: >Generally I would expect gateways to introduce themselves to one >another privately and negotiate an understanding. Part of this will >normally take place off the Net. This is an infrequent event, and >so can be time-consuming and expensive. The basic web of trust is >that between gateways. Once gateways had entered into a relationship, >there would be frequent encrypted private traffic between them >which would maintain the trust. This is just the opposite of what I would like to see. I don't want the remailer operators getting too friendly. That makes it all the easier for them to conspire to track messages through the net. I'd much rather choose far-flung remailers whose operators have never heard of each other. Get one from Helsinki and the next from Timbuktu. Choose a path which will minimize the chances of all the remailers being corrupted. >Gateways could be started up by anyone and some postings to >alt.RemailerNet would be spurious. The "gateway" could be a sink, >just tossing traffic sent to it, or it could copy all messages to a >TLA before forwarding them. The user-gateway web of trust would >therefore be far more problematical. I think that this would function >as a market, and unreliable and untrustworthy gateways would be driven >out over time. I think this is right, although as I posted elsewhere I don't think usenet is the best structure for announcing remailer availability. (As I said, I'd rather see a few sites volunteer to do pings and publish the results, or even better would be widely used software packages which let people do their own pings.) But the question of remailer reliability is hard. What is the giveaway if a remailer is secretly archiving messages while claiming not to do so? How could you ever tell if the NSA infiltrated your favorite remailer? One possibility would be occasional physical audits, in which a remailer reviewer visited the site, looked at the software, checked the system for security holes, etc. This would be quite expensive, obviously, but perhaps eventually the remailer infrastructure would be extensive enough that this kind of checking could be done. Think of it as "Consumer Reports" for remailers. (Similar privacy audits might be de rigeur in the future for other net resources, such as file banks or compute servers.) >Compiling a list of remailers, sure. But if you let the user control >how messages are chained, you are inviting real traffic analysis. The >user should only be able to specify his destination and the level of >security desired. What? Again I would reverse this. The user should have maximum control of his path. It's up to him to choose a random one. Random number gen- erators are widely available. (I can get you a bargain on a used Blum- Blum-Shub.) If he has to trust the first remailer on his path, then if just this one remailer is subverted, he's lost all his privacy. By choosing his own path no one remailer knows both the source and the destination of any message. That is the key. No one must have those two pieces of information. Giving it all away to the first remailer means giving away all your security. >> The fact is, that even remailers exchanging mail _can_ be spoofed, if not >> quite as easily as the newsgroup idea. It seems to be a premise of cryptographic >> protocols and schemes, that you've got to assume a worst case and get a system >> working where even under the worst case, everything works. >Well ... if you follow this line of reasoning too far, you are just >saying 'nothing can be trusted, so don't bother being careful'. The point, though, is that with Chaum's scheme you have security if even one remailer in the network is honest. The chain becomes as strong as its strongest link. Systems which put more responsibility and power into the remailer network often can't achieve this. They have single-point failures where one compromised system can defeat the efforts of all the others. >If I >were running a remailer and someone posted his address in a public >newsgroup and said "hey, here I am, and I run a really good remailer" >I wouldn't trust him just because he signed it. I would get in touch >with him, ask around about him, maybe run some low-security traffic >through his remailer for a while. Then after some time I would raise >my estimate of his trustworthyness. If he dropped traffic, if someone >reported that something that they had sent privately had been >compromised, I would drop him. Yes, I think this is a reasonable and cautious attitude, but instead of saying "If I were running a remailer..." I'd say it should apply "if I were _using_ a remailer". There may be rating services and other sources of information to help users, but ultimately the decision should be theirs. One of the lessons of cryptography, IMO, is that you don't get security by farming out the hard work to others. The user should take responsibility for his own security. I'm getting too tired to reply to the rest. I think Jim has a lot of creative ideas and energy but I'd like to see it directed more towards empowering end users rather than putting so much reliance on trustworthy remailer operators. Hal From mccoy at io.com Fri Aug 5 22:55:16 1994 From: mccoy at io.com (Jim McCoy) Date: Fri, 5 Aug 94 22:55:16 PDT Subject: Remailer ideas In-Reply-To: <199408060511.WAA24892@jobe.shell.portal.com> Message-ID: <199408060555.AAA06154@pentagon.io.com> > >If I send a message for the first > >time to a party and there's no reply, I cannot conclude whether the > >message was not delivered or whether the message was delivered and not > >answered. Given a connectionless network absolute delivery is impossible (well, not completely, but just about...) > I would really like to see some kind of system for reliable email. I'm > surprised that it doesn't exist yet. What makes you think that it doesn't? You should check out Enabled Mail (I think that is the name of it...); it is a set of MIME extensions that would use a "safe" subset of Tcl to create triggers that can be set for message receipt/delivery or for when the message is read. I used to have a pointer to the proposed system, but you should be able to find it by poking around the comp.lang.tcl FAQ or asking over there. jim From M.Gream at uts.EDU.AU Fri Aug 5 22:56:06 1994 From: M.Gream at uts.EDU.AU (Matthew Gream) Date: Fri, 5 Aug 94 22:56:06 PDT Subject: Problem in draft FIPS `CRYPTOGRAPHIC SERVICE CALLS' Message-ID: <9408060559.AA02417@acacia.itd.uts.EDU.AU> Anyone producing cryptographic software elements should take notice of the recent FIPS draft standard on `cryptographic service calls' dated 23 May 1994. It attempts to define data structures and "function" calls towards the goal of making better interoperability between applications and crypto "libraries". However, you'll notice that both DSA and RSA modulus sizes are constrained to a `MODULUS_SIZE ' of 64 `BYTE's (unsigned char). This permissible maximum of 512 bits is too small, and a violation of FIPS-186 s.4.1. amongst others. I like this FIPS, but it would be pretty useless if it contained the above restriction. If you're also a software developer, make a comment to NIST on the issue, so they do change it. Matthew. -- Matthew Gream -- Consent Technologies, (02) 821-2043 Disclaimer: From? \nem speaking_for(Organization?) From jgostin at eternal.pha.pa.us Sat Aug 6 00:19:47 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Sat, 6 Aug 94 00:19:47 PDT Subject: (none) Message-ID: <940806012849E6Hjgostin@eternal.pha.pa.us> Blanc Weber writes: > who cypherpunks Good question, although it isn't the greatest english... :-) A wise man said cypherpunks assume privacy is a good thing. They are devoted to cryptography. They love to practice playing with public key cryptography and anonymous mailers. They write code. They don't care if you like the software they write. So, that's "who cypherpunks". :-) --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From karn at unix.ka9q.ampr.org Sat Aug 6 00:25:55 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Sat, 6 Aug 94 00:25:55 PDT Subject: fast 386 DES code figures Message-ID: <199408060726.AAA00390@unix.ka9q.ampr.org> To see if software DES could really be made acceptable in a IP security protocol, I've been bumming cycles out of my old DES code. I've completely translated the encrypt and decrypt routines to assembler, with no calls or jumps inside either routine. I picked up Richard Outerbridge's seriously clever initial and final permutation algorithm from Schneier, along with a few of his other tricks. The bottom line: about 38,373 encryptions/sec (2.456 megabits/sec) on a 50 Mhz Intel 486 running in 16-bit real mode. This includes the overhead of the C loop that calls the encrypt function and prints a status line every 10,000 loops. The code would probably run faster if assembled and run in 32-bit native mode, as this would eliminate a lot of 1-clock operand size prefixes (I do many 32-bit operations). Oh, by the way, if I eliminate the permutations the speed goes up to about 42,986 encryptions/sec (2.751 megabits/sec), an increase of about 12%. That says I should be able to do triple-DES at about 13,777 blocks/sec (881.7 kbit/sec) although I haven't tried it yet. What still bugs me is that Schneier lists the speed of one commercial DES implementation as 40,600 encryptions/sec on a 33 Mhz 486. I just don't see how that's possible without using a lot more memory for lookup table space (I use only 2K, which is nice in a DOS environment). In any event, this should be enough for a T1 link (half duplex) as long as too many cycles aren't needed for things like routing packets. :-) Phil From sameer at c2.org Sat Aug 6 04:34:10 1994 From: sameer at c2.org (sameer) Date: Sat, 6 Aug 94 04:34:10 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) In-Reply-To: <199408050412.VAA22070@jobe.shell.portal.com> Message-ID: <199408061132.EAA13655@infinity.c2.org> remail at c2.org and remailer at soda.csua.berkeley.edu both run such things accessible via finger. Unfortunately there is a bug in the code (written by Ray Cromwell.. not to place blame on him but to give him credit) which does it that clobbers the list of remailers to ping and I haven't gotten around to writing a backup mechanism so the list of active remailers isn't killed whenever the bug happens. (Yes, the bug *should* be fixed at the source..) If people could send their personal lists of remailers to sameer at c2.org and datura at leri.org (he's working on a remailer client) with the keys for these remailers, that *Would* be appreciated. > > Re putting remailer aliveness on usenet: > > What I think is a better idea was proposed here last year, and I think > someone was doing it for a while. It is for someone to volunteer to > be the keeper of the remailer aliveness information. He runs scripts > every day to ping the remailers, keeps lists of which remailers are > currently active, and so on. This information is collected and put into > a file retrievable by email or finger. This way you need only check a > single site to find out which remailers are up, and you don't have the > usenet waste of sending stuff all over the world that only a few people > are interested in (yes, I know usenet does this already, but it won't > forever). > > Just like people set up web sites that point to interesting resources, > some people will (and perhaps are already) run sites which point to good > remailers. This is just as useful a service as running a remailer, and > a good deal less controversial. This seems like a good solution to the > problem of finding running remailers. > > Hal > -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-841-0909 http://www.c2.org (or login as "guest") sameer at c2.org From sameer at c2.org Sat Aug 6 04:51:53 1994 From: sameer at c2.org (sameer) Date: Sat, 6 Aug 94 04:51:53 PDT Subject: RemailerNet In-Reply-To: <199408051528.LAA18523@cs.oberlin.edu> Message-ID: <199408061150.EAA13826@infinity.c2.org> > > You seem to be talking about a Julf-style anon system, where the system > knows who you really are. If the system is corrupt, if Julf were an > NSA agent, then the entire system is compromised and useless. > I like the cypherpunks remailer concept better, where each link in the chain > only knows the next link in the chain, and security is achieved by > multiple links. If several of the links are actually NSA agents, your security An alias-based anonymous server which does *not* have the insecurity of Julf's remailer is running on omega.c2.org. You can create an identity (terrorist at omega.c2.org for example) and mail to your identity will go through a remailernet path back to you. The server doesn't know who you are. Look at http://www.c2.org/services/blindserver.html and http://www.c2.org/services/blindclient.html -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-841-0909 http://www.c2.org (or login as "guest") sameer at c2.org From sameer at c2.org Sat Aug 6 04:53:54 1994 From: sameer at c2.org (sameer) Date: Sat, 6 Aug 94 04:53:54 PDT Subject: A Helpful Tip for Impatient Souls In-Reply-To: <199408060429.VAA27860@soda.CSUA.Berkeley.EDU> Message-ID: <199408061152.EAA13849@infinity.c2.org> I have found the following few procmail rules useful: ^TOcypherpunks-announce cypher-announce :2: ^TOcypherpunks at toad.com ^From:.*(tcmay at netcom.com|rjc at gnu.ai.mit.edu|frissell at panix.com|habs at warwick.com|hfinney at shell.portal.com|cfrye at ciis.mitre.org|whitaker at dpair.csd.sgi.com|hughes at ah.com|sameer at soda.berkeley.edu|ebrandt at jarthur.cs.hmc.edu|sandfort at crl.com|collins at newton.apple.com|lefty at apple.com|unicorn at access.digex.net|warlord at athena.mit.edu|gtoal at an-teallach.com|cdodhner at indirect.com|klbarrus at owlnet.rice.edu|nate at VIS.ColoState.EDU|hugh at toad.com|perry at imsi.com) cypher :: ^TOcypherpunks at toad.com noisy/cypher I haven't had any time to dip into noisy/cypher (well not much.. I'm dipping into it right now) lately so I'm probably missing some very valuable people. But I have found the preceding list to create a mailbox with essentially 90-95% signal. -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-841-0909 http://www.c2.org (or login as "guest") sameer at c2.org From merriman at metronet.com Sat Aug 6 05:41:53 1994 From: merriman at metronet.com (David K. Merriman) Date: Sat, 6 Aug 94 05:41:53 PDT Subject: latency Message-ID: <199408061245.AA11202@metronet.com> Looks like we had a little latency of our own on the list the last couple of days. Anyone know what happened? Dave Merriman -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi3uZ2MAAAEEALWQtxX77SZSaFls6cVbPp+fZS4MNyKK3ZFYQo0qWyj+0tMq YgRTPRJRaCQixo63RttknogfPp514qdVMZw5iPeOXmD+RxrmTTwlbGqA7QUiG1x5 LG2Zims5zk4U6/rt8hwLh0/8E4lIb9r5d31qc8L1A9Twk/cmN8VrTvyYOzAZAAUR tClEYXZpZCBLLiBNZXJyaW1hbiA8bWVycmltYW5AbWV0cm9uZXQuY29tPokAlQIF EC3uaE3Fa078mDswGQEBbI8D/0FiwDcbfeNyDVJ+7EIWHjIxVkIGu+ArYUEllR3G SBHVZ9Vh7n8bNXeNHMnG5cZ23TLMVvweyhxFS+cDi+I7omeDNr6x65z500LxfUvL K5bSuSiBVkTp2z+/iojY/662JwKHzEEunuJ4CO8Yhxy11CdeszEX7DpXzRxLL92r EmO2 =4ZfP -----END PGP PUBLIC KEY BLOCK----- Finger merriman at metronet.com for PGP2.6ui/RIPEM public keys/fingerprints. From cmullen at cs.oberlin.edu Sat Aug 6 07:03:51 1994 From: cmullen at cs.oberlin.edu (Spencer Mullen) Date: Sat, 6 Aug 94 07:03:51 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) In-Reply-To: <3778@aiki.demon.co.uk> Message-ID: <199408061404.KAA02300@cs.oberlin.edu> Jim Dixon writes: >Commercial remailers would probably be very concerned with legal >issues, both criminal (pornography, etc) and non-criminal (copyright >violations). It would seem that remailers shouldn't be anymore accountable for passing on illicit pornography than the postal services are today. ?? >-- >Jim Dixon From hfinney at shell.portal.com Sat Aug 6 08:31:20 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 6 Aug 94 08:31:20 PDT Subject: Improved remailer reordering Message-ID: <199408061531.IAA28014@jobe.shell.portal.com> Here is an interesting result I came up with while lying in bed last night. It has to do with the latency/reordering issue. As Eric and others have pointed out, what you want with a remailer is to mix up the messages so you can't link incoming to outgoing one. This implies that you have more than one message to work with, otherwise you don't have anything to mix. And this implies some necessary latency; you have to wait until you have more than one message on hand before sending things out. However, note that latency in itself is generally bad. You shouldn't wait longer than you need to to attain the desired degree of mixing. One simple way this can work is by batching messages up. This could be done by running the remailer at regular intervals, choosing the intervals so that you tend to have enough messages on hand based on average arrival times. But a simpler way is to simply wait until you have N messages on hand, then to promptly mix them up and send them out. This way you have a predictable number of messages to mix each time. Note that in a system like this you might as well send them all out as soon as the Nth message comes in; there is no point in holding on to them for any extra time as it adds latency without improving mixing. The interesting thing I came up with is that there is a simple modification to this batching scheme which gives better mixing with less average latency. To describe it I need some mathematics. One way to measure the benefit of a given degree of message-mixing is by looking at the uncertainty of position of a given message coming in and going out. If we had batches of 4, for example, a given message coming in has its position known with certainty. Going out, it may be any one of four messages, and the probability of it being any one of them is 1/4. A measure that is used for situations like this is entropy. It is defined as the negative of the sum of the product of each probability times its log. (I will use log to the base 2 for the calculations for simplicity.) That is, E = - sum pi * log pi. For the incoming message, we have just {1} as the probability distribution. We know exactly where it is and the probability is 1 that it is there. For the outgoing we have {1/4,1/4,1/4,1/4} as the distribution. It may be any of these four messages with equal probability. Applying the entropy formula to these we get E=0 for the incoming, and E=2 for the outgoing. If we had batches of 8 instead the distribution would have been {1/8,1/8, 1/8,1/8,1/8,1/8,1/8,1/8}, for E=3. Note that entropy is a log measure like the Richter scale. An increase from 2 to 3 is just as big as an increase from 1 to 2. To consider different batching strategies, consider a remailer where the messages come in one per hour, at 1:00, 2:00, 3:00, etc. A four-fold batching strategy would save up messages until there were four, then randomly reshuffle them and send them out. For this case we'd wait until the 4:00 message, then shuffle numbers 1,2,3,4 and send them out, say, at 4:01, in some random order, maybe 2,1,4,3. Then we'd save up more until 8:01 at which time we might send out 7,5,8,6. Note first that there is no point in waiting till after 4:01; once we have the four messages we might as well go. Note too that the average latency for messages in this system is 1.5 hours (the four messages have latencies of 0,1,2 and 3 hours). Four-fold batching produces entropy E of 2 and average latency L of 1.5 hours. Three-fold batching has E=1.58 and L=1; two-fold batching has E=1 and L=.5. Generally, N-fold batching has E=log base 2 of N, L=(N-1)/2. Okay, with this background, we can consider the alternative which gives improvement. It is to have some "rollover" of messages. Instead of sending all of the messages in a batch out, you retain some of them and use them to start the next batch. I call an (M,N) rollover system one which uses batches of M messages but retains N as rollover, sending M-N out each time. By this definition the four-fold latency system above could be called a (4,0) rollover where the 0 means we don't roll any over and send them all out. The simplest rollover case is (2,1). This uses batches of 2 messages, where you choose one at random to send out and keep one. Then when the next message arrives you again choose at random between the new one and the old one, send that out, and keep the other. In the timing example above, suppose we have the message from 1:00. Then at 2:00 when that message arrives, we pick one of the two messages at random and send it out. Suppose it is number 2. We retain number 1 until 3:00. Then we choose at random between 1 and 3. Maybe we pick 1 this time. We keep 3 until 4:00, then choose at random between 3 and 4, and so on. Each message has a 1/2 chance of being sent out immediately, a 1/4 chance of being sent out after 1 hour, a 1/8 chance of going out after 2 hours, a 1/16 chance of going out after 3 hours, and so on. This means that the outgoing probability distribution is {1/2,1/4,1/8,1/16,...}. The entropy of this probability distribution is 1/2+2/4+3/8+4/16+5/32+6/64+... from the formula above, which works out to be 2. The average latency is 0+1/4+2/8+3/16+4/32+5/64+..., which works out to be 1. So, (2,1) rollover batching produces E=2 and L=1. This is the same entropy as (4,0) batching with less average latency. Alternatively, it is more entropy than (3,0) batching with the same average latency. It also has the advantage that you never have to hold more than two messages, compared with three or four for the alternatives. So this scheme has several ad- vantages over simple batching. Now, it does have one disadvantage, which is that there is no upper bound on the latency of a message. With the (4,0) batching you may have had more latency, but you at least know that nothing would have more than 3 message-times. With (2,1) there is a small chance of having very large latencies. In fairness, though, it should be pointed out that in a real system messages arrive at irregular intervals rather than the clockwork model I used above, so even (4,0) would have random latency ceilings. Also, it might be possible to modify (2,1) so that messages never waited more than some maximum number of hours without seriously hurting the entropy. I haven't tried working out the details of other rollover methods, but I suspect that this will be a general method of improving entropy at little cost in latency. In real life we would want large entropies but starting with a (10,0) I'll bet many rollover systems would be superior. Hal From mpd at netcom.com Sat Aug 6 09:08:35 1994 From: mpd at netcom.com (Mike Duvos) Date: Sat, 6 Aug 94 09:08:35 PDT Subject: fast 386 DES code figures In-Reply-To: <199408060726.AAA00390@unix.ka9q.ampr.org> Message-ID: <199408061608.JAA27681@netcom12.netcom.com> Phil Karn writes: > I've completely translated the encrypt and decrypt routines > to assembler, with no calls or jumps inside either routine. > I picked up Richard Outerbridge's seriously clever initial > and final permutation algorithm from Schneier, along with a > few of his other tricks. I should confess that I am probably the only person on the list who has not yet read Schneier. So I apologize in advance if the following comments turn out to be redundant. > What still bugs me is that Schneier lists the speed of one > commercial DES implementation as 40,600 encryptions/sec on a > 33 Mhz 486. I just don't see how that's possible without > using a lot more memory for lookup table space (I use only > 2K, which is nice in a DOS environment). Since 2k is exactly what is needed for a precomputed table which combines the S-boxes and the wirecrossing, I will assume this is the approach you used. Given this data structure, there are a number of cute tricks which will get DES down to around 30 machine instructions per each of the 16 rounds on a machine with enough registers and a decent set of addressing modes. The important trick is to reorder the S-boxes so that you do lookups on the odd numbered ones and the even numbered ones separately. (1,3,5,7,2,4,6,8) works nicely. This permits the results to be ORed together in two groups of four with all the necessary indexing held in a single 32 bit register, which can be appropriately repositioned each time. The precomputed key schedule needs to be adjusted to reflect the new order. Note that with this ordering, the blocks of six bits used for lookup are byte aligned if you consider the even and odd S-boxes separately. If you store the upper two bits of lookup table addressing in the precomputed key schedule and shift both it and the right hand block left two bits, all explicit table indexing vanishes and you can accumulate the result of a lookup with a single indexed OR instruction. I'm not sure what 30-something instructions per round translates into for a 33 Mhz 486, but 40,600 encryptions per second doesn't sound too outrageous using the above approach. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From hughes at ah.com Sat Aug 6 09:54:18 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 6 Aug 94 09:54:18 PDT Subject: fast 386 DES code figures In-Reply-To: <199408060726.AAA00390@unix.ka9q.ampr.org> Message-ID: <9408061625.AA16701@ah.com> Phil Karn wonders where all the speed comes from in reports of fast software DES. I believe that the really fast DES variants use extremely large computed-at-key-init S-box tables. As I recall, these implementations tend to pay for it in terms of setup time, which makes them less that completely appropriate for multiple IP encryption, each with its own key and where only a few dozen encryptions are done per packet. The cost to change keys is paid for either in use of memory for multiple precomputed S-box sets (an attendant swapping) or in a high key-setup to encryption ratio. For a link cipher where the key doesn't change much, these fast implementations are right. For a situation where keys change frequently, they may not be a system win. Thanks to Perry Metzger for alerting me to this issue. Eric From karn at unix.ka9q.ampr.org Sat Aug 6 10:00:19 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Sat, 6 Aug 94 10:00:19 PDT Subject: fast 386 DES code figures In-Reply-To: <199408061608.JAA27681@netcom12.netcom.com> Message-ID: <199408061700.KAA00742@unix.ka9q.ampr.org> >Since 2k is exactly what is needed for a precomputed table which >combines the S-boxes and the wirecrossing, I will assume this is >the approach you used. Yup, it is. I could look up more than 6 bits (i.e., more than 1 S-box) at a time, but this really starts to eat RAM. >The important trick is to reorder the S-boxes so that you do >lookups on the odd numbered ones and the even numbered ones >separately. (1,3,5,7,2,4,6,8) works nicely. This permits the This is another trick from Outerbridge's code that I picked up. As you say, it does make a difference. It's especially nice in 386 assembler since I can do the key XOR E(R) AND mask in 32-bit operations, then pick off the 4 resulting bytes individually to do the SP box indexing. This trick took me from about 1.85 megabits/sec to the 2.45 megabit/sec figure I gave earlier. >If you store the upper two bits of lookup table addressing in the >precomputed key schedule and shift both it and the right hand >block left two bits, all explicit table indexing vanishes and you >can accumulate the result of a lookup with a single indexed OR >instruction. I'm doing this too, if I understand you correctly. By left-adjusting each subkey in the key schedule (i.e., shifting the 6 bits left 2 bits), I can pre-adjust for the x4 offset I need to index the SP table, which has 4-byte elements. This saves two 32-bit shifts per round. BTW, some of the code (including Outerbridge's in Schneier) accumulates the 8 intermediate SP results by ORing into a temporary, then XORs the temporary into the output data block. This is unnecessary; each table lookup can be XORed directly into the output block. Since XOR and OR take the same time, this avoids a temporary and an extra operation. At the moment I'm really down in the noise. I've discovered that 286/386/486 specific instructions like ROR EAX,31 execute slightly faster (2 clock cycles) on the 486 than the equivalent 8086 instruction ROL EAX,1 (3 clock cycles), even though the faster instruction is more bytes. Unexpected timings occur for several other 486 instruction sequences as well, such as LODS[BW] (5 clocks), which is much slower than writing out the equivalent MOV/INC (or ADD) sequence longhand (1 clock each). I guess code size is unimportant as long as everything lands in the cache. Phil From jdd at aiki.demon.co.uk Sat Aug 6 10:18:46 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sat, 6 Aug 94 10:18:46 PDT Subject: RemailerNet Message-ID: <4068@aiki.demon.co.uk> In message <199408051528.LAA18523 at cs.oberlin.edu> Jonathan Rochkind writes: > You seem to be talking about a Julf-style anon system, where the system > knows who you really are. If the system is corrupt, if Julf were an > NSA agent, then the entire system is compromised and useless. If you are using unmodified Internet hardware and TCP/IP as the underlying transport system, then your point of entry into a remailer network definitely knows which machine is originating a message and the point of exit definitely knows where it is going. If your transport system is the email system, the same holds true because email runs on top of TCP/IP. While fiddling with email headers may make you feel secure, it gives you no protection. It is a large project (say 30,000 lines of code, some of it at the kernel level) to build a remailer network which does not use SMTP and TCP/IP. >From the scale of efforts that you are talking about, I assume that you do not intend to do this. So the remailer gateways know the source and destination addresses, they know your electronic identity. This may or may not lead them to your physical identity. That can be concealed fairly easily, especially in large institutions with poor control over their network resources. But this has nothing to do with our discussion now. > I like the cypherpunks remailer concept better, where each link in the chain > only knows the next link in the chain, and security is achieved by > multiple links. If several of the links are actually NSA agents, your security > is reduced, but not compromised completely. If you've got a chain of, say > 10 links, even if 7 of them are evil NSA agents, you still can probably retain > your anonymity. Return addresses are accomplished by encrypted > "resend-to:" blocks. It seems much preferable to have a system where it > isn't neccesary to trust any one net entity completely, as it is in a > Julf-style anon-ID system. [Of course one could use a combination of both > in communications too, but I wouldn't feel safe unless my anonimity was > safe even if the Finish FBI raided Julf's site.] Promiscuity leads to infection. Each contact with a new RemailerNet gateway increases the probability of your being compromised. If you modify the proposed RemailerNet to allow reposting at gateways, you have all of the benefits of the system described above, without the risks. Reposted messages would be encrypted with the far gateway's public key. The near gateway would then have no idea of the ultimate destination of the message. In a well designed system, the far gateway would also not know the identity of the sender. > When looked at with this goal in mind, I think maybe the newsgroup as a method > of passing remailer net information makes a bit more sense. > > I don't think the possibility of the newsgroup being spoofed is actually > fatal to the system. Let's examine ways in which it could be attacked: > > 1) The Enemy could introduce completely made-up "i'm here" messages, pointing > to non-existent remailers. ... > 2) The Enemy could announce his own Evil-remailers to the net. These remailers > would in fact exist, but would do evil things designed to compromise the net... > 3) The Enemy could intercept announcement messages from good remailers, and > replace their public key with his own. ...He could then intercept all mail to this > good remailer, and read it, and forward it on, or drop it in the bitbucket. > 4) Denial of service: The enemy could intercept the announcement messages, and > keep them from getting to the newsgroup. ... > 5) The enemy could intercept announcement messages from good remailers, and > replace both the public key and address with his own. This is really just a > combination of several of the previous attacks, nothing new. In the early to mid 1950s the FBI set out to penetrate Communist Party USA cells. At some point, when the fear of the Red Menace began to recede, people began to talk. The communists said, "you could always tell who were the FBI agents. They were the ones who paid their dues." The FBI was actually providing most of the funds for CPUSA. If anyone cared enough, what they would do is (a) put up enough remailers so that they were, say, a steady 80% of those announcing in the alt.x group; (b) provide a good, reliable service nearly all of the time; and (c) drive the other 20% out of business with a steady disinformation campaign (rumors, complaints, etc) and other more aggressive tactics. The FBI types running (a) and (b) would be well funded and they would be the sort of steady, unimaginative people who run small businesses well. The CIA field agents masterminding (c) would be very well funded network freaks, some of them ex-hackers. They could operate outside the USA and pay little or no attention to US laws. Pity the poor 20% in the face of such attacks. Any traffic sent through this remailer network would have only a tiny chance of getting through without being compromised. If you picked 5 remailers, the chances of all being non-FBI would be about .2^5, 3 in 10,000. The other 9,997 messages would be copied immediately to Langley. The proposed RemailerNet could be attacked in much the same way. But if the network were widely distributed so that gateways were in different legal jurisdictions and different countries, and if most of the people involved knew one another, it would be more difficult to compromise it. -- Jim Dixon From jdd at aiki.demon.co.uk Sat Aug 6 10:19:38 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sat, 6 Aug 94 10:19:38 PDT Subject: Remailer ideas Message-ID: <4071@aiki.demon.co.uk> In message <9408051709.AA14763 at ah.com> Eric Hughes writes: > Jim Dixon analogizes between the Internet and remailer networks. The > analogy has some merit, but yet breaks down badly with the very first > point: > > * all packets should be acknowledged > > This is not the way the Internet works. There are some problems with vocabulary here and some conceptual problems. The objective is a system which is highly reliable and resistant to traffic analysis. If you have three messages in, one 10 bytes long, one 1000 bytes long, and one 1,000,000 bytes long, and you send them out to three different destinations, it does not take genius to see which is which, no matter what order they are dispatched in. But if you send them out as packets, each say 4096 bytes long, with all packets acknowledged, and the routing of the packets is random, and noise has been introduced ... traffic analysis is very difficult. TCP/IP is designed to work in an environment which is unreliable but also unhostile. The sliding window algorithm and acknowledgement at the message level is suitable for that environment. TCP/IP has been optimized for speed. [stuff omitted] > Further, in email, there's currently no notion of a connection. The internal functioning of RemailerNet is not the same as the functioning of the email system. All RemailerNet communications are reliable. Packets are acknowledged and the acknowledgement includes a hash of the packet contents, so that the packet cannot be tampered with. Acknowledgements will in general take different routes from packets. > * users should communicate with trusted gateways > > This point is only half true, because the analogy only subsumes one > kind of trust. For remailers there is both trust in delivery and > trust in silence, the destruction of the message and information about > it. 'Trust in silence' is a good term. This can be enhanced in a number of ways. If you are corresponding with someone you know, you encrypt your messages. If you are corresponding with a stranger, you encrypt your message with the public key of a far gateway; then post it to the far gateway through a near gateway. The near gateway knows who is sending, but cannot read the message and does not know the destination. The far gateway decrypts the message before delivering it, so it knows the message and the destination, but not the sender. If you are sufficiently paranoid, you put your message inside yet another envelope, mailing it through the near gateway to a far gateway, which posts it on to another gateway, which finally posts it to its destination. Remailer gateways should be spread very wide geographically if the network is to be secure. If you are very concerned about anonymity, bounce a message through gateways in, say, the USA, Finland, Russia, and Ireland. If your concerns are about your employer, say, the probability of his getting at four different gateways in four different jurisdictions simultaneously is vanishingly small. If your concerns are about governmental authorities, they are not that much higher. -- Jim Dixon From adam at bwh.harvard.edu Sat Aug 6 10:24:49 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sat, 6 Aug 94 10:24:49 PDT Subject: Remailer ideas In-Reply-To: <199408060511.WAA24892@jobe.shell.portal.com> Message-ID: <199408061724.NAA05169@bwh.harvard.edu> On M/N reordering schemes: A relatively simple way to avoid the unlucky message sitting in the queue problem would be to store a timestamped, ordered list of messages waiting to go. When a new message comes in, one is randomly selected to be sent out. The list is then examined to find messages older than H hours. The entries for those messages are then duplicated & reinserted into the list, thus increasing the chances that a message thats been sitting around for a while will be randomly selected. (As there are multiple pointers to it, and only single pointers to new messages.) Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From jdd at aiki.demon.co.uk Sat Aug 6 10:30:57 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sat, 6 Aug 94 10:30:57 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) Message-ID: <4087@aiki.demon.co.uk> In message <9408051716.AA14773 at ah.com> Eric Hughes writes: > Back to the start, I guess. > > > Specifically cryptographic elements are easily added to the system > > * packets can be delayed for random intervals > > Let me repeat: > > REORDERING IS OF PRIMARY IMPORTANCE FOR REMAILER SECURITY. > > ADDING LATENCY IS NOT. No need to shout, we heard you the first time. ;-) In a system that is carrying continuous traffic, random packet delay is functionally identical to packet reordering. If messages are fragmented, random delays on sending packets out is functionally identical to reordering. More importantly, RemailerNet as described defeats traffic analysis by more significant techniques than reordering. Reordering is a weak technique. The introduction of noise, 'MIRV'ing of messages, fragmentation of messages, random choice of packet routes, and encyphering of all traffic are stronger techniques. -- Jim Dixon -- +-----------------------------------+--------------------------------------+ | Jim Dixon | Compuserve: 100114,1027 | |AIKI Parallel Systems Ltd + parallel processing hardware & software design| | voice +44 272 291 316 | fax +44 272 272 015 | +-----------------------------------+--------------------------------------+ From adam at bwh.harvard.edu Sat Aug 6 10:39:12 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sat, 6 Aug 94 10:39:12 PDT Subject: RemailerNet In-Reply-To: <4068@aiki.demon.co.uk> Message-ID: <199408061739.NAA05213@bwh.harvard.edu> Jim Dixon: | In message <199408051528.LAA18523 at cs.oberlin.edu> Jonathan Rochkind writes: | > You seem to be talking about a Julf-style anon system, where the system | > knows who you really are. If the system is corrupt, if Julf were an | > NSA agent, then the entire system is compromised and useless. | | If you are using unmodified Internet hardware and TCP/IP as the underlying | transport system, then your point of entry into a remailer network | definitely knows which machine is originating a message and the point | of exit definitely knows where it is going. IP is not reliable & trustworthy. It it was, RFC931 ident servers would be useful. ;) Theres source routing to make packets appear to come from someplace else, and there is outright forgery, which has limits, but can work quite well. For a good discussion of some of TCP/IP's reliability & trustworthyness, see Steve Bellovin's paper, research.att.com:/dist/internet_security/ipext.ps.Z An aside: Does anyone care to share thoughts on IPng's security features? Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From tcmay at netcom.com Sat Aug 6 10:52:48 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 6 Aug 94 10:52:48 PDT Subject: Common Carriers and Illicit Shipments In-Reply-To: <199408061404.KAA02300@cs.oberlin.edu> Message-ID: <199408061753.KAA11320@netcom2.netcom.com> Spencer Mullen writes: > It would seem that remailers shouldn't be anymore accountable for > passing on illicit pornography than the postal services are today. > > ?? I'll take the "??" as an invitation for comment. Package delivery services like UPS and Federal Express *do* have immunity from prosecution based on what they carry, but this is in exchange for allowing inspection of packages under specified circumstances. Thus, if the DEA suspects a package contains cocaine, it can be inspected, and the shipper will most likely cooperate in resealing the package and continuing the shipment. This is part of "common carrier" status. (I don't have any cites for this, as I'm not a lawyer. But this topic has come up many times on the Net, and the consensus of knowledgeable people is that "participation in legitimate law enforcement investigations" is part and parcel, so to speak, of being a common carrier.) Caveat: I'm not claiming any of this is as it should be, etc. Just stating facts as I understand them. The implications for crypto are unknown, but between the Digital Telephony Bill mandating easy tapping access and the various key escrow schemes, I expect that a remailer network which cannot possibly cooperate may face legal problems. (One scenario: Digital Telephony III, in 1997, mandates that all mail sites must keep records of incoming and outgoing packets, and where they mailed them to, and must keep explicit mapping between incoming and outgoing packets. These records must be available for inspection, with a $10,000 a day fine fro noncompliance. With such a mandate, the authorities could go to each and every remailer they find and demand these records. A wrinkle: what about *offshore* remailers? Ah, things then get very interesting.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jdd at aiki.demon.co.uk Sat Aug 6 11:13:31 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sat, 6 Aug 94 11:13:31 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) Message-ID: <4089@aiki.demon.co.uk> In message <199408061404.KAA02300 at cs.oberlin.edu> Spencer Mullen writes: > Jim Dixon writes: > > >Commercial remailers would probably be very concerned with legal > >issues, both criminal (pornography, etc) and non-criminal (copyright > >violations). > > It would seem that remailers shouldn't be anymore accountable for > passing on illicit pornography than the postal services are today. I really do not want to try to argue the legal issues here; I am not a lawyer and claim no expertise. At a practical level, if you were running, let us say, an Internet Service Provider (ISP) and offered remailer services, you would in time attract the business of people who used your services for various unlawful purposes. You could not stop this without going through everyone's private mail. This would itself probably be illegal and certainly would lose you business. I understand that Playboy magazine spends lots of money pursuing people for copyright violations, and that criminal charges have been filed by the authorities in Tennessee or Arkansas against someone in California who sent them pornographic materials over a telephone line. The Post Office has what is called in the UK "crown immunity" against such prosecutions. So do "common carriers" in the USA. They are given special legal status. I do not know, but I believe that the telephone companies are legally common carriers. As a remailer gateway operator, you would probably have to argue things out in court, which could be very expensive. In the case of criminal charges, you would have to expect to lose your equipment for some time, and perhaps your freedom. I suspect that legally the key step would be to never store messages for any period of time. It would be prudent to erase them as soon as their receipt was verified. This would also save disk space, and it would be in line with the 'trust in silence' ethic. I would do this and then publicize the fact that I did so widely. This would discourage public prosecutors, who really don't like to do futile things. And I would incorporate the gateway and make sure it wasn't worth a great deal. This would discourage civil suits; clients get very irritated when they win the lawsuit and find that after all their legal expenses the target has filed for bankruptcy. -- Jim Dixon From merriman at metronet.com Sat Aug 6 11:40:08 1994 From: merriman at metronet.com (David K. Merriman) Date: Sat, 6 Aug 94 11:40:08 PDT Subject: Remailer listings/strategy Message-ID: <199408061843.AA17840@metronet.com> This may have been hashed out in a previous incarnation, but on the subject of remailers and their availability, why not just have each one broadcast a message of it's availability periodically (hourly? every 4 hours?) on, say, the Cypherpunks mailing list. Then, each remailer could also listen in, read in who's up, and if it doesn't hear from a remailer within some period of time (or some number of scheduled broadcasts), assume that it's down until it hears from that system again. This would also allow individuals to maintain personal listings of available remailers, as well, and automate the process of keeping track of what remailers are up/down/available. The additional traffic wouldn't seem to be _too_ much of a burden, those individuals who didn't want the broadcasts cluttering up their mailboxes could filter them out, and doesn't require massive effort or changes to implement (ie, new newsgroups, etc). What blazingly obvious thing am I missing here, or does it make too much sense to work? :-) Dave Merriman Finger merriman at metronet.com for PGP2.6ui/RIPEM public keys/fingerprints. From blancw at microsoft.com Sat Aug 6 11:53:49 1994 From: blancw at microsoft.com (Blanc Weber) Date: Sat, 6 Aug 94 11:53:49 PDT Subject: (none) Message-ID: <9408061855.AA19178@netmail2.microsoft.com> From: Jeff Gostin So, that's "who cypherpunks". :-) ......................................................................... I really meant to ask 'where cypherpunks'. It had been a whole day & more without the hordes messages and my day seemed empty, without code or purpose, lacking controversy & jibber jabber. Blanc From jdd at aiki.demon.co.uk Sat Aug 6 12:02:45 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sat, 6 Aug 94 12:02:45 PDT Subject: RemailerNet Message-ID: <4094@aiki.demon.co.uk> In message <199408061739.NAA05213 at bwh.harvard.edu> Adam Shostack writes: > | If you are using unmodified Internet hardware and TCP/IP as the underlying > | transport system, then your point of entry into a remailer network > | definitely knows which machine is originating a message and the point > | of exit definitely knows where it is going. > > IP is not reliable & trustworthy. It it was, RFC931 ident > servers would be useful. ;) Theres source routing to make packets > appear to come from someplace else, and there is outright forgery, > which has limits, but can work quite well. My "if you are using unmodified ..." clause shows that I understand this. You can send from a very large network and forge your TCP/IP or (more difficult) Ethernet source address. But I can sit on the same network, build a table relating TCP/IP to ethernet (or whatever) addresses, and filter out messages that should not be there. There are commerical packages that do this sort of thing. Basically, this is a different topic. One problem is designing a generic software package and set of protocols that will allow you to route mail anonymously. This is a general problem. The hacking of specific networks is a different, if related, problem. -- Jim Dixon From tcmay at netcom.com Sat Aug 6 13:36:14 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 6 Aug 94 13:36:14 PDT Subject: Remailer listings/strategy In-Reply-To: <199408061843.AA17840@metronet.com> Message-ID: <199408062037.NAA06711@netcom15.netcom.com> David Merriman writes: > This may have been hashed out in a previous incarnation, but on the > subject of remailers and their availability, why not just have each one > broadcast a message of it's availability periodically (hourly? every 4 > hours?) on, say, the Cypherpunks mailing list. Then, each remailer could > also listen in, read in who's up, and if it doesn't hear from a remailer > within some period of time (or some number of scheduled broadcasts), assume > that it's down until it hears from that system again. This would also allow > individuals to maintain personal listings of available remailers, as well, > and automate the process of keeping track of what remailers are > up/down/available. > The additional traffic wouldn't seem to be _too_ much of a burden, > those individuals who didn't want the broadcasts cluttering up their > mailboxes could filter them out, and doesn't require massive effort or > changes to implement (ie, new newsgroups, etc). > What blazingly obvious thing am I missing here, or does it make too > much sense to work? :-) Several flaws: Mailing lists are a poor forum for sending "I'm up" messages out, for various reasons: 1. Volume. 20 remailers x a message every 4 hours = 120 message a day to the list. Not a good idea, for many reasons. 2. Scaling. Even with fewer than 20 remailers, the system breaks down. Imagine if our goal of hundreds of remailers is met! 3. Not automated. Sending a text message out to everyone, and then having interested folks write a script to parse the messages and whatnot, is more work (probably) than having them finger or ping the remailers themselves (don't have to go through mail as the intermediary). And the remailer operators themselves would have to do the donkeywork of creating and sending messages automatically, which most of them probably won't do. 4. Mail to the list is hardly perfect itself, as we've seen many times. Delays, downtime, etc. Why inject a new delay/variable? 5. Function. Basically, it's not the function of a mailing list like ours to broadcast such messages. If many remailers do it, why not money providers, other mailing lists, etc.? 6. Not all remailer users are going to be on the Cyherpunks list, so why would the list be the solution? (Better would be either distribution of the pinging scripts, a centralized finger pinger (I like the sound of that: "finger pinger") such as Matt Ghio was running, or perhaps an "alt.anonymous.messages.status" group, acting as a message pool. These are just the objections that come inmmediately to mind. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From blancw at microsoft.com Sat Aug 6 13:40:30 1994 From: blancw at microsoft.com (Blanc Weber) Date: Sat, 6 Aug 94 13:40:30 PDT Subject: What are Appropriate Topics? Message-ID: <9408062041.AA19705@netmail2.microsoft.com> From: Timothy C. May "As for pure crypto being discussed on the list, there's a fair amount of that. I've posted my share of explanations of zero knowledge proof systems, dining cryptographers protocols, complexity theory, etc. I'm not saying this to defend myself, per se, but to note that these topics produced almost no discussion, almost no interest. Make of this what you will." I would say some reasons for the silence are that: . those who have read your comments have not thought extremely much about these themselves, so are not ready to add anything at the time. . your treatment of the subject matter was thorough enough that others don't feel the need to add further to your points. . you presented some deep thoughts that require time to digest & process. . the ideas you have about future events may have no present means to carry them out, good as they may be, and the way from point A to point B is not yet possible to achieve, as no practical method or system could yet be constructed. "* what happens to tax collection in an era of unbreakable cyphers? * how will the state react?" I would add: how will the general population react, when their security blanket is rendered ineffective? (* crypto anarchy issues from the perspective of the other side) * what's really holding back the spread of digital cash? What is the status of the work on this? I would like to keep up with its progress, if there are sources for the information. (besides The Economist) * where do we go from here? [Who's 'we', Kimosabe? :>) ] Where was anyone planning to go? There isn't anywhere else to go, physically, so it's necessary to resolve the problem of interacting in the same place at the same time with opposing methodologies. How does that work? (You aren't going to be invisible all the time, nor to everyone.) "..."Cypherpunks write code" is just one manifestation of the idea that we can actually change the world through the technological development of privacy-enhancing systems..." And privacy-enhancement isn't the *only* thing which will change the world, is it? There are other forces of cause-effect and influence which determine people's reactions to each other and to the problems of living. It lies within the broader subject of 'control': self-control, self-determination, as managed by the individual. This is where the controversy occurs - whether any or only some individuals shall be "permitted" to excercise it, and to what tolerable degree, and who shall be the "authority" that makes that decision. Much as some on the list would wish otherwise, "privacy-enhancement" goes in the direction of favoring the individual above the group, and this is difficult for some people to live with. I have seen some of Tim's ideas for future possibilities in terms of things which could come to pass or could be achieved, but I realized that I have not seen anything from him to indicate any projects which he is actually working on to bring these about. You do communicate a lot of information & ideas and do much work of explaining & clarifying fuzzy areas, which is excellent & valuable, but it still waits for others to put together the actual parts & pieces of things, if they are to be brought into actual existence as functional systems which can be employed and which can affect future conditions. "For want of a horseshoe, the war was lost." I would like to read more on what you have to say about this, as you are the pre-eminent poster on the list who likes to digress into abstract discussion. Blanc From perry at imsi.com Sat Aug 6 13:56:16 1994 From: perry at imsi.com (Perry E. Metzger) Date: Sat, 6 Aug 94 13:56:16 PDT Subject: IPv6 Security (was Re: RemailerNet) In-Reply-To: <199408061739.NAA05213@bwh.harvard.edu> Message-ID: <9408062056.AA18737@snark.imsi.com> Adam Shostack says: > An aside: Does anyone care to share thoughts on IPng's security > features? I'm the person assigned to edit/write the drafts for IPSP, which is to be the successor to swIPe, and portions of which will be mandatory parts of conformant IPv6 security. (Now that the decision on which protocol is to be IPng, the politically correct name for IPng is "IPv6"). The basic technique of packet encapsulation for security, which is the basis for SP3, NLSP and swIPe, is being adopted, although the packet format is being radically simplified even from that of swIPe, consisting mainly of an SAID (what swIPe calls a "Policy Identifier). Authentication and opaque cryptographic encapsulation formats are to be slightly different for technical reasons. The IPSP definition is (nearly) nailed down. The hard part, key management, which is the layer that goes on top of IPSP, is still being intensively discussed. I expect there will be extensive battles there still to come, particularly on the naming of authenticated entities -- to tell you how shaky things are there, no real proposals are yet in draft RFC form. The one thing there is widespread agreement on is that the DNS should be used to store keys, although this will likely require extension of the maximum size currently permitted for RRs in the DNS (512 bytes as defined right now.) It is my hope that a unified IKMP (internet key management protocol) and IPSP will provide sufficient functionality that no other security mechanisms will be required for authenticating and securing remote connections on the internet, and any telnet, ftp, finger, or anything else that anyone does can be transparently made secure simply by setting administrative requirements on the authentication and encryption level needed by connections. Security of store-and-forward traffic, like electronic mail and routing information, will still require seperate mechanisms -- I hope the basic keys for those mechanisms will be stored in the same way with the same naming, for instance, and that most of the mechanisms will be shared. It is also my hope that all trust mechanisms will be based on web-of-trust rather than certification heirarchies, although that is another speculation. Perry From blancw at microsoft.com Sat Aug 6 14:01:47 1994 From: blancw at microsoft.com (Blanc Weber) Date: Sat, 6 Aug 94 14:01:47 PDT Subject: Voluntary Governments? Message-ID: <9408062103.AA19844@netmail2.microsoft.com> From: Hal What does it mean to speak of a government in cyberspace? It is the government in physical space I fear. Its agents carry physical guns which shoot real bullets. ................................................................ Good point. What does it mean to speak of governance (or 'govenment') at all? Questions I would seek to have the answers to, in making decisions about government per se: . Who or what is to be governed? . What is inimical/destructive and to be regulated/prevented, or what is sacred which is to be upheld? . How will anyone come to know the difference? What difference does it really make (to anyone in the real world)? . Who is to do all the work of preventing or upholding (how do they qualify for the job)? . What is to be done about non-conformists to the rules (without contradicting the rules?) . When did you realize that you were an absolute authority on the subject? Blanc From perry at imsi.com Sat Aug 6 14:07:59 1994 From: perry at imsi.com (Perry E. Metzger) Date: Sat, 6 Aug 94 14:07:59 PDT Subject: RemailerNet In-Reply-To: <4094@aiki.demon.co.uk> Message-ID: <9408062108.AA18761@snark.imsi.com> Jim Dixon says: > You can send from a very large network and forge your TCP/IP or > (more difficult) Ethernet source address. But I can sit on the same > network, build a table relating TCP/IP to ethernet (or whatever) > addresses, and filter out messages that should not be there. There > are commerical packages that do this sort of thing. Huh? If you are sitting on a network in England, which you appear to be, I defy you to record anything at all about the ethernet addresses of the machines that originated this message. I'll happily telnet to your machine any time you like, and give you all the opportunity you like to record the ethernet address of my packets. You might be on the same internet, but you very likely have no access to the original physical network, and you have no capacity to build any tables of any sort. Perry From nobody at c2.org Sat Aug 6 14:24:42 1994 From: nobody at c2.org (Anonymous User) Date: Sat, 6 Aug 94 14:24:42 PDT Subject: A Helpful Tip for Impatient Souls Message-ID: <199408062123.OAA03921@zero.c2.org> -----BEGIN PGP SIGNED MESSAGE----- Tommy the Tourist (Anon User) wrote: Welcome back, Tommy, we missed you! Hope you're enjoying your new (CSUA) "home"... (Time for everyone to update their "chain.ini" file, BTW.) > Those wishing perhaps the ultimate in Cypherpunks ease-of-use > and greatest peace of mind, may find it useful to simply delete > everything that does NOT come from one of the following email > addresses: > tcmay at netcom.com > frissell at panix.com > sandfort at crl.com But Tommy ... if we did that, we wouldn't be able to read *YOUR* posts, either. Perhaps anyone who had a fetish for "ease-of-use", or was troubled by even seeing "cryptographically INcorrect" ideas (the analog of "politically correct") would tire of Cypherpunks altogether and just read the party line from Sternlight and Co. (tm). The other problem is that if some brave, anonymous soul wanted to, let's say, "leak" the Clipper algorithm to the net, he'd have to forge e-mail from one of the "approved sources" above to gain an audience. However, despite your anonymity, Tommy, don't I see your tongue firmly implanted in your cheek? I sure hope so... I find the posts from the "approved three" individuals highly informative. OTOH, if *THEY* did as you suggested, traffic would be drastically reduced because it would only consist of those three talking amongst themselves. --- Diogenes -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkOdOeRsd2rRFQ1JAQHi4AP+LuJhvQPRiB0rZvDjuhfZwG+Q95N8WpTt 4lVNjLecXHKjFE6qn6tsed3/Fh/mwQUzRzx4kUihvRxqR3MAoBp1/SREXt+Rsd30 4zsxIs+BDkCCloX7rxVptZLJYG587oaIQOL0Wn/7MiDKChm/LoXrdbRwUeLL2gIU ZvvMDBBuYpI= =Vk7F -----END PGP SIGNATURE----- From rah at shipwright.com Sat Aug 6 15:30:08 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 6 Aug 94 15:30:08 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408062229.SAA24471@zork.tiac.net> At 1:38 PM 8/6/94 -0700, Blanc Weber wrote: >From: Timothy C. May >* what's really holding back the spread of digital cash? > > What is the status of the work on this? I would like to keep > up with its progress, if there are sources for the information. > (besides The Economist) e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$ I'll bite. I think that practically the only thing holding digital cash back at this point is pure and simple hucksterism. The whole concept of e$ (shorthand for e-money, with apologies to other currencies) should be promoted more. People who Really Work for a Living in Finance should be educated about the potential impact of strong crypto on money. There was a comment from Perry a while back which hit home with me. He said: >The problem is not a need for a killer app -- there are dozens. The >obstacle is regulatory problems, and finding a large and reputable >sponsoring organization (like a big bank). Now, that makes sense to me. It would go a long way towards legitimizing e$ and strong crypto if a largish bank put up a pilot project where they were exchanging, that is, making a secondary market in, real e$; maybe even DigiCash(tm). Ethier they or someone else could actually underwrite it, because you have to have both to make the market exist. Having heard what Eric has said about potential regulatory problems, I think that most of them are inadvertant obstacles, because they certainly weren't put there to obstruct e$, which didn't exist when they were written. I think if a reasonable (i.e. not illegal) business case were put to the regulators, they would (as usual) conform to whatever business interests want. I think that in order for the above to happen, some softening up of the targets has to occur. I understand that there are people on this list who are interested in selling seminars on strong crypto to the finance community. What about doing that in the context of a conference program to a larger audience? Get some famous heavies in the business world and in cyberspace to salt the conference flyer with. A certain EFFer comes to mind, among others who may be sympathetic to e$. Invite mostly businesspeople, preferably those in finance and finance operations, but also regulatory/political types. Teach them what e$ is and how it works. In return, e$vangelists can learn what questions their potential market actually need to have answered before e$ will be real. Maybe a deal or two happens, who knows? Repeat the process every year or two, but start the first one off as a "ground school" in the fundamentals. This thing doesn't have to be affiliated with the cypherpunks list any more than the original Computer Faire was affiliated with the Homebrew Computer Club. I wrote up an agenda when I was in the throes of the idea, and it's somewhere around here (I *know* it is...). Off the top of my head, I figured there'd be a schmooze reception the evening before, a brief primer on strong crypto and e$ in the morning, a schmooze luncheon (with speaker), a "where do we go from here" panel populated with business heavies in the afternoon, and a schmooze reception (with product demos, if any) in the evening to close. Notice it's very heavy on the schmooze. I challenge you to do huckster without lots of schmooze... This is not to be a volunteer effort. People who worked on this would get paid. The conference wouldn't happen if the attendance numbers weren't there. The participants will pay somewhat serious money to attend, and they will be interested in making money with the information obtained and contacts made at the conference. I'm pretty sure I want to do this one. I'd like to do it on this coast (Boston) because the money's over here, anyway, and there's still some technology over here that hasn't been made obsolete in the Bay Area. Besides, the east coast's halfway to Amsterdam, right? (yeah, I know, so's Anchorage...) So. Does anyone have any pointers? Cheers, Robert Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 6 15:51:37 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 6 Aug 94 15:51:37 PDT Subject: Mr. Bill wants you! Message-ID: <199408062250.SAA24656@zork.tiac.net> It seems that Microsoft is hiring a "Program manager for Electronic Commerce". I just saw it in misc.jobs.offered: >Program Manager for Electronic Commerce >You will lead the design and deployment of a new electronic commerce >service at Microsoft. Your experience in cryptography, banking, electronic >commerce, or communications will be put to use on this project. >Requirements include at least three years of software development and >project management experience and a Bachelor's degree in Computer Science >or a related field. Oh Boy. You cannot resist the Dark side of the Force, Luke... Lots of "or"s and not many "and"s in that requirements punchlist though... Usual apologies to MSerfs, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From merriman at metronet.com Sat Aug 6 16:03:35 1994 From: merriman at metronet.com (David K. Merriman) Date: Sat, 6 Aug 94 16:03:35 PDT Subject: Remailer listings/strategy Message-ID: <199408062307.AA13549@metronet.com> >Mailing lists are a poor forum for sending "I'm up" messages out, >for various reasons: > >1. Volume. 20 remailers x a message every 4 hours = 120 message a day >to the list. Not a good idea, for many reasons. Okay, every 8 hours. Now we're down to 60 messages - not too different than a lively C'punks day. :-) > >2. Scaling. Even with fewer than 20 remailers, the system breaks down. >Imagine if our goal of hundreds of remailers is met! So instead of one central remailer, we use some number of 'regional' listservers (4 remailers, each handling 5 'local' remailers). Then if one croaks, it's a minimal loss to the system. > >3. Not automated. Sending a text message out to everyone, and then >having interested folks write a script to parse the messages and >whatnot, is more work (probably) than having them finger or ping the >remailers themselves (don't have to go through mail as the >intermediary). And the remailer operators themselves would have to do >the donkeywork of creating and sending messages automatically, which >most of them probably won't do. "Cypherpunks write code" > >4. Mail to the list is hardly perfect itself, as we've seen many >times. Delays, downtime, etc. Why inject a new delay/variable? (2) above. > >5. Function. Basically, it's not the function of a mailing list like >ours to broadcast such messages. If many remailers do it, why not >money providers, other mailing lists, etc.? C'punks remailer was used as a f'rinstance (functionality example). So there's a different remailer mailing list, and a banks remailer mailing list, and money provider's mailing list, ad nauseum. Who cares? Those interested in remailers listen in on the remailers mailing list, and don't listen to the banks list, and versey-vicey. > >6. Not all remailer users are going to be on the Cyherpunks list, so >why would the list be the solution? (Better would be either >distribution of the pinging scripts, a centralized finger pinger (I >like the sound of that: "finger pinger") such as Matt Ghio was >running, or perhaps an "alt.anonymous.messages.status" group, acting >as a message pool. (5) above >These are just the objections that come inmmediately to mind. >--Tim May Finger merriman at metronet.com for PGP2.6ui/RIPEM public keys/fingerprints. From an114 at vox.hacktic.nl Sat Aug 6 16:03:39 1994 From: an114 at vox.hacktic.nl (an114 at vox.hacktic.nl) Date: Sat, 6 Aug 94 16:03:39 PDT Subject: Cyphers Out There? Message-ID: <199408062304.AA24735@xs4all.hacktic.nl> :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.6 hEwCTL2DNtw2i0EBAf4joQKrL2wlyfeRCIHGKaIlSnDhfNdSJ3+MPylu1fix0TIr E//Iw3Z9H2rdbVkJ4gyMQrE7kZzpquyys5ia4031pgAAAjb/CvnS8B2ZX0gpx+dh 8+7dS7i0vbwOePbd/6RIMaemyQhc98npIqQqWodr7z4a+hPp9PyBw5tVPa9N29CF 5b/X50eaeK9vuUVAp1qAB247LsqmQ+nWlFtVXlcy2M3AqZFG0KwvGCg1FLcrSIKj 4gEbp+qD42cetTBe3HFY45Xie1tcEVrTblpibIKZ41NgKcGdRJ8s+ivv/tKu+bDh pftPmiJjqIM1hpOtDqAQvlocP/j4RmxrZFCkdtmczAOKPhG0F6B4tmW/GKY7Kfdk 7vfhrMF6+8sAQSXLSp8xSCpjSGT/RsZKRNOLFK8E6QGCk5MToV5FBtCUd7sVSY7H t+GEsVT4KgLq1jdGGwrsegB99K4ttQ0rYxPn5xQUgUNt6ekOK3v2mfUHQbuY2rdf OTN+RHGRiFI8oplVYVUQGo0q/Ghl7P56TSxVZTHTrxRbFDc/xcnflQHsrVHS/9KC xxP3xuZTrCJaXrZEi8xZ2h/gyQB7xT7VdNvFm4KpFapkt9UP510+4YmyN06SSMq7 zSX4lmcihnf1FGt0A3Q5KOjUjzXz4V4xD9BYtC2Tg+Bp+QtVfJTVhSJ8u8tGs0cB LMSHkj5H2RocbhMhpnmm5Lqnwp+UgUWbH2cVNnx51DbAlOt1NrwetjXs75YZbtfw JBgLj2AOfAi5txky+4xZx/S2uSyrwe0OSFTsBXoSonSSRMjkBPjJ/H0d1XU715oN RSxlTlFIlS8GnUlaiq+eYhHp3sbZILS57A== =YwyP -----END PGP MESSAGE----- -------------------------------------------------------------------------- To find out more about the anon service, send mail to help at vox.hacktic.nl Please report any problems, inappropriate use etc. to admin at vox.hacktic.nl Direct replies to the sender of this message are -not- anonymised From anonymous at hacktic.nl Sat Aug 6 16:03:47 1994 From: anonymous at hacktic.nl (An0nYm0Us UsEr) Date: Sat, 6 Aug 94 16:03:47 PDT Subject: Re: Remailer ideas (Was: Re: Latency vs. Reordering) Message-ID: <199408062304.AA24750@xs4all.hacktic.nl> Jim Dixon writes: >Commercial remailers would probably be very concerned with legal >issues, both criminal (pornography, etc) and non-criminal (copyright >violations). Those commercial remailers probably will be located around the world, so pornography could be send by using an "offshore" [=non-american] remailer as last link in the chain. The jurisdiction where this remailer could be located, preferably shouldn't care about pornografy. [Holland, Scandinavia ?] >-- >Jim Dixon From hughes at ah.com Sat Aug 6 16:31:20 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 6 Aug 94 16:31:20 PDT Subject: Remailer ideas In-Reply-To: <199408060555.AAA06154@pentagon.io.com> Message-ID: <9408062302.AA17213@ah.com> Given a connectionless network absolute delivery is impossible (well, not completely, but just about...) Here is a theme I'm going to mention a few times today: the complexity class of probabilistic algorithms is the one that matters most for practical applications. Which is to say, that when you have a partially unreliable connectionless network, you can't, can not, can never _assure_ delivery. You can, however, set up the protocols so that the assurance in delivery is arbitrarily close to probability one, even though it can't ever actually reach it. Here's the fallacy which is common, that something which is probabilistically bounded but is not deterministically bounded is somehow flawed. Or, rather, you can trust expected values. Hal's random-send spool has an expected value of latency which is approximately the size of the spool but has no deterministic upper bound for that latency. Fine. Great. No problem. There should be zero hesitation here, because the expected value -- the probabilistic average -- is what you want. When you start off with probabilistic assumptions about the underlying reliability of the network, the best you can get is probabilistic answers. Even if the network components are deterministic, you still get probabilistic results. Adding probabilistic components also gives you probabilistic results. So what's the bid deal? The hesitation to accept a probabilistic measurement is still all-too-frequent. I will refrain from commenting on why I think that is, and merely admonish folks not to pull their punches and bewail a probabilistic result about device behavior. Eric From hughes at ah.com Sat Aug 6 16:48:42 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 6 Aug 94 16:48:42 PDT Subject: Improved remailer reordering In-Reply-To: <199408061531.IAA28014@jobe.shell.portal.com> Message-ID: <9408062320.AA17234@ah.com> About message mixing: A measure that is used for situations like this is entropy. Indeed. This is exactly the mathematical measure for what I've called "privacy diffusion" in a remailer network. It is, namely a measure of of the uncertainty to a watcher of what ingoing message corresponds to what outgoing message. As soon as you begin to write down some of the equations for this value, several things become distinct possibilities: -- duplicate messages may decrease security -- retries may reduce security -- interactive protocols may reduce security -- there is such a thing as a needlessly lengthy remailer path -- noise messages might not be worth the bother -- multiple different routes may reduce security One thing becomes blaringly obvious: -- it's reordering that's mathematically significant; that's what goes directly into the equations. To consider different batching strategies, consider a remailer where the messages come in one per hour, at 1:00, 2:00, 3:00, etc. Since the particulars of the time don't matter for this analysis, I'd suggest using the terminology "message interval", since the entropy calculation is time-scale invariant. Hal's suggestion for rollover schemes is a good one. I'll be working on the math for it. Eric From hughes at ah.com Sat Aug 6 16:59:46 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 6 Aug 94 16:59:46 PDT Subject: Remailer ideas In-Reply-To: <199408061724.NAA05169@bwh.harvard.edu> Message-ID: <9408062331.AA17257@ah.com> On M/N reordering schemes: A relatively simple way to avoid the unlucky message sitting in the queue problem would be to store a timestamped, ordered list of messages waiting to go. The key word in the above sentence is the word "unlucky". When I formalize the word unlucky, I get "expected value is arbitrarily close to zero". Therefore, I completely ignore this situation, because it just doesn't happen often enough to worry about. If you have a higher level protocol which corrects errors, then staying in a mix too long is just another cause of failure. It should be tallied up with the rest of the causes of failure and then, once its contribution to unreliability has been established, ignored. The probabilistic reasoning which says that "the message will get out with the following distribution of latencies" is perfectly fine, and as long as the systemic consequences of late messages have a fixed upper bound, the total effect of delayed messages does also. Estimate the damage, and if it's workable just don't worry about it. And when I claim that some folks just empathize too much with that poor little datagram who went on an incredible journey through lots of out-of-the-way place to finally come home, well, I'm exactly half joking. Eric From tk at ai.mit.edu Sat Aug 6 17:01:22 1994 From: tk at ai.mit.edu (Tom Knight) Date: Sat, 6 Aug 94 17:01:22 PDT Subject: Remailer message bundling Message-ID: <9408070001.AA27760@entropy> If each remailer encrypts outgoing traffic with its (immediate) recipient forwarder's public key, then several outgoing messages headed in the same direction can be bundled together, obfuscating further the message identities. No need to have 1 message in ==> 1 message out, with or without delay, reordering, or whatever. But maybe everyone already thought of this. From hughes at ah.com Sat Aug 6 17:34:17 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 6 Aug 94 17:34:17 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) In-Reply-To: <4087@aiki.demon.co.uk> Message-ID: <9408070005.AA17290@ah.com> In a system that is carrying continuous traffic, random packet delay is functionally identical to packet reordering. OK. Prove it. Here are some difficulties I expect you'll find along the way. First, "continuous traffic" is the wrong assumption; some sort of multiple Poisson distribution for arrival times is. This is by no means a hypothetical. The backoff algorithms for TCP had to be developed because packet streams are not continuous, but bursty. There is such a thing as too many packets arriving at a router simultaneously. Routers don't swap packets to disk when they run out of RAM; they drop them. So given any relation between arrival interval, processing time, and machine capacity, there some _percentage_ of the time that the router is going to overflow exactly because the traffic is not continuous. Second, the beginnings and endings of operation are special. The idea of "stochastic deconvolution" hits me immediately, throwing out completely any reasoning based only on steady state assumptions. Third, these two effects interfere with each other, as there are bursts of silence in Poisson arrival times which will tend to reset the deconvolution. Fourth, the problem is incompletely specified, since the distribution of random added latencies is not made specific. If I assume a flat distribution over a given number of message intervals, that's not the same as assuming a geometrically decreasing distribution, or some other distribution. I'd guess there are more. If messages are fragmented, random delays on sending packets out is functionally identical to reordering. This is false; a system that concentrates on reordering has provably better average latency that one based only on adding latencies. Consider the following. If I send out a message sometime between two messages, I've acheived no more reordering (the significant thing, remember) than if I sent out that same message immediately after the arrival of the first of the two bracketing messages. So I can take _any_ latency-adding system and reduce its average latency with minimal effect on reordering by the following modification. When a message comes it, each message in the queue is tagged to go out at some time relative to present. For each of these messages, I can calculate the probability that no other incoming message will arrive before a particular outgoing time. Pick some probability bound close to 1, and send out all messages with probability greater than the cutoff _now_, before waiting for their time to be up. The decrease in reordering can be normalized to zero by lengthening the time scale of the added latencies. You'll then find that the modified system shows lower latency. And that's only the first inequivalency. Latency-adding systems are less efficient at memory usage than reordering systems. Reordering systems can get pretty close to 100% use, since the queue can be kept full, as in Hal's threshold sending scheme. The random delays can't have full usage, because there's an maximum to memory; it can't be borrowed like money when you temporarily need more of it. The analysis has similarities to gambler's ruin. Anyone else care to point out more inequivalencies? More importantly, RemailerNet as described defeats traffic analysis by more significant techniques than reordering. Reordering is a weak technique. WHAT?? Anyone else listening to this: I believe the above quoted two sentences to be distilled snake oil. The introduction of noise, 'MIRV'ing of messages, fragmentation of messages, random choice of packet routes, and encyphering of all traffic are stronger techniques. Encyphering is necessary. Reordering of quanta is necessary. "MIRV" messages may actually decrease security; multiple routes may decrease security; fragmentation may decrease security. Noise messages may not be resource effective. All the above claims require some justification, and I have seen nothing robust yet. Eric From hughes at ah.com Sat Aug 6 18:01:04 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 6 Aug 94 18:01:04 PDT Subject: In-Reply-To: <199408062304.AA24750@xs4all.hacktic.nl> Message-ID: <9408070032.AA17321@ah.com> Those commercial remailers probably will be located around the world, so pornography could be send by using an "offshore" [=non-american] remailer as last link in the chain. One assumption here is that someone in one country can easily pay someone in another country, and an automatic currency conversion can take place. The prerequisites to happen generally for that are the electronification of retail money in both jurisdictions and a retail-level currency exchange system. None of this really exists yet, although the first beginnings are here. Also, for anonymous payment for such overseas services, anonymous transfer in at least one of the two currencies is necessary. I point all this out to show that we're a long way from here to there. The jurisdiction where this remailer could be located, preferably shouldn't care about pornografy. [Holland, Scandinavia ?] Yes, that's the right attitude. The mantra is "regulatory arbitrage", or, always find a place to do something where it's already legal. And it's not just the USA. Expect Britain's libel system to be stretched by anonymous overseas speech. Eric From hughes at ah.com Sat Aug 6 18:10:13 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 6 Aug 94 18:10:13 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <199408062229.SAA24471@zork.tiac.net> Message-ID: <9408070041.AA17335@ah.com> I'll bite. I think that practically the only thing holding digital cash back at this point is pure and simple hucksterism. It certainly needs that, but I don't think it's sufficient. Having heard what Eric has said about potential regulatory problems, I think that most of them are inadvertant obstacles, because they certainly weren't put there to obstruct e$, which didn't exist when they were written. The obstacles are certainly not for electronic money, which the Fed's been using for some time now, but rather for electronic cash, which includes anonymity. The USA provides a fair amount of financial privacy to everyone but the government, particularly law enforcement. So the _business_ case for privacy is largely felt to be already satisfied by the regulators. I think if a reasonable (i.e. not illegal) business case were put to the regulators, they would (as usual) conform to whatever business interests want. The Treasury department, among others, really _doesn't_ want non-recorded transactions. Unless the banking community as a united front _does_, I don't think it will happen domestically (USA) before other deployments. If there's not a united front, it'll be divide and conquer. Eric From karn at unix.ka9q.ampr.org Sat Aug 6 18:29:29 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Sat, 6 Aug 94 18:29:29 PDT Subject: Dallas Morning News article Message-ID: <199408070130.SAA01067@unix.ka9q.ampr.org> Dallas Morning News, July 23, 1994, Page 5F Cryptography tests rights of electronic word Tom Steinert-Threlkeld Cybertalk The electronic word appears to have fewer rights than the printed word. At least that could be the conclusion drawn from an unusual case emerging from the Bureau of Politico-Military Affairs in the U.S. State Department's Office of Defense Trade Controls. There, a book about encryption techniques has won an export license, but a computer disk containing the same information has not. The book in question is titled "Applied Cryptography", an attempt by data security consultant Bruce Schneier to translate 20 years of academic research in scrambling computer traffic "into terms understandable by mere mortals." In so doing, Mr. Schneier hopes to do "more to further the spread of cryptography around the globe than any single (encryption) product could." So far, his publishers, John Wiley & Sons, believe the 600-page tome has been doing almost that. Since its release in November, almost 15,000 copies of the book have been sold. Of that, between 1,500 and 2,000 have been to programmers and other interested parties abroad. Those foreign sales are possible because the book did not have to get an export license. Such controls are used by the State Department to guard against the spread of cryptographic methods that could be too difficult to break, posing a threat to national security. The book contains what Mr. Schneier estimates is about 100 pages of algorithms, hash functions and other lines of computer code that can be used to encrypt messages. But the Office of Defense Trade Controls in March rendered the opinion that the book "is not subject to the licensing jurisdiction of the Department of State since the item is in the public domain." No so with two disks containing the same "source" code. In a May 11 letter, office director William B. Robinson designated the disks as an article "under category XIII(b)(1) of the United States Munitions List." As such, the author would require an export license for the disks. The code itself was not a finished product. It would have to be "compiled" into an executable program before it actually could be used to disguise any data on a computer network. The code was also exactly the same as appeared in the book, or at least as nearly as possible, given the transfer to a magnetic disk. But that appeared to be enough of a difference for the State Department. Mr. Robinson stated, "The text files on the subject disk are not an exact representation of what is found in 'Applied Cryptography'. Each source code listing...has the capability of being easily compiled into an executable subroutine." A State Department official Friday translated the distinction this way: "The difference with the code in the book is you have to type it all in and correct all the errors" before it is usable by a computer programmer. The "value added" by putting the code on the disk is that it is already typed in. "That was the determination we made", the official said. Practically speaking, the distinction escapes the author, Mr. Schneier. Once one overseas programmer types in the code and corrects the errors, hundreds of copies can be easily made and shipped to any country. For the programmer who is too lazy to type, the book's pages even can be scanned in. "What do we think? Foreigners can't type? Or is the worldwide scanning industry influencing this decision?" he asks. Others see larger, constitutional questions. "They're trying to say electronic words have less protection than written words," said David Banisar, policy analyst with the Electronic Privacy Information Center in Washington, D.C. "That's not a proposition that I think any court will support." As more and more words -- from book, magazine and newspaper publishers, for instance -- become electronic, the issue could become critical. "When all words are electronic, they won't be able to be protected under the First Amendment" if this difference between words on a paper medium and words on a digital medium gains footing, he said. Phil Karn, an engineer and ally of Mr. Schneier, however, is appealing the stand on the disks. The State Department's view also is not the final law of the land. "It seems like kind of a foolish distinction and one which in any case is ultimately doomed to failure," said Internet Society executive director Anthony Rutkowski. The different rulings on the book and the disk are "utterly stupid, but that's the way bureaucracies work." Mr. Robinson and the trade control office's deputy director, Rose Brancaniello, declined to comment. Another officer, Tom Denner, said comment was prohibited by confidentiality provisions contained in section 38(e) of the Arms Export Control Act. ------ CyberTalk appears every other Saturday, discussing people, places and problems populating the world of computer communications known as cyberspace. Tom Steinert-Threlkeld can be reached at the Internet address, tomhyphen at onramp.net; at America Online, tomhyphen; or at Prodigy, trfj19a. From hfinney at shell.portal.com Sat Aug 6 18:38:26 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 6 Aug 94 18:38:26 PDT Subject: (none) In-Reply-To: <9408061855.AA19178@netmail2.microsoft.com> Message-ID: <199408070138.SAA08024@jobe.shell.portal.com> Blanc Weber writes: >I really meant to ask 'where cypherpunks'. It had been a whole day & >more without the hordes messages and my day seemed empty, without code >or purpose, lacking controversy & jibber jabber. List members who are internet connected might try doing "telnet toad.com" and see if they get a login prompt. The recent list outages have correlated with a lack of response from toad, so I presume the machine was either down or off the net. Hal From perry at imsi.com Sat Aug 6 19:01:10 1994 From: perry at imsi.com (Perry E. Metzger) Date: Sat, 6 Aug 94 19:01:10 PDT Subject: (none) In-Reply-To: <199408070138.SAA08024@jobe.shell.portal.com> Message-ID: <9408070201.AA19095@snark.imsi.com> Hal says: > List members who are internet connected might try doing "telnet toad.com" > and see if they get a login prompt. The recent list outages have correlated > with a lack of response from toad, so I presume the machine was either down > or off the net. ping is considered far more sociable in general than trying to telnet... Perry From hfinney at shell.portal.com Sat Aug 6 19:09:27 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 6 Aug 94 19:09:27 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <199408062229.SAA24471@zork.tiac.net> Message-ID: <199408070209.TAA08709@jobe.shell.portal.com> There are two legal problems that I could see being used against digital cash. The first is the civil war era prohibition on banks issuing private bank notes. This was done in an attempt to force people to switch over to U.S. government notes, and was successful. (Actually, it is not a pro- hibition per se, but rather a prohibitive tax on the use of such notes.) I don't have a reference to where this actually appears in the code, but I have read about it in many histories of currency in the U.S. It seems to me that digital cash issued by a bank is functionally very similar to a paper bank note issued by that same bank, suggesting that this law would apply. The second problem is the regulation of "scrip" and barter systems. This was pointed out on the list last year by someone who had actually been involved in a private barter or scrip system which was shut down by the government, at great cost to all concerned. These regulations can be found at 26 CFR 1.6045-1. From subsection (f)(5)(ii), "Scrip is a token issued by the barter exchange that is transferable from one member or client, of the barter exchange to another member or client, or to the barter exchange, in payment for property or services". I think this one will eventually get the "NetBank" people in trouble. (You call a 900 number and in exchange for a charge on your phone bill they give you a digital token you can exchange for property or services by participating merchants.) Barter exchanges are required to get the names and SS numbers of all participants and report their transactions to the IRS. This would be inconsistent with the privacy we seek from ecash. There are probably other regulations but I would think these two would have to be addressed initially, at least by anyone thinking of setting up these services within the United States. Hal From hfinney at shell.portal.com Sat Aug 6 19:15:45 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 6 Aug 94 19:15:45 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) In-Reply-To: <9408070005.AA17290@ah.com> Message-ID: <199408070216.TAA09025@jobe.shell.portal.com> I had an interesting thought. Remailer networks are hard to analyze, with messages whizzing this way and that. But Tim pointed out that if you have N messages coming in to the network as a whole and N going out, all that zigging and zagging really can't do much better than N-fold confusion. This suggests, that IF YOU COULD TRUST IT, a single remailer would be just as good as a whole net. Imagine that God offers to run a remailer. It batches messages up and every few hours it shuffles all the outstanding messages and sends them out. It seems to me that this remailer provides all the security that a whole network of remailers would. If this idea seems valid, it suggests that the real worth of a network of remailers is to try to assure that there are at least some honest ones in your path. It's not to add security in terms of message mixing; a single remailer seems to really provide all that you need. Hal From rah at shipwright.com Sat Aug 6 19:29:40 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 6 Aug 94 19:29:40 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408070228.WAA26202@zork.tiac.net> At 5:41 PM 8/6/94 -0700, Eric Hughes wrote: >The obstacles are certainly not for electronic money, which the Fed's >been using for some time now, but rather for electronic cash, which >includes anonymity. We've chased each other around a tree like this one before... Let's see what the differences are this time. I've been doing some thinking about this... Anonymity can come out of retail settlement of e$, if the transactions aren't tracked. We've talked here before about how you think that the tracking of those transactions at the retail level is pretty trivial, so the cost to the user of traceable e$ may be meaningless. I'm not so sure that that's the case, and I think (I hope!) I remember Perry agreeing with me on that point. But if we fiat the argument just to see where it takes us, we come to the sheer volume of transaction records themselves. Is it possible to accurately estimate the cash transaction load of an economy? I bet that if we could, you'd see that the data from each transaction would cause the problem news servers have by several orders of magnitude. The information would get dumped pretty frequently. This is probably the same problem the NSA has now picking out signals to listen in on, but running down an audit trail is different, it's a historical process. Since you don't know whose transactions you need, you need to keep them all. True, this doesn't keep TLAs from trying trying to drink from a firehose, or more to the point, to free-dive to the bottom of the Marianas Trench (if they could keep all of the data), or high-dive into a wading pool (if they couldn't). Hmmm... >The USA provides a fair amount of financial >privacy to everyone but the government, particularly law enforcement. >So the _business_ case for privacy is largely felt to be already >satisfied by the regulators. When *every* business transaction can be scrutinized (as much as physically possible, per above) at any time, for any reason the government deems necessary, it makes a sizable business case *for* traceable electronic cash. This is probably the place to put the lever on the business community. >The Treasury department, among others, really _doesn't_ want >non-recorded transactions. Unless the banking community as a united >front _does_, I don't think it will happen domestically (USA) before >other deployments. If there's not a united front, it'll be divide and >conquer. Non-recorded transactions exist already. It's keeping them from dissapearing that we're really talking about here. It's quite possible to get banks to present a united front. They have one of the largest lobbies in Washington. They have fought reporting requirements tooth and nail with some considerable success, but every time they get greedy (S&Ls) the noose tightens. It might be the threat of international deployment and regulatory arbitrage which brings them around, and fires up the lobbying apparatus on our side of the issue. It has worked before (gold, et.al.). On the other hand if those reporting requirements are frictionless, they don't *need* to fight it, do they... It's time to leave the ring. Somebody tag me. My brain hurts... Now to plug the topic of the thread a bit, how receptive would people in the crypto community be to participating in an annual dog&pony/schmoozefest for the suits? Who should chair the morning "primer" session? *E-mail* me with your ideas, everyone. Thanks, Robert Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 6 19:52:10 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 6 Aug 94 19:52:10 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408070251.WAA26419@zork.tiac.net> At 7:09 PM 8/6/94 -0700, Hal wrote: >There are two legal problems that I could see being used against digital >cash. The first is the civil war era prohibition on banks issuing private >bank notes. Where you stand on this one depends on where you sit. ;-). It seems to me that one could just as easily treat digicash as securities denominated in dollars, just like shares in a money market mutual fund, or more to the point, the actual money market instruments, repos, for instance. It's going to take a sophistical titan to get this through the courts, but if there's a market for digicash, hey, it can happen. It won't happen if this titan's employers never hear about it, though. >The second problem is the regulation of "scrip" and barter systems. This >was pointed out on the list last year by someone who had actually been >involved in a private barter or scrip system which was shut down by the >government, at great cost to all concerned. These regulations can be >found at 26 CFR 1.6045-1. From subsection (f)(5)(ii), "Scrip is a token >issued by the barter exchange that is transferable from one member or >client, of the barter exchange to another member or client, or to the >barter exchange, in payment for property or services". I think this one >will eventually get the "NetBank" people in trouble. (You call a 900 >number and in exchange for a charge on your phone bill they give you a >digital token you can exchange for property or services by participating >merchants.) Barter exchanges are required to get the names and SS numbers >of all participants and report their transactions to the IRS. This would >be inconsistent with the privacy we seek from ecash. Indeed. This is probably where we have a problem. The only thing I can think of here is that the technology of the internet and it's limitless opportunity for regulatory arbitrage. When you make the possession of a medium of exchange illegal you get the same problems that all closed economies have. With the internet, enforcement is half next to useless (an expression I picked up in Albuquerque a while back...). Like I said to Eric in the last post, it may be the threat of regulatory arbitrage that wins the day here, like it has in the past. To plug the thread a bit here, who should chair the afternoon business-heavy session? *Email* me your suggestions, please... Cheers, Robert Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From an114 at vox.hacktic.nl Sat Aug 6 22:21:41 1994 From: an114 at vox.hacktic.nl (an114 at vox.hacktic.nl) Date: Sat, 6 Aug 94 22:21:41 PDT Subject: Cyphers Out There? Message-ID: <199408070522.AA07732@xs4all.hacktic.nl> :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.6 hEwCTL2DNtw2i0EBAf4joQKrL2wlyfeRCIHGKaIlSnDhfNdSJ3+MPylu1fix0TIr E//Iw3Z9H2rdbVkJ4gyMQrE7kZzpquyys5ia4031pgAAAjb/CvnS8B2ZX0gpx+dh 8+7dS7i0vbwOePbd/6RIMaemyQhc98npIqQqWodr7z4a+hPp9PyBw5tVPa9N29CF 5b/X50eaeK9vuUVAp1qAB247LsqmQ+nWlFtVXlcy2M3AqZFG0KwvGCg1FLcrSIKj 4gEbp+qD42cetTBe3HFY45Xie1tcEVrTblpibIKZ41NgKcGdRJ8s+ivv/tKu+bDh pftPmiJjqIM1hpOtDqAQvlocP/j4RmxrZFCkdtmczAOKPhG0F6B4tmW/GKY7Kfdk 7vfhrMF6+8sAQSXLSp8xSCpjSGT/RsZKRNOLFK8E6QGCk5MToV5FBtCUd7sVSY7H t+GEsVT4KgLq1jdGGwrsegB99K4ttQ0rYxPn5xQUgUNt6ekOK3v2mfUHQbuY2rdf OTN+RHGRiFI8oplVYVUQGo0q/Ghl7P56TSxVZTHTrxRbFDc/xcnflQHsrVHS/9KC xxP3xuZTrCJaXrZEi8xZ2h/gyQB7xT7VdNvFm4KpFapkt9UP510+4YmyN06SSMq7 zSX4lmcihnf1FGt0A3Q5KOjUjzXz4V4xD9BYtC2Tg+Bp+QtVfJTVhSJ8u8tGs0cB LMSHkj5H2RocbhMhpnmm5Lqnwp+UgUWbH2cVNnx51DbAlOt1NrwetjXs75YZbtfw JBgLj2AOfAi5txky+4xZx/S2uSyrwe0OSFTsBXoSonSSRMjkBPjJ/H0d1XU715oN RSxlTlFIlS8GnUlaiq+eYhHp3sbZILS57A== =YwyP -----END PGP MESSAGE----- -------------------------------------------------------------------------- To find out more about the anon service, send mail to help at vox.hacktic.nl Please report any problems, inappropriate use etc. to admin at vox.hacktic.nl Direct replies to the sender of this message are -not- anonymised From jgostin at eternal.pha.pa.us Sun Aug 7 01:49:39 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Sun, 7 Aug 94 01:49:39 PDT Subject: (none) Message-ID: <940807032036K5cjgostin@eternal.pha.pa.us> Blanc Weber writes: > I really meant to ask 'where cypherpunks'. It had been a whole day & > more without the hordes messages and my day seemed empty, without code > or purpose, lacking controversy & jibber jabber. Actually, my response was more of a joke... More than a few people commented on the fact that WHO CYPHERPUNKS is the 'domo command to get a list of subscribers. Your name looked familiar from the list, so I decided to gamble a joke. Guess the joke's on me, eh? :-) --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From jdd at aiki.demon.co.uk Sun Aug 7 04:39:26 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sun, 7 Aug 94 04:39:26 PDT Subject: RemailerNet Message-ID: <4190@aiki.demon.co.uk> In message <9408062108.AA18761 at snark.imsi.com> perry at imsi.com writes: > > Jim Dixon says: > > You can send from a very large network and forge your TCP/IP or > > (more difficult) Ethernet source address. But I can sit on the same > > network, build a table relating TCP/IP to ethernet (or whatever) > > addresses, and filter out messages that should not be there. There > > are commerical packages that do this sort of thing. > > Huh? > > If you are sitting on a network in England, which you appear to be, I > defy you to record anything at all about the ethernet addresses of the > machines that originated this message. [etc] Forgive my casual use of the English language. "A may send from a very large network and forge his or her TCP/IP or Ethernet source address. But if B is on the same network, he or she can build a table ..." The size of the source network is related to the difficulty of determining which machine is forging addresses. If you are ... sorry, one is on a large network, forgery without detection is much easier. Assuming idiocy on the part of correspondents may make for easy and fast responses, but it injects an undue amount of noise. -- Jim Dixon From jdd at aiki.demon.co.uk Sun Aug 7 04:39:44 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sun, 7 Aug 94 04:39:44 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) Message-ID: <4192@aiki.demon.co.uk> In message <9408070005.AA17290 at ah.com> Eric Hughes writes: > In a system that is carrying continuous traffic, random packet delay > is functionally identical to packet reordering. > > OK. Prove it. Here are some difficulties I expect you'll find along > the way. > > First, "continuous traffic" is the wrong assumption; some sort of > multiple Poisson distribution for arrival times is. Sigh. I say "A implies B". You say, "not A, and so proposition is incorrect". In elementary logic, you are wrong. IF the traffic is continuous, THEN random delays introduce reordering. The proposition is completely obvious. Do I really have to spell out a trivial proof? > This is by no > means a hypothetical. The backoff algorithms for TCP had to be > developed because packet streams are not continuous, but bursty. Under this modified assumption, you must remember that I proposed that noise packets be introduced to defeat traffic analysis. The bursts will be smoothed out. Not perfectly. Many of the characteristics of TCP/IP derive from its design being optimized for speed. RemailerNet would give less importance to speed, and more importance to opaqueness to traffic analysis. [snip] > Fourth, the problem is incompletely specified, since the distribution > of random added latencies is not made specific. Correct. You assume details that have not been specified, and then critique them at length. > If messages are fragmented, random delays on sending packets out is > functionally identical to reordering. > > This is false; a system that concentrates on reordering has provably > better average latency that one based only on adding latencies. If a message is fragmented into N packets, and then the dispatch time slot for each packet is assigned randomly, the packets are reordered. [Comments deleted ignore the fact that messages are fragmented, and so are irrelevant.] His arguments also ignore the fact that reordering messages of different lengths is useless as a defense against traffic analysis, suggesting that this is polemic rather than a serious argument. > More importantly, RemailerNet as described defeats traffic analysis by > more significant techniques than reordering. Reordering is a weak > technique. > > WHAT?? > > Anyone else listening to this: I believe the above quoted two > sentences to be distilled snake oil. I say again: reordering is not weak, it is irrelevant if messages are of signficantly different lengths and are not fragmented. > The introduction of noise, 'MIRV'ing of messages, > fragmentation of messages, random choice of packet routes, and > encyphering of all traffic are stronger techniques. > > Encyphering is necessary. Reordering of quanta is necessary. > > "MIRV" messages may actually decrease security; multiple routes may > decrease security; fragmentation may decrease security. Noise > messages may not be resource effective. > All the above claims require > some justification, and I have seen nothing robust yet. If by "the above claims" you mean the preceding two sentences, I do agree. -- +-----------------------------------+--------------------------------------+ | Jim Dixon | Compuserve: 100114,1027 | |AIKI Parallel Systems Ltd + parallel processing hardware & software design| | voice +44 272 291 316 | fax +44 272 272 015 | +-----------------------------------+--------------------------------------+ From jdd at aiki.demon.co.uk Sun Aug 7 04:40:08 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sun, 7 Aug 94 04:40:08 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) Message-ID: <4194@aiki.demon.co.uk> In message <199408070216.TAA09025 at jobe.shell.portal.com> Hal writes: > This suggests, that IF YOU COULD TRUST IT, a single remailer would be just > as good as a whole net. Imagine that God offers to run a remailer. It > batches messages up and every few hours it shuffles all the outstanding > messages and sends them out. It seems to me that this remailer provides > all the security that a whole network of remailers would. > > If this idea seems valid, it suggests that the real worth of a network of > remailers is to try to assure that there are at least some honest ones > in your path. It's not to add security in terms of message mixing; a > single remailer seems to really provide all that you need. Yes, in an ideal world. Each additional remailer introduces another chance of being compromised. But in an ideal remailer network operated by real human beings, you cannot trust the operator. You would prefer that at least the points of entry and exit from the network be different, because this decreases the probability of the message being 'outed' by a very large factor. If you are seriously concerned about legal factors, you would prefer that the remailer gateways be in different legal jurisdictions. However, if you trust the operator and if this trust is guaranteed to be continued forever, the ideal number of remailers is one. -- Jim Dixon From perry at imsi.com Sun Aug 7 05:19:35 1994 From: perry at imsi.com (Perry E. Metzger) Date: Sun, 7 Aug 94 05:19:35 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <199408070228.WAA26202@zork.tiac.net> Message-ID: <9408071220.AA19695@snark.imsi.com> Robert Hettinga says: > Is it possible to accurately estimate the cash transaction load of an > economy? I bet that if we could, you'd see that the data from each > transaction would cause the problem news servers have by several orders of > magnitude. The information would get dumped pretty frequently. This is > probably the same problem the NSA has now picking out signals to listen in > on, but running down an audit trail is different, it's a historical > process. Since you don't know whose transactions you need, you need to > keep them all. True, this doesn't keep TLAs from trying trying to drink > from a firehose, or more to the point, to free-dive to the bottom of the > Marianas Trench (if they could keep all of the data), or high-dive into a > wading pool (if they couldn't). Hmmm... It is perfectly feasable to track all financial transactions in the U.S., down to the "quarter for a phone call" level, without eliminating all capacity to use the data or placing more than, say, another several percent burden on the cost of all transactions. I know how to architect such a system, and I'm sure that I'm not the only one. It would be a big job, but not an impossible one, especially not with modern computer systems. A several percent burden on the economy would be devistating, but from the point of view of the bureaucrats it probably isn't such a bad thing. I feel that it is inevitable that the folks in Washington will eventually come to the conclusion that such systems are needed -- the boys at FINCEN will start bawling for them, and the drug warriors will want them, and the rest of us are all just a bunch of folks who are upset that we couldn't go to woodstock because we had to do our trig homework... Perry From perry at imsi.com Sun Aug 7 05:24:22 1994 From: perry at imsi.com (Perry E. Metzger) Date: Sun, 7 Aug 94 05:24:22 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <199408070251.WAA26419@zork.tiac.net> Message-ID: <9408071224.AA19705@snark.imsi.com> Robert Hettinga says: > At 7:09 PM 8/6/94 -0700, Hal wrote: > >There are two legal problems that I could see being used against digital > >cash. The first is the civil war era prohibition on banks issuing private > >bank notes. > > Where you stand on this one depends on where you sit. ;-). It seems to me > that one could just as easily treat digicash as securities denominated in > dollars, just like shares in a money market mutual fund, or more to the > point, the actual money market instruments, repos, for instance. It's going Robert, you don't understand. The U.S. is not governed by laws any more. In the financial community, every action you perform is illegal. The only way that you stay out of jail is by being nice to the bureaucrats. They allow money market funds, even though they technically violate a dozen laws, because they feel like it. They could prohibit them if they felt like it, too. The bureaucrats aren't going to want digicash, so they are going to find plenty of excuses to prohibit it. You can't do legal hacks in an environment like this. It doesn't work. If the bureaucrats don't like you, they shut you down, and there is not a damn thing you can do about it, period. True, you can leave the country and do your business there -- I know several hedge funds that already refuse to take any customers from the U.S. because they don't want the headaches, and there are other similar things happening in lots of other parts of the financial industry. However, don't think you can finesse the folks at the Fed, the IRS, the Treasury, and the SEC -- they are monsters, and they won't be stopped by the courts. Perry From mimir at io.com Sun Aug 7 05:34:25 1994 From: mimir at io.com (Al Billings) Date: Sun, 7 Aug 94 05:34:25 PDT Subject: Latest mention in Wired Message-ID: I noticed in the Sat Pirate article in the latest Wired (which I finally read this evening), there is a mention of the Cypherpunks in connection to PGP and opposition to the creation of a Police State. Page 128, I think. -- Al Billings mimir at io.com http://io.com/user/mimir/asatru.html Nerd-Alberich Admin for Troth - The Asatru E-mail List Lord of the Nerd-Alfar Sysop of The Sacred Grove - (206)322-5450 Poetic-Terrorist Lodge-Master, Friends of Loki Society From rah at shipwright.com Sun Aug 7 08:07:15 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 7 Aug 94 08:07:15 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408071506.LAA29437@zork.tiac.net> At 8:20 AM 8/7/94 -0400, Perry E. Metzger wrote: >It is perfectly feasable to track all financial transactions in the >U.S., down to the "quarter for a phone call" level, without >eliminating all capacity to use the data or placing more than, say, >another several percent burden on the cost of all transactions. I know >how to architect such a system, and I'm sure that I'm not the only >one. It would be a big job, but not an impossible one, especially not >with modern computer systems. A several percent burden on the economy >would be devistating, but from the point of view of the bureaucrats it >probably isn't such a bad thing. Ahh. Perry to the rescue. This is even better than being technologically impossible. Economic impossibility is *just* as physical (I cite the failure of command economies like the USSR and Cuba as my evidence) as is technology, and since we're looking for a business case here, your reply comes in at the nick of time. One more point for regulatory arbitrage. That "several percent" deducted from the gross domestic product of a nation could tip the balance of it's international competitiveness, and could forgo that country's requirement for trapdoor ecash. The threat of that could be enough to shoot down the idea on this side of the American border. Parkinson's law holds that organizations like bureaucracies tend to expand to use all their available resourcess. But it's a law of biology that a parasite doesn't kill its host. Does your Forbin project above include the ability to store and retrieve *all* transactions down to a quarter phonecall permanently? ObThreadPlug: Here's my panel categories for the afternoon "where do we go" session: Chair: Famous Software/Biz Heavy or TechnoVisionary 1. Internet access provider, 2. Underwriter, 3. Financial Operations Person, 4. Regulator or Lawyer, 5. Politician. Any other ideas?? Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sun Aug 7 08:07:53 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 7 Aug 94 08:07:53 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408071507.LAA29453@zork.tiac.net> At 8:24 AM 8/7/94 -0400, Perry E. Metzger wrote: >Robert, you don't understand. The U.S. is not governed by laws any >more. In the financial community, every action you perform is illegal. >The only way that you stay out of jail is by being nice to the >bureaucrats. This reminds me of my criminology class in college. The prof's main point was that there is no crime, particularly organized crime. It is all just illegal business. There was some research done in Seattle in the early 60's. The researchers discovered that practically every business could be found to be breaking a serious law in Seattle's byzantine city code. Vending machines were illegal, for instance. This allowed cops to shake down anyone they pleased. It also allowed a sizable criminal class to exist, because those people just paid the cops and went about their business. There was reason to believe that all this was done on purpose to enhance the income of various politicians at the top of the payoff tree. Of course, vending machines were everywhere, particularly in cash-based businesses like resturaunts and bars. This could be extended to people in the main business district as well. Their "fees" may not be so much outright bribes, but campaign contributions, "donations" to a politician's favorite charity or civic event, investments in a politician's business activities, and of course, taxes. >They allow money market funds, even though they >technically violate a dozen laws, because they feel like it. They >could prohibit them if they felt like it, too. The bureaucrats aren't >going to want digicash, so they are going to find plenty of excuses to >prohibit it. You can't do legal hacks in an environment like this. It >doesn't work. If the bureaucrats don't like you, they shut you down, >and there is not a damn thing you can do about it, period. Democracy is in fact mob rule, with various Robbespierres guillotining people to keep the crowd happy. Michael Milken was one of those people who got it in the neck, not so much because what he did was wrong (it was) in the eyes of the people who pulled him down, but because he was too good at what he did and thought he could ignore the crowd. Hubris. So, we have to include Mme LaFarge in our thinking. I believe that legal hacks are necessary, but not sufficient. The economic necessity of ecash, the business case, has to be demonstrated. We can't really know whether it will work unless it's tried. We can't really do that until the "civic authorities" let us put up the vending machines. To do that, we need to be able to incent their cooperation. The possibility of profit furthers that discussion enormously. If regulatory agencies can be convinced to allow non-bank banking ala Fidelity, and a multi-billion dollar industry can result, than it might be possible to allow a non-treasury currency (with proper controls of money supply, to keep Uncle Miltie happy) on the promise of another multi-billion dollar industry. In the above quote you're assuming that they aren't going to want ecash, that they won't find plenty of excuses to allow it. The point is, we have to make the bureaucrats *like* us. The best way to get that to happen is to talk about the business e$ could create. It is a proven fact that sizable proportions of regulatory officials leave their agencies for jobs in the markets they regulate. If there's to be a market on the other side of that revolving door, they have to help us out a little. It was ever thus. Columbus did it. Brahe did it. Oppenheimer did it. Friedman did it with the Chicago Mercantile Exchange. Hell, even Lysenko did it and made it stick for 50 years even when the science was bogus. Fortunately, we don't have our dear comrade, the "Man of Steel", to back us up. > >True, you can leave the country and do your business there -- I know >several hedge funds that already refuse to take any customers from the >U.S. because they don't want the headaches, and there are other >similar things happening in lots of other parts of the financial >industry. However, don't think you can finesse the folks at the Fed, >the IRS, the Treasury, and the SEC -- they are monsters, and they >won't be stopped by the courts. Ever since I've been old enough to understand English, I've heard the various libertarians and ultraconservatives in my family say that they had Seen the Golden Age of America and It's Over Now. I have no idea if they, or you, are right about that. (Not to call you either of those political labels, I know better.) The Roman Empire mutated into the Holy Roman Empire (can you say "Byzantine"?, I knew ya could) and lasted another 1000 years before it was sacked by the Turks in the 1400's. People did business in Constantinople the day the place burned; they were doing business there the day after it burned. If there's a market, there'll be a business. If there's a business there'll be excess money (profits). If there's excess money, there'll be politicians, elected or otherwise. However, it's a stupid parasite which kills it's host, and that's what I'm counting on here. Cheers, Bob Hettinga ObThreadRelevance: Anyone have speaker/demo ideas for the morning "intro to e$" session? ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From werewolf at io.org Sun Aug 7 08:12:11 1994 From: werewolf at io.org (Mark Terka) Date: Sun, 7 Aug 94 08:12:11 PDT Subject: A Helpful Tip for Impatient Souls In-Reply-To: <199408062123.OAA03921@zero.c2.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <199408062123.OAA03921 at zero.c2.org>, you wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Tommy the Tourist (Anon User) wrote: > > Welcome back, Tommy, we missed you! Hope you're enjoying your > new (CSUA) "home"... (Time for everyone to update their > "chain.ini" file, BTW.) > How come? Has soda gone down or something? Or has there been an address change? -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkRJ/EyJS+ItHb8JAQGmjwQAjaceBiHUi3x5d/KmhKuxPQTYWlwrm0mM kRtXwEGNNhsfzr0o+oPp8VXIweFVlnDFoRBHhlZTWMvfZhJkG9HwHbzhuPbdPiMY mSI2E+gGgc4Wh/nEBas0ql1zhsDbZq7mgdVt2S+jtxdvSL3nRm8j/pcODFVF6XAZ Q2i8IZS07wI= =5dxU -----END PGP SIGNATURE----- From hughes at ah.com Sun Aug 7 10:11:33 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 7 Aug 94 10:11:33 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) In-Reply-To: <4191@aiki.demon.co.uk> Message-ID: <9408071643.AA18197@ah.com> Sigh. I say "A implies B". You say, "not A, and so proposition is incorrect". No, I say that messages distributions are not continuous, so the model which assumes they are is not the right model. IF the traffic is continuous, THEN random delays introduce reordering. I've never said they didn't induce some reordering. That's not my point, which is about known and not merely suspected properties of systems. Cryptography is about assurances as well as actual security. Information security is a negative property; it works when nothing bad happens, and something bad may happen without it being directly observed. Since one can't always see an actual cryptosystem failure, unlike, say, a robbery, the way to extend the security is by understanding what is possible. And for understanding, proof is always better than intuition, guessing, or supposition. I'll reiterate again. Reordering is what yields privacy, directly. Adding latency adds privacy ONLY insofar as it adds reordering. If you feel like you have to have a latency based system, fine, but the understanding of just how much reordering such systems actually induce is still lacking. It does not suffice to wave hands and say it induces 'enough' reordering. You need to know how much, and that takes a calculation, which has not been done yet. Furthermore, I demonstrated two reasons why latency-based systems are less efficient in implementation than reordering-based systems. So, in upshot, latency based reordering is not only less efficient, but also less well understood. Until someone comes up with a latency-based scheme which can't be algorithmically modified to make a more efficient reordering system, and has similar memory usage, and until someone does some calculations on just how much reordering is induced by various latency schemes, I will continue to call latency based mixing by the name snake oil. > Fourth, the problem is incompletely specified, since the distribution > of random added latencies is not made specific. Correct. You assume details that have not been specified, and then critique them at length. By not specifying exactly what distribution of latencies you're talking about, I assume that you are making a universal claim about latency-adding systems with _any_ distribution. I do not see you claiming that there exists some special distribution that makes latency systems work, because for implementation you actually have to exhibit one. Therefore, I point out that this is another lack of understanding. And I _know_ that if you haven't thought before about the issue of the distributions of the added latencies that you haven't thought very hard about the cryptanalysis of such systems. His arguments also ignore the fact that reordering messages of different lengths is useless as a defense against traffic analysis, suggesting that this is polemic rather than a serious argument. Oh, really? You even quoted me explicitly not ignoring the issue: > Encyphering is necessary. Reordering of quanta is necessary. The phrase "reordering of quanta" seems perfectly clear to me. Eric From hughes at ah.com Sun Aug 7 10:23:58 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 7 Aug 94 10:23:58 PDT Subject: Latency vs. Reordering In-Reply-To: <199408070216.TAA09025@jobe.shell.portal.com> Message-ID: <9408071655.AA18215@ah.com> This suggests, that IF YOU COULD TRUST IT, a single remailer would be just as good as a whole net. If you could trust it and if it were large enough. There's scaling reasons to use multiple remailers as well. Consider a network of mailers running on a private network with link encryptors. Whenever you join two nodes with a full-time link encryptor you remove the information about message arrival and departure, which is to say that you remove all the remaining information not already removed by encryption and reordering. In other words, two remailers (physical) hooked up with link encryptors are almost the _same_ remailer for purposes of traffic analysis, and almost only because of the link latency and relative bandwidth. Likewise, multiple remailers hooked up with link encryptors all collapse to the same node for traffic analysis. Open links between two remailers which are connected otherwise by a path of encrypted links turn into an edge from the collapsed remailer set back onto itself. Simulating any of the salient features of a link encryptor over the Internet is an interesting exercise, particularly in regard to price negotiation with your service provider. Eric From hfinney at shell.portal.com Sun Aug 7 10:32:32 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 7 Aug 94 10:32:32 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) In-Reply-To: <4194@aiki.demon.co.uk> Message-ID: <199408071733.KAA21999@jobe.shell.portal.com> jdd at aiki.demon.co.uk (Jim Dixon) writes: >In message <199408070216.TAA09025 at jobe.shell.portal.com> Hal writes: >> If this idea seems valid, it suggests that the real worth of a network of >> remailers is to try to assure that there are at least some honest ones >> in your path. It's not to add security in terms of message mixing; a >> single remailer seems to really provide all that you need. >Yes, in an ideal world. Each additional remailer introduces another >chance of being compromised. Once again I find myself with an understanding that is exactly the opposite of Jim's. I must be missing the point of his network design. In the remailer networks I am familiar with, each additional remailer introduces another chance of being uncompromised, rather than being compromised! Only if all the re- mailers in the chain are cooperating and logging messages can they recon- struct the path my message took. If any one remailer is honest, my message is successfully mixed with the others. A design in which any one remailer in the chain can compromise the privacy of the user seems to have a very big flaw. >But in an ideal remailer network operated by real human beings, you cannot >trust the operator. You would prefer that at least the points of entry >and exit from the network be different, because this decreases the >probability of the message being 'outed' by a very large factor. If >you are seriously concerned about legal factors, you would prefer that >the remailer gateways be in different legal jurisdictions. Yes, this makes a lot of sense. Use different jurisdictions to make attacks by government agencies more difficult, use multiple remailers in a chain, etc. I just don't follow the earlier comment which suggests a different model of information exposure than I use. Hal From hughes at ah.com Sun Aug 7 10:52:24 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 7 Aug 94 10:52:24 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <199408070228.WAA26202@zork.tiac.net> Message-ID: <9408071723.AA18249@ah.com> Is it possible to accurately estimate the cash transaction load of an economy? I have some 1992 USA figures on this. The number of checks was 58 billion (58 * 10^9). The number of card transactions was 12 billion. There were about 2 billion other electronic transfers. 72 billion total. Cashless transactions are about a tenth (roughly, this is from memory) of the total. So as a first cut, assume about one trillion (10^12) transactions to be tracked per year. Assume 1/8 Kbyte per transaction (that's a lot). If you stored transactions on 8 Gbyte tapes, that's 2^40 xact * 2^7 bytes/xact * 2^-33 tapes/byte = 2^14 tapes, or about 16 thousand. A robotic retreival device for 16 thousand tapes is certainly feasible; I've seen a similar system for about 2 thousand 9-track tapes -- it was feeding a Cray 2 at Livermore in their fusion center. Now that's just storage, not the whole system. But it's apparent from these estimates that a real system is certainly affordable, and, possibly, relatively inexpensive as such totalitarian devices go. Remember, "suspects" (10^-3 of the population) can be filtered out before hitting tape and stored on about 128 Gbytes of hard disk, for very fast retreival and realtime analysis. When *every* business transaction can be scrutinized (as much as physically possible, per above) at any time, for any reason the government deems necessary, it makes a sizable business case *for* traceable electronic cash. This is probably the place to put the lever on the business community. It might be, but remember that in making the case to business, the financial privacy, such as it exists today, is _not_ "at any time, for any reason". It might be in the future, but then you're making a perceived-weaker argument. Non-recorded transactions exist already. It's keeping them from dissapearing that we're really talking about here. The number of non-recorded transactions, however, is dropping. The largest class, cash, got some reporting requirements clamped on it recently. We are talking about both ensuring that the current non-recorded transactions stay that way and allowing for non-recorded electronic transactions in the future. It might be the threat of international deployment and regulatory arbitrage which brings them around, and fires up the lobbying apparatus on our side of the issue. With that in mind, shouldn't you have your first conference in London, invite a bunch of US bankers, and raise the issue explicitly? As soon as you can get different countries competing for revenue, you're more than halfway home. On the other hand if those reporting requirements are frictionless, they don't *need* to fight it, do they... Nope. And remember, the divide-and-conquer is likely already starting. The first bank to provide FINCEN with a live transaction feed will likely see some regulatory hurdles fall, no? Eric From hughes at ah.com Sun Aug 7 10:59:47 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 7 Aug 94 10:59:47 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <199408070251.WAA26419@zork.tiac.net> Message-ID: <9408071731.AA18270@ah.com> >There are two legal problems that I could see being used against digital >cash. The first is the civil war era prohibition on banks issuing private >bank notes. It seems to me that one could just as easily treat digicash as securities denominated in dollars, [etc.] It didn't occur to me before, but you could also have 'nonbank notes'. If the issuer isn't a bank, does the regulation still apply? Eric From perry at imsi.com Sun Aug 7 11:19:33 1994 From: perry at imsi.com (Perry E. Metzger) Date: Sun, 7 Aug 94 11:19:33 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <9408071731.AA18270@ah.com> Message-ID: <9408071819.AA20194@snark.imsi.com> Eric Hughes says: > It didn't occur to me before, but you could also have 'nonbank notes'. > If the issuer isn't a bank, does the regulation still apply? If it doesn't the simple expedient of the Fed ruling that you are a bank would screw you up nicely. If all else fails, they will just pass a new law, so as to prevent the evil Child Pornographers, Terrorists, Drug Dealers and the rest from using this horrible new technology. I'm not sanguine about the possibilities of getting any of what we would like through regulatory and legislative hurdles. The regulators have taken ten years just to eliminate the restrictions on interstate banking, and they still haven't quite done the job yet (although hopefully the restrictions will go away by '96 or so.) They understood that stuff fairly well. They probably won't understand digital cash as well, although it will probably be even worse for us if they do. Perry From jrochkin at cs.oberlin.edu Sun Aug 7 11:47:10 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Sun, 7 Aug 94 11:47:10 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) Message-ID: <199408071847.OAA17445@cs.oberlin.edu> > What I think is a better idea was proposed here last year, and I think > someone was doing it for a while. It is for someone to volunteer to > be the keeper of the remailer aliveness information. He runs scripts > every day to ping the remailers, keeps lists of which remailers are > currently active, and so on. This does seem like a better idea, except for one thing: Everybody has got to trust the Keeper of the Aliveness Info. I'm not sure how much of a problem this is, nor am I sure that the newsgroup method neccesitates any less trust. But I do think that a system where all trust doesn't lie in any one entity is desirable, and I think that such a system is going to have to be decentralized like netnews, rather then centralized . The other problem that a centralized system imposes is that if the Keeper Of Aliveness Info goes down, everyone is scrambling to find a new one. This doesn't seem like a major problem, but again, an ideal system wouldn't have this flaw. From jdd at aiki.demon.co.uk Sun Aug 7 11:50:46 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sun, 7 Aug 94 11:50:46 PDT Subject: Improved remailer reordering Message-ID: <4210@aiki.demon.co.uk> In message <9408062320.AA17234 at ah.com> Eric Hughes writes: > About message mixing: > > A measure that is used for situations like this is entropy. > > Indeed. This is exactly the mathematical measure for what I've called > "privacy diffusion" in a remailer network. It is, namely a measure of > of the uncertainty to a watcher of what ingoing message corresponds to > what outgoing message. > > As soon as you begin to write down some of the equations for this > value, several things become distinct possibilities: > > -- duplicate messages may decrease security > -- retries may reduce security > -- interactive protocols may reduce security > -- there is such a thing as a needlessly lengthy remailer path > -- noise messages might not be worth the bother > -- multiple different routes may reduce security > > One thing becomes blaringly obvious: > > -- it's reordering that's mathematically significant; that's what goes > directly into the equations. On thing is glaringly obvious: if you use the wrong assumptions, you will get the wrong answers. Imagine a RemailerNet (v0.2) that maintained a fixed level of traffic between gateways. Messages are injected into the system at various gateways and emerge at various gateways. All traffic between gateways is encrypted. All traffic takes the form of packets of the same length, perhaps 1024 bytes. [It is possible that a much smaller packet size might be desirable, specifically the ATM packet size, with 48 bytes of data payload.] Messages are fragmented according to policies at the entry gateway. Intervening gateways may or may not further fragment incoming packets according to gateway policy. The exit gateway is responsible for reassembling packets into messages. The routing of packets is randomized to some extent. Message transmission is guaranteed to be reliable in the sense that either the message will get there or the sender will be told that it didn't. Users desiring a high level of security are required to participate in the game. They must accept and send a fixed number of packets at each connection. These users should be responsible for packetizing their own messages when sending and assembling their own messages when receiving. They must encrypt all communications with gateways. These 'empowered' users are in fact operating RemailerNet gateways. It is likely that different levels of gateway would have to be defined, depending upon the degree of physical control that the operator had over the gateway and the level of resources that he or she was willing to devote to RemailerNet operations. Entry level users would communicate using ordinary email. Major gateway operators would communicate using RemailerNet protocols over TCP/IP. Time is measured in this system in steps. Each step corresponds to the dispatch of one set of packets. The relationship between 'step time' and chronological time will vary from link to link. This system will tolerate an arbitrary level of traffic. Over time the level of traffic (in bytes/sec) would be some multiple of the average volume (bytes/sec) of messages carried. The gateways would automatically adjust the traffic level. [Probably it should rise quickly and fall gradually.] The functioning of the system as a whole makes it very difficult to do any kind of realistic traffic analysis. Any reordering of messages is performed at the packet level. In general, the messages do not exist as wholes along the lines connecting the gateways, so a discussion of their reordering is a good way to waste time. A detailed mathematical analysis of what makes the system difficult to attack would itself be quite difficult. But I would suggest that the key factors are the fragmenting of messages, the use of fixed length packets, the systematic introduction of noise, and random delays in dispatching packets. [The random delays reorder the packets and they also introduce noise -- an unused timeslot is filled with a noise packet.] If, of course, your equations include only measures of the reordering of messages, your results will depend only upon measures of reordering of messages. -- Jim Dixon [this is not a complete or final description of RemailerNet] [v0.2 but should be sufficient to encourage a few attacks ] From die at pig.jjm.com Sun Aug 7 14:36:58 1994 From: die at pig.jjm.com (Dave Emery) Date: Sun, 7 Aug 94 14:36:58 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <9408071220.AA19695@snark.imsi.com> Message-ID: <9408072140.AA04971@pig.jjm.com> > It is perfectly feasable to track all financial transactions in the > U.S., down to the "quarter for a phone call" level, without > eliminating all capacity to use the data or placing more than, say, > another several percent burden on the cost of all transactions. > > Perry > Already, at least here in the northeast, virtually all credit card transactions are on-line verified - it would take relatively little additional effort to capture additional transaction details including ID from our spiffy new national ID card and a more specific description of what was bought. And many supermarkets around here now do a substantial part of their business via debit or credit cards and checks - the added burden of converting everything over to watchable on-line electronic transactions is probably not measured in percent per transaction but in fractions of a percent. The major investment in on line retail infrastructure has already been made in most cases, what needs to be added is just some additional software and a more legally binding ID card. One suspects that the cost of physically handling cash, providing security for it and so forth is actually quite comparable to costs of such a cashless electronic regime. Outlawing cash is indeed (unfortunately) quite practical. If I had to guess as to what *the major* domestic target of wideband electronic surveillance and monitoring by the TLAs is licit or illict, I would name the credit card authorization data streams. Probably that and interbank wire and check clearing transfers consitute much the largest cross section of data being watched regularly. And I am unclear as to whether such surveillance, with the tacit consent of the banks and credit card companies of course, is obviously and specifically illegal. Dave Emery From rah at shipwright.com Sun Aug 7 14:59:50 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 7 Aug 94 14:59:50 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408072158.RAA02422@zork.tiac.net> At 2:19 PM 8/7/94 -0400, Perry E. Metzger wrote: >The regulators >have taken ten years just to eliminate the restrictions on interstate >banking, and they still haven't quite done the job yet (although >hopefully the restrictions will go away by '96 or so.) It really isn't to most of the individual banking entities' advantage for interstate banking to exist because almost all of them would merged out of existence. It isn't the regulators' fault; it's a wonder they got this far as fast as they did, and that's primarily because the foriegn markets are driving the regulators to it. Regulatory arbitrage. If there was a clearcut financial advantage to interstate banking to First Podunk Bank and Trust, it would have happened already. >They understood >that stuff fairly well. They probably won't understand digital cash as >well, although it will probably be even worse for us if they do. Which, I believe, is the point of this thread. It's time to shuck and jive a bit. If it can be demonstrably proved that a market exists, that there's some boards of directors for those hoary old regulators to sit on in their golden years, then there's a chance to make retail trade settlement a reality. You can't do that without a legimate test, and you can't get that without mau-mauing the regulators some, eh? Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sun Aug 7 14:59:51 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 7 Aug 94 14:59:51 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408072158.RAA02419@zork.tiac.net> At 10:31 AM 8/7/94 -0700, Eric Hughes wrote: > >There are two legal problems that I could see being used against digital > >cash. The first is the civil war era prohibition on banks issuing private > >bank notes. > > It seems to me > that one could just as easily treat digicash as securities denominated in > dollars, [etc.] > >It didn't occur to me before, but you could also have 'nonbank notes'. >If the issuer isn't a bank, does the regulation still apply? OK. Your question has two parts. First, Eric, what exactly do you mean by 'nonbank notes'. Like the kind issued by corporations in the money markets, or Amex Traveller's Checks?. Second, we need a lawyer. This is a good thing, 'cause a you can't hack laws without a lawyer (most of the time, anyway...), and (ObThreadRelevance) we need one to pitch this stuff to other lawyers (regulators, et. al.) anyway... In search of Vinnie "the Pro" Bono, honorable second cousin of the esteemed mayor of Palm Springs, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sun Aug 7 14:59:51 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 7 Aug 94 14:59:51 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408072158.RAA02425@zork.tiac.net> At 10:23 AM 8/7/94 -0700, Eric Hughes wrote: >It might be, but remember that in making the case to business, the >financial privacy, such as it exists today, is _not_ "at any time, for >any reason". It might be in the future, but then you're making a >perceived-weaker argument. Ah, my Burroughsian hyperbole strikes again... Gotta get that AJ subroutine fixed... > It might be the threat of > international deployment and regulatory arbitrage which brings them around, > and fires up the lobbying apparatus on our side of the issue. > >With that in mind, shouldn't you have your first conference in London, >invite a bunch of US bankers, and raise the issue explicitly? As soon >as you can get different countries competing for revenue, you're more >than halfway home. One could accuse you wanting to get a "deductable junket" to Europe here ;-), and you might be right about doing it in London, but it seems to me that to present a xenophobic argument to the American banking community, it's best do to that on American soil. Without sounding too parochial, it's entirely possible to incite greed in the international markets with leaving home. I really want to get regulators into the same room, also. The site I have in mind is six blocks from the Federal Reserve Building in Boston. Boston is, you understand, the fulcrum of the universe, even if the long end of the lever finishes up somewhere about Berkeley... > > On the other hand if those reporting > requirements are frictionless, they don't *need* to fight it, do they... > >Nope. And remember, the divide-and-conquer is likely already >starting. The first bank to provide FINCEN with a live transaction >feed will likely see some regulatory hurdles fall, no? JargonQuery(FINCEN?) I'm having fun now. Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From blane at squeaky.free.org Sun Aug 7 16:38:30 1994 From: blane at squeaky.free.org (Brian Lane) Date: Sun, 7 Aug 94 16:38:30 PDT Subject: CreditCard info Message-ID: An interesting sideline - I ran into an interesting situation at a local video rental place yesterday. If you give them your credit card number they charge you .25 less a tape to rent it(2.75 compared to 3.00) Your number goes into their customer databse. I laughed, and said i'd rather pay the .25 a tape than take the chance of some part-time HS kid getting ahold of my CC number. It's unbelieveable (to me anyway) that people would give this kind of information out and trust that it can't be abused. It's bad enough that we're asked to hand out our SS number for everything. Brian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From hughes at ah.com Sun Aug 7 16:54:00 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 7 Aug 94 16:54:00 PDT Subject: Improved remailer reordering In-Reply-To: <4210@aiki.demon.co.uk> Message-ID: <9408072325.AA18643@ah.com> Imagine a RemailerNet (v0.2) that maintained a fixed level of traffic between gateways. This is exactly what I was talking about when I posted earlier about link encryptors, and effective collapse of nodes for traffic analysis purposes. Traffic analysis of mixes and remailers assumes, as an abstraction, that all the messages going into and coming out of a particular node are visible. As soon as you remove this condition, the analytical situation changes completely. And it changes for the better, since the reduction in observed information can only improve security. Message arrival and departure times are not irrelevant, and their removal gives less useful information. The desired net result is a single node for traffic analysis purposes. But even for a single node, estimates of reordering still need to be made. The problem with implementation of link encryption is, like everything else, cost. Link encryption off the Internet requires dedicated lines. Link encryption on the Internet likely won't get you into trouble now, but likely will be an issue as subsidies go away. In general, the messages do not exist as wholes along the lines connecting the gateways, so a discussion of their reordering is a good way to waste time. You still have to worry about reordering in the network as a whole. The system you've described has reassembly done at the endpoints, who might not be the final receiver. I pass over the flaw of lack of message quantization in the final sending of reassembled messages. We may assume for discussion that they're all the same length. Now, you still need to calculate the likelihood that a particular outgoing message is the same message as a particular incoming message. These probabilities have to do with message reordering. You still need to do the calculation. Eric From ianf at simple.sydney.sgi.com Sun Aug 7 17:30:05 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Sun, 7 Aug 94 17:30:05 PDT Subject: URGENT: Please Tell Congress to Allow Encryption Export In-Reply-To: <3922@aiki.demon.co.uk> Message-ID: <9408081028.ZM11026@simple.sydney.sgi.com> On Aug 5, 5:53pm, Jim Dixon wrote: >> Imagine this: you're a politician. If you're a US politician in particular >> you will be correctly told that you are, by virtue of your position, a target >> for a lot of "extremeist" groups and terrorism. [etc] > This has little to do with being a politician and even less with being > a US politician. People at all levels everywhere at all times are willing > to pay for what they perceive as additional security. The original point was an explanation as to one of the reasons why politicians can do unaccountable 180 degree turns of opinion when entering politics. As such it had everything to do with being a politician. Your point that it is a manifestation of a more general desire for security is valid, but you missed the main point at issue here. Ian. From v-garthb at microsoft.com Sun Aug 7 17:43:54 1994 From: v-garthb at microsoft.com (Garth Brown (Semaphore Software)) Date: Sun, 7 Aug 94 17:43:54 PDT Subject: CreditCard info Message-ID: <9408080045.AA26869@netmail2.microsoft.com> ---------- | From: Brian Lane | It's unbelieveable (to me anyway) that people would give this kind of | information out and trust that it can't be abused. It's bad enough that | we're asked to hand out our SS number for everything. It's my understanding that it's technically illegal for anyone to require your SSN for anything if they are not using it for SS related purposes. I had heard that congress passed a law when SSNs were issued to this effect. Am I hallucinating, or has someone else heard this too?! garthB> ---------------------------------------------------------------------- ------- Garth S. Brown, Semaphore Corporation 122 South Jackson Street, Suite 350 garthb at semaphore.com Seattle, Washington 98104 InterNIC WHOIS: GB(31) -Public key available via finger of garthb at semaphore.com -PGP2.6 Key fingerprint = 65 0E 48 A1 F7 38 DB 03 3F 77 77 9E B5 53 2E 96 ---------------------------------------------------------------------- ------- All problems can be solved with the proper application of high explosives. From blane at squeaky.free.org Sun Aug 7 18:02:30 1994 From: blane at squeaky.free.org (Brian Lane) Date: Sun, 7 Aug 94 18:02:30 PDT Subject: CreditCard info In-Reply-To: <9408080045.AA26869@netmail2.microsoft.com> Message-ID: On Sun, 7 Aug 1994, Garth Brown wrote: > > ---------- > | From: Brian Lane > | It's unbelieveable (to me anyway) that people would give this kind of > | information out and trust that it can't be abused. It's bad enough that > | we're asked to hand out our SS number for everything. > > It's my understanding that it's technically illegal for anyone to require > your SSN for anything if they are not using it for SS related purposes. > I had heard that congress passed a law when SSNs were issued to this > effect. > > Am I hallucinating, or has someone else heard this too?! > I have also heard this. At school they ask you for your SSN when signing up for classes, but you can get a random id number assigned instead(I found this out long after giving them my SSN). I filled out a credit app at Sears last month that asked for my SSN, I didn't give it and didn't get credit either. What exactly is SS related use? Banks, Employment only? BRian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From jrochkin at cs.oberlin.edu Sun Aug 7 18:02:49 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Sun, 7 Aug 94 18:02:49 PDT Subject: remailer ideas Message-ID: <199408080103.VAA23382@cs.oberlin.edu> My newsgroup-RemailerNet ideas seem to be getting mixed reviews, but I think that part of the p roblem is that some people don't understand what I'm trying to accomplish. There are several features I think are extremely desirable in a remailernet infrastructure, which our current infrastructure doesn't accomplish, and which no proposed infrastructure that I've seen accomplishes either. I'm not certain my newsgroup/pinging idea addresses these concerns, either, but I'm going to lay them all out, and y'all can see what you think. These points aren't distinct, I realize. They're all interrelated somewhat. 1) New remailers should be able to enter the "remailernet" easily, and with a minimum of human intervention. If I decide to run a remailer, the infrastructure should provide a way to make it visible to all other particpants in the remailer net, other remailers and users. Whether the other participants make use of it or not, is another question, and would presumably depend on a web-of-trust kind of situation. But currently, someone who wants to stay current with this kind of info basically has to read cypherpunks, and take notes when people announce new remailers. Better, would be if this sort of "new remailer" info could be distributed automatically, to both users and other remailers. 2) Remailers should be able to leave the remailernet without devestating it. If my remailer is temporarily, or permanently, down, the remailernet should route around it. Again, the current way for operators to announce this would basically be to post to cypherpunks list, and maybe alt.security.pgp too. If other remailernet particpants miss the announcement, havok can ensue. If a middle link of your remailer chain is down, all you know is your messages aren't getting to their destination, you won't know which link is down. We shouldn't require all particpants to read cypherpunks religiously, and if an operator isnt' conscientious enough to post to the expected places, it shouldn't be fatal. Both users and remailers should have an automatic way of finding out about down remailers. 3) Remailers themselves should have a way of automatically learning the topography of the remailernet. If we want to form a cohesive black-box remailernet, remailers are going to need this info. Maybe they're sending fake padding between themselves to thwart traffic analysis. Maybe they're encrypting with the key of the next remailer down the line automatically for you. I don't know enough about it to know what methods are best, but it seems probable from discussion that remailers are going to need to do something that requires knowing about all the other remailers, and their PGP keys and such. 4) Users should have a way of learning the topography of the remailernet too. A way which doesn't require so much human intervention. I should be able to tell my software "send an anon message to X, put 10 links in the remailer chain," and it will do it. To use the remailer net, I shouldn't need to read cypherpunks in order to keep track of all various remailers, and which are up, and which are down. My software should do that for me. And again, your software doesn't need to use all the remailers that it knows about, it can rely on web-of-trust based on PGP signatures and such. [Although I'm not certain this is neccesary, as I've come to the same conclusion as Hal Finney: as long as you've got one (or maybe two) trustworthy remailers in the chain, you are pretty much okay. Although Jim Dixon points out that a concerted effort by the TLAs could make even finding one trustworthy remailer a serious chore. But this is an implementation problem; we're talking theory here at the moment.] 5) No one entity participating in the remailer net structure should be able to compromise the security of the net acting alone. For example, An "evil remai ler" operating solely for the purpose of compromising the remailernet shouldn't be fatal. This is a matter of degree to some extent: if everyone but you is "evil", you're going to be out of luck in just about any system. But the more robust the infrastructure is, the more evil participants it can handle before it cracks, the better. The current remailer net actually fulfills this requirement fairly well, but it's an important one, and worth noting anyhow. Now I think the infrastructure I've proposed that uses a newsgroup, as well as a pinging mechanism, fulfills all these requirements. But I'm not going to try to defend it now, instead, what do you all think about those requirements? Are they all in fact neccesary? Or desirable? Are there any more that should be added? Can you think of any infrastructure systems that might fill some or all of them? From karn at unix.ka9q.ampr.org Sun Aug 7 18:06:27 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Sun, 7 Aug 94 18:06:27 PDT Subject: IDEA vs DES Message-ID: <199408080106.SAA01619@unix.ka9q.ampr.org> Now that I've got DES running about as fast as it can go on the 486, I did a little analysis on IDEA. The algorithm is definitely more straightforward to implement than DES, but not necessarily that much faster. It uses three primitive operations, all on 16-bit quantities: XOR, ADD and multiplication modulo 65537. Each encryption involves 48 XORs, 34 adds and 34 multiplies, plus a few exchanges. The multiplies are a problem. On the 486, a 16x16 integer multiply takes from 13-26 clocks, depending on how many significant bits there are in the multiplicand. Random data usually has 15-16 significant bits, so this distribution is probably weighted more toward the 26 clock figure. So I count an optimistic total of 990 clocks per 64-bit encryption, assuming plenty of registers (which I don't have), not counting the modular reduction steps for each multiply, and ignoring the memory references for the subkeys. I figure my DES code is currently taking about 1300 clocks per encryption. So IDEA won't be much faster, though it may be more secure. Anybody know the speed of the integer multiply instruction on the various PowerPC chips? Along with modular exponentiation and vocoders, which also do a lot of multiplies, it looks like fast multiplication is becoming rather important in secure communications. Phil From peace at BIX.com Sun Aug 7 19:00:11 1994 From: peace at BIX.com (peace at BIX.com) Date: Sun, 7 Aug 94 19:00:11 PDT Subject: e$ Message-ID: <9408072158.memo.40958@BIX.com> I can recall that many years back the casinos in Las Vegas all accepted the chips from the other ones and then had a great exchange each day where the accounts were settled up. Even the gift shops took chips in place of cash. The US Treasury put a stop to this as it was considered to be a replacement for cash. Also I hear a lot about bearer bonds, but never in the US. OTOH the NYC subways have started a cash card that they expect merchants to accept in lieu of coins. It would be nice to know what the Feds will or won't accept. BTW, does it matter if the e$ are US denominated? Could e$ be presented as travelers checks? The possibilities here are extremely interesting. - - - Bob said> However, it's a stupid parasite which >kills it's host, and that's what I'm counting on here. Not really true. All parasites kill their host or they would not be considered parasites (ie. live at the EXPENSE of the host). The only question is how quickly the host dies. There is an entire epidemiology of parasitism, ie. which strategies are best for the parasite. The virulent ones must be able to find a new host quickly, the ones that can't exit quickly rely on the host living for a long time. There was a good article in SciAm on this a little while back. Also remember, it is the US Supreme Court which ruled that the power to tax is the power to destroy. Sounds like as good a definition of parasitism as any. Peace From nobody at shell.portal.com Sun Aug 7 19:43:25 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sun, 7 Aug 94 19:43:25 PDT Subject: CreditCard info Message-ID: <199408080244.TAA25091@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- Brian Lane asked: > I filled out a credit app at Sears last month that asked for my SSN, I > didn't give it and didn't get credit either. What exactly is SS related > use? Banks, Employment only? Employers are REQUIRED to obtain an SSAN for tax purposes, as are banks for reporting interest, etc. to the IRS. Regarding credit, they generally ask for an SSAN because that's the "unique personal identifier" that most credit bureaus index your records by (and still screw them up, even then!). --- Diogenes -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkWV9+Rsd2rRFQ1JAQHKqAP/UISqmaWkX/n+4NwlpL6GBOxPVfcS6af+ zWU8SCpqNcdZWic1ioDq60vO1sji8zBf0jeoOfUXPaNQkcdKGp61y4gxbSZOoqBH VtDSuHCY35X+3ihCFwhp9pshqIWwJTTxvJ9KA6DMZhKM5V5nAC8+GBD7Ofhr81gZ RHPtr/Y2Tgo= =azV1 -----END PGP SIGNATURE----- From hfinney at shell.portal.com Sun Aug 7 20:13:53 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 7 Aug 94 20:13:53 PDT Subject: Improved remailer reordering In-Reply-To: <9408072325.AA18643@ah.com> Message-ID: <199408080314.UAA26470@jobe.shell.portal.com> hughes at ah.com (Eric Hughes) writes, quoting Jim Dixon: > Imagine a RemailerNet (v0.2) that maintained a fixed level of > traffic between gateways. >This is exactly what I was talking about when I posted earlier about >link encryptors, and effective collapse of nodes for traffic analysis >purposes. Traffic analysis of mixes and remailers assumes, as an >abstraction, that all the messages going into and coming out of a >particular node are visible. As soon as you remove this condition, >the analytical situation changes completely. So, I guess what you are saying is, two remailer nodes connected by a fully-encrypted link which carries dummy traffic so the data rate is constant (and hence effectively invisible) can be thought of as one node for some purposes. So let me ask: how does a network which contains these two nodes compare with one which has only a single node in their place? I can see three models to compare. The first is a single node network. The second is a tightly-coupled two-node network with link encryption so no information is available on the traffic between them. Messages will be sent into and out of this pair of nodes in such a way as to maximize entropy of distribution. The third is a loosely-coupled two-node network where the nodes are used as a Chaum-style cascade, but with half the messages going in each direction. For the first network, if the bandwidth into (and hence out of) the single node is N, we get the maximal possible confusion, as I suggested before. If the total bandwidth into the remailer network is N, then the tightly-coupled two-node network might average N/2 into each of the nodes, with N/2 out of each of them. For maximal confusion, half of the incoming data would be sent over to come out of the other node, so we have N/4 going in each direction on the link. The net result is that the two-node net has each node with a bandwidth of 3/4 N coming in (and going out) to attain the confusion level of an ideal one-node system. This is superior in per-node bandwidth but greater in total network bandwidth. As for security against corrupt operators, this gives some improvement over a one-node system, but not as much as with two independent nodes. In this model, only half the messages go through both nodes, so only half get the benefit of a two-node chain. (Also, as I suggested before, we might question whether two node operators who were able to cooperate and trust each other well enough to set up this kind of link would be truly independent.) For the third model, two nodes connected by an ordinary link and used as two-node chains, each node now has an input bandwidth of N: N/2 from users (who choose each node at random as the first of the chain), and N/2 from the other remailer (where the node is acting as the second of the chain). So we have paid a price in bandwidth, with each node carrying N, and a total net bandwidth of 2N. But we have gained in security against operator malfeasance: all messages now go through both remailers and if either one is hiding the mapping then it is lost. So, there appears to be some tradeoffs between bandwidth savings and security against dishonest operators. It will be interesting to see how these results extend to larger numbers of nodes. Hal From nobody at ds1.wu-wien.ac.at Sun Aug 7 21:05:01 1994 From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at) Date: Sun, 7 Aug 94 21:05:01 PDT Subject: Tommy the Tourist's New Home Message-ID: <9408080404.AA29726@ds1.wu-wien.ac.at> -----BEGIN PGP SIGNED MESSAGE----- werewolf at io.org (Mark Terka) asked: > > Tommy the Tourist (Anon User) wrote: > > > > Welcome back, Tommy, we missed you! Hope you're enjoying your > > new (CSUA) "home"... (Time for everyone to update their > > "chain.ini" file, BTW.) > How come? Has soda gone down or something? Or has there been an address > change? Soda was down for a week while it was moved to a different location. The new address is "remailer at soda.csua.berkeley.edu". I'm told that the old address will continue to work for a limited time, but it's best to get in the habit of using the correct one. I also understand that the crypto archives have also moved, but I'm not really sure of the details. --- Diogenes -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkWDGuRsd2rRFQ1JAQH9UQP/Y5IVnEPiOVtxYmaakHMxK9huPvdsOqsC qgaH9OUKEc6MDVz7NWI/ZtW9V8FqMGfEXEN0a4rMuvgyeq5P2VgqOuMWUcOOKwKP m8jEioG+AoJy6ZWRdufz8rkkc7rU73s9a2Xfktf62rG0PSjs7g9xJrjXPCKSk+PT 2iq18F2sBPo= =5LAw -----END PGP SIGNATURE----- From adam at bwh.harvard.edu Sun Aug 7 21:47:39 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sun, 7 Aug 94 21:47:39 PDT Subject: Digicash address? Message-ID: <199408080448.AAA08240@bwh.harvard.edu> Could someone send me contact information for David Chaum's Digicash company? An email address would be great... Thanks in advance, Adam From blane at squeaky.free.org Sun Aug 7 21:49:59 1994 From: blane at squeaky.free.org (Brian Lane) Date: Sun, 7 Aug 94 21:49:59 PDT Subject: CreditCard info In-Reply-To: <199408080244.TAA25091@jobe.shell.portal.com> Message-ID: On Sun, 7 Aug 1994 nobody at shell.portal.com wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Brian Lane asked: > > > I filled out a credit app at Sears last month that asked for my SSN, I > > didn't give it and didn't get credit either. What exactly is SS related > > use? Banks, Employment only? > > Employers are REQUIRED to obtain an SSAN for tax purposes, as are banks for > reporting interest, etc. to the IRS. Regarding credit, they generally ask > for an SSAN because that's the "unique personal identifier" that most credit > bureaus index your records by (and still screw them up, even then!). > > --- Diogenes > Yep, you give them the numbers and they still mess it up. My boss's credit report had him with 2 Sears cards, one not his. My friend's credit report showed that he had a lein agains his house(he doesn't own one), a reposses car(not true), garnished(sp?) wages(not true). Pretty sad. I guess a nation ID card/number/barcode/embedded microchip would solve this, wouldn't it? I can see us making the progression - in 10 years all newborns will have a small uP implanted into their hand(ala Demolition Man) that will keep track of all their electronic data. Scares the crap out of me. Brian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From tcmay at netcom.com Sun Aug 7 22:00:21 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 7 Aug 94 22:00:21 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) In-Reply-To: <199408070216.TAA09025@jobe.shell.portal.com> Message-ID: <199408080501.WAA27022@netcom7.netcom.com> I've left the subject line unchanged, to show an unusual _triple nesting_ of subjects! Also, I just got back after a weekend away, and so am only now seeing these interesting messages about remailers, entropy, etc. A subject of great interest. Hal Finney writes: > I had an interesting thought. Remailer networks are hard to analyze, > with messages whizzing this way and that. But Tim pointed out that if > you have N messages coming in to the network as a whole and N going > out, all that zigging and zagging really can't do much better than > N-fold confusion. Yes, in _principle_, the theory is that Alice could be the only the remailer in the universe, and still the "decorrelation" of incoming and outgoing messages would be good. For example, 100 messages go in, 100 leave, and no one can make a better 1 chance in 100 chance of matching any single input to any output. From a _legal_ point of view, a wild guess, hence inadmissable, blah blah. (From a RICO point of view, to change subjects, Alice might get her ass sued. Or a subpoena of her logs, etc. All the stuff we speculate about.) But we can go further: a single remailer node, or mix, that takes in 1 input and produces 2 outputs breaks the correlation capability as well. However, we all "know" that a single remailer doing this operation is in some very basic way less "secure" (less diffusing and confusing, less entropic) than a network of 100 remailers each taking in hundreds of messages and outputting them to other remailers. Why--or if--this hunch is valid needs much more thinking. And the issues need to be carefully separated: multiple jurisdictions, confidence/reputation with each remailer, etc. (These don't go to the basic mathematical point raised above, but are nonetheless part of why we think N remailers are better than 1.) By the way, there's a "trick" that may help to get more remailers established. Suppose by some nefarious means a message is traced back to one's own system, and the authorities are about to lower the boom. Point out to them that you are yourself a remailer! This is more than just a legalistic trick. Indeed, as a legalistic trick it may not even work very well. Nonetheless, it helps to break the notion that every message can be traced back to some point of origin. By making all sites, or many sites, into remailers, this helps make the point that a message can never be claimed to have been traced back "all the way." There are lots of interesting issues here, and I see some vague similarities to the ideas about "first class objects"...in some sense, we want all nodes to be first class objects, capable of being remailers. (There's an even more potentially interesting parallel to digital banks: admit the possibility of everybody being a digital bank. No artificial distinction between "banks" and "customers." Helps scaling. And helps legally. I'm not saying we'll see this anytime soon, especially since we have no examples of digital banks, period. But a good vision, I think.) > This suggests, that IF YOU COULD TRUST IT, a single remailer would be just > as good as a whole net. Imagine that God offers to run a remailer. It > batches messages up and every few hours it shuffles all the outstanding > messages and sends them out. It seems to me that this remailer provides > all the security that a whole network of remailers would. > > If this idea seems valid, it suggests that the real worth of a network of > remailers is to try to assure that there are at least some honest ones > in your path. It's not to add security in terms of message mixing; a > single remailer seems to really provide all that you need. Yes, which is why increasing N increases the chance that at least one non-colluding remailer is being used. A trick I have long favored--and one I actually used when we played the manual "Remailer Game" at our first meeting--is to *USE ONE'S SELF* as a remailer. This still admits the possibility of others being colluders, but at least you trust yourself and get the benefits described above. [The alert reader will not that a spoofing attack is possible, as with DC-Nets, in which all traffic into your node is controlled in various ways. The graph partition work Chaum does, and others who followed him do (Pfaltzmann, Boz, etc.), is very important here.] Practically speaking, we need to see hundreds of remailers, in multiple legal jurisdictions, with various policies. Messages routed through many of these remailers, including one's own remailer, should have very high entropies. I still say that a formal analysis of this would make a nice project for someone. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From rarachel at prism.poly.edu Sun Aug 7 22:06:57 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 7 Aug 94 22:06:57 PDT Subject: CIA eating internet email & usenet news In-Reply-To: Message-ID: On Wed, 3 Aug 1994, Brian Lane wrote: > > See this week's Computerworld. Anyone have a scanner they can post this > > article up with? I'm not up to typing it... > > What do you mean by email monitoring, their own or ours? Maybe we > should bombard them with encrypted copies of the Digital Telephony bill? Don't know for sure. That article was a bit too vague as tot he exact nature of the data vacuuming. I suspect however that while Computerworld may be quite vague all by its self, the CIA wasn't too talkative as to what they'd eat up. However, you can bet that any TCP/IP packets sent through their hardware will duplicate themselves on their hard drives. It's certain that they will eat up usenet news. They mentioned that the reason that this system is up is so that they can do research, but in such a way as to prevent traffic/question analysis of their querries so as to prevent others from finding out just what they're working on. Who knows, maybe they'll get accounts on internet providers or use anon mail to post their querries, but "They're here!" I certainly wouldn't put it past them to read any email they can though. :-( =============================================================================== | + ^ + || ' . . . . . . . Ray (Arsen) Arachelian || | \|/ || . . . ' . ' . : . . rarachel at photon.poly.edu || |<--+-->||. . . |' '| .' . . ... ___ sunder at intercom.com || | /|\ || . . \___/ . . . : .... __[R] || | + v + || . oOOo /o.O\ oOOo :. : .. |A| "And bugs to kill before I sleep"|| =========/---vvvv-------VVVV------------|I|----------------------------------/ / . : . ' : ' |D| This signature pannel is / / The Next Bug to kill(tm) --- now open. / /___________________________________________________________________/ From tcmay at netcom.com Sun Aug 7 22:13:49 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 7 Aug 94 22:13:49 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) In-Reply-To: <4194@aiki.demon.co.uk> Message-ID: <199408080514.WAA28015@netcom7.netcom.com> Jim Dixon writes: (quoting Hal Finney) > > If this idea seems valid, it suggests that the real worth of a network of > > remailers is to try to assure that there are at least some honest ones > > in your path. It's not to add security in terms of message mixing; a > > single remailer seems to really provide all that you need. > > Yes, in an ideal world. Each additional remailer introduces another > chance of being compromised. No, I'm afraid you have this backwards. A remailer cannot introduce a chance of increase the chance of being compromised. (I'm assuming that nested encryption is used, as all "ideal mixes" should use this, cf. Chaum. The bastardized version we play around with, in which encryption is skipped, is entirely unsecure.) Perhaps I am misunderstanding you (Jim) here, but in no conceivable way can I imagine that "Each additional remailer introduces another chance of being compromised." Perhaps each additional remailer can increase the chance of not forwarding the mail properly--as might be done in a denial of service attack--but this does not mean security is compromised. The remailer chain as strong as strongest link point that Hal and others have made. > However, if you trust the operator and if this trust is guaranteed to be > continued forever, the ideal number of remailers is one. Since the trust in remailers in not unity, and since the addition of remailers can only increase security and not decrease it, the ideal number of remailers is greater than one. Else, using the "trick" I described in my last post, simple establish that one is a remailer and then stop bothering with other remailers. (Not that I recommend this, for various reasons.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From rarachel at prism.poly.edu Sun Aug 7 22:15:03 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 7 Aug 94 22:15:03 PDT Subject: Digital Telephony bill, August 1 draft (fwd) Message-ID: ---------- Forwarded message ---------- Date: Thu, 4 Aug 1994 21:17:35 -0400 (EDT) From: Sal Denaro To: Arsen Ray Arachelian Subject: Re: Digital Telephony bill, August 1 draft (fwd) >From panix!MathWorks.Com!europa.eng.gtefsd.com!library.ucla.edu!agate!headwall.Stanford.EDU!cindy.stanford.edu!user Thu Aug 4 21:03:35 1994 Path: panix!MathWorks.Com!europa.eng.gtefsd.com!library.ucla.edu!agate!headwall.Stanford.EDU!cindy.stanford.edu!user From: rogo at forsythe.stanford.edu (Mark Rogowsky) Newsgroups: comp.sys.intel,comp.sys.powerpc Subject: Re: IBM Power-PC future In article , issa at cwis.unomaha.edu (Issa El-Hazin) wrote: > * OS/2 and NT. > Microsoft's Windows NT will probably become the OS of choice > for the IBM PPS's and the Intel PCI local-bus will be the only > bus offered with IBM's new machines. Now wasn't a main idea with > the new architecture is to compete/get ride of the MS/Intel > dominance so IBM/Apple can start making a good buck again! OS/2 > for the PowerPC (previously known as WorkPlace OS) keeps on getting > delayed and when it's finally released, I don't think it will compete > with Windows NT 3.5. Beside being a very robust OS, NT is also > available for Intel, MIPS, DECs, and other workstations and its' > been out for a while. Your chip-mania is lunacy... Let's try a new lens... Q2,'95, PPC 604 in machines, chip costs around $400 at 100MHz. Q4,'95 P6 in machines, chip costs around $1100 at 133MHz. PPC 604 matches P6 performance (or betters it) with 133MHz and 150MHz versions. 100MHz version is $250. Developers routinely recompiled Win32 apps for PPC. PPC 620 shipping in quantity. Initial price, $999. AMD K5 variants and Cyrix M1 variants begin really annoying Intel by matching all P5 performance points with lower prices. The ensuing price war begins chopping away something from Intel's gargantuan profits. Q1,'96 P6 machines now available in quantity. Few willing to pay the high price. Really fast P5s keep those not looking for change quite happy. Some, looking for price/performance, begin thinking about PPC machines. Q2,'96 PPC620 machines ship. Faster 604s, P5s, P6s, abound. Nothing can touch 620 in the PC marketplace. Machines expensive. PPC604 chip price now at about $150. P6 at about $750. Q4,'96 Word of the PowerPC 800 series just swept Comdex (IBM and Moto did a big show on the new series). Systems should begin appearing in 12-18 months. Intel cloners becoming really annoying. IBM, making money selling PPC systems, also has figured out what Intel already knows: you can make more money selling whole logic boards to PC cloners rather than just chips. Using Cyrix technology, they are cutting deeper into the P5-class x86 business. Intel/HP briefing ignored. Who cares about a chip coming out in two years? Gateway and Dell merge but keep identities separate. HP again considers buying Apple. Q2,'97 Intel fights back with much cheaper P6s and much faster ones. First PPC 800 series silicon is becoming available. Q4,'97 PPC running 800 SPECint. Q2,'98 Intel/HP first silicon using VLIW technology. Compatible with existing x86 binaries. Intel encouraging ISVs to write to the "native mode" of the new chips, though. That was fun.... IBM's PPCs will have preemption, threads, telephony, video, etc. (as soon as they ship). Macs will have threads, telephony, video, etc. (as soon as 7.5 ships). I don't think lack of preemption will kill, or even severely wound, Apple's efforts to keep -- and perhaps increase -- its market share. Also, that PnP stuff and multimedia will still be better on Macs (because they've always been plug and play and because QuickTime is really going to win the race over Video for Windows -- call Bell Atlantic if you disagree). *** should have been posted to alt.prose :> sal at panix.com Yes, I use PGP. Salvatore Denaro Live fast, Die young, Hack C++ My heart is broke/but I have some glue Sex, Drugs and Cryptography. Help me inhale/and mend it with you From an118 at vox.hacktic.nl Sun Aug 7 23:06:14 1994 From: an118 at vox.hacktic.nl (an118 at vox.hacktic.nl) Date: Sun, 7 Aug 94 23:06:14 PDT Subject: No Subject Message-ID: <199408080606.AA26364@xs4all.hacktic.nl> I saw an interesting post in sci.crypt last week about a particular cypher. I think it ws called "The Penknife Cypher" or something along those lines. I guess I have been so PGP oriented that i've sort of stuck my head in the sand and ignored other possibilities regarding encryption. ARE there any other good cypher's out there, suitable for e-mail usage? And more importantly, are they readily available, likely through ftp from some European source. I guess it doesn't matter how popular they are, but how secure they are. I'd be interested in a strong one for usage between a couple of friends and myself. The keys could be spread via PGP and then I suppose we could start using the cypher. Any ideas? Or is my best bet to pickup Schneir's Applied Cryptography and use an algorithim from that? -------------------------------------------------------------------------- To find out more about the anon service, send mail to help at vox.hacktic.nl Please report any problems, inappropriate use etc. to admin at vox.hacktic.nl Direct replies to the sender of this message are -not- anonymised From nobody at CSUA.Berkeley.EDU Sun Aug 7 23:10:57 1994 From: nobody at CSUA.Berkeley.EDU (Tommy the Tourist (Anon User)) Date: Sun, 7 Aug 94 23:10:57 PDT Subject: TOMMY THE TOURIST IS COMPROMISED DON'T USE IT Message-ID: <199408080611.XAA16299@soda.CSUA.Berkeley.EDU> Tommy the Tourist is compromised, it is possible to trace who sent the message from the anonymous remiler called "Tommy the Tourist" Anonymity cannot be assured, please direct anonymous traffic through other anonymous remailers. ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 8 lines: :: Response-Key: the-clipper-key ====Encrypted-Sender-Begin==== MI@```%Q^&2?(E ---------- | From: "Pat Farrell" | | I'm sure that you are correct. I talked just this past Friday to | David Banistar at EPIC/CPSR on this. But the law seems to | be mostly ignored, as is the fact that SSN's are not unique. | | The key is, what do we do about it? I routinely refuse to give my SSN to agencies that have no government affiliation. I've been hassled for this stance, and frequently refused service/credit. My phone company demanded an exorbitant deposit because I wouldn't give them my SSN when signing for service. I am greatly disturbed by the amount of personal information currently available on an individual, and accessible with keys as simple as SSN, full name, and mother's maiden name. I, however, have no clue what to do other than continue to refuse to supply data whenever possible. garthB> ------------------------------------------------------------------------------ Garth S. Brown, Semaphore Corporation 122 South Jackson Street, Suite 350 garthb at semaphore.com Seattle, Washington 98104 InterNIC WHOIS: GB(31) -Public key available via finger of garthb at semaphore.com -PGP2.6 Key fingerprint = 65 0E 48 A1 F7 38 DB 03 3F 77 77 9E B5 53 2E 96 ------------------------------------------------------------------------------ All problems can be solved with the proper application of high explosives. From v-garthb at microsoft.com Sun Aug 7 23:44:41 1994 From: v-garthb at microsoft.com (Garth Brown (Semaphore Software)) Date: Sun, 7 Aug 94 23:44:41 PDT Subject: Looking for info on PGP enabling mail apps. . . . Message-ID: <9408080646.AA29668@netmail2.microsoft.com> i'm looking for info on enabling automatic PGP signing of mail messages from PINE and ELM. Perhaps i'm babbling about something in a FAQ i missed, in which case i'll filter flames to /dev/null. =) thanks garthB> ------------------------------------------------------------------------------ Garth S. Brown, Semaphore Corporation 122 South Jackson Street, Suite 350 garthb at semaphore.com Seattle, Washington 98104 InterNIC WHOIS: GB(31) -Public key available via finger of garthb at semaphore.com -PGP2.6 Key fingerprint = 65 0E 48 A1 F7 38 DB 03 3F 77 77 9E B5 53 2E 96 ------------------------------------------------------------------------------ All problems can be solved with the proper application of high explosives. From jgostin at eternal.pha.pa.us Mon Aug 8 01:03:01 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Mon, 8 Aug 94 01:03:01 PDT Subject: Anonymous Transport Agents (Was: Latency vs. Reordering) Message-ID: <940808023733B6Mjgostin@eternal.pha.pa.us> hughes at ah.com (Eric Hughes) writes: > Simulating any of the salient features of a link encryptor over the > Internet is an interesting exercise, particularly in regard to price > negotiation with your service provider. I'm about to branch into the limits of my knowledge on this particular topic: I run a DOS site under a heavily modified version of Waffle (1.65 base), so the Unix-ish transport mechanisms are a tad out of my realm of knowledge. With that in mind... Suppose an encryption-savvy mail transport agent, say ESMTP, was developed. Further suppose that part of handshaking protocol for this transport protocol included an ENCRYPTED reverse lookup on IP identities to check that the message is actually coming from where it claims it's coming from. Suppose again that the results of this lookup were only checked for correctness (boolean), and then discarded WITHOUT LOGGING, or at least with minimal logging. If the reverse lookup was TRUE (IE: the sending machine was who it said it was), the message was accepted. If it failed, the message would be accepted, and then sent to the bit bucket. In this model, one could provide anonymous transportation of anonymous mail FOR EVERY MACHINE ON INTERNET providing that the original message wasn't forged. All that would be required (beyond running ESMTP) is an encrypted version of the return address (a la Soda remailer) to be placed some predetermined place in the message. This seems too easy: What am I missing? Have I actually come up with a way to do this? --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From beker at netcom.com Mon Aug 8 01:21:44 1994 From: beker at netcom.com (Brian Beker) Date: Mon, 8 Aug 94 01:21:44 PDT Subject: Latest mention in Wired In-Reply-To: Message-ID: > I noticed in the Sat Pirate article in the latest Wired (which I finally > read this evening), there is a mention of the Cypherpunks in connection > to PGP and opposition to the creation of a Police State. Page 128, I think. Who cares. A mention of WIRED in cypherpunks is far more noteworthy. The lag time inherent in magazine production, particularly a magazine dealing with the expansion of cyberspace, is oxymoronic. Here, at least there is immediacy combined with no whit of concern for the expectations of readership. Wired isn't even worth reading any more. BB From sidney at taurus.apple.com Mon Aug 8 02:48:57 1994 From: sidney at taurus.apple.com (Sidney Markowitz) Date: Mon, 8 Aug 94 02:48:57 PDT Subject: CreditCard info Message-ID: <9408080949.AA18980@apple.com> [various people speculated about legality of a company requiring your SSN] There's a Social Security Number FAQ posted regularly on alt.privacy, and also available from the usual usenet FAQ sites. It says that government agencies in the U.S. have restrictions regarding asking for and using your SSN, but private sector organizations do not. There's a lot more detail, but I don't need to repeat it here. -- sidney From jdd at aiki.demon.co.uk Mon Aug 8 03:07:04 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Mon, 8 Aug 94 03:07:04 PDT Subject: Improved remailer reordering Message-ID: <4283@aiki.demon.co.uk> In message <9408072325.AA18643 at ah.com> Eric Hughes writes: > Imagine a RemailerNet (v0.2) that maintained a fixed level of > traffic between gateways. > > This is exactly what I was talking about when I posted earlier about > link encryptors, and effective collapse of nodes for traffic analysis > purposes. Traffic analysis of mixes and remailers assumes, as an > abstraction, that all the messages going into and coming out of a > particular node are visible. As soon as you remove this condition, > the analytical situation changes completely. There is little difference between RemailNet v0.1 and v0.2 in this regard. Fragmenting messages into packets of fixed length, randomizing routing, and noise injection were all present in v0.1. > The problem with implementation of link encryption is, like everything > else, cost. Link encryption off the Internet requires dedicated > lines. I think that there is some confusion here. Time is defined in terms of steps, each one of which represents the dispatch of one packet. The packets can be received and dispatched in batches. > In general, the messages do not exist > as wholes along the lines connecting the gateways, so a discussion of > their reordering is a good way to waste time. > > You still have to worry about reordering in the network as a whole. > The system you've described has reassembly done at the endpoints, who > might not be the final receiver. I pass over the flaw of lack of > message quantization in the final sending of reassembled messages. > We may assume for discussion that they're all the same length. You need not pass over the 'flaw of lack of message quantization in the final sending'. Someone running a private high security gateway, an "empowered user", participates in the same way as the other RemailerNet gateways, and there is in fact no way to determine even whether he is sending or receiving, or in fact whether he is doing anything at all. He may be just sending and receiving noise packets. Users accessing the net using low security versions of the software do have less security, but that is a consequence of their use of low security software. > Now, you still need to calculate the likelihood that a particular > outgoing message is the same message as a particular incoming message. > These probabilities have to do with message reordering. You still > need to do the calculation. Some of the discussion here is at cross purposes. My focus has been on specifying a system which is itself very difficult to attack using cryptoanalytic techniques. An "empowered" user of RemailerNet v0.2 who sends messages via a system which acts as a gateway need not worry very much about traffic analysis. A user whose access to RemailerNet is via a low security system will be exposed to a higher level of risk. Which factors are the most important element in causing risk depend upon the nature of the traffic through the system and the size and geographic distribution of the network itself. A functioning RemailerNet with widely distributed gateways and at least a moderate level of traffic from at least a moderate number of widely distributed users is not easily subjected to what I might call external traffic analysis. Essentially, you make a model of the system which removes many of the features that defeat traffic analysis and then say, hey, this thing is easily subject to traffic analysis. Well, if you go far enough, sure. -- Jim Dixon From mimir at io.com Mon Aug 8 03:10:46 1994 From: mimir at io.com (Al Billings) Date: Mon, 8 Aug 94 03:10:46 PDT Subject: Latest mention in Wired In-Reply-To: Message-ID: On Mon, 8 Aug 1994, Brian Beker wrote: > > > I noticed in the Sat Pirate article in the latest Wired (which I finally > > read this evening), there is a mention of the Cypherpunks in connection > > to PGP and opposition to the creation of a Police State. Page 128, I think. > > > Who cares. A mention of WIRED in cypherpunks is far more noteworthy. > The lag time inherent in magazine production, particularly a magazine > dealing with the expansion of cyberspace, is oxymoronic. Here, at least > there is immediacy combined with no whit of concern for the expectations > of readership. Wired isn't even worth reading any more. Thank you for sharing (not). There are some people here interested in media references to the Cypherpunks. If you aren't, that's your business. From perry at imsi.com Mon Aug 8 05:00:38 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 8 Aug 94 05:00:38 PDT Subject: amateur ciphers In-Reply-To: <199408080606.AA26364@xs4all.hacktic.nl> Message-ID: <9408081200.AA21156@snark.imsi.com> an118 at vox.hacktic.nl says: > I saw an interesting post in sci.crypt last week about a particular cypher. > I think it ws called "The Penknife Cypher" or something along those lines. > I guess I have been so PGP oriented that i've sort of stuck my head in the > sand and ignored other possibilities regarding encryption. > > ARE there any other good cypher's out there, suitable for e-mail usage? The only really reasonable symmetric key ciphers out there in publically described form these days are DES, 3-DES and IDEA. There are a couple of things that may be okay, but which aren't out in the public literature (RC2 and RC4), a couple of things that are likely okay but which we are REALLY not going to find anything out about for a while (Skipjack :-) and a couple of things that are promising (like Coppersmith's new SEAL stream cipher, which looks quite interesting indeed.) Periodically, on sci.crypt and on this list, flakey people post their latest bathtub cipher. Most of these are extremely poor. Sometimes people post long dissertations on their new cipher, which last for tens of pages full of what the authors imagine to be extremely scholarly commentary. Sometimes these people get very angry that no one is responding to their comments. Don't use these ciphers. There are also people out there who are "talented amateurs" or "experimenting professonals" who post experimental ciphers that they've come up with that they know probably aren't that great but which they discuss in public. These shouldn't be used, either, but they are more interesting to look at. Constructing a cipher which is actually safe for real use is a VERY difficult thing. Most amateurs don't even know why their attempts are silly looking. Don't assume that because something is posted to the net that its safe to use. Perry From rah at shipwright.com Mon Aug 8 05:46:46 1994 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 8 Aug 94 05:46:46 PDT Subject: CreditCard info Message-ID: <199408081244.IAA08135@zork.tiac.net> At 11:49 PM 8/7/94 -0500, Brian Lane wrote: > ....in 10 years all >newborns will have a small uP implanted into their hand(ala Demolition >Man) that will keep track of all their electronic data. Scares the crap >out of me. We just had thread about that. I had brought up Gerry O'Neill's old book "2081", which had a discussion of buying things by picking them up and walking away with them (everything, including you, had an identifying transponder). There was some talk about Xerox PARC's work with transponders in their "Ubiquitous Computing" office concept. What I didn't understand was how to implement Esther Dyson's idea about people owning all their personal information and protecting all that "property" with strong crypto. Paradoxically, I bet both these ideas (transponders and personal information as property through strong crypto) can work together. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From tc at phantom.com Mon Aug 8 05:54:32 1994 From: tc at phantom.com (Dave Banisar) Date: Mon, 8 Aug 94 05:54:32 PDT Subject: Digicash address? In-Reply-To: <199408080448.AAA08240@bwh.harvard.edu> Message-ID: You can reach David Chaum at chaum at digicash.nl -dave On Mon, 8 Aug 1994, Adam Shostack wrote: > > Could someone send me contact information for David Chaum's > Digicash company? An email address would be great... > > Thanks in advance, > > Adam > From blane at squeaky.free.org Mon Aug 8 07:39:46 1994 From: blane at squeaky.free.org (Brian Lane) Date: Mon, 8 Aug 94 07:39:46 PDT Subject: Looking for info on PGP enabling mail apps. . . . In-Reply-To: <9408080646.AA29668@netmail2.microsoft.com> Message-ID: On Sun, 7 Aug 1994, Garth Brown wrote: > i'm looking for info on enabling automatic PGP signing > of mail messages from PINE and ELM. > > Perhaps i'm babbling about something in a FAQ i missed, > in which case i'll filter flames to /dev/null. =) > > thanks This depends on your setup. I am running PGPsendmail on my Linux box. This is a wrapper for sendmail/smail that allows automatic encryption to specified recepients, adn per mail encryption and signing through the use of a X-Secure: command line. If you are reading your mail on a remote machine you might be able to talk the sysadmin into installing this program, or you might try one of the scripts out there(look at soda.berkeley.edu in /pub/cypherpunks/utilities I think?) Brian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From hfinney at shell.portal.com Mon Aug 8 07:58:11 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 8 Aug 94 07:58:11 PDT Subject: Anonymous Transport Agents (Was: Latency vs. Reordering) In-Reply-To: <940808023733B6Mjgostin@eternal.pha.pa.us> Message-ID: <199408081457.HAA07967@jobe.shell.portal.com> Jeff Gostin writes: > Suppose an encryption-savvy mail transport agent, say ESMTP, was >developed. Further suppose that part of handshaking protocol for this >transport protocol included an ENCRYPTED reverse lookup on IP identities >to check that the message is actually coming from where it claims it's >coming from. Suppose again that the results of this lookup were only >checked for correctness (boolean), and then discarded WITHOUT LOGGING, or >at least with minimal logging. If the reverse lookup was TRUE (IE: the >sending machine was who it said it was), the message was accepted. If it >failed, the message would be accepted, and then sent to the bit bucket. I can see two problems. First, at least the first machine on the trans- port path will see both your origin address and your destination address. So it is in a perfect position to do traffic analysis. Many users may not have the ability to control which machine this is since routing is usually automatic these days. Second, if each machine simply saves a message and sends it on, then even if the messages are encrypted there will probably be timing relationships between the incoming and outgoing messages which will allow them to be linked. So someone monitoring the intersite communication channels may be able to track a message through the network just by noticing when it comes into and goes out of each node. This is why Chaum introduces message batching and mixing at each node. Hal From hfinney at shell.portal.com Mon Aug 8 08:02:43 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 8 Aug 94 08:02:43 PDT Subject: Improved remailer reordering In-Reply-To: <4283@aiki.demon.co.uk> Message-ID: <199408081502.IAA08127@jobe.shell.portal.com> jdd at aiki.demon.co.uk (Jim Dixon) writes: >You need not pass over the 'flaw of lack of message quantization in >the final sending'. Someone running a private high security gateway, >an "empowered user", participates in the same way as the other RemailerNet >gateways, and there is in fact no way to determine even whether he is >sending or receiving, or in fact whether he is doing anything at all. >He may be just sending and receiving noise packets. >Users accessing the net using low security versions of the software do >have less security, but that is a consequence of their use of low >security software. I could see this would come up in Jim's description. Who exactly are these "empowered users"? And how much security do the second-class citizens ac- tually get? Will it work for everyone to become "empowered", or are there scaling problems in terms of bandwidth? It seems to me that the most sensible approach is to make message fragmen- tation into standard-sized packets, along with reassembly, be at the end user site. This way everyone becomes a first-class citizen. Hal From jdd at aiki.demon.co.uk Mon Aug 8 08:11:13 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Mon, 8 Aug 94 08:11:13 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) Message-ID: <4308@aiki.demon.co.uk> In message <199408080514.WAA28015 at netcom7.netcom.com> "Timothy C. May" writes: > Jim Dixon writes: > (quoting Hal Finney) > > > If this idea seems valid, it suggests that the real worth of a network of > > > remailers is to try to assure that there are at least some honest ones > > > in your path. It's not to add security in terms of message mixing; a > > > single remailer seems to really provide all that you need. > > > > Yes, in an ideal world. Each additional remailer introduces another > > chance of being compromised. > > No, I'm afraid you have this backwards. A remailer cannot introduce > a chance of increase the chance of being compromised. There are at least two models of remailer networks being kicked around. In what I have called RemailerNet, if a gateway is compromised, then some degree of traffic analysis is possible, and other parts of the system become less secure. Security increases when there are two remailers handling your traffic, because then neither should know the identity of both sender and receiver. Whether the addition of more intervening remailers increases the security of the system in RemailerNet is a complex question. In the second model of remailer networks, I also believe that using more than two remailers and the random selection of remailers decreases the security of the system if there is regular traffic between correspondents. To argue this at all, one would need a much clearer model with all of the assumptions spelled out in detail. For the argument to be interesting, the model would have to be realistic. My personal impression is that the second model is highly insecure in cases where there is regular traffic between two parties and some third party has significant resources. -- Jim Dixon From jdd at aiki.demon.co.uk Mon Aug 8 08:12:03 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Mon, 8 Aug 94 08:12:03 PDT Subject: RemailerNet v0.2 Message-ID: <4309@aiki.demon.co.uk> RemailerNet v0.2 (RN0.2 for short) 1.0 a number N of RN gateways exist 1.1 these communicate using encrypted packets of a fixed length L 1.2 messages may originate from gateways or from outside the network 1.3 messages are passed across the network in packets 1.4 a packet may contain data from 0, 1, or more messages 1.5 routing of the packets is randomized (this does not mean that the probability of a route being chosen is equal for all routes, it means that if N>2, there is no route for which the probability is 1) 1.6 the order of dispatch of packets is randomized 1.7 on average, all gateways are required to send and receive the same number of packets per unit of chronological time 1.8 the dispatch randomization function adjusts the average latency and the distribution of latencies so that the preceding commitment is met, introducing noise packets as required 1.9 mechanisms allow the traffic level to rise quickly but constrain them to fall slowly 1.10 gateways are required to exchange the same number of packets in any session 1.11 inter-gateway connections may be either open at all times (in which case sessions begin only when the connection has gone down by accident) or they may be established periodically 2.0 any message has a source gateway and a destination gateway 2.1 message fragmentation takes place at the source gateway 2.2 message reassembly takes place at the destination gateway 2.3 all packets are acknowledged 2.4 message delivery is reliable, in the sense that the destination gateway will report delivery of incomplete or damaged messages to the gateway 2.5 messages may be sent to a gateway for forwarding to another gateway 2.6 message delivery time can be specified 2.7 message delivery policy can be specified 2.8 delivery policies include (a) hold until picked up, (b) hold for a specified period of time, (c) discard if not received immediately 2.9 gateways should always destroy mail after delivery is acknowledged [unless the mail is to an as-yet-unspecified persistent store] 3.0 gateways frequently exchange routing information 3.1 that routing information has an expiration date 3.2 gateway operators can choose who they announce routing information to and accept routing information from 3.3 gateways can settle accounts with one another periodically 4.0 level 2 gateways will communicate with one another using RN protocols using IP datagrams 4.1 level 1 and 2 gateways will communicate using the same protocols using email (SMTP) datagrams 4.2 where gateways are operated by users, the requirement that gateways should exchange the same number of packets per unit time would be weakened in some as yet unspecified way 5.0 end users may either operate gateways or communicate with a level 1 or 2 gateway using email 5.1 in either case, users may have accounts with gateways and may be charged for usage 6.0 RN gateway software should be available only from trusted sites by FTP 6.1 RN bootstrap software should be available on diskette 6.2 the bootstrap software should allow the secure downloading of system updates over RemailerNet 7.0 an alt.? group could be used to announce new gateways 7.1 established gateways would be encouraged to rate new gateways 7.2 software updates would be announced in the alt.? group 7.3 a FAQ would be published in the alt.? group every ten days or so 8.0 users would be encouraged to use gateways in geographically distant locations -- Jim Dixon [adding the notion of a persistent store would allow the creation of electronic safety deposit boxes] From mmarkley at microsoft.com Mon Aug 8 08:37:50 1994 From: mmarkley at microsoft.com (Mike Markley) Date: Mon, 8 Aug 94 08:37:50 PDT Subject: CreditCard info Message-ID: <9408081538.AA06789@netmail2.microsoft.com> Garth Brown writes: ---------- | From: Garth Brown (Semaphore Software) | To: ; | Subject: RE: CreditCard info | Date: Sunday, August 07, 1994 5:41PM | | It's my understanding that it's technically illegal for anyone to require | your SSN for anything if they are not using it for SS related purposes. | I had heard that congress passed a law when SSNs were issued to this | effect. | | Am I hallucinating, or has someone else heard this too?! | I have heard this also. On a related note it is also no longer legal to require credit cards for identification when writing a check. Mike. ===================================================== Mike Markley I'm not a Microsoft spokesperson. All opinions expressed here are mine. ===================================================== From rfb at lehman.com Mon Aug 8 08:40:54 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Mon, 8 Aug 94 08:40:54 PDT Subject: Remailer ideas In-Reply-To: <199408060511.WAA24892@jobe.shell.portal.com> Message-ID: <9408081539.AA25778@fnord.lehman.com> Date: Fri, 5 Aug 1994 22:11:59 -0700 From: Hal To: cypherpunks at toad.com Subject: Re: Remailer ideas References: <9408051709.AA14763 at ah.com> . . . A copy of outgoing email could be kept, acknowledgements received on receipt, and the email deleted or re-transmitted as needed. Serial numbers would distinguish retransmissions so that redundant resendings (where the packets "crossed in the mail", so to speak) would be dropped. All this was designed in an afternoon in Xmodem. It's conceptually easy. The hard part is getting a standard and getting people to build it into their Mail User Agents. I think that many of the simple cases are conceptually easy, but even slightly complicated ones are non-trivial. For example, I tend to include Return-Receipt-To: lines in my messages, so I get a bunch of responses. Interpreting those responses and deciding what action would be appropriate raises some interesting questions, not the least of which is ``What does it mean for a message to be successfully delivered to the cypherpunks list?''. Just as an example how easily the issue can become confused, I'll throw in, ``How is the meaning of successful delivery affected by changes in list membership during transmission?'' Considering that some of the addresses to which cypherpunks is distributed are also distribution lists, any list related problems are multiplied. Practical issues make this whole thing more difficult. The ``getting people to build it into their Mail User Agents'' part in particular. The idea of a Return-Receipt-To: field has been around for a while, but the semantics have never been pinned down. Some mailer daemons generate replies meaning that the bits were delivered. Some readers (MUAs?) generate replies based on end-user actions. This thread of discussion got me thinking about a really sick thought though: Using email messages to represent UDP packets. Rick From jgostin at eternal.pha.pa.us Mon Aug 8 09:21:00 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Mon, 8 Aug 94 09:21:00 PDT Subject: TOMMY THE TOURIST IS COMPROMISED DON'T USE IT Message-ID: <940808112403B8Bjgostin@eternal.pha.pa.us> Tommy the Tourist (Anon User) writes: > Tommy the Tourist is compromised, it is possible to trace who sent the > message from the anonymous remiler called "Tommy the Tourist" > Anonymity cannot be assured, please direct anonymous traffic through > other anonymous remailers. I'll believe you when you post this signed with TtT's PGP key? Is there a 'punk that can verify this, or is just an assanine game played by adolesents? --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From koontzd at lrcs.loral.com Mon Aug 8 10:03:50 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Mon, 8 Aug 94 10:03:50 PDT Subject: Problem in draft FIPS `CRYPTOGRAPHIC SERVICE CALLS' Message-ID: <9408081703.AA13961@io.lrcs.loral.com> It appears to be an attempt to formalize the interface to the Tessera card. The file cryptcal.txt can be found on csrc.ncsl.nist.gov From tcmay at netcom.com Mon Aug 8 10:32:36 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 8 Aug 94 10:32:36 PDT Subject: reordering In-Reply-To: <9408081651.AA25282@smds.com> Message-ID: <199408081731.KAA02667@netcom16.netcom.com> Steve Witham writes: > > (Oh, you mean the key is to _randomly reorder_ the messages, not just > > delay them by an hour when the average number of messages in an hour > > is less than 1 anyway? Oh, now I see. Never mind!) > > > > --Tim May, who is as tired as Eric is of hearing the hoary old > > chestnuts about 'random delays,' this without regard to calculating > > the amount of reordering. > > Tim, you sound like you mean calculating the amount of reordering based > on the delay vs. average traffic--exactly what Eric is arguing against! > The thing is to write the software to do reordering directly, not > calculate how much it's going to do after you've written it... No, I mean that if it is desired to reorder with a batch of 10 messages (10 messages in, 10 messages out), then that's what one does, whether it takes 10 minutes or 10 hours to get this many messages. I think in my last paragraph above I made it clear that "random delays" are a lose, generally, and that the "amount of reordering" is what's needed. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jim at acm.org Mon Aug 8 10:57:55 1994 From: jim at acm.org (Jim Gillogly) Date: Mon, 8 Aug 94 10:57:55 PDT Subject: TOMMY THE TOURIST IS COMPROMISED DON'T USE IT In-Reply-To: <940808112403B8Bjgostin@eternal.pha.pa.us> Message-ID: <9408081658.AA03471@mycroft.rand.org> > Jeff Gostin writes: > I'll believe you when you post this signed with TtT's PGP key? Is > there a 'punk that can verify this, or is just an assanine game played by > adolesents? I think I can shed light on the report: a guy posted a message through the remailer addressed to BlackNet, and encrypted the message with PGP so it could be read either by himself or by L. Detweiler's BlackNet key. I posted a response that mentioned the user ID associated with his key. He assumed I had penetrated the remailer, not realizing he had exposed his key ID nor that his key was on a server. Jim Gillogly Hevensday, 16 Wedmath S.R. 1994, 16:54 From jdd at aiki.demon.co.uk Mon Aug 8 11:21:18 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Mon, 8 Aug 94 11:21:18 PDT Subject: Improved remailer reordering Message-ID: <4336@aiki.demon.co.uk> In message <199408081502.IAA08127 at jobe.shell.portal.com> Hal writes: > >You need not pass over the 'flaw of lack of message quantization in > >the final sending'. Someone running a private high security gateway, > >an "empowered user", participates in the same way as the other RemailerNet > >gateways, and there is in fact no way to determine even whether he is > >sending or receiving, or in fact whether he is doing anything at all. > >He may be just sending and receiving noise packets. > > >Users accessing the net using low security versions of the software do > >have less security, but that is a consequence of their use of low > >security software. > > I could see this would come up in Jim's description. Who exactly are these > "empowered users"? And how much security do the second-class citizens ac- > tually get? Will it work for everyone to become "empowered", or are there > scaling problems in terms of bandwidth? > > It seems to me that the most sensible approach is to make message fragmen- > tation into standard-sized packets, along with reassembly, be at the > end user site. This way everyone becomes a first-class citizen. I think that you want at least three levels in this system, with increasingly strong requirements as you go up the levels and (necessarily) increasingly weak security as you go down. You should be able to pop messages into the system from any terminal anywhere, just using ordinary email. But you should also be able to casually dump a few hundred megabytes into the system without making too big a splash, if you have the right equipment. Ideally, the empowered user's (your term, yes?) system is functionally a gateway, but it has a nice front end on it, something like Mosaic. It is probably a single user system with a RemailerNet interface bolted on to it; it probably runs under Windows; it may even be a modified version of Mosaic. The system at the next level up is a workhorse. Its user interface would be a system manager's, designed to show him how traffic is flowing, highlighting bottlenecks, etc. It would be designed to run automatically. -- Jim Dixon From cknight at crl.com Mon Aug 8 11:35:56 1994 From: cknight at crl.com (Chris Knight) Date: Mon, 8 Aug 94 11:35:56 PDT Subject: CreditCard info In-Reply-To: <9408080045.AA26869@netmail2.microsoft.com> Message-ID: On Sun, 7 Aug 1994, Garth Brown wrote: > It's my understanding that it's technically illegal for anyone to require > your SSN for anything if they are not using it for SS related purposes. > I had heard that congress passed a law when SSNs were issued to this > effect. It's true... You do not HAVE to give your ssn to anyone other than the IRS and your employer... So many companies have changed their proceedures so that credit apps, buyers club memberships, and that such stuff, are more of a pain if you do not give your ssn. They won't make you give it, but they will make whatever you want harder to get if you don't... -ck From dwomack at runner.utsa.edu Mon Aug 8 11:42:05 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Mon, 8 Aug 94 11:42:05 PDT Subject: PGP 2.6 for UNIX Message-ID: <9408081843.AA01037@runner.utsa.edu> I've been having difficulty compiling PGP 2.6 for UNIX V, Release 4.0. There *_were_* some compiled executables out there for 2.3, but I've failed to find the same for the 2.6 version. Any ideas? Thanks! Dave From t-vinodv at microsoft.com Mon Aug 8 11:59:58 1994 From: t-vinodv at microsoft.com (Vinod Valloppillil) Date: Mon, 8 Aug 94 11:59:58 PDT Subject: Digicash address? Message-ID: <9408081900.AA19199@netmail2.microsoft.com> If you're looking for info on digicash, it might be more polite to mail to info at digicash.nl than to mail directly to David Chaum's account.... Vinod ---------- From: Dave Banisar To: Adam Shostack Cc: Cypherpunks Mailing List Subject: Re: Digicash address? Date: Monday, August 08, 1994 8:53AM You can reach David Chaum at chaum at digicash.nl -dave On Mon, 8 Aug 1994, Adam Shostack wrote: > > Could someone send me contact information for David Chaum's > Digicash company? An email address would be great... > > Thanks in advance, > > Adam > From greg at ideath.goldenbear.com Mon Aug 8 12:04:18 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Mon, 8 Aug 94 12:04:18 PDT Subject: Anonymous Transport Agents Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > Suppose an encryption-savvy mail transport agent, say ESMTP, was > developed. Further suppose that part of handshaking protocol for this > transport protocol included an ENCRYPTED reverse lookup on IP identities > to check that the message is actually coming from where it claims it's > coming from. Suppose again that the results of this lookup were only > checked for correctness (boolean), and then discarded WITHOUT LOGGING, or > at least with minimal logging. [. . .] > In this model, one could provide anonymous transportation of > anonymous mail FOR EVERY MACHINE ON INTERNET providing that the original > message wasn't forged. It looks to me like you've "supposed" away the real obstacle to anonymous messages - the practice of logging traffic. Once you assume that people won't keep logs, the rest of the protocol is unnecessary - everyone's got anonymous messaging capability already. Forgery prevention is more useful when it's user-to-user, not host-to-host; we can do this already with PGP. The tricky part is finding a way to preserve anonymity where the majority of sites on the Internet continue to log traffic carefully, refuse to install new software (especially anon-positive software), and are administrated by people with simplistic and outdated ideas about identity and punishment. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLkZ7wH3YhjZY3fMNAQH3FQP9FWac8oASgwTJp4rI9fRLHsAXEVXKdNDE jwDzSYTy38ZJnaa1kBYpsqJzrPnFdYNY6t2vlIjNmZMHOevarfkwF+uKabJxah1L Wt1rlkN06P8XpgsYVGTre1L28/HB+NtrEImTm9OzQGx+LRdY0OqLW1U/vSPwOjqw /DeLaSNzBnE= =bdDT -----END PGP SIGNATURE----- From jim at bilbo.suite.com Mon Aug 8 12:22:36 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Mon, 8 Aug 94 12:22:36 PDT Subject: Digicash address? Message-ID: <9408081921.AA07555@bilbo.suite.com> I see others have posted e-mail addresses..here's DigiCash's Web URL in case you're looking for general info: http://digicash.support.nl/ Jim_Miller at suite.com From johndo at microsoft.com Mon Aug 8 12:39:33 1994 From: johndo at microsoft.com (John Douceur) Date: Mon, 8 Aug 94 12:39:33 PDT Subject: Remailer ideas Message-ID: <9408081940.AA21249@netmail2.microsoft.com> -----BEGIN PGP SIGNED MESSAGE----- >From: Eric Hughes >Date: Saturday, August 06, 1994 4:02PM >Hal's random-send spool has an expected value of latency which is >approximately the size of the spool but has no deterministic upper >bound for that latency. Fine. Great. No problem. There should be >zero hesitation here, because the expected value -- the probabilistic >average -- is what you want. There is an important distinction between systems for which the only observable behavior is the probabilistic average and those for which the observable behavior is that of the individual actions. An example of the former system is a hash table with open addressing: The absolute worst case for a lookup is as bad as that in an unsorted list; however, this is not usually a problem, because programs generally perform large numbers of lookups, and the performance that the user observes is therefore equal to the probabilistic average. An example of the latter system is the case in point, a remailer: If a message is delayed unduly, the sender is unlikely to be contented by the fact that many other users' messages were serviced with considerably greater promptness. Therefore, the probabilistic distribution of service times is as important a metric of a remailer's performance as the probabilistic average service time. It may thus be quite reasonable to build in a hard cutoff in service time, such that any message that has been delayed by more than a set amount will be guaranteed to be sent on the next transmission. For some user of the remailer, this will make an observable improvement in performance; and since the extreme delay which triggers the expedited transmission is an unpredictable and infrequent event, it will not make cryptanalysis of the remailer any easier. JD -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkaHjEGHwsdH+oN9AQGOjAP/eCDAPlVfsdzB7HsBO5FLmFaxt5udMAPE UrFYw1EvrFP8gbMd6976dU6+o/A6xtDbZXCN8UOX5SYsY4+ixWxR3X5x86f4VAPi BowglJWs9hrGH/iSGH1tk2+ehbpFNKA4vUlvRtjKfX5vudYr5+fHWjCndFiVTo6K VXy0N2iQI4U= =uTv6 -----END PGP SIGNATURE----- From CCGARY at MIZZOU1.missouri.edu Mon Aug 8 12:54:34 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Mon, 8 Aug 94 12:54:34 PDT Subject: *credit info Message-ID: <9408081954.AA29356@toad.com> *CREDIT CARD INFO " Among other faults, being disarmed causes you to be despised." - close quote of Machiavelli. According to Chariman Mao "Political Power grows out of the barrel of a gun." In which case wouldn't a democracy be made by widely distributed, numerous, individual owned, Non-confiscable weapons, & other "democracies" would be mere frauds? In Missouri, in order to get your driver's license, you MUST supply your SSN. They have signs that say that since driving is a "privilege", not a right, it is ok to require the SSN. I understand that this practice is spreading to other states as well & is being pushed sy- stematically by the feds. Funny, when they 1st started out social security, they promised that the SSN would never be used for purposes other than social security. Then again, when they first started out the federal income tax they promised that it would only be on the rich & would never be more than a few %. Don't they also promise that the National census would only be used for statistical purposes, Yet I believe that it has been used to track down "dead beat dads" among other things. I'm not clear on that. Will walking be our next "privilege"? I've never seen it expressed legally as a right. OTHER LAW DEVELOPMENTS On the CRUSADERS news program on tv last night, they reported that a Ca. city, I believe Palo Alto, has been enforcing traffic law, such as revoked licenses & drunk driving, by taking the drivers' cars. They brag that the program pays for itself. They think that it is a bright innovation & are promoted it for other jurisdictions as well. Very clever, stealing peoples' property to enforce law. Reminds me when the law 1st started doing "sting" operations & bragged that they were terribly clever - participating in crime to catch criminals. The criticism of entrapment now has mostly been forgotten. STALKING LAWS By the way, these current stalking laws - whats up? The utility of a stalking law is so obvious, that in the U.S.'es 200 + year history they could not possibly be overlooked. Therefore, their faults must be being purposely overlooked. Media conspiracy? population stupidity? both? No debate - strange. Yours Truly, Gary Jeffers From adam at bwh.harvard.edu Mon Aug 8 13:06:08 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 8 Aug 94 13:06:08 PDT Subject: *credit info In-Reply-To: <9408081954.AA29356@toad.com> Message-ID: <199408082005.QAA07869@bwnmr5.bwh.harvard.edu> Gary Jeffers: | On the CRUSADERS news program on tv last night, they reported that | a Ca. city, I believe Palo Alto, has been enforcing traffic law, such | as revoked licenses & drunk driving, by taking the drivers' cars. | They brag that the program pays for itself. They think that it | is a bright innovation & are promoted it for other jurisdictions as | well. Very clever, stealing peoples' property to enforce law. Reminds | me when the law 1st started doing "sting" operations & bragged that | they were terribly clever - participating in crime to catch criminals. | The criticism of entrapment now has mostly been forgotten. Taking property as a form of punishment has a long history (fines); usually, the criminal has a choice of what property to give up, but not always. As long as the city is going through with judicial hearings, respecting individuals rights not to be searched at random, and not rewarding the cops who seize the most cars, I'm not sure I see this as a bad thing(tm). Of course, they probably seize the car on the spot, after random breathalyzer tests, and give the cop who meets his quota an extra bonus at the end of the monthl; at which point I have serious problems with it. However, in theory, it strikes me as a good idea, likely to be poorly implemented. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From test at vmd.cso.uiuc.edu Mon Aug 8 13:30:16 1994 From: test at vmd.cso.uiuc.edu (Test) Date: Mon, 8 Aug 94 13:30:16 PDT Subject: TEST Message-ID: TEST TEST TEST TEST TEST From jgostin at eternal.pha.pa.us Mon Aug 8 13:52:07 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Mon, 8 Aug 94 13:52:07 PDT Subject: Anonymous Transport Agents (Was: Latency vs. Reordering) Message-ID: <940808152144F3jjgostin@eternal.pha.pa.us> Hal writes: > I can see two problems. First, at least the first machine on the trans- > port path will see both your origin address and your destination address. > So it is in a perfect position to do traffic analysis. Many users may > not have the ability to control which machine this is since routing is > usually automatic these days. Fair enough. Let's assume that ESMTP will anonymize and sanitize each message, making it appear as if it first appeared on the site. In other words, lets say I send a message via ESMTP to someone. It gets sanitized and anonymized (the return address is encrypted). This removes ALL traces of the fact that it left from my node. Every site up the chain until it gets to you will do the same. Finally you get a VERY anon/sanitized message. I said the return address is encrypted. That's true: it's encrypted piece-meal. What happens is that the originator's site the sender's name with its own key. Then, it encrypts its site name with the next site's key. When it's sent, the site encrypts it's name, PLUS the previous encrypted packet with the key of the next site up the net. This happens until it reaches its destination. Even if the packet is intercepted, the hacker only knows the previous site it came from. Let's say he intercepts it between my feed and my feed's feed. This gives some 15+ choices as to which MACHINE it came from, let alone which USER sent it, and that's only on the first hop. On the Nth hop, it's AT LEAST 2^N possible MACHINES, assuming that each hop has at least two feeds. More realistically, after about 4 hops, the number of choices becomes entirely too large to efficiently track. What do you think? > Second, if each machine simply saves a message and sends it on, then even > if the messages are encrypted there will probably be timing relationships > between the incoming and outgoing messages which will allow them to be > linked. Quite true. However, if the encryption system adds random-x bytes of entropy to _each message_, the message sizes will never be the same coming in as going out. It will always be larger, but each additional hop makes the chance of tracking less and less. How many hackers can watch the whole backbone?? > So someone monitoring the intersite communication channels may be > able to track a message through the network just by noticing when it comes > into and goes out of each node. This is why Chaum introduces message > batching and mixing at each node. Very true. But, again, it shouldn't matter... By the time it gets to a place where the message is passed through 3 or 4 machines that one person can watch, it's already been sanitized to the point of obsurdity, no? Opinions? --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From fnerd at smds.com Mon Aug 8 13:57:19 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 8 Aug 94 13:57:19 PDT Subject: Postal Inspection (was Common Carriers...) Message-ID: <9408082050.AA26145@smds.com> Tim May says- > Package delivery services like UPS and Federal Express *do* have > immunity from prosecution based on what they carry, but this is in > exchange for allowing inspection of packages under specified > circumstances. Thus, if the DEA suspects a package contains cocaine, > it can be inspected, and the shipper will most likely cooperate in > resealing the package and continuing the shipment. That reminds me. I once got a conference announcement from Europe in the mail. Printed on the envelope was a little icon showing a profile of the head of a guy wearing a hat (like a policeman or mailman's hat), and an arrow pointing from about his eye level to a picture of an open envelope. This looked like the original envelope, untouched, and the icon seemed to have been there from the start. Anybody know what it means? -fnerd - - - - - - - - - - - - - - - nutritional information per serving: less than one (1) bit -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From werewolf at io.org Mon Aug 8 15:08:12 1994 From: werewolf at io.org (Mark Terka) Date: Mon, 8 Aug 94 15:08:12 PDT Subject: TOMMY THE TOURIST IS COMPROMISED DON'T USE IT In-Reply-To: <199408080611.XAA16299@soda.CSUA.Berkeley.EDU> Message-ID: On Sun, 7 Aug 1994, Tommy the Tourist wrote: > Tommy the Tourist is compromised, it is possible to trace who sent the > message from the anonymous remiler called "Tommy the Tourist" > Anonymity cannot be assured, please direct anonymous traffic through > other anonymous remailers. Is this true? Or is it NSA inspired B/S? Not that I care as I use hactick and wimsey for my transmissions. --------------------------------------------------------------------------- Mark Terka | werewolf at io.org | public key (werewolf) by Toronto,Canada | dg507 at cleveland.freenet.edu | public key server or request --------------------------------------------------------------------------- From solman at MIT.EDU Mon Aug 8 15:09:24 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Mon, 8 Aug 94 15:09:24 PDT Subject: amateur ciphers In-Reply-To: <9408081200.AA21156@snark.imsi.com> Message-ID: <9408082159.AA26505@ua.MIT.EDU> > > an118 at vox.hacktic.nl says: > > I saw an interesting post in sci.crypt last week about a particular cypher. > > I think it ws called "The Penknife Cypher" or something along those lines. > > I guess I have been so PGP oriented that i've sort of stuck my head in the > > sand and ignored other possibilities regarding encryption. > > > > ARE there any other good cypher's out there, suitable for e-mail usage? > > The only really reasonable symmetric key ciphers out there in > publically described form these days are DES, 3-DES and IDEA. There > are a couple of things that may be okay, but which aren't out in the > public literature (RC2 and RC4), a couple of things that are likely > okay but which we are REALLY not going to find anything out about for > a while (Skipjack :-) and a couple of things that are promising (like > Coppersmith's new SEAL stream cipher, which looks quite interesting > indeed.) What about MDC and Luby-Rackoff (spelling?). I mean sure, they haven't been subjected to much scrutiny, but they appear to be as strong as their underlying one-way hashes. I think that their blazing speed merits giving them serious consideration. Besides, weren't people calling IDEA pretty secure when it had been subjected to as much analysis as LR and MDC have been subjected to thus far? JWS From tcmay at netcom.com Mon Aug 8 17:04:14 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 8 Aug 94 17:04:14 PDT Subject: Gore Letter and Software Key Escrow Message-ID: <199408090004.RAA25895@netcom11.netcom.com> Some interesting comments from a recent issue of "EE Times": "While some critics declared Clipper dead, Gore made it clear that any encryption system used for voice communications must retain that the key-escrow framework that is the central feature of the Clipper chip. The only difference will be whether private-sector escrow agents will be added." ["Gore letter clouds U.S. Clipper policy," George Leopold, "EE Times," 1994-07-25, p. 4] [the article mentioned Gore's "We welcome the opportunity to work with industry to develop a more versatile, less expensive system. Such a key-escrow system would be implemented in software, firmware, hardware or any combination thereof, would not rely on upon a classified algorithm, would be voluntary and would be exportable."] In an earlier article: "Sen. Patty Murray, D-Wash., cosponsor of the Senate bill, said the Clipper-chip proposal "has had a chilling effect on software manufacturers in my state," particularly Microsoft Corp. She and other Clipper critics testifying last week argued that software encryption is widely available. "Federal efforts to put the genie back in the bottle will be futile," Murray said." ["Congress adds its voice to Clipper debate," George Leopold, "EE Times," 1994-05-09, p. 16] And this chilling comment from Stephen Walker of TIS: " "Most Americans would accept government-imposed key escrow if it was established by law" and subject to judicial review, said Stephen Walker, president of Trusted Systems Inc. [sic] and a former NSA official." ["Congress adds its voice to Clipper debate," George Leopold, "EE Times," 1994-05-09, p. 16] >From these and other articles I continue to believe that several related things are happening: * The Administrations has backed away from the hardware-based, proprietary Skipjack approach that Clipper and EES represented. Though Clipper is not yet officialy dead, its brain wave has flatlined. * The software industry was apparently pressured, based on comments by various people, including Rep. Maria Cantwell (D-Wash) and Sen. Patty Murray. The form and timing of this pressure is not public knowledge, but hints of it keep emerging. * A software-based key escrow system, involving the new Walker-Belenson-others algorithm, is the likely basis for this new "more versatile, less expensive system" that Gore says would be "implementable in software, firmware, hardware or any combination thereof..." Practically speaking, this means software, as the hardware base of machines already out in the world pretty much makes hardware- or firmware-based deployment very problematic...few people will buy new hardware, which is what helped to kill Clipper. * Ostensibly this will be "voluntary," but the "voluntary" part may only be choice from a Chinese menu of approved and licensed escrow agents. [This is my interpretation, reading between the line of a dozen or so articles, articles which quote sources about how "private industry" will provide escrow agents, how choice will be preserved, and how the infamous "legitimate needs of law enforcment" will be preserved. * This compromise will likely put software key escrow (SKE, or Carl Ellison's "GAK"..."Government Access to Keys") into the software for audio and video teleconferencing, communication, and possibly into the OS itself (as this would be needed to ensure wide coverage of installed machines). * The articles suggest Sen. Leahy, Rep. Cantwell, and many others have already accepted this compromise. Enabling legislation could come at any time, and may be closely related to the Digital Telephony Bill, which has had the same behind-the-scenes negotiating. In closing, I reject the point made by Walker, that Americans will accept a "government imposed key escrow if it was established by law." I think this is the real threat on the horizon. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From CCGARY at MIZZOU1.missouri.edu Mon Aug 8 17:50:14 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Mon, 8 Aug 94 17:50:14 PDT Subject: e$ barter & sub(parasites) Message-ID: <9408090050.AA02275@toad.com> My congraulations to Hal for his contribution to the e$... thread with his barter text. My congradulations to Peace for his contributions to the e$ thread with his barter & parasite text. Hal says: ---------------------------------------------------------- >The second problem is the regulation of "scrip" and barter systems. Ths >was pointed out on the list last year by someone who had actually been >involved in a private barter or scrip system which was shut down by the >government, at great cost to all concerned. These regulations can be >found at 26 CFR 1.6045-1. From subsection (f)(5)(ii), "Scrip is a toke >issued by the barter exchange that is transferable from one member or >client, of the barter exchange to another member or client, or to the >barter exchange, in payment for property or services". I think this on >will eventually get the "NetBank" people in trouble. (You call a 900 >number and in exchange for a charge on your phone bill they give you a >digital token you can exchange for property or services by participatin >merchants.) Barter exchanges are required to get the names and SS numbrs >of all participants and report their transactions to the IRS. This woud >be inconsistent with the privacy we seek from ecash. ------------------------------------------------------------------- Peace says:******************************************************* >I can recall that many years back the casinos in Las Vegas all >accepted the chips from the other ones and then had a great >exchange each day where the accounts were settled up. Even the >gift shops took chips in place of cash. The US Treasury put a stop >to this as it was considered to be a replacement for cash. >Also I hear a lot about bearer bonds, but never in the US. OTOH >the NYC subways have started a cash card that they expect merchants >to accept in lieu of coins. It would be nice to know what the Feds >will or won't accept. BTW, does it matter if the e$ are US denominated >Could e$ be presented as travelers checks? The possibilities here are >extremely interesting. - - - >Bob said>> However, it's a stupid parasite which >>kills it's host, and that's what I'm counting on here. >Not really true. All parasites kill their host or they would not >be considered parasites (ie. live at the EXPENSE of the host). The >only question is how quickly the host dies. There is an entire >epidemiology of parasitism, ie. which strategies are best for the >parasite. The virulent ones must be able to find a new host quickly, >the ones that can't exit quickly rely on the host living for a long tim. >There was a good article in SciAm on this a little while back. >Also remember, it is the US Supreme Court which ruled that the >power to tax is the power to destroy. Sounds like as good a >definition of parasitism as any. ******************************************************************* They have demonstrated that the Fed state will not tolerate an alt- ternate cash system & repeatedly kill them. This is because they know that an alternate cash system could be easily fashioned to kill them. - as though there was any benefit to keeping the giant Federal parasite alive. They have also demonstrated that the only in-US alternate cash system that will survive is an alternate cash system that will florish without the Feds permission. This implies anonymous e$ with encryption & remail- ers. Chaum's e$ with an offshore clearinghouse comes to mind. I thought Peace'es more accurate description of a parasite & his characterization of the Fed State as a parasite were particularly NICE:- :-) : -) :-) :-) There are other evils of this monocash system. 1. It allows elite in- siders to profit from secret Federal Reserve moves. 2 It allows a privat organization (the Federal Reserve) to manipulate the US'es money system. 3. It is an anti-freedom monopoly of cash. 4. It kills experiments with superior cash systems that would proliferate otherwise. & 5.It supresses script driven barter systems that circumvent the frequent low volocity problems with other instruments that is in conventional systems.-Some- times most people hold their cash & wait for a buyer (with cash) before they spend. That way everybody is waiting for someone to buy from them before they buy. With script driven barter systems, you make script by providing something. To restate this more clearly, in barter systems business activity is encouraged. - The increased volocity of "cash" is encouraged. Deals are more fluidly made & business (tranactions) are encouraged. PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCK! BBBEEEAAATTTT STATE! From bogus@does.not.exist.com Mon Aug 8 18:17:03 1994 From: bogus@does.not.exist.com () Date: Mon, 8 Aug 94 18:17:03 PDT Subject: Remailer chaining results Message-ID: <199408090116.SAA05028@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- I've done some calculations on the mixing properties of Chaum-style networks and gotten some interesting results. Recall that in a Chaum-type remailer network users use nested encryption and remailing instructions to set up a chain or "cascade" of remailers. Each remailer strips off the encryption envelope and sees the address of the next remailer in the chain or, for the final remailer, the ultimate destination. All messages are the same size and carry no distinguishing features. We assume that the opponent is monitoring all messages traffic into and out of all remailers on the net but can't see what is happening within each remailer. Let's take a concrete example and suppose there are four remailers. Everyone sets up a chain of 2 remailers, chosen at random from these four. A batch of messages is received by each remailer, which strips off the envelope and sends them on to the next remailer in the chain, where they are mixed with the other messages which chose that remailer as the 2nd in the chain, then sent out to their ultimate destinations. This model is a little artificial in that we are assuming a certain amount of synchrony of the operation of the various remailers for simplicity. (Note that for this four-node network there are twelve possible two-node chains where the nodes are different.) There are three measures that I am interested in: bandwidth used (the less the better); message mixing (the more the better); and immunity to subversion (the more the better). For bandwidth we can measure the flow through the remailer. Due to the symmetry of the situation, the inflow and outflow are equal and the same for all remailers. Message flows per remailer are the sum of the flow into the remailer from outside (the user messages), plus all flows into the remailer from the other remailers. Mixing can be measured by a probability distribution over the outgoing messages which represents how likely they are to be a given incoming message. For simplicity this can be expressed simply as the number M of messages which are equally likely to be the original (in an earlier message I used entropy which is a log measure of the same thing). I am thinking of measuring immunity to subversion in terms of how much mixing is lost by a certain number of "failed" (that is, subverted) nodes. Some networks are vulnerable to "single point failures", where a single subverted node destroys all the anonymity. A more robust network would require multiple failures for this to happen. However, it turns out that even in a multiple-failure network a single-point failure may reveal some information about the messages, which we can express as a loss in mixing. Let the total message bandwidth into the network be N packets per time unit. Due to symmetry, each node will receive N/4 packets. With the chains as defined above, the other three nodes will all be equally likely to be the 2nd in the chain, so N/12 packets are sent to each of them. Simultaneously, N/12 packets come to this node from each of the others. This is a total internode bandwidth of N/4 in each direction per node, or N total per direction. Add this internode bandwidth to the user-link bandwidth of N per direction and we get 2N total, or N/2 per node. At the beginning of each chain, we have N/4 packets come in and get mixed as each node. As the packets go out, they are sent to the other three remailers, and when they leave they may be any of the output of those three. Thus they are equally likely to be any of 3N/4 of the packets, and this is the amount of mixing we have. If one of the two nodes in your remailer chain is compromised, it provides no effective mixing. This means that your message is only mixed at one node, where it is combined as part of a batch of N/4, so that is the degree of mixing you have with a single failure. If both remailers are compromised then of course you have no mixing, which we would write as a factor of 1 in uncertainty increase. This can also be expressed in terms of a percentage compromise of the network. If 1 node is compromised, which can be represented as p=.25, then the six of the twelve remailer paths which use that node will have single-point failures with the comcomitant reduction in mixing. In other words, half of the messages will have the full 3N/4 mixing while half have N/4. With p=.50, two nodes are compromised. Two paths are safe, eight have single failures, and two have double-failures. So we have 1/6 of the messages with 3N/4, 2/3 with N/4, and 1/6 with only 1 mixing. With p=.75, three nodes compromised, there are no safe paths; half have single failures and half have double. So 1/2 the messages have mixing of N/4 and half have 1. And of course with p=1 all messages are compromised with mixing factor 1. Let me just go on and extend this analysis in one way. In the discussion of the chains, we have assumed that the two nodes in the chain would be different. Logically though one could have chains where both nodes were the same. Let us compare this network with the one we just did. There are now 16 possible chains. Total bandwidth is somewhat less (since we don't count the messages which stay in one remailer). Now only 3/4 of the messages from each node need to get exchanged. Per node, there will be N/4 messages to users and 3N/16 messages to other nodes, for a total of 7N/16 per node or 7N/4 total (above the 7's were 8's). Mixing is actually improved; there is no limitation on which input messages might map to which output ones, so we have full N-fold mixing (compared to 3N/4 above). With single-point failure mixing is again N/4 as above. The failure behavior is quite different. With p=.25, 1 of the 16 paths is totally compromised, 6 of the 16 have single failures for N/4 mixing, and 9 of the 16 have no failures for N mixing. With p=.50, 4/16 of the paths have mixing 1, 8/16 have mixing N/4, and 4/16 have mixing N. With p=.75, 9/16 have mixing 1, 6/16 have N/4, and 1/16 have N. It's not clear what measure is useful to compare these failure situations. A double-point failure seems much worse than a single one. I wonder whether taking a geometric mean (which would be equivalent to taking the arithmetic mean of the entropies) would be valid. If we did that for the p=.25 case, we get average mixing of .59N^(15/16) for the self-chain network, and .27N for the network where all chains are two different nodes. For N less than about 250,000 packets per (network-wide) batch the self-chain network provides superior average mixing in the p=.25 case by this measure. Sparing the math, for p=.50 the self-chain network is superior for batch sizes smaller than 29 packets, and for p=.75 the self-chain network is only superior for batch sizes smaller than 16 packets. This suggests that if the network is likely to be mostly safe then the extra mixing allowed by same-node chains is worth the small increased risk of exposure. But as the chance of encountering bad nodes rises it becomes unwise to take this chance. Here is a quick summary of the extension of these results to larger numbers of remailers and longer chains. Let there be R remailers and let the chain length be K. Let the number of message packets per batch (network wide) again be N. (I will neglect the differences between same-node chains and different-node chains as they are generally small effects on the order of 1/R.) Bandwidth per node is approximately KN/R. Network wide it is therefore KN. Adding remailer hops increases network bandwidth loads directly in proportion to the number of hops. Mixing is approximately N for K=2 and up, which is the maximum possible. For K=1 mixing is N/R. Fault tolerance is interesting. A K-length cascade is invulnerable to up to K-2 failures! At K-1 the mixing decreases from N to N/R, a significant decrease. And with K failures of course the mixing drops to 1. I was surprised how robust these networks are. The reason is that with even K-2 compromised remailers in a K-length cascade there still remains a safe length 2 cascade, and as we saw above that provides N-fold mixing. This provides some guidelines on the choice of K. First, K should clearly be at least 2. The increase from K=1 to K=2 increases mixing from N/R to N, a considerable increase. Secondly, K should probably be at least 3. This will provide full mixing even if you are unlucky enough to choose a compromised remailer. Beyond this, you can calculate that with a chain length of K and probability p of a compromised node, the expected number of compromised nodes in your chain is Kp. This suggests that you should choose K large enough that Kp is well below K-2. If you estimate p=.50, for example, you might choose K=8. The binomial theorem states that the chance of x failures out of k nodes where the probability of each failure is p is (p^x)*((1-p)^(k-x))*k!/x!(k-x)!. In this example, the chance of 7 failures out of 8 is about 3% and the chances of 8/8 is about .5% for a total risk of 3.5% that you won't be fully protected. Now, how many people read this far? ;-) Hal -----BEGIN PGP SIGNATURE----- Version: 2.1e (yikes, where'd I find this old version!) iQCVAgUBLkbYB6gTA69YIUw3AQHligP+PBRC1pmZ6+T10WCQ91SZ2GdYX4/iEsKQ eMfCLlQ0PFbPEWZ5TaDwbOLCCUSBAbb6OO3Y2U8SHF/zZKJLrHI09/Ssl/ZeQ3st 9G9JrncU9Wo7Z9N1zMPJuQy21qFKNOkAwVQHxThObMSxQWh+TWem8lDKzm6ea0VH sejMQG+nVyo= =BWsP -----END PGP SIGNATURE----- From banisar at washofc.epic.org Mon Aug 8 18:26:23 1994 From: banisar at washofc.epic.org (Dave Banisar) Date: Mon, 8 Aug 94 18:26:23 PDT Subject: FWD>Health Care Privacy Ale Message-ID: <00541.2859225761.7229@washofc.epic.org> Date 8/8/94 Subject FWD>Health Care Privacy Ale From Dave Banisar To Interested People CC Beverly Woodward >From CPSR FWD>Health Care Privacy Alert FYI, pls respond directly to the address below. Date: Sun, 7 Aug 1994 12:43 EDT From: WOODWARD at BINAH.CC.BRANDEIS.EDU (Beverly Woodward) Subject: Health Care Privacy Alert ALERT The health care legislation proposed by Gephardt in the House and Mitchell in the Senate contains provisions which would establish a national health care data network and override most state medical confidentiality laws. All health care providers, whether paid by insurance or not, will be required to provide the network with data from the patient medical record after every clinical encounter. (The data elements will not be limited to what is necessary for billing purposes.) A very weak "privacy" (or "fair information") code will regulate the redisclosure of such patient-identified information. The law will permit person-identified information to be made available in various circumstances to law enforcement officials, medical and social studies researchers, and government authorities without the knowledge or consent of the patient. These legislative provisions are being promoted as administrative simplification and cost-saving measures, but they will seriously erode patient privacy. Unfortunately the general public has not been informed about these sections of the health care reform bills. Legislation of this kind requires intensive debate and should not be folded into a bill to extend insurance coverage and reform health care financing. Contact your Representative and your Senators to urge that the "Administrative Simplification," "National Health Care Data Network," and so-called "Privacy" and "Fair Information Practices" sections of these bills be deleted. The general telephone number for Capitol offices is 202, 224-3121. Watch for further updates! You may contact us at 617, 433-0114. Coaltion for Patient Rights, Massachusetts From hfinney at shell.portal.com Mon Aug 8 20:15:50 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 8 Aug 94 20:15:50 PDT Subject: Remailer ideas In-Reply-To: <9408081539.AA25778@fnord.lehman.com> Message-ID: <199408090315.UAA22167@jobe.shell.portal.com> Rick Busdiecker writes: >I think that many of the simple cases are conceptually easy, but even >slightly complicated ones are non-trivial. For example, I tend to >include Return-Receipt-To: lines in my messages, so I get a bunch of >responses. Interpreting those responses and deciding what action >would be appropriate raises some interesting questions, not the least >of which is ``What does it mean for a message to be successfully >delivered to the cypherpunks list?''. Just as an example how easily >the issue can become confused, I'll throw in, ``How is the meaning of >successful delivery affected by changes in list membership during >transmission?'' Considering that some of the addresses to which >cypherpunks is distributed are also distribution lists, any list >related problems are multiplied. I can see that there may be difficult cases, but I still think that there would be real utility in the ability to specify that a particular piece ofmail should be re-transmitted if it does not get delivered to the destination machine within a certain period of time. As I said, this would help with the implementation of cryptographic protocols that worked via email, not to mention the many other applications. >Practical issues make this whole thing more difficult. The ``getting >people to build it into their Mail User Agents'' part in particular. >The idea of a Return-Receipt-To: field has been around for a while, >but the semantics have never been pinned down. Some mailer daemons >generate replies meaning that the bits were delivered. Some readers >(MUAs?) generate replies based on end-user actions. That's one reason I like the "enabledmail" approach. All we have to do is persuade everyone to run a system which allows anyone on the network to get your computer to run an arbitrary program for them. Then everything will be fine. One nice thing is that enabledmail scripts can trigger either on delivery to the dest machine, or on being read by the recipient. This gives even more flexibility in how you want to define a "received" message. Hal From hfinney at shell.portal.com Mon Aug 8 20:47:47 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 8 Aug 94 20:47:47 PDT Subject: RemailerNet v0.2 In-Reply-To: <4309@aiki.demon.co.uk> Message-ID: <199408090347.UAA24150@jobe.shell.portal.com> I'm glad to see Jim's description of his RemailerNet v0.2. I still have a few questions, though. What is the goal of the RN as far as defeating traffic analysis? Is it just to get messages from one "gateway" to another? Or is there also a desire to prevent traffic analysis from one non-gateway end user to another? What are the allowed capabilities of the opponent? Can he watch all of the links? Can he subvert some gateways? Does every user expose the source and destination information of his messages to the initial gateway? What other information is sent by the user to the RN? Are there any limitations on the information which spreads through the RN? E.g. are gateways allowed to send source/dest information along with the messages? Here are some questions related to Jim's specific points: >1.6 the order of dispatch of packets is randomized For 1.5 you defined what randomized means. What does it mean here? >1.7 on average, all gateways are required to send and receive the same > number of packets per unit of chronological time Do you mean that all gateways send the same number of packets per time all the time? E.g. all gateways send 100 packets per hour all the time >1.8 the dispatch randomization function adjusts the average latency > and the distribution of latencies so that the preceding commitment > is met, introducing noise packets as required This could be accomplished by adding no latency at all during times when the incoming traffic load happens to equal the desired internal traffic level. But presumably some latency is actually used to provide reordering. What rule would determine how much latency would be used in that case? >1.10 gateways are required to exchange the same number of packets in > any session What is a session? Do you mean, during every session exactly (say) 1000 packets will be exchanged, or do you mean, during any session the number of packets exchanged by each gateway will equal the number ex- changed by every other gateway (but this number may vary from session to session)? >2.4 message delivery is reliable, in the sense that the destination > gateway will report delivery of incomplete or damaged messages > to the gateway To which gateway? The source gateway? >4.2 where gateways are operated by users, the requirement that gateways > should exchange the same number of packets per unit time would be > weakened in some as yet unspecified way Why do this? >5.1 in either case, users may have accounts with gateways and may be > charged for usage What gateways would be in a position to charge users? Only the source gateway? The destination gateway? Others in between? >6.0 RN gateway software should be available only from trusted sites by FTP What are you trying to prevent by this, and what would happen if someone wrote his own version of the RN software? >7.1 established gateways would be encouraged to rate new gateways What kind of information would be available to them to create the ratings? From hughes at ah.com Mon Aug 8 21:39:20 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 8 Aug 94 21:39:20 PDT Subject: ANNOUNCE: the TAZONO is here Message-ID: <9408090403.AA20990@ah.com> I'm flying to New York this week to go to the HOPE conference put on by 2600, so I've arranged to throw a party. Here's the announcement. HOPE is the two days after this, so if you're planning on that, come a day earlier. You're all invited, but I only expect those in range of New York to actually attend. And I would like to meet all the NYC cypherpunks, or at least as many as I can. So show! Eric ----------------------------------------------------------------------------- The Blazin' Cypherpunks present a T.A.Z.O.N.O. Temporary Autonomous Zone One Night Only (perhaps also to be known as just a party) Friday, August 12, 1994 8:00 p.m. EDT until whenever almost in New York City, but not quite with the theme of Bring Your Own Everything (or) The Creation of Anarchy out of a Cipher Eric Hughes, cypherpunks founder, and Matt Blaze, swIPe'r of Tesserae security, are throwing a party, and Eric, who lives somewhere other than the East Coast, will be in town for it. We've managed to liberate, through completely legal means, an almost completely empty apartment for the purposes of joy and frivolity and much talking. Join us! Special Event: Midnight Impromptu Two-Minute Rant Contest. A suitable theme will be chosen by shout-outs, and judging will progress by catcall and heckling volume. Real Prizes! Given the manner of acquisition of space, there will be nothing there when the party starts. It's Bring Your Own Everything. We need all of the following: Your Friends and other Diverse People Furniture (street discards accepted, as long as _you'd_ use it) Music (live and recorded) Drink (as always) an Internet connection Food (whatever you like to eat) a Gong Stimulants (my favorite being Neitzsche) as many copies of the game Twister as we can get Pillows and Cushions a Roll of Butcher Paper a Constitutional Amendmend Guaranteeing Freedom of Cryptography and Anonymity Special Prize for the "Most Creative Use of Scavenged Material in Furtherance of the Ludic Atmosphere of the TAZONO." So, uh, where is it? It's in Jersey City, at an address we're not going to tell you just here. We just thought it best not to post the address to the world. But we'll give you a clue; it's near the Pavonia-Newport Path Train station. In fact, if you just show up there, there may be more clues. And I'll send you the address if you send me, Eric Hughes, email at the address hughes at ah.com. You can also call me at 510-849-4729 (I'm in the phone book, so this is no big deal). Rules of Invitation: If you see this, you're invited. It's the day before 2600's HOPE, so any of you that are in town the night before can stop by. Please print out copies and get them to your non-Internet friends who'd be interested. Please feel free too forward this by private email as well. THE SECRET WORD IS "PLUGH". REMEMBER THE SECRET WORD. From rfb at lehman.com Mon Aug 8 21:55:26 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Mon, 8 Aug 94 21:55:26 PDT Subject: Remailer ideas In-Reply-To: <9408081940.AA21249@netmail2.microsoft.com> Message-ID: <9408090454.AA03934@fnord.lehman.com> From: John Douceur Date: Mon, 8 Aug 94 12:32:32 PDT Subject: RE: Remailer ideas It may thus be quite reasonable to build in a hard cutoff in service time . . . since the extreme delay which triggers the expedited transmission is an unpredictable and infrequent event This is not a safe assumption. Check out the stats for ghio at kaiwan.com. it will not make cryptanalysis of the remailer any easier. I'm pretty sure that cryptanalysis, per se, is not the question, but rather traffic analysis. Rick From rfb at lehman.com Mon Aug 8 22:21:33 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Mon, 8 Aug 94 22:21:33 PDT Subject: Remailer ideas In-Reply-To: <199408090315.UAA22167@jobe.shell.portal.com> Message-ID: <9408090521.AA04161@fnord.lehman.com> Date: Mon, 8 Aug 1994 20:15:36 -0700 From: Hal . . . I still think that there would be real utility in the ability to specify that a particular piece ofmail should be re-transmitted if it does not get delivered to the destination machine within a certain period of time. Agreed. That's one reason I like the "enabledmail" approach. All we have to do is persuade everyone . . . . I also agree that this approach is desireable. My contention is not that these things are undesireable, but rather that they are not as trivial as was originally suggested. Rick From ruf at osiris.cs.uow.edu.au Mon Aug 8 22:42:59 1994 From: ruf at osiris.cs.uow.edu.au (Justin Lister) Date: Mon, 8 Aug 94 22:42:59 PDT Subject: amateur ciphers In-Reply-To: <9408081200.AA21156@snark.imsi.com> Message-ID: <199408090541.AA14118@osiris.cs.uow.edu.au> > an118 at vox.hacktic.nl says: > > I saw an interesting post in sci.crypt last week about a particular cypher. > > I think it ws called "The Penknife Cypher" or something along those lines. > > I guess I have been so PGP oriented that i've sort of stuck my head in the > > sand and ignored other possibilities regarding encryption. > > > > ARE there any other good cypher's out there, suitable for e-mail usage? > The only really reasonable symmetric key ciphers out there in > publically described form these days are DES, 3-DES and IDEA. There > are a couple of things that may be okay, but which aren't out in the > public literature (RC2 and RC4), a couple of things that are likely > okay but which we are REALLY not going to find anything out about for > a while (Skipjack :-) and a couple of things that are promising (like > Coppersmith's new SEAL stream cipher, which looks quite interesting > indeed.) I wonder on which evidence you base your assumptions ?? (I would assume schneiers book) While I agree with the above ciphers, I would also add Loki and Redoc-II both achieved good results (much better than DES) in regards to differential cryptanalysis. Also Loki has also performed well against Linear cryptanalysis - Matsui. (Biham & Shamir - Differential Cryptanalysis of the Data Encryption Standard) [ deleted info about trusting amateur ciphers ] While Schneier's book is a very good guide, it is not very advisable to make assumptions on the security of algorithms based on his book. One should look at results from those performing cryptanalysis of such ciphers. Such as biham and matsui. > Perry -- +---------------------+--------------------------------------------------+ | ____ ___ | Justin Lister ruf at cs.uow.edu.au | | | \\ /\ __\ | Center for Computer Security Research | | | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-214-330 | | | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329 | | |_/ \/ \_/ |_| (tm) | Computer Security a utopian dream... | | | LiNuX - the only justification for using iNTeL | +---------------------+--------------------------------------------------+ From 7CF5048D at nowhere Mon Aug 8 23:01:12 1994 From: 7CF5048D at nowhere (7CF5048D at nowhere) Date: Mon, 8 Aug 94 23:01:12 PDT Subject: Key Coercion after encrypted message transmission. Message-ID: <199408090533.AA06475@xtropia> -----BEGIN PGP SIGNED MESSAGE----- There seems to be much written about key coercion lately. It seems to me that the key coercion problem can be divided into two problems. First, there is the problem of Princess Leia storing data on her computer disk for later reference. Then Darth Vadder seizes the disk and the Princess and coerces the Princess for the encryption key. This problem may be called the static storage coercion problem (SSCP). I am not sure that there is a good way of addressing this problem short of dividing the key in some way among multiple people so that Darth has a hard time seizing them all. This idea has already been discussed elsewhere. The second problem is the case where the Princess wants to send a secret message to Hans Solo in the horsehead nebula. She sends the message encrypted to Hans, but the encrypted message is intercepted by Darth. Hans decrypts the message, but unfortunately six months later Hans is captured by Darth who tortures him for the decryption key. Note the Hans is in a worse position than if he were tortured for the content of the message, because if he were merely asked the contents of the message with no way to verify, he could simply lie. But Darth can verify if any keys that Hans gives really does decrypt the intercepted cipper-text to a sensible message. This problem could be called the transmission retroactive coercion problem (TRCP). Unlike the static storage coercion problem, the transmission retroactive coercion problem does have a technical solution. If Hans and the Princess were using a public key encryption system that stores secret keys on disk as a conventionally encrypted file, like PGP, then Hans could create a separate key pair for each message. Hans has one long term public/secret key pair which never changes. He could send temporary public keys in advance to the Princess as a signed (using his long term public key) message. Then when the Princess needs to send him a message she chooses one stored temporary public keys and sends Hans the message using that key. She then throws the key away and never uses it again. When Hans receives and decrypts the message, he destroys the secret key stored on disk by overwriting it. Then when Darth goes to torture Hans six months later for the secret key, Hans can only tell him the passphrase for the now non-existent key. People can use this protocol right now with PGP to protect themselves against this kind of retroactive coercion. It will work. However, the problem of manually generating the keys and sending them to the other party and the whole bureaucratic hassle of keeping track of everything makes it unlikely that anyone would actually do so. Software to the rescue! Suppose that Hans runs a mail server on his account which recognizes certain messages as requests for new public keys and responds by sending back unused temporary public keys to the requester. It could work similarly to some cypherpunk remailers which look for some special characteristic in the message to be responded to, letting the rest pass normally to the owner of the account. The Princess could also have a mail server on her account which looks for returned temporary public keys and automatically stores them in her database after checking for the correct signature without bothering her. Further, whenever she sends a message, a program could check her database of unused temporary keys, and if it is low, a request for more keys could automatically be sent. It seems clear that the whole protocol could be made largely automatic with no constant intervention required by the parties concerned once the system was set up. It works best if Hans has a hardware random number generator. Then the key generator part of the process could be set up to run when no one is using the computer. (Modifications to PGP have been published that use hardware RNG's for their Random numbers.) Since in this case, the computer is unattended, the PGP passphrase associated with the secret key must be assumed to be known. To protect the secret keys against theft in this case, the temporary secret key file could be encrypted using Hans' long-term Public key. If there is no Hardware RNG present, then Hans must be present at temporary key generation time, to type in all of the stupid keyboard timing strokes! In this case, Hans will want to create a number of keys in advance to be stored in a database so that the mailserver can dole them out when people request them. A little thought shows that such a system could be used in some applications of interest to cypherpunks. The ability to implement such a system is clearly within our grasp. Therefore, the cypherpunk CODE requires that the cypherpunks analyze, design, code and make such a system widely available according to the grand traditions established by previous cypherpunks. Here are some beginning questions to get the ball rolling. How many different CPU's Operating systems, mail transport mechanisms and mail programs can such a program be adapted to? Should such a program use PGP to do its encryption, or should it have its own built in encryption routines. What Language should such a program be written it? I think the program should be portable to all computers for which the program is technically possible. Can someone outside the U.S. be persuaded to code such a program? It would be best if such a person could be found. What do our fellow cypherpunks think? Remember that when disusing this or any other encryption software on the net, it is important that our usages be defensively formulated. Encryption technology should always be used against evil and for good. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkA6ug2Gnhl89QSNAQFEwwQAv00ZbSiZnFSEg/hBZvFX6RMAAt6uqa2y UACKlf235ShWff0J2jk6tt2LjrZzoNr1J2qBpaeuXgRqj5zIN3vrvxlW3m9ntlSb BgLLZbpSjt8FcgWOxDPIIo6bp4U4Qh2NzkNl77kKInpquYmnn3WYZl+KQdwRlsf+ VC3zCfh966M= =pzkq -----END PGP SIGNATURE----- From dave at esi.COM.AU Tue Aug 9 01:07:03 1994 From: dave at esi.COM.AU (Dave Horsfall) Date: Tue, 9 Aug 94 01:07:03 PDT Subject: broadcast encryption In-Reply-To: Message-ID: On Thu, 4 Aug 1994, Bob Snyder wrote: > This may be blasphomey on this list, but I don't have a problem with the > restriction on obscuring the meaning of transmissions on the amateur bands. Etc. I've been using PGP for authenticating my packet messages for some months, for precisely the reasons you outlined. I get the occasional "stop wasting bl**dy bandwidth" but most of the time it results in more PGP users. I'm also careful to explain that PGP can't be used to prove I did NOT write an unsigned nasty-gram (until we get true authentication within the BBS, by which I hope the concept of a BBS will disappear :-) but it makes a strong case if I sign ALL my bulletins. Yes, we get forged messages on Amateur packet radio; some of them are quite defamatory. -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD From danielce at ee.mu.oz.au Tue Aug 9 01:47:19 1994 From: danielce at ee.mu.oz.au (Daniel Carosone) Date: Tue, 9 Aug 94 01:47:19 PDT Subject: forwarded message from System Daemon Message-ID: <199408090845.SAA15655@anarres.mame.mu.oz.au> Another one.. *sigh* it's still going on? please remove this anon id, I won't be using it. ------- start of forwarded message (RFC 934 encapsulation) ------- Message-Id: <9408090808.AA14325 at anon.penet.fi> From: daemon at anon.penet.fi (System Daemon) To: danielce at ee.mu.oz.au Subject: Anonymous code name allocated. Date: Tue, 9 Aug 94 11:08:40 +0300 You have sent a message using the anonymous contact service. You have been allocated the code name an120044. You can be reached anonymously using the address an120044 at anon.penet.fi. If you want to use a nickname, please send a message to nick at anon.penet.fi, with a Subject: field containing your nickname. For instructions, send a message to help at anon.penet.fi. ------- end ------- From greg at ideath.goldenbear.com Tue Aug 9 01:47:37 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Tue, 9 Aug 94 01:47:37 PDT Subject: Key Coercion after encrypted message transmission. In-Reply-To: <199408090533.AA06475@xtropia> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- An anonymous author writes: [describes an interesting technique to avoid coerced key disclosure] > A little thought shows that such a system could be used in some > applications of interest to cypherpunks. The ability to implement such > a system is clearly within our grasp. Therefore, the cypherpunk CODE > requires that the cypherpunks analyze, design, code and make such a > system widely available according to the grand traditions established > by previous cypherpunks. Unfortunately, you seem to have received one of the early drafts of the Cypherpunk Code; they're easy to spot because a fumble-fingered editor left out a few words while recopying meeting minutes. The Revised Cypherpunk Code of 1993 states: RCC 23.110: In accordance with the grand traditions established by previous cypherpunks (RCC 10.100, et seq), any cypherpunk who suggests that "someone" or "a cypherpunk" or "the cypherpunks" must implement a new idea shall be required to code the implementation themselves, on the platform of their choice. RCC 23.120: A cypherpunk required by RCC 23.110 to code an implementation may employ the work of others as a base for their implementation. The Librarian of the Cypherpunks is authorized to lend the implementor a copy of _Applied Cryptography_ until the implementation is finished. Fans of legislative history will remember the passionate debates between the theoretical cypherpunks - who stood opposed to any coerced effort - and the practice-based cypherpunks, who argued that this re-education effort was required to build the proper [post-] revolutionary consciousness, particularly in the "why can't someone else do it for me" climate of the mid-1990's. The debate ended when Zaxxon, an outspoken critic of the remailers, insisted that all cypherpunk software be rewritten - twice - to his specifications. The Cypherpunk Assembly voted 99-0 (1 abstention) to enact the "Do It Your Own Damn Self Act" of 1993, codified as RCC 23.110-120. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLkdCuX3YhjZY3fMNAQFvYAP/SH/FHSOXO+CDDikY9G3Cz9PSGhxUQTAC gMjtTaxafxA8m1MrbW0TPc6lz0HHQfm5f1rkouBhUp8HEvum1LdybbZ79FDfF8Rz 0OtQUt/2oPfVnZd28XhwKZTSPn4tFSa074xMwFJLEcP2YpJoB/U6bEbe1ACA/3+U ypHvbQDA60w= =bQ5X -----END PGP SIGNATURE----- From bill at kean.ucs.mun.ca Tue Aug 9 03:00:07 1994 From: bill at kean.ucs.mun.ca (Bill Garland) Date: Tue, 9 Aug 94 03:00:07 PDT Subject: No Subject Message-ID: <00982AE0.B5866330.262@Leif.ucs.mun.ca> -----BEGIN PGP SIGNED MESSAGE----- There has been much Meta Discussion of late. There has also been much but not too much trivial and meta-meta stuff, of which I gues I would have to categorize _this_ posting. I don't suppose anyone is interested in metabolizing this any further... All I have to do is take a break for a few days and I have these 457 New Messages to catch up on. You all know what I am talking about, I presume. Now that I have lost my job, and am more or less finished with soaking the hapless taxpayers, I can finally get around to doing those things I have previously referred to as homework, and turn them around into revenue generating memes. I am going to unsub for a week or so, and ::exclude all for a while, and unsub permanently from anything else except moribund IMP - I'll wait to see if anything happens in that arena - cypherpunks have assumed control over IMP memes anyway...so that when I get back, there will only be regular personal mail from net.friends and darters (my secret passion - a wonderful type A behaviour pattern) mail. I may have only five weeks of net.access at this address, anyway, but my seniority and status as alumnus and donor and decus membership entitle me to to historical use of my bill at kean.ucs.mun.ca True Name address. I can, I expect, get a forwarding privilege as part of my severance package, although I _will_ be going to a commercial internet service as soon as I get a round tuit. There are other possibilities, which I wont bore you with right now. So I'm off to write some code, do some homework, and take some annual r & r. Before I go, I thought I'd send this rant to the list, just one message or so before I send the appended .sig in to the Idea Factory for maintenance. We have discussed this before, so maybe after my Annual General Meeting coming up this Perseids, deep in the woods, I'll come up with an idea of how to make this come about - how to, say, achieve the goal - meanwhile I am just going to rant. I want Extropian mailing list software equivalent for Cypherpunks! Others want it. It has been mentioned as a possibility. I understand there are some intellectual property rights involved, but jesus h christ as my old man used to say, what can we say about the intellectual property rights of prz that we now take for granted? [Did anyone notice the AP article about prz the other day that was okay as a news bite but they spelled his name incorrectly!] [[Someone with a much-too-long-but-only-occassionally-used .sig also spells his name wrong...homework for another cypherpunk...]] I understand there are machine property rights involved, too. Perhaps these can be hashed out at TAZONO. I'll be there in spirit, if not in the flesh nor by upload... I know there are other problems, too, but hey, this code has already been written. Let's get it done. I haven't yet used the ::exclude features of Extropian list software for Extropian mail, but I could _sure_ use it for cypherpunk mail. Meanwhile I am about to unsub cypherpunks for a week, and ::exclude all for a while, and I'll be back RSN with some non-meta harangues. Opps, redundancy noted. Some notes for the future : 1. HEx will reanimate itself as a reputation market. I have to read some Chaum, first. 2. INFO_Banque will spontaneously order itself into existence. I have to read some Chaum, first, and tend to some other stuff. 3. Watch for the INFO_Banque_Protocols and the INFO_Banque_PPL. I claim copyright to these words...I guess I am going to have to sign this rant. 4. Perhaps I should sign all my future postings as a matter of personal discipline and policy, as I embark upon some personal self-transformation. 5. Perhaps I should invent another pseudonym for myself. It is known publically, although not widely, that I sometimes write things for an alter ego personality I have named Wendell Noseworthy. The new nym will have to be a credentialled entity... But I have to read some Chaum first, and I _still_ can't find a copy of Schnier in our library and now that I need all my paper cash to feed my replicant units, well, there may be some delays involved... Meanwhile, I will be interested in receiving encrypted mail from cypherpunks and Extropians, just for practice, of course. Very soon now I hope to get my PGP key signed by somebody, but I have been waiting a decision on moving to 2.6ui or 2.7...or 3. Use this public key for now, and we can verify it later in life. You can check the signature if you wish and let me know if I have made any blunders. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiynHCkAAAEEANbd5hw0IR+keK2U2DoGnAPdcctWxipdXbJ2Qr83ScX7d7K1 uP1bkRkGOCYJpQTksgtHf/ulUsZwq4TEFb7QUyvHnoRJcO4q0RX7CnH9fhXQ1F+k LeuU4NSCYIzrvI6kdoMR1nTN3N8zm793CafB/SI0ZoJs2b5p1UqYjDfdkCPxAAUR tCxCaWxsIEdhcmxhbmQgKFdtLlIuKSAgPGJpbGxAa2Vhbi51Y3MubXVuLmNhPg== =Z9Sb - -----END PGP PUBLIC KEY BLOCK----- So, as I said, I'm off for some R&R to write some meta-code. I'll retire this .sig below now, [perhaps another message or two will sneak through to other channels...] Copyright 1994, right now, me. Please do not distribute this rant. Bill Garland /----------------------------------------------------------------------\ | I am an Extropian. | Macronic Systems, Inc. offers Ideas for Sale ! | | BEST: DO_IT_SO ! | Go for it : Pledge a Digital US Dollar now. | | CryptoAnarchist. | Send PGP key for more information. | | Cypherpunk. | Get in on the ground floor. Invest Now. Trust me! | | Owner : MSInc., |---------------------------------------------------| | HEx, INFO_Banque | Bill Garland = bill at kean.ucs.mun.ca | \__________________________________o o_________________________________/ -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLkdEdkqYjDfdkCPxAQEkTgP+LZeoDVqECXIwaF8W5SrdsI57PNrd9818 /kTrMNBwq5Vq24Z17BBSD7AojT07TjBSdoM8sVJAfjFWanHvLslbGipraKdVv8cK robByfFvazcGTHEX/8tslKOChmSkS2yhU6aQzNOKgN4HS29GqBnFeAaTSU08sSZX 7gBrRoBUI50= =n0Cp -----END PGP SIGNATURE----- From jkreznar at ininx.com Tue Aug 9 03:44:08 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Tue, 9 Aug 94 03:44:08 PDT Subject: legal hacking Message-ID: <9408091043.AA27965@ininx> -----BEGIN PGP SIGNED MESSAGE----- Eric says ``... legal hacking is almost a necessity.'' Perry says ``You can't do legal hacks in an environment like this. It doesn't work.'' Delicious dichotomy. Here are the more extended contexts: At Wed, 18 May 94 12:13:28 -0700 hughes at ah.com (Eric Hughes) wrote > Legal hacking is a lot of fun. Prerequisites are a humility to learn > the structure of legal argument and access to legal materials. The > study guides for law students are generally excellent introductions to > the subject. Access to a law library is also useful for looking up > statute and decisions, but not essential, although reading at least a > few decisions is necessary for ensuring an understanding of the social > process involved in the creation of law. > And if what you want to accomplish with your computer hacking > requires, for implementation, something outside the computer hardware > and networks, legal hacking is almost a necessity. But at Sun, 07 Aug 1994 08:24:57 -0400 "Perry E. Metzger" wrote > The bureaucrats aren't > going to want digicash, so they are going to find plenty of excuses to > prohibit it. You can't do legal hacks in an environment like this. It > doesn't work. If the bureaucrats don't like you, they shut you down, > and there is not a damn thing you can do about it, period. > True, you can leave the country and do your business there -- I know > several hedge funds that already refuse to take any customers from the > U.S. because they don't want the headaches, and there are other > similar things happening in lots of other parts of the financial > industry. However, don't think you can finesse the folks at the Fed, > the IRS, the Treasury, and the SEC -- they are monsters, and they > won't be stopped by the courts. What differing views of ``legal hacking''! It would be wonderful if society's response to legal hacking had more of the predictability of computer hacking. But there are a hundred million constituents out there (the power behind Perry's ``monsters'') who gratuitously accept government benefits. Such a person doesn't gladly suffer any legal technicality standing between him and the pound of your flesh to which he thinks he's entitled. If you can prove that the law permits you to keep your pound, then he and his majority allies will simply change the law, requiring the IRS to collect it from you after all. This inclines me to accept Perry's cynical skepticism that legal hacking can do any good. On the other hand, Eric demonstrates time and again that his remarks are not made lightly. In this case, they bear on the prospects for the ``State Citizen'' movement that seems to be so emergent these days. I wonder how he would respond to Perry here. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLkdKgcDhz44ugybJAQFj5gP+IMMUdQLMY8vqG4pcmNGAroSNIxvkXlbE rSIIbR3wZddeWLxNBsK+pMT8Le3RLRqQa7bRI8MVgEed23VAmpccAn8tiLsQOzSq MdUbuFIrI7MY/t3ov0fE6pWBvoZb345g0ZH83F5EZcU9NARNp6wsVDBA2bs9aQ9d 7cz/P4kxJHQ= =JBcR -----END PGP SIGNATURE----- From paul at hawksbill.sprintmrn.com Tue Aug 9 03:53:39 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Tue, 9 Aug 94 03:53:39 PDT Subject: NRO spoof Message-ID: <9408091156.AA29504@hawksbill.sprintmrn.com> On the local news this morning (Washington DC) there was a clip with Sen. John Warner expressing his displeasure with how the "intelligence community" has hidden the money for a massive construction effort to house the NRO. The land was bought and permits were applied for under the guise of a development for Rockwell International. There will probably be a follow-up story in this morning's Washington Post. - paul From jya at pipeline.com Tue Aug 9 05:50:36 1994 From: jya at pipeline.com (John Young) Date: Tue, 9 Aug 94 05:50:36 PDT Subject: NRO spoof & Wiretapping Bill Message-ID: <199408091250.IAA11953@pipe1.pipeline.com> Responding to msg by paul at hawksbill.sprintmrn.com (Paul Ferguson) on Tue, 9 Aug 6:56 AM The NY Times today also reports on the controversial NRO headquarters. Another long article reports on the wiretapping bill. One quote: "I'm not a great fan of wiretapping," said Rep. Don Edwards, who is a former FBI agent and is viewed by many as a sort of civil-rights sentry over the bureau. "But it's legal and we have to take care of it. . . . I don't think there will be objections except perhaps from purists who don't like the idea of Government listening in on conversations." End quote. From perry at imsi.com Tue Aug 9 05:56:05 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 9 Aug 94 05:56:05 PDT Subject: amateur ciphers In-Reply-To: <199408090541.AA14118@osiris.cs.uow.edu.au> Message-ID: <9408091254.AA22930@snark.imsi.com> Justin Lister says: > > The only really reasonable symmetric key ciphers out there in > > publically described form these days are DES, 3-DES and IDEA. There > > are a couple of things that may be okay, but which aren't out in the > > public literature (RC2 and RC4), a couple of things that are likely > > okay but which we are REALLY not going to find anything out about for > > a while (Skipjack :-) and a couple of things that are promising (like > > Coppersmith's new SEAL stream cipher, which looks quite interesting > > indeed.) > > I wonder on which evidence you base your assumptions ?? > (I would assume schneiers book) More the papers in the public literature, actually. > While Schneier's book is a very good guide, it is not very advisable to make > assumptions on the security of algorithms based on his book. One should look > at results from those performing cryptanalysis of such ciphers. Such as > biham and matsui. I fully agree. I was reading in this field a long time before Bruce even began writing. Perry From usura at hacktic.nl Tue Aug 9 06:09:37 1994 From: usura at hacktic.nl (usura at hacktic.nl) Date: Tue, 9 Aug 94 06:09:37 PDT Subject: Message-ID: <199408091309.AA17897@xs4all.hacktic.nl> In article <199408062304.AA24750 at xs4all.hacktic.nl> you wrote: : The jurisdiction where this remailer could be located, preferably : shouldn't care about pornografy. [Holland, Scandinavia ?] Pornografy isn't illegal in the Netherlands, but -contrary to popular believe- child pornografy *IS* illegal in the Netherlands. -- ____ Alex de Joode \ /__ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- \/ / "It's dangerous to be right when the government is wrong." \/ --Voltaire --finger usura at hacktic.nl for PGPpublicKEY-- From paul at hawksbill.sprintmrn.com Tue Aug 9 06:29:20 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Tue, 9 Aug 94 06:29:20 PDT Subject: NRO spoof and deception Message-ID: <9408091432.AA00220@hawksbill.sprintmrn.com> Front page story in the Washington Post, as expected, entitled, "Spy Unit's Spending Stuns Hill," and subtitled, "$310 Million Facility Secretly Sprouts Up Near Dulles Airport." Gee, I wondered what that building was. ,-) A couple of select quotes from the article: "The Senate Select Committee on Intelligence yesterday charged that the clandestine agency that manages the nation's spy satellites has concealed from Congress the mushrooming cost of a $310 million compund it has been secretly building near Dulles International Airport. "President Clinton declassified the existence of the proposed headquarters for the National Reconnaissance Office (NRO) yesterday after several senators protested to him privately that they had been kept in the dark about the cost and scope of the project. At 1 million square feet, it is nearly one-fourth the size of the Pentagon. "The NRO, whose very existence was until two years ago an officially classified secret, is jointly overseen by the CIA and the Department of Defense. Until yesterday, the headquarters project had been publicly described as an office complex for Rockwell International Corp., the Los Angeles-based defense contractor." "DeConcini critized the Pentagon and the CIA for not providing Congress adequate information. The intelligence community is a culture that 'believes we don't have to account like everybody else in government,' he said." --------- - paul From infante at acpub.duke.edu Tue Aug 9 06:35:42 1994 From: infante at acpub.duke.edu (Andrew Infante) Date: Tue, 9 Aug 94 06:35:42 PDT Subject: ANNOUNCE: the TAZONO is here Message-ID: <199408091335.JAA11077@teer1.acpub.duke.edu> Eric - If you wouldn't mind - I'd like to be removed from these mailings (for the umpteenth time! :) andy From merriman at metronet.com Tue Aug 9 06:36:19 1994 From: merriman at metronet.com (David K. Merriman) Date: Tue, 9 Aug 94 06:36:19 PDT Subject: Message-ID: <199408091339.AA11840@metronet.com> >In article <199408062304.AA24750 at xs4all.hacktic.nl> you wrote: > >: The jurisdiction where this remailer could be located, preferably >: shouldn't care about pornografy. [Holland, Scandinavia ?] > >Pornografy isn't illegal in the Netherlands, but -contrary to popular >believe- child pornografy *IS* illegal in the Netherlands. > But what is the age of consent for such in the Netherlands? I believe I saw on an educational TV program here in the U.S. that the age of consent in the Netherlands was 14. If so, what affect does that have on what is considered "child pornography"? [before the flames start, I would like to point out that my question is 'scholarly' :-] Dave Merriman From jdd at aiki.demon.co.uk Tue Aug 9 06:48:03 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 9 Aug 94 06:48:03 PDT Subject: Postal Inspection (was Common Carriers...) Message-ID: <4590@aiki.demon.co.uk> In message <9408082050.AA26145 at smds.com> FutureNerd Steve Witham writes: > That reminds me. I once got a conference announcement from Europe > in the mail. Printed on the envelope was a little icon showing a > profile of the head of a guy wearing a hat (like a policeman or > mailman's hat), and an arrow pointing from about his eye level to a > picture of an open envelope. This looked like the original envelope, > untouched, and the icon seemed to have been there from the start. What was the conference about? (If the icon was printed on the envelope, I suspect that it represented the topic of the conference or the group sponsoring it.) -- Jim Dixon From jdd at aiki.demon.co.uk Tue Aug 9 06:48:22 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 9 Aug 94 06:48:22 PDT Subject: e$ Message-ID: <4591@aiki.demon.co.uk> In message <9408072158.memo.40958 at BIX.com> peace at bix.com writes: > I can recall that many years back the casinos in Las Vegas all > accepted the chips from the other ones and then had a great > exchange each day where the accounts were settled up. Even the > gift shops took chips in place of cash. The US Treasury put a stop > to this as it was considered to be a replacement for cash. > > Also I hear a lot about bearer bonds, but never in the US. OTOH > the NYC subways have started a cash card that they expect merchants > to accept in lieu of coins. It would be nice to know what the Feds > will or won't accept. BTW, does it matter if the e$ are US denominated? > Could e$ be presented as travelers checks? The possibilities here are > extremely interesting. There is a small point to be made here which I think is really a big point. The US government does not object to the use of financial instruments so long as they are backed by the US $ (or another accepted currency). Most of us use such financial instruments daily -- checks and credit cards, for examples. Most financial transactions involve no cash at all. If an e$ is backed by US $1.00, the government will not object. The government objects if you create an alternative currency. Barter systems based on scrip are an alternative currency, and therefore illegal. If you had $1,000,000 in the bank and wrote out and signed 1,000,000 checks for $1.00 each, I think that these could be traded without violating any laws. But if you issue $e carelessly, you will probably find that you are acting as a bank, and therefore violating several Federal laws. You also need to be concerned about Federal regulations covering the import and export of money. I think that at $5,000 or $10,000 you have to report the transaction. I believe that the forms issued on airplanes make it clear that checks and other financial instruments are included. The action taken to stop the exchange of tokens between casinos would seem to contradict this. It would be useful if someone were able to find more information on this. The legal point might be that the tokens simply had an amount written on them ("$100) with no currency specified and without the name of a bank directed to pay this amount -- having said this, I am reasonably sure that they would not allow banks to pay out against their tokens, and so therefore they would definitely represent an alternative currency, and not an IOU. -- Jim Dixon From perry at imsi.com Tue Aug 9 07:02:53 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 9 Aug 94 07:02:53 PDT Subject: e$ In-Reply-To: <4591@aiki.demon.co.uk> Message-ID: <9408091402.AA23089@snark.imsi.com> Jim Dixon says: > There is a small point to be made here which I think is really a big > point. The US government does not object to the use of financial > instruments so long as they are backed by the US $ (or another > accepted currency). Yes it does. Bearer bonds are illegal in the US. > Most of us use such financial instruments daily > -- checks and credit cards, for examples. Most financial transactions > involve no cash at all. The point is that anonymous transactions are coming under increasing regulation. Commercial paper and the like is not a problem. Perry From cme at tis.com Tue Aug 9 07:22:18 1994 From: cme at tis.com (Carl Ellison) Date: Tue, 9 Aug 94 07:22:18 PDT Subject: Gore Letter and Software Key Escrow In-Reply-To: <199408090004.RAA25895@netcom11.netcom.com> Message-ID: <9408091421.AA16080@tis.com> Tim, >From: tcmay at netcom.com (Timothy C. May) >Date: Mon, 8 Aug 1994 17:04:09 -0700 (PDT) Thanks for the quotes. >* This compromise will likely put software key escrow (SKE, or Carl >Ellison's "GAK"..."Government Access to Keys") into the software for >audio and video teleconferencing, communication, and possibly into the >OS itself (as this would be needed to ensure wide coverage of >installed machines). Let me push even harder for use of the term "GAK". Your use of SKE here is not appropriate. "Escrow" is (or at least was) a neutral or positive term -- it's something on the side of the user. GAK is opposed to the user (unless the user is the Gov't, I suppose). The Administration, by using the words "Key Escrow" for GAK, no doubt attempted to sugar coat what they were doing. Thanks to the effort of many people (including us), that bit of sugar coating was washed off for the public to taste what was underneath. However, that combined effort has done damage to the English language. The word "escrow" is no longer neutral or positive. It evokes images of GAK and becomes negative. I agree that SKE (gov't use of "escrow") is potentially more threatening than Clipper/Capstone because it removes the distaste for hardware. But, even though that is something currently on your mind, I wish you would not try to limit my phrase GAK to SKE. By GAK I'm talking about any form of government access to citizens' keys -- hardware, software, rubber hoses, .... That was the son-of-an-English-major speaking. Meanwhile, there are positive uses for salting a master key away. For example, I encrypted a file on my Mac with Curve Encrypt earlier this year and then forgot the password. It took a month to remember it. If I hadn't remembered it, I would have to have written a program to guess passwords (knowing the forms I use). (Fortunately, I remembered it.) It would have been nice to have a key someplace (e.g., split in 3 pieces among 3 friends of mine who don't know each other) which I know I can always get in an emergency. [There's a danger here that those people might not be protected by the 5th Amendment, if the gov't were to learn who they were. ..any lawyers out there?] Several people are working on features like this, not for the gov't. The problem comes that a natural term to use to describe this feature would be "key escrow". However, the gov't has soiled that term. Now, I need a new term, hopefully true to the language to describe a feature like this without calling up images of GAK. -------------------------------------------------- >In closing, I reject the point made by Walker, that Americans will >accept a "government imposed key escrow if it was established by law." I do too. However, he might be right, if you take this as a prediction. If the gov't had not tried to pull the Clipper/Capstone crap in the manner it did (half spook, half Madison Avenue), but instead had initiated legislation to get this access, we cypherpunks would have been upset but we might not have gotten 80% of the public on our side. I don't know if the gov't has shot itself in the foot permanently, from the public's point of view. What I hope is immaterial. Walker might be right. The gov't might try it and we might lose. We can't relax in our efforts but we can't get anywhere just talking to recipients of cypherpunks. We have to keep getting the word out. [begin soap box] I also think we need to start writing the code that's needed -- not new ciphers or UNIX hacks to demonstrate feasibilities -- but polished end-user code for the computer-phobic users of Macs or Windows. [end soap box] - Carl From mpd at netcom.com Tue Aug 9 07:38:34 1994 From: mpd at netcom.com (Mike Duvos) Date: Tue, 9 Aug 94 07:38:34 PDT Subject: In-Reply-To: <199408091339.AA11840@metronet.com> Message-ID: <199408091438.HAA22753@netcom3.netcom.com> > But what is the age of consent for such in the Netherlands? I believe I saw > on an educational TV program here in the U.S. that the age of consent in the > Netherlands was 14. If so, what affect does that have on what is considered > "child pornography"? [before the flames start, I would like to point out > that my question is 'scholarly' :-] The age of sexual consent in the Netherlands is 16. However, there was a reform of the penal code a few years back which prohibits prosecution between the ages of 12-16 without a formal complaint being filed by the minor or the minor's parent or guardian. So for consensual relationships with minors with enlightened parents, the effective age is really 12. Pornography featuring performers under age 16 is also illegal, but only production and trafficking is criminalized, private possession is not. There have been a number of recent court cases which have set liberal precedents for child porn laws in Holland, such as the right of research organizations like university libraries to be exempt from the laws. Also, if the material doesn't show actual sex taking place, it is probably legal in Holland unlike the United States, where anything vaguely "suggestive" can get you in trouble. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From snyderra at dunx1.ocs.drexel.edu Tue Aug 9 08:00:36 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Tue, 9 Aug 94 08:00:36 PDT Subject: What are Appropriate Topics? Message-ID: At 2:58 AM 8/5/94, Timothy C. May wrote: >First off, my sincere apologies to Bob Snyder for quoting and >responding to his e-mail to me, without realizing he had not cc:ed it >to the list as well. I'm so used to replying to the author and then >having to manually cc: the Cyherpunks list that it was not until I got >the message quoted below that I realized his comments were private. I >will try to be more careful. > >Partly it was his civil tone that misled me--it read like a post to >the list, and not a personal note. In any case, my apologies to Bob. No problem. I'll try to remember to flame you next time. :-) >At least in my messages, I was not arguing merely statism vs. >libertarianism, or some such stale abstraction, but the specific issue >of taxation in the face of strong crypto and privacy, and the >oxymoronic nature of "volunteer governments." (I also think there are >issues related to privately-produced law which folks on this list >ought to know about, as it is the likely form of crypto anarchic law, >such as it is. The connections with crypto are quite strong, as it is >untraceable communication and commerce which makes these discretionary >communities possible.) OK. Perhaps I misread your article. I appear to have erased it from my Cypherpunks mailbox, or I'd reread it. I was reacting primarily to your initial comments on why you felt it should be on the list. I don't object to (and am happy to see) discussions of "applied" cryptography on the list, such as tax laws in the presence of cryptography. I would only object to the discussion of government in the abscence of either a (preferably) cryptological reference, or a privacy one. >As for pure crypto being discussed on the list, there's a fair amount >of that. I've posted my share of explanations of zero knowledge proof >systems, dining cryptographers protocols, complexity theory, etc. I'm >not saying this to defend myself, per se, but to note that these >topics produced almost no discussion, almost no interest. Make of this >what you will. Yes, and I appreciate you doing so. I try to work though such postings, and often check with _Applied Cryptography_ for more background. But I usually don't have any response for it. "Oh, no, that's completely wrong"? :-) Such postings are often a stretch for me, with my limited math background, and this isn't an appropriate place to ask the kind of math questions that would bring me up to speed. >And a dozen other juicy topics. If people want to debate these and >similar issues, we should *encourage* them to, not announce that the >topics are deviating from some imagined idea of the charter. I agree. I should apologize then, for misunderstanding your posting. My only concern was that the thread was going to start out without any cryptological reference, and who knows where it could veer from there. :-) The topics you listed (and I deleted in this response) appear to me to be perfectly legitimate topics. >It's generally best, I think, to lead by example. Instead of >pronouncing a topic to be off-limits or not consistent with the >charter, why not find a way to make what you *are* interested in also >interesting to others? That's how we'll move forward into new areas. I don't disagree with this. But this takes a skill set I'm still working to acquire; enough knowledge of cryptological concepts to start a discussion. And I don't mean to sound like I'm trying to set the Cypherpunks' agenda. I know what I would like to see here, and I phrase my responses as such. I hope I'm not one of the "complainers and the enforcers of dogma" Eric Hughes mentioned in his post. Bob -- Bob Snyder N2KGO MIME, PGP, RIPEM mail accepted snyderra at post.drexel.edu PGP & RIPEM keys on key servers When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From snyderra at dunx1.ocs.drexel.edu Tue Aug 9 08:00:59 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Tue, 9 Aug 94 08:00:59 PDT Subject: broadcast encryption Message-ID: At 4:06 AM 8/9/94, Dave Horsfall wrote: >Etc. I've been using PGP for authenticating my packet messages for >some months, for precisely the reasons you outlined. I get the >occasional "stop wasting bl**dy bandwidth" but most of the time it >results in more PGP users. I'm also careful to explain that PGP can't >be used to prove I did NOT write an unsigned nasty-gram (until we get >true authentication within the BBS, by which I hope the concept of a >BBS will disappear :-) but it makes a strong case if I sign ALL my >bulletins. What I would like to see is low-level digital signatures on the level of IP or AX.25. IP is doable, I would think. There's swIPe, and amateur packet drivers for Linux, but to get people to really use it, you'd need to put it in the software or hardware they use, like KA9Q (Hi Phil) for IP, and AX.25. Would it be possible to fit this into AX.25? I don't recall that much about the protocol, and all my packet reference materials are about 300 miles away. Bob -- Bob Snyder N2KGO MIME, PGP, RIPEM mail accepted snyderra at post.drexel.edu PGP & RIPEM keys on key servers When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From nzook at math.utexas.edu Tue Aug 9 08:02:22 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 9 Aug 94 08:02:22 PDT Subject: (fwd) Anonymous posters & Misinformation = Net pollution Message-ID: <9408091458.AA06151@vendela.ma.utexas.edu> Path: math.utexas.edu!news.dell.com!swrinde!cs.utexas.edu!uwm.edu!reuter.cse.ogi.edu!netnews.nwnet.net!news.u.washington.edu!mcdaniel From: mcdaniel at u.washington.edu (McDaniel) Newsgroups: talk.politics.misc,news.admin.policy Subject: Anonymous posters & Misinformation = Net pollution Date: 7 Aug 1994 08:13:45 GMT Organization: University of Washington Lines: 39 Message-ID: <32253p$220 at news.u.washington.edu> NNTP-Posting-Host: stein4.u.washington.edu Keywords: misinformation disinformation propaganda net anon anonymous Xref: math.utexas.edu talk.politics.misc:239273 news.admin.policy:19179 The problem: Anonymous posters supplying pseudo-news reports or otherwise wasting bandwidth in groups more concerened with fact or atleast genuine concerns (such as political talk groups and sci groups.) The soultion: Limited anonymous posters to forums where accountability for what one says is of little concern (such as rec groups where applicable.) OR provide the owners of moderated groups with detailed accounts of the true identity of any anonymous poster who post to a serious newsgroup and make that procedure known to the would-be anonymous user. I attempted recently to secure the actual address of an anon poster who deliberetly spread misinformation concerning a non-existant U.S. Presidential Executive Order and a news-look-alike story dealing with proven falsehoods. Needless to say the administrator of the popular anon.penet.fi server has not been cooperative. I suggest that groups wishing to deal with issues based a little stronger in reality ban anonymous posters and encourage their posters NEVER to repeat information supplied by anonymous posters elsewhere. Some groups have already come to that same conclusion. I believe that anonymous posting is a valuable service in many forums. However, it seems that service is being abused in political and technical newsgroups. I suppose yet another solution would be to make widely known the general untrustability of anonymous posters in groups where truth and fact are paramount. But this letter should go a tiny ways towards that goal. Opinions? -McDaniel From nzook at math.utexas.edu Tue Aug 9 08:02:28 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 9 Aug 94 08:02:28 PDT Subject: (fwd) Re: Anonymous posters & Misinformation = Net pollution Message-ID: <9408091458.AA06155@vendela.ma.utexas.edu> Path: math.utexas.edu!news.dell.com!swrinde!cs.utexas.edu!usc!rand.org!usenet From: Jim Gillogly Newsgroups: talk.politics.misc,news.admin.policy Subject: Re: Anonymous posters & Misinformation = Net pollution Date: 7 Aug 1994 15:17:31 GMT Organization: Banzai Institute Lines: 51 Message-ID: <2o7sni$4!nb at bogus-site.org> References: <32253p$220 at news.u.washington.edu> Reply-To: jim at acm.org NNTP-Posting-Host: mycroft.rand.org Keywords: misinformation disinformation propaganda net anon anonymous Xref: math.utexas.edu talk.politics.misc:239321 news.admin.policy:19182 In article <32253p$220 at news.u.washington.edu>, McDaniel wrote: >The problem: Anonymous posters supplying pseudo-news reports or >otherwise wasting bandwidth in groups more concerened with fact >or atleast genuine concerns (such as political talk groups and >sci groups.) .. >Opinions? Since you asked: my opinion is that there are more non-anonymous posters supplying pseudo-news reports or otherwise wasting bandwidth in serious groups. For example, in sci.crypt one poster consistently posts off-topic flamebait, and others consistently take the bait; while there's widespread consternation and killfiling, so far as I know nobody's suggested retroactively moderating him. On the other side, a consistent anonymous poster has produced and released useful crypto and digicash code... I assume his/her identity is masked to avoid ITAR prosecution for sending crypto out of the US without a license. In short, anonymity isn't the problem: cluelessness is the problem. In sci.crypt we may to eventually get rid of off-topic posts by moderating. I would hope the moderators will let anything clueful through, whether it's anonymous or not. I'll point out in passing that an anonymous poster can build up a reputation the same way as anybody else simply by signing articles with the same PGP key each time -- I'd be more confident that a signed message is from Pr0duct Cypher (i.e. the same person who posted as Pr0duct Cypher month) than that an unsigned one is from McDaniel... I could forge one of the latter in a trice. McDaniel also said: >applicable.) OR provide the owners of moderated groups with detailed >accounts of the true identity of any anonymous poster who post to >a serious newsgroup and make that procedure known to the would-be >anonymous user. This sounds challenging. Many of the for-profit services allow the users to pick their own net identity... it's a feature. Do you know the True Name of the person behind the account evidence at netcom.com? Do you think Netcom would cough it up without a court order? Either AOL or Delphi -- I forget which, now -- allows users to have several different identities for their Net traffic. How would prove identity to this moderator? Maybe by signing my application to post with my PGP key, which is in turn signed by somebody they trust? Seems quite difficult. certainly wouldn't want that burden as a moderator. I suggest you devote your time to finding a way to suppress idiocy and cluelessness on the Net in general... and if you can have it in place before the fall quarter starts, that would be lovely. Jim Gillogly Trewesday, 15 Wedmath S.R. 1994, 15:17 From nzook at math.utexas.edu Tue Aug 9 08:02:33 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 9 Aug 94 08:02:33 PDT Subject: (fwd) Re: Anonymous posters & Misinformation = Net pollution Message-ID: <9408091459.AA06167@vendela.ma.utexas.edu> Path: math.utexas.edu!news.dell.com!tadpole.com!uunet!news.sprintlink.net!sun.cais.com!cais2.cais.com!jdfalk From: jdfalk at cais2.cais.com (J.D. Falk) Newsgroups: talk.politics.misc,news.admin.policy Subject: Re: Anonymous posters & Misinformation = Net pollution Followup-To: talk.politics.misc,news.admin.policy Date: 8 Aug 1994 20:27:54 GMT Organization: Capital Area Internet Service Lines: 2 Message-ID: <3264ga$adk at sun.cais.com> References: <32253p$220 at news.u.washington.edu> NNTP-Posting-Host: 199.0.216.200 X-Newsreader: TIN [version 1.2 PL2] Xref: math.utexas.edu talk.politics.misc:239596 news.admin.policy:19191 What you propose would involve rewriting news and mail software at every site. This will not happen. From nzook at math.utexas.edu Tue Aug 9 08:02:36 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 9 Aug 94 08:02:36 PDT Subject: (fwd) Re: Anonymous posters & Misinformation = Net pollution Message-ID: <9408091459.AA06159@vendela.ma.utexas.edu> Path: math.utexas.edu!news.dell.com!swrinde!cs.utexas.edu!usc!nic-nac.CSU.net!charnel.ecst.csuchico.edu!olivea!decwrl!decwrl!amd!amdahl!svpal.org!svpal.org!not-for-mail From: billy at svpal.org (Bill Yeakel) Newsgroups: talk.politics.misc,news.admin.policy Subject: Re: Anonymous posters & Misinformation = Net pollution Followup-To: talk.politics.misc,news.admin.policy Date: 7 Aug 1994 09:42:21 -0700 Organization: Silicon Valley Public Access Link Lines: 30 Message-ID: <3232td$qe7 at svpal.svpal.org> References: <32253p$220 at news.u.washington.edu> NNTP-Posting-Host: localhost.svpal.org X-Newsreader: TIN [version 1.2 PL2] Xref: math.utexas.edu talk.politics.misc:239317 news.admin.policy:19181 McDaniel (mcdaniel at u.washington.edu) wrote: : The problem: Anonymous posters supplying pseudo-news reports or : otherwise wasting bandwidth in groups more concerened with fact : or atleast genuine concerns (such as political talk groups and : sci groups.) : I believe that anonymous posting is a valuable service in many forums. : However, it seems that service is being abused in political and technical : newsgroups. : I suppose yet another solution would be to make widely known the : general untrustability of anonymous posters in groups where truth and : fact are paramount. But this letter should go a tiny ways towards that : goal. : Opinions? Nice in theory, but.... How do know if someone is anonymous? Doesn't the act of checking itself show that you have doubts? What if someone using their real name posts that they have seen a flying saucer? Or posts an astrological prediction? If someone believes everything they are told, the consequence is their responsibility. Just my $2.00 worth. (I value my opinion 100 times greater than other's) Bill From nzook at math.utexas.edu Tue Aug 9 08:02:41 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 9 Aug 94 08:02:41 PDT Subject: (fwd) Re: Anonymous posters & Misinformation = Net pollution Message-ID: <9408091459.AA06171@vendela.ma.utexas.edu> Path: math.utexas.edu!news.dell.com!tadpole.com!uunet!spool.mu.edu!news.clark.edu!netnews.nwnet.net!news.u.washington.edu!mcdaniel From: mcdaniel at u.washington.edu (McDaniel) Newsgroups: talk.politics.misc,news.admin.policy Subject: Re: Anonymous posters & Misinformation = Net pollution Date: 9 Aug 1994 14:27:30 GMT Organization: University of Washington Lines: 16 Message-ID: <3283oi$nt7 at news.u.washington.edu> References: <32253p$220 at news.u.washington.edu> <3264ga$adk at sun.cais.com> NNTP-Posting-Host: stein3.u.washington.edu Xref: math.utexas.edu talk.politics.misc:239698 news.admin.policy:19195 jdfalk at cais2.cais.com (J.D. Falk) writes: > What you propose would involve rewriting news and mail software >at every site. This will not happen. Oh? All it would require is for anonymous posting services to keep a list of the onwers of moderated newsgroups and notify the individual moderator on a periodical basis, as to what the real e-mail address of the anonymous poster is (and what message the posted.) Right now many moderated groups have banned anonymous posting. I only hope that trend continues in groups where misinformation is very destructive (political and sci groups for instance.) -McDaniel From nzook at math.utexas.edu Tue Aug 9 08:02:52 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 9 Aug 94 08:02:52 PDT Subject: (fwd) Re: Anonymous posters & Misinformation = Net pollution Message-ID: <9408091459.AA06163@vendela.ma.utexas.edu> Newsgroups: talk.politics.misc,news.admin.policy Path: math.utexas.edu!news.dell.com!swrinde!howland.reston.ans.net!math.ohio-state.edu!uwm.edu!news.alpha.net!mvb.saic.com!eskimo!wix From: wix at eskimo.com (Dennis Wicks) Subject: Re: Anonymous posters & Misinformation = Net pollution Message-ID: Keywords: misinformation disinformation propaganda net anon anonymous Organization: Eskimo North BBS - The BEST! (206) 367-3837 References: <32253p$220 at news.u.washington.edu> Date: Sun, 7 Aug 1994 18:13:59 GMT Lines: 55 Xref: math.utexas.edu talk.politics.misc:239350 news.admin.policy:19183 In article <32253p$220 at news.u.washington.edu>, McDaniel wrote: >The problem: Anonymous posters supplying pseudo-news reports or >otherwise wasting bandwidth in groups more concerened with fact >or atleast genuine concerns (such as political talk groups and >sci groups.) > >The soultion: Limited anonymous posters to forums where accountability >for what one says is of little concern (such as rec groups where >applicable.) OR provide the owners of moderated groups with detailed >accounts of the true identity of any anonymous poster who post to >a serious newsgroup and make that procedure known to the would-be >anonymous user. > >I attempted recently to secure the actual address of an anon poster >who deliberetly spread misinformation concerning a non-existant >U.S. Presidential Executive Order and a news-look-alike story dealing >with proven falsehoods. > >Needless to say the administrator of the popular anon.penet.fi server >has not been cooperative. I suggest that groups wishing to deal with >issues based a little stronger in reality ban anonymous posters and >encourage their posters NEVER to repeat information supplied by anonymous >posters elsewhere. Some groups have already come to that same conclusion. > >I believe that anonymous posting is a valuable service in many forums. >However, it seems that service is being abused in political and technical >newsgroups. > >I suppose yet another solution would be to make widely known the >general untrustability of anonymous posters in groups where truth and >fact are paramount. But this letter should go a tiny ways towards that >goal. > >Opinions? Non-problem. Anonymous posters don't propogate any more disinformation, lies, or junk than "real" posters. I could post my kill file for t.p.g in support of this, but I won't. Anyone who belives anything posted to the net without verification has only themselves to blame. A well-known person posting from a prestigious .edu site has no more authority than any anon poster. The credence you place on the content has to be determined by the posters previous statements. Indeed, I find that several people post very accurate and insightful articles in some groups, but in others their personal biases are very obvious and their posts are worth no more than the typical TV news "man on the street" interview. -- My own opinions E-mail responses to On my own time Articles may be On my own dime Posted at my option From jdd at aiki.demon.co.uk Tue Aug 9 08:19:23 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 9 Aug 94 08:19:23 PDT Subject: EDDB/RN Message-ID: <4604@aiki.demon.co.uk> I don't know if anyone else has had this particular idea before, but it might be worth some consideration. I referred to it very briefly in my posting on RemailerNet v0.2 (RN02). Eric points out that users of remailer networks want to be able to trust in silence as well as trust in delivery, and RN02 accordingly specifies that messages should be erased immediately after acknowledgement of delivery. However, there should be a use for persistent store, for a remote encrypted database accessible anonymously. Everyone must have had this sort of experience: someone walks into your office. There is something on your desk that you would rather this other person not see. So you toss it into a drawer, to get it out of sight. Imagine that you are working on a document and someone walks into your office. Rather than tossing it into a drawer, you toss it to Finland. The document is sent encrypted. (The storage facility also encrypts it.) When its receipt is acknowledged, your local copy is destroyed, if you wish. You can retrieve it in seconds from anywhere, providing that the system supports the notion of an identify distinct from your log-in address. Ideally, the data is stored on a distributed data base, with some redundancy in case one or more gateways go down, and with the data striped across gateways, so that no one gateway has all of the data. Because the data is encrypted by you and encrypted by the EDDB, it cannot be recovered by anyone without your cooperation. If the data is striped over a number of gateways (with, say, every first byte here, the next byte there, the next byte at a third gateway, and every fourth byte at a fourth gateway), it would take widespread collusion even to recover a copy of the encrypted document. Once you have such a system in place, you could then do interesting things like storing a document in the EDDB, and selling it to someone by selling him your passwords. I also think that a very reliable version of this system could be used to handle electronic cash (e$). -- Jim Dixon From p.v.mcmahon.rea0803 at oasis.icl.co.uk Tue Aug 9 08:22:09 1994 From: p.v.mcmahon.rea0803 at oasis.icl.co.uk (p.v.mcmahon.rea0803 at oasis.icl.co.uk) Date: Tue, 9 Aug 94 08:22:09 PDT Subject: Problem in draft FIPS `CRYPTOGRAPHIC SERVICE CALLS' Message-ID: <9408091522.AA25889@getafix.oasis.icl.co.uk> DATE FROM SUBJECT Two related points: 1. Sorry to waste list bandwidth with such a question, but could someone please post to me the original "Problem in draft FIPS `CRYPTOGRAPHIC SERVICE CALLS'" item? (my server was down at the weekend). 2. NIST have proposed the draft FIPS to a number of standards development organisations - including X/Open and POSIX - and I know that Microsoft have reviewed it, so it will likely influence interfaces to commercially available cryptographic software and devices. If there is anybody with interest in crypto APIs on this list, then your informed comments on this NIST proposal, or other candidates (which I could make available if the level of interest warranted it), or alternatives, would be useful and timely. Thanks Piers -------------------------------------------------------------------- P V McMahon 09AUG94 ICL Enterprises post: Kings House, 33 Kings Road, Reading, RG1 3PX, UK email: p.v.mcmahon at rea0803.wins.icl.co.uk OR p.mcmahon at xopen.co.uk phone: +44 734 634882 fax: +44 734 855106 --------------------------------------------------------------------- From hughes at ah.com Tue Aug 9 08:47:16 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 08:47:16 PDT Subject: NRO spoof In-Reply-To: <9408091156.AA29504@hawksbill.sprintmrn.com> Message-ID: <9408091518.AA22320@ah.com> with Sen. John Warner expressing his displeasure with how the "intelligence community" has hidden the money for a massive construction effort to house the NRO. Steal this line: "The black budget is taxation without representation." Eric From paul at poboy.b17c.ingr.com Tue Aug 9 08:50:56 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Tue, 9 Aug 94 08:50:56 PDT Subject: GAK & RSA Message-ID: <199408091553.AA28248@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- RSADSI has been adamantly opposed to Clipper. You'd expect them to be opposed on business grounds; after all, Clipper wouldn't bring them any revenue and could quite possibly put them out of business if other forms of encryption were outlawed. I don't remember seeing many specific comments indicating that RSA was opposed to GAK on philosophical grounds (well, OK; some quotes on their "Sink Clipper" poster, if those count). Other groups were opposed to Clipper because Skipjack is of unknown strength. Putting the cypherpunkesque arguments about how GAK is a big step down the path towards a surveillance state, is it possible that the software GAK (SGAK) scheme could easily incorporate RSA's technology? Imagine: Schlafly et al win their court case, and RSADSI's patents on RSA and other public-key technology are declared invalid. SGAK can thus use RSA without any problem. The "Skipjack, DSS, and SHA may be weak" crowd can't object to RSA's strength, and of course RSADSI will be in no position to object. Another scenario: RSADSI wins and their patent remains valid. They can't refuse licensing to any entity which meets their terms, so SGAK can still be deployed, but RSADSI then gets a royalty. _This_ is what's scaring me. If Microsoft, Apple, et al offer weak encryption as part of SGAK, objections can be made to the weakness. If they use RSA, that avenue is gone. - -Paul - -- Paul Robichaux, KD4JZG | "Information is the currency of democracy." perobich at ingr.com | - some old guy named Thomas Jefferson Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkemSKfb4pLe9tolAQGYiAP9EEwh/ImtxO6VoeGW6Ur15lwM+eJy9MRR liYk+LMisjfJUwdO7Ngz2EDg/gKWky3u/t2LOm5347tekShXJXEqFqmRlGIt2xu7 8eSMRxRpewYTtYstPWPBaxBe6nzBSfD7BciQseqEU1b6ug21pB53hzHgYP7OwtrY NEZSuas7C9g= =+J/I -----END PGP SIGNATURE----- From hughes at ah.com Tue Aug 9 09:04:30 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 09:04:30 PDT Subject: EDDB/RN In-Reply-To: <4604@aiki.demon.co.uk> Message-ID: <9408091536.AA22362@ah.com> I don't know if anyone else has had this particular idea before, Yes, lots. However, there should be a use for persistent store, for a remote encrypted database accessible anonymously. The real questions are "how big is the market?" and "how much revenue is there in it?". Something like this doesn't get made reliable by volunteers. Ideally, the data is stored on a distributed data base, with some redundancy in case one or more gateways go down Look in Schneier for secret sharing. Eric From hughes at ah.com Tue Aug 9 09:16:15 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 09:16:15 PDT Subject: GAK & RSA In-Reply-To: <199408091553.AA28248@poboy.b17c.ingr.com> Message-ID: <9408091547.AA22396@ah.com> the path towards a surveillance state, is it possible that the software GAK (SGAK) scheme could easily incorporate RSA's technology? That depends on what you consider "RSADSI's technology". First, there are the direct claims of the patents. RSA and Diffie-Hellman primarily. The "public key" pattent of Hellman, Merkle, Diffie is the knapsack, which doesn't work. The Hellman, Pohlig patent is for a method of exponentiation as a secret key cipher. These claims are not very arguable if you believe the patents. (And there's an 'if' there, too.) But there's also the matter of patent extensions, the minor modifications to the actual patents that are also covered. I have heard that RSADSI claims that all use of modular exponentiation for cryptography are covered under their patents, as well as any public key type system. I think those claims are full of shit, myself, but that wouldn't stop RSADSI from suing for infringement and arguing the case and turning the attack from merit to one of lawyerdom. Eric From perry at imsi.com Tue Aug 9 09:19:30 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 9 Aug 94 09:19:30 PDT Subject: NRO spoof In-Reply-To: <9408091518.AA22320@ah.com> Message-ID: <9408091619.AA23352@snark.imsi.com> Eric Hughes says: > with Sen. John Warner expressing his displeasure with how the > "intelligence community" has hidden the money for a massive > construction effort to house the NRO. > > Steal this line: "The black budget is taxation without representation." The black budget, as with most things Congress does these days, is unconstitutional, as in: No money shall be drawn from the treasury but in consequence of appropriations made by law; and a regular statement and account of the receipts and expenditures of all public money shall be published from time to time. Perry From johndo at microsoft.com Tue Aug 9 09:21:35 1994 From: johndo at microsoft.com (John Douceur) Date: Tue, 9 Aug 94 09:21:35 PDT Subject: Remailer ideas Message-ID: <9408091622.AA21758@netmail2.microsoft.com> -----BEGIN PGP SIGNED MESSAGE----- >From: Rick Busdiecker >Date: Tuesday, August 09, 1994 12:54AM > It may thus be quite reasonable to build in a hard cutoff in > service time . . . since the extreme delay which triggers the > expedited transmission is an unpredictable and infrequent event >This is not a safe assumption. Check out the stats for ghio at kaiwan.com. The context of my above assertion was a hypothetical message-mixing system proposed by Hal Finney. Although I must confess that I haven't examined the statistics that you cited, I do not see their relevance to this hypothetical system. Of his own proposal, Hal says, "...it does have one disadvantage, which is that there is no upper bound on the latency of a message.... there is a small chance of having very large latencies.... it might be possible to modify [this system] so that messages never waited more than some maximum number of hours without seriously hurting the entropy." I believe that this is correct. The message delays introduced by Hal's proposed system were of exponentially diminishing probability; thus, linear increases in delay cutoff become multiplicative decreases in cutoff probability, and it is therefore easy to set a cutoff value for delay which will occur with sufficient infrequency as to be useless to the cryptanalyst. > it will not make cryptanalysis of the remailer any easier. >I'm pretty sure that cryptanalysis, per se, is not the question, but >rather traffic analysis. By "cryptanalysis," I mean traffic analysis. Considering the remailers to be a cryptosystem was suggested recently on this list by someone (I forget whom). JD -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkerrEGHwsdH+oN9AQHAjgP+NqSxhzz/N/Wa8y9D5zulPEStYUkZVvpR +krk8VbMRgcbw8OuMYQLG5VUO5viTrSw1zSEu1Hg7hVfZ1HKq8wgE2F/tOJA6r70 sKXfgXkQWi7Nxkz4pqPQSlpniVxW2G9rc4PK9U5aYIIktDKEzFigcZdcsGu20UJl sJUlTlmrpn8= =YvXF -----END PGP SIGNATURE----- From hughes at ah.com Tue Aug 9 09:24:58 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 09:24:58 PDT Subject: broadcast encryption In-Reply-To: Message-ID: <9408091556.AA22438@ah.com> What I would like to see is low-level digital signatures on the level of IP or AX.25. IP is doable, I would think. What is the policy purpose for signing packets? It will affect the design. Do you want to identify users, processes, or machines? If you want to reject packets not signed or badly signed _before_ further processing, that's one way. If you want to detect interposition in a stream parallel to the use of that stream, that would be another. Do you want each packet to carry an independent signature, or can packets be aggregated for signature? This is a separate problem, since "aggregation" doesn't mean a delay, it means there is state information carried which is involved in checking the signature. This question involves the abstraction level where authentication is taking place. Too often a particular situation is in mind and remains unspoken. Making assumptions explicit is necessary for good design and useful debate. Eric From hughes at ah.com Tue Aug 9 09:27:37 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 09:27:37 PDT Subject: Gore Letter and Software Key Escrow In-Reply-To: <9408091421.AA16080@tis.com> Message-ID: <9408091559.AA22451@ah.com> The problem comes that a natural term to use to describe this feature would be "key escrow". However, the gov't has soiled that term. Now, I need a new term, hopefully true to the language to describe a feature like this without calling up images of GAK. "Remote Backup" seems to be OK. Certainly backing up data is a perfectly respectable thing. Private keys are just more data. Eric From perry at imsi.com Tue Aug 9 09:34:26 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 9 Aug 94 09:34:26 PDT Subject: broadcast encryption In-Reply-To: <9408091556.AA22438@ah.com> Message-ID: <9408091634.AA23392@snark.imsi.com> Eric Hughes says: > What I would like to see is low-level digital signatures on the > level of IP or AX.25. IP is doable, I would think. > > What is the policy purpose for signing packets? It will affect the > design. Anyone even making such suggestions has not been following the IPSP standardization work... Perry From hughes at ah.com Tue Aug 9 09:34:45 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 09:34:45 PDT Subject: e$ In-Reply-To: <4591@aiki.demon.co.uk> Message-ID: <9408091606.AA22481@ah.com> There is a small point to be made here which I think is really a big point. The US government does not object to the use of financial instruments so long as they are backed by the US $ (or another accepted currency). No, this isn't so. They also object to barter schemes that are backed by dollars. The object to them not by making them illegal _per se_, but by making it illegal not to report all the transactions that occur inside them. You also need to be concerned about Federal regulations covering the import and export of money. I think that at $5,000 or $10,000 you have to report the transaction. This applies to cash and some cash-like instruments, not to "money". Originally it was just cash; it has been extended to other instruments, but not to all of them, insofar as I know. Eric From p.v.mcmahon.rea0803 at oasis.icl.co.uk Tue Aug 9 09:50:07 1994 From: p.v.mcmahon.rea0803 at oasis.icl.co.uk (p.v.mcmahon.rea0803 at oasis.icl.co.uk) Date: Tue, 9 Aug 94 09:50:07 PDT Subject: Problem in draft FIPS `CRYPTOGRAPHIC SERVICE CALLS' Message-ID: <9408091650.AA17029@getafix.oasis.icl.co.uk> > someone please post to me the original "Problem in draft FIPS > `CRYPTOGRAPHIC SERVICE CALLS'" item? (my server was down at the Thanks very much. I now have the mail. > 2. NIST have proposed the draft FIPS to a number of standards > development organisations - including X/Open and POSIX - and I > know that Microsoft have reviewed it, so it will likely influence > interfaces to commercially available cryptographic software and > devices. > If there is anybody with interest in crypto APIs on this list, > then your informed comments on this NIST proposal, or other > candidates (which I could make available if the level of interest > warranted it), or alternatives, would be useful and timely. My interest in this is that I am chair of the X/Open security working group defining a industry consensus specification for which the draft FIPS is one of the inputs, along with other inputs from RSADSI (via Sun), IBM, HP, Olivetti, SESAME etc. Piers From hughes at ah.com Tue Aug 9 09:57:22 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 09:57:22 PDT Subject: legal hacking In-Reply-To: <9408091043.AA27965@ininx> Message-ID: <9408091629.AA22518@ah.com> Such a person doesn't gladly suffer any legal technicality standing between him and the pound of your flesh to which he thinks he's entitled. On the other hand, if you can convince them that they don't have to contribute their pound of flesh likewise, they'll take that opportunity. I wonder how he would respond to Perry here. Well, Perry's right too, in that the amount of arbitrariness is enormous and that makes it _extremely_ challenging. I point out that one outlet for legal hacking is the legislature. Some things are cut and dried. Many more aren't. For example, the SEC has no jurisdiction on commercial paper of duration nine months or less, by statute. So that gets rid of one hurdle, if you can ensure that your devices are considered commercial paper. Using wording and agreements which are close analogues of commercial paper will help. [Aside: This is a practical failing with Chaum's digicash, is that it, being relatively uninterpreted mathematics, can be _called_ all sorts of stuff, some of which fall under more regulation than others. The regulators, of course, will pick the interpretation which gives them the most control.] So perhaps now you don't have to worry about the SEC. There are four regulators of banks in the USA, plus general regulation of commerce. Lots and lots of obstacles to avoid. And it's easy, easy, easy to overlook something. In addition, much regulatory power has be statutorily ceded to the regulators. In don't think I can stress this enough, because the regulators make rules which have the statutory force of law. The regulators can change or extend these rules _at will_. You won't get much warning, if you get any at all. Therefore, you want to avoid the purview of the regulators entirely, if possible. Moving offshore is one way. Performing substantive activity in another way also works, but that usually just means switching regulators. You can, for example, transfer value by moving stocks and bonds, that puts you under the SEC; you could also transfer value by moving real estate, and that's another set of law. Legal hacking is not easy. Syntactic hacks, for example, don't work. The whole bit with "self-incriminating pass phrases" is a syntactic hack; it doesn't work because it does not touch upon the substance of the law. Moving activity to another jurisdiction is not a syntactic hack, and it works because jurisdiction is legally significant. Eric From ecarp at netcom.com Tue Aug 9 10:01:15 1994 From: ecarp at netcom.com (Ed Carp) Date: Tue, 9 Aug 94 10:01:15 PDT Subject: winpgp 1.0 bugs Message-ID: <199408091701.KAA26325@netcom14.netcom.com> Is there a newer version of winpgp than 1.0? I've found what appears to be several bugs in 1.0: 1) if I attempt to encrypt more than one file, winpgp says "Illegal function call" and terminates. 2) if I encrypt a file with "Binary" checked, the resulting file is named ".PGP". If I attempt to decrypt this .PGP file, winpgp will only allow me to encrypt .PGP files, but not decrypt them. 3) if I encrypt a file with "ASCII" checked, the resultng file is named ".ASC". If I decrypt this file, pgp gives me an error message (apparently pgp is being called with the "-d" option). If I decrypt it by hand without the "-d" option, PGP loses the file extension; i.e., XXX.DOC encrypts to XXX.ASC, but decrypts to just XXX without the .DOC extension. I'm using pgp 2.6 and winpgp 1.0 running under windows 3.11 (workgroups). Please email directly, as I don't have access to the list from work. Thanks in advance for any assistance... :) -- Ed Carp, N7EKG/VE3 Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From perry at imsi.com Tue Aug 9 10:02:17 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 9 Aug 94 10:02:17 PDT Subject: Problem in draft FIPS `CRYPTOGRAPHIC SERVICE CALLS' In-Reply-To: <9408091650.AA17029@getafix.oasis.icl.co.uk> Message-ID: <9408091701.AA23510@snark.imsi.com> p.v.mcmahon.rea0803 at oasis.icl.co.uk says: > My interest in this is that I am chair of the X/Open security working group > defining a industry consensus specification for which the draft FIPS is one > of the inputs, along with other inputs from RSADSI (via Sun), IBM, HP, > Olivetti, SESAME etc. Have you been following the IETF's GSS-API work? .pm From hughes at ah.com Tue Aug 9 10:04:09 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 10:04:09 PDT Subject: Key Coercion after encrypted message transmission. In-Reply-To: <199408090533.AA06475@xtropia> Message-ID: <9408091635.AA22556@ah.com> I am not sure that there is a good way of addressing this problem short of dividing the key in some way among multiple people so that Darth has a hard time seizing them all. This idea has already been discussed elsewhere. Remote backup and secret sharing, yes. This problem could be called the transmission retroactive coercion problem (TRCP). This one has also been discussed here, just last week, by me. It's the problem of forward secrecy. It already has a perfectly good name, thank you. The original author of the message should find out what Diffie-Hellman key exhange is and how it can be used for forward secrecy. Eric From hughes at ah.com Tue Aug 9 10:15:35 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 10:15:35 PDT Subject: Remailer ideas In-Reply-To: <9408091622.AA21758@netmail2.microsoft.com> Message-ID: <9408091647.AA22577@ah.com> multiplicative decreases in cutoff probability, and it is therefore easy to set a cutoff value for delay which will occur with sufficient infrequency as to be useless to the cryptanalyst. They will be useless only as long as you have an assurance that these cutoffs are not correlated with anything "too large" (left deliberately hand-waving). In particular, delivery times are related to the retry algorithms at the higher level of the protocol. These retry algorithms operate between some two ends and therefore introduce correlations into the message patterns. It's not obvious (and may not be true) that arbitrary latency limiting is a safe behavior. By "cryptanalysis," I mean traffic analysis. Considering the remailers to be a cryptosystem was suggested recently on this list by someone (I forget whom). That was me. I'll have more to say on that subject later. Eric From hughes at ah.com Tue Aug 9 10:17:56 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 10:17:56 PDT Subject: broadcast encryption In-Reply-To: <9408091634.AA23392@snark.imsi.com> Message-ID: <9408091649.AA22593@ah.com> > What is the policy purpose for signing packets? It will affect the > design. Anyone even making such suggestions has not been following the IPSP standardization work... I wasn't asking what _the_ purpose was, but rather what the purpose the original author (coming out of the context of a radio discussion) had in mind. I know _lots_ of reasons for signing packets in some way. Eric From banisar at epic.org Tue Aug 9 10:21:20 1994 From: banisar at epic.org (Dave Banisar) Date: Tue, 9 Aug 94 10:21:20 PDT Subject: EPIC Seeks Release of FBI Wiretap Data Message-ID: <9308091315.AA11509@Hacker2.cpsr.digex.net> Electronic Privacy Information Center PRESS RELEASE _____________________________________________________________ For Release: August 9, 1994 2:00 pm Group Seeks Release of FBI Wiretap Data, Calls Proposed Surveillance Legislation Unnecessary Washington, DC: A leading privacy rights group today sued the Federal Bureau of Investigation to force the release of documents the FBI claims support its campaign for new wiretap legislation. The documents were cited by FBI Director Louis Freeh during testimony before Congress and in a speech to an influential legal organization but have never been released to the public. The lawsuit was filed as proposed legislation which would mandate technological changes long sought by the FBI was scheduled to be introduced in Congress. The case was brought in federal district court by the Electronic Privacy Information Center (EPIC), a public interest research organization that has closely monitored the Bureau's efforts to mandate the design of the nation's telecommunications infrastructure to facilitate wiretapping. An earlier EPIC lawsuit revealed that FBI field offices had reported no difficulties conducting wiretaps as a result of new digital communications technology, in apparent contradiction of frequent Bureau claims. At issue are two internal FBI surveys that the FBI Director has cited as evidence that new telephone systems interfere with law enforcement investigations. During Congressional testimony on March 18, Director Freeh described "a 1993 informal survey which the FBI did with respect to state and local law enforcement authorities." According to Freeh, the survey describes the problems such agencies had encountered in executing court orders for electronic surveillance. On May 19 the FBI Director delivered a speech before the American Law Institute in Washington, DC. In his prepared remarks, Freeh stated that "[w]ithin the last month, the FBI conducted an informal survey of federal and local law enforcement regarding recent technological problems which revealed over 180 instances where law enforcement was precluded from implementing or fully implementing court [wiretap] orders." According to David L. Sobel, EPIC's Legal Counsel, the FBI has not yet demonstrated a need for the sweeping new legislation that it seeks. "The Bureau has never presented a convincing case that its wiretapping capabilities are threatened. Yet it seeks to redesign the information infrastructure at an astronomical cost to the taxpayers." The nation's telephone companies have consistently stated that there have been no cases in which the needs of law enforcement have not been met. EPIC is a project of the Fund for Constitutional Government and Computer Professionals for Social Responsibility. ================================================================ FBI Director Freeh's Recent Conflicting Statements on the Need for Digital Telephony Legislation _______________________________________________________________ Speech before the Executives' Club of Chicago, February 17: Development of technology is moving so rapidly that several hundred court-authorized surveillances already have been prevented by new technological impediments with advanced communications equipment. * * * Testimony before Congress on March 18: SEN. LEAHY: Have you had any -- for example, digital telephony, have you had any instances where you've had a court order for a wiretap that couldn't be executed because of digital telephony? MR. FREEH: We've had problems just short of that. And I was going to continue with my statement, but I won't now because I'd actually rather answer questions than read. We have instances of 91 cases -- this was based on a 1993 informal survey which the FBI did with respect to state and local law enforcement authorities. I can break that down for you. * * * Newsday interview on May 16: We've determined about 81 different instances around the country where we were not able to execute a court-authorized electronic surveillance order because of lack of access to that particular system - a digital switch, a digital loop or some blocking technology which we didn't have to deal with four or five years ago. * * * Speech before the American Law Institute on May 19: Within the last month, the FBI conducted an informal survey of federal and local law enforcement regarding recent techno- logical problems which revealed over 180 instances where law enforcement was precluded from implementing or fully implementing court orders [for electronic surveillance]. ============================================================ From perry at imsi.com Tue Aug 9 10:24:16 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 9 Aug 94 10:24:16 PDT Subject: broadcast encryption In-Reply-To: <9408091649.AA22593@ah.com> Message-ID: <9408091723.AA23559@snark.imsi.com> Eric Hughes says: > > What is the policy purpose for signing packets? It will affect the > > design. > > Anyone even making such suggestions has not been following the IPSP > standardization work... > > I wasn't asking what _the_ purpose was, but rather what the purpose > the original author (coming out of the context of a radio discussion) > had in mind. I know _lots_ of reasons for signing packets in some > way. Oh, I understood what you were saying -- I didn't understand what the orignal author could be looking for... .pm From 73211.3713 at compuserve.com Tue Aug 9 10:30:40 1994 From: 73211.3713 at compuserve.com (Loren Fleckenstein) Date: Tue, 9 Aug 94 10:30:40 PDT Subject: remailers Message-ID: <940809172505_73211.3713_DHI21-2@CompuServe.COM> Can anyone supply me with a list of remailers? I'm writing an article for a general circulation newspaper on encryption, anonymous contact services and privacy in the Information Age. I want to provide readers with a list of remailing services. Also, what is the BBS tel. number at MIT to download PGP 2.6? From jdd at aiki.demon.co.uk Tue Aug 9 10:41:22 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 9 Aug 94 10:41:22 PDT Subject: e$ Message-ID: <4652@aiki.demon.co.uk> In message <9408091402.AA23089 at snark.imsi.com> perry at imsi.com writes: > > point. The US government does not object to the use of financial > > instruments so long as they are backed by the US $ (or another > > accepted currency). > > Yes it does. Bearer bonds are illegal in the US. Perhaps my use of terms was insufficiently precise. Bearer bonds do not actually represent money in the same sense that a check does. Their value [usually] fluctuates. They are a different kind of financial instrument. > > Most of us use such financial instruments daily > > -- checks and credit cards, for examples. Most financial transactions > > involve no cash at all. > > The point is that anonymous transactions are coming under increasing > regulation. Commercial paper and the like is not a problem. Hmmm. Neither of the types of financial transactions that I listed is anonymous. If A writes a check to 'cash', pays B with it, and B passes it on to C, and so forth, are you saying that this is or will one day be illegal? -- Jim Dixon From perry at imsi.com Tue Aug 9 10:52:05 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 9 Aug 94 10:52:05 PDT Subject: e$ In-Reply-To: <4651@aiki.demon.co.uk> Message-ID: <9408091751.AA23619@snark.imsi.com> Jim Dixon says: > In message <9408091402.AA23089 at snark.imsi.com> perry at imsi.com writes: > > > point. The US government does not object to the use of financial > > > instruments so long as they are backed by the US $ (or another > > > accepted currency). > > > > Yes it does. Bearer bonds are illegal in the US. > > Perhaps my use of terms was insufficiently precise. Bearer bonds do not > actually represent money in the same sense that a check does. Perhaps you don't actually know what it is that you are trying to say? > If A writes a check to 'cash', pays B with it, and B passes it on to > C, and so forth, are you saying that this is or will one day be illegal? If the check is written to "cash" and is used to avoid federal transfer reporting requirements, it is CURRENTLY illegal. I suspect that checks made out to "cash" would be illegal in all cases if they were widely used to avoid reporting requirements. Perry From tcmay at netcom.com Tue Aug 9 10:52:40 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Aug 94 10:52:40 PDT Subject: GAK & RSA In-Reply-To: <199408091553.AA28248@poboy.b17c.ingr.com> Message-ID: <199408091752.KAA25070@netcom8.netcom.com> Paul Robichaux writes: > RSADSI has been adamantly opposed to Clipper. You'd expect them to be > opposed on business grounds; after all, Clipper wouldn't bring them > any revenue and could quite possibly put them out of business if other > forms of encryption were outlawed. I don't remember seeing many > specific comments indicating that RSA was opposed to GAK on > philosophical grounds (well, OK; some quotes on their "Sink Clipper" > poster, if those count). I communicated with Jim Bidzos about this, asking him what he'd heard about the Karlsruhe/Walker-Belenson proposal--he said he'd gotten no wind of it, thinking it to be just another academic paper. Later messages indicated he was taking it more seriously. As to RSADSI's objections or approvals, I can't say. They are a _company_, planning to (someday??) turn a profit for their investors (Note: Alan Alcorn, the inventor of "Pong," invested in them in the early or mid-80s, and says he's not seen a dime come back, nor has the company gone public). That is, RSADSI is not run along Cypherpunkesque lines, but you all knew that. > Putting the cypherpunkesque arguments about how GAK is a big step down > the path towards a surveillance state, is it possible that the > software GAK (SGAK) scheme could easily incorporate RSA's technology? My understanding is that the Walker-Belenson algorithm is quite strong as it is. I tried to ftp to ftp.tis.com, and succeeded, but could not find the Karlruhe paper(s) there, yet. If someone knows where they are (Carl?) or otherwise gets ahold of them, they might be useful additions to our own archives. Or a pointer, at least. > thus use RSA without any problem. The "Skipjack, DSS, and SHA may be > weak" crowd can't object to RSA's strength, and of course RSADSI will be > in no position to object. I think 95% of the opposition to Clipper came from two sources: 1. General opposition to the principle of "escrowed encryption" 2. Disinterest/opposition to the idea of buying special hardware. I don't see the "Skipjack is weak" argument as ever having been persuasive. Hence, I don't see the following as too big a concern: > _This_ is what's scaring me. If Microsoft, Apple, et al offer weak > encryption as part of SGAK, objections can be made to the weakness. If > they use RSA, that avenue is gone. What scares me is the incorporation of the SKE or GAK into products. Not that RSA may offer an even stronger system. It's the principle. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hughes at ah.com Tue Aug 9 10:53:57 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 10:53:57 PDT Subject: e$ In-Reply-To: <4652@aiki.demon.co.uk> Message-ID: <9408091725.AA22702@ah.com> If A writes a check to 'cash', pays B with it, and B passes it on to C, and so forth, are you saying that this is or will one day be illegal? An individual note and its transfers are unlikely to be made illegal. But that's not the whole story. A company engaged in the business of issuing such notes and not recording (perhaps, a fortiori, by not being able to record) the transactions among people for these instruments, however, could be ruled to be performing a separate activity which could then be made illegal. Just because a single act is legal doesn't mean that a bunch of the same acts are. For example, not reporting a $5000 cash transfer is legal, but not reporting half a dozen of them made to the same person in the same day almost certainly is. Eric From tcmay at netcom.com Tue Aug 9 11:19:21 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Aug 94 11:19:21 PDT Subject: Strucured Transactions and Crypto In-Reply-To: <9408091725.AA22702@ah.com> Message-ID: <199408091818.LAA29474@netcom8.netcom.com> Eric Hughes writes: > If A writes a check to 'cash', pays B with it, and B passes it on to > C, and so forth, are you saying that this is or will one day be illegal? > > An individual note and its transfers are unlikely to be made illegal. > But that's not the whole story. A company engaged in the business of > issuing such notes and not recording (perhaps, a fortiori, by not > being able to record) the transactions among people for these > instruments, however, could be ruled to be performing a separate > activity which could then be made illegal. > > Just because a single act is legal doesn't mean that a bunch of the > same acts are. For example, not reporting a $5000 cash transfer is > legal, but not reporting half a dozen of them made to the same person > in the same day almost certainly is. The IRS/Treasury/etc. has the term "structuring" to refer to attempts to circumvent the reporting laws by doing "individually legal" transactions which are "collectively illegal." For example, getting around the $10,000 limit (which may have been lowered, I hear) by doing multiple $9,000 transactions. FinCEN (Financial Crimes Enforcement Network) is a multi-agency body that looks for things like this. Consistent with earlier points about the government not wanting to make it completely clear what's legal and what's illegal (regulatory discretion), the laws about structuring are not clear. Suspicion of structuring seems to be enough for a costly investigation and possible prosecution. It'll be interesting to see how crypto transactions are treated. The possibilities for structuring are exciting to we Cypherpunks, which means the Feds may act quickly to declare such transactions illegal. (Connections to key escrow/GAK, illegality of digital cash, legal hacking, and the huge new NRO complex near the credit card companies is left as an exercise.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From cme at tis.com Tue Aug 9 11:24:40 1994 From: cme at tis.com (Carl Ellison) Date: Tue, 9 Aug 94 11:24:40 PDT Subject: GAK & RSA In-Reply-To: <199408091752.KAA25070@netcom8.netcom.com> Message-ID: <9408091823.AA26987@tis.com> From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Aug 1994 10:52:48 -0700 (PDT) I don't see the "Skipjack is weak" argument as ever having been persuasive. [...] What scares me is the incorporation of the SKE or GAK into products. Not that RSA may offer an even stronger system. It's the principle. exactly .. This entire debate was sidetracked with a flurry of non-essentials. Who cares if Skipjack has a weakness? Who cares that it's classified? I don't need anything stronger than RSA and triple-DES, so Skipjack doesn't mean anything to me. However, it formed a kernel of controversy to distract a bunch of reporters and people posting to USENET. The only issue, as far as I'm concerned, is that in 4000 years of history of crypto (as documented by Kahn), private citizens have always had strong crypto and have kept their keys to themselves and there's no reason to believe the gov't should have the right, now or ever, to these keys. To me, the *only* issue is GAK. All the rest is moot...stuff to distract the critics and get them arguing among themselves (or with DERD and Sternlight). - Carl From Ben.Goren at asu.edu Tue Aug 9 11:37:43 1994 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Tue, 9 Aug 94 11:37:43 PDT Subject: No more NSA supra-computer? Message-ID: Yesterday I was talking with a friend, and the subject of supercomputers came up. Naturally, I mentioned the NSA 7000 Y-MP equivalent and Gunter Ahrendt's list of supercomputers worldwide (finger gunter at yarrow.wt.uwa.edu.au). My friend sent me a note this morning saying that he couldn't find that machine on Gunter's list; sure enough, it's been removed. Anybody know what happened to this machine? Did they lose funding? Decide it's not worth it? Is there some sort of subterfuge involved? It would be nice to think the Congress killed it, or decided to give the computer to a university, instead. b& -- Ben.Goren at asu.edu, Arizona State University School of Music net.proselytizing (write for info): We won! Clipper is dead! BUT! Just say no to key escrow. And stamp out spamming, too. Finger ben at tux.music.asu.edu for PGP 2.3a (soon 2.6) public key. From koontzd at lrcs.loral.com Tue Aug 9 12:10:56 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Tue, 9 Aug 94 12:10:56 PDT Subject: Digital Telephony Act Message-ID: <9408091909.AA15015@io.lrcs.loral.com> Whats going to happen when direct satellite phone service becomes a reality ( as in the joint Loral/Qualcomm effort ) ? When one notes that it is difficult to impossible to prevent service stealing in the cellular environment, how will it be prevented in direct broadcast? It might not be possible to detect unauthorized encryption schemes without direct monitoring. Do the Feds think this is can be won? From adam at bwh.harvard.edu Tue Aug 9 12:26:41 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 9 Aug 94 12:26:41 PDT Subject: Offline reading Message-ID: <199408091928.PAA01878@hermes.bwh.harvard.edu> I just finished (last night) Guns of the South, by Harry Turtledove. Before that I read Out of Control by Kevin Kelly. Both were recommended by folks on this list, and both were very good. Does anyone else care to share thoughts on books they're read recently? I'm looking for anything interesting. Also, could anyone recommend a good intro to F.A. Hayek's work? (in or out of print; Boston has many good used bookstores.) Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From tcmay at netcom.com Tue Aug 9 12:38:14 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Aug 94 12:38:14 PDT Subject: Digital Telephony Act In-Reply-To: <9408091909.AA15015@io.lrcs.loral.com> Message-ID: <199408091937.MAA13077@netcom14.netcom.com> David Koontz writes: > > Whats going to happen when direct satellite phone service becomes a > reality ( as in the joint Loral/Qualcomm effort ) ? And don't forget "Teledesic," the 800-satellite (or something huge) project of Bill Gates and McCaw Cellular. Graham Toal discussed this recently in a post on software key escrow and Microsoft's possible involvement in SKE. Teledesic plans to enter the data/voice market, so any mandate for wiretapping would impinge on them. (End-to-end encryption, as with PGP, bypasses this....the great Unresolved Question has always been how all these proposed schemes will deal with end-to-end encryption, aka "superencryption.") > When one notes that it is difficult to impossible to prevent service > stealing in the cellular environment, how will it be prevented in > direct broadcast? > > It might not be possible to detect unauthorized encryption schemes > without direct monitoring. > > Do the Feds think this is can be won? Should the Surveillance State not be thwarted (via contributions of technology from groups like ours), I can imagine all sorts of draconian laws about encryption, demands that cleartext be produced on demand, etc. Suspicion of "structuring" communications to evade the intent of the law may be enough to trigger sanctions. But this is what we're here to fight. Deploying technology ubiquitously is more important than writing letters to Congressrodents. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From pcw at access.digex.net Tue Aug 9 12:47:20 1994 From: pcw at access.digex.net (Peter Wayner) Date: Tue, 9 Aug 94 12:47:20 PDT Subject: No more NSA supra-computer? Message-ID: <199408091946.AA27864@access2.digex.net> >Yesterday I was talking with a friend, and the subject of supercomputers >came up. Naturally, I mentioned the NSA 7000 Y-MP equivalent and Gunter >Ahrendt's list of supercomputers worldwide (finger >gunter at yarrow.wt.uwa.edu.au). My friend sent me a note this morning saying >that he couldn't find that machine on Gunter's list; sure enough, it's been >removed. > My guess, and this is only a guess, is that it disappeared for "security" reasons. They have a habit of keeping the smallest bit of light from emerging. For instance, no one knows the "Black" part of the budget. It's classified. But you can take the total budget amount and subtract the non-Black section and get the result. They make you do the math. From mccoy at io.com Tue Aug 9 13:02:35 1994 From: mccoy at io.com (Jim McCoy) Date: Tue, 9 Aug 94 13:02:35 PDT Subject: Digital Telephony Act In-Reply-To: <9408091909.AA15015@io.lrcs.loral.com> Message-ID: <199408091957.OAA10546@pentagon.io.com> > > Whats going to happen when direct satellite phone service becomes a > reality ( as in the joint Loral/Qualcomm effort ) ? [...] > Do the Feds think this is can be won? There is a clause in the Digital Telephony Act that states that the wiretapping requirements are waived if the technology is fundementally unable to provide this service to law enforcement due to it's design. This little bit leads me to believe that we might see telco designers putting a bit of effort to make the designs untappable from the start to get around such requirements if there is a market for it. It was probably put in for sats and wireless services, but in the right hands it might be a useful loophole to drive a crypto truck through... jim From nzook at math.utexas.edu Tue Aug 9 13:20:26 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 9 Aug 94 13:20:26 PDT Subject: (fwd) Anonymous posters & Misinformation = Net pollution Message-ID: <9408092015.AA06563@vendela.ma.utexas.edu> Could you chalk this one up my lack of sophistication as a net.user? I thought c-punks might want to shower this guy with dissenting opinion. No, I've not done so--my poster is down... Nathan From jgostin at eternal.pha.pa.us Tue Aug 9 15:36:51 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Tue, 9 Aug 94 15:36:51 PDT Subject: No more NSA supra-computer? Message-ID: <940809174148S3cjgostin@eternal.pha.pa.us> Ben.Goren at asu.edu writes: > Anybody know what happened to this machine? Did they lose funding? Decide > it's not worth it? Is there some sort of subterfuge involved? Hmmm: "Dear Sir; Here at the NSA, we take National Security very seriously. Persuant to USC 422.932(b), we can pluck out your fingernails for releasing information about our computer resources. Please remove all information and references to and about the National Security Agency from your listing. Sincerely, Sue D. Nym, Agent at Large" True, this is an OBVIOUS spoof, but the point is still there.... --jeff From ianf at simple.sydney.sgi.com Tue Aug 9 16:25:48 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Tue, 9 Aug 94 16:25:48 PDT Subject: Digital Telephony Act In-Reply-To: <199408091937.MAA13077@netcom14.netcom.com> Message-ID: <9408100921.ZM15652@simple.sydney.sgi.com> On Aug 9, 12:37pm, Timothy C. May wrote: > And don't forget "Teledesic," the 800-satellite (or something huge) > project of Bill Gates and McCaw Cellular. Graham Toal discussed this > recently in a post on software key escrow and Microsoft's possible > involvement in SKE. One of the things which has to be worrying the spooks right now is that communications in general is swiftly becoming an international business, and much less susceptible to parochial arm-twisting. The days of the Black Chamber when the cable companies bosses could be talked into releasing telegrams for the good of their country are receeding into the distance, and this really must worry the TLA's we all have come to know and love. None of this is news for any of us. I have often felt that bills like Digital Telephony have a much deeper motive, in that although they seem a lot less than justifiable now, it may be that the spooks are trying to beat the technology and have a surveillance infrastructure in place simply so that it's existance can either frustrate or influence the structure of international communications infrastructure. It would he hard for any country to demand the inclusion of monitoring facilities in a new system, but it is MUCH easier for them to point out that the new system really should be able to provide the same "law enforcement" facilities as the existing infrastructure does. Just an idle thought. Ian. From lrh at crl.com Tue Aug 9 17:21:36 1994 From: lrh at crl.com (Lyman Hazelton) Date: Tue, 9 Aug 94 17:21:36 PDT Subject: Direct Satellite phone service In-Reply-To: <9408091909.AA15015@io.lrcs.loral.com> Message-ID: On Tue, 9 Aug 1994, David Koontz wrote: > > Whats going to happen when direct satellite phone service becomes a > reality ( as in the joint Loral/Qualcomm effort ) ? > > When one notes that it is difficult to impossible to prevent service > stealing in the cellular environment, how will it be prevented in > direct broadcast? > > It might not be possible to detect unauthorized encryption schemes > without direct monitoring. > > Do the Feds think this is can be won? > I am currently working on the IRIDIUM(r) effort. IRIDIUM is an international consortium which will fly 66 (+spares) satellites in polar orbits to achieve a global space-based cellular phone system. It is significant that *ALL* government involvement from *ANY* government or agency is being avoided by the IRIDIUM consortium. This is just good business: Who in another country wants to use a system that they know will be monitored in some secret way by their own or some other country's intelligence service? Instead, no encryption will be included in the mission (telephone) data portion of the IRIDIUM system. If a subscriber wants to use their own crypto-system on top of the basic communication service provided by the system, that is up to them. On the other hand, if no encryption is provided by the subscriber, anyone can listen into their conversations. As to preventing unauthorized use of the system, I know less. While it would be relatively easy and cheap to use any of our well known authentication protocols with strong crypto to prevent such crimes, I don't know if its use as a standard part of the system is planned. Finger lrh at crl.com for PGP 2.4 Public Key Block. From bogus@does.not.exist.com Tue Aug 9 17:42:21 1994 From: bogus@does.not.exist.com () Date: Tue, 9 Aug 94 17:42:21 PDT Subject: More on remailer chaining Message-ID: <199408100042.RAA15568@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- I have one small addition to the analysis I did yesterday of remailer chaining effects. Previously I was assuming that there was a uniform distribution of messages across remailers, so that all saw the same number of packets. How does this change if some remailers are used more than others? Again I will sneak up on the problem by taking a concrete example. Suppose there are two remailers and that we are using two-remailer chains which include the possibility of using the same remailer twice. Suppose one of the remailers is used much more than the other. Take an extreme case, where remailer 1 is used 90% of the time and remailer 2 is used 10% of the time. If we suppose that these probabilities affect both the choice of the first and second remailer in the chain, then the four possible chains have the following frequencies of use: 1,1 81% 1,2 9% 2,1 9% 2,2 1% Notice that this also implies that 90% of the messages enter the net at remailer 1 and 10% at 2, and also that 90% leave via 1 and 10% leave via 2. Now, ignoring for a moment the fact that there may be some reason people are shunning 2 (they suspect it is compromised, or it is unreliable, or something - but maybe it's just new and a lot of people haven't heard about it yet), what is the safest way to use this network? The key, I believe, is to imitate the observed statistics in your own choice of a chain, at least for the 2nd hop. 90% of the messages coming out of the first stage of either remailer will go to remailer 1. If you want your message to be lost most effectively among the others, you should choose remailer 1 as your own 2nd hop 90% of the time. This way your message will be 9 times more likely to go to 1 than 2, but since there is 9 times the traffic going to 1 than to 2 it will be perfectly masked. The result will be that your message is equally likely to be any of the N messages coming out of the remailer. Your statistics will match all of the others. Therefore, you get a full factor of N mixing with such an unbalanced network, just as much as you get with a perfectly symmetrical network - as long as you imitate the network statistics. The choice of the first remailer in your chain does not appear to be critical. We assume the opponent can see which remailer you have chosen (by tracking your message from your site to the remailer) so there is no advantage to choosing 1 over 2 as far as secrecy. You will get full N-fold mixing in either case. This is a bit counter-intuitive; it might seem that choosing 1 is superior to choosing 2 in terms of mixing. But look at a specific example: Suppose 100 messages enter the network, 90 at 1 and 10 at 2. After the first step, 9 messages go from 1 to 2 (10% of the 90) and 9 messages go from 2 to 1 (90% of the 10). Then 90 messages are sent from 1 and 10 from 2. Now, if your message entered at 2, but had a 90% probability of going to 1 at the second hop, then there is a 90% chance that it ended up as one of the 90 messages leaving 1, and a 10% chance that it ended up as one of the 10 messages leaving 2. This tells observers exactly nothing about where your message is. So choosing 2 as the first hop is just as good as choosing 1. Although I have not yet extended these results to longer hops and larger numbers of remailers, my guess is that the same general rule will apply there as well. This suggests that it will be useful and important to have accurate information about the usage levels of the various remailers so that you can accurately mimic those probabilities. How bad is it if you don't have accurate usage information? According to my calculations, in the case of two remailers, if the actual probabilities of the two remailers being used are p and 1-p, and the probabilities you use are q and 1-q, the mixing level you get decreases from N to N * (p/q)^q * ((1-p)/(1-q))^(1-q). If q=p and you have accurate information there is no reduction. In the example above, with p=.9, if you didn't know this and used q=.5, your mixing level reduces to N*.6. This is not a huge reduction even for this rather extreme case, but I can't guess how this will extend to larger networks and chains. Assuming these results do hold true, though, it suggests some interesting "market" dynamics. Patterns of usage of the remailers may tend to be stable since anyone who departs from the current usage pattern will stand out and hence lose security. It may be difficult for new remailers to become established since their initial usage level will be low, making it risky to use them to any significant degree. These considerations are somewhat similar to situations where there are competing but incompatible standards (e.g. Beta vs VHS VCR's) in terms of the barriers to entry. There may also be considerable misinformation about usage levels. It will be to the advantage of a site to exaggerate the number of messages they are handling. Especially if noise messages are used (a strategy I haven't tried to analyze yet) it would be easy to generate bogus statistics. Maybe some organization could collect statistics by polling remailer users about their practices rather than believing the operators, and make that information available. Another point is that, assuming that remailer operation is actually going to be profitable some day, there will be advantages to being one of the first to market. Getting your remailer widely known and used in the early days could establish market leadership which will have considerable staying power just from the inherent properties of how these networks work. Heavily-used remailers could charge premium prices while the "little guys" have to be cut rate in order to grow, compensating users for the loss of security they will experience. Maybe this will encourage people to make the investment to become what Tim May has called "Mom and Pop" remailers. This might be the golden opportunity to get in on the ground floor. For more information, send $10 in digital cash for our investment kit: "How you can make a fortune running anonymous remailers!" Please include an anonymous return address. :-) Hal -----BEGIN PGP SIGNATURE----- Version: 3.14159 iQCVAgUBLkghT6gTA69YIUw3AQFaJgP/e7RRWrEowQDQ9RdN+w9wC5zQ3Zod2w5n oeZLFlMJFzEjer2gxjh0yt+a0CPJA1p33W1BvxNODI2nmPHiFeVcD24L9oNzoyf9 QBrUMAJiuR09QQCPz8MjBwXdIXD1hU25hMiCN/drrJuRCgsFpp1wPlmWU2EnHK4g uoiDsWb4Wg4= =l7nS -----END PGP SIGNATURE----- From Ben.Goren at asu.edu Tue Aug 9 17:46:51 1994 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Tue, 9 Aug 94 17:46:51 PDT Subject: No more NSA supra-computer? Message-ID: At 3:41 PM 8/9/94, Jeff Gostin wrote: >Ben.Goren at asu.edu writes: > >> Anybody know what happened to this machine? Did they lose funding? Decide >> it's not worth it? Is there some sort of subterfuge involved? >Hmmm: > >"Dear Sir; > Here at the NSA, we take National Security very seriously. Persuant >to USC 422.932(b), we can pluck out your fingernails for releasing >information about our computer resources. Please remove all information >and references to and about the National Security Agency from your >listing. > > Sincerely, > Sue D. Nym, Agent at Large" > >True, this is an OBVIOUS spoof, but the point is still there.... Yeah, but the guy keeping the list is an Aussie. What would you do if MI5 asked you to remove mention of their 10,000 Cray Y-MP equivalent from *your* published list? I don't know about you, but that's one of the few times I might actually be glad for the TLAs. > --jeff b& -- Ben.Goren at asu.edu, Arizona State University School of Music net.proselytizing (write for info): We won! Clipper is dead! BUT! Just say no to key escrow. And stamp out spamming, too. Finger ben at tux.music.asu.edu for PGP 2.3a (soon 2.6) public key. From dave at esi.COM.AU Tue Aug 9 18:03:31 1994 From: dave at esi.COM.AU (Dave Horsfall) Date: Tue, 9 Aug 94 18:03:31 PDT Subject: broadcast encryption In-Reply-To: <9408091723.AA23559@snark.imsi.com> Message-ID: On Tue, 9 Aug 1994, Perry E. Metzger wrote: > Oh, I understood what you were saying -- I didn't understand what the > orignal author could be looking for... And by now I've lost track of the original discussion, so I'm not sure whether I am the one being referred to above (I'm the one who PGP signs all his packet radio messages, in response to Bob Snyder saying he sees no problem with this, and Bob replied saying he'd like to see it at the link level), and it sort of diverged from there... Given that the FCC (and other countries' equivalents) are starting to crack down on packet radio abuse (it's all too easy to fake someone else's callsign) I imagine it won't be long before we Amateurs are forced to implement some form of authentication (down to the callsign i.e. the user). You out there, Phil? -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD From nowhere at chaos.bsu.edu Tue Aug 9 18:36:38 1994 From: nowhere at chaos.bsu.edu (Chael Hall) Date: Tue, 9 Aug 94 18:36:38 PDT Subject: Remailer stuff In-Reply-To: <9408041450.AA12817@ah.com> Message-ID: <199408100131.UAA25868@chaos.bsu.edu> Eric Hughes wrote: >My criterion for a successful deployment is when the authors of a >mailer distribute encryption, signing, and remailing support as a >basic part of their packages. Yes, but as my package stands, it will compile on most systems and anybody with a passing knowledge of sendmail.cf, aliases, or .forward files and knows the location of their mailer can install and run it. PGP has been through so many changes, I'm just waiting until I can find a version that I can (1) run for a while without becoming outdated, and (2) use on my system without having security risks all over the place. I will *not* customize my software to work with PGP. I will make it work with encryption, but I'm not going to make it do anything different for PGP than for any other mail-processing software. If anyone has the time and the inclination to monkey with the code, it's available via anonymous FTP from chaos.bsu.edu:/pub/development. It is named something like remailer-current.tar.gz. Remember, this is C code, I don't waste RAM and CPU cycles running PERL on my system (no offense intended to those who use it.) Chael -- Chael Hall, nowhere at chaos.bsu.edu From hayden at vorlon.mankato.msus.edu Tue Aug 9 19:49:19 1994 From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden) Date: Tue, 9 Aug 94 19:49:19 PDT Subject: This is a test Message-ID: I apologize for this test. But, in the end, it will probably serve a good purpose :-) ____ Robert A. Hayden <=> hayden at vorlon.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or anyone else, dammit -=-=-=-=-=-=-=- (GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++ j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++** From alano at teleport.com Tue Aug 9 20:51:16 1994 From: alano at teleport.com (Alan Olsen) Date: Tue, 9 Aug 94 20:51:16 PDT Subject: CreditCard info Message-ID: <199408100351.UAA09774@teleport.com> > > An interesting sideline - > I ran into an interesting situation at a local video rental place >yesterday. If you give them your credit card number they charge you .25 >less a tape to rent it(2.75 compared to 3.00) Your number goes into their >customer databse. > > I laughed, and said i'd rather pay the .25 a tape than take the chance >of some part-time HS kid getting ahold of my CC number. > > It's unbelieveable (to me anyway) that people would give this kind of >information out and trust that it can't be abused. It's bad enough that >we're asked to hand out our SS number for everything. > There are businesses that are just as clueless. I work for a mailing company that gets credit card orders from a telemarketing firm. All of the information that I would need to commit major credit card fraud flows across my computer every morning. (I actaully do the processing via computer to the bank. The bank program was written in Microsoft Basic by someone in California.) The company I work for wanted to print ALL of the credit card information on the packslips. This means that anyone along the production line could have taken that information and done with it what he/she will. The information is not stored in any sort of encrypted form on the computer. Anyone who has access to the system and the least amount of knowlege could get to it. Now you know why I do not have any credit cards. /========================================================================\ |"I would call him a Beastialic Sadomasochistic | alano at teleport.com | |Necrophile but that would be beating a dead | Disclaimer: | |horse." -- Teriyaki (What's up Tiger Lily?) | As if anyone cares! | \========================================================================/ From tcmay at localhost.netcom.com Tue Aug 9 21:36:03 1994 From: tcmay at localhost.netcom.com (Timothy C. May) Date: Tue, 9 Aug 94 21:36:03 PDT Subject: No more NSA supra-computer? Message-ID: <199408100435.VAA02566@netcom13.netcom.com> >>Yesterday I was talking with a friend, and the subject of supercomputers >>came up. Naturally, I mentioned the NSA 7000 Y-MP equivalent and Gunter >>Ahrendt's list of supercomputers worldwide (finger >>gunter at yarrow.wt.uwa.edu.au). My friend sent me a note this morning saying >>that he couldn't find that machine on Gunter's list; sure enough, it's been >>removed. >> > >My guess, and this is only a guess, is that it disappeared for "security" >reasons. They have a habit of keeping the smallest bit of light from >emerging. For instance, no one knows the "Black" part of the budget. It's >classified. But you can take the total budget amount and subtract the >non-Black section and get the result. They make you do the math. I was intrigued by this disappearance, so I sent an e-mail message to Gunter Ahrendt. Through the joys of time zones, my message this evening was answered within minutes, from Australia. He told me the NSA machine remains, though it has been renamed, has been put under another site, and its performance rating has been recalculated based on a new metric. Gunter's latest report (in comp.sys.super) explains the new metric. Grepping for the name "SMPP," here's where I found it: 58) 16.46 - (APR-1994) [SRC] Supercomputing Research Center,Bowie,Maryland,US,root at super.org 1) Cray 3/4-128 [-4Q96] 11.46? 2) SRC Terasys ~ 5 3) SRC SMPP-4/2M [+4Q96] 503.33? This is also very intriguing. The machine formerly called the "NSA SMPP-2/2M" and expected to be located at NSA Central Security Service, is now to be located in nearby Bowie at the Supercomputing Research Center. I guess that means the SRC is doing more than just "academic computing"! --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From die at pig.jjm.com Tue Aug 9 23:24:53 1994 From: die at pig.jjm.com (Dave Emery) Date: Tue, 9 Aug 94 23:24:53 PDT Subject: Satellite Cellphones In-Reply-To: <9408091909.AA15015@io.lrcs.loral.com> Message-ID: <9408100627.AA17861@pig.jjm.com> > > > Whats going to happen when direct satellite phone service becomes a > reality ( as in the joint Loral/Qualcomm effort ) ? > > When one notes that it is difficult to impossible to prevent service > stealing in the cellular environment, how will it be prevented in > direct broadcast? My understanding of both IRIDIUM and the Loral effort are that the satellite will be used to directly connect a remote user to a ground based MTSO (switch) which will actually route the call out over land lines or another satellite link. This implies that the satellite is not being used as a classical bent-pipe repeater linking the transmitter of one satellite phone to the receiver of another, but rather as a space born cell-site linked to the MTSO via a separate radio system on a completely different frequency band not unlike the terrestrial microwave links that link most cell sites to the current MTSOs. This means that there is no way for a mobile satellite user to bypass the switch and use the satellite directly to relay his communications to another satellite phone, just as there is no way in the current analog AMPS/NAMPS cellphone system for a user on one cellphone to talk directly to another cellphone without going through a cell site relay and the MTSO switch. Thus the switch can always serve as a gateway authenticating users, and providing billing and access control services. Even in the more advanced concepts in which the satellite actually does some measure of on-board switching between the mobile terminal uplinks and downlinks, this switching is almost certainly going to be controlled and managed from the ground even if the actual traffic path goes only through one or more satellites. And hopefully, someone has already thought of the problem of a user of a satellite switched link having his direct satellite link taken over by a higher powered bad guy perhaps only for a few seconds to transmit a burst of data to a confederate monitoring the downlink. Thus the problem of satellite phone access security is not very different from the problem of current terrestrial cell phone access security - namely that a remote user coming from somewhere out there and preporting to be a legitimate subscriber requests a connection over a very unsecure link subject to both easy monitoring and various kinds of spoofing. Obviously this is a very natural place to apply cryptographic authentication technology such as zero knowlage proofs. As most of you are no doubt aware, the problems with fraud in the current AMPS cellular system in the US are due to a very bad design decision 15-20 years ago to not use some form of strong encryption of the authentication exchanges between the mobile phone and the switch. Instead all of these take place completely in the clear, including transmission of the ESN (electronic serial number) which is the only trully unique ID a cellphone contains. Thus anyone with trivially simple equipment (basically a scanner and a PC and a very simple interface card) can determine the ESN and MIN (telephone number) of someone elses cellphone by listening in to its tranmissions and use these to make fraudulant calls charged to that number. Had the designers of the system simply cbc DES encrypted these messages under a fixed cell or system wide key, most of this fraud would have been too difficult for all but those with much better things to do with their time and resources to attempt (assuming some elementary common sense in the design of the message formats to thwart simple replay attacks). One suspects that these kinds of fraud in a cellphone system designed using the concepts well known now for proper crytographic authentication and resistance to spoofing and replay attacks would be so rare as to be unimportant compared to other losses. In such a system security of the authentication information would no doubt be the major risk, as the designers of the European GSM system seem to indicate with their choice of a removable smartcard security module (token) that can be carried on one's person. > It might not be possible to detect unauthorized encryption schemes > without direct monitoring. Do the Feds think this is can be won? > I don't imagine it is ever possible to detect unauthorized encryption without direct monitoring. And for data transmission as opposed to voice, this is a very hard problem since some considerable fraction of data transmitted is such things as compressed binaries and images and things in unusual formats which don't lend themselves to easy automatic recognition at low cost. Dave Emery From jdwilson at gold.chem.hawaii.edu Tue Aug 9 23:49:49 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Tue, 9 Aug 94 23:49:49 PDT Subject: CreditCard info In-Reply-To: Message-ID: On Mon, 8 Aug 1994, Chris Knight wrote: > > It's true... You do not HAVE to give your ssn to anyone other than the > IRS and your employer... So many companies have changed their Actually you are not required to give your SSN to any government agency including the IRS, but they tell you in the Privacy Act acknowledgement that if you do not (voluntarily) give them your SSN, they won't process your tax payment. This would result in failure to pay taxes, and potentially jail-time etc. But it is "voluntary." -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.4: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From ianf at simple.sydney.sgi.com Wed Aug 10 01:07:24 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Wed, 10 Aug 94 01:07:24 PDT Subject: No more NSA supra-computer? In-Reply-To: Message-ID: <9408101804.ZM16350@simple.sydney.sgi.com> On Aug 9, 5:48pm, Ben.Goren at asu.edu wrote: > Yeah, but the guy keeping the list is an Aussie. > What would you do if MI5 asked you to remove mention of their 10,000 Cray > Y-MP equivalent from *your* published list? I don't know about you, but > that's one of the few times I might actually be glad for the TLAs. Well, I would imagine that it would be GCHQ in that case, but nevermind. MI5 is the UK equivalent of the FBI. In the case of an Australian mentioning something the NSA did not want mentioned, I would point out the existance of the UKUSA agreement (on which Australia is a signatory). I doubt that the DSD would contact anyone, they're rather pleasingly careful about not exceeding their charter. However, I would not be surprised if ASIO made a phone call and asked someone to cease and desist. Ian. From merriman at metronet.com Wed Aug 10 03:19:52 1994 From: merriman at metronet.com (David K. Merriman) Date: Wed, 10 Aug 94 03:19:52 PDT Subject: No more NSA supra-computer? Message-ID: <199408101022.AA08062@metronet.com> >This is also very intriguing. The machine formerly called the "NSA >SMPP-2/2M" and expected to be located at NSA Central Security Service, is >now to be located in nearby Bowie at the Supercomputing Research Center. > >I guess that means the SRC is doing more than just "academic computing"! > What was that IP address, again? :-( Dave Merriman From rah at shipwright.com Wed Aug 10 05:48:39 1994 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 10 Aug 94 05:48:39 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408101246.IAA18622@zork.tiac.net> I posted this: > Second, we need a lawyer. This is a good thing, 'cause a you can't hack > laws without a lawyer (most of the time, anyway...), and > (ObThreadRelevance) we need one to pitch this stuff to other lawyers > (regulators, et. al.) anyway... > > In search of Vinnie "the Pro" Bono, honorable second cousin of the esteemed > mayor of Palm Springs, > > Bob Hettinga I got the following in e-mail from a law professor (shall we call him/her "Professor Vinnie"?) who wants to remain nameless for some reason... Somebody should teach "him" how to use a remailer, eh? This person is emblematic of all the usual interface problems with spiffy new stuff... Oh well. The posting is late because of the time took me to get permission. They should be a little faster next time. Here's what s/he said: >My specialties involve law about the government, not law about financial >transactions, so I'm guessing more than anything else here, but it seems >to me that there are two simple rules of thumb that ought to apply: > >1) E$ is not a security so long as there is no suggestion that you might >ever get back more than you paid. I.E. no interest, no dividends, no >profits. So long as e$ is exchanged at 1:1 (or less if there is a >transaction fee) with US$, then odds are very good it's not going to be >seen as a security, at least under federal law (who knows what funny rules >they may have in *your* state...). > >2) It's not going to be a scrip problem so long as every e$ is purchased >in advance for a US$. People run into problems when they are seen to be >creating value, e.g. as banks do with fractional reserve lending. So >long as e$ sticks close to the travellers check model, I would imagine >(remember: NO RESEARCH WAS DONE TO REACH THESE CONCLUSIONS) that the only >rules which apply in the US will be UCC rules that apply to checks, and >IOUs. This would seem to be a desireable state of affairs for e$. > >I am late to this subject, so if in fact e$ fails either of the tests >above, please let me know. After I got this, I asked "him" to reply directly to the list, and "he" replied declining to do so, the following is the only part of "his" reply that is relevant to the above. >I should warn you again: I'm an administrative lawyer. The 'research' >for that note consisted of five minutes conversation in bed with my >who is a securities lawyer. From another country. There's a good chance I >have no idea what I'm talking about... Great. We've got ourselves a lawyer in the loop who'll help us talk about this stuff. I fingered "him" and "he" looks real to me. Guess I have some reading to do about this anonymity stuff, eh? Anyway, it's real nice to have another pair of (trained) eyes looking at the problem. Cheers, Bob Hettinga (Human remailer and mouthpiece mouthpiece) ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From snyderra at dunx1.ocs.drexel.edu Wed Aug 10 06:42:32 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Wed, 10 Aug 94 06:42:32 PDT Subject: broadcast encryption Message-ID: At 11:56 AM 8/9/94, Eric Hughes wrote: >What is the policy purpose for signing packets? It will affect the >design. > >Do you want to identify users, processes, or machines? While I am a ham, I'm not directly on packet radio, so someone who spots something incorrect please speak up. I'll probably be getting the needed equipment within the month. I would think machines would need to be identified. Every packet contains a callsign within it, identifying the source of the packet. This is often the only criteria BBSes on packet radio will discriminate callers. You can change the callsign transmitted with a simple command to the TNC, and thus easily forge messages. Another situation this could solve would be the ability to log into a home machine without compromising the security on it. Your password must go in the clear, but if the packets are digitally signed, it would be difficult for someone to log into your machine using a replay attack. I had considered one of the challenge/response credit card devices out there, but someone could still break in by waiting for the chalenege/response to take place, and then send their own packets seemingly coming from the host that answered the challenge/response. I would say drop packets that are supposed to be coming from a signing source that aren't signed or have a wrong signature. For example, the local BBS would have listed that N2KGO uses signatures, and has a key on file. Any packet destined for the BBS with my call with a abscent/bad signature would be dropped. You need to keep the ability to respond to unsigned packets, though, since not everyone will switch at the same time, or switch at all. >Do you want each packet to carry an independent signature, or can >packets be aggregated for signature? This is a separate problem, >since "aggregation" doesn't mean a delay, it means there is state >information carried which is involved in checking the signature. This >question involves the abstraction level where authentication is taking >place. This one is a toss-up. One of the main characteristics of packet radio is its low bandwidth. A message digest on individual packets would probably take up more space than a digest on an aggregate group of packets, because the function should generate the same size digest either way. However, if testing a group of packets, and the signature is wrong becuase of an error, you now have many more packets to resend. Bob -- Bob Snyder N2KGO MIME, PGP, RIPEM mail accepted snyderra at post.drexel.edu PGP & RIPEM keys on key servers When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From snyderra at dunx1.ocs.drexel.edu Wed Aug 10 06:42:42 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Wed, 10 Aug 94 06:42:42 PDT Subject: broadcast encryption Message-ID: At 12:34 PM 8/9/94, Perry E. Metzger wrote: >Eric Hughes says: >> What I would like to see is low-level digital signatures on the >> level of IP or AX.25. IP is doable, I would think. >> >> What is the policy purpose for signing packets? It will affect the >> design. > >Anyone even making such suggestions has not been following the IPSP >standardization work... Is this the IPng work I just saw a bunch of RFC notices go out for, or something different? Any drafts you can point me to? Bob -- Bob Snyder N2KGO MIME, PGP, RIPEM mail accepted snyderra at post.drexel.edu PGP & RIPEM keys on key servers When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From perry at imsi.com Wed Aug 10 06:45:06 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 10 Aug 94 06:45:06 PDT Subject: broadcast encryption In-Reply-To: Message-ID: <9408101344.AA26604@snark.imsi.com> Bob Snyder says: > >Anyone even making such suggestions has not been following the IPSP > >standardization work... > > Is this the IPng work I just saw a bunch of RFC notices go out for, or > something different? Any drafts you can point me to? I posted a summary to this very mailing list only a few days ago. .pm From jdd at aiki.demon.co.uk Wed Aug 10 07:10:26 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 07:10:26 PDT Subject: e$ Message-ID: <4866@aiki.demon.co.uk> In message <9408091606.AA22481 at ah.com> Eric Hughes writes: > There is a small point to be made here which I think is really a big > point. The US government does not object to the use of financial > instruments so long as they are backed by the US $ (or another > accepted currency). > > No, this isn't so. They also object to barter schemes that are backed > by dollars. The object to them not by making them illegal _per se_, > but by making it illegal not to report all the transactions that occur > inside them. It may not be so, but this example is not relevant. A barter scheme is not a financial instrument or an exchange of financial instruments. If you agree to exchange a refrigerator for ten hours with your favorite shrink, no financial instruments change hands. But the IRS sees that your shrink is making "money" and not reporting it. > You also need to be concerned about Federal regulations > covering the import and export of money. I think that at $5,000 or > $10,000 you have to report the transaction. > > This applies to cash and some cash-like instruments, not to "money". > Originally it was just cash; it has been extended to other > instruments, but not to all of them, insofar as I know. When you fly into the US, you must fill out a customs declaration. You are required to declare money in various forms (cash, checks, etc) and then to sign a statement saying that your declaration is true. I believe that you must declare anything over a relatively small amount, a few thousand dollars. Banks are required to declare cash deposits and international movements of funds over either $5K or $10K, I forget which. The objective is to make money laundering difficult. -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 10 07:10:40 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 07:10:40 PDT Subject: Postal Inspection (was Common Carriers...) Message-ID: <4869@aiki.demon.co.uk> In message <9408091950.AA02763 at smds.com> FutureNerd Steve Witham writes: > > What was the conference about? (If the icon was printed on the envelope, > > I suspect that it represented the topic of the conference or the group > > sponsoring it.) > > Artificial Life. No relation to the icon that I can see. > Besides, it was on the back of the envelope on the flap. > > Some people have answered that it means "Okay to inspect, open here." > Scary icon (policeman looking into envelope). 1. Icons are commonly used in Europe because there are so many different languages. 2. You often get lower rates for printed paper. 3. He is a postman, not a policeman. "OK to open for postal inspection" (to verify that it is printed paper). -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 10 07:10:53 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 07:10:53 PDT Subject: broadcast encryption Message-ID: <4871@aiki.demon.co.uk> In message <9408091634.AA23392 at snark.imsi.com> perry at imsi.com writes: > > What is the policy purpose for signing packets? It will affect the > > design. > > Anyone even making such suggestions has not been following the IPSP > standardization work... How can one follow the IPSP standardization work? -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 10 07:11:20 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 07:11:20 PDT Subject: e$ Message-ID: <4878@aiki.demon.co.uk> In message <9408091725.AA22702 at ah.com> Eric Hughes writes: > If A writes a check to 'cash', pays B with it, and B passes it on to > C, and so forth, are you saying that this is or will one day be illegal? > > An individual note and its transfers are unlikely to be made illegal. > But that's not the whole story. A company engaged in the business of > issuing such notes and not recording (perhaps, a fortiori, by not > being able to record) the transactions among people for these > instruments, however, could be ruled to be performing a separate > activity which could then be made illegal. Yes. But my initial point was that a check for $1.00 does not constitute an alternative currency and you do not seem to be disagreeing with this. 'Therefore' if e$1.00 is essentially a promise to pay one US dollar, and if that $1.00 is on deposit with a bank somewhere, and if that bank will pay out US$1.00 when the e$ "check" is presented, the Feds will not be able to prosecute anyone for using an illegal currency. > Just because a single act is legal doesn't mean that a bunch of the > same acts are. For example, not reporting a $5000 cash transfer is > legal, but not reporting half a dozen of them made to the same person > in the same day almost certainly is. Yes. But you must remember my original point. I think that whether the $5000 is transferred as greenbacks or as $e is irrelevant, if the creation of $e is handled correctly. I think that if you look back through the recent postings on $e, you will find that in many cases a discussion which seemed to be about $e is actually about something else. You could substitute US$ for $e without changing the substance of the postings. > A company engaged in the business of > issuing such notes and not recording (perhaps, a fortiori, by not > being able to record) the transactions among people for these > instruments, however, could be ruled to be performing a separate > activity which could then be made illegal. Every bank in the United States that allows checks to be made out to cash already does this. A second point, relating to this paragraph: obviously, a foreign bank cannot be constrained in the same way to report financial transactions to US authorities. We have all heard of Swiss bank accounts. So I think that if a company issued $e "checks" denominated in US $ and if a foreign bank were willing to pay against the checks upon demand, then (a) the $e checks would not violate the Constitutional provisions against alternative currencies and (b) neither the foreign bank nor the foreign company issuing the checks would have to make any reports to US authorities. Our company is a UK company. We can easily open a US$ account at the bank down the street. We could then write US$ checks made out to cash. Our bank would not object, any more than they already object to the sterling checks that we occasionally make out to cash. If the US government tried to force either us or our bank to file reports with them, we would simply laugh at the requirements. -- Jim Dixon From perry at imsi.com Wed Aug 10 07:23:10 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 10 Aug 94 07:23:10 PDT Subject: broadcast encryption In-Reply-To: <4870@aiki.demon.co.uk> Message-ID: <9408101422.AA26709@snark.imsi.com> Jim Dixon says: > In message <9408091634.AA23392 at snark.imsi.com> perry at imsi.com writes: > > > What is the policy purpose for signing packets? It will affect the > > > design. > > > > Anyone even making such suggestions has not been following the IPSP > > standardization work... > > How can one follow the IPSP standardization work? Read the drafts, show up at IETF meetings, and subscribe to the working group mailing lists. (The list subscribe address is ipsec-request at ans.net; however, I'll caution that we do work on that mailing list, its not like cypherpunks. Distracting from the discussion, and posts from newbies who haven't followed the work thus far, are not encouraged. This isn't to say that new people are unwelcome; its just to say that it IS a working group, and its been in progress for a while.) Perry From perry at imsi.com Wed Aug 10 07:29:00 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 10 Aug 94 07:29:00 PDT Subject: e$ In-Reply-To: <4872@aiki.demon.co.uk> Message-ID: <9408101428.AA26732@snark.imsi.com> Jim Dixon says: > Precisely what do you mean by "is used to avoid federal transfer reporting > requirements" ? If you say that it is illegal, can you direct us to or > quote the relevant statute? I don't care to. It is widely known and understood that structuring transactions to avoid the $10,000 and over transaction reporting requirements is a felonly. Go and find out why on your own. > My point is that checks made out to cash are not regarded as an > alternative currency. My point is that the government doesn't give a flying fuck. They are simply trying to stop you from playing games. The law isn't like geometry -- there aren't axioms and rules for deriving one thing from another. The general principle is that they want to track all your transactions, and if you make it difficult they will either use existing law to jail you, or will produce a new law to try to do the same. Your hair spliting is really completely irrelevant. Perry From hughes at ah.com Wed Aug 10 07:35:20 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Aug 94 07:35:20 PDT Subject: e$ In-Reply-To: <4865@aiki.demon.co.uk> Message-ID: <9408101407.AA24943@ah.com> When you fly into the US, you must fill out a customs declaration. You are required to declare money in various forms (cash, checks, etc) What they ask for and what is required by law are two different things. It's not generally illegal to allow people to volunteer information that increases the power of the state. Banks are required to declare cash deposits and international movements of funds over either $5K or $10K, I forget which. In the US, the value is $10K, but that's only for cash transactions, and it's not just banks that are required to report. "International movements of funds" are not subject to reporting requirements as such. Eric From hughes at ah.com Wed Aug 10 07:42:54 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Aug 94 07:42:54 PDT Subject: e$ In-Reply-To: <4877@aiki.demon.co.uk> Message-ID: <9408101414.AA24954@ah.com> Yes. But my initial point was that a check for $1.00 does not constitute an alternative currency and you do not seem to be disagreeing with this. Merely the fact that an instrument is denominated in USA dollars is irrelevant to legality. What I was saying is that there are other activities that would be the ones ruled illegal. I think that whether the $5000 is transferred as greenbacks or as $e is irrelevant, if the creation of $e is handled correctly. Irrelevant to whom? As long as it's _not_ irrelevant to the government, it will be irrelevant to very few other parties. > A company engaged in the business of > issuing such notes [etc.] To clarify, I'm talking about a digital money company here, and since USA regulation is what is at issue, I'm talking about a USA digital money company. Every bank in the United States that allows checks to be made out to cash already does this. The one-at-a-time has never been an issue. And it's not banks that "allow" this, it's the Uniform Commercial Code. A second point, relating to this paragraph: obviously, a foreign bank cannot be constrained in the same way to report financial transactions to US authorities. Well, this is just what I've been talking about for some time. It's clearly possible to have the issuer in another country. Eric From farid at netcom.com Wed Aug 10 07:58:55 1994 From: farid at netcom.com (Farid F. El-Wailly) Date: Wed, 10 Aug 94 07:58:55 PDT Subject: Key Coercion after encrypted message transmission. In-Reply-To: <199408090533.AA06475@xtropia> Message-ID: <199408101459.KAA29853@netcom14.netcom.com> In article <199408090533.AA06475 at xtropia> you write: > > >People can use this protocol right now with PGP to protect themselves >against this kind of retroactive coercion. It will work. However, the >problem of manually generating the keys and sending them to the other >party and the whole bureaucratic hassle of keeping track of everything >makes it unlikely that anyone would actually do so. > Great idea. You don't need to generate public/private keypairs though. All you need are IDEA keys in these one time certificates and those are easy to generate. Regards, -- Farid F. El-Wailly farid at netcom.com From jdd at aiki.demon.co.uk Wed Aug 10 08:05:26 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 08:05:26 PDT Subject: RemailerNet Message-ID: <4895@aiki.demon.co.uk> In message <2e452e79.nemesis at nemesis.wimsey.com> Stuart Smith writes: > In article <4068 at aiki.demon.co.uk> you write: > >If you modify the proposed RemailerNet to allow reposting at gateways, > >you have all of the benefits of the system described above, without > >the risks. Reposted messages would be encrypted with the far gateway's > >public key. The near gateway would then have no idea of the ultimate > >destination of the message. In a well designed system, the far > >gateway would also not know the identity of the sender. > > But how could we do this if we followed your advice, and did not > allow the user to select their own chain, as you said > previously? I have assimilated criticisms made and modified the proposal. > By making users *trust* the remailnet as an entity, > you make it possible for that entity to be compromised. (a) I don't force the users to trust RemailerNet as a single entity, (b) how does their trust make it possible for the entity to be compromised?? It is not possible to guarantee that some or all components of a remailer network are not compromised. You can only take steps which reduce the probability. > If the > remailernet is not one entity, but a large group of independent > entities, compromise is *much* harder. It is NOT one entity, is IS a large group of independant (but cooperating) entities. > >Any traffic sent through this remailer network would have only a tiny > >chance of getting through without being compromised. If you picked > >5 remailers, the chances of all being non-FBI would be about .2^5, > >3 in 10,000. The other 9,997 messages would be copied immediately > >to Langley. > > > >The proposed RemailerNet could be attacked in much the same way. But > >if the network were widely distributed so that gateways were in > >different legal jurisdictions and different countries, and if most of > >the people involved knew one another, it would be more difficult to > >compromise it. > > But if the user does not know the people in the remailnet, how > can he or she trust *them*? In most cases, you do not want the person operating a remailer to know you personally. Ideally, you know them, because they have a widespread reputation (eg, julf at penet.fi). But they do not know you. As a practical matter, the fewer remailers there are, the more likely they are to have an accurate reputation, because more people will have had experience with them. > It's fine and dandy that the > remailnet operators trust each other, but the point is to give > the end user anonymity, not to form an old boys club of remail > operators. If they all know each other, I do *not* think that > makes the system more secure, I think it makes it weak. People have been building systems like this, that involve webs of trust, for millenia. Banks are such institutions. While it is true that familiarity between trusted individuals makes for collusion, it also makes for knowledge. Most people use banks. Few banks are corrupt. A cruder example is the dope dealer. The police regularly attempt to compromise them. Anyone buying dope learns to (a) be skeptical about all dope dealers but also (b) find one that he can trust and stick with him. Dope dealers apply the same sort of heuristic to their suppliers. They ask around all the time, they listen to gossip, they talk to their peers. > As is often stated, a mix-net like this should still be secure > if some of the remailers are compromised, so could we speculate > on just how easy or hard traffic analysis is with any given > percentage of a remailnet compromised? i.e. if we took it as a > fact of life that 90% of any announced remailers were > spook-mills, could we still trust the remailnet if we used > *long* chains in the hope that our messages would pass often > enough through *good* remailers to confuse the trail? RemailerNet v0.2 allows "empowered users" to participate as equals with established RemailerNet operators. This means that the gateway that they are connected to has no way of knowing whether they are originating any traffic, let alone who that traffic is addressed to. The gateway will know that the user is receiving traffic, but it will not know whether that traffic is intended for the user or whether the user is simply acting as a reflector. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Therefore, two users could communicate through a RemailerNet network with ALL nodes [gateways] compromised, and still be secure against most forms of attack. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Jim Dixon [sorry about the delay in answering this posting. It is dated 7 Aug but I received it 10 Aug] From bshantz at spry.com Wed Aug 10 08:14:45 1994 From: bshantz at spry.com (Brad Shantz) Date: Wed, 10 Aug 94 08:14:45 PDT Subject: GAK? Message-ID: <9408101513.AA07188@homer.spry.com> Forgive me for asking a naive question, but what exactly is GAK? I have seen it mentioned on the list several times in the last few days and don't recognize it. Brad From paul at hawksbill.sprintmrn.com Wed Aug 10 08:32:17 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Wed, 10 Aug 94 08:32:17 PDT Subject: GAK? In-Reply-To: <9408101513.AA07188@homer.spry.com> Message-ID: <9408101635.AA06912@hawksbill.sprintmrn.com> > > Forgive me for asking a naive question, but what exactly is GAK? I have seen > it mentioned on the list several times in the last few days and don't > recognize it. > It's a cypherpunk' coined acronym for "Government Access to Keys;" a parody on the possibility of SKE (Software Key Encryption). - paul From cme at tis.com Wed Aug 10 08:42:33 1994 From: cme at tis.com (Carl Ellison) Date: Wed, 10 Aug 94 08:42:33 PDT Subject: GAK? In-Reply-To: <9408101513.AA07188@homer.spry.com> Message-ID: <9408101541.AA26975@tis.com> >Date: Wed, 10 Aug 94 08:13:24 PDT >From: bshantz at spry.com (Brad Shantz) >Forgive me for asking a naive question, but what exactly is GAK? I have seen >it mentioned on the list several times in the last few days and don't >recognize it. It's my term. GAK = "Government Access to [Citizens'] Keys" I am offended at the gov't's use of the innocent sounding "Key Escrow" to describe GAK, so I am using GAK to refer to this practice. That term zooms in on the one important characteristic of what the gov't is trying to do here. "Key escrow", on the other hand, could be something very innocent -- an arrangement I set up with my lawyer and a bank, for example. - Carl From cme at tis.com Wed Aug 10 09:08:41 1994 From: cme at tis.com (Carl Ellison) Date: Wed, 10 Aug 94 09:08:41 PDT Subject: GAK? In-Reply-To: <9408101635.AA06912@hawksbill.sprintmrn.com> Message-ID: <9408101607.AA04019@tis.com> >From: paul at hawksbill.sprintmrn.com (Paul Ferguson) >Date: Wed, 10 Aug 1994 11:35:06 -0500 (EST) >It's a cypherpunk' coined acronym for "Government Access to Keys;" >a parody on the possibility of SKE (Software Key Encryption). Tim May keeps tying GAK to SKE, but I object to that. SKE is a small subset of "Key Escrow" (using the gov't's term for the moment) while GAK is a superset of "Key Escrow". IMHO, it is GAK we need to stay focussed on. SKE is a danger to track, but it's by no means the whole danger. - Carl From jdd at aiki.demon.co.uk Wed Aug 10 10:44:01 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 10:44:01 PDT Subject: The Terrorists are coming! Message-ID: <4899@aiki.demon.co.uk> In message <9408031132.ZM695 at simple.sydney.sgi.com> Ian Farquhar writes: > Out of curiousity, is anyone aware of whether the USSR employed PAL's > (Permissive Activation Links) in their strategic nuclear weaponary? If so, > is anyone aware of how secure the PAL's the Soviets actually used were? > There was a rumor on USENET some time back that the Soviets were using RSA > in their PAL's, but it sounded too much like an urban myth to me. According to recent press reports in the UK, when Soviet bombers were loaded with nuclear weapons, they were actually dummies (because the generals, etc, didn't trust the crews). This suggests that the Soviets did not have reliable safeguards on the bombs. Various arguments between the Ukraine and the USSR about ICBM warheads, also reported in the press, suggest that the safeguards on the warheads were reliable, because both parties seemed to agree that the Ukrainians couldn't set them off, although they are otherwise technically competent in dealing with the missiles. -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 10 10:44:19 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 10:44:19 PDT Subject: EDDB/RN Message-ID: <4901@aiki.demon.co.uk> In message <9408091536.AA22362 at ah.com> Eric Hughes writes: > However, there should be a use for persistent store, for a remote > encrypted database accessible anonymously. > > The real questions are "how big is the market?" and "how much revenue > is there in it?". > > Something like this doesn't get made reliable by volunteers. I think that the market is potentially large. > Ideally, the data is stored on a distributed data base, with some > redundancy in case one or more gateways go down > > Look in Schneier for secret sharing. We won't have a copy of Schneier here for three weeks or so. Can you elaborate? However, almost certainly, the crypto aspects would be relatively minor. Most of the work would be in building a reliable widely distributed data base accessible over the Internet. When I last looked at this sort of problem, it was very complex. -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 10 10:44:41 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 10:44:41 PDT Subject: Message-ID: <4903@aiki.demon.co.uk> In message <9408070032.AA17321 at ah.com> Eric Hughes writes: > One assumption here is that someone in one country can easily pay > someone in another country, and an automatic currency conversion can > take place. The prerequisites to happen generally for that are the > electronification of retail money in both jurisdictions and a > retail-level currency exchange system. None of this really exists > yet, although the first beginnings are here. Also, for anonymous > payment for such overseas services, anonymous transfer in at least one > of the two currencies is necessary. The last point is certainly not true. If user X communicates with service A (a gateway) in one country to purchase something from service B in another country, X can settle accounts with A anonymously (say in US$) and then A and B can settle accounts with one another (say in sterling) openly. In fact, few Europeans would object to simply trading in digital money denomenated in US dollars. No currency conversion is necessary. Many European companies have US dollar bank accounts because the banks charge so much money for conversion of currencies. -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 10 10:45:26 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 10:45:26 PDT Subject: RemailerNet v0.2 Message-ID: <4905@aiki.demon.co.uk> In message <199408090347.UAA24150 at jobe.shell.portal.com> Hal writes: > What is the goal of the RN as far as defeating traffic analysis? Is it > just to get messages from one "gateway" to another? Or is there also > a desire to prevent traffic analysis from one non-gateway end user to > another? The goal is to completely defeat traffic analysis, while allowing the user the freedom to make use of the system through ordinary email. If email is used, the risk taken by that user goes up, but without reducing the security of other users. > What are the allowed capabilities of the opponent? Can he watch all of > the links? Can he subvert some gateways? In the real world, it would be very difficult to watch all of the links but fairly easy to subvery some gateways to some extent. However, as I have argued elsewhere, I think that all of the central gateways could be compromised and it would make no difference, so long as the number of users was reasonably large and so long as all of the users used gateways. From the opponent's point of view, the problem is that he cannot tell whether there is any traffic at all. Everyone could be whiling away a hot summer afternoon sending noise. The only attack would be to destroy or modify the incoming traffic. If there are any gateways functioning correctly, RN software should detect the damaged packets and route around the gateways that don't work right. This is exactly what the Internet does. > Does every user expose the source and destination information of his > messages to the initial gateway? What other information is sent by the > user to the RN? A user sending encrypted messages via email reveals his source address. He should encrypt his message. The message can be to a 'far' gateway which then remails it; in this case the 'near' gateway does not know the destination address. Messages can be nested to an arbitrary depth. If a user is using a gateway, the other gateways know that the message originated at the gateway, but they cannot tell whether that is the true source of the message. If the destination is another gateway, the other gateways do not know whether that is the true destination. > Are there any limitations on the information which spreads through the > RN? E.g. are gateways allowed to send source/dest information > along with the messages? If the message is to be acknowledged back to the source, the source gateway must be able to receive the acknowledgement. This creates a trail of pointers through the network back to the source. Only the final gateway, which reassembles the message, knows the ultimate destination. > Here are some questions related to Jim's specific points: > > >1.6 the order of dispatch of packets is randomized > For 1.5 you defined what randomized means. What does it mean here? Each gateway must dispatch a certain number of packets. There are a certain number of slots to be filled and a certain number of packets queued for dispatch. Packets are assigned an output slot (that is, they are delayed for a certain amount of "time") according to some sort of probabilistic distribution function. Empty slots are filled with noise packets. Inter-gateway administrative traffic is queued just like any other packet. If a gateway is always connected to the internet, packets can be dispatched at more or less equal intervals (measured in seconds) or they can be batched. > >1.7 on average, all gateways are required to send and receive the same > > number of packets per unit of chronological time > Do you mean that all gateways send the same number of packets per time > all the time? E.g. all gateways send 100 packets per hour all the time Yes, on average, as qualified by 1.8 and 1.9. > >1.8 the dispatch randomization function adjusts the average latency > > and the distribution of latencies so that the preceding commitment > > is met, introducing noise packets as required > This could be accomplished by adding no latency at all during times when > the incoming traffic load happens to equal the desired internal traffic > level. But presumably some latency is actually used to provide reordering. > What rule would determine how much latency would be used in that case? Assume that there are only two links, one in and one out. Packets will be coming in at a more or less fixed rate. Some will be consumed locally, either because they are being used to build messages or because they are noise. So per unit time N come in and C are consumed, on average. The remaining (N-C) packets are available for dispatch. In the same time interval, G packets are generated locally. So a total of N-C+G packets are to be dispatched. The system uses a random number generator to assign a packet a dispatch time slot when it becomes ready. When the clock ticks, the next packet in the queue is dispatched. If there is no next packet, a noise packet is dispatched. The system knows how long the output queue is. If the length of the queue is increasing, the rate at which packets are dispatched will be increased. [I have used the term "latency" here to be provocative.] > >1.10 gateways are required to exchange the same number of packets in > > any session > What is a session? Do you mean, during every session exactly (say) 1000 > packets will be exchanged, or do you mean, during any session the > number of packets exchanged by each gateway will equal the number ex- > changed by every other gateway (but this number may vary from session to > session)? If your gateway connects by dial-up, then the length of time that you are connected to RN is the session time. There must be some handshaking at the beginning of the session and at the end. For machines that are always on line, a session lasts from one breakdown in inter-machine connections to the next. If two machines A and B are connected, then if A sends B 100 packets per unit time, B must send A 100 packets. > >2.4 message delivery is reliable, in the sense that the destination > > gateway will report delivery of incomplete or damaged messages > > to the gateway > To which gateway? The source gateway? To the gateway which packetized the message, the source gateway. Assuming that 'MIRVing' of messages is permitted, the second message in a group could be an acknowledgement back to the originator. > >4.2 where gateways are operated by users, the requirement that gateways > > should exchange the same number of packets per unit time would be > > weakened in some as yet unspecified way > Why do this? I think that you must allow for the possibility that the gateways carry very heavy traffic, say a T1 load (about 1.5Mbit/s). Then if a user's machine was talking down a 14.4Kb/s line, allowing the user to connect would effectively stop the network. There must be some provision for inequality in traffic rates along different links. > >5.1 in either case, users may have accounts with gateways and may be > > charged for usage > What gateways would be in a position to charge users? Only the source > gateway? The destination gateway? Others in between? I assume that in a commercial network, the gateways have accounts with one another that are settled periodically. Essentially they charge each other for non-noise incoming packets at some agreed rate and then pay the accumulated difference every so often. Users should pay the gateway which fragments a message. The charge should be proportional to the size of the message in packets. If messages are nested, you need to include postage. This requires anonymous ecash. > >6.0 RN gateway software should be available only from trusted sites by FTP > What are you trying to prevent by this, and what would happen if someone > wrote his own version of the RN software? I am trying to prevent the inevitable. Weaken this requirement, eliminating the word 'only'. Publish the specs as well, and then say "RN gateway specs should also be available from trusted sites..." > >7.1 established gateways would be encouraged to rate new gateways > What kind of information would be available to them to create the ratings? Gossip, rumors, route announcements and 'hello, here I am' messages from the operators of the new gateways, experience in RN data communications with them, reports from commercial credit agencies, ... whatever information they could lay their hands on. The technical information would be published in some standard format, for example a matrix of claimed lost message rates. -- Jim Dixon From frissell at panix.com Wed Aug 10 11:10:18 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 10 Aug 94 11:10:18 PDT Subject: e$ Message-ID: <199408101809.AA27221@panix.com> At 01:51 PM 8/9/94 -0400, Perry E. Metzger wrote: > >> > Yes it does. Bearer bonds are illegal in the US. >If the check is written to "cash" and is used to avoid federal >transfer reporting requirements, it is CURRENTLY illegal. I suspect >that checks made out to "cash" would be illegal in all cases if they >were widely used to avoid reporting requirements. > >Perry > Bearer bonds are not illegal in the US. Under the Tax Equity and Fiscal Responsibility Act of 1982 (TEFRA), any interest payments made on *new* issues of domestic bearer bonds are not deductible as an ordinary and necessary business expense so none have been issued since then. At the same time, the Feds administratively stopped issuing treasury securities in bearer form. Old issues of government and corporate debt in bearer form still exist and will exist and trade for 30 or more years after 1982. Additionally, US residents can legally buy foreign bearer securities. DCF "Who promises the Black Caucus that if they will help kill the Crime Bill, he will support affirmative action in executions -- starting with the White Guys responsible for the Waco Massacre." From jdd at aiki.demon.co.uk Wed Aug 10 11:16:55 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 11:16:55 PDT Subject: e$ Message-ID: <4932@aiki.demon.co.uk> In message <9408101407.AA24943 at ah.com> Eric Hughes writes: > When you fly into the US, you must fill out a customs declaration. > You are required to declare money in various forms (cash, checks, > etc) > > What they ask for and what is required by law are two different > things. It's not generally illegal to allow people to volunteer > information that increases the power of the state. As I recall, you are not asked to volunteer information, you are required to provide it, and the form specifies penalties if you do not. But I will have someone who is going to the States in the next week or two get me a copy of the form. -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 10 11:17:10 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 11:17:10 PDT Subject: e$ Message-ID: <4934@aiki.demon.co.uk> In message <9408101428.AA26732 at snark.imsi.com> perry at imsi.com writes: > > My point is that checks made out to cash are not regarded as an > > alternative currency. > > My point is that the government doesn't give a flying fuck. They are > simply trying to stop you from playing games. The law isn't like > geometry -- there aren't axioms and rules for deriving one thing from > another. The general principle is that they want to track all your > transactions, and if you make it difficult they will either use > existing law to jail you, or will produce a new law to try to do the > same. On what experience or observation do you base these rather extreme remarks? > Your hair spliting is really completely irrelevant. If you are saying that any form of legal argument is irrelevant to the issues being discussed, then you are simply wrong. The government is staffed by a population which has more or less the same distribution of attributes as the rest of the population of the US, except that, probably they are on average somewhat better educated, somewhat more intelligent, somewhat, generally, more middle class. There are thugs working for the government who will speak and reason much as you do. There are also many reasonable and intelligent people. And there are real, genuine lawyers who understand precisely what they are doing and are moved by legal arguments. Demonization of the government is simply silly, as is dismissing all logical argument. -- Jim Dixon From jrochkin at cs.oberlin.edu Wed Aug 10 11:19:37 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 10 Aug 94 11:19:37 PDT Subject: future existence of free remailers? Message-ID: <199408101819.OAA23594@cs.oberlin.edu> People often like to postulate on the list that eventually there won't be any more of these philantropic free remailers, and people will be charging small amounts for every remailed message, to make some money off it. I've thought of a pretty good reason why this might not ever happen. Hal Finney (or maybe it was Jim Dixon. Probably both) recently realizd and revealed to us that if one operates a remailer oneself, you effectively hide your identity from even the _first_ remailer on your chain, because it doesn't know if the mesage is in fact from _you_, or from someone using your remailer. In practice, simply having some remailer software running that no one other then you uses wont' work. You've got to have a busy remailer running with lots of traffic coming in as well as going out. This means that if someone wants to send secure anonymous mail using remailers, it's in his best interest to operate a remailer himself, and to try and get as many people to use it as possible. So philanthropy or profit aren' the only reasons to run a remailer; one's primary reason might be to ensure oneself anonymity. You could try to get some profit out of it too, but the more people who use your remailer, the better for you, so it's in your interest to make it free so many people will use it. This motivation could provide us with lots of free remailers for years to come. Maybe. It's an interesting thing to think about, anyhow. From pstemari at bismark.cbis.com Wed Aug 10 11:28:44 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Wed, 10 Aug 94 11:28:44 PDT Subject: soda.csua.berkeley.edu Message-ID: <9408101828.AA24965@focis.sda.cbis.COM> Does anyone know what the status of soda.csua.berkeley.edu is? Neither soda.csua.berkeley.edu or soda.berkeley.edu seems to be accepting anon ftp connections today. --Paul From perry at imsi.com Wed Aug 10 12:02:19 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 10 Aug 94 12:02:19 PDT Subject: e$ In-Reply-To: <4933@aiki.demon.co.uk> Message-ID: <9408101902.AA27154@snark.imsi.com> Jim Dixon says: > In message <9408101428.AA26732 at snark.imsi.com> perry at imsi.com writes: > > They are simply trying to stop you from playing games. The law > > isn't like geometry -- there aren't axioms and rules for deriving > > one thing from another. The general principle is that they want to > > track all your transactions, and if you make it difficult they > > will either use existing law to jail you, or will produce a new > > law to try to do the same. > > On what experience or observation do you base these rather extreme > remarks? Plonk. .pm From prig0011 at gold.tc.umn.edu Wed Aug 10 12:11:54 1994 From: prig0011 at gold.tc.umn.edu (prig0011 at gold.tc.umn.edu) Date: Wed, 10 Aug 94 12:11:54 PDT Subject: e$ In-Reply-To: <199408101809.AA27221@panix.com> Message-ID: <0012e492668a27630@gold.tc.umn.edu> According to legend, Duncan Frissell said: > > Bearer bonds are not illegal in the US. > > Under the Tax Equity and Fiscal Responsibility Act of 1982 (TEFRA), any > interest payments made on *new* issues of domestic bearer bonds are not > deductible as an ordinary and necessary business expense so none have been > issued since then. At the same time, the Feds administratively stopped > issuing treasury securities in bearer form. Old issues of government and > corporate debt in bearer form still exist and will exist and trade for 30 or > more years after 1982. Additionally, US residents can legally buy foreign > bearer securities. The last US Bearer Bond issues mature in 1997. I also believe that to collect interest, and to redeem the bond at maturity, you must give your name and tax-id number to the paying agent. (I can check with the department here that handles it if anyone is interested in the pertinent OCC regs that apply) From adam at bwh.harvard.edu Wed Aug 10 12:22:15 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 10 Aug 94 12:22:15 PDT Subject: soda.csua.berkeley.edu In-Reply-To: <9408101828.AA24965@focis.sda.cbis.COM> Message-ID: <199408101917.PAA02571@james.bwh.harvard.edu> My understanding is that the CS dept at Berkeley is moving to a new building, which means many of their machines are down for a while. Adam | Does anyone know what the status of soda.csua.berkeley.edu is? | Neither soda.csua.berkeley.edu or soda.berkeley.edu seems to be | accepting anon ftp connections today. | | --Paul | -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From tcmay at netcom.com Wed Aug 10 12:22:40 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 10 Aug 94 12:22:40 PDT Subject: future existence of free remailers? In-Reply-To: <199408101819.OAA23594@cs.oberlin.edu> Message-ID: <199408101922.MAA05685@netcom14.netcom.com> > People often like to postulate on the list that eventually there won't > be any more of these philantropic free remailers, and people will be charging > small amounts for every remailed message, to make some money off it. > > I've thought of a pretty good reason why this might not ever happen. > Hal Finney (or maybe it was Jim Dixon. Probably both) recently realizd I think this was me, or at least I've advocated that many people become "first class citizens" be being remailers themselves. There are thus no "sources" or "sinks" of messages...any Federales who pound on your door can be told "Oh, but I was just _remailing_ that message you traced to me." > and revealed to us that if one operates a remailer oneself, you effectively > hide your identity from even the _first_ remailer on your chain, because > it doesn't know if the mesage is in fact from _you_, or from someone using > your remailer. In practice, simply having some remailer software running > that no one other then you uses wont' work. You've got to have a busy > remailer running with lots of traffic coming in as well as going out. > > This means that if someone wants to send secure anonymous mail using remailers, > it's in his best interest to operate a remailer himself, and to try > and get as many people to use it as possible. So philanthropy or profit > aren' the only reasons to run a remailer; one's primary reason might be > to ensure oneself anonymity. You could try to get some profit out of it too, > but the more people who use your remailer, the better for you, so it's in your > interest to make it free so many people will use it. This motivation could > provide us with lots of free remailers for years to come. Maybe. It's > an interesting thing to think about, anyhow. This ubiquitousness is why I advocate "Mom and Pop" remailers, including "Remailer-in-a-box" easy-to-install packages. (Apologies to the "Internet-in-a-box" folks.) Whether remailing services are free or not is not for us to decide--the market will eventually evolve prices, strategies, etc. I don't mean anything "academic" here, I mean simply that various people will set their own policies. As long as we don't try to force people to charge, or not charge, then all of them can compete. Maybe some free remailers will exist (as many "free" things exist now, including remailers), and maybe many people will pay a bit extra for "businesslike" remailers. Who can say? All as it should be. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From frissell at panix.com Wed Aug 10 12:46:17 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 10 Aug 94 12:46:17 PDT Subject: e$ Message-ID: <199408101945.AA23597@panix.com> At 06:53 PM 8/10/94 GMT, jdd at aiki.demon.co.uk wrote: >> What they ask for and what is required by law are two different >> things. It's not generally illegal to allow people to volunteer >> information that increases the power of the state. > >As I recall, you are not asked to volunteer information, you are >required to provide it, and the form specifies penalties if you do >not. The instructions on the back of the "Landing Card" given to travelers entering the US *are* deceptive. The law on reporting the import/export of currency requires that anyone who imports or exports more than $10,000 in "currency or monetary instruments" has to file a report with the Feds. "Currency" is currency. "Monetary instruments" are monetary instruments in bearer form such that their value can be transfered to *any* other person just by handing them over. Examples include: 1) Checks or other drafts made payable to 'cash' or 'bearer'. 2) Checks endorsed by the payee without restriction (that means just signed on the back.) 3) Blank travelers checks. 4) Double signed travelers checks. These are all "cash substitutes." Checks made payable to a specific party (Bank of Butterfield, Bermuda for example); travelers checks with just your single signature on them; $100,000,000 SWIFT wires from Citicorp in NYC to Swiss Bank Corp, Panama City, Panama need *not* be reported. The instructions on the back of the Landing Card, however, mention checks and travelers checks in such a way that they unwary might think that they have to file reports on their travelers checks they are carrying along or on the $50,000 that they just wired to Switzerland. The Feds are trying to get banks to report wire transfers but the banks are resisting. Just a note further on the discussion about checks made payable to 'cash'. These are no different than checks endorsed by the payee without restriction (signed on the back). Every time you just endorse a check, you have converted it into a bearer instrument. Perfectly legal. Note too that there are currently no restrictions on the use of cash in transactions or the transfer of unlimited amouts of cash into and out of the country. There are reporting requirements and if the cash represents 'unlawful proceeds' money laundering laws may apply. The acts themselves are legal though. DCF "A 'violent fanatic' who opposes the Health Security Act." From jito at netcom.com Wed Aug 10 12:59:37 1994 From: jito at netcom.com (Joichi Ito) Date: Wed, 10 Aug 94 12:59:37 PDT Subject: future existence of free remailers? Message-ID: <9408101956.AA04136@portola.com> >I think this was me, or at least I've advocated that many people >become "first class citizens" be being remailers themselves. There are >thus no "sources" or "sinks" of messages...any Federales who pound on >your door can be told "Oh, but I was just _remailing_ that message you >traced to me." > Please excuse me if this has already been discussed... but... What about the trend of busting the sysops of bbs'? The recent Fidonet bust in Italy seems to support this trend. It sounds to me like any remailers remailing illegal stuff may get caught in the dragnet. No? - Joi -- true name: closest email address: closest fax number: <+81-3-5454-7218> current physical location: travel path: mosaic home page: http://www.eccosys.com/ -- finger jito at netcom.com for PGP Public Key, RIPEM Public Key -- Things are more like they used to be than they are now. From perry at imsi.com Wed Aug 10 13:11:11 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 10 Aug 94 13:11:11 PDT Subject: broadcast encryption In-Reply-To: <4942@aiki.demon.co.uk> Message-ID: <9408102010.AA27273@snark.imsi.com> If you misspell things, they generally don't work. .pm Jim Dixon says: > In message <9408101422.AA26709 at snark.imsi.com> perry at imsi.com writes: > > Read the drafts, show up at IETF meetings, and subscribe to the > > working group mailing lists. (The list subscribe address is > > ipsec-request at ans.net;... > > > > ===== transcript follows ===== > > > > While talking to ans.net: > > >>> RCPT TO: > > <<< 550 ... Invalid recipient - Not registered > > >>> DATA > > <<< 503 Need valid RCPT (recipient) > > > > ===== Unsent message follows ==== > > Date: Wed, 10 Aug 94 19:08:45 GMT > > From: jdd at aiki.demon.co.uk (Jim Dixon) > ... etc ... > > -- > Jim Dixon > +-----------------------------------+--------------------------------------+ > | Jim Dixon | Compuserve: 100114,1027 | > |AIKI Parallel Systems Ltd + parallel processing hardware & software design| > | voice +44 272 291 316 | fax +44 272 272 015 | > +-----------------------------------+--------------------------------------+ From rfb at lehman.com Wed Aug 10 13:47:18 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 10 Aug 94 13:47:18 PDT Subject: tyranny In-Reply-To: <9408091518.AA22320@ah.com> Message-ID: <9408102045.AA09244@fnord.lehman.com> Date: Tue, 9 Aug 94 08:18:56 -0700 From: Eric Hughes Steal this line: "The black budget is taxation without representation." So is living in New Jersey and working in NYC :-) In general, there's *lots* of taxation without representation. Just consider sales tax for starters . . . . Rick From rfb at lehman.com Wed Aug 10 14:26:41 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 10 Aug 94 14:26:41 PDT Subject: e$ In-Reply-To: <9408101428.AA26732@snark.imsi.com> Message-ID: <9408102125.AA09600@fnord.lehman.com> Date: Wed, 10 Aug 1994 10:28:48 -0400 From: "Perry E. Metzger" Jim Dixon says: > Precisely what do you mean by "is used to avoid federal transfer reporting > requirements" ? If you say that it is illegal, can you direct us to or > quote the relevant statute? I don't care to. It is widely known and understood that structuring transactions to avoid the $10,000 and over transaction reporting requirements is a felonly. Go and find out why on your own. A good starting place would be the hermes project (aka courts.usa.federal.supreme). There is (was?) an archive at hermes.cwru.edu. There was a case decided within the last year involving a payment restructuring. At issue was whether the restructuring took place with the *intent* to avoid the reporting requirements. This is completely off-the-top-of-my-head. I'm not going to do any actual research on this. Another place would be the local branch office of your bank. I believe that the reporting requirement has been at $3000 for a number of years. Rick From hughes at ah.com Wed Aug 10 15:59:57 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Aug 94 15:59:57 PDT Subject: ANNOUNCE: August Bay Area physical meeting is CANCELLED Message-ID: <9408102225.AA25786@ah.com> ANNOUNCEMENT ============ What: nothing When: would have been Saturday, August 13 Why: summer doldrums So I'm going to be out of town, and one of our main speakers cancelled, and our host at SGI would just as soon have the day off, and so, hey, we're cancelling for Saturday. That means you can stay up until all hours on Friday and watch the Perseids. Cool. Eric From hughes at ah.com Wed Aug 10 16:50:07 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Aug 94 16:50:07 PDT Subject: e$ In-Reply-To: <199408101945.AA23597@panix.com> Message-ID: <9408102322.AA25919@ah.com> These are no different than checks endorsed by the payee without restriction (signed on the back). Every time you just endorse a check, you have converted it into a bearer instrument. Perfectly legal. Just so folks don't misunderstand Duncan, the conversion to a bearer instrument only occurs with a blank endorsement (blank, or Pay to Bearer), not with a special endorsement (Pay To or Pay To The Order Of somebody else). And for minor terminology nits, an unrestricted endorsement is different. A restricted endorsement are words like "for deposit only" or "pay any bank". And these two categories are different from qualified endorsements, which affect liability. Eric From hughes at ah.com Wed Aug 10 16:52:51 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Aug 94 16:52:51 PDT Subject: anonymous settlement In-Reply-To: <4902@aiki.demon.co.uk> Message-ID: <9408102324.AA25933@ah.com> > Also, for anonymous > payment for such overseas services, anonymous transfer in at least one > of the two currencies is necessary. The last point is certainly not true. If user X communicates with service A (a gateway) in one country to purchase something from service B in another country, X can settle accounts with A anonymously (say in US$) and then A and B can settle accounts with one another (say in sterling) openly. May I point out that that in your example that X and A are performing an anonymous transfer in dollars, which is one of the two currencies? Eric From hughes at ah.com Wed Aug 10 16:53:45 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Aug 94 16:53:45 PDT Subject: EDDB/RN In-Reply-To: <4900@aiki.demon.co.uk> Message-ID: <9408102325.AA25945@ah.com> We won't have a copy of Schneier here for three weeks or so. Can you elaborate? I can, but I won't. Have patience, and wait for the book to arrive. Eric From tcmay at netcom.com Wed Aug 10 18:00:10 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 10 Aug 94 18:00:10 PDT Subject: future existence of free remailers? In-Reply-To: <9408101956.AA04136@portola.com> Message-ID: <199408110059.RAA23931@netcom16.netcom.com> Joichi-san writes: > Please excuse me if this has already been discussed... but... What about > the trend of busting the sysops of bbs'? The recent Fidonet bust in Italy > seems to support this trend. It sounds to me like any remailers remailing > illegal stuff may get caught in the dragnet. > > No? With nested encryption through the Labyrinth (first the Net, then the Web, now the Labyrinth?), only the last remailer who remails to a site that is under observation or is a sting site (common in Memphis) is vulnerable. And even that last remailer may be able to claim ignorance (and win in court) if he can show that what he mailed was unreadable to him, i.e., encrypted to the recipient. (This is another reason I favor a goal of "everyone a remailer.") With canonical remailers, and no logging, earlier remailers should be safe. By the way, welcome Joichi (your first post to the list, that I can recall). --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Wed Aug 10 18:46:20 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 10 Aug 94 18:46:20 PDT Subject: (fwd) I won't be renewing my EFF membership Message-ID: <199408110145.SAA29134@netcom16.netcom.com> Someone commented earlier on the lack of outrage that the EFF has "sold us out" on the Digital Telephony Bill. Well, I posted this message to the comp.org.eff.talk news group. --Tim Newsgroups: comp.org.eff.talk From: tcmay at netcom.com (Timothy C. May) Subject: I won't be renewing my EFF membership Message-ID: Date: Thu, 11 Aug 1994 01:24:27 GMT I'm not especially pleased to be saying that I won't be renewing my membership in the EFF when the time comes, later this year. The involvement of the EFF in the drafting of the new Digital Telephony Bill is the proximate case, though I can't say I was ever too happy with the EFF's position on the National Information Infrastructure. I'm sure the argument is that "things would have been worse" had the EFF not helped Congress, but I just have never seen the wisdom of helping your hangman tie a better knot. Call me a rejectionist if you will. No compromises. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From lcottrell at popmail.ucsd.edu Wed Aug 10 18:53:26 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Wed, 10 Aug 94 18:53:26 PDT Subject: RemailerNet Message-ID: <199408110153.SAA15769@ucsd.edu> -----BEGIN PGP SIGNED MESSAGE----- Quoth Jonathan Rochkind : >Part of our disagreement/misunderstanding might be in differing >conceptions of the form the remailer net should take. > >> There should be two anonymous IDs, one for sending, one for >> receiving. > >You seem to be talking about a Julf-style anon system, where the system >knows who you really are. If the system is corrupt, if Julf were an >NSA agent, then the entire system is compromised and useless. >I like the cypherpunks remailer concept better, where each link in the chain >only knows the next link in the chain, and security is achieved by >multiple links. If several of the links are actually NSA agents, your security >is reduced, but not compromised completely. If you've got a chain of, say >10 links, even if 7 of them are evil NSA agents, you still can probably retain >your anonymity. Return addresses are accomplished by encrypted >"resend-to:" blocks. It seems much preferable to have a system where it >isn't neccesary to trust any one net entity completely, as it is in a >Julf-style anon-ID system. [Of course one could use a combination of both >in communications too, but I wouldn't feel safe unless my anonimity was >safe even if the Finish FBI raided Julf's site.] > I have been worrying a lot about these anonymous return addresses. They seem very vulnerable to attack. Say I post a message through remailers to Cypherpunks giving one of these reply blocks. The TLA need only send a flood of known size messages to this address, and look to see where the pop out of the net of remailers. Even if all messages were quantized and only reconstructed by the final recipient, the TLA could send timed bursts of messages which (even with reordering) would allow a statistical determination of the recipient. I think that the solution to this is some sort of hold and forward on demand system. An anon ID would be posted to Cypherpunks, and that account ID with a key, sent to the message holder. One would then request for a certain number of messages or number of kilobytes of messages to be sent to the address specified by the old sort of remailer block. This message would be signed by the key, and could indicate remailing to anywhere, even to another hold and forward location. This prevents the TLA from sending many messages to the final destination in such a way that they could be used for traffic analysis. Thoughts? -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkmSPVVkk3dax7hlAQGElQP7B14ChmebN2iEBRidpDFm1qrzbDRSE/Eh WGdcNwhn5wThxCKVaY6OjAgs61xMQPk7XGwO8MjJdZOAXCm9Mqos7wVEFaz5UqUV 7nnOcTHrCdCQcPULFt6mpjAug1KYtkFx+2NXa6PBzNTxkZ9Svh6Hk6mii/5p+dLH tEW3uihAERo= =tSI9 -----END PGP SIGNATURE----- -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From cjl at welchlink.welch.jhu.edu Wed Aug 10 19:23:24 1994 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Wed, 10 Aug 94 19:23:24 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) In-Reply-To: <199408110136.SAA14487@ucsd.edu> Message-ID: On Wed, 10 Aug 1994, Lance Cottrell wrote: > > > I remember seeing some scripts for creating multi-hop remailer chains. > All that is needed is that these accept a standard format file listing > remailers. This would be distributed by the designated remailer pingers at > regular intervals, and could simply be dropped in the same directory with > the script. This file could even contain the ID if the remailers key and > what options is supports (since they are not yet standardized). Chain is one such DOS program for chaining remailers [available on a c-punx site near you :-)]. It needs to be fed a file called chain.ini which is just a list of remailers with stars in front of the PGP-capable ones. I was grepping Matt Ghio's automagical remailer list and just editing it down to the list of remailers (and adding stars) after putting the public keys on my keychain. I very much appreciate the service he has been providing. Thanx Matt. C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From Richard.Johnson at Colorado.EDU Wed Aug 10 19:36:48 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Wed, 10 Aug 94 19:36:48 PDT Subject: Speed of Curve Encrypt (Macintosh IDEA file encryption) Message-ID: <199408110231.UAA14327@spot.Colorado.EDU> -----BEGIN PGP SIGNED MESSAGE----- How fast is Curve Encrypt 1.1? Here are times to encrypt and DOD Wipe a 685,557 byte file on various Macintoshes (System 7.1, booted with extensions off). Disk speed is the driver for wiping encrypted files, of course. A fast non-fragmented disk can also shave a percent or two off of encryption times (I used the fastest disk on each Mac for my tests). Otherwise, the faster your CPU, the better. Native code on PowerMacs really blazes, even on my crude development port to PowerPC. Version 1.2 of Curve Encrypt will be buildable for PowerMacs (at least using the Metrowerks compiler). Be patient, for it is coming soon to an export-controlled, Free-World-prohibited ftp site near you. Rich Machine & Disk Compiler Times (Averages over 5 encrypt operations) ------------ ------ Encrypt or Decrypt Encrypt & DOD Wipe PowerMac 8100/80 ---------------- ---------------- Quantum LPS270S Metrowerks 68k 17 23 Think C 7 (&5) 16 22 Metrowerks PPC 5 11 PowerMac 7100/66 Quantum LPS270S Metrowerks 68k 22 29 Think C 7 (&5) 20 27 Metrowerks PPC 6 13 Quadra 840AV Seagate ST11200N Metrowerks 68k 11 17 Think C 7 (&5) 10 16 Quadra 950 Seagate ST11200N Metrowerks 68k 12 18 Think C 7 (&5) 11 17 Quadra 700 Seagate ST11200N Metrowerks 68k 12 17 Think C 7 (&5) 13 18 IIfx Hitachi DK515C Metrowerks 68k 20 27 Think C 7 (&5) 21 28 Original (Think C 5) executable size: 63,454 bytes Think C 7 executable size: 63,378 bytes Metrowerks 68K executable size: 70,600 bytes Metrowerks PPC executable size: 86,978 bytes Compiler notes: The Think C 7.0.3 was upgraded from version 6 via the patches on umich and sumex-aim archives. (I'm still pissed about Symantec's $100-too-high pricing on an "upgrade" to a broken product, and won't buy a completely new copy again like I stupidly did for version 6. In fact, the only thing that keeps me using Symantec stuff at all is CMaster 2.0, from Jersey Scientific. Ahem, sorry about the rant. But get CMaster. :-) The Think C 5.0.4 was my last stable version of THINK C. The Metrowerks 68k was 1.0.1, from the CW 3.5 release The Metrowerks PPC was 1.0.1, from the CW 3.5 release -----BEGIN PGP SIGNATURE----- Version: 2.3a-sterno-bait iQCVAgUBLklbZ/obez3wRbTBAQGG1gQAgdrFsSJUXMbfLKdQD71Jf53JwstruOiu GFvhgDMoV09nKulKBx0UqGujNerP6p4P9mlW8vm4VA0XGIs8Ti/+gWO3oiZKLJ/O m8uVUCc5/bQcn70P5SMLNePn2piq2xTXNSgUNT+xM8u83861osuojU3hvT8OIuUW 9ObvoF2OF+w= =+Zd5 -----END PGP SIGNATURE----- From Banisar at epic.org Wed Aug 10 20:03:31 1994 From: Banisar at epic.org (David Banisar) Date: Wed, 10 Aug 94 20:03:31 PDT Subject: Privacy International Conference: Sept 9 - The Hague Message-ID: <9408102303.AA50414@Hacker2.cpsr.digex.net> CONFERENCE ANNOUNCEMENT ---------------------------- TECHNOLOGIES OF SURVEILLANCE TECHNOLOGIES OF PROTECTION -------------------------- Sponsored by Privacy International The University of Eindhoven The Electronic Privacy Information Center Friday,September 9, 1994 Nieuws Poort International Press Centre The Hague, The Netherlands The conference will bring together experts in law, privacy, human rights, telecommunications and technology to discuss new technological developments that affect personal privacy. The sessions will be interactive, starting with introductions to the subjects by leading experts, followed by questions and discussion led by the moderators. 8:45 Introduction Simon Davies, Chairman, Privacy International 9:00 Information Infrastructures Marc Rotenberg, Electronic Privacy Information Center (US) Stephanie Perrin, Industry Canada 10:00 Euopean Government Information Sharing Networks Jos Dumatier, professor of law and director of the Interdisciplinary Centre for Law and Information Technology (ICRI) at K.U.Leuven 11:00 Cryptography Policy David Banisar, Electronic Privacy Information Center Jan Smiths, University of Eindhoven 12:00 Lunch 1:00 Smart Cards and Anonymous Digital Transactions David Chaum, Digicash 2:00 Wrap up --------------------------------------------------------------------- Registration Fees [] Standard - 220 guilders ($120 US) [] Non-profit organisations/Educational - 75 guilders ($40 US) Information Name: ____________________________________________________________ Organization: ______________________________________________________ Address:_____________________________________________________________ ________________________________________________________________ Phone/Fax:___________________________________________________________ Electronic Mail: ____________________________________________________ Send registration to: Privacy International Washington Office Attn: Conference Registration 666 Pennsylvania Ave, SE, Suite 301 Washington, DC 20003 Make Check/Money Order in US Dollars out to Privacy International Space is limited, please contact us immediately if you wish to attend! For more information, contact: David Banisar 1+202-544-9240(voice) 1+202-547-5482(fax) banisar at epic.org (email) -- David Banisar (tc at EPIC.org) Electronic Privacy Information Center 666 Penn. Ave, SE Suite 301 Washington, DC 20003 202-544-9240 (v) 202-547-5482 (f) From ndw1 at columbia.edu Wed Aug 10 21:30:06 1994 From: ndw1 at columbia.edu (Nikolaos Daniel Willmore) Date: Wed, 10 Aug 94 21:30:06 PDT Subject: FWD: Cellular spoof? Not! Message-ID: <199408110429.AA17333@merhaba.cc.columbia.edu> clari.news.drugs (moderated) #575 [1] Comment: Subject mapped from all upper case From: C-reuters at clarinet.com (Reuters) Newsgroups: clari.local.florida,clari.news.drugs Distribution: clari.reuters [1] Phone Calls Lead to Cocaine Smugglers Copyright: 1994 by Reuters, R Date: Wed Aug 10 21:30:05 EDT 1994 Lines: 18 TAMPA, Fla (Reuter) - Authorities seized more than a ton of cocaine and arrested 11 people Wednesday, using information gleaned from the smugglers' cellular phone calls, a sheriff's spokesman said. The smugglers had tampered with the cellular phones to make it appear as if the calls were made from other telephone numbers. But U.S. Customs agents and local deputies eavesdropped on the conversations, using sophisticated technology to trace the calls to their true sources, said Jack Espinosa, spokesman for the Hillsborough County Sheriff's Office. The investigators learned the cocaine was being sent from Panama to Miami in a shipping container with false walls, then tracked the shipment to Tampa. They arrested 10 people in Tampa and one in Miami on racketeering and cocaine trafficking charges and seized the cocaine. It weighed in at 2,205 pounds, and is worth about $95 From hfinney at shell.portal.com Wed Aug 10 21:44:40 1994 From: hfinney at shell.portal.com (Hal Finney) Date: Wed, 10 Aug 94 21:44:40 PDT Subject: RemailerNet In-Reply-To: <199408110153.SAA15769@ucsd.edu> Message-ID: <199408110444.VAA20478@jobe.shell.portal.com> lcottrell at popmail.ucsd.edu (Lance Cottrell) writes: >Say I post a message through remailers to Cypherpunks giving one of these >reply blocks. The TLA need only send a flood of known size messages to this >address, and look to see where the pop out of the net of remailers. Even if >all messages were quantized and only reconstructed by the final recipient, the >TLA could send timed bursts of messages which (even with reordering) would >allow a statistical determination of the recipient. >I think that the solution to this is some sort of hold and forward on demand >system. An anon ID would be posted to Cypherpunks, and that account ID with >a key, sent to the message holder. One would then request for a certain number >of messages or number of kilobytes of messages to be sent to the address >specified by the old sort of remailer block. This message would be signed by the >key, and could indicate remailing to anywhere, even to another hold and forward >location. This prevents the TLA from sending many messages to the final >destination in such a way that they could be used for traffic analysis. This problem has long been recognized with anonymous reply blocks. Chaum, in his original 1981 CACM paper, suggested that anonymous reply blocks should be use-once in order to prevent variations on this attack. Of course, a use-once address is of limited usefulness. A problem with the maildrop idea is that the wiretappers can presumably follow the messages to the maildrop. Then the only question is whether they would be able to tell when your message came in and requested further forwarding of the collected messages. Maybe this could be done securely; I'm not sure. Other ideas have been proposed for this problem. Chaum suggested having a public area where messages for a group of people would arrive; everyone downloads all of them but can only read the ones for them. For this you would want a "stealthy" encryption envelope which did not give away any information about the recipient's ID. Miron Cuperman has been running such a "message pool" for over a year now. One problem with anonymous return addresses is that the address changes deterministicly as each layer is stripped off. This allows the message to be tracked by introducing copies with different bodies but the same ARA (which is why Chaum specified use-once). Eric Messick proposed a system in which the message bodies would be changed at each step by the remailers involved. I don't recall the details, but I think that in order to read the message the user had to send it back through those same re- mailers after receiving it, to undo the transformations which had been done on it. It was a complicated scheme and we really didn't spend enough time on it. I don't think anyone really trusts (or should trust) the ARA's we can make now with the remailer network. An ARA is a sitting duck, a tempting target for attacks. With an ordinary remailed message, by the time it arrives and someone is interested in tracking it, most of the needed infor- mation is (ideally) gone. With an ARA you are entrusting your deepest secret, your True Name, to a few layers of encryption with other people's keys. That is not a good feeling. I view easy-to-use, secure ARA's as an unsolved (and perhaps unsolvable) problem. Hal Finney hfinney at shell.portal.com From darklord+ at CMU.EDU Wed Aug 10 23:10:38 1994 From: darklord+ at CMU.EDU (Jeremiah A Blatz) Date: Wed, 10 Aug 94 23:10:38 PDT Subject: IDEA vs DES In-Reply-To: <199408080106.SAA01619@unix.ka9q.ampr.org> Message-ID: Excerpts from internet.cypherpunks: 7-Aug-94 IDEA vs DES by Phil Karn at unix.ka9q.ampr > Anybody know the speed of the integer multiply instruction on the > various PowerPC chips? Along with modular exponentiation and vocoders, > which also do a lot of multiplies, it looks like fast multiplication > is becoming rather important in secure communications. PowerPC integer performance is rather impressive, i.e. faster than Pentium by a bit. One craveat, tho, Apple says "No!" to programming in assembly, and I doubt that IBM is all this happy about it either. My guess is that MacOS is approaching the Unix "distribute source, 'cause you're gonna have to do lots of re-compiles" type of thing. Just a guess, though. Anyway, there is one assembly interpreter out for PowerMacs, I don't know about the IBM PowerPCs, though. Back to lurking, jer darklord at cmu.edu | "it's not a matter of rights / it's just a matter of war finger me for my | don't have a reason to fight / they never had one before" Geek Code and | -Ministry, "Hero" PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/ From tcmay at netcom.com Wed Aug 10 23:35:19 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 10 Aug 94 23:35:19 PDT Subject: IDEA vs DES In-Reply-To: Message-ID: <199408110635.XAA11903@netcom15.netcom.com> Jeremiah A Blatz writes: > PowerPC integer performance is rather impressive, i.e. faster than > Pentium by a bit. One craveat, tho, Apple says "No!" to programming in Actually, the reverse is true. Pentium integer performance (as measured in SPECints) is somewhat better than 601 PowerPC performance, MHz for Mhz. Thus, a 66 MHz Pentium has slightly better integer performance than a 66 MHz PowerPC. Not by much, but slightly. However, 90 MHz Pentium machines are now available in volume, even for under $2000, while PowerPC is not yet at this level. (Experimental Pentia running at 150 MHz have been shown..601s running at 120 MHz have been shown...and both Intel and IBM/Motorola/Apple have newer designs about to appear--the P6 and the 604.) Floating point is another story, with the PowerPC 601 significantly outperforming the Pentium. The exact numbers for all of these benchmarks are published and republished constantly, so I won't do so here. I happen to use Macs exclusively, but I worked for Intel for 12 years and still own their stock, so make of my comments what you will. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jito at netcom.com Wed Aug 10 23:56:40 1994 From: jito at netcom.com (Joichi Ito) Date: Wed, 10 Aug 94 23:56:40 PDT Subject: future existence of free remailers? Message-ID: <9408110653.AA05872@portola.com> At 5:59 PM 8/10/94 -0700, Timothy C. May wrote: >Joichi-san writes: > >> Please excuse me if this has already been discussed... but... What about >> the trend of busting the sysops of bbs'? The recent Fidonet bust in Italy >> seems to support this trend. It sounds to me like any remailers remailing >> illegal stuff may get caught in the dragnet. >> >> No? > >With nested encryption through the Labyrinth (first the Net, then the >Web, now the Labyrinth?), only the last remailer who remails to a site >that is under observation or is a sting site (common in Memphis) is >vulnerable. > >And even that last remailer may be able to claim ignorance (and win in >court) if he can show that what he mailed was unreadable to him, i.e., >encrypted to the recipient. (This is another reason I favor a goal of >"everyone a remailer.") > >With canonical remailers, and no logging, earlier remailers should be >safe. Interesting. So if the carrier is ignorant, they're off the hook? >By the way, welcome Joichi (your first post to the list, that I can >recall). Thanks for the welcome. I've been lurking, but hadn't had the opportunity to make any comments before, and it looks like this point wasn't much of a point anyway. :-) back to lurk mode. - Joi -- true name: closest email address: closest fax number: <+81-3-5454-7218> current physical location: travel path: mosaic home page: http://www.eccosys.com/ -- finger jito at netcom.com for PGP Public Key, RIPEM Public Key -- Things are more like they used to be than they are now. From tcmay at netcom.com Thu Aug 11 00:38:13 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 11 Aug 94 00:38:13 PDT Subject: Are Remailers Liable for What They Remail? In-Reply-To: <9408110653.AA05872@portola.com> Message-ID: <199408110736.AAA27319@netcom10.netcom.com> Joichi Ito writes: (quoting my post) > >And even that last remailer may be able to claim ignorance (and win in ^^^^^^^^^^^^^^^^^^^^ > >court) if he can show that what he mailed was unreadable to him, i.e., > >encrypted to the recipient. (This is another reason I favor a goal of > >"everyone a remailer.") > > > >With canonical remailers, and no logging, earlier remailers should be > >safe. > > Interesting. So if the carrier is ignorant, they're off the hook? Note my "may" above...none of this stuff has been tested in court. (Not even digital signatures have yet been tested.) Common carrier status--such as Federal Express has--has certainly not been granted to remailers. It seems plausible to me that most jurors would be sympathetic to a claim that a remailer was ignorant of what was being remailed. A bunch of bits is a bunch of bits. However, the actual crime may be the act of remailing itself. Not now, but maybe someday. (Speculation: Legislation will be passed that bans phone and packet remailers as being in contravention of the Digital Telephony Act. A "know your customers" clause may require ID for each packet. Lots of scenarios to consider.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From karn at qualcomm.com Thu Aug 11 00:45:22 1994 From: karn at qualcomm.com (Phil Karn) Date: Thu, 11 Aug 94 00:45:22 PDT Subject: IDEA vs DES In-Reply-To: <199408110635.XAA11903@netcom15.netcom.com> Message-ID: <199408110744.AAA20783@servo.qualcomm.com> I'm specifically interested in *fixed point* multiply and divide performance, since these operations appear to be crucial to IDEA and high quality speech coding, not to mention multiple precision modular exponentiation functions. My 486 reference shows 13-42 clocks for a 32x32 multiply and 40 clocks for a 64/32 divide. I've heard that the PowerPC can do a multiply-accumulate (the basic operation of a FIR digital filter) in one clock cycle, which qualifies it as a DSP chip in my mind. If true, then it may become possible to do high quality speech coding (essential for a secure phone) in software on a widely available general purpose computer instead of needing a high performance DSP subsystem that may be costly and/or less readily available. Here are some figures on my latest DES code. I'm placing it into the public domain; how do I go about putting it on soda.berkeley.edu? Measured execution speeds in crypts/sec: 11,488 (C version, 486DX-50, DOS, Borland C++ 3.1 -O2, 16-bit real mode) 39,185 (assembler version, same system) 62,814 (assembler version, 60 Mhz Pentium) 24,172 (C version, 486DX2-66, BSDI 1.1, GCC 1.42 -O, 32-bit prot mode) 64,185 (C version, 50 Mhz Sparc 10, GCC 2.5.8 -O) The C version is essentially identical to Outerbridge's code in Applied Cryptography, with a few extra tricks. The assembler version is the same thing rewritten in assembler, with numerous optimizations that were possible only in assembler. Anybody have a tool for translating Intel 486 assembler code to the Gnu assembler format? --Phil From frissell at panix.com Thu Aug 11 02:26:34 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 11 Aug 94 02:26:34 PDT Subject: e$ Message-ID: <199408110924.AA08662@panix.com> At 05:25 PM 8/10/94 -0400, Rick Busdiecker wrote: >I believe that the reporting requirement has been at $3000 for a >number of years. All businesses in the US have to report cash transactions of more than $10K. They have to keep records (but not report) on cash transactions of $3K or more. While the cash import/export rules require reporting only of "currency or monetary instruments" as I defined them in my last message, the domestic reports of cash transactions now include (in addition to currency and monetary instruments) the requirement to report $10K transactions involving cashier's checks, money orders and other instruments that can be purchased anonymously and are not connected with a specific bank account. This is a significant expansion of the definition of "cash". It may spread to the import/export realm later. DCF "There's no such thing as luck only adequate or inadequate preparation to cope with the statistical universe." From matsb at sos.sll.se Thu Aug 11 04:14:11 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Thu, 11 Aug 94 04:14:11 PDT Subject: DTB - grim for recreational spies In-Reply-To: <199408110145.SAA29134@netcom16.netcom.com> Message-ID: The Digital Telephony Bill states up to 15 years in jail for unauthorized tapping of wireless telephony. It seems that the EFF puts this on the plus side, as an example of the enhanced rights to privacy in the Bill. I have a problem with this approach. In presence of strong crypto, would even alligator clipping have to be outlawed? (Hidden microphones and other intrusions inside your estate is obviously another matter.) The present state of affairs in many countries (including .se), that the Ether is free to listen to and with no restrictions as to what electronic devices (possibly except for weaponry) a free citizen can construct, seems fair to me. Want privacy in the all-surrounding electromagnetic spectrum? Use crypto. If an enterprise expects money for the use of their airwaves they will have to outsmart the pirates. Here they recently outlawed the selling/distribution (haven't read the actual text) of pirate cable-TV decoders, but not the building or possession of such devices (thanks Mammon, saves me $100 a month). Even this legislation seems an example of unnecessary government obtrusion to me. It should not be the business of government to protect crypto-incompetent private enterprise from loosing money. And 15 years in jail? Scary, in any case totally out of proportion. (I cannot yet really believe that the EFF has been involved in this, being an overseas paying supporter since 2 years. If it comes out true I will go the way of Mr May - out.) Mats From simona at panix.com Thu Aug 11 06:35:47 1994 From: simona at panix.com (Simona Nass) Date: Thu, 11 Aug 94 06:35:47 PDT Subject: ANNOUNCE: SEA talk Message-ID: <9408111303.AA27213@ah.com> Simona Nass of SEA asked me to send this out. Eric ----------------------------------------------------------------------------- The Society for Electronic Access (SEA), a New York metro area cyberspace civil liberties and access activism group, presents: ERIC HUGHES Cypherpunks founder, mathematician, and cryptographer speaking on Cryptography, Anonymity and Financial Transactions Topics will include digital cash, as well updates of protocols Eric has been working on and recent developments in the field. When: Tuesday, August 16, 1994, at 6:30 pm Where: 49 Chambers St. (between Centre and Broadway in Manhattan) Room 610 This event is open to the public. No prior reservation is necessary to attend, but seating is limited. Admission is free, though a $2 donation is requested. For automated information on the Society for Electronic Access, send a blank message to sea-info at sea.org. From hfinney at shell.portal.com Thu Aug 11 07:48:26 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 11 Aug 94 07:48:26 PDT Subject: Are Remailers Liable for What They Remail? In-Reply-To: <199408110736.AAA27319@netcom10.netcom.com> Message-ID: <199408111448.HAA17336@jobe.shell.portal.com> tcmay at netcom.com (Timothy C. May) writes: >(Not even digital signatures have yet been tested.) Common carrier >status--such as Federal Express has--has certainly not been granted to >remailers. This is one of the things that worries me about the Digital Telephony bill. In the various apologias and explanations from EFF, CyberWire Dispatch, etc. about why EFF helped with this bill, it was mentioned that online service providers have been removed from its coverage because they are not "common carriers". It only applies, they say, to common carriers like phone companies. Obviously I haven't read the text of the bill (probably no one has ;-) but this certainly raises the question of whether pursuing common carrier status would cause electronic service providers to fall under the wiretap require- ments of the bill. Maybe I'll ask on usenet. Hal From merriman at metronet.com Thu Aug 11 08:12:12 1994 From: merriman at metronet.com (David K. Merriman) Date: Thu, 11 Aug 94 08:12:12 PDT Subject: NSA humor Message-ID: <199408111515.AA16663@metronet.com> Saw this on alt.security - figured it was too good not to share: In article <32d8gb$bml at ingate.adc.com> olsonm at ws3902.adc.com (Mark Olson) writes: >From: olsonm at ws3902.adc.com (Mark Olson) >Subject: Re: NSA >Date: 11 Aug 1994 13:19:07 GMT >daemon9 at netcom.com wrote: >: Does anyone know a *valid* number where I can reach the NSA? >: All my numbers are now invalid.... >No number needed! Just pick up your mouse and talk into >the hole in the bottom. Say: "Hello, NSA? I'd like to >speak to the Director, please." Dave Merriman From trollins at debbie.telos.com Thu Aug 11 08:25:04 1994 From: trollins at debbie.telos.com (Tom Rollins) Date: Thu, 11 Aug 94 08:25:04 PDT Subject: Remailer Status Message-ID: <9408111519.AA16825@debbie.telos.com> Hello, Is there any overall status on remailer use. Remailers up, specific commands, clear vs encrypted traffic, delays, un-acceptable types of mail. -tom From adam at bwh.harvard.edu Thu Aug 11 08:31:56 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Thu, 11 Aug 94 08:31:56 PDT Subject: DTB - grim for recreational spies In-Reply-To: Message-ID: <199408111531.LAA24367@bwh.harvard.edu> | The Digital Telephony Bill states up to 15 years in jail | for unauthorized tapping of wireless telephony. It seems | that the EFF puts this on the plus side, as an example of | the enhanced rights to privacy in the Bill. I have a problem | with this approach. In presence of strong crypto, would even | alligator clipping have to be outlawed? (Hidden microphones | and other intrusions inside your estate is obviously another | matter.) The problem here is twofild. First, as you point out, strong cryptography alliviates the need for strong laws, a point missed yb our legislators. Second, in the US, there is a court which handles federal wiretap requests. Its granted 6500 wiretap orders out of 6500 requests in the last 20 years. It seems to be too easy to get a federal wiretap order, and there exists insufficient oversight. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From Banisar at epic.org Thu Aug 11 08:48:23 1994 From: Banisar at epic.org (David Banisar) Date: Thu, 11 Aug 94 08:48:23 PDT Subject: Privacy Conference - Sept 9 - The Hague Message-ID: <9408110635.AA32647@Hacker2.cpsr.digex.net> Hello all, If I could break in here for a second, I thought that some of the European members of the list may be interested in this. It would be a good opportunity to meet and discuss issues, exchanges notes etc. dave CONFERENCE ANNOUNCEMENT ---------------------------- TECHNOLOGIES OF SURVEILLANCE TECHNOLOGIES OF PROTECTION -------------------------- Sponsored by Privacy International The University of Eindhoven The Electronic Privacy Information Center Friday,September 9, 1994 Nieuws Poort International Press Centre The Hague, The Netherlands The conference will bring together experts in law, privacy, human rights, telecommunications and technology to discuss new technological developments that affect personal privacy. The sessions will be interactive, starting with introductions to the subjects by leading experts, followed by questions and discussion led by the moderators. 8:45 Introduction Simon Davies, Chairman, Privacy International 9:00 Information Infrastructures Marc Rotenberg, Electronic Privacy Information Center (US) Stephanie Perrin, Industry Canada 10:00 Euopean Government Information Sharing Networks Jos Dumatier, professor of law and director of the Interdisciplinary Centre for Law and Information Technology (ICRI) at K.U.Leuven 11:00 Cryptography Policy David Banisar, Electronic Privacy Information Center Jan Smiths, University of Eindhoven 12:00 Lunch 1:00 Smart Cards and Anonymous Digital Transactions David Chaum, Digicash 2:00 Wrap up --------------------------------------------------------------------- Registration Fees [] Standard - 220 guilders ($120 US) [] Non-profit organisations/Educational - 75 guilders ($40 US) Information Name: ____________________________________________________________ Organization: ______________________________________________________ Address:_____________________________________________________________ ________________________________________________________________ Phone/Fax:___________________________________________________________ Electronic Mail: ____________________________________________________ Send registration to: Privacy International Washington Office Attn: Conference Registration 666 Pennsylvania Ave, SE, Suite 301 Washington, DC 20003 Make Check/Money Order in US Dollars out to Privacy International Space is limited, please contact us immediately if you wish to attend! For more information, contact: David Banisar 1+202-544-9240(voice) 1+202-547-5482(fax) banisar at epic.org (email) -- David Banisar (tc at EPIC.org) Electronic Privacy Information Center 666 Penn. Ave, SE Suite 301 Washington, DC 20003 202-544-9240 (v) 202-547-5482 (f) From jdd at aiki.demon.co.uk Thu Aug 11 08:52:06 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 11 Aug 94 08:52:06 PDT Subject: e$ Message-ID: <5184@aiki.demon.co.uk> In message <9408101902.AA27154 at snark.imsi.com> perry at imsi.com writes: > > On what experience or observation do you base these rather extreme > > remarks? > > Plonk. A reply showing true intelligence. -- Jim Dixon From jdd at aiki.demon.co.uk Thu Aug 11 08:52:26 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 11 Aug 94 08:52:26 PDT Subject: future existence of free remailers? Message-ID: <5186@aiki.demon.co.uk> In message <9408101956.AA04136 at portola.com> Joichi Ito writes: > Please excuse me if this has already been discussed... but... What about > the trend of busting the sysops of bbs'? The recent Fidonet bust in Italy > seems to support this trend. It sounds to me like any remailers remailing > illegal stuff may get caught in the dragnet. I think that perfect ignorance is a perfect excuse. If the traffic going through your remailer is encrypted, and you do not have the key, and you have no other way of knowing what it is, you can scarcely be held responsible for the contents, so long as you do not knowingly invite illegal use. This is a frequent topic of conversation among Internet access providers (IAPs) who are concerned about the contents of various ALT. groups which are either pornographic or copyright violations or both. The consensus seems to be that you are responsible if EITHER you are aware of the presence of these materials OR you are ignorant of any specific materials but you know that people have subscribed to your service in order to gain access to these materials. There have been no test cases, as far as I know, but I have read opinions ascribed to lawyers. IAPs would seem to be providing the same sort of service as remailers and in fact if operating remailers were a viable business they would be in an ideal position to provide the service. -- Jim Dixon From jdd at aiki.demon.co.uk Thu Aug 11 08:52:38 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 11 Aug 94 08:52:38 PDT Subject: e$ Message-ID: <5190@aiki.demon.co.uk> In message <9408101902.AA27154 at snark.imsi.com> perry at imsi.com writes: > > On what experience or observation do you base these rather extreme > > remarks? > > Plonk. Ah. I finally figured it out. You've been drinking too much cheap wine? -- Jim Dixon From jdd at aiki.demon.co.uk Thu Aug 11 08:52:58 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 11 Aug 94 08:52:58 PDT Subject: RemailerNet Message-ID: <5193@aiki.demon.co.uk> In message <199408110150.SAA15634 at ucsd.edu> Lance Cottrell writes: > > jdd at aiki.demon.co.uk writes: > >Compiling a list of remailers, sure. But if you let the user control > >how messages are chained, you are inviting real traffic analysis. The > >user should only be able to specify his destination and the level of > >security desired. > > How do you arrange things so that the remailers choose the path, and > that if the first remailer is actually a TLA the destination is not > compromised. I see no means by which any remailer which is not ultimately > trusted (i.e. owned by me) can be allowed to choose the routing of the > message packets. > > Example: I ask for a five link chain. Link one is NSA controlled. The NSA then > chains the message through 4 more NSA remailers, and on the final > destination. The upshot is a total loss of secrecy. Terms are being used loosely. I was responding to a critique of RemailerNet v0.1 (RN0.1). In this systems messages are packetized and the packets routed independently, with the packets reassembled into messages at the 'destination gateway'. User control of packet-level routing would weaken the system. RN0.2 permits the user to nest messages and to direct messages to gateways as destinations. This means that messages may be bounced around in the system, adding some additional security. So the user can control chaining/routing at the message level, but not at the packet level. -- Jim DIxon From jdd at aiki.demon.co.uk Thu Aug 11 08:53:14 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 11 Aug 94 08:53:14 PDT Subject: anonymous settlement Message-ID: <5195@aiki.demon.co.uk> In message <9408102324.AA25933 at ah.com> Eric Hughes writes: > > Also, for anonymous > > payment for such overseas services, anonymous transfer in at least one > > of the two currencies is necessary. > > The last point is certainly not true. If user X communicates with > service A (a gateway) in one country to purchase something from > service B in another country, X can settle accounts with A anonymously > (say in US$) and then A and B can settle accounts with one another > (say in sterling) openly. > > May I point out that that in your example that X and A are performing > an anonymous transfer in dollars, which is one of the two currencies? You are quite right. I misread what you wrote, thinking that you meant that X must pay B anonymously in one of the two currencies. -- Jim Dixon From talon57 at well.sf.ca.us Thu Aug 11 08:53:16 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Thu, 11 Aug 94 08:53:16 PDT Subject: Bruce Schneier appearance Message-ID: <199408111553.IAA08505@well.sf.ca.us> MEETING NOTICE ============== UniForum Chicago holds its monthly general meeting on Tuesday, August 16, 1994 at the College of DuPage and everyone is welcome. This month's speaker is Bruce Schneier, author of APPLIED CRYPTOGRAPHY, (B. Schneier, Wiley Inc., 1993). Quoting the back cover of Bruce's book: "The explosive growth of public and private computer networks has resulted in a tremendous increase in the colume of sensitive and valuable data that is routinely stored and transmitted digitally. From computer messages speeding through global networks to vast sums of money transferred electronically, the greatest challenge in this new digital world is keeping this formation out of the hands of unauthorized users who prey on vulnerable computer systems. "In APPLIED CRYPTOGRAPHY, data security expert Bruce Schneier details how programmers can use cryptography--the technique of enciphering and deciphering messages--to maintain the privacy of computer data. Covering the latest developments in practical cryptographic techniques, the book shows programmers who design computer applications, networks, and storage systems how security can be built into the computer software and systems we use every day. The meeting will be held at: College of DuPage Building M, Room 150 22nd & Lambert Glen Ellyn, IL 60137 Take 355 to Butterfield Rd. Butterfield West to Lambert Rd. Lambert Rd. North to 22nd St. West on 22nd Street to Lot 10 entrance South into Lot 10 Park in Lot 10 and walk to Building M Meeting Room is 150 For further information, call Mike Potter at 708 960-0133 x15. From jdd at aiki.demon.co.uk Thu Aug 11 08:53:31 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 11 Aug 94 08:53:31 PDT Subject: RemailerNet Message-ID: <5197@aiki.demon.co.uk> In message <199408110212.TAA17672 at ucsd.edu> Lance Cottrell writes: > >If anyone cared enough, what they would do is (a) put up enough remailers > >so that they were, say, a steady 80% of those announcing in the alt.x > >group; (b) provide a good, reliable service nearly all of the time; and > >(c) drive the other 20% out of business with a steady disinformation > >campaign (rumors, complaints, etc) and other more aggressive tactics. > >The FBI types running (a) and (b) would be well funded and they would > >be the sort of steady, unimaginative people who run small businesses > >well. The CIA field agents masterminding (c) would be very well > >funded network freaks, some of them ex-hackers. They could operate > >outside the USA and pay little or no attention to US laws. Pity the > >poor 20% in the face of such attacks. > > > >Any traffic sent through this remailer network would have only a tiny > >chance of getting through without being compromised. If you picked > >5 remailers, the chances of all being non-FBI would be about .2^5, > >3 in 10,000. The other 9,997 messages would be copied immediately > >to Langley. > > I fear that you have the math wrong. The odds that the path would be compromised > (that is all five nodes are FBI) is 1-(.8^5) = .67 Actually, the odds are better than this, .8^5, about 0.33. You will be compromised "only" 1/3 of the time. But if you are sending regular messages to another party, then traffic analysis will quickly show that you are communicating, because even if the boys at Langley are really dumb, you won't make send more than two or three messages without having all the cherries lining up. You will be protected if you have encrypted your messages, but using a remailer network offers little additional protection. > If I understand your system one compromised node is a total loss for that > message. No, as I have said elsewhere, I think that an 'empowered user' of RN0.2 can communicate with another empowered user through a completely compromised network with little risk, so long as there are many other such users. This is because the compromised gateways will not be able to tell when and whether either of the users is actually communicating. -- Jim Dixon From talon57 at well.sf.ca.us Thu Aug 11 09:05:09 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Thu, 11 Aug 94 09:05:09 PDT Subject: Schneier apperance update Message-ID: <199408111604.JAA13270@well.sf.ca.us> Sorry to post this twice, but they forgot to put the time.... MEETING NOTICE ============== UniForum Chicago holds its monthly general meeting on Tuesday, August 16, 1994 at the College of DuPage and everyone is welcome. This month's speaker is Bruce Schneier, author of APPLIED CRYPTOGRAPHY, (B. Schneier, Wiley Inc., 1993). Quoting the back cover of Bruce's book: "The explosive growth of public and private computer networks has resulted in a tremendous increase in the colume of sensitive and valuable data that is routinely stored and transmitted digitally. >From computer messages speeding through global networks to vast sums of money transferred electronically, the greatest challenge in this new digital world is keeping this formation out of the hands of unauthorized users who prey on vulnerable computer systems. "In APPLIED CRYPTOGRAPHY, data security expert Bruce Schneier details how programmers can use cryptography--the technique of enciphering and deciphering messages--to maintain the privacy of computer data. Covering the latest developments in practical cryptographic techniques, the book shows programmers who design computer applications, networks, and storage systems how security can be built into the computer software and systems we use every day. The meeting will be held at: College of DuPage Building M, Room 150 22nd & Lambert Glen Ellyn, IL 60137 MEETING TIME 7pm CST Take 355 to Butterfield Rd. Butterfield West to Lambert Rd. Lambert Rd. North to 22nd St. West on 22nd Street to Lot 10 entrance South into Lot 10 Park in Lot 10 and walk to Building M Meeting Room is 150 For further information, call Mike Potter at 708 960-0133 x15. From perry at imsi.com Thu Aug 11 09:29:46 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 11 Aug 94 09:29:46 PDT Subject: Are Remailers Liable for What They Remail? In-Reply-To: <199408111448.HAA17336@jobe.shell.portal.com> Message-ID: <9408111629.AA29020@snark.imsi.com> Hal says: > This is one of the things that worries me about the Digital > Telephony bill. In the various apologias and explanations from EFF, > CyberWire Dispatch, etc. about why EFF helped with this bill, it > was mentioned that online service providers have been removed from > its coverage because they are not "common carriers". It only > applies, they say, to common carriers like phone companies. UUNET, among others, considers itself to be a common carrier. Perry From juola at suod.cs.colorado.edu Thu Aug 11 09:46:15 1994 From: juola at suod.cs.colorado.edu (Patrick Juola) Date: Thu, 11 Aug 94 09:46:15 PDT Subject: Are Remailers Liable for What They Remail? Message-ID: <199408111645.KAA07094@suod.cs.colorado.edu> Perry sez: UUNET, among others, considers itself to be a common carrier. My understanding is that, legally speaking, "considering [oneself] to be a common carrier" amounts to exactly nil -- that it requires a special act of some governing body to declare you to be a common carrier. One might just as well consider oneself to be an accredited diplomat and therefore to have diplomatic immunity. Any of the real lawyers on the net care to comment? kitten From hfinney at shell.portal.com Thu Aug 11 09:49:21 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 11 Aug 94 09:49:21 PDT Subject: IDEA vs DES In-Reply-To: <199408110744.AAA20783@servo.qualcomm.com> Message-ID: <199408111648.JAA25239@jobe.shell.portal.com> According to my references, the PowerPC 601 does an integer multiply in 9 cycles (5 if the 2nd operand is 16 bits or less). An integer divide takes 36 cycles. Adds, etc. take 1 cycle. Floating-point multiplies take 1 cycle for single precision, 2 for double. However, they are pipelined, so if you need to use the results of the multiply on the next instruction, they will take 3 cycles. Floating-point adds take 1 cycle, again with the results available in 3. There is a floating-point (but no integer) multiply-and-add instruction. It has the same timing as the multiply. Hal From perry at imsi.com Thu Aug 11 10:04:57 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 11 Aug 94 10:04:57 PDT Subject: Are Remailers Liable for What They Remail? In-Reply-To: <199408111645.KAA07094@suod.cs.colorado.edu> Message-ID: <9408111704.AA29091@snark.imsi.com> Patrick Juola says: > My understanding is that, legally speaking, "considering [oneself] > to be a common carrier" amounts to exactly nil -- that it requires > a special act of some governing body to declare you to be a common > carrier. Not quite. If tomorrow you started a new overnight mail service, you would probably be a common carrier if you acted like one, no act of congress needed. The question is not a simple one. My one conversation on this subject with someone from UUNET more or less went "our lawyers say we should act like one and hope the courts decide that we are right." Perry From cactus at bb.com Thu Aug 11 10:26:28 1994 From: cactus at bb.com (L. Todd Masco) Date: Thu, 11 Aug 94 10:26:28 PDT Subject: Are Remailers Liable for What They Remail? Message-ID: <199408111732.NAA21237@bb.com> According to a discussion I had with Dave Lawrence (postmaster at UUNET, as well as moderator of news.admin.newgroups), UUNET is registered with the FCC as an "Enhanced Service Provider," which, according to Dave, amounts to similar protection as "Common Carrier." ("Common Carrier" seems to not be appropriate yet, since Congress is so behind the tech curve) -- L. Todd Masco | Bibliobytes books on computer, on any UNIX host with e-mail cactus at bb.com | "Information wants to be free, but authors want to be paid." From frissell at panix.com Thu Aug 11 11:47:53 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 11 Aug 94 11:47:53 PDT Subject: Are Remailers Liable for What They R