From shamrock at netcom.com Mon Aug 1 00:22:04 1994 From: shamrock at netcom.com (Lucky Green) Date: Mon, 1 Aug 94 00:22:04 PDT Subject: Lady Di's medical records Message-ID: <199408010722.AAA01452@netcom7.netcom.com> > I understand that in California, shrinks have a duty to protect > records. I expect encryption is spreading. I also expect that many of > them are worried about the trend to force disclosure of patient > records. (Such as with the Tarasoff ruling on patients who make > threats, the various other loopholes for breaking doctor-patient > privilege, the various "discovery" procedures in court cases, and so > on.) I personally know individuals that are avoiding medical care because of concerns about confidentiality. It seems the loopholes are extending. Patient records stay around for years. Who knows what the requirements will be five years from now? It would not surprise me if individuals who have been seeking drug treatment within the last, say, five years would have to be reported to the Klinton Kommunal Kare agency. > (Watch for software key escrow to fold this in: mandated encryption > of records, but American Psychiatric Association and California State > Mental Health Association the designated escrow sites. For example.) To be examined by the above supervisory agency upon "reasonable suspicion", no doubt. -- Lucky Green PGP public key by finger From a.brown at nexor.co.uk Mon Aug 1 02:11:52 1994 From: a.brown at nexor.co.uk (Andrew Brown) Date: Mon, 1 Aug 94 02:11:52 PDT Subject: What kind of encryption to incorporate? In-Reply-To: <199407291656.MAA03632@freud.bwh.harvard.edu> Message-ID: On Fri, 29 Jul 1994, Adam Shostack wrote: > A filename and length give away the fact that something is > hidden. If you only hide encrypted data, and no plaintext of any > sort, then the file can not be automatically detected; it can ony be > seen by someone who can decrypt it. ... well almost. It's trivial to write a program that extracts the LSB's from a GIF file and then determine their randomness. Truly random data gives away the presence of an encrypted file. The solution is to choose the LSB's that you alter according to the output from a decent random number generator so that each LSB has a probability of being altered. - Andy From frissell at panix.com Mon Aug 1 04:27:58 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 1 Aug 94 04:27:58 PDT Subject: Philadelphia Enquirer Story on Clipper Message-ID: <199408011125.AA11517@panix.com> At 11:46 PM 7/31/94 -0700, Lucky Green wrote: >> Dorothy E. Denning, chairman of the computer-science department at >> Georgetown University and a supporter of the Clipper plan, said such >> a world [with unbreakable encryption] would be like ''highways without >>traffic lights and people >> without driver's licenses.'' > >Let me predict it here today: there will be the day that you will need a >license to access the Net. Yeah. I can imagine it. It would be like New York City today where the tabs are telling us that seemingly half the population is "driving while license suspended." Course the 1st Amend. was specifically designed to eliminate the nasty British habit of licensing newspapers. Driving licenses weren't mentioned in that document. Have their been any licensing proposals for the Information Stupor Highway yet? If the Supremes will let me burn a cross, isn't it likely that they will let me log on? DCF "On the Information Super Highway, there will have no speed limits, there will be no rest areas, there will be no troopers. But there will be a passing lane, a passing lane." -- Network MCI From paul at poboy.b17c.ingr.com Mon Aug 1 05:28:06 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Mon, 1 Aug 94 05:28:06 PDT Subject: FW: No SKE in Daytona and other goodies In-Reply-To: <9407292105.AA29978@netmail2.microsoft.com> Message-ID: <199408011228.AA17694@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- Blanc Weber said: > You could also, like the Luddites, pressure the inventors of computers > not to make any more of these new-fangled, fearsome things. Because > you just *know* what they'll be used for, once they develop some > database "features" and make it possible to send messages anonymously. All right, then, I'm a key escrow Luddite. To me, key escrow is like a host of other "new-fangled things": its disadvantages and dangers outweigh its benefits. - -Paul - -- Paul Robichaux, KD4JZG | "Information is the currency of democracy." perobich at ingr.com | - some old guy named Thomas Jefferson Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLjzqgafb4pLe9tolAQFtIAP/TZNaTw3YLUcOiAAwPl0MKTbkoYXuirJ4 Lpfj5tovRb/Hyiuaa7z9/iuvNMPqjvEzU0ueeCh8VWVVKVGt8U0O9/UchO5x3NNw WfLwxjXPPQP0/F4o2tZzwQKAzJIrRALEUsJElsL4MJ3onDFGzFTGjB/B8oL1TJ8F jOBS/VWkeho= =LQar -----END PGP SIGNATURE----- From m5 at vail.tivoli.com Mon Aug 1 05:32:37 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 1 Aug 94 05:32:37 PDT Subject: Children and the Net In-Reply-To: <199407311826.LAA24798@netcom10.netcom.com> Message-ID: <9408011231.AA08947@vail.tivoli.com> Mike Duvos writes: > Had it not been for the fact that having children covered with > scars, welts, and bruises is not considered child abuse in the > state of Texas, I know it's chic to refer to Texas as the last bastion of barbarian living, but I'd like to see some citation for the above if you really believe it's true. Note also that I've heard tell kids get beat up in other states too, though that might just be rumor. | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From werner at mc.ab.com Mon Aug 1 07:29:25 1994 From: werner at mc.ab.com (tim werner) Date: Mon, 1 Aug 94 07:29:25 PDT Subject: Survey: what free scientific, mathematical, statistical software is wanted? Message-ID: <199408011428.KAA13225@sparcserver.mc.ab.com> This was not cross-posted to any crypto groups, so I thought I would post to the list. Hope it's appropriate. Article 491 in gnu.announce (moderated): Date: Sun, 31 Jul 94 17:23:58 EDT Distribution: world Newsgroups: gnu.announce,gnu.misc.discuss,sci.stat.math,sci.stat.consult,sci.stat.edu,alt. iams,comp.lang.fortran,comp.graphics.gnuplot,comp.software Followup-To: poster From: lenk at gnu.ai.mit.edu Subject: Survey: what free scientific, mathematical, statistical software is wanted? Lines: 25 [ Please repost this wherever you think is appropriate! ] Project GNU of the Free Software Foundation is conducting a survey to determine the kinds of mathematical software commonly utilized by scientists and mathematicians. Your answers will help us to determine the programming tasks we present to our volunteers. This will ultimately result in a more complete set of math programs and subroutines available as free software. Please answer the following questions with regard to scientific, mathematical, and/or statistical software: 1. What packages are commonly used? 2. What programs and subroutines are desired, but not available? 3. What freeware currently exists? 4. Where else can we ask these questions? Please give as much detail as you can, including package name, author, language, and where it can be found. Send responses to math-sw-survey at gnu.ai.mit.edu Thank you! From talon57 at well.sf.ca.us Mon Aug 1 08:01:01 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Mon, 1 Aug 94 08:01:01 PDT Subject: swell discusions Message-ID: <199408011500.IAA08747@well.sf.ca.us> Gee, I'd sure like to participate in all these neat discussions going on here on cypherpunks today, but I'm busy examining these disgusting GIF'S that some sick mind uploaded to all these sites in Tennessee...... Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced communication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth From hfinney at shell.portal.com Mon Aug 1 08:09:38 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 1 Aug 94 08:09:38 PDT Subject: Lawsuits Against PKP In-Reply-To: Message-ID: <199408011509.IAA23874@jobe.shell.portal.com> schneier at chinet.chinet.com (Bruce Schneier) writes: >Two lawsuits were recently filed in federal court, northern district >of Calif, which may cripple Public Key Partners. >Cylink v. RSA Data Security, C-94-02332-CW, June 30, 1994, San Fran. >It alleges that the RSA patent is invalid. RSA Data had denied Cylink >a patent license. >Schlafly v. Public Key Partners, C-94-20512-SW, July 27, 1994, San Jose. >It alleges that almost all of the PKP patent claims are invalid and >unenforceable. That makes my day. The name Schlafly sounds familiar (I don't mean Phyllis). Roger? Does anyone know a crypto person with this name? It would be interesting to know whether anyone else could join in these lawsuits on a class-action basis, or at least send support to the plaintiffs. Hal From dave at marvin.jta.edd.ca.gov Mon Aug 1 08:11:24 1994 From: dave at marvin.jta.edd.ca.gov (Dave Otto) Date: Mon, 1 Aug 94 08:11:24 PDT Subject: "Just say 'No' to key escrow." In-Reply-To: <9407300232.AA01640@ua.MIT.EDU> Message-ID: <9408011509.AA28632@marvin.jta.edd.ca.gov> on Fri, 29 Jul 1994 22:32:25 -0400 (EDT) solman at MIT.EDU wrote: > Jesus people are paranoid. I happen to be of the opinion that A) if escrow As a member of the "religious right", I am *NOT* paranoid (at least any more so than most members of this list :-). I do make an attempt to screen the media my children have access to. I do NOT advocate "sequestering" nor do I support ANY governmental censorship. Long live the PFLC! -- the dave who is tired of these non-crypto rants Dave Otto -- dave at marvin.jta.edd.ca.gov -- daveotto at acm.org "Pay no attention to the man behind the curtain!" [the Great Oz] finger DaveOtto at ACM.org for PGP 2.6 key <0x3300e841> fingerprint = 78 71 3A 5B FD 8A 9A F1 8F BC E8 6A C7 BD A4 DD From frissell at panix.com Mon Aug 1 08:18:11 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 1 Aug 94 08:18:11 PDT Subject: Philadelphia Enquirer Story on Clipper Message-ID: <199408011516.AA29716@panix.com> At 06:55 AM 8/1/94 -0400, Duncan Frissell wrote: >Course the 1st Amend. was specifically designed to eliminate the nasty >British habit of licensing newspapers. Driving licenses weren't mentioned >in that document. Have their been any licensing proposals for the >Information Stupor Highway yet? If the Supremes will let me burn a cross, >isn't it likely that they will let me log on? To further answer myself... Note that we have had telephones for more than 100 years without any licensing of telephones in this country. In fact, the telephone companies were prohibited from denying service save on a number of narrow grounds. And that was in a much tighter regulatory environment than seems destined to exist in the future. DCF "License Communists -- not Workstations" From gtoal at an-teallach.com Mon Aug 1 08:43:02 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 1 Aug 94 08:43:02 PDT Subject: Children and the Net Message-ID: <199408011541.QAA17580@an-teallach.com> From: "James A. Donald" Yep. They thought that was really great. > Will you be upset > if they try this at home? At the age of three Jim figured out that death was permanent and extremely serious. It was just a real shame you had to kill your kid's dog with a sharp spike up one nostril to make the point though ;-) G From smb at research.att.com Mon Aug 1 08:48:02 1994 From: smb at research.att.com (smb at research.att.com) Date: Mon, 1 Aug 94 08:48:02 PDT Subject: Lawsuits Against PKP Message-ID: <9408011547.AA22209@toad.com> Two lawsuits were recently filed in federal court, northern district of Calif, which may cripple Public Key Partners. Cylink v. RSA Data Security, C-94-02332-CW, June 30, 1994, San Fran. It alleges that the RSA patent is invalid. RSA Data had denied Cylink a patent license. This one is really fascinating -- Cylink is one of the owners of PKP, along with RSADSI... From gtoal at an-teallach.com Mon Aug 1 08:52:47 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 1 Aug 94 08:52:47 PDT Subject: Children and the Net Message-ID: <199408011533.QAA17440@an-teallach.com> From: Mike Duvos A doctor at Baylor University Medical Center was asked later why this didn't cause the removal of the children, and said that while such behavior would certainly be considered abuse in a medical sense, it did not meet the legal definition of abuse according to the laws of the State of Texas. Texas, of course, is the leader on the national corporal punishment bandwagon and dishes out over 250,000 state-sponsored beatings every year in its public school system. So far all efforts to ban the practice have been successfully opposed by the teachers union. Come off it, the benefits of a teacher giving your kid the strap at the time of an offence far outweigh the harm done. I find it really hard to believe there are places in the world where it's criminally illegal for teachers - in some places, even parents - to apply corporal punishment when necessary. Anyway, it's biggest benefit is that it teaches kids a healthy disrespect of authority and shows them the pretence behind politics, 'voluntary' taxation etc etc. The people with the physical force are in charge. I think that's a lesson all kids should be made to learn the hard way. G From jdd at aiki.demon.co.uk Mon Aug 1 09:10:21 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Mon, 1 Aug 94 09:10:21 PDT Subject: Anonymous code name allocated. // penet hack Message-ID: <3147@aiki.demon.co.uk> > You have sent a message using the anonymous contact service. > You have been allocated the code name an118905. ... and so forth I did not send any message using the remailer and I would be grateful if the account were killed. Is everybody on the cypherpunks list getting this sort of harassment or is it just me? -- Jim Dixon From berzerk at xmission.xmission.com Mon Aug 1 09:15:46 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Mon, 1 Aug 94 09:15:46 PDT Subject: Labeling Usenet articles. In-Reply-To: <9408010229.AA19967@netmail2.microsoft.com> Message-ID: OK, so I want to enable the recieving of articles in conjunction with a censorship service. I guess the way to do this is a sig. of the article number, as this is the most copact way I can think of. Does anyone have some good ideas for the sig. method? I was thinking about the government one, so as to render patents moot. The other problem is coming up with a standard format so that newsreaders(for unix, at least 6, for dos, mac, etc) can be easily modified. Anyone have some interest in this? Lets get the tools of crypto out there in advance. Berzerk. From blancw at microsoft.com Mon Aug 1 09:28:43 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 1 Aug 94 09:28:43 PDT Subject: Big Brother's Escrow Systems Message-ID: <9408011629.AA00655@netmail2.microsoft.com> From: Greg Broiles Humm. Do Microsoft shareholders know that the company is being run in order to empower folks, as oppposed to making money? I must confess that I was (until now) unaware of that. .................................................................... Shareholders only know that software with uncalculable benefits is being produced & being widely accepted for no discernible reason, with profit being an unintended side effect which they can take advantage of. Blanc [Disclaimer: I can't represent my employer from here, but wait till I get my own pc.] From sidney at taurus.apple.com Mon Aug 1 09:35:00 1994 From: sidney at taurus.apple.com (Sidney Markowitz) Date: Mon, 1 Aug 94 09:35:00 PDT Subject: Lawsuits Against PKP Message-ID: <9408011634.AA23517@toad.com> Hal writes: >That makes my day. The name Schlafly sounds familiar (I don't mean >Phyllis). Roger? Does anyone know a crypto person with this name? I haven't yet seen the details on the lawsuit, but I would guess that it is Roger Schlafly, unless the name is more common than I think. He was at Borland when I used to work there, and was into numerical methods kind of stuff. I was told that he is Phyllis Schlafly's son, but he did not give the impression being someone of her political or cultural orientation, not that I ever heard him talk about political issues. -- sidney From nobody at shell.portal.com Mon Aug 1 09:36:02 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Mon, 1 Aug 94 09:36:02 PDT Subject: Children and the Net Message-ID: <199408011635.JAA28519@jobe.shell.portal.com> gtoal writes: "Come off it, the benefits of a teacher giving your kid the strap at the time of an offence far outweigh the harm done." i disagree. how do you know corporal punishment wont be 'appealing' to the children, so like when they grow up they cant wait to take a strap to their kids and so on down the line? strapping is not a solution to a childs problems, if you cant help a child work out his problems through verbalization youre a pathetic parent! From berzerk at xmission.xmission.com Mon Aug 1 09:36:43 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Mon, 1 Aug 94 09:36:43 PDT Subject: Children and the Net In-Reply-To: <9408011231.AA08947@vail.tivoli.com> Message-ID: On Mon, 1 Aug 1994, Mike McNally wrote: > Mike Duvos writes: > > Had it not been for the fact that having children covered with > > scars, welts, and bruises is not considered child abuse in the > > state of Texas, > I know it's chic to refer to Texas as the last bastion of barbarian > living, but I'd like to see some citation for the above if you really > believe it's true. Note also that I've heard tell kids get beat up in > other states too, though that might just be rumor. As far as I know, the above was NOT the case, and no evidence existed of abuse. The search warrent talks about having guns and "clandestine" *publications* and neve authorizes breaking into windows to serve a NORMAL search warrent. Berzerk. From jrochkin at cs.oberlin.edu Mon Aug 1 09:47:58 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Mon, 1 Aug 94 09:47:58 PDT Subject: Labeling Usenet articles. Message-ID: <199408011647.MAA07134@cs.oberlin.edu> > OK, so I want to enable the recieving of articles in conjunction with a > censorship service. I guess the way to do this is a sig. of the article [...] > Lets get the tools of crypto out there in advance. How is crypto involved? You want to have everything arrive at your site encrypted, and only be able to decrypt the stuff that you are permitted by the censor to read? Why bother, why not just only send stuff to your site that the censor permits you to read? If you don't want your entire site censored, but just want particular readers at your site to be censored, then the sysadmin should just set something up so users are only allowed to read what the censor has allowed that user to read. I dont' see how crypto comes into it at all. I think you are going to have a lot of trouble getting any help with this plan from this list. For one thing, it doesn't seem to require crypto to implement, and for another, very few people on this list are going to be interested in developing a censorship system. I don't think anyone thinks you should be disallowed from doing so either, but people put their time and energy into developing software that interests them and excites them, and for most cypherpunks I don't think a censorship system does either. From Eric_Weaver at avtc.sel.sony.com Mon Aug 1 10:07:30 1994 From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver) Date: Mon, 1 Aug 94 10:07:30 PDT Subject: No SKE in Daytona and other goodies In-Reply-To: Message-ID: <9408011707.AA06544@sosfc.avtc.sel.sony.com> Date: Sat, 30 Jul 1994 00:16:38 -0400 (EDT) From: Aron Freed On Fri, 29 Jul 1994, Eric Weaver wrote: > The government should NOT be viewed similarly to an employer in its > relationship with citizens. Employees are free to quit and make their > income some other way. Yeah and since when has this country been so easy to quit and find a new job with the same relative pay???? Do you think it's that easy??? Uh I don't think so.. duh huh... I can't even get a summer job working at a computer store and I'm very computer literate for my age. Did I SAY that it would be easy? But nobody will stop you from quitting a JOB. A government may well try to stop a citizen of its country from leaving. That's my point. From mark at unicorn.com Mon Aug 1 10:26:17 1994 From: mark at unicorn.com (Mark Grant) Date: Mon, 1 Aug 94 10:26:17 PDT Subject: Labeling Usenet articles. Message-ID: On Mon, 1 Aug 1994, Jonathan Rochkind wrote: > How is crypto involved? You want to have everything arrive at your site > encrypted, and only be able to decrypt the stuff that you are permitted > by the censor to read? Why bother, why not just only send stuff to your site > that the censor permits you to read? If you don't want your entire site censored, but just want particular readers at your site to be censored, then the > sysadmin should just set something up so users are only allowed to read > what the censor has allowed that user to read. I dont' see how crypto > comes into it at all. No, I think he's essentially talking about a 'secure' moderated newsgroup. That is, the moderator(s) would sign each 'authorised' message with a special key, and the newsreader would verify that it was signed by a moderator before allowing you to read it. The current moderation system is supposed to ignore unmoderated articles, but without crypto it's easy to get round. > I think you are going to have a lot of trouble getting any help with this > plan from this list. For one thing, it doesn't seem to require crypto > to implement, and for another, very few people on this list are going to > be interested in developing a censorship system. I'm not sure if it's a good idea or not, but it seems to me that I'd rather be able to say to people 'Ok, you want to create your own secure moderated groups safe for kids/fundamentalists/chthulhu-worshippers, or whatever, here's the software to do so' than have them (try to) make it compulsory for everyone, everywhere. I'd suggest using PGP now that it's legal, rather than creating some new system. I've got C-source for Unix that will call PGP to verify signatures, if the original poster wants to hack it into trn or something - the code was written for 2.3a though, so it may need a few changes for 2.6 (or those who aren't worried about legalities can link it with PGP Tools instead). It would, of course, have the side effect of helping to spread PGP further before SKE comes along. Mark From berzerk at xmission.xmission.com Mon Aug 1 10:53:42 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Mon, 1 Aug 94 10:53:42 PDT Subject: Labeling Usenet articles. In-Reply-To: <199408011647.MAA07134@cs.oberlin.edu> Message-ID: On Mon, 1 Aug 1994, Jonathan Rochkind wrote: > > OK, so I want to enable the recieving of articles in conjunction with a > > censorship service. I guess the way to do this is a sig. of the article > > Lets get the tools of crypto out there in advance. > How is crypto involved? You want to have everything arrive at your site > encrypted, and only be able to decrypt the stuff that you are permitted Strawman. I am talking about OTHER information PROVIDED by CENSORS. There is nothing mandatory here, I am talking about geting a service out there so that they can buy it. > by the censor to read? Why bother, why not just only send stuff to your site > that the censor permits you to read? If you don't want your entire site censored, but just want particular readers at your site to be censored, then the > sysadmin should just set something up so users are only allowed to read > what the censor has allowed that user to read. I dont' see how crypto > comes into it at all. Secure exchange of information. I Was thinking about something like this.
{sig of article number with key} ... A whole list that could be mailed to fundies, muslums, or kinky people saying "this is good/evil information"(for them) fufilling there need for self-censorship, and at the same time making money, as you only give out monthly keys.:-) Berzerk. From cme at tis.com Mon Aug 1 11:00:51 1994 From: cme at tis.com (Carl Ellison) Date: Mon, 1 Aug 94 11:00:51 PDT Subject: GAK Message-ID: <9408011759.AA14547@tis.com> My mother (an English major) raised me to be very careful about language. The gov't's use of the word "escrow" for key registration is as offensive to me now as it was in April of 93 -- perhaps more so, through repetition. I've decided to use the term GAK (Government Access to Keys) as my name for the real issue here -- and let "escrow" stand for the act of doing something for me (cf., the dictionary definition). (Besides, GAK has onomatopoeic value. :-) Anyone care to join me? - Carl From jamesd at netcom.com Mon Aug 1 11:00:53 1994 From: jamesd at netcom.com (James A. Donald) Date: Mon, 1 Aug 94 11:00:53 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <3147@aiki.demon.co.uk> Message-ID: <199408011800.LAA26048@netcom8.netcom.com> Jim Dixon writes > I did not send any message using the remailer and I would be grateful > if the account were killed. Is everybody on the cypherpunks list > getting this sort of harassment or is it just me? Yes. Everyone. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From paul at hawksbill.sprintmrn.com Mon Aug 1 11:20:30 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Mon, 1 Aug 94 11:20:30 PDT Subject: GAK In-Reply-To: <9408011759.AA14547@tis.com> Message-ID: <9408011923.AA25108@hawksbill.sprintmrn.com> > > My mother (an English major) raised me to be very careful about language. > > The gov't's use of the word "escrow" for key registration is as offensive to > me now as it was in April of 93 -- perhaps more so, through repetition. > > I've decided to use the term > > GAK > > (Government Access to Keys) > > as my name for the real issue here -- and let "escrow" stand for the act > of doing something for me (cf., the dictionary definition). (Besides, GAK > has onomatopoeic value. :-) > > Anyone care to join me? > Sorry, can't. GAK (tm) is already trademarked by Nickelodeon for that nice, slimy green stuff that my kids manage to get into the carpet. ,-) - paul From sameer at c2.org Mon Aug 1 11:24:25 1994 From: sameer at c2.org (sameer) Date: Mon, 1 Aug 94 11:24:25 PDT Subject: Soda.Berekely Mailer Up...Or Down??? In-Reply-To: Message-ID: <199408011822.LAA06414@infinity.c2.org> > > Is the remailer at soda.berkeley up now? I've had a couple of messages > returned from that site saying it was down or something. If you would actually *read* the deferral messages you received, they would have told you that the UCB CS Department is moving to a new building and a number of cs computers (including soda.csua.berkeley.edu) will be down for a few days, and mail directed to that computer will be held on campus until the computer is back up for delivery in a few days. -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-841-0909 http://www.c2.org (or login as "guest") sameer at c2.org From perry at imsi.com Mon Aug 1 11:30:53 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 1 Aug 94 11:30:53 PDT Subject: Lawsuits Against PKP In-Reply-To: <9408011547.AA22209@toad.com> Message-ID: <9408011830.AA08636@snark.imsi.com> smb at research.att.com says: > Two lawsuits were recently filed in federal court, northern district > of Calif, which may cripple Public Key Partners. > > Cylink v. RSA Data Security, C-94-02332-CW, June 30, 1994, San Fran. > It alleges that the RSA patent is invalid. RSA Data had denied Cylink > a patent license. > > This one is really fascinating -- Cylink is one of the owners of PKP, along > with RSADSI... "Owners" is not strictly speaking the case -- they are a partner in PKP. Since the PKP partnership agreement is secret (or at least I am told it is secret), it is impossible to determine precisely what the rules of the partnership are, but I had assumed that free cross licensing had been part of it. I believe that Cylink has used RSA as part of various security products in the past, so they appear to have *HAD* a license. If Bruce has access to the exact language in the suit, it would be of interest to hear what it says. (Since the court papers are all public domain, perhaps a person with a scanner might want to put them on line...) Perry From jrochkin at cs.oberlin.edu Mon Aug 1 11:39:59 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Mon, 1 Aug 94 11:39:59 PDT Subject: Labeling Usenet articles. Message-ID: <199408011839.OAA08892@cs.oberlin.edu> > No, I think he's essentially talking about a 'secure' moderated newsgroup. > That is, the moderator(s) would sign each 'authorised' message with a > special key, and the newsreader would verify that it was signed by a Ah, now I understand, thanks. Actually, now that I see what you're getting at, this _does_ seem like a good idea. I think moderated newsgroups can be useful in some circumstances (sure, including a fundie newsgroup), and it would be nice to have a cryptographically secure system of doing this, that cant' be easily circumvented like the present one. And I agree that scripts using PGP do seem capable of doing this, rather then writing some new software. This actually is quite a good idea. From perry at imsi.com Mon Aug 1 11:48:51 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 1 Aug 94 11:48:51 PDT Subject: Labeling Usenet articles. In-Reply-To: <199408011839.OAA08892@cs.oberlin.edu> Message-ID: <9408011846.AA08709@snark.imsi.com> Anyone interested in using PGP with netnews, or with E-Mail in the long run, should be looking at the new internet drafts on security multipart extensions to MIME. Perry Jonathan Rochkind says: > > No, I think he's essentially talking about a 'secure' moderated newsgroup. > > That is, the moderator(s) would sign each 'authorised' message with a > > special key, and the newsreader would verify that it was signed by a > > Ah, now I understand, thanks. Actually, now that I see what you're getting > at, this _does_ seem like a good idea. I think moderated newsgroups can > be useful in some circumstances (sure, including a fundie newsgroup), and > it would be nice to have a cryptographically secure system of doing this, > that cant' be easily circumvented like the present one. > > And I agree that scripts using PGP do seem capable of doing this, rather then > writing some new software. This actually is quite a good idea. From rah at shipwright.com Mon Aug 1 11:52:04 1994 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 1 Aug 94 11:52:04 PDT Subject: GAK Message-ID: <199408011850.OAA02292@zork.tiac.net> At 2:23 PM 8/1/94 -0500, Paul Ferguson wrote: >Sorry, can't. GAK (tm) is already trademarked by Nickelodeon for that >nice, slimy green stuff that my kids manage to get into the carpet. ,-) I believe you'll find that substance in the OED under: "GACK, n., 1.) putrid excrescence used as a visual emetic for prepubescent american television viewers. 2.) a rational human's response to american republican platform planks regarding abortion since 1980, 3.) the sound made when civil libertarians contemplate any cryptographic scheme using government access to keys (see GAK)" Cheers, Robert Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From merriman at metronet.com Mon Aug 1 12:14:15 1994 From: merriman at metronet.com (David Merriman) Date: Mon, 1 Aug 94 12:14:15 PDT Subject: GAK In-Reply-To: <9408011923.AA25108@hawksbill.sprintmrn.com> Message-ID: <199408011912.AA15566@metronet.com> > > > > > > My mother (an English major) raised me to be very careful about language. > > > > The gov't's use of the word "escrow" for key registration is as offensive to > > me now as it was in April of 93 -- perhaps more so, through repetition. > > > > I've decided to use the term > > > > GAK > > > > (Government Access to Keys) > > > > as my name for the real issue here -- and let "escrow" stand for the act > > of doing something for me (cf., the dictionary definition). (Besides, GAK > > has onomatopoeic value. :-) > > > > Anyone care to join me? > > > > > Sorry, can't. GAK (tm) is already trademarked by Nickelodeon for that > nice, slimy green stuff that my kids manage to get into the carpet. ,-) > > How 'bout GIC (Gov't Interference with Crypto)? or Federal Usage of Keys? Dave Merriman From solman at MIT.EDU Mon Aug 1 12:35:56 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Mon, 1 Aug 94 12:35:56 PDT Subject: "Just say 'No' to key escrow." In-Reply-To: <9408011509.AA28632@marvin.jta.edd.ca.gov> Message-ID: <9408011935.AA13714@ua.MIT.EDU> > on Fri, 29 Jul 1994 22:32:25 -0400 (EDT) solman at MIT.EDU wrote: > > Jesus people are paranoid. I happen to be of the opinion that A) if escrow > As a member of the "religious right", I am *NOT* paranoid (at least any more > so than most members of this list :-). I do make an attempt to screen the > media my children have access to. I do NOT advocate "sequestering" nor do I > support ANY governmental censorship. Hey, don't complain to me. I'm the one whose toiling away 12 hours a day on a system which amongst other things will either: A) Teach your children to be first rate hackers or B) give you as much control as you want over what they get off of the net. JWS From cme at tis.com Mon Aug 1 12:45:20 1994 From: cme at tis.com (Carl Ellison) Date: Mon, 1 Aug 94 12:45:20 PDT Subject: Lady Di's medical records In-Reply-To: <199408010722.AAA01452@netcom7.netcom.com> Message-ID: <9408011944.AA27883@tis.com> >Date: Mon, 1 Aug 1994 00:22:06 -0700 >From: shamrock at netcom.com (Lucky Green) >Subject: Re: Lady Di's medical records >I personally know individuals that are avoiding medical care because of >concerns about confidentiality. It seems the loopholes are extending. >Patient records stay around for years. Who knows what the requirements will >be five years from now? It would not surprise me if individuals who have >been seeking drug treatment within the last, say, five years would have to >be reported to the Klinton Kommunal Kare agency. Then there are security clearances --- "Answers to questions in items 18 through 22 are NOT limited to the last 5, 10 or 15 years, but pertain to your entire life. (See DEATILED INSTRUCTIONS.) [...] "20. DRUG/ALCOHOL USE AND MENTAL HEALTH ("YES" answers must be explained in accordance with DETAILED INSTRUCTIONS.) "a. Have you ever tried or used or possessed any narcotic (to include herion or cocaine), depressant (in include quaaludes), stimulant, hallucinogen (to include LSD or PCP), or cannabis (to include marijuana or hashish), or any mind-altering substance (to include glue or paint), even one-time or on an experimental basis, except as prescribed by a licensed physician? ... "e. Have you ever been treated for a mental, emotional, psychological or personality disorder/condition/problem? "f. Have you ever consulted or been counseled by any mental health professional?" ---------- in the DETAILED INSTRUCTIONS ---------------- "e and f. Mental Health. If 'Yes" is answered to either e or f, provide, in item 14 [an empty box], the following information: o Exact problem (including name of disorder, if known) o Name and address of primary physician, therapist, counselor, or other mental health professional who treated you of from whom you received counseling. o Date(s) of treatment/counseling. o If treatment/counseling is still continuing, so indicate and provide frequency of visits. o Name and address of any hospital, clinic, and/or agency where treated/counseled as an in-patient. o Date(s) of hospitalization and/or in-patient treatment/counseling." ============================================================================== Clearly, to aid all those joining the military and otherwise getting a security clearance, it would help to have all citizens' central gov't health-care database contain all these details, so that when you fill out your security clearance forms, you can just hand over your health-care smart-card giving them access to the whole database. Right? Who are we to make life hard for those dedicated, young Americans who have to go through all this work? - Carl From mpd at netcom.com Mon Aug 1 12:48:06 1994 From: mpd at netcom.com (Mike Duvos) Date: Mon, 1 Aug 94 12:48:06 PDT Subject: GAK In-Reply-To: <199408011912.AA15566@metronet.com> Message-ID: <199408011948.MAA21123@netcom16.netcom.com> > or Federal Usage of Keys? Shouldn't that be "Federal Usage of Cryptographic Keys"? (learning to hate 1200 baud) -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From cme at tis.com Mon Aug 1 12:52:01 1994 From: cme at tis.com (Carl Ellison) Date: Mon, 1 Aug 94 12:52:01 PDT Subject: GAK In-Reply-To: <199408011912.AA15566@metronet.com> Message-ID: <9408011950.AA29270@tis.com> >How 'bout GIC (Gov't Interference with Crypto)? >or Federal Usage of Keys? Clearly -- Federal Usage of Citizens' Keys From solman at MIT.EDU Mon Aug 1 12:52:03 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Mon, 1 Aug 94 12:52:03 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <3147@aiki.demon.co.uk> Message-ID: <9408011950.AA13959@ua.MIT.EDU> > > You have sent a message using the anonymous contact service. > > You have been allocated the code name an118905. > ... and so forth > > I did not send any message using the remailer and I would be grateful > if the account were killed. Is everybody on the cypherpunks list > getting this sort of harassment or is it just me? me too, me too, but I don't use anonymous remailers anyway. From paul at hawksbill.sprintmrn.com Mon Aug 1 13:05:32 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Mon, 1 Aug 94 13:05:32 PDT Subject: GAK In-Reply-To: <199408011948.MAA21123@netcom16.netcom.com> Message-ID: <9408012107.AA25934@hawksbill.sprintmrn.com> > > > or Federal Usage of Keys? > > Shouldn't that be "Federal Usage of Cryptographic Keys"? > I like it. - paul From doug at OpenMind.com Mon Aug 1 13:09:46 1994 From: doug at OpenMind.com (Doug Cutrell) Date: Mon, 1 Aug 94 13:09:46 PDT Subject: GAK Message-ID: >>How 'bout GIC (Gov't Interference with Crypto)? >>or Federal Usage of Keys? > >Clearly -- > > Federal Usage of Citizens' Keys OK, one more: CRyptographic Access Police Doug From jamiel at sybase.com Mon Aug 1 13:10:05 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Mon, 1 Aug 94 13:10:05 PDT Subject: Children and the Net Message-ID: <9408012006.AB23396@ralph.sybgate.sybase.com> At 7:49 PM 07/31/94 -0400, Perry E. Metzger wrote: >I find this trend among cypherpunks, who are SUPPOSED to be defenders >of diversity and freedom, rather odd. I would have expected people to >limit themselves to calmly stating that Mr. Zooks should find another >way to accomplish the goal of raising his children free from >influences he dislikes. Instead they seem to have taken it upon >themselves to decide whether or not his religion or personality >requires realignment, and some have, yes, even gone so far as to >suggest that he doesn't know how to raise his own kids. I think this is almost a first- I *never* agree with Perry. I may have tons of opinions about any number of people fucking up thier kids' lives, but the day I find out that teaching a child a certain way is gonna get me in trouble is the day I move... And I will never have children. >Perry So... anyone up for a hot discussion of RSA? ;) -j -- "Blah Blah Blah" ___________________________________________________________________ Jamie Lawrence From schneier at chinet.chinet.com Mon Aug 1 13:16:03 1994 From: schneier at chinet.chinet.com (Bruce Schneier) Date: Mon, 1 Aug 94 13:16:03 PDT Subject: PKP/Cylink Lawsuit Message-ID: It is strange. Actually, Caro-Kann and RSADSI are partners, as Cylink apparently formed a subsidiary just to shelter themselves from the liability of being partners with Bidzos. Cylink has some RSA-based products, and Bidzos had formally threatened (in writing) a lawsuit claiming Cylink doesn't have an RSA license. Cylink claims Bidzos denied them a license, even though they have agreements which obligate him otherwise. It is unclear to me whether this is just a royalty dispute (ie Cylink wants a *free* license) or whether Bidzos doesn't want them in the RSA business. At any rate, they appear to be bitter enemies now. They have jeapordized all of their future patent royalties by going to court. Bruce From shamrock at netcom.com Mon Aug 1 13:25:02 1994 From: shamrock at netcom.com (Lucky Green) Date: Mon, 1 Aug 94 13:25:02 PDT Subject: Children and the Net Message-ID: <199408012025.NAA29946@netcom7.netcom.com> Berzerk wrote: > The search warrent talks about having guns and "clandestine" >*publications* and neve authorizes breaking into windows to serve a >NORMAL search warrent. > What kind of publications are we talking about? -- Lucky Green PGP public key by finger From berzerk at xmission.xmission.com Mon Aug 1 13:46:02 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Mon, 1 Aug 94 13:46:02 PDT Subject: Labeling Usenet articles. In-Reply-To: <199408011839.OAA08892@cs.oberlin.edu> Message-ID: On Mon, 1 Aug 1994, Jonathan Rochkind wrote: > And I agree that scripts using PGP do seem capable of doing this, rather then > writing some new software. This actually is quite a good idea. The main problem with this is size and access. I am actuall talking about a system where there is no moderation, or moderation does not stop the flow of information, but only modifies what you want to look at. This could also be used as a service to help people pick out usefull technical articles. You need to be able to get the article lists from ftp, mail, modem, or newsgroup, so that people can pay or not pay. Basically, this is support for meta-information. Berzerk. From berzerk at xmission.xmission.com Mon Aug 1 13:56:09 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Mon, 1 Aug 94 13:56:09 PDT Subject: Children and the Net In-Reply-To: <199408012025.NAA29946@netcom7.netcom.com> Message-ID: On Mon, 1 Aug 1994, Lucky Green wrote: > Berzerk wrote: > > The search warrent talks about having guns and "clandestine" > >*publications* and neve authorizes breaking into windows to serve a > >NORMAL search warrent. > What kind of publications are we talking about? Shotgun News, as one of them sold guns. It is like the computer shoper of guns. Do you have a guide to crypto hardware? Berzerk. From baum at apple.com Mon Aug 1 14:16:13 1994 From: baum at apple.com (Allen J. Baum) Date: Mon, 1 Aug 94 14:16:13 PDT Subject: Encrypted text illegal across US borders? Message-ID: <9408012111.AA22350@newton.apple.com> I've been told that it is illegal for us to transmit encrypted text to locations outside the borders of the US (i.e. sending email across the Atlantic that is encrypted). Is this true? ************************************************** * Allen J. Baum tel. (408)974-3385 * * Apple Computer, MS/305-3B * * 1 Infinite Loop * * Cupertino, CA 95014 baum at apple.com * ************************************************** From perry at imsi.com Mon Aug 1 14:31:36 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 1 Aug 94 14:31:36 PDT Subject: Encrypted text illegal across US borders? In-Reply-To: <9408012111.AA22350@newton.apple.com> Message-ID: <9408012129.AA09017@snark.imsi.com> Allen J. Baum says: > I've been told that it is illegal for us to transmit encrypted text to > locations outside the borders of the US (i.e. sending email across the > Atlantic that is encrypted). > > Is this true? No US laws prohibit transmitting encrypted text, although some kinds of text may be illegal to transmit, encrypted or non-encrypted. Other countries may have laws prohibiting the transport of encrypted text across THEIR borders, but the US isn't one. Perry From cme at tis.com Mon Aug 1 14:49:18 1994 From: cme at tis.com (Carl Ellison) Date: Mon, 1 Aug 94 14:49:18 PDT Subject: Encrypted text illegal across US borders? In-Reply-To: <9408012111.AA22350@newton.apple.com> Message-ID: <9408012148.AA09416@tis.com> >Date: Mon, 1 Aug 94 14:11:44 PDT >From: baum at apple.com (Allen J. Baum) >Subject: Encrypted text illegal across US borders? >I've been told that it is illegal for us to transmit encrypted text to >locations outside the borders of the US (i.e. sending email across the >Atlantic that is encrypted). > >Is this true? I'm no lawyer, but no, this is not true. (There are some foreign countries which take a dim view of encrypted traffic coming in, but the US has no laws against it.) Who told you this? - Carl From lrh at crl.com Mon Aug 1 14:50:02 1994 From: lrh at crl.com (Lyman Hazelton) Date: Mon, 1 Aug 94 14:50:02 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <3147@aiki.demon.co.uk> Message-ID: On Mon, 1 Aug 1994, Jim Dixon wrote: > > You have sent a message using the anonymous contact service. > > You have been allocated the code name an118905. > ... and so forth > > I did not send any message using the remailer and I would be grateful > if the account were killed. Is everybody on the cypherpunks list > getting this sort of harassment or is it just me? > -- > Jim Dixon > I, too have gotten a similar message, and only after sending my first message to the cypherpunks mailing list. I most certainly *DID NOT* send any message using the anonymous contact service and I DEFINITELY want that code name killed. I'll send the code number to Julf in a separate message. Jim, you are not alone! Lyman Finger lrh at crl.com for PGP 2.4 Public Key Block. From jgostin at eternal.pha.pa.us Mon Aug 1 14:57:50 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Mon, 1 Aug 94 14:57:50 PDT Subject: Philadelphia Enquirer Story on Clipper Message-ID: <940801133823e7Fjgostin@eternal.pha.pa.us> shamrock at netcom.com (Lucky Green) writes: >> She said the public was far more >> concerned with crime than*privacy.* > > It gives me the chills everytime I read that quote. I just can't get used to > it. Damn right you can't, because it starts a rather attrocious slippery slope. Sure, right now it's phone calls. Next, corner "papers please" checks. Finally, open random house checks, and thought police. Sorry, but I didn't elect Orwell to be god, er, president. Of course, I didn't elect Clinton either... --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From lrh at crl.com Mon Aug 1 15:09:42 1994 From: lrh at crl.com (Lyman Hazelton) Date: Mon, 1 Aug 94 15:09:42 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <9408011950.AA13959@ua.MIT.EDU> Message-ID: On Mon, 1 Aug 1994 solman at MIT.EDU wrote: > > > You have sent a message using the anonymous contact service. > > > You have been allocated the code name an118905. > > ... and so forth > > > > I did not send any message using the remailer and I would be grateful > > if the account were killed. Is everybody on the cypherpunks list > > getting this sort of harassment or is it just me? > > me too, me too, but I don't use anonymous remailers anyway. > No, and I don't either, but now someone else can use those accounts and LOOK like they are you or me (or anyone else here). Now suppose some twit decides to use one or more of those accounts to send threatening messages to the president or some other stupid thing... who are they going to come after, do you suppose? NOT a nice scenario! Lyman Finger lrh at crl.com for PGP 2.4 Public Key Block. From Richard.Johnson at Colorado.EDU Mon Aug 1 15:23:54 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Mon, 1 Aug 94 15:23:54 PDT Subject: Anonymous message failed (wrong password) (fwd) Message-ID: <199408012223.QAA21710@spot.Colorado.EDU> ------- Forwarded message: | From: daemon at anon.penet.fi | Date: Mon, 1 Aug 94 22:15:07 +0300 | Subject: Anonymous message failed (wrong password) | | The message you sent to the anonymous server could not be processed, as your | password (in the X-Anon-Password: header) didn't match the one stored in the | server. Either you have made a mistake, or somebody has used your account and | changed the password. If the latter is the case, please contact | admin at anon.penet.fi. Julf - You need to add something to that message. I made no mistake, and no-one has changed my password. I simply mailed to a mailing list that has an anXXXXX at penet.fi address subscribed. Your service is too insecure to notice :-), and automatically 'out's anyone who unknowingly posts to such a list. All someone has to do is subscribe via an anon ID, and via a non-anon ID, then compare messages to associate anon IDs with regular addresses. How about adding: "Either you mailed to a list to which an anonymous ID has been subscribed, you have made a mistake, or...." I'd also strongly suggest that you stop automatically allocating anon IDs for folks who don't mail directly to your service. Perhaps you could reduce the load on your machine (and increase user security) by sending directly to the bit-bucket any messages where the Sender: and From: headers don't at least come from the same domain? From adam at bwh.harvard.edu Mon Aug 1 15:31:30 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 1 Aug 94 15:31:30 PDT Subject: Labeling Usenet articles. In-Reply-To: Message-ID: <199408012229.SAA17999@duke.bwh.harvard.edu> Berzerk: | On Mon, 1 Aug 1994, Jonathan Rochkind wrote: | > And I agree that scripts using PGP do seem capable of doing this, rather then | > writing some new software. This actually is quite a good idea. | The main problem with this is size and access. I am actuall talking | about a system where there is no moderation, or moderation does not stop | the flow of information, but only modifies what you want to look at. | This could also be used as a service to help people pick out usefull | technical articles. | | You need to be able to get the article lists from ftp, mail, modem, or | newsgroup, so that people can pay or not pay. Carry the information with news. Either within each article (X-Christian-rating) or within a set of control groups for this information to flow in. If you want to charge for the information, encrypt it as it goes out. (300 bit rsa keys + des or blowfish would work well. The value of the information is probably low enough that thousands of MIPS years/month is more than it would cost to buy the keys.) Actually, encrypting it as it goes out has the potential to create huge gobs of information if the system has even a couple of hundered subscribers. Would it be feasable to use a shared key amongst groups of subscribers? Some sort of 'raise your hand while we count users' protocol? Distribution by site with clari* style rewards for turning in cheaters? Ok, maybe Bezerk is right, and we do need to have multiple transports available. But are there protocols which address this sort of broadcast only to subscriber systems that are cheap/easy to implement? How do the cable networks do pay per view? -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From jgostin at eternal.pha.pa.us Mon Aug 1 15:36:32 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Mon, 1 Aug 94 15:36:32 PDT Subject: GAK Message-ID: <940801180900C9Tjgostin@eternal.pha.pa.us> doug at OpenMind.com (Doug Cutrell) writes: > OK, one more: CRyptographic Access Police How about just calling it what it is: pure, unadulterated bullshit. From paul at hawksbill.sprintmrn.com Mon Aug 1 15:41:39 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Mon, 1 Aug 94 15:41:39 PDT Subject: Encrypted text illegal across US borders? In-Reply-To: <9408012111.AA22350@newton.apple.com> Message-ID: <9408012343.AA26730@hawksbill.sprintmrn.com> > > I've been told that it is illegal for us to transmit encrypted text to > locations outside the borders of the US (i.e. sending email across the > Atlantic that is encrypted). > > Is this true? > No. Not only is it not true, it would be virtually impossible to enforce were it actually true. You should slap the person who told you this with a yard stick. ,-) - paul From adam at bwh.harvard.edu Mon Aug 1 15:41:49 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 1 Aug 94 15:41:49 PDT Subject: Philadelphia Enquirer Story on Clipper Message-ID: <199408012241.SAA18016@duke.bwh.harvard.edu> Jeff Gostin: | Damn right you can't, because it starts a rather attrocious slippery | slope. Sure, right now it's phone calls. Next, corner "papers please" | checks. Finally, open random house checks, and thought police. Sorry, but | I didn't elect Orwell to be god, er, president. Of course, I didn't elect | Clinton either... Not that I'm a Clinton fan, but most of his orwellan proposals have been around, simmering, for a while. Both Clipper & Post Office national ID cards first came up under Bush. health ID cards are, of course, Hillary's. The problem is not any one particular idiot in office, but a strong public desire to give up a little freedom for a little security. My response to these concerns to to point out that we have one of the highest incarceration rates in the world right now, and more crime & problems than 15 years ago, when we had far, far fewer people in jail. Many, if not most of the people in jail, are there for selling drugs, often as a result of 'zero tolerance for pot.' (Interesting article on this, btw, in the current & upcoming issues of the Atlantic, titled 'Reefer Madness') reforming the laws so that violent criminals go to jail for longer than drug criminals should be pushed constantly. (Talking about *gasp* legalizing or decriminalizing drugs tends to be counter productive except with old style conservatives, far leftists, and libertarians.) Talking about violent v. non-violent crime often has better results in terms of opening peoples eyes. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From patrick at CS.MsState.Edu Mon Aug 1 15:43:18 1994 From: patrick at CS.MsState.Edu (Patrick G. Bridges) Date: Mon, 1 Aug 94 15:43:18 PDT Subject: Encryption in Fiction (DKM's _The Long Run_) Message-ID: <9408012242.AA05532@Walt.CS.MsState.Edu> As a sideline to all of this serious discussion: I was re-reading one of my favorite SF books the other day, Daniel Keys Moran's _The Long Run_ (published by Bantam, ~1989, now out of print, despite its popularity) and it has an interesting anecedote to the Clipper debate: In _The Long Run _(tLR), the Network on Earth is essentially uncontrolled despite the best efforts of the government because it was created without their direct control; it's creation was over and done with before they could get their nosy little fingers involved. Meanwhile, the Lunar network (separate from the Earth network becasue of the time it takes data to go from earth to the moon and back) is stricly controlled by the Lunar Information Network Key (LINK), an encryption system which monitors all traffic on the network and must approve all transactions. (Of course, all government transactions are "pre-approved"...) Sounds sort of cliiper-esque, eh? Of course, the hero of the book, Trent, doesn't like this system... :-) If I get a chance and there's the demand, I'll type in Moran's description of the LINK... Good reading if you can find it. -- *** Patrick G. Bridges patrick at CS.MsState.Edu *** *** PGP 2.6 public key available via finger or server *** *** PGP 2.6 Public Key Fingerprint: *** *** D6 09 C7 1F 4C 18 D5 18 7E 02 50 E6 B1 AB A5 2C *** *** #include *** From hayden at vorlon.mankato.msus.edu Mon Aug 1 15:53:04 1994 From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden) Date: Mon, 1 Aug 94 15:53:04 PDT Subject: GAK In-Reply-To: <199408011912.AA15566@metronet.com> Message-ID: On Mon, 1 Aug 1994, David Merriman wrote: > How 'bout GIC (Gov't Interference with Crypto)? > or Federal Usage of Keys? How about 'Big Brother.' ____ Robert A. Hayden <=> hayden at vorlon.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or anyone else, dammit -=-=-=-=-=-=-=- (GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++ j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++** From jamiel at sybase.com Mon Aug 1 16:20:52 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Mon, 1 Aug 94 16:20:52 PDT Subject: Anonymous code name allocated. // penet hack Message-ID: <9408012320.AA13591@ralph.sybgate.sybase.com> At 2:53 PM 08/01/94 -0700, Lyman Hazelton wrote: > No, and I don't either, but now someone else can use those accounts and >LOOK like they are you or me (or anyone else here). Now suppose some >twit decides to use one or more of those accounts to send threatening >messages to the president or some other stupid thing... who are they >going to come after, do you suppose? NOT a nice scenario! Looks like the perfect way to 'prove' the need for stamping out anonymous communications...Run a hack like this, turn it into a huge madia event, realize an innocent was falsely accused becuase of some psycho pervert computer geek, and push through your law. Slicker than Polly Klaas, and almost as good for re- election material (apologies to non-Californians). From sandfort at crl.com Mon Aug 1 16:26:27 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 1 Aug 94 16:26:27 PDT Subject: SALT LAKE CITY Message-ID: C'punks, Anyone on this channel live in or near Salt Lake City? I'm planning my trip across the continent, and I'm looking for a place to spend the night in the Salt Lake area. Any takers? S a n d y From mimir at io.com Mon Aug 1 16:46:09 1994 From: mimir at io.com (Al Billings) Date: Mon, 1 Aug 94 16:46:09 PDT Subject: Encryption in Fiction (DKM's _The Long Run_) In-Reply-To: <9408012242.AA05532@Walt.CS.MsState.Edu> Message-ID: On Mon, 1 Aug 1994, Patrick G. Bridges wrote: > In _The Long Run _(tLR), the Network on Earth is essentially uncontrolled > despite the best efforts of the government because it was created without their > direct control; it's creation was over and done with before they could get > their nosy little fingers involved. Meanwhile, the Lunar network (separate from > the Earth network becasue of the time it takes data to go from earth to the > moon and back) is stricly controlled by the Lunar Information Network Key > (LINK), an encryption system which monitors all traffic on the network and must > approve all transactions. (Of course, all government transactions are > "pre-approved"...) > > Sounds sort of cliiper-esque, eh? > > Of course, the hero of the book, Trent, doesn't like this system... :-) This is one of my favorite books as well.. You should have mentioned that Trent (the uncatchable) dislikes LINK so much that he STEALS it from under the nose of the government to free the Lunar network. No LINK, no monitoring and while the network is in chaos, the other hackers (players) and such can reorganize the system. -- Al Billings mimir at io.com http://io.com/user/mimir/asatru.html Nerd-Alberich Admin for Troth - The Asatru E-mail List Lord of the Nerd-Alfar Sysop of The Sacred Grove - (206)322-5450 Poetic-Terrorist Lodge-Master, Friends of Loki Society From merriman at metronet.com Mon Aug 1 17:02:59 1994 From: merriman at metronet.com (David K. Merriman) Date: Mon, 1 Aug 94 17:02:59 PDT Subject: GAK Message-ID: <199408020005.AA26995@metronet.com> >>>How 'bout GIC (Gov't Interference with Crypto)? >>>or Federal Usage of Keys? >> >>Clearly -- >> >> Federal Usage of Citizens' Keys > >OK, one more: CRyptographic Access Police > >Doug > Perhaps: Cryptographic Resource Available to Police ? Finger merriman at metronet.com for PGP2.6ui/RIPEM public keys/fingerprints. From paul at hawksbill.sprintmrn.com Mon Aug 1 17:03:20 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Mon, 1 Aug 94 17:03:20 PDT Subject: Encryption in Fiction (DKM's _The Long Run_) In-Reply-To: Message-ID: <9408020106.AA27181@hawksbill.sprintmrn.com> > > This is one of my favorite books as well.. You should have mentioned that > Trent (the uncatchable) dislikes LINK so much that he STEALS it from > under the nose of the government to free the Lunar network. No LINK, no > monitoring and while the network is in chaos, the other hackers (players) > and such can reorganize the system. > > -- > Al Billings mimir at io.com http://io.com/user/mimir/asatru.html > Nerd-Alberich Admin for Troth - The Asatru E-mail List > Lord of the Nerd-Alfar Sysop of The Sacred Grove - (206)322-5450 > Poetic-Terrorist Lodge-Master, Friends of Loki Society > > Man, you fucking science-fiction afectionados scare me. "Baaad things, man, Baaad things." ,-) - paul From jdwilson at gold.chem.hawaii.edu Mon Aug 1 18:05:36 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Mon, 1 Aug 94 18:05:36 PDT Subject: NYET to censors, REPOST In-Reply-To: <199407300507.WAA07462@netcom7.netcom.com> Message-ID: On Fri, 29 Jul 1994, Lucky Green wrote: > I am not sure if explaining this under my own name would be wise at this > point in time. Perhaps someone else would like to elaborate through a > remailer? > Does it require SCUBA gear? -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.4: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From hermes at selway.umt.edu Mon Aug 1 18:18:19 1994 From: hermes at selway.umt.edu (Christopher P Howard) Date: Mon, 1 Aug 94 18:18:19 PDT Subject: Please assist In-Reply-To: <199407292040.NAA22401@netcom9.netcom.com> Message-ID: Someone hacked me into this list, but I am no longer interested in this stuff. I never received anything instructional regarding how to remove myself from the list. Assistance would be appreciated. Thanks. !!!!!!!!!!!!!!!!!!!!!!!!!!FNORD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Tommy the cat is my name, /\ To achieve independence from alien domination And I say unto Thee: / \ and to consolidate revolutionary gains, five -----------------------/ MediaK \ steps are necessary: --------------------- From merriman at metronet.com Mon Aug 1 18:33:46 1994 From: merriman at metronet.com (David K. Merriman) Date: Mon, 1 Aug 94 18:33:46 PDT Subject: NYET to censors, REPOST Message-ID: <199408020136.AA10997@metronet.com> > >On Fri, 29 Jul 1994, Lucky Green wrote: > >> I am not sure if explaining this under my own name would be wise at this >> point in time. Perhaps someone else would like to elaborate through a >> remailer? >> > >Does it require SCUBA gear? No, but it does involve several small appliances, a notarized waiver of liability, 5 gallons of cooking oil, and the Dallas Cowboys Cheerleaders :-) Dave "You'd never guess I was in the Navy" Merriman Finger merriman at metronet.com for PGP2.6ui/RIPEM public keys/fingerprints. From yusuf921 at raven.csrv.uidaho.edu Mon Aug 1 19:13:14 1994 From: yusuf921 at raven.csrv.uidaho.edu (CatAshleigh) Date: Mon, 1 Aug 94 19:13:14 PDT Subject: The Terrorists are coming! In-Reply-To: <9407312127.AA24733@bilbo.suite.com> Message-ID: On Sun, 31 Jul 1994, Jim Miller wrote: > Today's broadcast of "The McClaughlin(sp?) Group" had a short segment > discussing the likelihood that terrorists will get and detonate a nuclear > device. first of all the only "muslim" (NOT ARAB, NO ARABS HAVE NUKES, the only country with nukes in the middle east is Israel) country with a nuclear program is pakistan, and they're years away from anything that could be stolen. second of all there are more deaths caused by lighting on golf courses, ask any insurance agency. some call it pork barrel, I call it consperasy theory to protray muslims as terroists. > The opinions of the five journalists varied from "not likely" to > "almost certain". At the end of the show, when the journalists are asked > to make their predictions, one of them said that due to the terrorist > threat, the US needs a larger and more powerful intelligence capability > that ever before. > > wonderful > > Jim_Miller at suite.com > -- Finger yusuf921 at raven.csrv.uidaho.edu for PGP public key 2.6ui GJ/GP -d+ H+ g? au0 a- w+++ v+(?)(*) C++++ U++1/2 N++++ M-- -po+ Y+++ - t++ 5-- j++ R b+++ D+ B--- e+(*) u** h* r+++ y? From rarachel at prism.poly.edu Mon Aug 1 19:55:11 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Mon, 1 Aug 94 19:55:11 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <3147@aiki.demon.co.uk> Message-ID: <9408020242.AA16016@prism.poly.edu> I didn't get any notices of being subscribed to penet.fi, so I guess not everyone on the cpunx list was hit. Either that or the mail daemon here found too much email in my mailbox and decided to digest the tuna or whatever the fuck message. From nobody at c2.org Mon Aug 1 20:07:31 1994 From: nobody at c2.org (Anonymous User) Date: Mon, 1 Aug 94 20:07:31 PDT Subject: Unknown Subject Message-ID: <199408020305.UAA03429@zero.c2.org> Cypherpunks in San Francisco/Bay Area? Are there any? Should I start one? E-Mail to , and I will start a group. This e-mail address will be good for 30 hours and will be terminated at 2230 HRS, 02AUG94 PDT. From rarachel at prism.poly.edu Mon Aug 1 20:07:40 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Mon, 1 Aug 94 20:07:40 PDT Subject: MS Escrow Message-ID: <9408020254.AA16162@prism.poly.edu> Folks, we should keep one thing in mind. Microsoft would love to be the ONE software monopoly whose applications are on every computer.. If this means kissing the NSA's fat ass, you can bet they will do so. However, they need to achieve goal #1 first, which means that if they piss off their users, they won't be able to do much, so the best thing to do is to tell them outright that we are against any such thing as a software escrow and that any attempt on their part to use anything but strong, uncompromised crypto will result in an instant boycott of >ALL< their products, and that we'd rather switch to Novell's DR DOS or OS/half before use MS Escrow. Now I realize that they are UNLIKELY to be volunteering to insert any sort of a escrow in any of their products, but knowing them, they'd probably rather use cheap encryption than pay licensing fees unless they can get more back. Remember, they run a business, they're not in the business of giving anything away to Uncle Sam or to Joe Bloe User. However we should still make our voice heard incase something will change in the future and the NSA would be twisting their arm. We should demand open crypto hooks to which we could attach PGP or anything we damn like. A simpl e fax sent to them from each of us will cause enough attention to make the point. I'm not advocating spamming MS's fax machines here. There are only 700 or so cpunx, and one fax each should be more than enough feedback for them to take the poinot, no? Anyone have a customer relations fax number? or a PR fax #? Now we should mention that we are aware that Ms Escrow is just speculation, but that we want MS to know that we are adamant enough to not take any such shit now, or ever. From rarachel at prism.poly.edu Mon Aug 1 20:23:25 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Mon, 1 Aug 94 20:23:25 PDT Subject: Lawsuits Against PKP In-Reply-To: Message-ID: <9408020310.AA16494@prism.poly.edu> If this article (the 270 page fax) is not-copyrighted by Kinko's, could someone put it up in some digitaly viable form on some anon ftp site? From mclow at san_marcos.csusm.edu Mon Aug 1 20:37:45 1994 From: mclow at san_marcos.csusm.edu (Marshall Clow) Date: Mon, 1 Aug 94 20:37:45 PDT Subject: Encryption in Fiction (DKM's _The Long Run_) Message-ID: How about a quote from Vernor Vinge's "True Names" (a must read for any cypherpunk, happily now back in print): "Like most folks, honest citizens or warlocks, he had no trust for the government standard encryption routines, but preferred the schemes that had leaked out of academia -- over the NSA's petulant objections -- over the last fifteen years". This from a book that was published in 1981. Marshall Clow Aladdin Systems mclow at san_marcos.csusm.edu From rarachel at prism.poly.edu Mon Aug 1 20:39:21 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Mon, 1 Aug 94 20:39:21 PDT Subject: What kind of encryption to incorporate? In-Reply-To: Message-ID: <9408020326.AA16906@prism.poly.edu> > ... well almost. It's trivial to write a program that extracts the LSB's > from a GIF file and then determine their randomness. Truly random data > gives away the presence of an encrypted file. The solution is to choose > the LSB's that you alter according to the output from a decent random > number generator so that each LSB has a probability of being altered. Take a look at WNSTORM (WNS210.ZIP) which contains the WNINJECT program. It, along with WNSTORM can be used to build a decent steganography system that makes use of existing LSB's to hide the presence of stego. If you like, feel free to build a GIF module for it. (WNINJECT uses PCX right now and I haven't had the time to mess with GIFs.) If you guys are seriously interested, I'm more than willing to lend a hand. You can certainly use WNSTORM and it's tools to build something better (as long as you give me some credit for the original work. :-) Basically you first use WNINJECT to extract the LSB's out of a PCX image, then you feed those LSB's into WNSTORM which encrypts into them but leaves most of them untouched and doctors some of the bits against statistical analysis) then you take the output from WNSTORM and WNINJECT's it back into the PCX giving you a stegoe'd image that closely matches the original and which is hard to detect that it has a change unless you have the original. From Jacob.Levy at Eng.Sun.COM Mon Aug 1 20:52:16 1994 From: Jacob.Levy at Eng.Sun.COM (Jacob Levy) Date: Mon, 1 Aug 94 20:52:16 PDT Subject: The Terrorists are coming! In-Reply-To: Message-ID: <9408020355.AA25053@burgess.Eng.Sun.COM> Hi Yusuf I don't recall the Jim's article mentioning "muslim" terrorists specifically. Or are only "muslims" terrorist in your book? :-) --JYL CatAshleigh writes: > > On Sun, 31 Jul 1994, Jim Miller wrote: > > > Today's broadcast of "The McClaughlin(sp?) Group" had a short segment > > discussing the likelihood that terrorists will get and detonate a nuclear > > device. > > first of all the only "muslim" (NOT ARAB, NO ARABS HAVE NUKES, the only > country with nukes in the middle east is Israel) country > with a nuclear program is pakistan, and they're years away from anything > that could be stolen. > > second of all there are more deaths caused by lighting on golf courses, > ask any insurance agency. > > some call it pork barrel, I call it consperasy theory to protray muslims > as terroists. > > > The opinions of the five journalists varied from "not likely" to > > "almost certain". At the end of the show, when the journalists are asked > > to make their predictions, one of them said that due to the terrorist > > threat, the US needs a larger and more powerful intelligence capability > > that ever before. > > > > wonderful > > > > Jim_Miller at suite.com > > > > -- > Finger yusuf921 at raven.csrv.uidaho.edu for PGP public key 2.6ui > GJ/GP -d+ H+ g? au0 a- w+++ v+(?)(*) C++++ U++1/2 N++++ M-- -po+ Y+++ > - t++ 5-- j++ R b+++ D+ B--- e+(*) u** h* r+++ y? > From yusuf921 at raven.csrv.uidaho.edu Mon Aug 1 21:24:42 1994 From: yusuf921 at raven.csrv.uidaho.edu (CatAshleigh) Date: Mon, 1 Aug 94 21:24:42 PDT Subject: The Terrorists are coming! In-Reply-To: <9408020355.AA25053@burgess.Eng.Sun.COM> Message-ID: On Mon, 1 Aug 1994, Jacob Levy wrote: > Hi Yusuf > > I don't recall the Jim's article mentioning "muslim" terrorists > specifically. Or are only "muslims" terrorist in your book? :-) > The only other people who are called terroist are the IRA, and I don't see the FBI scrambling to protect Great Britian's consulet in DC when a car bomb goes off in London I'd rather respond to anything further on this thread by e-mail rather then spam the Cypher mailing list. - Finger yusuf921 at raven.csrv.uidaho.edu for PGP public key 2.6ui Duct tape is like the force. It has a light side, and a dark side, and it holds the universe together ... -- Carl Zwanzig From M.Gream at uts.EDU.AU Mon Aug 1 21:40:07 1994 From: M.Gream at uts.EDU.AU (Matthew Gream) Date: Mon, 1 Aug 94 21:40:07 PDT Subject: Keystone Kops suck up Internet traffic Message-ID: <9408020442.AA27475@acacia.itd.uts.EDU.AU> *laugh* The following was forwarded to me from aarnet-contacts at aarnet.edu.au, a mailing list for organisations connected to AARNet (Australian Academic and Research Network) -- the local Internet -- which provides our gateway to the world. fyi: The AFP (Australian Federal Police) currently have a machine on the network, and have for some time, it has no DNS records but its registered domain is in the NIC. [..] Recently, Geoff Huston wrote: > It would appear that through a problem in routing configurations (and a > basic issue with routing capability on the site) there is a backdoor > between the State Computing Systems of Tas, SA and NT. This backdoor is > via a network operated by the Australian Federal Police, This backdoor > however is configured with packet filters which although it allows > routing, it traps and kill all consequent transit traffic. So what we > are now talking about is a black hole which uses a sufficiently low > metric that transit traffic will not use AARNet even though AARNet > connectivity is available. [..] Matthew. -- Matthew Gream -- Consent Technologies, (02) 821-2043 Disclaimer: I'm only a student at UTS, and don't represent them. From khijol!erc at apple.com Mon Aug 1 23:09:28 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Mon, 1 Aug 94 23:09:28 PDT Subject: Children and the Net In-Reply-To: <9408011231.AA08947@vail.tivoli.com> Message-ID: > Mike Duvos writes: > > Had it not been for the fact that having children covered with > > scars, welts, and bruises is not considered child abuse in the > > state of Texas, > > I know it's chic to refer to Texas as the last bastion of barbarian > living, but I'd like to see some citation for the above if you really > believe it's true. Note also that I've heard tell kids get beat up in > other states too, though that might just be rumor. I'd like to throw my $0.02 into this, too. I've lived in Texas for most of my life, and I can assure you that what Mike Duvos says is most certainly *not* true! -- Ed Carp, N7EKG/VE3 ecarp at netcom.com, Ed.Carp at linux.org "What's the sense of trying hard to find your dreams without someone to share it with, tell me, what does it mean?" -- Whitney Houston, "Run To You" From khijol!erc at apple.com Mon Aug 1 23:16:08 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Mon, 1 Aug 94 23:16:08 PDT Subject: The Terrorists are coming! In-Reply-To: Message-ID: > On Sun, 31 Jul 1994, Jim Miller wrote: > > > Today's broadcast of "The McClaughlin(sp?) Group" had a short segment > > discussing the likelihood that terrorists will get and detonate a nuclear > > device. > > first of all the only "muslim" (NOT ARAB, NO ARABS HAVE NUKES, the only > country with nukes in the middle east is Israel) country > with a nuclear program is pakistan, and they're years away from anything > that could be stolen. True, but only because they haven't gotten their hands on any yet. It is well known in certain international arms circles that Kadaffi or Hussein would absolutely *love* to have their own means of producing nuclear weapons. And they aren't alone. > some call it pork barrel, I call it consperasy theory to protray muslims > as terroists. I don't think so. Most of the world's terrorists (with the exception of the IRA and a handful of others) are recruited and trained by folks in the Middle East. It may be true that they have gotten more than their share of publicity in the past, but the fact remains - the Middle East is *the* training ground for that sort of thing, and there isn't a fundamentalist over there who wouldn't like to shove a suitcase nuke up Bill's ass. Haven't you heard? America *is* THE ENEMY to a majority of the folks over in that part of the world. If you don't believe me, travel to that part of the world carrying an American passport and see what happens. -- Ed Carp, N7EKG/VE3 ecarp at netcom.com, Ed.Carp at linux.org "What's the sense of trying hard to find your dreams without someone to share it with, tell me, what does it mean?" -- Whitney Houston, "Run To You" From jgostin at eternal.pha.pa.us Tue Aug 2 00:50:47 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Tue, 2 Aug 94 00:50:47 PDT Subject: Philadelphia Enquirer Story on Clipper Message-ID: <940802022145Y0Vjgostin@eternal.pha.pa.us> Adam Shostack writes: > Not that I'm a Clinton fan, but most of his orwellan proposals > have been around, simmering, for a while. Both Clipper & Post Office > national ID cards first came up under Bush. health ID cards are, of > course, Hillary's. That's very true. The fact that they have been simmering is one thing. Clinton's administration wants to raise the heat and boil the issue. Just like every tax payer bears the burden of debt for every taxpayer before him, so too does every politician bear the burden of the old ideas he proposes as new ones. > The problem is not any one particular idiot in office, but a > strong public desire to give up a little freedom for a little > security. And it's funny: When phrased that way, most people see little SECURITY, and ignore the first half. When phrased as "A little security only costs a little freedom", all of a sudden, people are up in arms. *sigh* --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From albright at scf.usc.edu Tue Aug 2 01:55:36 1994 From: albright at scf.usc.edu (Julietta) Date: Tue, 2 Aug 94 01:55:36 PDT Subject: The Infamous 'Sue D. Nym' Spam In-Reply-To: <199407200005.RAA01838@zero.c2.org> Message-ID: <199408020850.BAA17572@nunki.usc.edu> Uuh.. just wanted to say that I as a woman have posted in the past quite a few times to cypherpunks, and I must say that the guys here have all been very respectful and kind to me. No problem at all. ::shrug:: Oh well- I guess everyone always has their own experience of life on the Net. Just don't be too quick to call these guys anti-woman just because there aren't many women here. It is pretty typical of the Net to have men outnumbering women by up to 30 to 1. :) Ciao, Julie ___________________________________________________________________________ Julie M. Albright Sociologist/ Net Scholar University of Southern California albright at usc.edu From a.brown at nexor.co.uk Tue Aug 2 01:56:53 1994 From: a.brown at nexor.co.uk (Andrew Brown) Date: Tue, 2 Aug 94 01:56:53 PDT Subject: Steganography (Was Re: What kind of encryption to incorporate?) In-Reply-To: <9408020326.AA16906@prism.poly.edu> Message-ID: On Mon, 1 Aug 1994, Arsen Ray Arachelian wrote: > Take a look at WNSTORM (WNS210.ZIP) which contains the WNINJECT program. > It, along with WNSTORM can be used to build a decent steganography system > that makes use of existing LSB's to hide the presence of stego. If you > like, feel free to build a GIF module for it. (WNINJECT uses PCX right now > and I haven't had the time to mess with GIFs.) I've seen it. I'm the guy that wrote s-tools (available from ftp.dsi.unimi.it). My package will hide files in GIFs, BMPs and WAVs, using the probabalistic method that I described, and using decent (but damn slow) quantization to reduce the original colour resolution. Built-in encryption methods are IDEA, DES, 3DES, MPJ2 (128, 256, 384, 512 bit keys) and NSEA. Operating modes are selectable from ECB, CBB, CFB, OFB and PCBC. If you are going to download it, make sure you get version 2. I'm currently on the look out for new steganography ideas (you might have seen the patches I wrote that allow files to be hidden in gzip compressed files). I thought of a load of obvious stuff like adding/not adding spaces at the end of lines of a text file, carefully choosing assembler instructions where two are available, etc. Has anyone got any more ideas? Regards, - Andy From frissell at panix.com Tue Aug 2 02:06:31 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 2 Aug 94 02:06:31 PDT Subject: In the news... Message-ID: <199408020906.AA17343@panix.com> "The FBI is examining his computer to uncover links to other people." Said of the Abortion Doctor slaying suspect. DCF From jdd at aiki.demon.co.uk Tue Aug 2 03:40:51 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 2 Aug 94 03:40:51 PDT Subject: The Terrorists are coming! Message-ID: <3294@aiki.demon.co.uk> In message CatAshleigh writes: > first of all the only "muslim" (NOT ARAB, NO ARABS HAVE NUKES, the only How do you know? > country with nukes in the middle east is Israel) country > with a nuclear program is pakistan, and they're years away from anything > that could be stolen. Ahem. Uzbekistan is Muslim, and is also the third or fourth largest nuclear power, and also is in a part of the world where there is a long tradition of ... how do I say it gently ... greasing the palm. I spent quite a while next door in Afghanistan and am familiar with the culture. A large part of the former USSR was Muslim and there were strategic and tactical nuclear weapons scattered all over the place (tactical weapons are used as mines, fired from artillery pieces, carried by short range missiles, and dropped from fighter bombers). If none of these is unaccounted for, it is a genuine miracle. Also, there has been quite a lot of press coverage here in the UK of the defector from Saudi Arabia who claims that (a) the Saudis backed both the Iraqi and the Pakistani nuclear programs and (b) the Saudis at least have some nuclear materials. > second of all there are more deaths caused by lighting on golf courses, > ask any insurance agency. Also not true. The total number killed directly and indirectly in Japan alone by atomic bombs is certainly over 100,000. I can't believe that that many people have been killed by lightning on golf courses! Then again, we are talking about elementary arithmetic. Yes, the probability of someone being killed by lightning on a golf course tomorrow is much much higher than that of the detonation of a nuclear weapon in a populated area. But when that nuclear weapon goes off, it's not going to be just one golfer that gets scorched. > some call it pork barrel, I call it consperasy theory to protray muslims > as terroists. Pork barrel? -- Jim Dixon From jdd at aiki.demon.co.uk Tue Aug 2 03:41:23 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 2 Aug 94 03:41:23 PDT Subject: The Terrorists are coming! Message-ID: <3296@aiki.demon.co.uk> In message CatAshleigh writes: > > > I don't recall the Jim's article mentioning "muslim" terrorists > > specifically. Or are only "muslims" terrorist in your book? :-) > > The only other people who are called terroist are the IRA, and I don't see > the FBI scrambling to protect Great Britian's consulet in DC when a > car bomb goes off in London Here in the UK we read about lots of terrorist groups, not just the IRA: ETA in Spain, Kurds (blew up someone in London a few months ago), Iranis (killed someone in Paris recently), Chchernians (spelling?? -- assasinated someone in London a couple of months ago), the Mafia, North Koreas (two separate events in the last few years, a hundred or so people killed each time), the Animal Liberation Front (blew up a bomb here in Bristol, injuring a baby), ... there are lots of them. Maybe you should subscribe to a London newspaper. -- Jim Dixon From perry at imsi.com Tue Aug 2 05:28:27 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 2 Aug 94 05:28:27 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <9408020242.AA16016@prism.poly.edu> Message-ID: <9408021227.AA09891@snark.imsi.com> Arsen Ray Arachelian says: > I didn't get any notices of being subscribed to penet.fi, so I guess not > everyone on the cpunx list was hit. Either that or the mail daemon here > found too much email in my mailbox and decided to digest the tuna or > whatever the fuck message. Much more likely that you already had a penet address and it was compromised. Perry From Rolf.Michelsen at delab.sintef.no Tue Aug 2 05:50:40 1994 From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen) Date: Tue, 2 Aug 94 05:50:40 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <9408021227.AA09891@snark.imsi.com> Message-ID: Perry E. Metzger says: > Arsen Ray Arachelian says: > > I didn't get any notices of being subscribed to penet.fi, so I guess not > > everyone on the cpunx list was hit. Either that or the mail daemon here > > found too much email in my mailbox and decided to digest the tuna or > > whatever the fuck message. > > Much more likely that you already had a penet address and it was > compromised. Well, I have never been assigned a penet id -- not now and not earlier. (I've only been on this account for almost a year, and my memory isn't *that* bad.) This probably rules out the "who cypherpunks" attack. But then I haven't posted much to this group -- perhaps, whoever he/she is, is more interested in frequent/recent posters? -- Rolf (who is wondering if this post will result in a penet id...) ---------------------------------------------------------------------- Rolf Michelsen "Nostalgia isn't what it Email: rolf.michelsen at delab.sintef.no used to be..." Phone: +47 73 59 87 33 ---------------------------------------------------------------------- From s009amf at discover.wright.edu Tue Aug 2 06:24:43 1994 From: s009amf at discover.wright.edu (Aron Freed) Date: Tue, 2 Aug 94 06:24:43 PDT Subject: New Threat on the Horizon: Software Key Escrow In-Reply-To: <199407261933.MAA17765@netcom8.netcom.com> Message-ID: On Tue, 26 Jul 1994, Timothy C. May wrote: > Here's the rub: > > * Suppose the various software vendors are "incentivized" to include > this in upcoming releases. For example, in 30 million copies of > Microsoft's "Chicago" (Windows 4.0) that will hit the streets early in > '95 (betas are being used today by many). > > * This solves the "infrastructure" or "fax effect" problem--key escrow > gets widely deployed, in a way that Clipper was apparently never going > to be (did any of you know _anybody_ planning to buy a "Surety" > phone?). > > (Why would _anyone_ ever use a voluntary key escrow system? Lots of > reasons, which is why I don't condemn key escrow automatically. > Partners in a business may want access under the right circumstances > to files. Corporations may want corporate encryption accessible under > emergencyy circumstances (e.g., Accounting and Legal are escrow > agencies). And individuals who forget their keys--which happens all > the time--may want the emergency option of asking their friends who > agreed to hold the key escrow stuff to help them. Lots of other > reasons. And lots of chances for abuse, independent of mandatory key escrow.) > > But there are extreme dangers in having the infrastructure of a > software key escrow system widely deployed. > > I can't see how a widely-deployed (e.g., all copies of Chicago, etc.) > "voluntary key escrow" system would remain voluntary for long. It > looks to me that the strategy is to get the infrastructure widely > deployed with no mention of a government role, and then to bring the > government in as a key holder. > > > I was the one who posted the Dorothy Denning "trial balloon" stuff to > sci.crypt, in October of 1992, six months before it all became real > with the announcement of Clipper. This generated more than a thousand > postings, not all of them useful (:-}), and helped prepare us for the > shock of the Clipper proposal the following April. > > I see this software-based key escrow the same way. Time to start > I was just reading through my mail when it hit me. If the NSA and the FBI want to put their software based key-escrow systems into software like Chicago, why don't we create pamphlets to send out to businesses and the people of the United States. In the pamphlet, there is a little glossary for some of the terms and acronyms used and explanation of the Govt. would like to do with Clipper Chip and YOUR phones and computers. Or we could try another route. Most radio stations and TV stations give groups free air time for public service anouncements. We could create videos about what we are talking about to make the public aware.... Aaron From mpd at netcom.com Tue Aug 2 06:28:56 1994 From: mpd at netcom.com (Mike Duvos) Date: Tue, 2 Aug 94 06:28:56 PDT Subject: Children and the Net In-Reply-To: Message-ID: <199408021329.GAA28106@netcom14.netcom.com> > > Mike Duvos writes: > > > Had it not been for the fact that having children covered with > > > scars, welts, and bruises is not considered child abuse in the > > > state of Texas, > > > > I know it's chic to refer to Texas as the last bastion of barbarian > > living, but I'd like to see some citation for the above if you really > > believe it's true. Note also that I've heard tell kids get beat up in > > other states too, though that might just be rumor. > > I'd like to throw my $0.02 into this, too. I've lived in Texas for most > of my life, and I can assure you that what Mike Duvos says is most certainly > *not* true! The behavior of the Branch Davidians towards their children is well documented, both by child welfare workers in Texas and by sworn testimony of former members. "I've lived in Texas and therefore none of this is true..." is neither relevant, accurate, nor compelling. The Branch Davidians were proclaimed "cleared" of charges of child abuse by Texas authorities in the presense of physical evidence which would have been considered abuse in most other states. Declaring that one has lived in Texas does not change any of this, nor does it change the well-documented statistics on corporal punishment in the Texas public school system, in which Texas is the nation's leader. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From s009amf at discover.wright.edu Tue Aug 2 06:40:28 1994 From: s009amf at discover.wright.edu (Aron Freed) Date: Tue, 2 Aug 94 06:40:28 PDT Subject: Questions about Microsoft and Software Key Escrow In-Reply-To: <199407281915.MAA13890@netcom10.netcom.com> Message-ID: On Thu, 28 Jul 1994, Timothy C. May wrote: > > I don't believe the folks at MS are lying--I believe they are telling > the truth as they see it. In fact, the paralegal guy told me a lot of > stuff about the possible justifications for SKE, the export issues > (Feds want SKE for exported products....don't ask me why), etc. He > thought, I guess, that this would _convince_ me that Microsoft's > motives were not evil--which I have never thought was the case, > ironically. Instead, he just confirmed to me via his arguments that > some kind of SKE scheme is being talked about, negotiated with one or > more federal agencies, and may or may not be planned for future > products. Here's another possibility.. We put out the word that we don't buy Chicago or any somftware that has SKE built in. KEep your old stuff or make your own operating system. I think most of the computer programmers could on joint effort create something better than what is on the market anyway. We live in a democracy. We should be telling those assholes in Washington DC how we want the country run, not them telling us that we need NIST. Who are they representing anyway??? Aaron From landmann at facstaff.wisc.edu Tue Aug 2 07:00:55 1994 From: landmann at facstaff.wisc.edu (Thomas Landmann) Date: Tue, 2 Aug 94 07:00:55 PDT Subject: Children and the Net Message-ID: <199408021356.IAA19569@audumla.students.wisc.edu> First of all, what does this have to do with crypto.. At 06:29 8/2/94 -0700, Mike Duvos wrote: >The behavior of the Branch Davidians towards their children is well >documented, both by child welfare workers in Texas and by sworn >testimony of former members. Apparently this is your (presently unsubstantiated) opinion. How about some references that don't involve ATF employee testimonys? >The Branch Davidians were proclaimed "cleared" of charges of child >abuse by Texas authorities in the presense of physical evidence which >would have been considered abuse in most other states. In many places, spanking a child (with restraint and compassion, as a parent) is considered child abuse, so I suppose this statement could be considered true. I am not alone, however, in my belief that corporal punishment is sometimes a necessary part of parenting. While I don't share the Davidians religious beliefs, I'd like to see more evidence that the ATF was justified in their assault. I'm not yet convinced. -Tom ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Thomas Landmann :: E-mail: landmann at facstaff.wisc.edu :: :: DoIT Network Systems Technology :: Compuserve: 76020,2055 :: :: 1210 W Dayton Street, Rm 4220 :: AX.25: N9UDL @ WD9ESU.#SCWI.WI.NOAM:: :: Office: 608.263.1650 :: Home: 608.277.1115 :: ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: >>> Waiting for "Chicago"? Try Linux *NOW* instead! <<< From danielce at ee.mu.oz.au Tue Aug 2 07:25:58 1994 From: danielce at ee.mu.oz.au (Daniel Carosone) Date: Tue, 2 Aug 94 07:25:58 PDT Subject: Questions about Microsoft and Software Key Escrow In-Reply-To: <199407281915.MAA13890@netcom10.netcom.com> Message-ID: <199408021436.AAA09246@anarres> Aron Freed writes: > Here's another possibility.. We put out the word that we don't buy > Chicago or any somftware that has SKE built in. KEep your old stuff or > make your own operating system. I think most of the computer programmers > could on joint effort create something better than what is on the market > anyway. An off-topic aside: this is already done. Check out the NetBSD and Linux projects sometime. NetBSD is about to release 1.0, the first fully-working unencumbered release of bsd 4.4 for several platforms. Linux is well known by now. I have both, they are far superior for my needs than any MS product. -- Dan. From mpd at netcom.com Tue Aug 2 07:30:54 1994 From: mpd at netcom.com (Mike Duvos) Date: Tue, 2 Aug 94 07:30:54 PDT Subject: Children and the Net In-Reply-To: <199408021356.IAA19569@audumla.students.wisc.edu> Message-ID: <199408021430.HAA02313@netcom14.netcom.com> > First of all, what does this have to do with crypto.. Absolutely nothing. > At 06:29 8/2/94 -0700, Mike Duvos wrote: > >The behavior of the Branch Davidians towards their children is well > >documented, both by child welfare workers in Texas and by sworn > >testimony of former members. > Apparently this is your (presently unsubstantiated) opinion. How about > some references that don't involve ATF employee testimonys? I wasn't aware that child welfare workers and former Branch Davidians were members of the ATF. > >The Branch Davidians were proclaimed "cleared" of charges of child > >abuse by Texas authorities in the presense of physical evidence which > >would have been considered abuse in most other states. > In many places, spanking a child (with restraint and compassion, as a > parent) is considered child abuse, so I suppose this statement could be > considered true. One mother reported that Koresh ordered her to spank her one year old baby with a wooden paddle and wouldn't let her stop until the child was bleeding. This was because the child had cried while Koresh was giving a sermon. I see no "restraint" or "compassion" here. > While I don't share the Davidians religious beliefs, I'd like to see more > evidence that the ATF was justified in their assault. The ATF was completely unjustified in their assault. That, of course, does not refute any of the charges that the Branch Davidians were not particularly nice to the younger members of their congregation. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From hfinney at shell.portal.com Tue Aug 2 07:32:33 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 2 Aug 94 07:32:33 PDT Subject: Steganography In-Reply-To: Message-ID: <199408021432.HAA23712@jobe.shell.portal.com> Andrew Brown writes: >I'm currently on the look out for new steganography ideas (you might have >seen the patches I wrote that allow files to be hidden in gzip compressed >files). I thought of a load of obvious stuff like adding/not adding >spaces at the end of lines of a text file, carefully choosing assembler >instructions where two are available, etc. Has anyone got any more ideas? One possibility would be to right-justify your text, as a few people like to do, then to tweak the algorithm for inserting spaces into lines to depend on the next bits of the embedded mes- sage. Generally, you have N spaces to insert into M word breaks. If M divides N, you don't have any choice, but otherwise you have N mod M "leftovers" to distribute among M. This would allow several bits per line. Hal From rfb at lehman.com Tue Aug 2 07:52:22 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Tue, 2 Aug 94 07:52:22 PDT Subject: Lawsuits Against PKP In-Reply-To: <199408011509.IAA23874@jobe.shell.portal.com> Message-ID: <9408021450.AA08017@fnord.lehman.com> Date: Mon, 1 Aug 1994 08:09:30 -0700 From: Hal schneier at chinet.chinet.com (Bruce Schneier) writes: >Schlafly v. Public Key Partners, C-94-20512-SW, July 27, 1994, San Jose. >It alleges that almost all of the PKP patent claims are invalid and >unenforceable. That makes my day. The name Schlafly sounds familiar (I don't mean Phyllis). Roger? Does anyone know a crypto person with this name? Well, FWIW, the woman who spends most of the year traveling around the country telling other women to stay home has gained at least a slight interest in crypto lately. The Phyllis Schlafly Report recently posted an announcement taking an anti-Clipper position and referring to an online `report' that they've prepared concerning Clipper. I didn't see anything to indicate that she'd be interested in going after PKP however, so Roger is probably a better guess. I have no idea whether Roger is her son or how similar their political ideas are. Rick From rfb at lehman.com Tue Aug 2 08:12:18 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Tue, 2 Aug 94 08:12:18 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: Message-ID: <9408021510.AA08249@fnord.lehman.com> Date: Tue, 2 Aug 1994 14:50:02 +0200 (MET DST) From: Rolf Michelsen Perry E. Metzger says: > Arsen Ray Arachelian says: > > I didn't get any notices > > likely that you already had a penet address and it was compromised. Well, I have never been assigned a penet id . . . . This probably rules out the "who cypherpunks" attack. If by "who cypherpunks" attack you mean that someone could be subscribed using an an*@anon.penet.fi, you most certainly cannot rule that out. an111447 at anon.penet.fi continues to be subscribed: Date: Tue, 2 Aug 94 07:58:00 PDT From: Majordomo at toad.com Subject: Majordomo results: who cypherpunks . . . an111447 at anon.penet.fi Perhaps someone could remove this address (or replace it with na111447 at anon.penet.fi) and/or get the anon.penet.fi administrator to beat on this person (electronically of course). Rick From nzook at math.utexas.edu Tue Aug 2 08:22:05 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 2 Aug 94 08:22:05 PDT Subject: "Anon" fake... Message-ID: <9408021519.AA26481@pelican.ma.utexas.edu> From jya at pipeline.com Tue Aug 2 08:27:24 1994 From: jya at pipeline.com (John Young) Date: Tue, 2 Aug 94 08:27:24 PDT Subject: Steganography (Was Re: What kind of encryption to incorporate?) Message-ID: <199408021526.LAA17483@pipe1.pipeline.com> Responding to msg by a.brown at nexor.co.uk (Andrew Brown) on Tue, 2 Aug 9:55 AM >Has anyone got any more ideas? Andy: Some features of CAD programs such as AutoCad may be useful for concealment. Want to discuss here or by e-mail? Caution: I'm crypto impaired, but quite devious advantaged. John From perry at imsi.com Tue Aug 2 08:28:38 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 2 Aug 94 08:28:38 PDT Subject: "Anon" fake... In-Reply-To: <9408021519.AA26481@pelican.ma.utexas.edu> Message-ID: <9408021528.AA10247@snark.imsi.com> nzook at fireant.ma.utexas.edu says: > Folks, we GOTTA do something about this... The obvious and simple fix is to put code into the Majordomo implementation to prevent the subscription of an*@anon.penet.fi (note -- this wouldn't prevent subscriptions as na*@anon.penet.fi). I've pointed this out before -- unfortunately, the list maintainers don't have time to do it. Maybe someone could volunteer to do the change? You'd have to talk to Eric Hughes about how to do the work. Perry From cactus at bb.com Tue Aug 2 09:00:52 1994 From: cactus at bb.com (L. Todd Masco) Date: Tue, 2 Aug 94 09:00:52 PDT Subject: Anonymous code name allocated. // penet hack Message-ID: <199408021604.MAA21569@bb.com> Rick: > Perhaps someone could remove this address (or replace it with > na111447 at anon.penet.fi) and/or get the anon.penet.fi administrator to > beat on this person (electronically of course). In addition to writing code, Cypherpunks can telnet to port 25. Toad.com's sendmail doesn't seem to do reverse lookups on the IP address. -- L. Todd Masco | Bibliobytes books on computer, on any UNIX host with e-mail cactus at bb.com | "Information wants to be free, but authors want to be paid." From berzerk at xmission.xmission.com Tue Aug 2 09:16:40 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Tue, 2 Aug 94 09:16:40 PDT Subject: Children and the Net In-Reply-To: <199408021430.HAA02313@netcom14.netcom.com> Message-ID: On Tue, 2 Aug 1994, Mike Duvos wrote: > One mother reported that Koresh ordered her to spank her one year > old baby with a wooden paddle and wouldn't let her stop until the > child was bleeding. This was because the child had cried while > Koresh was giving a sermon. I see no "restraint" or "compassion" here. I am very interested in this case. I have seen no such alligation. If you could be so kind as to post or send through private e-mail your source for this comment, I would be greatfull. Berzerk. From berzerk at xmission.xmission.com Tue Aug 2 09:19:17 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Tue, 2 Aug 94 09:19:17 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <9408021510.AA08249@fnord.lehman.com> Message-ID: On Tue, 2 Aug 1994, Rick Busdiecker wrote: > Perhaps someone could remove this address (or replace it with > na111447 at anon.penet.fi) and/or get the anon.penet.fi administrator to Sounds great. I think THIS LIST needs to take action like this. As far as I am concerned, mailing lists suck right now as there is almost no security. Someone can subscribe like this, they can subscribe someone else, or other things. Why hasn't he been yanked yet? Berzerk. From hughes at ah.com Tue Aug 2 09:55:52 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 2 Aug 94 09:55:52 PDT Subject: "Anon" fake... In-Reply-To: <9408021528.AA10247@snark.imsi.com> Message-ID: <9408021624.AA09621@ah.com> I've pointed this out before -- unfortunately, the list maintainers don't have time to do it. Maybe someone could volunteer to do the change? You'd have to talk to Eric Hughes about how to do the work. Hugh Daniel (hugh at toad.com) is the one who maintains the mailing list software on toad.com. Hugh is very busy, so don't pester him if you don't have something constructive. For the record, and to prevent future misunderstandings, I don't have root on toad.com. Eric From cactus at bb.com Tue Aug 2 10:02:49 1994 From: cactus at bb.com (L. Todd Masco) Date: Tue, 2 Aug 94 10:02:49 PDT Subject: Children and the Net Message-ID: <199408021705.NAA22137@bb.com> Am I the only one that's struck by the similarity between the propaganda about the Waco massacre and the propaganda preceding the Persion Gulf massacre? [For those who don't know, a good deal of the stories about Iraqi attrocities were totally manufactured. Read "Second Front" (author last name "Truman", I believe) for an account from a reporter's perspective of how the Pentagon manipluated stories and therefore public opionion] -- L. Todd Masco | Bibliobytes books on computer, on any UNIX host with e-mail cactus at bb.com | "Information wants to be free, but authors want to be paid." [Not obviously C'punk related, but it really is: we must understand the propaganda machine that the US government has working for it if we hope to oppose them successfully on crypto issues] From lrh at crl.com Tue Aug 2 10:18:54 1994 From: lrh at crl.com (Lyman Hazelton) Date: Tue, 2 Aug 94 10:18:54 PDT Subject: "Anon" fake... In-Reply-To: <9408021528.AA10247@snark.imsi.com> Message-ID: On Tue, 2 Aug 1994, Perry E. Metzger wrote: > > nzook at fireant.ma.utexas.edu says: > > Folks, we GOTTA do something about this... > > The obvious and simple fix is to put code into the Majordomo > implementation to prevent the subscription of an*@anon.penet.fi (note > -- this wouldn't prevent subscriptions as na*@anon.penet.fi). I've > pointed this out before -- unfortunately, the list maintainers don't > have time to do it. Maybe someone could volunteer to do the change? > You'd have to talk to Eric Hughes about how to do the work. > > Perry > Perry (and other c'punks), I don't think the mechanism employed by the hacker is using "who" at all. Rather, it is someone who is subscribed to the list and has a program which looks at the author of each message to see if it is someone already in their database. If it is someone new, it automatically sends a message for that person into the anon service. If not, it simply ignores the message. There are LOTS of silent listeners on the list and it could be ANY of them. Stoping this is not going to be easy. I don't suppose Julf at penet.fi would be interested in recording the name of the site where all these requests are originating? Any other ideas? Lyman Finger lrh at crl.com for PGP 2.4 Public Key Block. From tcmay at netcom.com Tue Aug 2 10:50:12 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 2 Aug 94 10:50:12 PDT Subject: Tuna fish spams a growing fact of life In-Reply-To: Message-ID: <199408021750.KAA26146@netcom12.netcom.com> Lyman Hazelton wrote: > a message for that person into the anon service. If not, it simply > ignores the message. There are LOTS of silent listeners on the list and > it could be ANY of them. Stoping this is not going to be easy. I don't > suppose Julf at penet.fi would be interested in recording the name of the > site where all these requests are originating? Any other ideas? > Stopping attacks like this will not be easy: * the attacker is using alt.test (as I recall) to report results...this is precisely the "anonymous pool" we argue for, for untraceability. * if he's as smart as I suspect, he's also bouncing the messages to penet through Cypherpunks-type remailers first. This makes it harder (a little harder now, with our fragile remailers, *much* harder someday) for Julf to "record the name of the site where all these requests are originating." The fragility of the Net exposes it to spamming attacks. And I think Julf agrees that a rewrite of the code at his site is overdue....he's mentioned this here, and is seeking donations. (Personally, I think the "volunteer" aspect is at fault here: tens of thousands of users use it for "free," while the software can't be rewritten or maintained adequately. Why not a commercial service? And the same arguments apply, as always, for the Cypherpunks model of remailers.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From perry at imsi.com Tue Aug 2 10:57:35 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 2 Aug 94 10:57:35 PDT Subject: "Anon" fake... In-Reply-To: Message-ID: <9408021756.AA10719@snark.imsi.com> Lyman Hazelton says: > Perry (and other c'punks), > > I don't think the mechanism employed by the hacker is using "who" at > all. The mechanism employed was obvious and simple -- someone subscribed an anXXX address to the list. Anyone looking at the subscription list can tell that, on their own. This technique has been used before. Perry From perry at imsi.com Tue Aug 2 11:01:50 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 2 Aug 94 11:01:50 PDT Subject: "Anon" fake... In-Reply-To: <9408021756.AA10719@snark.imsi.com> Message-ID: <9408021801.AA10751@snark.imsi.com> "Perry E. Metzger" says: > > Lyman Hazelton says: > > Perry (and other c'punks), > > > > I don't think the mechanism employed by the hacker is using "who" at > > all. > > The mechanism employed was obvious and simple -- someone subscribed an > anXXX address to the list. Anyone looking at the subscription list can > tell that, on their own. This technique has been used before. BTW, this is not to say that other techniques aren't being employed by others right now using alt.test -- I'm just refering to what happened last week on this mailing list... Perry From jamiel at sybase.com Tue Aug 2 11:03:07 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Tue, 2 Aug 94 11:03:07 PDT Subject: Schalfly's son (Was: Re: Lawsuits Against PKP) Message-ID: <9408021801.AB09523@ralph.sybgate.sybase.com> At 10:50 AM 08/02/94 -0400, Rick Busdiecker wrote: >I have no idea whether Roger is her son or how similar their political >ideas are. I forget her son's name, but I know that his views are almost diametric opposite of dear old mom's. He is gay and rather outspoken, and has been *very* critical of mum's family values trip. -j -- "Blah Blah Blah" ___________________________________________________________________ Jamie Lawrence From doug at OpenMind.com Tue Aug 2 11:03:38 1994 From: doug at OpenMind.com (Doug Cutrell) Date: Tue, 2 Aug 94 11:03:38 PDT Subject: Anonymous code name allocated. // penet hack Message-ID: Rick Busdiecker writes: >If by "who cypherpunks" attack you mean that someone could be >subscribed using an an*@anon.penet.fi, you most certainly cannot rule >that out. an111447 at anon.penet.fi continues to be subscribed... I just did a "who cypherpunks", and an111447 at anon.penet.fi has apparently been unsusbscribed as of 10:20 a.m. PST (not by me, though I considered it...) Doug ___________________________________________________________________ Doug Cutrell General Partner doug at OpenMind.com Open Mind, Santa Cruz =================================================================== From nzook at math.utexas.edu Tue Aug 2 11:05:19 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 2 Aug 94 11:05:19 PDT Subject: AA BBS Message-ID: <9408021802.AA27018@pelican.ma.utexas.edu> is back on line, according to hkhenson at cup.portal.com... From hayden at vorlon.mankato.msus.edu Tue Aug 2 11:42:17 1994 From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden) Date: Tue, 2 Aug 94 11:42:17 PDT Subject: AA BBS In-Reply-To: <9408021802.AA27018@pelican.ma.utexas.edu> Message-ID: On Tue, 2 Aug 1994 nzook at fireant.ma.utexas.edu wrote: > is back on line, according to hkhenson at cup.portal.com... How'd they manage that? I thought that Tenessee siezed all of the equipment and stuff. ____ Robert A. Hayden <=> hayden at vorlon.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or anyone else, dammit -=-=-=-=-=-=-=- (GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++ j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++** From berzerk at xmission.xmission.com Tue Aug 2 12:24:37 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Tue, 2 Aug 94 12:24:37 PDT Subject: "Anon" fake... In-Reply-To: Message-ID: On Tue, 2 Aug 1994, Lyman Hazelton wrote: > I don't think the mechanism employed by the hacker is using "who" at > all. Rather, it is someone who is subscribed to the list and has a > program which looks at the author of each message to see if it is someone > already in their database. If it is someone new, it automatically sends > a message for that person into the anon service. If not, it simply > ignores the message. There are LOTS of silent listeners on the list and > it could be ANY of them. Stoping this is not going to be easy. I don't Send out 9 barium messages, coded by the binary representation the number of the person sendig to, with 0 being no message. You have them. Berzerk. From pdn at msmail.dr.att.com Tue Aug 2 12:28:25 1994 From: pdn at msmail.dr.att.com (Philippe Nave) Date: Tue, 2 Aug 94 12:28:25 PDT Subject: Majordomo and Julf's remailer Message-ID: <2E3E9DE5@mspost.dr.att.com> Assumption: (maybe incorrect, but what the hell..) The trouble with having an anonymous penet subscriber on the list is due to the fact that cypherpunks messages appear to be 'from' the individual that posted the message as opposed to the list itself. Thus, when I post a message and it goes out to the list, it heads out to anxxx at penet.fi and generates an anon ID if I didn't have one before. If this is the case, is there any way to change the setup of the cypherpunks list on toad.com such that the list messages appear to be 'from' cypherpunks at toad.com instead of from the person who sent the message? If we got another anxxx subscriber, penet.fi would start seeing hundreds of messages from 'cypherpunks at toad.com' and probably generate an anonymous ID, but it wouldn't foul up the original poster. I'm not advocating majordomo code changes here; I just wonder if there's an option setting that could be tweaked in the cypherpunks list definition. I have been on mailing lists before where the traffic always appeared to be 'from' the list, and the only thing odd about it was that you had to CC: the author to send a direct reply. If this idea is all wet, so be it... it just occurred to me this morning. -Philippe From eichin at paycheck.cygnus.com Tue Aug 2 12:32:33 1994 From: eichin at paycheck.cygnus.com (Mark W. Eichin) Date: Tue, 2 Aug 94 12:32:33 PDT Subject: "Anon" fake... In-Reply-To: <9408021624.AA09621@ah.com> Message-ID: <9408021930.AA04439@paycheck.cygnus.com> Now that an??? is alleged to be off the list, I'll post this; I sent it to Hugh earlier, but it should be of use to anyone running a security-related majordomo: It should be simple enough to change RetMailAddr in majordomo.pl; right before it returns $ReplyTo, adding $ReplyTo =~ s/an(\d+)@anon.penet.fi/na\1 at anon.penet.fi/; will switch an* addresses to na* ones... This lets an address subscribe, they just get automatically converted to na forms. (Alternatively, one can always drop in an abort in the ValidAddress function (if I remember that name right) to just abort on anything that matches penet.fi, but that would be rude, and merely escalate the problem...) _Mark_ ps. Has anyone added pgp support to majordomo? I might consider it... there are lots of issues -- but change the subject line if you want to talk about it on the list :-) From jdd at aiki.demon.co.uk Tue Aug 2 12:33:57 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 2 Aug 94 12:33:57 PDT Subject: Children and the Net Message-ID: <3362@aiki.demon.co.uk> In message <199408021705.NAA22137 at bb.com> "L. Todd Masco" writes: > Am I the only one that's struck by the similarity between the propaganda > about the Waco massacre and the propaganda preceding the Persion Gulf > massacre? ... > [Not obviously C'punk related, but it really is: we must understand the > propaganda machine that the US government has working for it if we > hope to oppose them successfully on crypto issues] It's a much more general phenomenon that that. Two or three years ago, two doctors working for the National Health Service in the northeast of England began applying new diagnostic techniques routinely while examining children. They found that some children had been sexually abused and the children were taken into care. They began widening the use of the techniques and more children were taken into care with formal charges against parents etc being prepared by the police. The number of people involved expanded rapidly until it became clear that the two doctors were claiming that at least 20% (and climbing) of the population were sexually abusing their children. At this point credibility disappeared, support vanished, and the doctors were moved to new jobs. At the high point, children who fell off their bikes were being snatched out of emergency units, checked for "signs of sexual abuse", and usually found to have them. Then they were transferred to social workers who used extremely suggestive interrogation techniques which confirmed the doctors' [wacky] diagnoses. The doctors and social workers claimed to have the interests of the children in mind, and they looked sincere. But at some point the insanity of what they were doing became utterly apparent. They took children away from their parents because they were being abused. The children were put into foster homes. The doctors examined them again and found that they were still being abused. So the children were moved again. It became apparent that soon all of the children in the North East were going to have to be put into care, and most of the adults were going to be charged with child abuse. The people at the center of the affair never saw that they were wrong. At more or less the same time, social workers raided an island off the Scottish coast and took most of the children, claiming that the islanders were engaging in devil worship. The same type of aggressive interviewing techniques were used -- suggestive demonstrations, questions repeated on into the night until the 'right' answer was supplied, sweets and other rewards given for telling the right story. Although a commission later found that the charges were without substance, many of the children still have not been returned. It's not just the US government. Personally I believe that some fraction of the population is authoritarian in temperament and some fraction is credulous, and that these attributes are uncorrelated and distributed at random. The credulous authoritarian types can be very dangerous. They like uniforms. -- Jim Dixon From mpd at netcom.com Tue Aug 2 12:42:47 1994 From: mpd at netcom.com (Mike Duvos) Date: Tue, 2 Aug 94 12:42:47 PDT Subject: Truth, Justice, and the Waco Way Message-ID: <199408021942.MAA21100@netcom5.netcom.com> Events like Waco and the Persian Gulf War, in which an authoritarian superpower obliterates a mostly harmless and largely defenseless group of people, translate with relative ease to the cyberspacial realm. Seems like a valid Cypherpunks topic to me, so I will take a crack at responding to the following message L. Todd Masco writes: > Am I the only one that's struck by the similarity between > the propaganda about the Waco massacre and the propaganda > preceding the Persion Gulf massacre? Not at all. We should remember Herbert's Two Laws here. 1. All governments lie. 2. If you think you have found a counterexample, please reread law number one. Also worth remembering is the old saying that "a liar who lies one hundred percent of the time is unlikely to be a successful liar." The trick, therefore, is learning to separate the lies from the truth in a mixture of both. The quintessential lie from the Persian Gulf War was of course the memorable "baby incubator" story, recited tearfully on the floor of the Congress by a supposedly uninvolved eyewitness who later was revealed to be the daughter of the Kuwaiti ambassador. The alleged events, which never happened, turned the tide in Congress with regard to support for the war. Of course lies abounded in the Waco case as well, with Koresh being portrayed as a heavily armed lunatic yearning to fulfill Biblical prophecy by perishing in battle with all his followers. In reality, they simply wished to live their lives and be left alone. The pitfall here, which is to be avoided, is to start characterizing every negative thing said about the folks in Waco or Iraq as false, or to start suggesting that negative comments are a ploy to absolve government of all responsibility for what took place. Some of the negative things said in both these cases were certainly truthful. For instance, political opponents of Saddam Hussein in Iraq certainly had a markedly shortened life expectancy, and the Branch Davidians certainly took a Biblical fire and brimstone approach towards signs of independent thought or action in their offspring. Not a reason for lots of people to be killed, but not a reason to recommend their canonization either. The lesson to be learned here is that societies based on a diffuse "Web of Trust" organization are far less dangerous than those based on a powerful centralized authority. A powerful centralized authority inevitably devolves into interacting with its subjects using the protocol... Do What We Say Or We'll Kill You! Or in its more tasteful two-part form... 1. Do What We Say. 2. You're Under Arrest, And If You Resist, We'll Kill You. At that point, Wars, Wacos, Encryption Bans, and BBS Porno Show trials lurk just around the corner. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From will at thinkmedia.com Tue Aug 2 13:44:02 1994 From: will at thinkmedia.com (thinkmedia.com) Date: Tue, 2 Aug 94 13:44:02 PDT Subject: clarification please Message-ID: <199408022043.NAA06405@scruz.net> Woah, >Events like Waco and the Persian Gulf War, in which an >authoritarian superpower obliterates a mostly harmless and >largely defenseless group of people, translate with relative ease >to the cyberspacial realm. I remember reading a Scientific American article about two years before Iraq invaded Kuwait, in which it was made clear Iraq had and were developing missiles with ranges paralleling only U.S., Russia and China. I don't think harmless and defenseless quite fits the description. Maybe wannabe super power would be more accurate. ______________________________________________________________________________ Opinion is a flitting thing, Thinking Media Research But Truth, outlasts the Sun-- will at thinkmedia.com If then we cannot own them both-- (408) 423 3720 Possess the oldest one-- Emily Dickinson From nobody at shell.portal.com Tue Aug 2 13:45:05 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 2 Aug 94 13:45:05 PDT Subject: Majordomo and Julf's remailer Message-ID: <199408022044.NAA28101@jobe.shell.portal.com> * I'm not advocating majordomo code changes here; I just wonder if * there's an option setting that could be tweaked in the cypherpunks * list definition. I have been on mailing lists before where the * traffic always appeared to be 'from' the list, and the only thing * odd about it was that you had to CC: the author to send a direct * reply. should be fairly simple, extropians works that way. From lcottrell at popmail.ucsd.edu Tue Aug 2 13:48:38 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Tue, 2 Aug 94 13:48:38 PDT Subject: penet.fi attack Message-ID: <199408022047.NAA03976@ucsd.edu> This was clearly not just ignorance. Check out alt.test. The Anon and real ID of hundreds of people has been posted there. -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From mpd at netcom.com Tue Aug 2 14:11:44 1994 From: mpd at netcom.com (Mike Duvos) Date: Tue, 2 Aug 94 14:11:44 PDT Subject: Uniforms, Authority, and System "X" In-Reply-To: <3362@aiki.demon.co.uk> Message-ID: <199408022111.OAA05387@netcom15.netcom.com> jdd at aiki.demon.co.uk (Jim Dixon) writes: > It's a much more general phenomenon that that. Two or > three years ago, two doctors working for the National Health > Service in the northeast of England began applying new > diagnostic techniques routinely while examining children. > They found that some children had been sexually abused and > the children were taken into care. The same thing happened in the United States a number of years back. Sex abuse "experts" began taking note of microscopic abrasions and other signs of wear and tear on the genitals of children who had been sexually abused. They found that almost all children who had been sexually abused showed such signs and wrote lengthy papers on the subject. They also appeared in court with impressive diagrams and pointers and expounded at length about the new "scientific evidence of abuse." "So and so", they would proclaim, "showed a thickening of the skin" or "a small scratch" which obviously proved something sexual and inappropriate had taken place. Lots of people went straight to jail. Then the scientists happened to examine a population of children who had not been sexually abused and to their horror, they showed the same statistical incidence of such findings as the "abused" children did. Mostly from normal self-exploration and play with other kids their own age. There was gigantic embarassment all around and the scientists retreated. Looks like England is going through the same learning curve. > The people at the center of the affair never saw that they > were wrong. Well, there is a certain professional humiliation factor to be contended with here. :) > It's not just the US government. Most of the really goofy stuff along these lines seems to happen in the US and Great Britain. Other countries participate occasionally, like Italy. The Scandinavian countries and the Netherlands seem mostly immune. > Personally I believe that some fraction of the population is > authoritarian in temperament and some fraction is credulous, > and that these attributes are uncorrelated and distributed > at random. The credulous authoritarian types can be very > dangerous. They like uniforms. Back during the "Gays in the Miliary" flamefest, someone wrote a very funny parody suggesting that membership in the Republican party was genetically determined. I personally believe there is a large correlation between genetically determined personality traits and an attraction to right wing political thought. All right wing memes seem to have as their underlying reproductive mechanism the following schema... A. Doomed are those who do not embrace System "X" B. Anything I do to cause others to embrace System "X" is justified. The classic Christian case is of course Pascal's Wager, where avoiding any finite probability of eternal damnation outweighs the benefits of agnosticism not only for oneself, but for the rest of humanity as well. It would seem quite likely that such anxiety-producing logic would thrive best in a mind that is already predisposed to some degree of nervous excitement and insecurity. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From lrh at crl.com Tue Aug 2 14:13:38 1994 From: lrh at crl.com (Lyman Hazelton) Date: Tue, 2 Aug 94 14:13:38 PDT Subject: Adding PGP capability to Majordomo Message-ID: This sounds great, though I am somewhat confused about the mechanism and effect... just giving Majordomo a keyset would not (at least to my understanding) cure the problem of an??? recipients resulting in new an??? accounts. Perhaps I am missing something fundamental here, but what would this buy us? Lyman Finger lrh at crl.com for PGP 2.4 Public Key Block. From rah at shipwright.com Tue Aug 2 14:57:43 1994 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 2 Aug 94 14:57:43 PDT Subject: SpamlessPointer: Internet Shopkeeper Message-ID: <199408022156.RAA11984@zork.tiac.net> In the interest of spam-less info citations, please check out the posting in biz.comp.services for "Internet Shopkeeper", which allows people to set up their own internet malls (mini-malls already???), not just buy a shop in someone else's mall. No mention about transaction security in their post, really. I have a copy if anyone misses it. When I get some time, I'll put on my dumpster diving outfit and see what I can find out. If you get there before I do, share all... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From jya at pipeline.com Tue Aug 2 15:01:10 1994 From: jya at pipeline.com (John Young) Date: Tue, 2 Aug 94 15:01:10 PDT Subject: Children and the Net Message-ID: <199408022200.SAA02694@pipe1.pipeline.com> Responding to msg by cactus at bibliob.slip.netcom.com ("L. Todd Masco") on Tue, 2 Aug 1:5 PM > >Am I the only one that's struck by the similarity >between the propaganda about the Waco massacre and the >propaganda preceding the Persion Gulf massacre? Along with post-massacre spin on the slaughter to teach lasting fear of the killers beyond the event: don't fuck with us, obey or die. Captives an be terrorized into adoration of their captors, whether kids, soldiers or citizens, and propaganda is an uncontrolled munition. From crame001 at hio.tem.nhl.nl Tue Aug 2 15:20:03 1994 From: crame001 at hio.tem.nhl.nl (ER CRAMER) Date: Tue, 2 Aug 94 15:20:03 PDT Subject: Ann: PGS v0.99e Message-ID: <9408022318.AA01754@hio.tem.nhl.nl> -----BEGIN PGP SIGNED MESSAGE----- Just another release of Pretty Good PGP Shell: PGS v0.99e is the bug fix for the public beta version of PGS v0.99d. PGS is a very good shell for PGP. PGS has an advanced keyring management system and reads keyring it selves!!! PGS is very easy to use! PGS supports PGP versions 2.3a 2.6MIT 2.6ui. And ViaCrypt PGP versions 2.4 and 2.7. Special requirements: 80286 or up. Changes: A few minor bugs where fixed. The major memory leak in the key information section has been fixed. Because some users did have some problem with PGS changing the color pallet a new color mode has build in that uses standard (STD) colors. It is now possible to save the color mode (PGS, STD (default) or MONO) in the configuration file. PGS v0.99e is available for download at the following sites: Internet: (Right now) wuarchive.wustl.edu:/pub/msdos_uploads/pgs/pgs099ee.zip 128.252.135.4:/pub/msdos_uploads/pgs/pgs099ee.zip (notice that the filename is pgs099eE.zip and not pgs099e.zip, pgs099e.zip was not uploaded correctly). Fidonet: 2:282/317 Request: PGS099E.* 2:280/202 Request: PGS099E.* - -- ... If you outlaw Privacy, only Outlaws will have Privacy! Eelco Cramer ------ - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLj7UH4DAdPKe9hHLAQFowQP/Qm2AYxxRGBCf8tMFUE5KJGPd97GsXOkZ 9fnG/ofYHkpVgTRNc/jiTWd7502zQdcI95DM0WZoDirnHVjw1Iqxq8HXaxJ9h37X N+d/ClHTfWao9BTXN4FiO0urY/383kFWSlanZYSTQxatHeiIC/9BRVWoIbj8DndX sRMrKVSfrTY= =csjx -----END PGP SIGNATURE----- From kkirksey at world.std.com Tue Aug 2 15:33:18 1994 From: kkirksey at world.std.com (Ken Kirksey) Date: Tue, 2 Aug 94 15:33:18 PDT Subject: Children and the Net Message-ID: <199408022232.AA14753@world.std.com> -----BEGIN PGP SIGNED MESSAGE----- >> On Sun, 31 Jul 1994, Mike Duvos wrote: > >> > Had it not been for the fact that having children covered with >> > scars, welts, and bruises is not considered child abuse in the >> > state of Texas, all the children would have been removed from the >> > compound prior to the raid, and only the adults would have been >> > toasted. > >> Puh-leeze! There has been little to no evidence of ANY abuse of the >> Branch Davidian children. The only thing we know is that Koresh liked his >> mates young but that doesn't mean the rest of hte children were abused >> and, of course, Koresh's kink is quite normal in quite a few places. Are >> you forgetting that the BDs were investigated for child abuse and cleared >> earlier? > >These facts were well documented. Child welfare workers visited the >compound and examined the children. Signs of previous physical >punishment were noted as well as a room devoted to that purpose and ^^^^^^^^^^ >the appropriate paraphernalia. We were talking about physical ABUSE, not physical PUNISHMENT. There is a difference, unless of course you're one of those people that believe that they're one in the same and that parents shouldn't be allowed to physically discipline their children in any manner whatsoever. When I was a child, we had a room devoted to the physical discipline of us children: my parents bedroom. And in that room, specifially the closet, my father kept the appropriate paraphenalia: belts. Do you believe my parents should have been arrested for "child abuse"? I don't. The fact stands that there was no evidence that the children in the compound were ABUSED. The Texas department of child welfare cleared Koresh of all such charges. If you have any documentation to the contrary, I would certainly be interested in seeing it. I don't want to see evidence of PUNISHMENT, only ABUSE. Ken ============================================================================= Ken Kirksey kkirksey at world.std.com Mac Guru & Developer - ----------------------------------------------------------------------------- "This country, with its institutions, belongs to the people who inhabit it. Whenever they shall grow weary of the existing government, they can exercise their constitutional right of amending it, or their revolutionary right to dismember it or overthrow it." - Abraham Lincoln -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLj7FhusZNYlu+zuBAQGENgP/V6G/gCuFJ40+AeY0rs++AB73260q9jzk iLScYWfPwQ0JyMd3XJ9K4GW0eVaiV+LmWbAIFXj0FdBOVmzAnpFtw2zWTZep4UMO awrUFsp0UioGi3web3q2cfgxi3Z5YQiaZQN6rvpAeECsXyi+mutG8dQ8HdYgNY1N TRiTwsf+5pk= =86cK -----END PGP SIGNATURE----- From cactus at bb.com Tue Aug 2 16:42:31 1994 From: cactus at bb.com (L. Todd Masco) Date: Tue, 2 Aug 94 16:42:31 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: Message-ID: <199408022345.TAA25986@bb.com> Doug Cutrell writes: > >So, in between my check and yours, Todd posted the cypherpunks hack > >telnet 25 and the anonymous id disappeared. Hmmmmm. I wonder how > >that happened? :-) > > > >Thanks Todd! > > > > Rick > > I'd like to understand what Todd's "hack" means... I assume that he's > talking about telnetting to the sendmail port. But I thought that anyone > could unsubscribe anyone from cypherpunks by simply sending a message with: > > unsubscribe cypherpunks obnoxious at jerk.com > > It isn't even necessary to forge the return address, because majordomo > doesn't check. I just pulled majordomo's help file. It's appended below. In my experience, listservers will clear any commands that don't come from the person affected by passing them on for processing by the list maintainer as a security precaution. I had assumed majordomo did this, but I'm not certain. -- Todd From roy at sendai.cybrspc.mn.org Tue Aug 2 16:54:31 1994 From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail) Date: Tue, 2 Aug 94 16:54:31 PDT Subject: My light bulb goes on... (was:Re: Tuna fish...) In-Reply-To: <199408021750.KAA26146@netcom12.netcom.com> Message-ID: <940802.173235.9o1.rusnews.w165w@sendai.cybrspc.mn.org> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, Tim strikes gold: > (Personally, I think the "volunteer" aspect is at fault here: tens of > thousands of users use it for "free," while the software can't be > rewritten or maintained adequately. Why not a commercial service? And > the same arguments apply, as always, for the Cypherpunks model of > remailers.) Is this not the killer app that would get ecash off and running? A commercial service selling cyberspatial privacy and accepting anonymous ecash for the service sounds like a natural! - -- Roy M. Silvernail [ ] roy at sendai.cybrspc.mn.org PGP public key available by mail echo /get /pub/pubkey.asc | mail file-request at cybrspc.mn.org These are, of course, my opinions (and my machines) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLj7KmRvikii9febJAQELhQP+KhmOsjCGK14WxJtObmmzhhqZ3szhU7LE XgryCYddLuy7XJlj2ANcdSIu47OClyBO+eCl4vr/mUEorNxFkpb4MAQPxyrP3Ha3 gsl1MfLavlO2tZhUWKkPN2XGuInYoFbyYi0lljOD4LRuH/pGlxUtdRZnEp91vPXJ LathIAIzPBQ= =0SGR -----END PGP SIGNATURE----- From jpb at gate.net Tue Aug 2 17:30:19 1994 From: jpb at gate.net (Joseph Block) Date: Tue, 2 Aug 94 17:30:19 PDT Subject: Chaum ecash Message-ID: <199408030029.UAA46883@inca.gate.net> Sorry to clutter the list but: I had sent email about beta-testing Chaum's ecash scheme. I've since lost my copy of the original announcement (had a drive crash - joy!) and have never received a reply. Could some kind soul send me a copy of the announcement? thanks jpb at gate.net From jpb at gate.net Tue Aug 2 17:33:07 1994 From: jpb at gate.net (Joseph Block) Date: Tue, 2 Aug 94 17:33:07 PDT Subject: One last acronym... Message-ID: <199408030032.UAA69668@inca.gate.net> Federal Usurpation of Citizen's Keys Eliminates Real Security " " " " " " Secrecy From hayden at vorlon.mankato.msus.edu Tue Aug 2 17:33:26 1994 From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden) Date: Tue, 2 Aug 94 17:33:26 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <199408022345.TAA25986@bb.com> Message-ID: On Tue, 2 Aug 1994, L. Todd Masco wrote: > Doug Cutrell writes: > > I'd like to understand what Todd's "hack" means... I assume that he's > > talking about telnetting to the sendmail port. But I thought that anyone > > could unsubscribe anyone from cypherpunks by simply sending a message with: > > > > unsubscribe cypherpunks obnoxious at jerk.com > > > > It isn't even necessary to forge the return address, because majordomo > > doesn't check. I just pulled majordomo's help file. It's appended below. > > In my experience, listservers will clear any commands that don't come from > the person affected by passing them on for processing by the list > maintainer as a security precaution. I had assumed majordomo > did this, but I'm not certain. NOTE: all versions of majordomo do not permit this. I know that for the majordomo lists I run, it does do some internal checking to see that the address that mailed the unsubscribe command matches the one in the subscription roles, and if it doesn't, it forwards that message to the majordmo-owner address to be dealt with. BUT, you can turn off this 'feature' and have majordomo automatically recognize and execute all commands pertaining to that list. ____ Robert A. Hayden <=> hayden at vorlon.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or anyone else, dammit -=-=-=-=-=-=-=- (GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++ j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++** From tcmay at netcom.com Tue Aug 2 17:43:10 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 2 Aug 94 17:43:10 PDT Subject: My light bulb goes on... (was:Re: Tuna fish...) In-Reply-To: <940802.173235.9o1.rusnews.w165w@sendai.cybrspc.mn.org> Message-ID: <199408030043.RAA03037@netcom15.netcom.com> Roy Silvernail writes: > In list.cypherpunks, Tim strikes gold: > > > (Personally, I think the "volunteer" aspect is at fault here: tens of > > thousands of users use it for "free," while the software can't be > > rewritten or maintained adequately. Why not a commercial service? And > > the same arguments apply, as always, for the Cypherpunks model of > > remailers.) > > Is this not the killer app that would get ecash off and running? A > commercial service selling cyberspatial privacy and accepting anonymous > ecash for the service sounds like a natural! Thanks, Roy, but I've been arguing this for a -long_ time, as have others. The "digital postage" proposal (stamps, coupons, simple digital cash) fits right in. Current remailers are run in a haphazard way, with poorly-stated policies in some cases, with haphazard maintenance, and with no profit motive to push for higher performance, better reliability, and, critically, with a commitment to service and long-term viability that a real business would have. (To pick one example, without picking on particular people, it's real hard to take a remailer seriously when it goes up and down, when it bounces mail, or when a terse message is broadcast saying: "My remailer is going down for a while because I'm taking my laptop to Portugal for the summer." I'm not picking on these folks, who are running remailers as an experiment and as a free service, but this is part of the overall problem we face.) There are many issues about remailers that have been written about. Feature sets such as padding, types of encryption, reordering, etc. I've written long posts on this, and so have such folks as Hal Finney, Ray Cromwell, Matthew Ghio, Graham Toal, and others. (We get a lot of "Say, what if remailers waited a while before remailing?" comments, which sometimes get responded to, but which are often dismissed. Suffice it to say that a taxonomy of features can be developed, but casual analyses of just part of the situation tend not be helpful.) "Mom and Pop remailers" is my term for the for-profit remailer services which people could install in their homes, hook up to the Net, and operate for profit. Digital postage, at a rate they choose and others can then accept or not accept (and thus not use them). Yes, a good opportunity for an entrepreneurial Cypherpunk. Lots of good issues to consider. (I'll throw out one random idea, one of many: a bunch of remailer operators (henceforth, just "remailers") can organize themselves into a kind of "Remailer's Guild." Purely voluntary, as all aspects of remailers are. The 100 or so members, for instance, could agree to meet certain standards of confidentiality, and kick out anyone who violates this standard. For example. Spamming is reduced in a couple of ways. First, all messages are "paid for" by digital postage (set at different rates, or by the Guild, all self-arranged). Second, targetting of any single remailer by a malicious attacker can be solved by the Guild's arrangement to distribute traffic amongst themselves, especially before what is likely to be a "final" delivery. I have a clear idea of this scenario, and why it helps a lot to distribute risk, but this brief paragraph may not be sufficient to make the points clearly enough. If there's enough interest, I'll elaborate more carefully.) I hope this helps. But newcomers should understand that hundreds of posts have been made about these subjects. Perhaps the archive sites mentioned here have some of them. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From doug at OpenMind.com Tue Aug 2 17:46:09 1994 From: doug at OpenMind.com (Doug Cutrell) Date: Tue, 2 Aug 94 17:46:09 PDT Subject: Anonymous code name allocated. // penet hack Message-ID: >On Tue, 2 Aug 1994, L. Todd Masco wrote: > >> > It isn't even necessary to forge the return address, because majordomo >> > doesn't check. >> In my experience, listservers will clear any commands that don't come from >> the person affected by passing them on for processing by the list >> maintainer as a security precaution. I had assumed majordomo >> did this, but I'm not certain. Tod and Robert are right, I was wrong... I just checked this by creating a dummy account from a different address. When I tried to unsubscribe the dummy account from my usual account, I got a message telling me the request had been deferred to the list owner. So it's not *totally* trivial to mess with the list... Doug From yusuf921 at raven.csrv.uidaho.edu Tue Aug 2 18:01:31 1994 From: yusuf921 at raven.csrv.uidaho.edu (CatAshleigh) Date: Tue, 2 Aug 94 18:01:31 PDT Subject: One last acronym... In-Reply-To: <199408030032.UAA69668@inca.gate.net> Message-ID: On Tue, 2 Aug 1994, Joseph Block wrote: > > Federal Usurpation of Citizen's Keys Eliminates Real Security > " " " " " " Secrecy you missed an obvious one: Federal Usurpation of Citizen's Keys ! there, now read it crossword Duct tape is like the force. It has a light side, and a dark side, and it holds the universe together ... -- Carl Zwanzig From ianf at simple.sydney.sgi.com Tue Aug 2 18:35:24 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Tue, 2 Aug 94 18:35:24 PDT Subject: The Terrorists are coming! In-Reply-To: <3294@aiki.demon.co.uk> Message-ID: <9408031132.ZM695@simple.sydney.sgi.com> On Aug 1, 10:07pm, Jim Dixon wrote: > A large part of the former USSR was Muslim and there were strategic and > tactical nuclear weapons scattered all over the place (tactical weapons > are used as mines, fired from artillery pieces, carried by short range > missiles, and dropped from fighter bombers). If none of these is > unaccounted for, it is a genuine miracle. Out of curiousity, is anyone aware of whether the USSR employed PAL's (Permissive Activation Links) in their strategic nuclear weaponary? If so, is anyone aware of how secure the PAL's the Soviets actually used were? There was a rumor on USENET some time back that the Soviets were using RSA in their PAL's, but it sounded too much like an urban myth to me. Ian. From jamesh at netcom.com Tue Aug 2 18:37:05 1994 From: jamesh at netcom.com (James Hightower) Date: Tue, 2 Aug 94 18:37:05 PDT Subject: clarification please In-Reply-To: <199408022043.NAA06405@scruz.net> Message-ID: <199408030137.SAA24056@netcom13.netcom.com> Will at thinkmedia.com writes: > Woah, > > I remember reading a Scientific American article about two years before > Iraq invaded Kuwait, in which it was made clear Iraq had and were > developing missiles with ranges paralleling only U.S., Russia and China. I > don't think harmless and defenseless quite fits the description. Maybe > wannabe super power would be more accurate. Or perhaps the propaganda had started more than two years prior the invasion. JJH -- From yusuf921 at raven.csrv.uidaho.edu Tue Aug 2 19:03:01 1994 From: yusuf921 at raven.csrv.uidaho.edu (CatAshleigh) Date: Tue, 2 Aug 94 19:03:01 PDT Subject: The Terrorists are coming! (fwd) Message-ID: Duct tape is like the force. It has a light side, and a dark side, and it holds the universe together ... -- Carl Zwanzig ---------- Forwarded message ---------- Date: Tue, 2 Aug 1994 18:12:39 -0700 (PDT) From: CatAshleigh To: Subject: Re: The Terrorists are coming! I was originally going to e-mail this to the people who made the comments, and would recognise what they had said, so I didn't preserve the distinction of who said what, but after re-reading I think it's directly related to Big Brother's attempts at limiting our privacy the >> are my comments, the > are responces and the ones without any >> at all are my counter porposals. sorry if there's any confusion > > first of all the only "muslim" (NOT ARAB, NO ARABS HAVE NUKES, the only > > country with nukes in the middle east is Israel) country > > with a nuclear program is pakistan, and they're years away from anything > > that could be stolen. > > True, but only because they haven't gotten their hands on any yet. It is > well known in certain international arms circles that Kadaffi or Hussein > would absolutely *love* to have their own means of producing nuclear > weapons. And they aren't alone. We built Hussein, and I believe that Kadaffi was still struggeling to build chemial when we bombed him in '86, or so, but I believe I could be mistaken. > > some call it pork barrel, I call it consperasy theory to protray muslims > > as terroists. > > I don't think so. Most of the world's terrorists (with the exception of the > IRA and a handful of others) are recruited and trained by folks in the > Middle East. It may be true that they have gotten more than their share of > publicity in the past, but the fact remains - the Middle East is *the* > training ground for that sort of thing, and there isn't a fundamentalist > over there who wouldn't like to shove a suitcase nuke up Bill's ass. Every orginization which exists in the middle east has a purpose, Hezbullah's purpose is the liberation of Palestine, using nukes would be counter produtive, like in the movie "red dawn" USSR invaded, but USA wouldn't use nukes on it's own territory, because that would make it worthless land. think critically, 1) What would be gained by nuking the US? there are more Muslims here then there are Jews 2) the objective of "terror tactics" is to destroy a lot of property with as few injuries as possible, something akin to "counting coup" to demonstrate that "IF their intention had been to kill people, alot more bodies would be found, which (ie more fatalities) is easly accomplised by simply packing the bomb with shrapnal. could you be more specific about which "fundamentalists" you're talking about? > Haven't you heard? America *is* THE ENEMY to a majority of the folks over > in that part of the world. If you don't believe me, travel to that part of > the world carrying an American passport and see what happens. OY! please don't make generalizations. Iran had a popular revolution and overthrew the Shah (it's well documeted that he tortured prisoners in his jails) and replaced it with a democratic parlement, and implemented Islamic law, the USA urged Saddam Hussein to attack them and refused to extridite the Shah to be tried for his crimes. Would you expect any less after that? Who else called the USA a satan? the "ENEMY" is dictators who suppress the people from democratic elections and the countries who back them. therefore keep your eye on Egypt, but they're not very conserned about the USA because there's not much the USA can do to interfere there. > In message > CatAshleigh writes: > > > first of all the only "muslim" (NOT ARAB, NO ARABS HAVE NUKES, the only > > How do you know? > that's common knowlage, when Iraq got close to developing them, Israel bombed them. the only country the usa is throwing a hissyfit about is Pakistan. (and N. Korea) > Ahem. Uzbekistan is Muslim, and is also the third or fourth largest > nuclear power, and also is in a part of the world where there is a > long tradition of ... how do I say it gently ... greasing the palm. > I spent quite a while next door in Afghanistan and am familiar with > the culture. > the 5 largest nuclear powers are 1) USA 2) Russia 3) china 4) India 5) Israel (believed to have about 100 warheads) Uzbek was part of the USSR, and that's where they deposited some of their permanent sites, Uzbek refused to return them when the federation broke apart because they (they're smart) don't trust the russians farther then they can throw a nuke at them, after all they wanted nothing to do with USSR and were forced into the USSR by the soviets invading. Nukes are their insurance, they're not going to be parting with those any time soon. China is who they should be keeping an eye on. Smaller weapons certainly, such as stinger missiles, but that's capitalism :) A large part of the former USSR was Muslim and there were strategic and tactical nuclear weapons scattered all over the place (tactical weapons are used as mines, fired from artillery pieces, carried by short range missiles, and dropped from fighter bombers). If none of these is unaccounted for, it is a genuine miracle. It was my understanding that only the USA was incompetent enough to develop "tactical" nuclear weapons where any grunt can drop them and KABLEWY > Also, there has been quite a lot of press coverage here in the UK of > the defector from Saudi Arabia who claims that (a) the Saudis backed both > the Iraqi and the Pakistani nuclear programs and (b) the Saudis at > least have some nuclear materials. > The "defector" is an idiot, saudies were too busy building infrastructure to waist money backing other people's weapons development. The Saudies backed Iraq because they were fighting Iran and saudies aren't too fond of Shi'a. It might also be noted that the USA is similarly guilty. > > second of all there are more deaths caused by lighting on golf courses, > > ask any insurance agency. > > Also not true. The total number killed directly and indirectly in > Japan alone by atomic bombs is certainly over 100,000. I can't believe > that that many people have been killed by lightning on golf courses! > that's deaths from lightning on golf courses verses "terrorist attacks" I should have made that more clear, sorry. I'm glad that you mentioned that though, lets remember that it was the USA who was the "terroist" who bombed the civilians at Nagasaki and Heroshima (terrorist as defined in the dictionary) > > some call it pork barrel, I call it consperasy theory to protray muslims > > as terroists. > > Pork barrel? by inflating the NSA, and CIA, more people in your department, more job security. > -- > Jim Dixon > ---------- > > > The only other people who are called terroist are the IRA, and I don't see > > the FBI scrambling to protect Great Britian's consulet in DC when a > > car bomb goes off in London > > Here in the UK we read about lots of terrorist groups, not just the IRA: > ETA in Spain ... At least not called terrorist in USA papers, in fact only the British news agencies call the IRA terrorists, american papers seem to take a neutral attitude to the situation. my paragraph was in responce so automaticaly equating "nessisary step-ups in security against terrorists" as a codeword for "spying on arabs and muslims" by the FBI and CIA. > Maybe you should subscribe to a London newspaper. > The internet is better. > --- > Jim Dixon > > Duct tape is like the force. It has a light side, and a dark side, and it holds the universe together ... -- Carl Zwanzig From berzerk at xmission.xmission.com Tue Aug 2 19:14:34 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Tue, 2 Aug 94 19:14:34 PDT Subject: Uniforms, Authority, and System "X" In-Reply-To: <199408022111.OAA05387@netcom15.netcom.com> Message-ID: After spending a great leingth of time talking about the child abuse mania that is poluting out culture, On Tue, 2 Aug 1994, Mike Duvos wrote: > I personally believe there is a large correlation between > genetically determined personality traits and an attraction to > right wing political thought. Funny, most the people I know here that procalim this the loudest are LEFT wing people talking right wing mormons. Berzerk. From Banisar at epic.org Tue Aug 2 19:21:37 1994 From: Banisar at epic.org (David Banisar) Date: Tue, 2 Aug 94 19:21:37 PDT Subject: ID Card Hearing 8/3/94 Message-ID: <9408022222.AA21355@Hacker2.cpsr.digex.net> National ID Card Hearing 8/3/94 Barbara Jordon, Chairwoman of the US Commission on Immigration Reform will be testifying before the Senate Judiciary Committee tomorrow on the Commissions recomendations on verifying workers are eligible. Drafts of Ms. Jordon's testimony reveal that the Commission has backed off its initial proposal to require a national id card. Rather, the Commission will recommend a pilot program for the 5 states "most harmed by illegal immigration." It appears that this "pilot program" is only an attempt to limit initial opposition to the proposal with a future plan to implement it to other states as possible. In fact, when the national id proposal was first floated, the plan was to implement it step by step. Assuming that this will include Florida, California and Texas, a sizable percentage of the US population will be affected by the proposal. The Hearing will be held in Hart Senate Office Building, Room 216 at 10:15 am From rarachel at prism.poly.edu Tue Aug 2 19:29:50 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Tue, 2 Aug 94 19:29:50 PDT Subject: Anonymous code name allocated. // penet hack In-Reply-To: <9408020355.AA25057@burgess.Eng.Sun.COM> Message-ID: <9408030217.AA09048@prism.poly.edu> I don't think I have a code allocated, unless I accidentally replied to some message from penet... If (suppose) I had one allocated, what would happen with the tuna spam? Would anything alert me that it was tried? From tcmay at netcom.com Tue Aug 2 19:33:07 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 2 Aug 94 19:33:07 PDT Subject: Attention Bay Area (and West Coast?) Cypherpunks Message-ID: <199408030233.TAA14003@netcom16.netcom.com> The "Nova" PBS is tonight, at 8 p.m., repeating "The Codebreakers." On Channel 9, KQED, in San Francisco, and maybe elswhere...depends on when your area shows 'nova." I only mention this because last time it was on, a bunch of folks asked if anyone could send them copies, so there must be some interest. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From mimir at io.com Tue Aug 2 20:04:16 1994 From: mimir at io.com (Al Billings) Date: Tue, 2 Aug 94 20:04:16 PDT Subject: In the news... In-Reply-To: <199408020906.AA17343@panix.com> Message-ID: On Tue, 2 Aug 1994, Duncan Frissell wrote: > "The FBI is examining his computer to uncover links to other people." > > Said of the Abortion Doctor slaying suspect. Not much of a "suspect" given the evidence and such. From nobody at shell.portal.com Tue Aug 2 20:46:58 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 2 Aug 94 20:46:58 PDT Subject: 'Anon' Fake Message-ID: <199408030346.UAA09985@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- > The mechanism employed was obvious and simple -- someone subscribed an > anXXX address to the list. Anyone looking at the subscription list can > tell that, on their own. This technique has been used before. Is there any evidence to link this anxxxx person to the "tuna fish" spam? Given the fact that by doing a "who cypherpunks" will yield anyone, including various TLAs a list of potential "troublemakers" (by their standards), might this subscriber merely be trying to protect his real identity from prying eyes? Actually, I had thought of doing so myself, but didn't want to over-burden Julf's server with such a high volume of mail, plus having the mesages get cut off whenever a dashed line was encountered. FWIW, other list servers have a "set conceal" option which, upon request, keeps a person's address from becoming public through the "who" command. - -- Diogenes -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLj70d+Rsd2rRFQ1JAQFSlwP+NkXJSaKlUKuFnLhzHWjGxd6X+prUlPiV NsKGBXON6ATKGTvcCE8IG+A17MwkxNi4PxnOvmdCyyI+940Rz9uDmZo8qSW5EWip 7oQ/mEFGnxRY7wkw+99QHpASxBE/9nJSvuCM0AwGfZ5/0rMSUE1t2M52PAfZcELa 9G+cEM9GiPM= =tzW7 -----END PGP SIGNATURE----- From jamesd at netcom.com Tue Aug 2 21:30:04 1994 From: jamesd at netcom.com (James A. Donald) Date: Tue, 2 Aug 94 21:30:04 PDT Subject: Children and the Net In-Reply-To: <199408022232.AA14753@world.std.com> Message-ID: <199408030430.VAA12681@netcom14.netcom.com> Lately there has been much tedious back and forth concerning child abuse. This has very little to do with cryptography. It has however something to do with privacy. Should they government meddle in peoples homes and make sure they are bringing up children in the proper government approved fashion? Regarding child abuse and Koresh: The government was fishing for stuff to get him on. The Davidians were charged, came to court, and were aquitted. The infamous warrant that led to the Davidian children being crispy fried concerned guns, not child abuse. If we look at famous child abuse cases in California they are mostly cases of gross abuse by government. Do children get abused: Yep, almost always by step parents, as in the wicked stepmother. We are unsurprised when someone murders a rival. We take for granted that two women under one roof will lead to grave trouble. Yet a stepchild is a more formidable rival for a spouses attentions than any lover could be. In fact, step parents are more strongly motivated to murder step children than they are to murder their wife or husbands other lovers. For this reason the evil step parent has for centuries been a stock character to make the plot move along. Until recently anybody who read a book would take for granted that step parents were a hazard to life and limb. And when I talk to a kid who is hanging out a long way from home, a common reason is to avoid being alone with a step parent. Step parents are still a hazard to life and limb. Yet in todays literature and TV shows and movies, it is generally assumed that step parents and step children will get along tolerably well. For a reason that is very unclear to me, this obvious fact is being systematicly denied in Western culture generally, and in American culture in particular. To support this fiction, it appears to me that "Child Protective Services" agencies make a deliberate effort to go after natural parents. It appears to me that they are trying to make some kind of quota so as to create the appearance that child abuse is not biologically driven problem. Similarly, when a natural parent abuses their child, this receives vastly more media attention than step parent abuse, in a disproportion similar to the extreme disproportion given to incidents of white racial violence against blacks as compared to black racial violence against whites. Yep. Its a conspiracy. But what is the point of such a conspiracy? From nobody at shell.portal.com Tue Aug 2 21:55:16 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 2 Aug 94 21:55:16 PDT Subject: Uniforms, Authority, and 'System X' Message-ID: <199408030455.VAA15985@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- Berzerk wrote: > Funny, most the people I know here that procalim this the loudest are > LEFT wing people talking right wing mormons. > ^^^^^^^ > Berzerk. Did you intend to say "morons" or "Mormons"? --- Diogenes -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLj8Z3+Rsd2rRFQ1JAQHb3wP8DT9tnoskwHnfGFA2kFxU3A/JEPUWpWcD zGcqVm2nJXxYfWMUT5B3XNL9mlMr0kuiL/+WLEtRnpqmc3ia3pE7VHAfa/rJW9Kq kV1F8KrVLt3r5OH/Hldmj0obfA035FLYejJXlSB9hGHBCnMYmFto2VWhyyye7Ca7 qCtyUST5PJM= =mBp5 -----END PGP SIGNATURE----- From a.brown at nexor.co.uk Wed Aug 3 00:58:52 1994 From: a.brown at nexor.co.uk (Andrew Brown) Date: Wed, 3 Aug 94 00:58:52 PDT Subject: Steganography Message-ID: Great, I just lost 18 hours worth of messages. If anyone replied to this thread in that time I'd really appreciate a repost, thanks. - Andy From jdd at aiki.demon.co.uk Wed Aug 3 03:06:55 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 3 Aug 94 03:06:55 PDT Subject: The Terrorists are coming! Message-ID: <3496@aiki.demon.co.uk> In message CatAshleigh writes: > > > first of all the only "muslim" (NOT ARAB, NO ARABS HAVE NUKES, the only > > > > How do you know? > > > that's common knowlage, when Iraq got close to developing them, Israel > bombed them. In this case, "common knowledge" = "not true". > > Ahem. Uzbekistan is Muslim, and is also the third or fourth largest > > nuclear power, and also is in a part of the world where there is a > > long tradition of ... how do I say it gently ... greasing the palm. > > the 5 largest nuclear powers are 1) USA 2) Russia 3) china 4) India > 5) Israel (believed to have about 100 warheads) Uzbekistan has several ICBM sites. Some of the ICBMs are MIRVed, with maybe 10 warheads each. I think that Uzbekistan may outclass China. I have never heard claims that India had more than 100 warheads. The Ukraine also has many ICBMs and I would assume outranks India and Israel. I also believe that France outclasses both India and Israel. And Britain has nuclear submarines carrying thermonuclear weapons, tactical weapons carried by fighter/bombers, etc. What is your authority for this ranking?? > > A large part of the former USSR was Muslim and there were strategic and > > tactical nuclear weapons scattered all over the place (tactical weapons > > are used as mines, fired from artillery pieces, carried by short range > > missiles, and dropped from fighter bombers). If none of these is > > unaccounted for, it is a genuine miracle. > > It was my understanding that only the USA was incompetent enough to develop > "tactical" nuclear weapons where any grunt can drop them and KABLEWY. I DEFINED the term "tactical". I mentioned no grunts. The Soviets certainly had tactical nuclear weapons of every type that I mentioned, and more (nuclear torpedoes, for example). Their plans for the invasion of Europe have been published. These plans included the heavy use of tactical nuclear weapons in every theater. Their strategic weapons would have been used on America. > > Also, there has been quite a lot of press coverage here in the UK of > > the defector from Saudi Arabia who claims that (a) the Saudis backed both > > the Iraqi and the Pakistani nuclear programs and (b) the Saudis at > > least have some nuclear materials. > > The "defector" is an idiot, I saw him interviewed on TV, his IQ seemed to be fairly high. 130+ ? > saudies were too busy building infrastructure > to waist money backing other people's weapons development. But ... no one disputes the claim that the Saudis backed weapons development in Iraq; the Saudis freely admit it. They deny only the reports about nasty (nuclear, chemical, and biological) weapons. > The Saudies backed Iraq because they were fighting Iran and saudies > aren't too fond of Shi'a. And in the next line you admit it yourself. > It might also be noted that the USA is similarly > guilty. By this point, you've lost track of what you are saying. The USA is similarly guilty of funding Iraqi development of nuclear weapons?? [I made a reference to the atomic bombing of Japan] > I'm glad that you mentioned that though, lets remember that it was the > USA who was the "terroist" who bombed the civilians at Nagasaki and > Heroshima (terrorist as defined in the dictionary) My dictionary does not define the term 'terrorist' that way. The Japanese started the war with the US by bombing Pearl Harbor, the US ended it by bombing Hiroshima and Nagasaki. It was a nasty war on all sides. Any soldier knows that the best way to win is to induce terror in your opponent. But the term 'terrorist' is not used for soldiers engaged in open warfare. It normally refers to those who make clandestine attacks with the purpose of inducing terror in civilians. If you hijack an airliner, you are a terrorist. If you firebomb Dresden, what you have done may be sickening, but you are not a terrorist. You are a soldier in a brutal war. Most wars of any length get brutal. The style of argument used here is very 1984. Words are used in abnormal ways, people are demonized (Israel, America), contradictions are stated in the same sentence, vilification replaces logic. And also, comments were asked to be sent by email, and then edited before being replied to in public. Not good. -- Jim Dixon From jkreznar at ininx.com Wed Aug 3 03:40:55 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Wed, 3 Aug 94 03:40:55 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408021942.MAA21100@netcom5.netcom.com> Message-ID: <9408031040.AA25684@ininx> -----BEGIN PGP SIGNED MESSAGE----- In Message-Id: <199407312314.QAA16264 at netcom4.netcom.com>, Mike Duvos wrote: > No personal attack intended. I am a strong supporter of > egalitarian societies with strong social safety nets, and think > that youth emancipation will likely be the next big civil rights > movement in this country. I am also willing to pay high taxes in > order to feel secure that all citizen-units are suitably housed, > well-fed, and taken care of. This is entirely self-serving on my > part, since it cuts down on social unrest and street crime. Yet in the present message he observes that > The lesson to be learned here is that societies based on a > diffuse "Web of Trust" organization are far less dangerous than > those based on a powerful centralized authority. A powerful > centralized authority inevitably devolves into interacting with > its subjects using the protocol... > Do What We Say Or We'll Kill You! > Or in its more tasteful two-part form... > 1. Do What We Say. > 2. You're Under Arrest, And If You Resist, > We'll Kill You. > At that point, Wars, Wacos, Encryption Bans, and BBS Porno Show > trials lurk just around the corner. Mike Duvos, how I wish I had the time to try to understand how you reconcile these seemingly incompatible sentiments! How can you achieve ``egalitarian societies with strong social safety nets'' without using ``powerful centralized authority''? As a proponent of ``high taxes'', how can you also favor strong cryptography? Do you doubt that expropriating ``high taxes'' from your neighbor will be made more difficult in a world with strong cryptography? In view of the natural diversity among people, how can you achieve an ``egalitarian society'' without someone who says ``Do What We Say Or We'll Kill You!''? John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLj9zc8Dhz44ugybJAQE/fwP/TA+yCerTZk8pH1Gi2yunA0FE8FqKm7i+ Gy8URq3jFOUPYDHy6fkFPsfX8NB404e1eGFFBNx6U0FE360FmYKO7eI+q5dUJ9gE fBLKlQYL/HSGyoPs6P4ZYJxNwY0svCUwOnOTIcVAb2UEHdHlDF+cvsogOFJk3WIy w/9kwSsE20s= =TM1s -----END PGP SIGNATURE----- From mlshew at netcom.com Wed Aug 3 04:03:33 1994 From: mlshew at netcom.com (Mark Shewmaker) Date: Wed, 3 Aug 94 04:03:33 PDT Subject: Clobbered my mail. Anyone have archives? Message-ID: <199408031103.EAA08660@netcom8.netcom.com> Apologes for the bandwidth, but I just destroyed 2 weeks worth of cypherpunks, extropians, and general semantics mail. (Everything from July 20 to August 3.) Would someone with archives please contact me? Thanks. Mark Shewmaker mlshew at netcom.com Helpful household tip for the day: When adding files to archives, it is wise to use "lha a ...", instead of "lha m ..." From a.brown at nexor.co.uk Wed Aug 3 05:18:41 1994 From: a.brown at nexor.co.uk (Andrew Brown) Date: Wed, 3 Aug 94 05:18:41 PDT Subject: Steganography (Was Re: What kind of encryption to incorporate?) In-Reply-To: <199408021526.LAA17483@pipe1.pipeline.com> Message-ID: On Tue, 2 Aug 1994, John Young wrote: > Some features of CAD programs such as AutoCad may be useful for > concealment. Hmmm, hadn't thought about that possibility. > Want to discuss here or by e-mail? Here should be fine, there seems enough interest. - Andy From perry at imsi.com Wed Aug 3 05:38:59 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 3 Aug 94 05:38:59 PDT Subject: My light bulb goes on... (was:Re: Tuna fish...) In-Reply-To: <940802.173235.9o1.rusnews.w165w@sendai.cybrspc.mn.org> Message-ID: <9408031238.AA12045@snark.imsi.com> Roy M. Silvernail says: > In list.cypherpunks, Tim strikes gold: > > > (Personally, I think the "volunteer" aspect is at fault here: tens of > > thousands of users use it for "free," while the software can't be > > rewritten or maintained adequately. Why not a commercial service? And > > the same arguments apply, as always, for the Cypherpunks model of > > remailers.) > > Is this not the killer app that would get ecash off and running? A > commercial service selling cyberspatial privacy and accepting anonymous > ecash for the service sounds like a natural! The problem is not a need for a killer app -- there are dozens. The obstacle is regulatory problems, and finding a large and reputable sponsoring organization (like a big bank). Perry From jdd at aiki.demon.co.uk Wed Aug 3 06:20:35 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 3 Aug 94 06:20:35 PDT Subject: Egalitarianism vs. Strong Cryptography Message-ID: <3514@aiki.demon.co.uk> In message <9408031040.AA25684 at ininx> "John E. Kreznar" writes: > In Message-Id: <199407312314.QAA16264 at netcom4.netcom.com>, Mike Duvos > wrote: > > > No personal attack intended. I am a strong supporter of > > egalitarian societies with strong social safety nets, and think > > that youth emancipation will likely be the next big civil rights > > movement in this country. I am also willing to pay high taxes in > > order to feel secure that all citizen-units are suitably housed, [etc] > > Yet in the present message he observes that > > > The lesson to be learned here is that societies based on a > > diffuse "Web of Trust" organization are far less dangerous than > > those based on a powerful centralized authority. [etc] > > Mike Duvos, how I wish I had the time to try to understand how you > reconcile these seemingly incompatible sentiments! Look closely. He says that (a) he likes strong, centralized societies but (b) they are dangerous. Sometimes you like dangerous things. > ... As a proponent > of ``high taxes'', how can you also favor strong cryptography? Do you > doubt that expropriating ``high taxes'' from your neighbor will be made > more difficult in a world with strong cryptography? Personally I am very much against high taxes, but once again there is no real contradiction in these viewpoints. You will need the high taxes to pay for all the tax inspectors trained in cryptography. > In view of the > natural diversity among people, how can you achieve an ``egalitarian > society'' without someone who says ``Do What We Say Or We'll Kill > You!''? You can't, unless you are willing to kill everyone with any spirit. But you can vote him down. -- Jim Dixon From paul at poboy.b17c.ingr.com Wed Aug 3 06:43:40 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Wed, 3 Aug 94 06:43:40 PDT Subject: The Terrorists are coming! In-Reply-To: <9408031132.ZM695@simple.sydney.sgi.com> Message-ID: <199408031339.AA05228@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > Out of curiousity, is anyone aware of whether the USSR employed PAL's > (Permissive Activation Links) in their strategic nuclear weaponary? If so, > is anyone aware of how secure the PAL's the Soviets actually used were? > There was a rumor on USENET some time back that the Soviets were using RSA > in their PAL's, but it sounded too much like an urban myth to me. I suspect they must have had a PAL-like mechanism, although at least some of their weapons rely on interlocks which can only be triggered by a KGB-controlled activator. I remember the USENET rumor as being that the _US_ was using RSA as a component of the comm systems used to transmit Emergency War Orders (EWOs) to US forces. No one has confirmed that, but it certainly seems plausible. Come to think of it, the PALs on US weapons are primarily electromechanical in nature. You get the EWO, you punch in the supplied code into the PAL, and off you go. I'm not sure that RSA would a whole lot of use as part of the PAL mechanism itself (except for signature verification, which is certainly important.) - -Paul - -- Paul Robichaux, KD4JZG | "Information is the currency of democracy." perobich at ingr.com | - some old guy named Thomas Jefferson Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLj+d86fb4pLe9tolAQEllwQAmrjDgCgTwdER8RfyUKybdY9IyVtahYdz OfrdFi813sHZqKCw+ONzCL5sPlIAtLeZzNsqUL8MarM66EbSGzdSilMxVc32eAKe p1j7SXvIVj9gWKM2AS+i0AcEv9HIla417zovTGtowi2stlp34KmhHK7WWGuWqxD+ iWLFcWh9mcg= =BONM -----END PGP SIGNATURE----- From blane at squeaky.free.org Wed Aug 3 08:07:50 1994 From: blane at squeaky.free.org (Brian Lane) Date: Wed, 3 Aug 94 08:07:50 PDT Subject: Steganography (Was Re: What kind of encryption to incorporate?) In-Reply-To: Message-ID: On Wed, 3 Aug 1994, Andrew Brown wrote: > On Tue, 2 Aug 1994, John Young wrote: > > > Some features of CAD programs such as AutoCad may be useful for > > concealment. > > Hmmm, hadn't thought about that possibility. > > > Want to discuss here or by e-mail? > > Here should be fine, there seems enough interest. > Please keep discussing it here! There's only so much of this other stuff that I can take - my brain needs refreshment. How about hiding data in digitized audio? With enough audio the data wouldn't degrade the signal noticably. Brian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From a.brown at nexor.co.uk Wed Aug 3 08:12:57 1994 From: a.brown at nexor.co.uk (Andrew Brown) Date: Wed, 3 Aug 94 08:12:57 PDT Subject: Steganography (Was Re: What kind of encryption to incorporate?) In-Reply-To: Message-ID: On Wed, 3 Aug 1994, Brian Lane wrote: > How about hiding data in digitized audio? With enough audio the data > wouldn't degrade the signal noticably. I've already done that, it's included in the s-tools v2 package as a module to conceal information in .WAV files. The effect on quality when using the LSB of an 8 bit 11Khz mono sample is not noticeable unless the original sound is highly pure (e.g. downloaded from a synth). Even then it only shows up as _very_ faint interference that needs a good hi-fi to hear and the original sample for comparison. Regards, - Andy From mpd at netcom.com Wed Aug 3 08:46:16 1994 From: mpd at netcom.com (Mike Duvos) Date: Wed, 3 Aug 94 08:46:16 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <9408031040.AA25684@ininx> Message-ID: <199408031545.IAA17162@netcom11.netcom.com> jkreznar at ininx.com (John E. Kreznar) asks: > Mike Duvos, how I wish I had the time to try to understand > how you reconcile these seemingly incompatible sentiments! > How can you achieve ``egalitarian societies with strong > social safety nets'' without using ``powerful centralized > authority''? As a proponent of ``high taxes'', how can you > also favor strong cryptography? Do you doubt that > expropriating ``high taxes'' from your neighbor will be made > more difficult in a world with strong cryptography? In > view of the natural diversity among people, how can you > achieve an ``egalitarian society'' without someone who says >``Do What We Say Or We'll Kill You!''? Excellent questions! I view society as a collection of services provided to individuals. Things like education, housing, medical care, food, legal services, locating appropriate employment, and others. To the extent that these services are provided in an efficient manner at a reasonable price, citizens live well. I also think these services should be provided by the private sector and not by any centralized government. In fact, I think the centralized government should be as small as possible and reduced primarily to ceremonial functions. An egalitarian society can then be achieved by simply not making certain groups of people, like the young, exceptions to the laws which protect everyone else, and giving them equal access to the courts and other social institutions. Egalitarianism should always be approached by providing "equality of opportunity" and never by legislating "equality of result." Taxation should be small, uniform, and applied to transactions and never to the earnings of individuals. Income tax is not necessary to generate revenue and exists primarily to justify government snooping into the private business of citizens and secret police organizations like the IRS. A VAT would do the trick nicely and could be easily built into the DigiCash system of the future. I also favor a small guaranteed annual income which would allow citizens to live just slightly better than they do in prison. Incarceration can never be a deterent if it is a step upward in ones standard of living, something the US seems to have lost sight of. As for strong cryptography, it should be unrestricted and used whenever approprate. If individuals wish to go to the trouble of avoiding taxes setting up secret businesses that encrypt all transactions, more power to them. The small number of people who will bother to do this will not have any real impact on taxation. If taxes are reasonable and the money is used for things that people support, people will be suitably incentivised not to avoid them. Thus strong crypto, egalitarianism, less government, and tolerable taxes can all live happily together in our future. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From jya at pipeline.com Wed Aug 3 08:56:59 1994 From: jya at pipeline.com (John Young) Date: Wed, 3 Aug 94 08:56:59 PDT Subject: Steganography by CAD Message-ID: <199408031555.LAA08226@pipe2.pipeline.com> Responding to msg by a.brown at nexor.co.uk (Andrew Brown) on Wed, 3 Aug 1:17 PM Andy: Features for concealment of plain or cyphertext by CAD programs: 1. Plain or cyphertext can be imported by each letter, by sentence, by block of text; then manipulated by the CAD program as one or multiple concealed CAD entities. 2. Text manipulation includes: Reduce to any scale. Place on hidden layers. Hide by other entities. Distort to a variety of shapes. And otherwise disfigure the text into non-recognizable forms. 3. In addition, there are a host of CAD-features for further, multiple, transformations of the text, including algorithmic permutations. 4. Subsequent manipulation of the CAD document may include exporting to other proprietary and generic CAD formats. 5. CAD document may then be transmitted plain (in the selected CAD format) or encrypted for transmission. 6. The recipient uses a CAD program (and decryption program if needed) to restore the concealed text to its original encrypted form. It is exported to the original encryption program for decryption. 7. Caveat 1: While this manipulation will be invisible or camouflaged in the CAD document the underlying code of the program will provide clues. However, it should be possible to encrypt these clues. 8. Caveat 2: Sender and recipient will need to exchange protocols, by encrypted transmission probably, for restoring the concealed text. 9. Caveat 3: This is not elegant and requires little or no crypto competency. But it can be easily done by a CAD operator to help conceal sophisticated crypto. Comments? John, an architect of the building codes domain. From jrochkin at cs.oberlin.edu Wed Aug 3 09:13:53 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 3 Aug 94 09:13:53 PDT Subject: encryption and Ham Radio Message-ID: <199408031613.MAA14343@cs.oberlin.edu> A while ago I thought about getting a Ham Radio license for doing TCP/IP over the airwaves. I never got around to learning the details, but I know that it is possible, and that many Hams in big cities have detailed digital nets running over the airwaves, using TCP/IP, or other protocols. There are even some gateways onto the internet. When I was investigating getting a license, it came to my attention that FCC rules prohibit encrypting any digital data you send over the airwaves in this way. I don't know exactly how far this prohibition reaches, but I know you can lose your ham license for sending encrypted data over the digital ham network. I haven't actually seen any mention of this by the EFF and other groups like that, where I'd expect it. Or on cypherpunks, for that matter. Maybe it's because no one knows about it. So I'm telling you. I think that this is a pretty terrible state of affairs, because ham radio TCP/IP provides a low cost (if really low bandwith) permanent connection to the internet, and currently anyone who accesses the internet this way is _prohibited_ from using encryption. Bad. [Oh, they are also prohibited form broadcasting "bad" words in digital form. Which causes endless problems for people with usenet gateways onto these digital ham nets. They need automated software robots searching out all posts for Carlins 7 bad words, and deleting them.] From kentborg at world.std.com Wed Aug 3 10:22:56 1994 From: kentborg at world.std.com (Kent Borg) Date: Wed, 3 Aug 94 10:22:56 PDT Subject: DES Flames Message-ID: <199408031722.AA10579@world.std.com> It seems I made two mistakes. 1) I didn't word my question clearly enough. 2) I posted from my AOL account. (Note that this is sent from a Genuine Hard to Use Unix Machine as Terribly Sophisticated Proof the I am not a Complete Fool...boy, some people are naive.) I try again. Given: 1) Some people worry about the strength of DES. (Correct?) 2) DES is within striking distance of a brute-force attack, this is far-and-away its most serious weakness. (Correct?) 3) 3-DES is nowhere near soon being vulnerable to a brute-force attack. (Correct?) It follows then that: 3-DES is a trivial fix of DES' ills. (Correct?) Now, I repeat my puzzle. If there really was a Great Government Gnashing of teeth over how to replace DES, what was the problem? Is it that 3-DES is too good? (But then why the great worry over DES in the first place? 56-bits is not something easy to break off the shelf. Are we worried about the French or Japanese or somebody?) Something doesn't add up here--and it isn't the fact that one of my six or eight internet addresses is an AOL account. My tentative answer: DES is *generally* too strong for the TLA's taste, but specifically 56-bits worth of DES is too little. They were in a paradox of wanting something the US spooks could read but others can't. But then why the long delay before back-door systems like Clipper are rushed out? It still doesn't add up. Another possible answer: the threat to DES was not its weakness, rather the combination of its *strength* and the fact that regular folks would start using it, a la PGP and RIPEM. When it first came out only banks and stuff were interested, not plain old citizens. In other words, DES' fault was how strong it is. (ObStupidWarning: Yes, 56-bits is too few to really trust, but 3-DES is a trivial variation.) -kb, the Kent who no longer has Perry's permission to post -- Kent Borg +1 (617) 776-6899 kentborg at world.std.com kentborg at aol.com Proud to claim 39:30 hours of TV viewing so far in 1994! From tcmay at netcom.com Wed Aug 3 10:30:50 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 3 Aug 94 10:30:50 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408031545.IAA17162@netcom11.netcom.com> Message-ID: <199408031702.KAA29908@netcom3.netcom.com> Mike Duvos writes: (Good sentiments about small government elided....) > Taxation should be small, uniform, and applied to transactions > and never to the earnings of individuals. Income tax is not > necessary to generate revenue and exists primarily to justify > government snooping into the private business of citizens and > secret police organizations like the IRS. A VAT would do the > trick nicely and could be easily built into the DigiCash system ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > of the future. ^^^^^^^^^^^^^^ Not the untraceable cash systems most of us are interested in, that's for sure. Since transactions between "Alice" and "Bob" are invisible to outsiders, and they may not even know the identity of the other, then it's hard to imagine how the Tax Man interjects himself. Unless of course some "escrow" system is mandated, and independent schemes are extirpated ruthlessly. Not a pretty sight. > I also favor a small guaranteed annual income which would allow > citizens to live just slightly better than they do in prison. > Incarceration can never be a deterent if it is a step upward in > ones standard of living, something the US seems to have lost > sight of. In the crypto anarchist future I envision, this will never happen. Mike and his friends are of course free to donate some or all of their earnings to provide a "guaranteed annual income" for others, but not me. But this gets into basic ideological issues, so I'll stop now. The crypto significance is that strong crypto makes many things Mike wants essentially impossible to achieve, fortunately. > As for strong cryptography, it should be unrestricted and used ^^^^^^^^^^^^ > whenever approprate. If individuals wish to go to the trouble of > avoiding taxes setting up secret businesses that encrypt all > transactions, more power to them. The small number of people who > will bother to do this will not have any real impact on taxation. > If taxes are reasonable and the money is used for things that > people support, people will be suitably incentivised not to avoid > them. Huh? This paragraph does not compute. > Thus strong crypto, egalitarianism, less government, and > tolerable taxes can all live happily together in our future. > In your dreams. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From pstemari at bismark.cbis.com Wed Aug 3 10:34:44 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Wed, 3 Aug 94 10:34:44 PDT Subject: broadcast encryption In-Reply-To: Message-ID: <9408031734.AA18504@focis.sda.cbis.COM> > The US is a signatory to the International Telecommunications Union > (ITU) treaties that allocate various parts of the radio spectrum for > different uses around the world. One of those treaties (or some part > of one; I forget which) prohibits the use of encryption to "obscure > meaning." So how is it that the satellite companies are allowed to encrypt their signals, while individuals are not? Another example where corporations have greater rights than individuals? --Paul From mdfnlysn at Mcs.Net Wed Aug 3 11:07:16 1994 From: mdfnlysn at Mcs.Net (Matthew D. Finlayson) Date: Wed, 3 Aug 94 11:07:16 PDT Subject: broadcast encryption In-Reply-To: <9408031734.AA18504@focis.sda.cbis.COM> Message-ID: On Wed, 3 Aug 1994, Paul J. Ste. Marie wrote: > > The US is a signatory to the International Telecommunications Union > > (ITU) treaties that allocate various parts of the radio spectrum for > > different uses around the world. One of those treaties (or some part > > of one; I forget which) prohibits the use of encryption to "obscure > > meaning." > > So how is it that the satellite companies are allowed to encrypt their > signals, while individuals are not? Another example where > corporations have greater rights than individuals? > > --Paul > > Who are these satellite companies? I work for a major international record carrier and I have no encryption on any of the earth stations in my inventory. --Matt From snyderra at dunx1.ocs.drexel.edu Wed Aug 3 11:07:16 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Wed, 3 Aug 94 11:07:16 PDT Subject: encryption and Ham Radio In-Reply-To: <199408031613.MAA14343@cs.oberlin.edu> Message-ID: <199408031805.OAA17997@dunx1.ocs.drexel.edu> Jonathan Rochkind scribbles: > A while ago I thought about getting a Ham Radio license for doing TCP/IP over the airwaves. I never got around to learning the details, but I know that it is > possible, and that many Hams in big cities have detailed digital nets running > over the airwaves, using TCP/IP, or other protocols. There are even some > gateways onto the internet. Yup. All sorts of nifty stuff available for digital ham radio bands, though if you're looking for a replacement for a SLIP/PPP connection to the net, you'll probably be disappointed. > When I was investigating getting a license, it came to my attention that FCC > rules prohibit encrypting any digital data you send over the airwaves in this > way. I don't know exactly how far this prohibition reaches, but I know > you can lose your ham license for sending encrypted data over the digital > ham network. Actually, I think it's "obscure the meaning." My reading of this is that certain forms/uses of cryptography, like digital signature, would be permitted. > I haven't actually seen any mention of this by the EFF and other groups like > that, where I'd expect it. Or on cypherpunks, for that matter. Maybe it's > because no one knows about it. So I'm telling you. I think that this is a > pretty terrible state of affairs, because ham radio TCP/IP provides a low > cost (if really low bandwith) permanent connection to the internet, and > currently anyone who accesses the internet this way is _prohibited_ from using > encryption. Bad. I don't currently have a TNC to connect up, though I probably will soon. I don't think I would ever use my connection to do raw IP from my machine to the Internet, primarily because of the prohibition on commercial traffic, which is difficult to guard against, and that you are responsible for your transmittions, regardless of the actual origin of the traffic. Makes for a dnagerous combination. > [Oh, they are also prohibited form broadcasting "bad" words in digital form. > Which causes endless problems for people with usenet gateways onto these > digital ham nets. They need automated software robots searching out all posts > for Carlins 7 bad words, and deleting them.] This doesn't protect them. For example, that C&S spam from a while ago would have placed any Usenet gateway in violation of FCC rules. Loss of license, and some hefty fines (though they are usually waived if you can't afford it or it wasn't malicious) Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From pstemari at bismark.cbis.com Wed Aug 3 11:20:06 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Wed, 3 Aug 94 11:20:06 PDT Subject: broadcast encryption In-Reply-To: Message-ID: <9408031819.AA18977@focis.sda.cbis.COM> > Who are these satellite companies? > > I work for a major international record carrier and I have no encryption on > any of the earth stations in my inventory. CBS, HBO, etc, either already are encrypting their satellite distribution signals, or they are in the process of doing so. so they can force people to license the signals for a fee. The satellite receivers now have provisions for loading a decryption key. --Paul From tcmay at netcom.com Wed Aug 3 11:23:30 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 3 Aug 94 11:23:30 PDT Subject: broadcast encryption In-Reply-To: <9408031734.AA18504@focis.sda.cbis.COM> Message-ID: <199408031823.LAA18061@netcom12.netcom.com> > > > The US is a signatory to the International Telecommunications Union > > (ITU) treaties that allocate various parts of the radio spectrum for > > different uses around the world. One of those treaties (or some part > > of one; I forget which) prohibits the use of encryption to "obscure > > meaning." > > So how is it that the satellite companies are allowed to encrypt their > signals, while individuals are not? Another example where > corporations have greater rights than individuals? > > --Paul My recollection is that scrambling/encrypting over the broadcast spectrum is allowed if the key is provided to the authorities. (I have no idea how this works, if and how they would take a PGP key, etc.) Clearly the satellite scrambling people (who operate from 22,500 miles out, which makes this story have other interesting ramifications) can trivially show what they are actually broadcasting, merely be providing to FCC/WARC/UN/etc. a decoder box. With the rapid rise in wireless LANs, radiomail, and dozens of other wireless systems, I'm not sure how any of this ban-on-encryption stuff is meaningful or enforceable. Compression looks like encryption, and vice versa. And a thousand different formats make interceptions and understanding a challenge. (I've heard specifically that wireless LANs have no restrictions on encryption. Wonder what this means for Teledesic, which is targetted for computer communication?) I'm not a ham person (except as Klaus! or Shabbaz), nor am I lawyer. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From mdfnlysn at Mcs.Net Wed Aug 3 11:27:14 1994 From: mdfnlysn at Mcs.Net (Matthew D. Finlayson) Date: Wed, 3 Aug 94 11:27:14 PDT Subject: broadcast encryption In-Reply-To: <9408031819.AA18977@focis.sda.cbis.COM> Message-ID: Paul, After I sent my reply I realized you all were speaking of video. We are not encrypting any of the data or voice we are pumping up to overseas. Matt From Ben.Goren at asu.edu Wed Aug 3 11:31:08 1994 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Wed, 3 Aug 94 11:31:08 PDT Subject: broadcast encryption Message-ID: At 11:06 AM 8/3/94, Matthew D. Finlayson wrote: >On Wed, 3 Aug 1994, Paul J. Ste. Marie wrote: >>>The US is a signatory to the International Telecommunications Union >>>(ITU) treaties that allocate various parts of the radio spectrum for >>>different uses around the world. One of those treaties (or some part >>>of one; I forget which) prohibits the use of encryption to "obscure >>>meaning." >> >>So how is it that the satellite companies are allowed to encrypt their >>signals, while individuals are not? Another example where >>corporations have greater rights than individuals? >> >> --Paul > >Who are these satellite companies? > >I work for a major international record carrier and I have no encryption on >any of the earth stations in my inventory. > > --Matt You mean that pay-per-view satellite TV is *not* encrypted? b& -- Ben.Goren at asu.edu, Arizona State University School of Music net.proselytizing (write for info): We won! Clipper is dead! BUT! Just say no to key escrow. And stamp out spamming, too. Finger ben at tux.music.asu.edu for PGP 2.3a (soon 2.6) public key. From cknight at crl.com Wed Aug 3 12:18:12 1994 From: cknight at crl.com (Chris Knight) Date: Wed, 3 Aug 94 12:18:12 PDT Subject: broadcast encryption In-Reply-To: <9408031734.AA18504@focis.sda.cbis.COM> Message-ID: On Wed, 3 Aug 1994, Paul J. Ste. Marie wrote: > So how is it that the satellite companies are allowed to encrypt their > signals, while individuals are not? Another example where > corporations have greater rights than individuals? > > --Paul > I'm sure I'll get corrected if I'm wrong, since my only claim to HAM knowledge is a couple of freinds and attendance at countless midwest HAM-fests... I believe a HAM license allows you to transmit on certain semi-publicly allocated frequency ranges. Companies encrypting their satalite uplink/downlink have paid for an exclusive license for that particular frequency, and can therefore scramble transmissions to protect their commercial interest. So, do I get flamed now? -ck From blane at squeaky.free.org Wed Aug 3 12:31:57 1994 From: blane at squeaky.free.org (Brian Lane) Date: Wed, 3 Aug 94 12:31:57 PDT Subject: Steganography (Was Re: What kind of encryption to incorporate?) In-Reply-To: Message-ID: On Wed, 3 Aug 1994, Andrew Brown wrote: > > On Wed, 3 Aug 1994, Brian Lane wrote: > > > How about hiding data in digitized audio? With enough audio the data > > wouldn't degrade the signal noticably. > > I've already done that, it's included in the s-tools v2 package as a > module to conceal information in .WAV files. is this a DOS only program, or are you distributing source? Where can I FTP it from? Brian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From jdd at aiki.demon.co.uk Wed Aug 3 12:37:36 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 3 Aug 94 12:37:36 PDT Subject: encryption and Ham Radio Message-ID: <3546@aiki.demon.co.uk> In message <199408031613.MAA14343 at cs.oberlin.edu> Jonathan Rochkind writes: > A while ago I thought about getting a Ham Radio license for doing TCP/IP over the airwaves. I never got around to learning the details, but I know that it is > possible, and that many Hams in big cities have detailed digital nets running > over the airwaves, using TCP/IP, or other protocols. There are even some > gateways onto the internet. > For those interested in wireless Internet communications, this might be of interest: In message James Horton writes: < The next gereration of RF devices will make wireless, point to < point links, of 5-20 miles, very inexpensive. Small businesses < and individuals can build their own AS and negotiate with < national operators to get inter-connectivity! Options are increasing < daily, I just hope the RF chipsets can be purchased in the USA < and WE will not have to go overseas! < < CFTnet, the ISP of which I'm part of, is currently prototyping < an inexpensive board that combines, modems, ethernet, a unix OS, < ISDN ports, T1 or 56K ports, and network security features, into a < single system. I'm certain other designers are being creative < concurrently. < < The marketing strategy with this board is to offer, FLAT RATE < access, in every city in America. The board operates on 48VDC, < for telco co-location, or 115vac. Hopefully, the board will be in < production in 3-5 months. It seems that several of the < 'behind the technology innovation curve' telcos are interested in < jumping into the flat rate party. < Names withheld > < < Communication systems will continue to get less expensive, as < technology progresses and RF spectrum gets re-allocated to < non-licensed uses. Append to this argument: the 'HDSL, High Data-rate < Subscriber Line chipsets that convert ordinary POTS into T1 lines and dark < fiber companies and you get an enormous increase in bandwidth, at reduced < prices. [much stuff snipped] < Packet filtering may just give the internet hacker/cracker < community a new target. I've heard that now the Ci--- routers have < been comprimised and that 'source routing and virtual interfaces' < are the latest tool of the DARK side of the NET? ... < ******************************************************************* < * Creative Friendly Technologies 813 980 1317 * < * James Horton, CFTnet Operations horton at cftnet.com * < ******************************************************************* It is interesting that if in fact the FCC does forbid encryption of wireless Internet traffic, it opens the way for hacking on a massive scale. -- Jim Dixon From sidney at taurus.apple.com Wed Aug 3 12:37:58 1994 From: sidney at taurus.apple.com (Sidney Markowitz) Date: Wed, 3 Aug 94 12:37:58 PDT Subject: broadcast encryption Message-ID: <9408031931.AA09915@apple.com> The idea behind allocating frequencies for amateur use is that hams could engage in a hobby with no commercial use which provides an infrastructure for emergency public service communications. To prevent any commercial use of those frequencies, to facilitate enforcement of the rules, and to facilitate the participation by anyone who obtains the proper knowledge and equipment, it is illegal to transmit in a way that "obscures the meaning" of the transmission to people who would want to listen in. So, for example, morse code and ASCII are the only exceptable digital codes, and various modulation techniques are standardized as the technologies are developed. In any case, the amateur frequencies are specifically reserved for non-private communications and are subject to restrictions that have nothing to do with the terms under which other commercial frequencies are licensed. Those frequencies may be licensed for uses that include private communications of some sort. And, since the regulations are based on the principal that broadcast spectrum is a fixed, limited resource, none of this applies to communications carriers who do not operate by broadcasting over the air. -- sidney From blane at squeaky.free.org Wed Aug 3 12:38:44 1994 From: blane at squeaky.free.org (Brian Lane) Date: Wed, 3 Aug 94 12:38:44 PDT Subject: broadcast encryption In-Reply-To: <9408031734.AA18504@focis.sda.cbis.COM> Message-ID: On Wed, 3 Aug 1994, Paul J. Ste. Marie wrote: > > The US is a signatory to the International Telecommunications Union > > (ITU) treaties that allocate various parts of the radio spectrum for > > different uses around the world. One of those treaties (or some part > > of one; I forget which) prohibits the use of encryption to "obscure > > meaning." > > So how is it that the satellite companies are allowed to encrypt their > signals, while individuals are not? Another example where > corporations have greater rights than individuals? > > --Paul > > They can do this because the FCC has SOLD part of our airwaves to the company. They can do pretty much anything they want to do with it. The deceptive signals rules apply to Amateurs only. I'm currently studying for my no-code ham license so that I can start playing with on air TCP/IP and my Linux system. Maybe they'll changes the rules if enough 'new' hams could get together. I say 'new' because there are alot of old hams who like things the way they are - they even fought the change in rules that allow no-code users to get a license without having to take morse code(a waste of time in my opinion). Brian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From cjl at welchlink.welch.jhu.edu Wed Aug 3 13:28:16 1994 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Wed, 3 Aug 94 13:28:16 PDT Subject: Remailer traffic analysis foiling Message-ID: Remailer hackers, I've been thinking about the problem of traffic analysis of anonymous remailers and I have a question to pose to those of you whose thoughts on this topic are "more frequent or fully-formed". Would there be any advantage to giving remailers a MIRV capability? The idea goes like this: The message arrives, the PGP wrapper is removed, the message is scanned for some specific token imbedded in the text (ala Matt Ghio's Cutmarks function). That token is a divider between two outbound messages. These messages are sent along their respective ways. The result is something like a 10K message coming in, and a 7K and a 3K message leaving. If one of these goes to the bit bucket, it is like having added padding stripped off. Alternately they each could be part of the real message, previously split and then sent via different paths to reduce chances of complete message interception. I guess the issues involved are: 1) How difficult would this be to code? [Yeah, yeah "Cypherpunks write code"(TM), but some of us write genetic code, not computer code :-)] 2) What is the credible threat of traffic analysis? a) Does multiplication of messages and their routing schemes create problems of scale for these alleged eavesdropers? b) Do you assume that if it's not a compromised server, that what goes on inside the machine is hidden? Now before the Zippos start flicking, I've followed the the latency vs. reordering argument, and accept that latency *may* acheive reordering, but not necessarily. In this system though, different latencies after the split would seem to acheive something because without reliable size in/out information it would be harder to correlate message in with messages out. Comments (incendiary or or otherwise) requested. C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From cactus at bb.com Wed Aug 3 13:32:03 1994 From: cactus at bb.com (L. Todd Masco) Date: Wed, 3 Aug 94 13:32:03 PDT Subject: clarification please Message-ID: <199408032035.QAA09103@bb.com> From: will at thinkmedia.com (thinkmedia.com): >> Events like Waco and the Persian Gulf War, in which an >> authoritarian superpower obliterates a mostly harmless and >> largely defenseless group of people, translate with relative ease >> to the cyberspacial realm. > > I remember reading a Scientific American article about two years before > Iraq invaded Kuwait, in which it was made clear Iraq had and were > developing missiles with ranges paralleling only U.S., Russia and China. I > don't think harmless and defenseless quite fits the description. Maybe > wannabe super power would be more accurate. Harmless and defensive is how I would describe the 100s of thousands of civilians masscred by the United States. The really dangerous people were safe inside their bunkers. It's an important point: regardless of the threat that the Iraqi government posed, the US government chose to destory the country rather than making a real attack against only the government. They were able to do this for two big reasons, both directly attributable to political factors (as well as the fact that there is not a large vocal Iraqi population in the US): 1) Very few US lives were lost (the "vietnam/cambodia" lesson) or at risk. 2) The US government managed to make, through direct censorship and disinformation, the US people identify the residents of Iraq with the government of Iraq. Thus, the wholesale bombing of civilian centers that posed no direct to the United States became acceptable as long as it was reported in emotionally comfortable terms. It's really not so different than the War On Some Drugs or half a dozen other power-plays... and this is the propaganda machine that we will have to face if we're unlucky enough that Clinton/Gore actual get their act together enough and get the rest of the government behind them to make a real PR effort (as opposed to the clumsy scare tactics we've soon so far). -- L. Todd Masco | Bibliobytes books on computer, on any UNIX host with e-mail cactus at bb.com | "Information wants to be free, but authors want to be paid." From hughes at ah.com Wed Aug 3 13:39:01 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 3 Aug 94 13:39:01 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408031545.IAA17162@netcom11.netcom.com> Message-ID: <9408032008.AA11522@ah.com> Taxation should be small, uniform, and applied to transactions and never to the earnings of individuals. The earnings of individuals, however, _are_ exactly one sort of transaction tax. If you wish to make an exception for personal income, then you wish to make an exception out of every transaction where one of things exchanged is labor. Therefore, you would have to have a certificate which said "this is labor being exchanged." My suspicion is that the amount of the economy performed as labor would skyrocket. Either you tax each and every motion of money or you require an intrusive anti-privacy system in order to determine taxability. I can tell you now, large interbank transfers aren't going to be taxed. Intra-corporate transfers aren't going to be taxed. In order to tax transactions you have to know what the transactions are. A transfer of money is not always a transaction. The simplest case is where I move money from an account at one bank to an account at another. That's merely a transfer; there is nothing exchanged. A VAT would do the trick nicely and could be easily built into the DigiCash system of the future. Such a "compromise" (read, sell-out) could technically be built into a transfer scheme. Requiring VAT on all transactions through this scheme would effectively restrict it to consumer level sales. Businesses wouldn't use it for wholesale transfers, and individuals wouldn't use it amongst themselves. Thus there would be alternate ways of transferring money, and these ways could be used to settle transactions. If individuals wish to go to the trouble of avoiding taxes setting up secret businesses that encrypt all transactions, more power to them. The small number of people who will bother to do this will not have any real impact on taxation. Really? It would be small? Suppose we assume unrestricted encryption, as you suppose. Assume the USA for purposes of discussion. Further suppose that's it's really easy to set up a digital account, denominated in dollars, in a non-USA jurisdiction, say, China. All the transactions are encrypted, and China's not talking to USA authorities--they don't have to. I think the interesting question here is how soon the USA government has to change its regulations because so much business (and hence capital) has left the USA. When capital flight for the individual is easy (and it's not right yet), expect to see rapid changes. Eric From mccoy at io.com Wed Aug 3 13:40:49 1994 From: mccoy at io.com (Jim McCoy) Date: Wed, 3 Aug 94 13:40:49 PDT Subject: broadcast encryption In-Reply-To: <9408031734.AA18504@focis.sda.cbis.COM> Message-ID: <199408032040.PAA15739@pentagon.io.com> > > The US is a signatory to the International Telecommunications Union > > (ITU) treaties that allocate various parts of the radio spectrum for > > different uses around the world. One of those treaties (or some part > > of one; I forget which) prohibits the use of encryption to "obscure > > meaning." > > So how is it that the satellite companies are allowed to encrypt their > signals, while individuals are not? Another example where > corporations have greater rights than individuals? Well, it is a bit complicated and involves a bit of obfuscation, but there is a little bit of info regarding this in the August Wired issue (pg 127). For starters, a treaty that the US may sign is not "law" in the formal sense of the word, Congress must do a bit of legislative juggling to codify the treaty into the USC. So, for the prohibition on encrypting wireless transmissions we go to the 1934 Communications Act which banned the use of encryption and scrambling for wireless communications. Skip forward 50 years to the 1984 Cable Communications Act; this set of laws makes private communications secure and allows one to encrypt private communications outside the "hobby" bandwidths. This bill basically defined satellite broadcasts as private communications because thier primary purpose (at the time the bill was written) is to provide a communication channel to the local cable companies. Of course, since the time the bill was passed things have changed quite a bit. How something like the the direct broadcast satellite tv system will fit into this is also unclear. jim From mpd at netcom.com Wed Aug 3 13:56:00 1994 From: mpd at netcom.com (Mike Duvos) Date: Wed, 3 Aug 94 13:56:00 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408031702.KAA29908@netcom3.netcom.com> Message-ID: <199408032055.NAA15886@netcom6.netcom.com> Timothy C. May writes: > (Good sentiments about small government elided....) Thank-you. >> Taxation should be small, uniform, and applied to >> transactions and never to the earnings of individuals. ... A >> VAT would do the trick nicely and could be easily built into >> the DigiCash system of the future. > Not the untraceable cash systems most of us are interested > in, that's for sure. Since transactions between "Alice" and > "Bob" are invisible to outsiders, and they may not even know > the identity of the other, then it's hard to imagine how the > Tax Man interjects himself. The theoretical possibility of untraceable cash systems and the absence of legal sanctions against those who use them do not imply that such systems will become the standard in the future. Even in the obnoxious political climate which prevails in this country today, strong crypto is in the hands of only a few percent of the citizens. In a society with a "user-friendly" government, most people wouldn't even be interested. If given a choice between ordering a pizza by clicking ones air mouse while tuned to the Pizza Channel, and ordering one via Tim's Strong Crypto Pizza Service in order to avoid a small VAT, most people will choose the easy way. A good analogy to this in our current society is the enforcement of copyright laws. Most people buy paperback books instead of xeroxing them because they are reasonably priced and it isn't worth the aggrevation. If paperback books cost $100, this would no longer be the case. Most people buy computer software priced under $100 instead of copying it from a friend because they get a nice set of bound printed manuals. Network shopping services which use strong crypto and non-standard DigiCash protocols to avoid a painless VAT will have poor propagation, limited access, negative PR, and few customers. It's like trying to set up your machine on the Internet without using TCP/IP. Few people will take the trouble to talk to you and you won't be able to talk to anyone else. Sure you could do it, but why bother? > Unless of course some "escrow" system is mandated, and > independent schemes are extirpated ruthlessly. Not a pretty > sight. Neither of these things will be necessary to get the majority of the population to use the default means of doing things. You greatly underestimate the power of human sloth. > In the crypto anarchist future I envision, this will never > happen. Mike and his friends are of course free to donate > some or all of their earnings to provide a "guaranteed > annual income" for others, but not me. Again Tim and his friends are free to conduct all their transactions via unbreakable protocols of their own construction, avoid all taxes, and do business only with others who cooperate. As long as the percentage of similarly minded individuals is appropriately small, it has no real effect on society and probably costs a lot less than an enforcement agency would. Of course Tim won't be watching HBO or Showtime, shopping with a major credit card, or helping his broker churn his account at Smith-Barney. Not my problem. You are never going to get the majority of people in this country to agree to design the default protocols for commerce on the Net with the specific intent of making it possible for people to avoid taxes using strong cryptography. You'd have more luck persuading them to tear up their health insurance or burn down their houses. > Huh? This paragraph does not compute. I seem to have accidently deleted a word somewhere. Oh well. >> Thus strong crypto, egalitarianism, less government, and >> tolerable taxes can all live happily together in our future. >In your dreams. Many good ideas have started with dreams. Benzene rings, for instance. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From rfb at lehman.com Wed Aug 3 13:58:42 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 3 Aug 94 13:58:42 PDT Subject: Message pool: alt.anonymous.messages Message-ID: <9408032057.AA08958@fnord.lehman.com> I newgrouped alt.anonymous.messages as a simple implementation of a message pool. I imagine that it will take a while to propagate, but once it's accessible from the mail-to-news gateways, it should serve as a more reasonable place than alt.security.pgp or alt.test for anonymous communication that's less subject to traffic analysis on the recipient side. Rick From perry at imsi.com Wed Aug 3 14:11:35 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 3 Aug 94 14:11:35 PDT Subject: broadcast encryption In-Reply-To: <199408032040.PAA15739@pentagon.io.com> Message-ID: <9408032110.AA13116@snark.imsi.com> Jim McCoy says: > For starters, a treaty that the US may sign is not "law" in the formal > sense of the word, Congress must do a bit of legislative juggling to codify > the treaty into the USC. Actually, a treaty, once ratified by the Senate, is "the supreme law of the land", ranking with the constitution in superceeding all other law. If Congress does not pass enabling legislation, the courts will happily enforce the treaty. This has nothing to do with cryptography, however, so I'd suggest that further discussion of this should take place in private mail. Perry From jamiel at sybase.com Wed Aug 3 14:18:20 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Wed, 3 Aug 94 14:18:20 PDT Subject: clarification please Message-ID: <9408032116.AA19332@ralph.sybgate.sybase.com> At 4:35 PM 08/03/94 -0400, L. Todd Masco wrote: >It's really not so different than the War On Some Drugs or half a dozen > other power-plays... and this is the propaganda machine that we will have > to face if we're unlucky enough that Clinton/Gore actual get their act > together enough and get the rest of the government behind them to make a > real PR effort (as opposed to the clumsy scare tactics we've soon so far). I understand what you are saying, but it is fascinating that Clinton gets (by inplication) blamed for Iraq and the war on drugs, when those are both Republican creations. Granted, Clinton is carrying through on the WOD, but he kind of has to, considering 'nessessary political games, washinton style.' Not that I am a clinton fan, I merely like giving credit where credit is due, and much of this (including, as has been oft stated here, the beginnings of clipper) belongs to those 12 years of republican mess making that got Clinton in office in the first place. -j -- "Blah Blah Blah" ___________________________________________________________________ Jamie Lawrence From yusuf921 at raven.csrv.uidaho.edu Wed Aug 3 14:33:35 1994 From: yusuf921 at raven.csrv.uidaho.edu (Jidan) Date: Wed, 3 Aug 94 14:33:35 PDT Subject: Remailer traffic analysis foiling In-Reply-To: Message-ID: On Wed, 3 Aug 1994, cjl wrote: > Remailer hackers, > > Would there be any advantage to giving remailers a MIRV capability? > > [deleted] > I guess the issues involved are: > [ deleted] > 2) What is the credible threat of traffic analysis? > a) Does multiplication of messages and their routing schemes create > problems of scale for these alleged eavesdropers? > b) Do you assume that if it's not a compromised server, that > what goes on inside the machine is hidden? > for total anon post/mail How workable is setting up remailers with psudo-cooperation so that when it recieves an anon mail it waits 20 or so min and then randomly sends copies of it to 5 other remailers of which the original reciever randomly decides which 1 of the 6 will post and the rest simply discard. a 5 fold increase in traffic will make it harder to analize if 80% is just noise Duct tape is like the force. It has a light side, and a dark side, and it holds the universe together ... -- Carl Zwanzig From perry at imsi.com Wed Aug 3 14:49:20 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 3 Aug 94 14:49:20 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408032055.NAA15886@netcom6.netcom.com> Message-ID: <9408032148.AA13199@snark.imsi.com> Not that I wanted to get in to this, but Mike was begging for it. Mike Duvos says: > The theoretical possibility of untraceable cash systems and the > absence of legal sanctions against those who use them do not > imply that such systems will become the standard in the future. > Even in the obnoxious political climate which prevails in this > country today, strong crypto is in the hands of only a few > percent of the citizens. In a society with a "user-friendly" > government, most people wouldn't even be interested. Ahem. If I told you that I could save you tens of thousands of dollars a year just by using some simple to use software, would you do it? Well, if you had some simple to use software system that allowed you to escape from the above ground economy, you could personally save tens of thousands a year. > If given a choice between ordering a pizza by clicking ones air > mouse while tuned to the Pizza Channel, and ordering one via > Tim's Strong Crypto Pizza Service in order to avoid a small VAT, > most people will choose the easy way. 1) What makes you think the VAT will be small? Assuming that you have to pay for a government the size of the current one, only using VATs, you are going to have to take about half the cost of all goods and services in accumulated VAT by the time the goods hit the consumer. (This is for the obvious reason that the government spends half the GDP in the US.) 2) What makes you think it will be inconvenient? I know of two pizza places in Manhattan where they very likely don't pay taxes and where you can also buy drugs. (No, I'm not going to tell you where they are, and no, I don't buy drugs from them. I don't go telling the police such things, however.) The underground economy in the U.S. is huge -- enormous, in fact. Most of us interact with it every day without even realizing it. As a small example, the clothing manufacture industry in New York survives on illegal factories running almost entirely underground. Ever tip a waiter in cash? Ever pay for a haircut in cash? Ever make a purchase from a Mom & Pop grocery in cash? > Again Tim and his friends are free to conduct all their > transactions via unbreakable protocols of their own construction, > avoid all taxes, and do business only with others who cooperate. > As long as the percentage of similarly minded individuals is > appropriately small, it has no real effect on society and > probably costs a lot less than an enforcement agency would. There are tens of millions of people completely evading taxes now, and the percentage of the population who underreport or patronize services that underreport aproaches 100%. > Of course Tim won't be watching HBO or Showtime, shopping with a > major credit card, or helping his broker churn his account at > Smith-Barney. Not my problem. Tim will likely pay his broker to churn his account in Switzerland and do just as well. He'll have a credit card from a bank in the Bahamas. He'll probably do just fine watching HBO and Showtime, too. Perry From cjl at welchlink.welch.jhu.edu Wed Aug 3 14:53:10 1994 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Wed, 3 Aug 94 14:53:10 PDT Subject: Remailer traffic analysis foiling In-Reply-To: Message-ID: On Wed, 3 Aug 1994, Jidan wrote: > > for total anon post/mail > How workable is setting up remailers with psudo-cooperation > so that when it recieves an anon mail it waits 20 or so min > and then randomly sends copies of it to 5 other remailers of which > the original reciever randomly decides which 1 of the 6 will post > and the rest simply discard. > a 5 fold increase in traffic will make it harder to analize if > 80% is just noise I think that sending many copies of the same message sounds like a good way of making sure that it ends up being monitored by some alleged surveillance net. Sending dummy messages is another matter. A fivefold increase in traffic may or may not have an impact on analysis, depending on your assumptions about the adversary's capabilities. Anyway, you still have a message of fixed size going in one end, coming out the other, and landing in someone's mailbox. The superfluous messages may in fact be easy to identify if they are addressed to bit.bucket at dev.null. C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From jrochkin at cs.oberlin.edu Wed Aug 3 14:55:22 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 3 Aug 94 14:55:22 PDT Subject: broadcast encryption Message-ID: <199408032155.RAA20784@cs.oberlin.edu> > of those frequencies, to facilitate enforcement of the rules, and to > facilitate the participation by anyone who obtains the proper knowledge and > equipment, it is illegal to transmit in a way that "obscures the meaning" > of the transmission to people who would want to listen in. So, for example, > morse code and ASCII are the only exceptable digital codes, and various > modulation techniques are standardized as the technologies are developed. That kind of explains why encryption is not allowed on ham bands, but it doesn't satisfy me. The difference between ham and other bands, is to use other frequencies I've got to pay the FCC major money for a license, or pay some commercial service provider who payed the FCC major money. With ham, I don't have to pay no one nothing, except maybe $10 for a ham license. ham, or some other frequency reserved to work like ham, could easily serve as a poor man's connection to the internet. Anyone with a desktop PC can invest another hundred dollars or so, and have a really low bandwith (2400bps) direct connection to the internet. You can do IP over ham, although it's really dificult to do so currently without breaking the law and losing your license. A public ham or ham-like radio band would seem to be something the cypherpunks would really like. It would definitely facillitate the creation of a sort of blacknet type thing. The government has given the public citizens band, and ham radio, if they're not going to open up ham so it can be used in the ways I'm thinking of, why not take another hunk of spectrum and give it to the public, specifically intended for digital transmissions (IP or otherwise). This seems to be something we should be campaigning for, and the EFF should be lobbying for. Of course, the reason "why not" is because the government can make tons of money by selling the spectrum to Microsoft instead. From cjl at welchlink.welch.jhu.edu Wed Aug 3 15:01:52 1994 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Wed, 3 Aug 94 15:01:52 PDT Subject: Remailer traffic analysis foiling In-Reply-To: Message-ID: Since it was posted twice I guess I can reply twice :-) On Wed, 3 Aug 1994, Jidan wrote: > for total anon post/mail > How workable is setting up remailers with psudo-cooperation > so that when it recieves an anon mail it waits 20 or so min > and then randomly sends copies of it to 5 other remailers of which > the original reciever randomly decides which 1 of the 6 will post > and the rest simply discard. > a 5 fold increase in traffic will make it harder to analize if > 80% is just noise This scheme wouldn't be workable in the currently fragile and ephemeral net of remailers. They would have to spend a lot of time talking to each other and making sure that they all had up-to-date lists of valid remailers. That's too much of a burden to put on the net.philanthropists that are currently operating mailing lists. Any validation of a chained remailer pathway is up to the user (not exactly *caveat emptor* cause you ain't paying for anything, but you get the idea) C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From jrochkin at cs.oberlin.edu Wed Aug 3 15:10:59 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 3 Aug 94 15:10:59 PDT Subject: Remailer traffic analysis foiling Message-ID: <199408032210.SAA21183@cs.oberlin.edu> > How workable is setting up remailers with psudo-cooperation > so that when it recieves an anon mail it waits 20 or so min > and then randomly sends copies of it to 5 other remailers of which > the original reciever randomly decides which 1 of the 6 will post > and the rest simply discard. Part of the problem with any scheme that involves remailers automatically sending traffic onward to other remailers (whether a plan like yours, or just adding links to the remailer chain automagically), is that there seem to be only a few stable and reliable remailers. The rest come and go periodically. To get the best use of a plan like this, you've got to keep track of which remailers are up right now, so as to have the most remailers to use for this purpose. Or, really, you've got to have a way for your remailer to do this automatically without your intervention. Most people seem to think this problem will go away eventually, and remailers will become more stable and reliable. I dont' think this is neccesarily true. It's true that remailers which charge money for the service will probably be more secure and reliable (because they need to be to get business), but I think we should work to develop a sort of "remailer net" that doesn't need reliability to operate, that can operate in more dificult circumstances. One idea I came up with to achieve this goal is a sort of remailer control newsgroup, call it alt.anonremailer.net. Every participating remailer would periodically post an "I am here" message to the newsgroup. Say, once every 24 hours. The message could include the anon remailers address, and public key. A participating anon remailer would periodically scan this newsgroup, and keep track of remailers which are verified to have been working properly sometime in the last 24 hours. The remailers could check signatures on the message to be sure that it's signed by the real mccoy, and when a new remailer is encountered on alt.anonremailer.net, signatures on it's public key could be checked, and the remailer wont' be used unless it's signed by trusted people. The old web of trust. The more I think about this, the better an idea it seems to me. It seems a way of creating a remailer net that is reliable even in unreliable circumstances, and also makes using remailers more automized then it is now. Every use who uses anon mailers could have a daemon running to keep track of this newsgroup, and auto-generate remailer-chains that are composed of guaranteed-working remailers. It seems like a spiffy idea. But last time I posted it, no one responded. Maybe I'm overlooking something, and it's actually a really stupid idea. If that's the case, can someone say so and explain why? From berzerk at xmission.xmission.com Wed Aug 3 15:32:20 1994 From: berzerk at xmission.xmission.com (Berzerk) Date: Wed, 3 Aug 94 15:32:20 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408031702.KAA29908@netcom3.netcom.com> Message-ID: On Wed, 3 Aug 1994, Timothy C. May wrote: > > secret police organizations like the IRS. A VAT would do the > > trick nicely and could be easily built into the DigiCash system > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > of the future. > ^^^^^^^^^^^^^^ > Not the untraceable cash systems most of us are interested in, that's > for sure. Since transactions between "Alice" and "Bob" are invisible > to outsiders, and they may not even know the identity of the other, > then it's hard to imagine how the Tax Man interjects himself. Which is a good reason to tax only property and government services. Yes, I am a communist Libertarian, and favor a 1%ish 100 year tax on land, water, and sky.(but not the information content of the land or wood, so a house is the same as a field is the same as a skyscraper). Berzerk. From sidney at taurus.apple.com Wed Aug 3 15:43:20 1994 From: sidney at taurus.apple.com (Sidney Markowitz) Date: Wed, 3 Aug 94 15:43:20 PDT Subject: Remailer traffic analysis foiling Message-ID: <9408032242.AA06825@toad.com> I was under the impression that remailers already allowed for multiple messages with separate destinations to be batched in one message with appropriate embedded demarcation headings. How about if a remailer reordered incoming messages, batched groups of messages, and sent the batches to different remailers for chaining? That would achieve the effects on traffic analysis without multiplying traffic. If you want to keep chaining strictly under the senders' control, the batching could be done with messages that are marked by the sender as being destined for chaining through the same remailer. But I don't like that as much. Jonathan Rochkind suggested that the remailers could signal their availability via posts to a special alt newsgroup. I think it would be easier and more reliable if instead the remailers contacted each other directly in some way to check for availabity. Perhaps they could listen on some port, perhaps a finger daemon, anything that would let one remailer ask another for some sort of status check. Automated chaining between mailers that confirm availabilty before passing on messages would be more reliable than a user choosing the entire chaining path before mailing off the message. And it would allow the chained messages to be reordered and batched. -- sidney From sidney at taurus.apple.com Wed Aug 3 15:48:06 1994 From: sidney at taurus.apple.com (Sidney Markowitz) Date: Wed, 3 Aug 94 15:48:06 PDT Subject: broadcast encryption Message-ID: <9408032247.AA06921@toad.com> Jonathan Rochkind wrote about why amateur frequencies should be available for a peoples Internet access: The problem with the radio spectrum is that it is not free, it is a limited resource. If the allowed use of some portion of the spectrum became too easy, too useful, too profitable, then that portion would soon become overloaded with traffic. That is one reason why hams cannot use their frequencies for any kind of commercial transaction. Once there could be people making money from the airwaves, they would quickly crowd out the amateurs. If the government is going to subsidize public access to communications internetworks, they would do much better to subsidize a technology that is better suited to point-to-point switched routing. Of course, that may be in the form of broadcast electromagnetic signals at line-of-sight frequencoes, whether something like the current cellular telephone network with higher frequencies and smaller cells, or lots of small satellites, or it could involve subsidizing lots of fiber all over the place. It is the case that there is a lot of pressure for the FCC to make money privatizing sections of the spectrum. The recent auction of licenses for newly allocated spectrum earned them much more than was predicted, and will make it that much harder for hams to hold on to much of the spectrum that they already have. -- sidney markowitz KD6AVY From ianf at simple.sydney.sgi.com Wed Aug 3 15:57:10 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Wed, 3 Aug 94 15:57:10 PDT Subject: DES Flames In-Reply-To: <199408031722.AA10579@world.std.com> Message-ID: <9408040854.ZM1879@simple.sydney.sgi.com> On Aug 3, 1:22pm, Kent Borg wrote: > Given: > 1) Some people worry about the strength of DES. (Correct?) As a cipher which is completely secure against all levels of attack, yes. DES would still be suitable for tactical encryption where the lifetime of the information is less than a few minutes (and is useless past that time), or in situations where your adversary known, unique and is not well funded. Outside these categories, I would say that most, not "some", people who are familiar with the issues worry about the strength of DES. > 2) DES is within striking distance of a brute-force attack, > this is far-and-away its most serious weakness. (Correct?) Always has been, which was a point (Diffie?) made right at the beginning. The problem is that it has now reached the point where the resources needed to construct a brute-force search engine are commercially available. Given the current development of FPGA's and so forth, I would predict that within three to five years you will be able to do a brute-force search using commercially available off-the-shelf FPGA arrays. > 3) 3-DES is nowhere near soon being vulnerable to a > brute-force attack. (Correct?) That is the supposition. DES is not a group (proven), and so it is assumed that 3DES gives a keyspace to search which is not practical even in the distant future. > It follows then that: > 3-DES is a trivial fix of DES' ills. (Correct?) Perhaps. > Now, I repeat my puzzle. If there really was a Great Government > Gnashing of teeth over how to replace DES, what was the problem? Options: 1. 3DES is not as secure as we think. I do not believe that NIST has said anything about this one way or the other, and their silence is rather interesting. 2. 3DES IS as secure as we think (or nearly so), and they know it, and they are keeping us in the dark because they do not want to give any of us strong non-escrowed encryption. The FUD principle. 3. 3DES is stronger than DES, but not as strong as we all think. The NSA is not willing to specify a cipher whose key entropy is not a substantial portion of it's keysize. Let's assume (2). What makes me wonder is that the NSA was obviously aware of the possibilities of superencryption back in the 1970's, and I would have expected them specify the production of a cipher which WAS a group to defeat this. Options: a. It is not possible to produce a secure cipher which is a group (anyone got any comments on this thought? I must admit that it is not something I have given a lot of thought to, and I certainly have no mathematical backing for this supposition.) b. The NSA didn't know how to produce a cipher which was a groups. Let's not have any "the NSA can do anything" arguments, please. I am positive that they have quite amazing skills in cipher design, but they're not all powerful. Because of this, they're sitting tight and hoping that we won't notice. c. The NSA didn't care (unlikely). d. The NSA did care, expected to specify it when DES became unviable (which is a really neat solution, if you consider the installed base and the fact that it is mostly a software update in the drivers even for the hardware implementations). Then the political climate changed in the USA, civilian crypto started to make the management nervous, and they shelved the idea. I go for (d). Anyone else? Ian. From gnu Wed Aug 3 16:03:04 1994 From: gnu (gnu) Date: Wed, 3 Aug 94 16:03:04 PDT Subject: Digital Telephony bill, August 1 draft Message-ID: <9408032302.AA07275@toad.com> FYI. -- John Gilmore DRAFT - August 1, 1994 SECTION 1. INTERCEPTING DIGITAL AND OTHER COMMUNICATIONS. Title 18, United States Code, is amended by adding the following new chapter: "CHAPTER 120 -- TELECOMMUNICATIONS CARRIER ASSISTANCE TO THE GOVERNMENT "Sec. 2601. Assistance requirements. "(a) CAPABILITY REQUIREMENTS. -- Except as provided in subsections (b), (c) and (d) of this section and subsection (c) of section 2606, a telecommunications carrier shall ensure that its services or facilities that provide a customer or subscriber with the ability to originate, terminate or direct communications have the capability to -- (i) expeditiously isolate and enable the government to intercept, to the exclusion of any other communications, all wire and electronic communications carried by the carrier within a service area to or from equipment, facilities or services of a subscriber of such carrier concurrent with their transmission to or from the subscriber's service, facility or equipment or at such later time as may be acceptable to the government; (ii) expeditiously isolate and enable the government to access call identifying information which is reasonably available to the carrier -- (1) either before, during or immediately after the transmission of a wire or electronic communication (or at such later time as may be acceptable to the government); and (2) in a manner that allows it to be associated with the communication to which it pertains, except that, with regard to information acquired solely pursuant to the authority for pen registers and trap and trace devices as defined in chapter 206 of this title, such call identifying information shall not include any information that may disclose the physical location of the subscriber, beyond what may be determined from the telephone number; (iii) deliver intercepted communications and call identifying information to the government in a format such that they may be transmitted by means of facilities or services procured by the government to a location away from the premises of the carrier; and (iv) facilitate authorized communications interceptions and call identifying information access unobtrusively and with a minimum of interference with any subscriber's telecommunications service and in a manner that protects the privacy and security of communications and call identifying information not authorized to be intercepted and protects information regarding the government's interception of communications and access to call identifying information. "(b) LIMITATIONS. This chapter does not authorize any law enforcement agency or officer to require the specific design of features or system configurations to be adopted by providers of wire or electronic communication service, nor does it authorize any law enforcement agency or officer to prohibit the adoption of any feature or service by providers of wire or electronic communication service. The requirements of subsection (a) do not apply to (i) information services or (ii) services or facilities that support the transport or switching of communications for the sole purpose of interconnecting telecommunications carriers or private networks. "(c) EMERGENCY OR EXIGENT CIRCUMSTANCES. In emergency or exigent circumstances, including but not limited to those described in sections 2518(7), 2518(11)(b) and 3125 of this title or in section 1805(e) of title 50, a carrier may fulfill its responsibilities under subparagraph (a)(iii) by allowing monitoring at its premises if that is the only means of accomplishing the interception or access. "(d) MOBILE SERVICE ASSISTANCE REQUIREMENTS. A telecommunications carrier offering a feature or service that allows subscribers to redirect, hand off, or assign their wire or electronic communications to another service area or another service provider, or to utilize facilities in another service area or of another service provider, shall ensure that, when the carrier that had been providing assistance for the interception of wire or electronic communications or access to call identifying information pursuant to a court order or lawful authorization no longer has access to the content of such communications or call identifying information within the service area where interception has been occurring as a result of the subscriber's use of such feature or service, information is available to the government, either before, during or immediately after the transfer of such communications, identifying the provider of wire or electronic communication service that has acquired access to the communications. "Sec. 2602. Notice of capacity requirements. "(a) NOTICE OF MAXIMUM AND INITIAL CAPACITY REQUIREMENTS. Within one year from the date of enactment of this Act, and after consulting with state and local law enforcement agencies, telecommunications carriers, providers of telecommunications support services, and manufacturers of telecommunications equipment, the Attorney General shall publish in the Federal Register and provide to appropriate telecommunications carrier associations, standards bodies and fora -- (i) notice of the maximum capacity required to accommodate all the communications interceptions, pen registers and trap and trace devices that the Attorney General estimates government agencies authorized to conduct electronic surveillance may conduct and use simultaneously; and (ii) notice of the number of all communications interceptions, pen registers, and trap and traces devices, representing a portion of the maximum capacity set pursuant to (a)(i), that the Attorney General estimates government agencies authorized to conduct electronic surveillance may conduct and use simultaneously four years from the date of enactment of this Act. Such notices may be based upon the type of equipment, type of service, number of subscribers, geographic location, or other measure. "(b) COMPLIANCE WITH CAPACITY NOTICES. Within three years of the publication by the Attorney General of a notice of capacity needs, or within four years from the date of enactment of this Act, whichever is longer, a telecommunications carrier shall ensure that its systems are capable of -- (i) expanding to the maximum capacity set forth in the notice provided pursuant to section (a)(i); and (ii) accommodating simultaneously the number of interceptions, pen registers and trap and trace devices for which notice has been provided pursuant to section (a)(ii). Thereafter, a telecommunications carrier shall ensure that it can accommodate expeditiously any increase in the number of interceptions, pen registers and trap and trace devices that authorized agencies may seek to conduct and use, up to the maximum capacity specified pursuant to section (a)(i). "(c) PERIODIC INCREASES IN NOTICE OF MAXIMUM CAPACITY REQUIREMENTS. The Attorney General shall periodically provide to telecommunications carriers written notice of any necessary increases in the maximum capacity specified pursuant to section (a)(i). Within three years after receiving written notice of such increased capacity requirements, or within such longer time period as may be specified by the Attorney General, a telecommunications carrier shall ensure that its systems are capable of expanding to the increased maximum capacity set forth in such notice. "Sec. 2603. Systems security and integrity. "A telecommunications carrier shall ensure that any court ordered or lawfully authorized interception of communications or access to call identifying information effected within its switching premises can be activated only with the affirmative intervention of an individual officer or employee of such carrier. "Sec. 2604. Cooperation of equipment manufacturers and providers of telecommunications support services. "A telecommunications carrier shall consult, as necessary, in a timely fashion with manufacturers of its telecommunications transmission and switching equipment and its providers of telecommunications support services for the purpose of identifying any service or equipment, including hardware and software, that may require modification so as to permit compliance with the provisions of this chapter. A manufacturer of telecommunications transmission or switching equipment and a provider of telecommunications support services shall, on a reasonably timely basis and at a reasonable charge, make available to the telecommunications carriers using its equipment or services such modifications as are necessary to permit such carriers to comply with the provisions of this section. "Section 2605. Technical requirements and standards for implementation of section 2601 requirements. "(a) SAFE HARBOR. To ensure the efficient and industry-wide implementation of the requirements established in section 2601 of title 18, United States Code, the Attorney General, in coordination with other Federal, State, and local law enforcement agencies, shall consult with appropriate associations and standards setting bodies of the telecommunications industry. A telecommunications carrier shall be in compliance with the capability requirements of section 2601 if it is in compliance with publicly available technical requirements or standards which meet the requirements of section 2601 adopted by an industry association or standards setting body. The absence of technical requirements or standards for implementing the requirements of section 2601 shall not preclude any carrier from deploying a technology or service nor shall the absence of standards relieve any carrier of the obligations imposed by section 2601. "(b) FCC AUTHORITY. In the event of a dispute about technical requirements or standards or if industry associations or bodies fail to issue technical requirements or standards, any person may petition the Federal Communications Commission to establish, by notice and comment rulemaking or other such proceedings as it may be authorized to conduct, specifications or standards that meet the requirements established in section 2601 of title 18, United States Code, protect the privacy and security of communications not authorized to be intercepted, and serve the policy of the United States to encourage the provision of new technologies and services to the public. In a proceeding under this section initiated by a telecommunications carrier, manufacturer of telecommunications transmission and switching equipment, or provider of telecommunications support services, the Commission, to recover the costs of its actions under this section, may assess and collect a fee against the carriers, manufacturers or providers that are parties to the proceeding. Such fee shall be deposited as an offsetting collection in, and credited to, the account providing appropriations to carry out the functions of the Commission and shall be available without fiscal year limitation. "(c) EXTENSION OF COMPLIANCE DATE FOR FEATURES AND SERVICES. A telecommunications carrier proposing to deploy, or having deployed, a feature or service within four years after the date of enactment of this Act may petition the Commission for one or more extensions of the deadline for complying with the requirements established in section 2601 of title 18, United States Code. The Commission may, after affording a full opportunity for hearing and after consultation with the Attorney General, grant an extension under this paragraph, if it determines that compliance with the requirements of section 2601 of title 18, United States Code, is not reasonably achievable through application of technology available within the compliance period. An extension under this paragraph shall extend for no longer than the earlier of (i) the date determined by the Commission as necessary for the carrier to comply with the requirements of section 2601 of title 18, United States Code; or (ii) in no event beyond two years after the date on which the initial extension is granted. An extension under this subsection shall apply to only that part of the carrier's business on which the new feature or service is used. "Sec. 2606. Enforcement orders. "(a) If a court authorizing an interception under chapter 119, under a State statute, or under the Foreign Intelligence Surveillance Act, or authorizing use of a pen register or a trap and trace device under chapter 206 or under a state statute finds that a telecommunications carrier has failed to comply with the requirements in this chapter, the court may direct that the carrier comply forthwith and may direct that a provider of support services to such carrier or the manufacturer of the carrier's transmission or switching equipment furnish forthwith modifications necessary for the carrier to comply. "(b) The Attorney General may apply to the appropriate United States District Court for, and the District Courts shall have jurisdiction to issue, an order directing that a telecommunications carrier, a provider of telecommunications carrier support services or a manufacturer of telecommunications transmission or switching equipment comply with this chapter. "(c) A court shall issue an order under subsections (a) or (b) only if it finds that -- (i) alternative technologies or capabilities or the facilities of another carrier are not reasonably available to law enforcement for implementing the interception of communications or access to call identifying information; and (ii) compliance with the requirements of this chapter is reasonably achievable through the application of available technology to the feature or service at issue or would have been reasonably achievable if timely action had been taken. A court may not issue an order where the government's demands for interception of communications and acquisition of call identifying information exceed the capacity for which notice has been provided under section 2602. "(d) A court issuing an order under this section may impose a civil penalty of up to $10,000 per day for each day in violation after the issuance of the order or after such future date as the court may specify. In determining whether to impose a fine and in determining its amount, the court shall take into account the nature, circumstances, and extent of the violation, and, with respect to the violator, ability to pay, good faith efforts to comply in a timely manner, effect on ability to continue to do business, the degree of culpability or delay in undertaking efforts to comply, and such other matters as justice may require. The Attorney General may file a civil action in the appropriate United States District Court to collect, and the United States District Courts shall have jurisdiction to impose, such fines. "Sec. 2607. Definitions. "As used in this chapter -- "(1) the terms defined in section 2510 of this title have, respectively, the definitions given such terms in that section; "(2) 'telecommunications carrier' means any person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire, as defined by section 3(h) of the Communications Act of 1934, and includes (i) any person or entity engaged in providing commercial mobile service, as defined in section 6002(b) of Public Law 103-66, and (ii) any person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest to deem such person or entity to be a common carrier for purposes of this Act. "(3) 'provider of telecommunications support services' means any person or entity that provides products, software, or services to a telecommunications carrier that are integral to the switching or transmission of wire or electronic communications; "(4) 'government' means the Government of the United States and any agency or instrumentality thereof, the District of Columbia, any commonwealth, territory or possession of the United States, and any state or political subdivision thereof authorized by law to conduct electronic surveillance; "(5) 'information services' means the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications, and includes electronic publishing, but does not include any use of any such capability for the management, control or operation of a telecommunications system or the management of a telecommunications service; "(6) 'call identifying information' means all dialing or signalling information associated with the origin, direction, destination, or termination of each communication generated or received by the subscriber equipment, facility or service of such carrier that is the subject of a court order or lawful authorization, but does not include any information that may disclose the physical location of the subscriber beyond what may be inferred from the telephone number." SECTION 2. EFFECTIVE DATE. Sections 2601 and 2603 of title 18 as added by section 1 of this Act shall take effect four years after the date of enactment of this Act. Unless otherwise specified, all other provisions of this Act shall become effective on the date of enactment. SECTION 3. REIMBURSEMENT AND FUNDING. (a) The Attorney General shall reimburse telecommunications carriers for all reasonable costs directly associated with (1) the modifications performed by carriers prior to the effective date of section 2601 or prior to the expiration of any extension granted under section 2605(c) of title 18, United States Code, as added by this Act, to establish the capabilities necessary to comply with section 2601; (2) establishing the maximum capacity requirements set pursuant to section 2602 of title 18; and (3) expanding existing facilities to accommodate simultaneously the number of interceptions, pen registers and trap and trace devices for which notice has been provided pursuant to section 2602. Notwithstanding any other provision of law, the Attorney General is authorized to establish any procedures and regulations deemed necessary to effectuate timely and cost-efficient reimbursement to telecommunications carriers for reimbursable costs incurred under this Act, under chapters 119 and 121 of Title 18, United States Code, and under the Foreign Intelligence Surveillance Act. If there is a dispute between the Attorney General and a telecommunications carrier regarding the amount of reasonable costs to be reimbursed, the dispute shall be resolved and the amount determined, in a proceeding initiated at the Federal Communications Commission under section 2605 of title 18 or by the court from which an enforcement order is sought under section 2606. (b) For fiscal years 1995 through 1998, there are authorized to be appropriated a total of $500,000,000. For fiscal years 1999 and thereafter, there are authorized to be appropriated such sums as may be necessary to carry out the purposes of this Act. (c)(i) On or before November 30, 1995, and on or before the same day each year for five years thereafter, the Attorney General shall submit to the Congress a report on the amounts paid during the preceding fiscal year in reimbursement to carriers for costs incurred in making modifications to comply with the provisions of this Act. Said reports shall include but not be limited to (1) a detailed accounting of the amounts paid to each carrier and the technology, feature or service for which the amounts were paid and (2) projections of the amounts expected to be paid in the then ongoing fiscal year, the carriers to which reimbursement is expected to be paid, and the technologies, services, or features for which reimbursement is expected to be paid. (ii) On or before April 1, 1996 and April 1, 1998, the General Accounting Office shall, after consultation with the Attorney General and the telecommunications industry, submit to the Congress a report reflecting its audit of the sums paid by the Attorney General to carriers in reimbursement. Such report shall include the findings and conclusions of the Comptroller General on the costs to be incurred after the compliance date, including projections of the amounts expected to be incurred and the technologies, services, or features for which expenses are expected to be incurred. SECTION 4. DEFINITION. Section 2510(4) of title 18 is amended by adding at the end thereof, before the semicolon, ", except that with regard to the transmission of a communication encrypted by a subscriber, a telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, the communication, unless the encryption was provided by the service provider and the service provider possesses the information necessary to decrypt the communication". SECTION 5. CORDLESS TELEPHONES. (a) Definitions. - Section 2510 of title 18, United States Code, is amended - (1) in paragraph (1), by striking "but such term does not include" and all that follows through "base unit"; and (2) in paragraph (12), by striking subparagraph (A) and redesignating subparagraphs (B) through (D) as subparagraphs (A) through (C) respectively. (b) Penalty. - Section 2511 of title 18, United States Code, is amended - (1) in subsection (4)(b)(i), by inserting "a cordless telephone communication that is transmitted between the cordless telephone handset and the base unit," after "cellular telephone communication,"; and (2) in subsection (4)(b)(ii), by inserting "a cordless telephone communication that is transmitted between the cordless telephone handset and the base unit," after "cellular telephone communication,". SECTION 6. RADIO-BASED DATA COMMUNICATIONS. Section 2510(16) of title 18, United States Code, is amended by striking the word "or" at the end of subparagraph (D) and inserting an "or" at the end of subparagraph (E) and adding the following new subparagraph: "(F) an electronic communication;" SECTION 7. PENALTIES FOR MONITORING RADIO COMMUNICATIONS THAT ARE NOT SCRAMBLED, ENCRYPTED, OR NON-PUBLIC. Section 2511(4)(b) of title 18, United States Code is amended by deleting the phrase "or encrypted, then -" and inserting the following: ", encrypted, or transmitted using modulation techniques whose essential parameters have been withheld from the public with the intention of preserving the privacy of such communication, then -" SECTION 8. TECHNICAL CORRECTION. Section 2511(2)(a)(i) of title 18 is amended by striking out "used in the transmission of a wire communication" and inserting in lieu thereof "used in the transmission of a wire or electronic communication". SECTION 9. FRAUDULENT ALTERATION OF COMMERCIAL MOBILE RADIO INSTRUMENTS. (a) Section 1029(a) of title 18 is amended by striking the word "or" at the end of subparagraph (3) and adding the following new subparagraphs: "(5) knowingly and with intent to defraud uses, produces, traffics in, has control or custody of, or possesses a telecommunications instrument that has been modified or altered to obtain unauthorized use of telecommunications services; or "(6) knowingly and with intent to defraud uses, produces, traffics in, has control or custody of, or possesses (i) a scanning receiver or (ii) hardware or software used for altering or modifying telecommunications instruments to obtain unauthorized access to telecommunications services." (b) Section 1029(c)(2) of title 18 is amended by striking "(a)(1) or (a)(4)" and inserting in lieu thereof "(a)(1), (a)(4), (a)(5) or (a)(6)". (c) Section 1029(e)(1) of title 18 is amended by inserting "electronic serial number, mobile identification number, personal identification number, or other telecommunications service, equipment, or instrument identifier," after "account number,". (d) Section 1029(e) of title 18 is amended by striking the word "and" at the end of subparagraph (5), by striking the period at the end of subparagraph (6) and adding "; and", and by adding the following new subparagraph: "(7) the term 'scanning receiver' means any device or apparatus that can be used to intercept a wire or electronic communication in violation of chapter 119 of this title." SECTION 10. TRANSACTIONAL DATA. (a) Section 2703(c)(1)(B) of title 18, United States Code, is amended by adding at the end thereof the following: "Records or other information disclosed under this subparagraph shall not include any interactive information generated by the subscriber or customer or any information identifying services used by the subscriber or customer, except the dialling or signalling information utilized in call or message processing."; (b) Section 3121 of title 18, United States Code, is amended by redesignating subsection (c) as (d), and adding a new subsection (c) as follows: "(c) Limitation. -- A government agency authorized to install and use a pen register under this chapter, or under state law, shall use technology reasonably available to it that restricts the recording or decoding of electronic or other impulses to the dialling and signalling information utilized in call processing." SECTION 11. REPORTING OF INTERCEPTIONS ENCOUNTERING ELECTRONICALLY ENCRYPTED COMMUNICATIONS. Section 2519(2) of title 18, United States Code, is amended by deleting everything after the semicolon in subparagraph (f) and inserting the following: "(g)the number of interceptions encountering electronically encrypted communications, specifying the number of such interceptions that could not be decrypted; and "(h)The information required by paragraphs (b) through (g) of this subsection with respect to orders or extensions obtained in a preceding calendar year." From mpd at netcom.com Wed Aug 3 16:05:26 1994 From: mpd at netcom.com (Mike Duvos) Date: Wed, 3 Aug 94 16:05:26 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <9408032148.AA13199@snark.imsi.com> Message-ID: <199408032305.QAA18526@netcom15.netcom.com> Perry E. Metzger writes: > Not that I wanted to get in to this, but Mike was begging > for it. > If I told you that I could save you tens of thousands of > dollars a year just by using some simple to use software, > would you do it? Well, if you had some simple to use > software system that allowed you to escape from the above > ground economy, you could personally save tens of thousands > a year. I am not convinced such software exists, that most major businesses would offer to interface with it, or that it would of necessity be "simple" or "easy to use". Once standards are created for commerce over the Net and the collection of the VAT, you are pretty much locked into using them if you wish to do business with any vendor of significant size. > What makes you think the VAT will be small? Bear in mind we are talking about a Utopian society of the future with a downsized government. Trying to support the current level of wasteful government spending from a VAT would send people fleeing for the borders. > What makes you think it will be inconvenient? I know of two > pizza places in Manhattan where they very likely don't pay > taxes and where you can also buy drugs. I know of some places on the Internet where I can chat with people using a version of Unix talk which encrypts. But if I want to talk to some random person, I am probably stuck with using the default version which does not. I have little hope of convincing people to make the encrypted one a standard, in spite of the fact that all they would have to do is spend a few minutes to FTP it. Encrypting everytime I use "talk" is therefore somewhat inconvenient. A complete escape from the above-ground economy in a society heavily dependent on electronic transactions would be even more so. Again, you are free to try, but most people probably won't bother. > The underground economy in the U.S. is huge -- enormous, in > fact. Most of us interact with it every day without even > realizing it. As a small example, the clothing manufacture > industry in New York survives on illegal factories running > almost entirely underground. Ever tip a waiter in cash? Ever > pay for a haircut in cash? Ever make a purchase from a Mom & > Pop grocery in cash? The size of the underground economy is largely a function of the repressive and outrageous monetary and tax system we have in this country. When families can barely make ends meet with all the adults working multiple full-time jobs, there is an enormous incentive to shave costs. In a society where taxes were managable, and put to a use all citizens felt was worthy, such forces would be much less and there would be enormous peer pressure on individual citizens to do their fair share. Kind of like the days when income tax was two percent and functioned on the honor system. Just decriminalizing drug use and the sex industry would get rid of a very large chunk of the underground economy. > Tim will likely pay his broker to churn his account in > Switzerland and do just as well. He'll have a credit card > from a bank in the Bahamas. He'll probably do just fine > watching HBO and Showtime, too. The majority of US citizens who use local financial services and get their cable TV through a wire from the street will generate all the revenue we need. We could even give Tim a guaranteed annual income. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From mccoy at io.com Wed Aug 3 16:22:07 1994 From: mccoy at io.com (Jim McCoy) Date: Wed, 3 Aug 94 16:22:07 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408032055.NAA15886@netcom6.netcom.com> Message-ID: <199408032321.SAA01552@pentagon.io.com> mpd at netcom.com (Mike Duvos) writes: [...] > Network shopping services which use strong crypto and > non-standard DigiCash protocols to avoid a painless VAT will have > poor propagation, limited access, negative PR, and few customers. Wanna bet? All it would take is one entity to set up a service of converting untracable digicash tokens into the appropriate tracable tokens under the name of a pseudo-account at the service. Now I can use my digicash tokens for everything under the regulated system, _and_ I can use them at digicash-only services... jim From jim at bilbo.suite.com Wed Aug 3 16:25:23 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Wed, 3 Aug 94 16:25:23 PDT Subject: anonymous anonymous remailers? Message-ID: <9408032324.AA03913@bilbo.suite.com> Here's an interesting idea... Assume we create the alt.anonremailer.net newsgroup mechanism that Jonathan Rochkind recently suggested (and it worked). Could we then not use the newsgroup, in combination with a net of well-known remailers, to give us the capability to have some remailers at unknown locations by having some remailers post encrypted reply blocks as their "addresses"? Just a thought, Jim_Miller at suite.com From hughes at ah.com Wed Aug 3 17:06:37 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 3 Aug 94 17:06:37 PDT Subject: My light bulb goes on... (was:Re: Tuna fish...) In-Reply-To: <9408031238.AA12045@snark.imsi.com> Message-ID: <9408032336.AA11878@ah.com> > Is this not the killer app that would get ecash off and running? The problem is not a need for a killer app -- there are dozens. The obstacle is regulatory problems, and finding a large and reputable sponsoring organization (like a big bank). And these two issues are related. Bank regulations in this country are kept deliberately somewhat vague. The regulator's word is the deciding principle, not a detailed interpretation of statute. The lines are fuzzy, and because they are fuzzy, the banks don't press on them nearly as hard as when there's clear statutory language available to be interpreted in a court. The uncertainty in the regulatory environment _increases_ the hold the regulators have over the banks. And the regulators are known for being decidedly finicky. Their decisions are largely not subject to appeal (except for the flagrant stuff, which the regulators are smart enough not to do too often), and there's no protection against cross-linking issues. If a bank does something untoward in, say, mortgage banking, they may find, say, their interstate branching possibilities seem suddenly much dimmer. The Dept. of Treasury doesn't want untraceable transactions. Need I say more? Probably. It's very unlikely that a USA bank will be the one to deploy anonymous digital dollars first. It's much more likely that the first dollar digital cash will be issued overseas, possibly London. By the same token, the non-dollar regulation on banks in this country is not the same as the dollar regulation, so it's quite possible that the New York banks may be the first issuers of digital cash, in pounds sterling, say. There will be two stages in actually deploying digital cash. By digital cash, here, I mean a retail phenomenon, available anybody. The first will be to digitize money, and the second will be to anonymize it. Efforts are already well underway to make more-or-less secure digital funds transfers with reasonably low transaction fees (not transaction costs, which are much more than just fees). These efforts, as long as they retain some traceability, will almost certainly succeed first in the marketplace, because (and this is vital) the regulatory environment against anonymity is not compromised. Once, however, money has been digitized, one of the services available for purchase can be the anonymous transfer of funds. I expect that the first digitization of money won't be fully fungible. For example, if you allow me to take money out of your checking account by automatic debit, there is risk that the money won't be there when I ask for it. Therefore that kind of money won't be completely fungible, because money authorized from one person won't be completely identical with money from another. It may be a risk issue, it may be a timeliness issue, it may be a fee issue; I don't know, but it's unlikely to be perfect. Now, as the characteristic size of a business decreases, the relative costs of dealing with whatever imperfection there is will be greater. To wit, the small player will still have some problem getting paid, although certainly less than now. Digital cash solves many of these problems. The clearing is immediate and final (no transaction reversals). The number of entities to deal with is greatly reduced, hopefully to one. The need and risk and cost of accounts receivables is eliminated. It's anonymous. There will be services which will desire these advantages, enough to support a digital cash infrastructure. Eric From rah at shipwright.com Wed Aug 3 17:14:47 1994 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 3 Aug 94 17:14:47 PDT Subject: Mall-builders are hiring... Message-ID: <199408040013.UAA08704@zork.tiac.net> Saw this rooting around for contracts to do. Aren't these guys the mall-builders for CommerceNet? Cheers, Bob Hettinga > > EMPLOYMENT OPEN HOUSE > ===================== > > Where: Enterprise Integration Technologies > 800 El Camino Real > Menlo Park, California > > When: Tuesday, August 9 > 5:00pm - 8:00pm > > What: Demonstrations, refreshments, > and opportunities to interview > with hiring managers > >Enterprise Integration Technologies is a rapidly growing company specializing >in software and services which help companies do business on the Internet. > >We have several openings for exceptional programmers to help us develop the >next generation of applications and services for electronic commerce on >the Internet. > > >Basic requirements >------------------ >You must have: > >- a BSCS or equivalent, >- at least 5 years of industry experience developing products in C or C++ for > Windows, Macintosh, and/or UNIX, and >- been a leader or key contributor to small software development teams that > have shipped successful products. > > >Technology experience >--------------------- >We are looking for people who have significant experience with one or more >of the following technology areas: > >- development and application of network services and protocols (especially > TCP/IP and Netware) >- computer security and cryptography (especially public key) >- relational database management systems >- document management and search/retrieval systems >- WWW servers >- platform-independence and interoperability development tools >- messaging and directory technologies >- distributed object technologies >- commercial software development tools >- scripting or prototyping languages > > >Industry background >------------------- >We are especially interested in people who have professional experience >in one or more of the following industries: > >- CAD/CAM >- information services >- publishing >- manufacturing >- electronic commerce >- financial institutions > > >Interpersonal qualities >----------------------- >We are seeking people who have successfully worked in one or more of the >following environments: > >- on multiple projects >- in cross-functional development teams >- with end-users, value-added resellers, licensees, and other customers >- with independent software vendors, original equipment manufacturers, > and other development partners > > >For more information >-------------------- >EIT offers competitive salaries and benefits including stock options and >bonuses, and an opportunity to help shape the Internet of the future. > >For more information about Enterprise Integration Technologies, visit our >world wide web server at http://www.eit.com/ or send mail to info at eit.com. > > >For driving directions to EIT >----------------------------- >For directions to EIT, look at our map in http://www.eit.com/maps/roadmap.html >or send mail to open-house at eit.com. > > >If you're interested but cannot attend >-------------------------------------- >If you cannot attend the open house, then send your resume and cover letter >by e-mail (ASCII only, please) to jobs at eit.com or by FAX to (415)617-8019. >-- >-Brian Smithson brian at eit.com > Enterprise Integration Technologies +1 415 617 8009 > 800 El Camino Real FAX +1 415 617 8019 > Menlo Park, CA 94025 URL: http://www.eit.com/ > > ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From solman at MIT.EDU Wed Aug 3 18:59:51 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Wed, 3 Aug 94 18:59:51 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <9408032148.AA13199@snark.imsi.com> Message-ID: <9408040158.AA01264@ua.MIT.EDU> > > Not that I wanted to get in to this, but Mike was begging for it. > > Mike Duvos says: > > The theoretical possibility of untraceable cash systems and the > > absence of legal sanctions against those who use them do not > > imply that such systems will become the standard in the future. > > Even in the obnoxious political climate which prevails in this > > country today, strong crypto is in the hands of only a few > > percent of the citizens. In a society with a "user-friendly" > > government, most people wouldn't even be interested. > If I told you that I could save you tens of thousands of dollars a > year just by using some simple to use software, would you do it? Well, > if you had some simple to use software system that allowed you to > escape from the above ground economy, you could personally save tens > of thousands a year. For large numbers of Americans, the answer is yes. Even if the system of government that they were supporting was a screwed up as our current one. Add to this the possibility that the government mandate also include a requirement that when conducting a transaction with somebody who is not paying the tax, you charge them a little extra and this amount will go higher. (If both the buyer and seller are paying the tax, then X% of the money exchanged goes to the government. If only one is then 2*X% of the money exchanged goes to the government.) Identities could easily be set up so that reputation is not transferable between a tax paying organizations and their evading pseudonyms. And that's if government doesn't improve as it enters cyberspace. Imagine if the government stopped trying to force people to join it. Or imagine if they tied decision making power to how much you pay in taxes. The more you pay, the more say you get. After accepting the idea that government is a product by which you get the warm fuzzies of giving to society, government could make itself into a more desireable product by undertaking changes like these. The possibilities are endless in this reguard. Its very easy for me to imagine a government in cyberspace which is substantially more successful at collecting taxes than the IRS. JWS From solman at MIT.EDU Wed Aug 3 19:07:27 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Wed, 3 Aug 94 19:07:27 PDT Subject: anonymous anonymous remailers? In-Reply-To: <9408032324.AA03913@bilbo.suite.com> Message-ID: <9408040206.AA01377@ua.MIT.EDU> > Here's an interesting idea... > > Assume we create the alt.anonremailer.net newsgroup mechanism that > Jonathan Rochkind recently suggested (and it worked). > > Could we then not use the newsgroup, in combination with a net of > well-known remailers, to give us the capability to have some remailers at > unknown locations by having some remailers post encrypted reply blocks as > their "addresses"? This is just painfully non-scalable. Sure it will work for now, but its not something that will last once large numbers of people begin using it. JWS From cactus at bb.com Wed Aug 3 19:18:07 1994 From: cactus at bb.com (L. Todd Masco) Date: Wed, 3 Aug 94 19:18:07 PDT Subject: clarification please In-Reply-To: <9408032116.AA19332@ralph.sybgate.sybase.com> Message-ID: <199408040221.WAA12343@bb.com> Jamie Lawrence writes: > At 4:35 PM 08/03/94 -0400, L. Todd Masco wrote: > > >It's really not so different than the War On Some Drugs or half a dozen > > other power-plays... and this is the propaganda machine that we will have > > to face if we're unlucky enough that Clinton/Gore actual get their act > > together enough and get the rest of the government behind them to make a > > real PR effort (as opposed to the clumsy scare tactics we've soon so far). > > I understand what you are saying, but it is fascinating > that Clinton gets (by inplication) blamed for Iraq and > the war on drugs, when those are both Republican creations.[...] Make no mistake: I'm blaming Clinton for neither the War On Some Drugs, the Persian Gulf massacre, nor the Waco massacre. Government controls all that it can and grows however it's able: it's the nature of governments. It doesn't matter what control freak is at the helm, they'll use whatever means are available to control the world and the nation. This is why we have a Bill Of Rights. It is also why the Bill Of Rights in is tatters. One of the most insidious details is that you usually can't point to one person and say "it's their fault." Everyone is "just doing their job." I'm one of those who sees no fundamental difference between the Republicrats and the Democans. Their rhetoric is different, but all they want in the end is for everybody to behave they believe is right: they have no respect for the freedom of diversity in beliefs that it is at the core of America. What is important for us to observe is the methods that they use to control us and for us to figure out how to undermine these methods as well as we are able. The nets themselves are a good start: without centralized communications, it's more difficult to tell people what to think. Strong crypto for everyone added to the nets is a good step, too: especially when you can authenticate sources according to an information "web of trust" (IE, I'd trust something Noam Chomski recommended over something Dorothy Denning recommended). -- L. Todd Masco | Bibliobytes books on computer, on any UNIX host with e-mail cactus at bb.com | "Information wants to be free, but authors want to be paid." From mpd at netcom.com Wed Aug 3 19:44:51 1994 From: mpd at netcom.com (Mike Duvos) Date: Wed, 3 Aug 94 19:44:51 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <9408040158.AA01264@ua.MIT.EDU> Message-ID: <199408040244.TAA12714@netcom7.netcom.com> solman at MIT.EDU writes: [other excellent stuff elided] > Imagine if the government stopped trying to force people to > join it. Or imagine if they tied decision making power to > how much you pay in taxes. The more you pay, the more say > you get. After accepting the idea that government is a > product by which you get the warm fuzzies of giving to > society, government could make itself into a more desireable > product by undertaking changes like these. The possibilities > are endless in this reguard. Its very easy for me to imagine > a government in cyberspace which is substantially more > successful at collecting taxes than the IRS. The notion of government as a product which must compete on an equal footing with others in society definitely wins "Nifty Idea of the Week" in my book. Reminds me of something TS Eliott once said. "If only we had a system so perfect it did not require that people be good." Perhaps "government in cyberspace" will be the first working example of this paradigm. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From jrochkin at cs.oberlin.edu Wed Aug 3 20:15:54 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 3 Aug 94 20:15:54 PDT Subject: anonymous anonymous remailers? Message-ID: <199408040315.XAA24952@cs.oberlin.edu> > > Assume we create the alt.anonremailer.net newsgroup mechanism that > > Jonathan Rochkind recently suggested (and it worked). > > Could we > then not use the newsgroup, in combination with a net of > > well-known remailers, to give us the capability to have some remailers > at > unknown locations by having some remailers post encrypted reply > blocks as > their "addresses"? > > This is just painfully non-scalable. Sure it will work for now, but > its not something that will last once large numbers of people begin > using it. Why? Which part, the whole idea of a remailer control newsgroup, or just the idea of remailers with unknown locations? I'm not sure how reliable remailers with unknown locatoins would be (one remailer in the chain goes down, your unknown remailer can't be contacted, and there's no easy way to verify whether the chain is still intact any more), but I'm not sure I actually see anything non-scalable about it. Nor about the "alt.anonremailer" concept. If you've got 500 remailers posting once a day, your still not the largest newsgroup out there. And when combined with a realtime verification system (you get the address of the remailer from the newsgroup, and _then_ you connect to a certain port and get an acknowledgement message, to make sure the remailer is up), you could lower traffic yet further. Maybe you only need to post once every ten days with the "my remailer is here" message. This could then accomodate some 3000 remailers and still not be as high traffic as comp.sys.mac.hardware. And I think by the time there are 3000 remailers to be accomodated, the net will be easily handling full motion video, and people will be exchanging 20 minute long quicktime movies in the newsgroups, and we wont' have a bandwith problem at all. But maybe I'm missing something obvious. Enlighten me. From solman at MIT.EDU Wed Aug 3 20:32:26 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Wed, 3 Aug 94 20:32:26 PDT Subject: anonymous anonymous remailers? In-Reply-To: <199408040315.XAA24952@cs.oberlin.edu> Message-ID: <9408040331.AA01790@ua.MIT.EDU> > > > Assume we create the alt.anonremailer.net newsgroup mechanism that > > > Jonathan Rochkind recently suggested (and it worked). > > Could we > > then not use the newsgroup, in combination with a net of > > > well-known remailers, to give us the capability to have some remailers > > at > unknown locations by having some remailers post encrypted reply > > blocks as > their "addresses"? > > > > This is just painfully non-scalable. Sure it will work for now, but > > its not something that will last once large numbers of people begin > > using it. > > Why? Which part, the whole idea of a remailer control newsgroup, or just > the idea of remailers with unknown locations? I'm sorry, I thought you were talking about posting the encrypted messages themselves to the newgroup and having the unlocatable remailer pick out the messages that are supposed to belong to it thus making it so that NOBODY knows where the remailer is. Clearly this wouldn't scale. But if we're talking about having some remailers know where the hidden remailers are and only having the hidden remailers post the information that allows it to be addressed, I guess there isn't a problem. Sorry. JWS From rarachel at prism.poly.edu Wed Aug 3 21:24:24 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 3 Aug 94 21:24:24 PDT Subject: CIA eating internet email & usenet news Message-ID: It's started. The >CIA< (nevermind that we suspect the NSA has done this already) admitedly is starting an internet site(s) where they will monitor email and usenet feeds. Supposedly this is for "reasearch" purposes where agents would "post" questions in such a way as to not give away their real questions. See this week's Computerworld. Anyone have a scanner they can post this article up with? I'm not up to typing it... =============================================================================== | + ^ + || ' . . . . . . . Ray (Arsen) Arachelian || | \|/ || . . . ' . ' . : . . rarachel at photon.poly.edu || |<--+-->||. . . |' '| .' . . ... ___ sunder at intercom.com || | /|\ || . . \___/ . . . : .... __[R] || | + v + || . oOOo /o.O\ oOOo :. : .. |A| "And bugs to kill before I sleep"|| =========/---vvvv-------VVVV------------|I|----------------------------------/ / . : . ' : ' |D| This signature pannel is / / The Next Bug to kill(tm) --- now open. / /___________________________________________________________________/ From sandfort at crl.com Wed Aug 3 21:43:45 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 3 Aug 94 21:43:45 PDT Subject: clarification please In-Reply-To: <9408032116.AA19332@ralph.sybgate.sybase.com> Message-ID: C'punks, On Wed, 3 Aug 1994, Jamie Lawrence wrote: > ... Not that I am a clinton fan, I merely like giving > credit where credit is due, and much of this (including, as has > been oft stated here, the beginnings of clipper) belongs to those > 12 years of republican mess making that got Clinton in office in > the first place. I don't think much is accomplished by arguing which set of liars got us into any particular mess. However, it was the *democrats* who dominated the legislative and judicial branchs of government, as well as the entrenched bureaucracy for the Ragan/Bush years. I think that is a more accurate version of "giving credit where credit is due." Nevertheless, please be advised, I dispise them all (and so should you). Now get cracking and write some code. S a n d y From blane at squeaky.free.org.free.org Wed Aug 3 21:53:34 1994 From: blane at squeaky.free.org.free.org (Brian Lane) Date: Wed, 3 Aug 94 21:53:34 PDT Subject: CIA eating internet email & usenet news In-Reply-To: Message-ID: On Thu, 4 Aug 1994, Arsen Ray Arachelian wrote: > > It's started. The >CIA< (nevermind that we suspect the NSA has done this > already) admitedly is starting an internet site(s) where they will monitor > email and usenet feeds. Supposedly this is for "reasearch" purposes where > agents would "post" questions in such a way as to not give away their real > questions. > > See this week's Computerworld. Anyone have a scanner they can post this > article up with? I'm not up to typing it... What do you mean by email monitoring, their own or ours? Maybe we should bombard them with encrypted copies of the Digital Telephony bill? Brian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From rarachel at prism.poly.edu Wed Aug 3 21:54:19 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 3 Aug 94 21:54:19 PDT Subject: SueDNym messages and our friend In-Reply-To: <9408021343.AA19309@Central.KeyWest.MPGN.COM> Message-ID: This is the output of the program Medusa's Tentacles. This isn't complete. The 1st "level" is buggy or I'm doing something wrong in the data gathering. I will however fix this up later. This is basically a sneak previous at what Medusa produced: SOURCE TEXT: det30 FUZZYBASE : det 1: 6136990.06793633 deg of closeness [TOKEN TOUPLES] 2: 0.00025409 deg of difference [TOKEN FREQ ] SOURCE TEXT: suednym FUZZYBASE : det 1: 425581.03653014 deg of closeness [TOKEN TOUPLES] 2: 0.00021086 deg of difference [TOKEN FREQ ] SOURCE TEXT: tcmay.txt FUZZYBASE : det 1: 264235.00574214 deg of closeness [TOKEN TOUPLES] 2: 0.00016356 deg of difference [TOKEN FREQ ] SOURCE TEXT: c:\autoexec.bat FUZZYBASE : det 1: 14771672.69300460 deg of closeness [TOKEN TOUPLES] 2: 0.00035529 deg of difference [TOKEN FREQ ] SOURCE TEXT: c:\config.sys FUZZYBASE : det 1: 10857800.74279867 deg of closeness [TOKEN TOUPLES] 2: 0.00035317 deg of difference [TOKEN FREQ ] Again, please ignore the 1: stats for now as I have to further investigate their validity. Fuzzybase "det" is the collected statistics based on the detweiler archives collected by Rishab Aiyer Ghosh. det30 is a portion of that collection, so I'm comparing it with the collection to see how different a small portion will be when comparing it to the whole. This gives a difference level of 0.00025409 suednym is one of the messages Sue sent. NOTICE that the level of difference is 0.00021086. These two "differences" are very very close when compared to the others. Autoexec and config.sys are thrown in as sanity checks. If I got low numbers on these I'd expect something was terribly wrong. Weirdly enough TC May's post about the bleak future which includes tons of paranoid like words matches most of Detweiler's posts more closely than one of his own messages. However lets not jump to conclusions here because Detweiler's own message showed a differences of 0.002... and Sue matched it. With this sort of data it's hard to separate the subjects from the authors from the language. Language is easy to detect, but two people who constantly post the same kind of material based on the same subject might show up with the same difference levels. Again this is only ONE sample so please no lynching Sue just yet (although this was already a moot point.) Remember, Medusa is still under construction. This is only a preview. If you'd like to preview the sources/executables to medusa please email me and I'll somehow get them to you. =============================================================================== | + ^ + || ' . . . . . . . Ray (Arsen) Arachelian || | \|/ || . . . ' . ' . : . . rarachel at photon.poly.edu || |<--+-->||. . . |' '| .' . . ... ___ sunder at intercom.com || | /|\ || . . \___/ . . . : .... __[R] || | + v + || . oOOo /o.O\ oOOo :. : .. |A| "And bugs to kill before I sleep"|| =========/---vvvv-------VVVV------------|I|----------------------------------/ / . : . ' : ' |D| This signature pannel is / / The Next Bug to kill(tm) --- now open. / /___________________________________________________________________/ From die at pig.jjm.com Wed Aug 3 22:11:53 1994 From: die at pig.jjm.com (Dave Emery) Date: Wed, 3 Aug 94 22:11:53 PDT Subject: Radio Encryption Message-ID: <9408040509.AA07870@pig.jjm.com> Many US private and governmental radio services licensed by the FCC permit encryption, especially if the license applicant can show some need. As far as I am aware, there are absolutely no requirements in the FCC regulations mandating key escrow, disclosure, or retention or any restrictions on the strength or type of crypto used. At most there may be a requirement to disclose the type and/or technical details of the crypto system as part of a license filing, but no requirement for key disclosure at any time. As any ham knows, the amateur radio service is the one major exception to this rule. Hams are not permitted to encrypt or deliberately obscure the meaning of a communication by any other technique. This is usually justified as a measure to protect the amateur radio service against abuse by commercial interests who might otherwise be able to transmit encrypted traffic on ham frequencies with relative impugnity, and as a means of ensuring that the rules and regulations can be enforced. This regulation probably had its origin in the 1920s or 1930s, however, and may have been originally actually primarily intended to prevent use of coded long distance radio communications by rum-runners and spies. Many current generation private point to point commercial microwave and domestic satellite systems use encryption or at least provide it as an option; I have never heard of any requirement for key escrow or disclosure here either. And, of course, an increasing number of radio delivered broadcast or multicast services such as stock quotations and sports scores transmitted over SCA subcarriers and satellite transmissions of cable TV programming and sports events are being encrypted to protect the commercial interests of the copyright holders against real or imagined losses from piracy. I do not know whether cypherpunks believe in intellectual property or not, but to many others this is understandable, and in fact more understandable than passing laws making mere interception of radio signals a crime. Further, there is no current restriction preventing a user of the current analog cell phone system from transmitting strongly encrypted data with a modem over a voice channel or even low bit rate encrypted digital voice. This is not illegal or restricted by any US or state tariffs that I have ever heard of. Recently the FCC has allocated certain frequency ranges for completely unlicensed use (notably the band between 902-928 mhz) by devices radiating limited power. Devices operating in this band may use any kind of encryption the user desires and do not require anything other than FCC type approval (you can't build them yourself or modify them without going through a formal (and expensive) type approval process however). Using correct antennas and a path free of major obstuctions such as hills or a large building these spread spectrum devices can securely communicate over ranges measured in miles without any kind of license being required. And in the near future certain other regions of the spectrum will open up to low power unlicensed use, again without any restrictions on encryption. I have a friend who has obtained a FCC license for using DES encrypted HT's on the itinerant VHF frequencies allocated for temporary business at random places use by such things as road-show crews and construction companies; all he had to do was explain that he bids at surplus auctions and needs to keep his future bids confidential and he got the license without trouble. He certainly has had no requirement to disclose or archive the keys he uses or even certify that the radios are actually using DES in a particular mode (he could use 3-DES). So it is simply not true that use of encrypted radio transmissions within the domestic US is restricted or forbidden by treaty or even inaccessible to private citizens of ordinary means. Encrypted international radio communications may be another matter, however, but domestic stuff is fine. Dave Emery N1PRE die at pig.jjm.com From khijol!erc at apple.com Wed Aug 3 23:09:28 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Wed, 3 Aug 94 23:09:28 PDT Subject: broadcast encryption In-Reply-To: <9408031931.AA09915@apple.com> Message-ID: > The idea behind allocating frequencies for amateur use is that hams could > engage in a hobby with no commercial use which provides an infrastructure > for emergency public service communications. To prevent any commercial use > of those frequencies, to facilitate enforcement of the rules, and to > facilitate the participation by anyone who obtains the proper knowledge and > equipment, it is illegal to transmit in a way that "obscures the meaning" > of the transmission to people who would want to listen in. So, for example, > morse code and ASCII are the only exceptable digital codes, and various > modulation techniques are standardized as the technologies are developed. Actually, data compression doesn't fall under this restriction, because the primary intent is not to obscure the meaning - it is to facilitate more efficient of the spectrum. If you want to apply for an STA (which I hear the FCC is pretty liberal about) you can do pretty much what you want to do. If memory serves, this is how ASCII packet was developed and also spread spectrum. -- Ed Carp, N7EKG ecarp at netcom.com, Ed.Carp at linux.org "What's the sense of trying hard to find your dreams without someone to share it with, tell me, what does it mean?" -- Whitney Houston, "Run To You" From j.hastings6 at genie.geis.com Thu Aug 4 00:14:40 1994 From: j.hastings6 at genie.geis.com (j.hastings6 at genie.geis.com) Date: Thu, 4 Aug 94 00:14:40 PDT Subject: L.A. area Karl Hess Club Message-ID: <199408040714.AA160904452@relay2.geis.com> -----BEGIN PGP SIGNED MESSAGE----- "Extremism in the defense of liberty is no vice, and let me remind you, moderation in the pursuit of justice is no virtue." - - Karl Hess Cypherpunk-related meeting in LOS ANGELES (West side) CALIFORNIA U-S-A- - ----------------------------------------------------------------------- The following text was written by SEK3: - --- T H E K A R L H E S S C L U B --- invites you to attend our third meeting on Monday, August 15, 1994 beginning the first in a series of debates on current libertarian movement issues: How Does THIS Smash the State? To be fair we start with a division within the Agorist Institute itself... Resolved: TECHNOLOGY will ABOLISH Government. For the Positive: J. Kent Hastings, Assistant Director, AI; author of "The Information Underground Railroad" in Agorist Quarterly #1 For the Negative: Samuel Edward Konkin III, Executive Director, AI; Editor, AQ#1; creator, New Libertarian. Will cypherpunks drag David Rockefeller kicking and screaming from the Trilateral offices to face justice? Will you be able to pay for this dinner by an e-mail check? Cheer the brilliant young hacker, future of our movement, or the grizzled old movement founder, or our favorite candidate--None of the Above! [Next debate: Working from Within] TIMES: 7 pm, dinner. 8 pm Agorist Institute presentation. 8:15 announcements. 8:30 pm DEBATE PLACE: Hasmik's Family Restaurant, 9824 National Boulevard In Cheviot Hills Center, National Exit from Santa Monica (10) Freeway. (310) 204-1591. Order from menu: "No menu item over $9" Beer and wine available. Photography, si! Only two rule changes: Leave at 11 rather than midnight and (gasp!) no smoking! Smokers will be invited to nearby private luxury apartment after 11 pm--non-smokers are always tolerated. Buses: Note that MTA buses are running; however, the closest route is the Santa Monica (blue buses) #12 route until 7 p.m. Busers will have a car shuttle to Venice Blvd. for nearby all-night service. Kent - j.hastings6 at genie.geis.com Ham radio AX25: WA6ZFY @ WB6YMH.#SOCA.CA.USA.NA -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLkAlfDQYUX1dU7vxAQHnXQQAl2i9lgWoNqRPePv+wDP4a9TkHLcPK7KM K+JOpNQGGn78jvdmWXGjdRKs7w9sYjzV8aPNdHHkd8W06r/GQ7wToe3WmFCsCNbJ SCVEEHq6EUt9pkdcqu6T7a37LSrZTzYB/dVZ3jo3hMaYNyGf2cU+fYWB1743kXwu 6rRNuu6Qd2c= =sfqy -----END PGP SIGNATURE----- From a.brown at nexor.co.uk Thu Aug 4 01:01:41 1994 From: a.brown at nexor.co.uk (Andrew Brown) Date: Thu, 4 Aug 94 01:01:41 PDT Subject: Steganography (Was Re: What kind of encryption to incorporate?) In-Reply-To: Message-ID: On Wed, 3 Aug 1994, Brian Lane wrote: > is this a DOS only program, or are you distributing source? > Where can I FTP it from? Windows 3.1 shareware, you get source if you register. If you want to take a look then try: ftp.dsi.unimi.it /pub/security/code/s-tools2.zip (I think!) The gzip steganography patches that I made are freely available from: ftp.netcom.com /pub/qwerty/Steganography I was particularly pleased with myself when these worked, since it demonstrates that you don't need sampled data in order to hide information. Regards, - Andy From greg at ideath.goldenbear.com Thu Aug 4 01:28:13 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Thu, 4 Aug 94 01:28:13 PDT Subject: Remailer stuff Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Sorry if I'm being dense - will someone please E-mail me and tell me why outgoing-only (or incoming-address-unavailable) remailers are useful? Also, with respect to getting the addresses of working remailers from a newsgroup - it may not be a good idea to treat any address advertising itself as a remailer as a useful remailer. Remailer 'x' may well be run by a remailer-hater who publishes its traffic openly, archives it for sale to the highest bidder, is a front for the NSA, etc. I'm only inclined to trust remailers run by people I trust; or maybe those with keys signed by "C-punx Remailer Certifying Service". It's important to let the user have some degree of control over which remailers are used. (The newsgroup does seem like a nice way for remailers to indicate they're still active, though.) Are people really interested enough in more advanced measures to protect privacy that they're willing to pay for them? The digital-postage remailer stuff sounds interesting to me - but I have a hard time believing that people will pay (and go through extra hassle) to get the same functionality they already get with existing remailers. I've also considered setting up a privacy-friendly Internet site; I believe that Sameer Parekh has already done so. I don't remember seeing anyone but Sameer post from his site, however. I don't mention this to slam Sameer but to point out that perhaps people aren't interested enough in privacy to want to go to much extra trouble to get it. (Of course, everyone posting to the list now is already known as a list member - switching to a privacy site wouldn't add much.) I agree that it would be nice to have privacy-friendly Internet access available - I agree strongly enough that I'm willing to work towards providing it - but I'm reluctant to commit hundreds of dollars per month to set up a site that won't attract enough business to even be self-supporting. Would it be worth $5 or $10 per month to folks to have a mailbox they used via IMAP or POP, or $20 or so for a shell account on a box at the end of a 56K feed? (I don't see C-punks as a very big fraction of the customers of such a site, but I'm surprised that there doesn't seem to be more interest in practical privacy stuff.) -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLkChoH3YhjZY3fMNAQFVvQP/b2g8rgUaxWkdBR34DqMfR6T8bDZOhDmo gATzHduPlbFTWsz2BV6ME/XgHJAxJAT14kZx8vTEKy/y3PgR7tg4zz0pcj+shZWB BZlatH8EpZNffxO+yBF0B9Ur7HC7QrwixhVu7LjFmDwgKEnpRF/w54K8I0eXTfEh PpMXeFvVKkw= =T9pL -----END PGP SIGNATURE----- From tcmay at localhost.netcom.com Thu Aug 4 02:09:41 1994 From: tcmay at localhost.netcom.com (Timothy C. May) Date: Thu, 4 Aug 94 02:09:41 PDT Subject: Voluntary Governments? Message-ID: <199408040909.CAA25693@netcom5.netcom.com> [If you don't want to read about this stuff, don't. Just don't claim it's not a valid list topic, as some are wont to do...often after first making their own comments :-}. The issues of taxation, government, anarchy, and cyberspatial institutions are important topics for a list like "Cypherpunks." If the *beliefs* are not to be talked about, but only code is to be written, then _what_ code? Code that helps ensure tax compliance? Code that helps government control "cyberspace criminals"? We've seen recent discussions about religion, the need for values, etc. Many of us are opposed to the specific views raised, but since there is no "official party line," the way we work on these issues is through discussion. Besides, any arguments people actually type in themselves are worth at least deciding whether to read them or not....I'll change my opinion if completely off-topic posts on topics like abortion, the purported need for national health care, and the war in Bosnia begin to dominate the discussion. Until then...] Where to begin? Jason Solinsky and Mike Duvos argue for a kind of voluntary, donation-supported, non-coercive, service-providing government, funded voluntarily by citizens who presumably think they are getting their money's worth. Well, this is first of all a *very nonstandard* interpretation of "government"...more on this later (and how the idea of "privately-produced law" figures in). I'm skeptical that governments would give up their current use of coercion, or threat of coercion (the fallback position that gives their various edicts more teeth than, for example, my edicts or your edicts). I'm even more skeptical that the current bloated state could be funded by the small fraction of the population that--in my opinion--would make donations. (Mike has argued elsewhere that his concept is of a utopian state much smaller than we have today....an even less likely possibility unless that bloated state is starved to death by the methods many of us advocate...but this is another discussion.) >solman at MIT.EDU writes: > >[other excellent stuff elided] > > > Imagine if the government stopped trying to force people to > > join it. Or imagine if they tied decision making power to > > how much you pay in taxes. The more you pay, the more say > > you get. After accepting the idea that government is a Without the legal monopoly on coercion, this so-called "government" would be just another service provider, like Safeway or Goodyear or K-Mart. Economies of scale work against a large, slow-moving bureaucracy, so the so-called goverment would devolve quickly into multiple small pieces. This is the "anarcho-capitalism" many of us argue for, so I won't argue against it here. I just wouldn't call it "the government" anymore. As soon as "the government" gives up its use of force, allows competitors in all areas, and is run by donations or fees, it is no longer "the government." [I promised to mention "private produced law," or PPL. This is the notion of multiple, competing legal systems. A fictional treatment of this can be found in Neal Stephenson's novel "Snow Crash," and a more scholarly treatment can be found in David Friedman's "The Machinery of Freedom" and in Bruce Benson's "The Enterprise of Law." I don't have time now to go into this in more detail.] The specific point about "imagine if they tied decision making power to how much you pay in taxes" was tried a while back: only tax-payers could vote. I'm all in favor of this, but I doubt many of my fellow citizens are. (And to some extent we have this, through bribes and influence-buying. Campaign contributions, etc.) Would anyone choose to pay more in taxes for an increased voting share? Hardly. Do the math on how influential any one vote is in an election. For specific cases, maybe. Again, that's how influence-peddling arises. Not a very healthy development, even for a cynic like me. (I view governments as protection rackets. The last thing we need is a bidding war between various sides in a dispute.) > > product by which you get the warm fuzzies of giving to > > society, government could make itself into a more desireable > > product by undertaking changes like these. The possibilities > > are endless in this reguard. Its very easy for me to imagine > > a government in cyberspace which is substantially more > > successful at collecting taxes than the IRS. For a very few services, this could be so, with the caveat mentioned above, that "the government" would cease to exist as a monolithic organization. If for some reason it was required to remain a large, monolithic organization, then I'm quite sure it would collect much less revenue than it now does. The people paying the taxes would seek alternative providers for almost everything, leaving only a few areas "better" served by "the government." (And maybe not even these, as things like roads, defense, etc. couldn't be held as a monopoly by the Feds unless coercion was used...in Jason's purely voluntary system, the government would lose even these valuable properties. But I digress.) Mike D. enthusiastically endorses Jason's ideas: >The notion of government as a product which must compete on an >equal footing with others in society definitely wins "Nifty Idea >of the Week" in my book. > >Reminds me of something TS Eliott once said. "If only we had a >system so perfect it did not require that people be good." >Perhaps "government in cyberspace" will be the first working >example of this paradigm. I have a problem with the whole notion of calling a voluntary, self-selected, market-driven system a "government" of any kind. Yes, it is something people may voluntarily join, but so are country clubs, book reading groups, and mailing lists. And the decision to shop at Safeway one day is a temporary joining of such an instantiated group. But these things ain't governments! This is not just semantic quibbling. If we say that such groups are voluntary, but can vote on "rules" or "laws" which all must follow, then the voluntary nature means people can freely leave, can choose not to abide by the rules, etc. Hence the rules are toothless. There *are* forms of organization in which bad behavior has implications, such as banishment, shunning, etc. But this is true of the country club, or this mailing list...acting like a bozo has implications. Some might call these governments of a sort, but I don't. (Iceland in the Midle Ages is often cited as such a thing, Cf. Friedman.) But it is simply poor strategy as well as being poor semantics to label the voluntary social and economic interactions as being some kind of "government." Call them what they are: market interactions, agoric systems, or voluntary associations. Normal life is like this...families, girlfriends and boyfriends, freedom to associate as one pleases, free markets, anarchy in book and music selection, etc. And these systems work pretty well--or at least a lot better than the corruptions and absurdities of government-run programs. They don't require that people be "good," only that people understand the consequences of their actions, the value of a good reputation, and the punishment that will be meted out to the few who nevertheless transgress against a few basic rules. (I mention the need for violence because without some punishment, or removal by some affordable means, the "wolves" proliferate. To make this less abstract: no laws except for a very few laws about murder, theft, rape, etc. Enforce those laws ruthlessly, and the wolf population is kept in check. a fedback mechanism suppresses wolf formation. Ignore these laws, delay justice, and proliferate thousands of economic and social laws--such as the "dietary laws" also known as drug laws--and the wolf population will proliferate. A feedback mechanism that encourages more wolves to form Look at inner cities. Look at South-Central L.A.) (No offense meant to wolves or other predators here.) And these systems don't have to wait for implementation at some future time in cyberspace....they already exist all around us. Just don't call them governments, because they ain't. "Why doth governments never prosper? For if governments doth prosper,none dare call it government." --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From Stu at nemesis.wimsey.com Thu Aug 4 04:45:31 1994 From: Stu at nemesis.wimsey.com (Stuart Smith) Date: Thu, 4 Aug 94 04:45:31 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) In-Reply-To: <199407282120.RAA07884@cs.oberlin.edu> Message-ID: <2e3ff46f.nemesis@nemesis.wimsey.com> -----BEGIN PGP SIGNED MESSAGE----- In article <199407282120.RAA07884 at cs.oberlin.edu> you write: >One naive solution would be for remailers to have a "ping" function. I could >send a remailer a "ping" message, and it would just bounce some acknowledgement >back. More likely, my software could do this periodically, and keep track >of which remailers are down, or non existent, and not use those. >The problem here is that an eavesdropper could get knowledge of which remailers >I am planning on using, which could help traffic analysis enormously. >The "ping" function could support anon encryption block, so that I can >ping a remailer through several other remailers anonymously. This is an >improvement, but the traffic generated by lots of people periodically doing >this is going to be enormous. As it is in any implementation of this sort. >[If you wanted to, you could make the remailers "ping" now by yourslef, just >have a message resent to yourself. But we can't all do this automatically often, >simply because of the traffic it woudl generate. I think.] I thought extra useless junk traffic was one main objective of a remailing network? The more the better.. As far as the idea that an eavesdropper could tell which remailers you are going to use - they already know. They can ping the same sites you do and as long as you ping *every* site you know of, instead of just the ones you'd like to use on any given message, this doesn't give the spooks one iota of new information. >All participating remailers would post an "i'm here" message on it >periodically, say once every 24 hours. This message would include the >remailers public key as well. My local software could scan this newsgroup. As long as the key isn't trusted just because it was in the newsgroup - this sounds workable. Or, each remailer could have a mailing list of addresses it sends the "i'm here" message to. Again, this gets the spooks no new information - if you use a remailer even once, you have to assume that if some one was watching closely enough, they *know* you used the system, and they *know* your chosen destination received a message from the system. They just can't figure out who sent what to who. >at the idea solution, but there's got to be some way to create a remailer-net >that will allow my local software to generate long remailer chains to remailers >that are all still existent (now, if one of the remailers included in my This seems backwards to me - I think what you want is local software that is smart enough to figure out the state of the remailer-net. You needn't rip apart nor rebuild the whole net, just write some code :) - -- Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba E7 E3 90 7E 16 2E F3 45 * 28 24 2E C6 03 02 37 5C Stuart Smith -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkACeai5iP4JtEWBAQHmFAQApaJMGuDPGHCtEBcfFV6kfGNAwx0fuTgO jQ8yp10UHbe8ItfmjTZBFdHY4zfnPFIL6htn+6gcmOygj6OFEu320r+hA4u3Q7s/ opSaL72kAM53MQOHLabnZ80eEWQts3PWE1i4SfuGomkHKi5BZOUA5HwC+5DF4zTk 7RkW5E7f7a8= =xUgv -----END PGP SIGNATURE----- From Stu at nemesis.wimsey.com Thu Aug 4 04:45:35 1994 From: Stu at nemesis.wimsey.com (Stuart Smith) Date: Thu, 4 Aug 94 04:45:35 PDT Subject: Please verify key for remailer@soda In-Reply-To: Message-ID: <2e3ff22c.nemesis@nemesis.wimsey.com> -----BEGIN PGP SIGNED MESSAGE----- > Hello fellow C'punks! As my last message said (for those who read >it), I'm just getting into anon remailers. I just picked up the docs and >PGP key for the remailer at soda. I would appreciate it if people would send >me fingerprints of the key. This is so that I know it hasn't been tampered >with, or at least can be reasonably sure. Thanx, in advance! I hope we're all clever enough to realize that this is not very good key verification. If a spoofer has managed to spoof the key to soda that you got, then he will spoof the fingerprints that everyone sends you. Finding a way to do this that can't be spoofed is nontrivial. However, you can take some reasurance, IMO, in the idea that if someone was spoofing any given widely held key, such as that to a remailer, someone would, eventually, smell something fishy. i.e. one day you go to mail a message to a soda from a different account only to have it fail because your other account provider was spoofing you. - -- Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba E7 E3 90 7E 16 2E F3 45 * 28 24 2E C6 03 02 37 5C Stuart Smith -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkAANqi5iP4JtEWBAQEKmgQAlFGaYWRv9PzupM20SWghzP/oJg/j9B8u +bXXMLHFEAk3tXhv3iYHr33f1Gs3D1IhCdz1tFbmyqwVjxUBxjU5s5EF1DEaPWA6 EMt6IFRwYS3WR2qhDsxn5QDeEMzETrO1xzGyNYbCERxlGAqgr6K5EGtzshoAxOmq 6VkURwSe3rY= =R3sY -----END PGP SIGNATURE----- From perry at imsi.com Thu Aug 4 05:01:41 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 4 Aug 94 05:01:41 PDT Subject: Egalitarianism vs. Strong Cryptography In-Reply-To: <199408032305.QAA18526@netcom15.netcom.com> Message-ID: <9408041201.AA14145@snark.imsi.com> Mike Duvos says: > Perry E. Metzger writes: > > > If I told you that I could save you tens of thousands of > > dollars a year just by using some simple to use software, > > would you do it? Well, if you had some simple to use > > software system that allowed you to escape from the above > > ground economy, you could personally save tens of thousands > > a year. > > I am not convinced such software exists, Of course it doesn't exist yet. > or that it would of necessity be "simple" or "easy to use". Thats a simple matter of programming, not a matter of infeasability. > Once standards are created for commerce over the Net and the > collection of the VAT, you are pretty much locked into using them if > you wish to do business with any vendor of significant size. I'm not certain you understand the tremendous economic pressure that taxes bring to bear. > > What makes you think the VAT will be small? > > Bear in mind we are talking about a Utopian society of the future > with a downsized government. Since such a society is unlikely to show up any time soon, I'd say that the odds of my scenario of the future coming true exceed the odds of your vision of the future coming true. > > What makes you think it will be inconvenient? I know of two > > pizza places in Manhattan where they very likely don't pay > > taxes and where you can also buy drugs. > > I know of some places on the Internet where I can chat with > people using a version of Unix talk which encrypts. But if I > want to talk to some random person, I am probably stuck with > using the default version which does not. > I have little hope of convincing people to make the encrypted one a > standard, in spite of the fact that all they would have to do is > spend a few minutes to FTP it. Well, not for long. The IETF Working Group on IP security has just come to consensus on an IPSP protocol -- in the not that distant future it won't be necessary to alter any applications software in order to have it operate over an encrypted channel. > Encrypting everytime I use "talk" is therefore somewhat > inconvenient. A complete escape from the above-ground economy in > a society heavily dependent on electronic transactions would be > even more so. Thats not a valid analogy. There are tens of millions of people in the underground economy right now -- in a society already highly dependant on electronic transactions. There is no economic incentive for most people to encrypt their talk sessions -- but there is a great economic incentive to evade taxes. > In a society where taxes were managable, and put to a use all > citizens felt was worthy, such forces would be much less and > there would be enormous peer pressure on individual citizens to > do their fair share. And if my grandmother had wheels she'd be a bicycle. It isn't happening now -- the trend is towards larger taxes, bigger government and more repression, not less. You can't wave a wand and have your vision implemented -- nor is there anything you could personally do towards implementing your vision. On the other hand, the only thing standing between my scenario and reality is someone hacking for about six months, and some offshore banks deciding to go into the business. Perry From paul at poboy.b17c.ingr.com Thu Aug 4 05:56:15 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Thu, 4 Aug 94 05:56:15 PDT Subject: New book on public key law Message-ID: <199408041258.AA09638@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- There's an announcement in the latest comp.risks digest about a new book on public key law & policy. I've reproduced parts of the abstract below. It sounds pretty interesting. - -Paul >Date: Sun, 31 Jul 1994 08:51:33 -0400 (EDT) >From: Michael S Baum >Subject: Report Released on Public Key Law and Policy > **NEW INFO. SECURITY BOOK ON PUBLIC KEY LAW & POLICY** TITLE: FEDERAL CERTIFICATION AUTHORITY LIABILITY AND POLICY -- Law and Policy of Certificate-Based Public Key and Digital Signatures AUTHOR: MICHAEL S. BAUM, J.D., M.B.A. Independent Monitoring Report No. NIST-GCR-94-654 450+ pages, highly annotated; multiple appendices; indexed. U.S. DEPARTMENT OF COMMERCE National Institute of Standards and Technology Produced in support of the Federal Government's public key infrastructure study, this book identifies diverse technical, legal and policy issues affecting a certificate-based public key cryptographic infrastructure utilizing digital signatures supported by "trusted entities." It examines potential legal implications, surveys existing legal paradigms and the structures and roles of relevant governmental agencies and presents various institutional approaches to controlling liability. It considers the underpinnings of a legal and policy framework which might serve as a foundation for security policies and their implementation and concludes with a series of recommendations, both general and specific concerning certificate-based public key. Both public and private sector issues are addressed. [ .. elided .. ] SUMMARY OF CONTENTS: - - PREFACE - - ACKNOWLEDGMENTS - - TABLE OF CONTENTS I. INTRODUCTION II. SCOPE III. DEFINITIONS IV. ASSUMPTIONS V. SURVEY OF FCA ACTIVITIES CREATING LIABILITY EXPOSURE VI. LEGAL CONSIDERATIONS VII. FCA INFRASTRUCTURE - PROPOSALS AND PARADIGMS VIII. SURVEY OF, AND APPROACHES TO, TRUSTED ENTITY LIABILITY IX. OTHER APPROACHES TO MITIGATE LIABILITY X. CONCLUSIONS AND RECOMMENDATIONS XI. APPENDICES XII. GLOSSARY XIII. INDEX OBTAINING COPIES: Copies may be purchased through the National Technical Information Service, Springfield, Virginia 22161, U.S.A., Phone +1 (703) 487-4650 or 1-800-553-6847. Request NTIS Document No: PB94-191-202. Cost: $61.00 [ .. ABOUT THE AUTHOR elided .. ] - -- Paul Robichaux, KD4JZG | "Information is the currency of democracy." perobich at ingr.com | - some old guy named Thomas Jefferson Of course I don't speak for Intergraph. - -- Paul Robichaux, KD4JZG | "Information is the currency of democracy." perobich at ingr.com | - some old guy named Thomas Jefferson Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkDl46fb4pLe9tolAQFMgQQAvjuMgOxXArhyu3GXZHdpNf3ZgZpQMI4H E/DXESVRsK0adydt3cexOXMVxlzEPYM7IEqnumAx2qX3Mx0l0xAKtPnn9f09BS92 dwG/hOInI6dekvkB/4xJOGLWYfM0z3k+QuyzK+xyhEhNHspHDJIvpc7Yo3jr0GJz 1p5A0OZYa1o= =j4Qb -----END PGP SIGNATURE----- From solman at MIT.EDU Thu Aug 4 06:30:37 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Thu, 4 Aug 94 06:30:37 PDT Subject: Voluntary Governments? In-Reply-To: <199408040909.CAA25693@netcom5.netcom.com> Message-ID: <9408041330.AA03044@ua.MIT.EDU> > > > Imagine if the government stopped trying to force people to > > > join it. Or imagine if they tied decision making power to > > > how much you pay in taxes. The more you pay, the more say > > > you get. After accepting the idea that government is a > > Without the legal monopoly on coercion, this so-called "government" would > be just another service provider, like Safeway or Goodyear or K-Mart. Well isn't that how its supposed to be? The entire justification for having a monopoly in the "government market" (:-) in the physical realm is that it would be impractical to have multiple governments in one physical location. Nobody would know who is following which laws and confusion would reign. In cyberspace, the default condition is that there is no interaction. Communication requires agreement by both parties. During this agreement, the laws (contracts, whatever) that the two parties follow can be communicated by each party to the other, and if party A does not feel that party B's laws provide him with enough protection from B, he can refuse contact until B agrees (at least for the duration of the communication) to more constraining laws. The cost of such a transaction will likely be negligible in cyberspace. There is thus no longer a problem with different following different laws coexisting in the same place at the same time, and it no longer makes sense to allow one entity to have a monopoly on government. > Economies of scale work against a large, slow-moving bureaucracy, so the > so-called goverment would devolve quickly into multiple small pieces. Kewl. > The specific point about "imagine if they tied decision making power to > how much you pay in taxes" was tried a while back: only tax-payers could > vote. I'm all in favor of this, but I doubt many of my fellow citizens are. I remember reading a short story a long time ago which was about an individual filing his taxes and about how proud and excited he was to do so. The government in the future had changed things to allow citizens to specify where they wanted their tax dollars to go to and the result was that they came to view filing taxes as a positive event. Now clearly this one change would not suddenly convince everbody that taxes were a positive event, but it would go a long way towards that and it would be an excellent marketing ploy for a non-monopoly government (or civic enterprise if your prefer). [Side note, I am in the process of convincing the MIT UA to adopt a similar measure where students would control where up to 70% of the per student money goes. It turns out that such a change would have a minimal impact in terms of where the money actually goes, but it would have an enourmous impact upon the feelings of the student body towards the UA (or the civic enterprise as the case may be). So when I say marketing ploy, I really mean it.] > I have a problem with the whole notion of calling a voluntary, > self-selected, market-driven system a "government" of any kind. Yes, it is > something people may voluntarily join, but so are country clubs, book > reading groups, and mailing lists. And the decision to shop at Safeway one > day is a temporary joining of such an instantiated group. But these things > ain't governments! > > This is not just semantic quibbling. If we say that such groups are > voluntary, but can vote on "rules" or "laws" which all must follow, then > the voluntary nature means people can freely leave, can choose not to abide > by the rules, etc. Hence the rules are toothless. First of all, I think that government is in a very specific business, the business of providing security (note, infact, how many of the government's programs are labled "insurance" of some kind). FDA restrictions, welfare, medicaid, anti-gun laws, the military... they are all intended to make sure that the citizenry need not worry about these things, to make sure the the people feel secure. For now, however, I'd like to define governments as entities that try to use some form of coercion to get others to follow its rules. My definition of government is as follows: governments are civic service providers which by their design attempt to impose a consistent set of rules on a diverse group of entities. In the physical world, the word impose usually translates into puting a gun by your head. In cyberspace, the word impose translates into placing stipulations on contact between people who follow the rules of the government and people who do not. Charging "aliens" penalty taxes during economic transactions, and refusing contact altogether are examples of cyberspatial government imposition. I do not find it difficult to imagine extremely large cyberpatial governments that depend entirely on these voluntary economic forms of coercion. In fact, unless some sort of enourmous cultural change were to occur, I find it extremelly likely that except for some fringe groups (like ourselves :) most citizens of Western nations would wind up belonging to large cyberspatial "nations", each with international treaties that govern the interaction between "citizens" of different "nations". So my claim is this: Without extreme cultural upheaval, it is highly probable that voluntary economic coercion alone will be sufficient to allow big government to move from the physical realm into cyberspace. Certainly the relationship between the citizenry and the government will change when government becomes voluntary. But when Joe Average gets wired, he will happily join whatever government that the authorities that be tell him is the right one for him to join without giving a second thought about the philosophy behind the existence of government. Nor will Joe think about how difficult it would be to create an annonymous pseudonym that was not a "citizen" of a "cybernation" and could not be linked back to his own identity or damage his primary identity's reputation. Joe probably won't even know what the word escrow means when the personal government agent he choses (because it was convieniently labled USA) secret splits his private key and sends the halves to the NSA and the FBI. JWS From jacksch at insom.eastern.com Thu Aug 4 04:04:07 1994 From: jacksch at insom.eastern.com (Eric Jacksch) Date: Thu, 4 Aug 1994 07:04:07 -0400 Subject: Encryption Message-ID: Dear Sir: I read with interest your article in July/August 94 Internet World regarding the CLIPPER chip. I presently operate a small systems consulting and software development business in Toronto, Canada. I have a background in Criminology, and an avid interest in data security. With the present state of technology, and the trends with regard to industrial espionage and invasion of personal privacy, I believe that individuals and businesses should have the ability to protect their electronic data with the best availible technology. I am extremely concerned with recent events in the United States and the apparent attempts to handicap the computer security industry. It bothers me that the U.S. administration wants this type of access to encrypted data. While I certainly support our law enforcement agencies in many of their noble efforts, I have difficulty with the implications of the CLIPPER chip with respect to personal privacy and I find it an alarming precident. As a Canadian business, I am not effected by the same repressive export restrictions faced by U.S. manufacturers of encryption products. As such, I am exploring the role that we could take with regard to this issue. I am interested in contacting Americans, particulary in the encryption area, who would perhaps like to see state-of-the-art encryption products availible from Canada for the international market. If you have any suggestions, or know anyone that I could contact, it would be greatly appreciated. Sincerely, Eric Jacksch P.O. Box 27539 Yorkdale Toronto, Ontario M6A 3B8 Voice: (416) 248-9720 Fax: (416) 248-4805 From jeffb at sware.com Thu Aug 4 07:18:07 1994 From: jeffb at sware.com (Jeff Barber) Date: Thu, 4 Aug 94 07:18:07 PDT Subject: Voluntary Governments? In-Reply-To: <9408041330.AA03044@ua.MIT.EDU> Message-ID: <9408041413.AA08474@wombat.sware.com> solman at MIT.EDU writes: [ > T.C.May writes: ] > > Without the legal monopoly on coercion, this so-called "government" would > > be just another service provider, like Safeway or Goodyear or K-Mart. > In cyberspace, the default condition is that there is no interaction. > Communication requires agreement by both parties. During this > agreement, the laws (contracts, whatever) that the two parties > follow can be communicated by each party to the other, and if > party A does not feel that party B's laws provide him with > enough protection from B, he can refuse contact until B agrees > (at least for the duration of the communication) to more > constraining laws. The cost of such a transaction will likely > be negligible in cyberspace. Huh? This is gobbledygook. Get specific. What is it that party A is providing that would motivate party B to "agree to more constraining laws?" Or do I have it backwards; I can't even tell which of these parties is supposed to be a "government". > My definition of government is as follows: governments are civic service > providers which by their design attempt to impose a consistent set of > rules on a diverse group of entities. In the physical world, the word > impose usually translates into puting a gun by your head. In cyberspace, > the word impose translates into placing stipulations on contact between > people who follow the rules of the government and people who do not. > Charging "aliens" penalty taxes during economic transactions, > and refusing contact altogether are examples of cyberspatial government > imposition. This is just gobbledygook again. Please describe how a "voluntary" government would prevent "aliens" from conducting their own economic transactions completely outside this system. And what is meant by the phrase "refusing contact?" Does this mean that the government to which I don't "belong" will refuse to receive communications from me? How is this a penalty? > So my claim is this: > > Without extreme cultural upheaval, it is highly probable that voluntary > economic coercion alone will be sufficient to allow big government > to move from the physical realm into cyberspace. Perhaps. You certainly haven't explained how. ("voluntary" and "coercion" in the same sentence?) -- Jeff From jya at pipeline.com Thu Aug 4 07:40:12 1994 From: jya at pipeline.com (John Young) Date: Thu, 4 Aug 94 07:40:12 PDT Subject: US Postal Public Key Message-ID: <199408041439.KAA11110@pipe1.pipeline.com> The list Cyberia posted an article yesterday on the US Postal Service's plan to use a public key system for email. If anyone wants the full posting, email me; it's about 25K. Below are excerpts: Quote: Quebec City, Canada, August 3, 1994--The U.S. Postal Service has dramatically increased its commitment to the security of communications on the NII, with the announcement of Postal Electronic Commerce Services ("Postal ECS"), which will offer a nationwide public key certification service for the authentication of digital signatures used in paperless electronic commerce. Richard Rothwell, Senior Director of Technology Integration for the USPS, officially released the news today in Quebec City, in a paper delivered to an international working group of the Information Security Committee of the American Bar Association's Section of Science and Technology, which has been developing guidelines for public key certification authorities. [Speech is all in uppercase] * * * AS MANY EXPERTS HAVE NOTED, INCLUDING MANY OF YOU IN THIS ROOM, DIGITAL FILES AS A RULE ARE NEITHER AS SECURE NOR AS ELECTRONIC COMMERCE CONVEYS. BUT WITHOUT SOME METHOD OF SEALING A DIGITAL FILE TO ESTABLISH ITS CONTENTS, AUTHOR, AND TIME OF TRANSMITTAL, THE BENEFITS OF ELECTRONIC COMMERCE WILL INEVITABLY BE LIMITED TO HIGHLY STRUCTURED TRANSACTIONS BETWEEN PARTIES THAT KNOW AND TRUST ONE ANOTHER. * * * THE POSTAL SERVICE IS USING PUBLIC KEY ENCRYPTION TECHNOLOGY, AND RELATED TECHNOLOGIES, TO DEVELOP A PUBLIC KEY CERTIFICATION AUTHORITY AND A SET OF ASSOCIATED TRUSTED THIRD PARTY SERVICES WHICH WE CALL POSTAL ELECTRONIC COMMERCE SERVICES (POSTAL ECS). WHEN INITIALLY DEPLOYED, POSTAL ECS WILL PROVIDE A BASIS FOR ELECTRONIC ASSURANCES WITHIN AND AMONG GOVERNMENT AGENCIES, AND BETWEEN GOVERNMENT AGENCIES AND THEIR CONSTITUENTS. IN PARTICULAR, THE POSTAL SERVICE HAS DEVELOPED THE ABILITY TO:  ISSUE PUBLIC KEY CERTIFICATES AND STORE THEM IN A PUBLIC DIRECTORY;  PROVIDE FOR THE "SEALING" OF SELECTED DOCUMENTS OR OTHER ELECTRONIC OBJECTS AND ASSOCIATING THEM WITH A DIGITAL SIGNATURE AND A TRUSTED TIME AND DATE STAMP;  PROVIDE SERVICES FOR PUBLIC KEY CERTIFICATE PUBLICATION AND REVOCATION; AND,  PROVIDE THE ABILITY TO ENCRYPT CONFIDENTIAL INFORMATION MOVING BETWEEN THE USER ENVIRONMENT AND THE POSTAL ECS MANAGEMENT SYSTEM.  FINALLY, PROVIDE NEAR REAL-TIME ACCESS TO CERTIFICATES AND THEIR STATUS. THE CERTIFICATION AUTHORITY WILL ISSUE AND MANAGE X.509 PUBLIC KEY CERTIFICATES CONTAINING A PERSON'S X.500 DISTINGUISHED NAME, PUBLIC KEY, AND OTHER IDENTIFYING INFORMATION. USERS CAN THEN RETRIEVE A CERTIFICATE FROM THE POSTAL SERVICE, AND USE ITS PUBLIC KEY TO AUTHENTICATE A DIGITAL SIGNATURE GENERATED BY THE COMPLEMENTARY PRIVATE KEY. * * * THESE USER AGENTS CONTAIN STANDARD PROGRAMMING INTERFACES THAT LINK USER APPLICATIONS, CRYPTOGRAPHIC ROUTINES, AND ECS SERVICES TOGETHER. OUR INITIAL IMPLEMENTATION IS BASED ON THE DIGITAL SIGNATURE STANDARD (DSS) ALGORITHM SET; BUT OUR PLAN IS TO SUPPORT OTHER CRYPTOGRAPHIC OPTIONS SUCH AS RSA IN THE NEAR FUTURE. * * * IN KEEPING WITH THE PHILOSOPHY I HAVE ARTICULATED, LET ME SAY THAT THE POSTAL SERVICE, IN ANY DEVELOPMENT OF THESE PRODUCTS, INTENDS TO SUPPORT MULTIPLE CRYPTOGRAPHIC PRODUCTS IN THE MARKET PLACE. IN ADDITION, WE WILL NOT COMPETE WITH NETWORK SERVICE PROVIDERS, NOR WILL WE BECOME A NETWORK OR CARRIER. * * * End Quote. From frissell at panix.com Thu Aug 4 07:40:46 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 4 Aug 94 07:40:46 PDT Subject: I sell out Message-ID: <199408041439.AA17839@panix.com> They finally got to me. after fretting for years about how (melanin-rich) hordes of illegal aliens were poised to steal *my* job, I've decided that something has to be done. The turning point came this morning while reading about the report of the Commission on Immigration Reform. They have proposed a brilliant idea -- a national registry of the names and SS numbers of all *Real* Americans (as well as those sneaky legal aliens) so that employers can (would have to) verify that their prospective employees are legal. Since this is such a fabulous idea, I thought that we might help out by creating a Social Security Number Server on the nets to make valid names and SS numbers available to *everyone*. Nice WWW interface with forms support, etc. After all, since it's such a good thing to do, we should *help* the Feds by doing more of it. As you may know, there's a guy on alt.privacy who has been collecting SS numbers for a while (a perfectly legal activity). I will be contacting him to see if he would be interested in contributing the numbers that he has collected. Anyone else interested contact me. DCF Who is among the 2% of Americans (it's actually higher) not covered by the Social Security Act and who will be part of the 5% of Americans (again it will be much higher) not covered by the Health Security Act. From rfb at lehman.com Thu Aug 4 08:12:49 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Thu, 4 Aug 94 08:12:49 PDT Subject: I sell out In-Reply-To: <199408041439.AA17839@panix.com> Message-ID: <9408041510.AA29446@fnord.lehman.com> Date: Thu, 04 Aug 1994 10:39:00 -0400 From: Duncan Frissell . . . As you may know, there's a guy on alt.privacy who has been collecting SS numbers for a while (a perfectly legal activity). I will be contacting him to see if he would be interested in contributing the numbers that he has collected. Doubtful, according to his Q&A sheet. He will, however, trade one-for-one. Rick From dance at cicero.spc.uchicago.edu Thu Aug 4 08:16:09 1994 From: dance at cicero.spc.uchicago.edu (Squeal) Date: Thu, 4 Aug 94 08:16:09 PDT Subject: Voluntary Governments? Message-ID: <9408041515.AA10173@cicero.spc.uchicago.edu> >> > > Imagine if the government stopped trying to force people to >> > > join it. Or imagine if they tied decision making power to >> > > how much you pay in taxes. The more you pay, the more say >> > > you get. After accepting the idea that government is a >> >> Without the legal monopoly on coercion, this so-called "government" would >> be just another service provider, like Safeway or Goodyear or K-Mart. [JWS writes:] >Well isn't that how its supposed to be? [....] No. The object of government is to limit the freedom of the people it governs. The word is derived from "govern" which means "3. To control the actions or behavior of 4. To keep under control; *restrain*" [American Heritage Dict.] It would be great if government could be a service provider, or simply feel responsible for those it governs--but then it would not be a government any longer. It would also be nice if I won the lotto. ;) _/_/_/ _/_/_/ _/_/_/ _/ _/ All men recognize the right of _/ _/ _/ _/ _/_/ _/ revolution; that is, the right _/_/_/ _/ _/ _/_/_/ _/ _/ _/ to refuse allegiance to, and to _/ _/ _/ _/ _/_/_/_/ _/ resist, the government, when its _/_/_/ _/_/_/ _/_/_/ _/ _/ _/_/_/ tyranny or its inefficiency are _/ great and unendurable. --Thoreau, Civil Disobedience From hughes at ah.com Thu Aug 4 08:20:28 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 4 Aug 94 08:20:28 PDT Subject: Remailer stuff In-Reply-To: Message-ID: <9408041450.AA12817@ah.com> Sorry if I'm being dense - will someone please E-mail me and tell me why outgoing-only (or incoming-address-unavailable) remailers are useful? The original intention of remailers is to allow people _who already know each other_ to do so without revealing that fact to the outside world. I would suggest that this use of remailers, rather than pseudonymity, it much easier to integrate into existing mail software, and would at this point be a good next step. But we don't even have encryption and signing well integrated yet, so I'm not too hopeful today. My criterion for a successful deployment is when the authors of a mailer distribute encryption, signing, and remailing support as a basic part of their packages. True pseudonymity further reduces risk of linking physical identity to online identity, but simply concealing communication patterns accomplishes a lot of that already. Eric From snyderra at dunx1.ocs.drexel.edu Thu Aug 4 08:28:22 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Thu, 4 Aug 94 08:28:22 PDT Subject: broadcast encryption Message-ID: At 5:55 PM 8/3/94, Jonathan Rochkind wrote: >That kind of explains why encryption is not allowed on ham bands, but it >doesn't satisfy me. The difference between ham and other bands, is to use >other frequencies I've got to pay the FCC major money for a license, or >pay some commercial service provider who payed the FCC major money. Not quite. As someone else noted, there are unregulated (except for power and equipment) bands where no license at all is required. >With ham, I don't have to pay no one nothing, except maybe $10 for a ham >license. ham, or some other frequency reserved to work like ham, could easily >serve as a poor man's connection to the internet. Anyone with a desktop >PC can invest another hundred dollars or so, and have a really low >bandwith (2400bps) direct connection to the internet. You can do IP >over ham, although it's really dificult to do so currently without breaking >the law and losing your license. Doing IP over the amateur bands is easy, and is done by many people. Doing a connection to the Internet over amateur bands is hard. >A public ham or ham-like radio band would seem to be something the cypherpunks >would really like. It would definitely facillitate the creation of a sort >of blacknet type thing. The government has given the public citizens band, and >ham radio, if they're not going to open up ham so it can be used in the ways >I'm thinking of, why not take another hunk of spectrum and give it to the >public, specifically intended for digital transmissions (IP or otherwise). >This seems to be something we should be campaigning for, and the EFF >should be lobbying for. I don't object to your goals, but honestly, I think the EFF should be lobbying harder for some more important things, like killing the FBI's wiretap bill and getting cryptological export control lifted. Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From snyderra at dunx1.ocs.drexel.edu Thu Aug 4 08:30:39 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Thu, 4 Aug 94 08:30:39 PDT Subject: broadcast encryption Message-ID: At 3:37 PM 8/3/94, Brian Lane wrote: >and my Linux system. Maybe they'll changes the rules if enough 'new' hams >could get together. I say 'new' because there are alot of old hams who >like things the way they are - they even fought the change in rules that >allow no-code users to get a license without having to take morse code(a >waste of time in my opinion). This may be blasphomey on this list, but I don't have a problem with the restriction on obscuring the meaning of transmissions on the amateur bands. My reading of the rules (and I'd probably double-check with the appropriate persons at the American Radio Relay League before doing so) is that cryptology that doesn't obscure the message, like digital signature, is permitted. After all, the encrypted portion of the message is easily computed or decoded, so its meaning would not be obscured; it just couldn't be generated by anyone else. This could be a solution to a problem I've always had with the digital amateur radio operations: the ease with which someone could be spoof. It's very easy to configure your system to transmit with the callsign of another, or even with a non-existant callsign. This is possible with wired networks as well, but requires access to the machines or cables on the network. With wireless, you can do it from anywhere, and as long as you keep connections short, not get tracked down. With digital signatures, it is possible to authenticate every message, or even better, every packet, and ignore unsigned message/packets. Getting a ham radio license (within the US) is fairly simple. You take a test the questions come from a pool which is public knowledge, pay the volunteer examiners ~$5 to cover the cost of the test(s), and wait for the FCC to send you your 10 year license. No fee for the license itself, and no renewal fee. Given the public nature of amateur traffic, I don't see a problem with the restrictions. There is no such thing as "private communications" on the ham bands. Never has been. If you want such privacy, use one of the commercial bands where it's allowed. Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From jrochkin at cs.oberlin.edu Thu Aug 4 08:54:45 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Thu, 4 Aug 94 08:54:45 PDT Subject: Remailer stuff Message-ID: <199408041553.LAA01801@cs.oberlin.edu> > Sorry if I'm being dense - will someone please E-mail me and tell me > why outgoing-only (or incoming-address-unavailable) remailers are > useful? I'm not sure that they are. The idea is, that some people might want to philanthropically provide a remailing service without revealing their identity. (or, heck, do it for a profit with anonymous ecash). This is currently pretty much unworkable. If a system that provided a reliable decentralized remailer infrastructure (like I _think_ the one I've proposed does), then it might become more workable, but I'm not certain if it would cross the boundry into something actually practical. But it's an interesting idea. > Also, with respect to getting the addresses of working remailers from > a newsgroup - it may not be a good idea to treat any address > advertising itself as a remailer as a useful remailer. Remailer 'x' > may well be run by a remailer-hater who publishes its traffic openly, This is a valid point, but it exists in _any_ remailer system or infrastructure. It's safest to assume that some cypherpunks list members who set up remailers are actually NSA agents. If you chain your message through 15 or 20 remailers, as long as 3 or 4 of them are not "evil", you are probably in good shape. But there's certainly a chance that all 20 are evil; I don't see how the "alt.anonremailer.net" concept changes the odds of getting a chain of all evil remailers. And, yes, I agree that the wise person wouldn't indiscriminately use remailers from this newsgroup, but only use those whose keys are signed by someone he trusts. It's obviously up to the user _how_ to use this hypothetical infrastructure, and there are ways that it could be used that wouldn't give you very much security. But I'm confident that if used properly it wouldn't give you any _less_ security then the current system, which is basically people telling each other about new remailers, and manualy adding them to their PGP rings and such. From kkirksey at world.std.com Thu Aug 4 09:19:16 1994 From: kkirksey at world.std.com (Ken Kirksey) Date: Thu, 4 Aug 94 09:19:16 PDT Subject: Voluntary Governments Message-ID: <199408041618.AA29934@world.std.com> -----BEGIN PGP SIGNED MESSAGE----- >The specific point about "imagine if they tied decision making power to >how much you pay in taxes" was tried a while back: only tax-payers could >vote. I'm all in favor of this, but I doubt many of my fellow citizens are. > >(And to some extent we have this, through bribes and influence-buying. >Campaign contributions, etc.) > >Would anyone choose to pay more in taxes for an increased voting share? >Hardly. Do the math on how influential any one vote is in an election. For >specific cases, maybe. Again, that's how influence-peddling arises. Not a >very healthy development, even for a cynic like me. Heinlein suggested something similar (along with a few other "alternative" forms of government) in the afterword to "Who Are The Heirs of Patrick Henry" in _Expanded Universe_. Heinlein suggests: "A State where anyone can buy for cash (or lay-away installment plan) one or more franchises, and this is the government's sole source of income other than services sold competitively and non-monopolistically. This would produce a new type of government with several rabbits tucked away in the hat. Rich people would take over the government? Would the, now? Is a wealthy man going to impoverish himself for the privilege of casting a couple of hundred votes? Buying an election today, under the warm body (and tombstone) system is much cheaper than buying a controlling number of franchises would be. The arithmetic on this one becomes unsolvable...but I suspect that paying a stiff price (call it 20,000 swiss francs) for a franchise would be even less popular than serving for two years." Personally, I favor his government that requires an intelligence/knowledge test before a person can vote. I especially like his "Improving the Breed" variation on this one. :-) BTW, he also suggests the government in Twain's _The Curious Republic of Gondor_, but I've never read this book. Can anyone describe the goverment posited in this book? Ken ============================================================================= Ken Kirksey kkirksey at world.std.com Mac Guru & Developer - ----------------------------------------------------------------------------- And the Clinton administration launched an attak on people in Texas because those people were religious nuts with guns. Hell, this country was FOUNDED by religious nuts with guns. - P.J. O'Rourke -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkD2AusZNYlu+zuBAQHsoQP9F/DcR8QUMpdCz7nfLlsUE1+kbJRDb6FC h3/613tR3IqRcKCj15nIg0QLYGH+OtcgPRskAJypPupZOS7+IZkeUk2bOPg57K0t H8UQbXY/xoc2WOUBKGsnXQnoBYQPvftU/M0V7t9ygVqGVFKIMapoVt+nXxYIsBLa EV54B/+2fsg= =KhXR -----END PGP SIGNATURE----- From jim at bilbo.suite.com Thu Aug 4 09:43:35 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 4 Aug 94 09:43:35 PDT Subject: alt.anonremailer.net Message-ID: <9408041643.AA19502@bilbo.suite.com> > I'm not sure how big of a problem this is. A remailer which > was there 3 or 4 days ago is _probably_ still going to be > around. The software can look at the date on the article, > and ignore articles that took an enormous amount of time > to get there, like say 2 weeks or something. But I think 3 or > 4 days might be acceptable. What do you think? > It is certainly better than anything we have now. One nice thing about your idea is that it can be brought online in steps. It doesn't require all remailers to suddenly switch over to using alt.anonremailer.net. > I'm not sure what you mean by "ping". Any of the "ping" mechanisms you mentioned would work (some better than others). There's no need to limit the "ping" to a single mechanism. The "I am here" messages could have a field indicating the different "ping" mechanisms the remailer supports. Again, this could start out to by a NULL field, and could be added to incrementally, as remailers get more sophisticated. Jim_Miller at suite.com From corpuz at internex.net Thu Aug 4 10:11:11 1994 From: corpuz at internex.net (Chris Corpuz) Date: Thu, 4 Aug 94 10:11:11 PDT Subject: URGENT: Please Tell Congress to Allow Encryption Export Message-ID: <9408041706.AA05151@infobase.InterNex.net> House Intelligence Committee holds key to Crypto Export ask at eff.org June 9, 1994 *DISTRIBUTE WIDELY* Today, the U.S. State Department controls the export of most encryption, working closely with the National Security Agency (NSA) to limit products that provide real privacy, from cell-phones to PC software. A bill introduced by Rep. Maria Cantwell would instead give authority over non-military crypto exports to the Commerce Department. Commerce has much more reasonable regulations, with "First Amendment"-style unlimited publishing of publicly available software, including PGP, Kerberos, RIPEM, RSAREF, and mass-market commercial software. The bill also prevents the Commerce Dept. from tightening the regulations even if NSA somehow gets its tentacles into Commerce. A few months ago, you-all sent over 5600 messages to Rep. Cantwell in support of her bill, H.R. 3627. As a result, on May 18, the bill passed the House Foreign Affairs Committee by being incorporated into the Export Administration Act of 1994, H.R. 3937. Now the battle has become more intense. This portion of H.R. 3937 has been referred to the House Intelligence Committee with the intent to kill or severely maim it. We need your help again, to urge the Intelligence Committee to keep crypto export liberalization intact. The House and Senate Intelligence Committees, the only watchdogs for the NSA, tend to follow the agency's wishes when they wave the magic "national security" wand. They need plenty of input from the public that tells them that the nation will be *more* secure with good encryption, even though the NSA will be less happy. Not just computer users, but all users of telephones, cable TV, health care, and credit information systems would benefit from this change. The security of these applications is built on the foundation laid by the operating systems and network protocols on which they run. If this bill is passed, you will see high quality encryption built into Microsoft Windows, into the MacOS, into major Unix workstations, into the Internet, into cellular phones, into interactive television. The software already exists for confidentiality, privacy, and security of local and networked information, but it's not built-in to these systems because of the export ban. Today, each company could build two operating systems, one gutted for international use, but this would be costly and confusing for them and their customers, and would not allow international networks such as the Internet or telephones to be made secure and private. With this bill, these limits disappear. Furthermore, the Clinton Administration plans to permit high volume exports of Clipper products, while continuing to require tedious paperwork for truly secure encryption products. The bill would give Clipper and other crypto software more even-handed treatment. The bill also eliminates a senseless situation on the Internet. Today, crypto software can only be freely distributed from non-U.S. archive sites. It would eliminate that problem as well as the threat of prosecution against U.S. freeware authors of crypto software. This is the dream we've all been working toward. Here's how you can help to make this dream a reality. The Intelligence Committee must make its decision on the bill before June 17, so time is critical: 1) Fax a short letter TODAY to the chair of the Intelligence Committee, Representative Dan Glickman (D-KS). Ask him in your own words to leave the encryption provisions of H.R. 3937 intact. Use a positive tone ("Please support...") rather than a flame or a rant. One paragraph is fine. State your title and organization if you will look more important or better informed than the average citizen. Rep. Glickman's committee fax number is +1 202 225 1991. This is the best option, since individual letters are given the most weight by members of Congress, particularly when sent on letterhead paper. 2) If you are unable to fax a letter, send an e-mail message to Rep. Glickman at glickman at eff.org. Software or staff at the Electronic Frontier Foundation will either fax it in, or print it out and hand-deliver it for you. 3) Send a copy of this message to everyone you know in Kansas, and personally urge them to write to Rep. Glickman today. Letters from constituents get a lot more weight, since they are from people who could actually vote for or against him in the next election. 4) If your own Representative is on the Intelligence Committee, send him or her a copy of what you sent Rep. Glickman. There's a list of all such Reps. below. Even if we lose this battle, you will have started educating your own Rep. about crypto policy. 5) Become a member of EFF. Our strength comes from our members' strength. Send a note to membership at eff.org asking how to join. Thanks again for your help! You can check at any time on the current status of the campaign at the location below. Send any comments on this campaign to campaign at eff.org. John Gilmore Chairman, EFF Crypto Committee EFF Board of Directors Member of Computer Professionals for Social Responsibility Member of International Association for Cryptologic Research House Intelligence Committee Members ------------------------------------ Subcommittee phone: +1 202 225 4121 Subcommittee fax: +1 202 225 1991 <== send your fax HERE <== p st name phone fax ___________________________________________________________________________ D KS Glickman, Daniel +1 202 225 6216 private Chair D WA Dicks, Norman D. +1 202 225 5916 +1 202 226 1176 D CA Dixon, Julian C. +1 202 225 7084 +1 202 225 4091 D NJ Torricelli, Robert +1 202 224 5061 +1 202 225 0843 D TX Coleman, Ronald D. +1 202 225 4831 +1 202 225 4831 D CO Skaggs, David E. +1 202 225 2161 +1 202 225 9127 D NV Bilbray, James H. +1 202 225 5965 +1 202 225 8808 D CA Pelosi, Nancy +1 202 225 4965 +1 202 225 8259 D TX Laughlin, Gregory H. +1 202 225 2831 +1 202 225 1108 D AL Cramer Jr, Robert (Bud) +1 202 225 4801 private D RI Reed, John F. +1 202 225 2735 +1 202 225 9580 D MO Gephardt, Richard A. +1 202 225 2671 +1 202 225 7452 R TX Combest, Larry +1 202 225 4005 +1 202 225 9615 R NE Bereuter, Douglas +1 202 225 4806 +1 202 226 1148 R CA Dornan, Robert K. +1 202 225 2965 +1 202 225 3694 R FL Young, C. W. (Bill) +1 202 225 5961 +1 202 225 9764 R PA Gekas, George W. +1 202 225 4315 +1 202 225 8440 R UT Hansen, James V. +1 202 225 0453 +1 202 225 5857 R CA Lewis, Jerry +1 202 225 5861 +1 202 225 6498 R IL Michel, Robert H. +1 202 225 6201 +1 202 225 9461 The full text of this alert is stored at: ftp.eff.org, /pub/Alerts/export.alert gopher.eff.org, 1/Alerts, export.alert http://www.eff.org/pub/Alerts/export.alert BBS (+1 202 638 6120, 8N1): "Alerts" file area, export.alt The actual text of this part of H.R. 3937 is at: ftp: ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export, hr3937_crypto.excerpt http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt BBS: "Privacy--Crypto" file area, hr3937.crp For current status on the bill: ftp.eff.org, /pub/Alerts/export_alert.update gopher.eff.org, 1/Alerts, export_alert.update http://www.eff.org/pub/Alerts/export_alert.update BBS: "Alerts" file area, export.upd A general Web page on crypto export policy is at: http://www.cygnus.com/~gnu/export.html ----- End Included Message ----- ************************************ Chris Corpuz * InterNex Information Services, Inc.* 1050 Chestnut St., Suite 202 * Menlo Park, CA 94025 * v.(415) 473-3060 * f.(415) 473-3062 * ************************************ From perry at imsi.com Thu Aug 4 10:32:31 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 4 Aug 94 10:32:31 PDT Subject: URGENT: Please Tell Congress to Allow Encryption Export In-Reply-To: <9408041706.AA05151@infobase.InterNex.net> Message-ID: <9408041729.AA14818@snark.imsi.com> LOOK AT THE DATE. This is OLD! The events it talks of are all over! Why are you distributing it again? The intelligence committee already gutted the bill a long time ago. Its too late. Please do NOT repost messages like this, especially not ones that contain old information that has already been sent to all the people you are sending the message to. Perry Metzger Chris Corpuz says: > House Intelligence Committee holds key to Crypto Export > ask at eff.org June 9, 1994 *DISTRIBUTE WIDELY* > > Today, the U.S. State Department controls the export of most > encryption, working closely with the National Security Agency (NSA) to > limit products that provide real privacy, from cell-phones to PC > software. A bill introduced by Rep. Maria Cantwell would instead give > authority over non-military crypto exports to the Commerce Department. > Commerce has much more reasonable regulations, with "First > Amendment"-style unlimited publishing of publicly available software, > including PGP, Kerberos, RIPEM, RSAREF, and mass-market commercial > software. The bill also prevents the Commerce Dept. from tightening > the regulations even if NSA somehow gets its tentacles into Commerce. > > A few months ago, you-all sent over 5600 messages to Rep. Cantwell in > support of her bill, H.R. 3627. As a result, on May 18, the bill > passed the House Foreign Affairs Committee by being incorporated into > the Export Administration Act of 1994, H.R. 3937. > > Now the battle has become more intense. This portion of H.R. 3937 has > been referred to the House Intelligence Committee with the intent to > kill or severely maim it. We need your help again, to urge the > Intelligence Committee to keep crypto export liberalization intact. > > The House and Senate Intelligence Committees, the only watchdogs for > the NSA, tend to follow the agency's wishes when they wave the magic > "national security" wand. They need plenty of input from the public > that tells them that the nation will be *more* secure with good > encryption, even though the NSA will be less happy. > > Not just computer users, but all users of telephones, cable TV, health > care, and credit information systems would benefit from this change. > The security of these applications is built on the foundation laid by > the operating systems and network protocols on which they run. If > this bill is passed, you will see high quality encryption built into > Microsoft Windows, into the MacOS, into major Unix workstations, into > the Internet, into cellular phones, into interactive television. The > software already exists for confidentiality, privacy, and security of > local and networked information, but it's not built-in to these > systems because of the export ban. Today, each company could build > two operating systems, one gutted for international use, but this > would be costly and confusing for them and their customers, and would > not allow international networks such as the Internet or telephones to > be made secure and private. With this bill, these limits disappear. > > Furthermore, the Clinton Administration plans to permit high volume > exports of Clipper products, while continuing to require tedious > paperwork for truly secure encryption products. The bill would give > Clipper and other crypto software more even-handed treatment. > > The bill also eliminates a senseless situation on the Internet. > Today, crypto software can only be freely distributed from non-U.S. > archive sites. It would eliminate that problem as well as the threat > of prosecution against U.S. freeware authors of crypto software. > > This is the dream we've all been working toward. Here's how you can > help to make this dream a reality. The Intelligence Committee must > make its decision on the bill before June 17, so time is critical: > > 1) Fax a short letter TODAY to the chair of the Intelligence > Committee, Representative Dan Glickman (D-KS). Ask him in your own > words to leave the encryption provisions of H.R. 3937 intact. Use a > positive tone ("Please support...") rather than a flame or a rant. > One paragraph is fine. State your title and organization if you will > look more important or better informed than the average citizen. Rep. > Glickman's committee fax number is +1 202 225 1991. This is the best > option, since individual letters are given the most weight by members > of Congress, particularly when sent on letterhead paper. > > 2) If you are unable to fax a letter, send an e-mail message to Rep. > Glickman at glickman at eff.org. Software or staff at the Electronic > Frontier Foundation will either fax it in, or print it out and > hand-deliver it for you. > > 3) Send a copy of this message to everyone you know in Kansas, and > personally urge them to write to Rep. Glickman today. Letters from > constituents get a lot more weight, since they are from people who > could actually vote for or against him in the next election. > > 4) If your own Representative is on the Intelligence Committee, send > him or her a copy of what you sent Rep. Glickman. There's a list of all > such Reps. below. Even if we lose this battle, you will have started > educating your own Rep. about crypto policy. > > 5) Become a member of EFF. Our strength comes from our members' strength. > Send a note to membership at eff.org asking how to join. > > Thanks again for your help! You can check at any time on the current > status of the campaign at the location below. Send any comments on > this campaign to campaign at eff.org. > > > John Gilmore > Chairman, EFF Crypto Committee > EFF Board of Directors > Member of Computer Professionals for Social Responsibility > Member of International Association for Cryptologic Research > > > House Intelligence Committee Members > ------------------------------------ > > Subcommittee phone: +1 202 225 4121 > Subcommittee fax: +1 202 225 1991 <== send your fax HERE <== > > p st name phone fax > ___________________________________________________________________________ > D KS Glickman, Daniel +1 202 225 6216 private Chair > D WA Dicks, Norman D. +1 202 225 5916 +1 202 226 1176 > D CA Dixon, Julian C. +1 202 225 7084 +1 202 225 4091 > D NJ Torricelli, Robert +1 202 224 5061 +1 202 225 0843 > D TX Coleman, Ronald D. +1 202 225 4831 +1 202 225 4831 > D CO Skaggs, David E. +1 202 225 2161 +1 202 225 9127 > D NV Bilbray, James H. +1 202 225 5965 +1 202 225 8808 > D CA Pelosi, Nancy +1 202 225 4965 +1 202 225 8259 > D TX Laughlin, Gregory H. +1 202 225 2831 +1 202 225 1108 > D AL Cramer Jr, Robert (Bud) +1 202 225 4801 private > D RI Reed, John F. +1 202 225 2735 +1 202 225 9580 > D MO Gephardt, Richard A. +1 202 225 2671 +1 202 225 7452 > R TX Combest, Larry +1 202 225 4005 +1 202 225 9615 > R NE Bereuter, Douglas +1 202 225 4806 +1 202 226 1148 > R CA Dornan, Robert K. +1 202 225 2965 +1 202 225 3694 > R FL Young, C. W. (Bill) +1 202 225 5961 +1 202 225 9764 > R PA Gekas, George W. +1 202 225 4315 +1 202 225 8440 > R UT Hansen, James V. +1 202 225 0453 +1 202 225 5857 > R CA Lewis, Jerry +1 202 225 5861 +1 202 225 6498 > R IL Michel, Robert H. +1 202 225 6201 +1 202 225 9461 > > The full text of this alert is stored at: > > ftp.eff.org, /pub/Alerts/export.alert > gopher.eff.org, 1/Alerts, export.alert > http://www.eff.org/pub/Alerts/export.alert > BBS (+1 202 638 6120, 8N1): "Alerts" file area, export.alt > > The actual text of this part of H.R. 3937 is at: > > ftp: ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt > gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export, hr3937_crypto.excerpt > http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt > BBS: "Privacy--Crypto" file area, hr3937.crp > > For current status on the bill: > > ftp.eff.org, /pub/Alerts/export_alert.update > gopher.eff.org, 1/Alerts, export_alert.update > http://www.eff.org/pub/Alerts/export_alert.update > BBS: "Alerts" file area, export.upd > > A general Web page on crypto export policy is at: > > http://www.cygnus.com/~gnu/export.html > > > > ----- End Included Message ----- > > > > ************************************ > Chris Corpuz * > InterNex Information Services, Inc.* > 1050 Chestnut St., Suite 202 * > Menlo Park, CA 94025 * > v.(415) 473-3060 * > f.(415) 473-3062 * > ************************************ > > From mech at eff.org Thu Aug 4 10:41:24 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 4 Aug 94 10:41:24 PDT Subject: USPS digital signature annoucement Message-ID: <199408041740.NAA19691@eff.org> [This is just an informational forward, and does not represent official EFF positions or statements in any way.] Forwarded message: Date: Thu, 4 Aug 1994 10:46:48 -0400 From: cmerri01 at reach.com (Charles Merrill -- McCarter ^ English - Newark ) Subject: USPS Elec Comm Serv Quebec City, Canada, August 3, 1994--The U.S. Postal Service has dramatically increased its commitment to the security of communications on the NII, with the announcement of Postal Electronic Commerce Services ("Postal ECS"), which will offer a nationwide public key certification service for the authentication of digital signatures used in paperless electronic commerce. Richard Rothwell, Senior Director of Technology Integration for the USPS, officially released the news today in Quebec City, in a paper delivered to an international working group of the Information Security Committee of the American Bar Association's Section of Science and Technology, which has been developing guidelines for public key certification authorities. "Our initial implementation is based on the Digital Signature Standard (DSS) Algorithm set; but our plan is to support other cryptographic options such as RSA in the near future," Rothwell said. Public key digital signatures serve to authenticate the originator of a digital communication, validate the integrity of the message, fix the time and date of the message, and prevent the sender from subsequently repudiating the communication - all features which are critical to increasing trust in electronic commerce. The full text of the USPS announcement on Postal ECS follows, which may be duplicated and disseminated widely, so long as the entire text is included. Address to Information Security Committee, EDI/IT Division American Bar Association Section of Science and Technology Quebec City, Canada, August 3, 1994 GOOD AFTERNOON MY NAME IS RICHARD ROTHWELL. I AM SENIOR DIRECTOR OF TECHNOLOGY INTEGRATION FOR THE UNITED STATES POSTAL SERVICE. I DOUBT THERE ARE MANY GROUPS MORE AWARE OF THE SWEEPING CHANGES TAKING PLACE IN COMMUNICATIONS THAN THIS ONE, OR HOW THOSE CHANGES AFFECT THE WAY THAT ALL OF US WILL DO BUSINESS IN THE FUTURE. TODAY I WANT TO SHARE WITH YOU MY THOUGHTS ON THE ROLE OF THE POSTAL SERVICE IN THIS NEW AGE, AND PARTICULARLY, THE ROLE THAT WE ARE BEING ASKED TO ASSUME IN HELPING TO FACILITATE THE EMERGING WORLD OF ELECTRONIC COMMERCE. THE POSTAL SERVICE WAS ESTABLISHED, AT THE BIRTH OF THE UNITED STATES, WITH THE MISSION OF BINDING TOGETHER A DIVERSE AND FAR- FLUNG NATION THROUGH THE CORRESPONDENCE OF THE PEOPLE. IT WAS, AND IS, A BROAD-BASED MISSION. OVER A CENTURY AGO, THEN ACTING ATTORNEY GENERAL WILLIAM HOWARD TAFT WROTE THAT "THE MAKERS OF THE CONSTITUTION ... HAD IN MIND THE COMPREHENSIVE VIEW WHICH REGARDED POST OFFICES ... AS INSTRUMENTS FOR THE TRANSMISSION OF INTELLIGENCE," A MISSION THEY EXPRESSED "IN VERY COMPREHENSIVE TERMS..." TODAY WE ARE BEING ASKED BY OUR CUSTOMERS TO CONSIDER NEW WAYS OF CARRYING OUT THIS MISSION. TODAY WE LIVE IN A COMPLEX, COST CONSCIOUS, INTERDEPENDENT SOCIETY WHICH IS DEVELOPING NEW ELECTRONIC COMMUNICATION SYSTEMS AND RE-INVENTING COMMERCIAL PRACTICES. FOR MANY APPLICATIONS, THE NEW EFFICIENCIES OF ELECTRONIC DATA COMMUNICATION, THE BENEFITS THAT IT HAS PROVIDED TO ITS EARLY ADOPTERS, AND THE COMPETITIVE PRESSURES THAT THIS EVOLUTION HAS CREATED ARE DRIVING CORPORATIONS, GOVERNMENTS, AND INDIVIDUALS TO EXPLORE NEW WAYS OF CONDUCTING BUSINESS, AND SERVING THEIR CUSTOMERS AND CONSTITUENTS. YET, AS MANY EXPERTS HAVE NOTED, INCLUDING MANY OF YOU IN THIS ROOM, DIGITAL FILES AS A RULE ARE NEITHER AS SECURE NOR AS RELIABLE AS THEIR PAPER COUNTERPARTS. DIGITAL FILES ARE DESIGNED TO BE EASILY MANIPULATED BY USERS ON DIFFERENT COMPUTERS. THIS IS, OF COURSE, AN ESSENTIAL ELEMENT OF THE EFFICIENCY THAT ELECTRONIC COMMERCE CONVEYS. BUT WITHOUT SOME METHOD OF SEALING A DIGITAL FILE TO ESTABLISH ITS CONTENTS, AUTHOR, AND TIME OF TRANSMITTAL, THE BENEFITS OF ELECTRONIC COMMERCE WILL INEVITABLY BE LIMITED TO HIGHLY STRUCTURED TRANSACTIONS BETWEEN PARTIES THAT KNOW AND TRUST ON ANOTHER. SUCH LIMITS WILL SEVERELY CONSTRAIN OR WIPE OUT THE BENEFITS OF ELECTRONIC DATA INTERCHANGE. A RECENT ARTICLE IN GOVERNMENT COMPUTER NEWS NOTED THAT THE USE OF TRADING PARTNER AGREEMENTS TO STRUCTURE EDI AGREEMENTS COULD REQUIRE THE SERVICES OF HUNDREDS OF LAWYERS TO NEGOTIATE, WRITE, AND ARGUE ABOUT THE AGREEMENTS JUST FOR GOVERNMENT PROCUREMENT. THIS IS EVIDENCE OF THE GREAT DEGREE OF TRANSACTIONAL FRICTION THAT MUST INEVITABLY ACCOMPANY SUCH AN APPROACH. IF ELECTRONIC COMMERCE IS NOT GOING TO BE LIMITED TO HIGHLY STRUCTURED TRANSACTIONS BETWEEN WELL KNOWN AND TRUSTED PARTIES, OTHER SOLUTIONS MUST BE DEVELOPED TO CREATE AN EFFECTIVE LEGAL FRAMEWORK AND ELECTRONIC INFRASTRUCTURE. ELECTRONIC COMMUNICATION MEDIA CANNOT BECOME A RELIABLE BASIS FOR WIDESPREAD BUSINESS USE WITHOUT A TRUSTED METHOD OF SEALING DIGITAL CONTENTS, VERIFYING THE PARTIES INVOLVED, AND ESTABLISHING AN OFFICIAL DATE AND TIME FOR THE TRANSACTION. GOVERNMENT HAS SIMILAR NEEDS. TRUST AND SECURITY ARE ESSENTIAL TO THE SUCCESS OF THE NATIONAL INFORMATION INFRASTRUCTURE, THE REFORM OF GOVERNMENT PERFORMANCE, AND A NUMBER OF OTHER CRITICAL FUNCTIONS, SUCH AS THE IMPLEMENTATION OF HEALTH CARE REFORM. PERSONAL, EDUCATIONAL, LITERARY, AND BUSINESS CORRESPONDENCE TRAVELING ON THE INFORMATION SUPERHIGHWAY MUST BE ELECTRONICALLY GUARDED SO THAT ALL CITIZENS ARE REASONABLY ASSURED OF THE INTEGRITY OF THEIR RECORDS. THE TIMELY DELIVERY OF IMPORTANT ELECTRONIC INFORMATION, AND THE IDENTITY AND AUTHORITY OF THE PEOPLE WITH WHOM THEY COMMUNICATE ARE EQUALLY IMPORTANT. WITHOUT TRUST AND SECURITY, ALL OF THE SUPERCOMPUTERS AND ALL OF THE HIGH-SPEED NETWORKS IN THE WORLD CANNOT MAKE THE N.I.I. SUCCEED ON THE BROAD FUNCTIONAL BASIS FOR WHICH IT WAS CONCEIVED. AS ONE OF THE NATION'S LARGEST ORGANIZATIONS, THE UNITED STATES POSTAL SERVICE SHARES MANY OF THE CONCERNS OF BOTH BUSINESS AND GOVERNMENT. THE POSTAL SERVICE MUST MANAGE TRANSACTIONS WITH THOUSANDS OF ORGANIZATIONS ON A DAILY BASIS IN THE PROCESS OF ANNUALLY DOING $49 BILLION OF BUSINESS MOVING 171 BILLION PIECES OF MAIL. BUT OUR CONCERNS ARE NO DIFFERENT FROM THOSE OF ANY LARGE ENTERPRISE IN THE WORLD TODAY TRYING TO MAKE ITS OPERATIONS MORE EFFICIENT. THERE ARE NOT LIKELY TO BE MANY IN THIS ROOM WHO DO NOT BELIEVE IN THE NEED FOR A MECHANISM FOR ESTABLISHING THE RELIABILITY OF AN ELECTRONIC TRANSMISSION, AND BINDING AN INDIVIDUAL TO IT. I THEREFORE DO NOT BELIEVE THAT IT WILL BE NECESSARY TO CONDUCT A DETAILED EXPLORATION OF THE ADVANTAGES OF BUILDING A PUBLIC KEY INFRASTRUCTURE AS A SOLUTION TO THE TECHNICAL PROBLEMS OF PROVIDING SECURITY FOR ELECTRONIC DOCUMENTS. WHAT I WILL TALK TO YOU ABOUT IS THE ROLE THE POSTAL SERVICE CAN PLAY IN PROVIDING THESE TECHNICAL SOLUTIONS WHERE THEY ARE NEEDED. THERE ARE SEVERAL REASONS WHY THE POSTAL SERVICE IS DEVELOPING PLATFORMS FOR PROVIDING SOLUTIONS TO THESE PROBLEMS. FIRST, OUR GENERAL DUTY TO "BIND THE NATION TOGETHER THROUGH THE PERSONAL, EDUCATIONAL, LITERARY, AND BUSINESS CORRESPONDENCE OF THE PEOPLE" HAS TAKEN ON NEW MEANING NOW THAT A HYBRID INFORMATION HIGHWAY, PART PAPER AND PART ELECTRONIC, HAS BECOME A REALITY AND WILL CONTINUE TO BE FOR AT LEAST THE NEXT DECADE. SECOND, NOT SURPRISINGLY, OUR CUSTOMERS ARE ASKING US TO PLAY AN EXPANDED ROLE IN FACILITATING PAPER AND ELECTRONIC COMMERCE BECAUSE WE HAVE UNIQUE LEGAL AND INSTITUTIONAL RESOURCES TO ACCOMPLISH THE TASK. AND THIRD, WE HAVE TO DEVELOP ELECTRONIC SERVICES TO MEET OUR CUSTOMERS' NEEDS FOR FASTER, MORE EFFICIENT HANDLING OF THEIR PRODUCTS. A CORE FUNCTION OF THE POSTAL SERVICE WILL REMAIN THE TRANSMISSION OF HARD COPY MESSAGES TO AND FROM RESIDENCES AND BUSINESSES IN AMERICA. AS I'VE NOTED, THAT FUNCTION FLOWS OUT OF OUR CORE MISSION TO BIND THE NATION TOGETHER. THE POSTAL SERVICE HAS OTHER MISSIONS AS WELL. WE ARE TASKED TO PROVIDE SERVICE ON A UNIVERSAL BASIS TO PATRONS IN ALL AREAS AND TO ALL COMMUNITIES. WE ARE REQUIRED TO USE EVERY EFFORT TO PROVIDE EFFICIENT AND EXPEDITIOUS DELIVERY OF CORRESPONDENCE. WE ARE CHARGED WITH PROTECTING THE PRIVACY OF POSTAL CUSTOMERS AND MAY NOT MAKE AVAILABLE TO THE PUBLIC BY ANY MEANS OR FOR ANY PURPOSE ANY MAILING OR OTHER LIST OF NAMES OR ADDRESSES, PAST OR PRESENT, OF POSTAL PATRONS OR OTHER PERSONS. AND WE ARE CHARGED WITH MAINTAINING THE SECURITY AND INTEGRITY OF THE MAILS, AND INVESTIGATING POSTAL OFFENSES AND CIVIL MATTERS RELATING TO THE POSTAL SERVICE. AS A CONSEQUENCE OF THESE MISSIONS, THE POSTAL SERVICE HAS AT LEAST THREE ASSETS WHICH MAKE US A LIKELY CANDIDATE TO PLAY A ROLE IN THIS EMERGING FIELD. FIRST, THE POSTAL SERVICE ALREADY HAS MUCH OF THE LEGAL AND INSTITUTIONAL INFRASTRUCTURE NECESSARY TO ASSIST IN THE DEVELOPMENT OF WIDESPREAD ELECTRONIC COMMERCE. SECOND, OUR SIZE AND WIDELY DISTRIBUTED RESOURCES GIVE US THE PRACTICAL TOOLS TO PROVIDE A MUCH-NEEDED SERVICE ON A UNIVERSAL BASIS. THIRD, WE ARE UNIQUELY SITUATED TO PROTECT CORE VALUES SUCH AS SECURITY AND INDIVIDUAL PRIVACY AS WELL AS UNIVERSAL ACCESS TO THE TOOLS OF ELECTRONIC COMMERCE. LET ME DISCUSS THESE ONE AT A TIME. FIRST, THE POSTAL SERVICE HAS THE LEGAL STRUCTURE TO PERFORM THE DUTIES OF MANAGING A CERTIFICATE AUTHORITY. THE POST OFFICE WAS ORIGINALLY ESTABLISHED BY THE CONTINENTAL CONGRESS AS THE UNITED STATE'S FIRST INFORMATION HIGHWAY. FOR OVER TWO HUNDRED YEARS, A SOPHISTICATED REGIME OF STATUTES, REGULATIONS, AND POLICIES HAS DEVELOPED TO PROVIDE THE INFRASTRUCTURE WHICH ENABLES SECURE, EFFICIENT, AND INEXPENSIVE TRANSMISSION OF PAPER COMMUNICATIONS. FOR 200 YEARS, THE UNITED STATES POSTAL SERVICE HAS CERTIFIED MAIL, SEALED IT WITH THE POWER AND AUTHORITY OF LAW, PROVIDED RESPONSIBLE AND TIMELY MAIL DELIVERY, AND INSURED PATRONS AGAINST LOSS OR THEFT. A RELIABLE AND TRUSTED MAIL SYSTEM REMARKABLY FREE OF CORRUPTION OR ABUSE HAS ACCOMPANIED THE DEVELOPMENT OF A SYSTEM OF COMMERCE IN THE UNITED STATES WHICH IS SECOND TO NONE IN THE WORLD. FOR HARDCOPY COMMUNICATIONS, THE LEGAL FRAMEWORK IS ALREADY IN PLACE TO HANDLE ISSUES SUCH AS LIABILITY, INDEMNITY, CONFIDENTIALITY, FRAUDULENT USE, THEFT, DEFINITE DATING, ETC. A SIMILAR FRAMEWORK WILL BE REQUIRED TO SUPPORT ELECTRONIC COMMERCE. CUSTOMERS HAVE SUGGESTED THAT THE POSTAL SERVICE MAY BE IN A UNIQUE POSITION TO PROVIDE PART OF THAT STRUCTURE. FOR EXAMPLE, SOME CUSTOMERS HAVE SUGGESTED THAT THEY ARE CONCERNED WITH THEIR OWN CAPACITY TO HANDLE LIABILITY ISSUES, AND THAT THE POSTAL SERVICE PROVIDES A READY-MADE SOLUTION TO THIS PROBLEM. OTHERS HAVE EXPRESSED CONCERN ABOUT THE CONFIDENTIALITY PROBLEMS INHERENT IN DEALING WITH OTHER COMPANIES, WHILE STILL OTHERS HAVE ASKED FOR A REGIME FOR CONTROLLING FRAUD WHICH IS AS STRONG AND CONVENIENT AS THAT IN PLACE FOR MAIL FRAUD. THUS, THE STRONG LEGAL FRAMEWORK ESTABLISHED FOR HANDLING PAPER COMMUNICATIONS CAN PROVIDE SIMILAR BENEFITS FOR ELECTRONIC COMMERCE. SECOND, OUR CUSTOMERS ARE ASKING FOR OUR ASSISTANCE IN THIS AREA BECAUSE WE HAVE UNIQUE PRACTICAL ASSETS, INCLUDING:  THE 40,000 RETAIL FACILITIES DISTRIBUTED NATIONWIDE  UNIVERSAL PRESENCE AND THE CAPACITY TO ACHIEVE SIGNIFICANT SCALE  THE RESOURCES OF AN EXISTING NATIONAL INFORMATION INFRASTRUCTURE  A VERY STRONG VERIFICATION PROCESS CURRENTLY USED FOR PASSPORTS, THAT INVOLVES PROOF OF ID AND OTHER INFORMATION TO A FEDERAL EMPLOYEE.  THE EXPERIENCE, POLICIES, AND ABILITY TO ARCHIVE RECORDS WITHOUT RISK THAT THEY WOULD BE USED FOR COLLATERAL COMMERCIAL PURPOSES. THE POSTAL SERVICE IS ALSO A REMARKABLY LONG-LIVED ORGANIZATION, AND THOSE OF YOU WHO HAVE STRUGGLED WITH ARCHIVING POLICIES WILL RECOGNIZE THAT TO BE AN IMPORTANT ADVANTAGE. AS BOB JUENEMAN HAS SAID ON THE INTERNET, "CERTIFICATES 'R US" MAY BE GONE TOMORROW. IF YOU HAVE TO PROVE THAT A CERTIFICATE WAS REGISTERED ON A CERTAIN DATE, AND YOU ARE SEEKING AN APPROPRIATE ARCHIVING FACILITY, YOU CAN HAVE CONFIDENCE THE POSTAL SERVICE WILL STILL BE AROUND TO SUPPORT YOUR REQUEST. A THIRD STRENGTH THE POSTAL SERVICE BRINGS TO ENABLING ELECTRONIC COMMERCE, AND ANOTHER REASON THAT OUR CUSTOMERS HAVE ASKED FOR HELP, IS OUR CAPACITY TO CREATE CERTIFICATE MANAGEMENT SYSTEMS THAT CAN REACH VIRTUALLY EVERY COMMUNITY IN AMERICA, BECAUSE WE ALREADY HAVE A SUBSTANTIAL PRESENCE IN THOSE COMMUNITIES. WE CAN THEREFORE PROVIDE A SOLUTION TO THE QUESTION OF HOW TO PUT THE TOOLS OF ELECTRONIC COMMERCE, SUCH AS CERTIFICATES, INTO THE HANDS OF EVERYONE. THERE ARE MANY OBSTACLES TO PREVENT CITIZENS FROM TAKING ADVANTAGE OF THE BENEFITS OF ELECTRONIC COMMERCE. CURRENTLY THERE ARE TECHNOLOGICAL, GEOGRAPHIC, ECONOMIC, AND KNOWLEDGE BARRIERS WHICH PREVENT PEOPLE FROM PARTICIPATING IN THE BENEFITS OF ELECTRONIC COMMERCE. TO PROVIDE UNIVERSAL SERVICE TO ELECTRONIC COMMERCE WE MUST PROVIDE ACCESS WHICH IS UNIVERSALLY USABLE AND UBIQUITOUS AND SCALABLE. BY PROVIDING A SOLUTION TO SOME OF THESE ACCESS PROBLEMS, THE POSTAL SERVICE MAY HAVE AN IMPORTANT ROLE TO PLAY IN ENSURING THAT FUTURE COMMUNICATIONS IN AMERICA PROVIDE A CONTINUING FRAMEWORK FOR SUSTAINING A DEMOCRATIC, PARTICIPATORY SOCIETY. THUS, MANY OF THE INSTITUTIONAL FEATURES NEEDED BY AN ENTITY WISHING TO TAKE PART IN CERTIFICATE ISSUANCE AND MANAGEMENT ALREADY EXIST IN THE UNITED STATES POSTAL SERVICE. THE POSTAL SERVICE WAS ESTABLISHED TO PROVIDE VERY SIMILAR SERVICES FOR THE SUPPORT OF CORRESPONDENCE WHEN THE PHYSICAL FRONTIER WAS CHAOTIC AND HARD TO REACH. IT IS READY TO PROVIDE SIMILAR SERVICES ON THE ELECTRONIC FRONTIER. AS THE POSTMASTER GENERAL HAS INFORMED CONGRESS, WE ARE ACTIVELY SUPPORTING THE DEVELOPMENT OF THE N.I.I. TO FACILITATE THE DEVELOPMENT OF OUR OWN BUSINESS AND TO HELP US CARRY OUT OUR MISSION. ON MARCH 24, THE POSTMASTER GENERAL TESTIFIED BEFORE THE SENATE AFFAIRS COMMITTEE THAT "WORKING WITH OTHER FEDERAL AGENCIES, WE MAY BE ABLE TO DEVELOP AN ELECTRONIC COMMERCE SYSTEM." HE ALSO NOTED THAT, THROUGH THE DEVELOPMENT OF A KIOSK PROGRAM THAT MIGHT CARRY OUT POSTAL TRANSACTIONS AND PERHAPS ALSO DISSEMINATE INFORMATION FROM OTHER AGENCIES, OUR POSTAL LOBBIES COULD BECOME "ON-RAMPS" TO THE ELECTRONIC SUPER HIGHWAY. THE POSTMASTER GENERAL HIGHLIGHTED TWO IMPORTANT AREAS IN WHICH THE POSTAL SERVICE MAY BE HELPFUL: SERVING THE REQUIREMENTS OF OTHER GOVERNMENT AGENCIES, AND PROVIDING UNIVERSAL SERVICE TO THOSE CITIZENS WHO ARE IN DANGER OF BEING LEFT OUT OF THE INFORMATION REVOLUTION. TO THESE HE MIGHT HAVE ADDED A THIRD, EQUALLY IMPORTANT AREA: PROTECTING THE PRIVACY OF AMERICAN CITIZENS. THIS CONCERN IS DEEPLY EMBEDDED IN POSTAL TRADITION AND STATUTE. WHEN WE SPEAK OF THE SECURITY OF ELECTRONIC COMMERCE WE SHOULD NOT MISS THE WAY IN WHICH COMMERCIAL SECURITY AND INDIVIDUAL PRIVACY ARE INTERCONNECTED CONCEPTS. WHILE IT IS TOO EARLY TO KNOW WHAT PRECISELY LIES AHEAD, LET ME SHARE WITH YOU A GENERAL DESCRIPTION OF THE SYSTEMS WE ARE DEVELOPING, BOTH FOR OUR OWN USE AND FOR THAT OF OUR CUSTOMERS. THE POSTAL SERVICE IS USING PUBLIC KEY ENCRYPTION TECHNOLOGY, AND RELATED TECHNOLOGIES, TO DEVELOP A PUBLIC KEY CERTIFICATION AUTHORITY AND A SET OF ASSOCIATED TRUSTED THIRD PARTY SERVICES WHICH WE CALL POSTAL ELECTRONIC COMMERCE SERVICES (POSTAL ECS). WHEN INITIALLY DEPLOYED, POSTAL ECS WILL PROVIDE A BASIS FOR ELECTRONIC ASSURANCES WITHIN AND AMONG GOVERNMENT AGENCIES, AND BETWEEN GOVERNMENT AGENCIES AND THEIR CONSTITUENTS. IN PARTICULAR, THE POSTAL SERVICE HAS DEVELOPED THE ABILITY TO:  ISSUE PUBLIC KEY CERTIFICATES AND STORE THEM IN A PUBLIC DIRECTORY;  PROVIDE FOR THE "SEALING" OF SELECTED DOCUMENTS OR OTHER ELECTRONIC OBJECTS AND ASSOCIATING THEM WITH A DIGITAL SIGNATURE AND A TRUSTED TIME AND DATE STAMP;  PROVIDE SERVICES FOR PUBLIC KEY CERTIFICATE PUBLICATION AND REVOCATION; AND,  PROVIDE THE ABILITY TO ENCRYPT CONFIDENTIAL INFORMATION MOVING BETWEEN THE USER ENVIRONMENT AND THE POSTAL ECS MANAGEMENT SYSTEM.  FINALLY, PROVIDE NEAR REAL-TIME ACCESS TO CERTIFICATES AND THEIR STATUS. THE CERTIFICATION AUTHORITY WILL ISSUE AND MANAGE X.509 PUBLIC KEY CERTIFICATES CONTAINING A PERSON'S X.500 DISTINGUISHED NAME, PUBLIC KEY, AND OTHER IDENTIFYING INFORMATION. USERS CAN THEN RETRIEVE A CERTIFICATE FROM THE POSTAL SERVICE, AND USE ITS PUBLIC KEY TO AUTHENTICATE A DIGITAL SIGNATURE GENERATED BY THE COMPLEMENTARY PRIVATE KEY. THE CORRESPONDENCE SERVICE PROVIDED BY THE SYSTEM IS THE POSTAL ECS SEAL WHICH PROVIDES USERS WITH A VALIDATION OF THE ORIGINATOR BASED ON HIS OR HER DIGITAL SIGNATURE. WE ALSO PROVIDE A POSTAL SERVICE DIGITAL SIGNATURE ON THE DIGEST OF AN ELECTRONIC OBJECT THAT ASSURES THAT IT CANNOT BE CHANGED WITHOUT DETECTION. WE ALSO PROVIDE THE POSTAL SERVICE DIGITAL SIGNATURE ON A DATE AND TIME STAMP THAT WE SUPPLY TO ENABLE PROOF OF EXISTENCE AT A POINT IN TIME AND WE PROVIDE ARCHIVING FOR THOSE DATE AND TIME STAMPS. FINALLY, WE PROVIDE NEAR REAL-TIME ACCESS TO CERTIFICATES AND THEIR STATUS. THIS ALLOWS A USER TO GET UP-TO-DATE INFORMATION ON THE VALIDITY OF CERTIFICATES, AND REMOVES THE NEED FOR USERS TO MAINTAIN THEIR OWN CERTIFICATE REVOCATION LISTS. THE POSTAL SERVICE HAS IMPLEMENTED THE CERTIFICATE AUTHORITY SERVICES, THE CORRESPONDENCE SERVICES AND THE SUPPORTING DIRECTORY ON A HOST COMPUTER SYSTEM IN ONE OF OUR MAJOR PRODUCTION DATA CENTERS. WE HAVE ALSO DEVELOPED THREE POSTAL SERVICE-LICENSED USER AGENTS AS REFERENCE MODELS TO BE INSTALLED ON END USER WORKSTATIONS THAT WILL PROVIDE ACCESS TO POSTAL ECS SERVICES. THEY RUN ON MICROSOFT WINDOWS-BASED PC~S AND ACCESS POSTAL ECS SERVICES VIA E-MAIL (EITHER INTERNET OR X.400). WE ARE ALSO WORKING ON AN INTERACTIVE DIAL-UP COMMUNICATION ALTERNATIVE AND EXPECT THIS TO BE AVAILABLE SHORTLY. THESE USER AGENTS CONTAIN STANDARD PROGRAMMING INTERFACES THAT LINK USER APPLICATIONS, CRYPTOGRAPHIC ROUTINES, AND ECS SERVICES TOGETHER. OUR INITIAL IMPLEMENTATION IS BASED ON THE DIGITAL SIGNATURE STANDARD (DSS) ALGORITHM SET; BUT OUR PLAN IS TO SUPPORT OTHER CRYPTOGRAPHIC OPTIONS SUCH AS RSA IN THE NEAR FUTURE. WE ARE NOW MOVING FROM DEVELOPMENTAL WORK TO ACTUAL PROOF OF CONCEPT PILOT TESTING OF THESE SERVICES BOTH INTERNALLY IN THE USPS AND WITH OUR GOVERNMENT AGENCY PARTNERS. OUR PLANS WILL EVOLVE AS WE GAIN EXPERIENCE FROM THESE INITIAL PILOT TESTS AND CONTINUE TO TALK WITH CUSTOMERS, AND EXPERTS IN ENCRYPTION, SOFTWARE DEVELOPMENT, AND COMPUTER SCIENCE. WE HAVE SHARED OUR PLANS WITH CONGRESS, THE ADMINISTRATION, AND THE MEDIA. AND WE HAVE ASKED OURSELVES THREE KEY QUESTIONS:  IS THIS INITIATIVE CRITICAL TO OUR MISSION AND OUR RESPONSIBILITY TO THE PUBLIC?  DO OUR CUSTOMERS HAVE A NEED FOR OUR PARTICIPATION? AND,  WOULD THE COSTS OF PROVIDING THESE SERVICES BE BALANCED BY POTENTIAL REVENUES? CERTAINLY THE RESPONSES THAT WE HAVE RECEIVED TO DATE MORE THAN JUSTIFIES OUR VIEW THAT THIS IS AN AREA IN WHICH WE SHOULD CONTINUE TO BE AN ACTIVE PARTICIPANT. BEFORE CONCLUDING, LET ME DIRECTLY ADDRESS A CONTROVERSIAL PHILOSOPHICAL DISCUSSION ABOUT CERTIFICATE MANAGEMENT SO YOU CAN UNDERSTAND WHAT WE SEE AS THE FUTURE WORLD OF ELECTRONIC COMMERCE. THERE HAS BEEN A GREAT DEAL OF DEBATE ABOUT THE RELATIVE ADVANTAGES OF HIERARCHIAL VERSUS PEER-TO-PEER OR ONE- LEVEL MODELS FOR MANAGEMENT OF DIGITAL SIGNATURE. TO SOME EXTENT, I BELIEVE THIS DEBATE MISSES THE POINT. THE SYSTEM FOR MANAGING X.500 CERTIFICATES THAT WILL EVENTUALLY BE ADOPTED WILL BE ADOPTED ONLY BECAUSE IT MEETS THE BUSINESS NEEDS OF THE USERS. BECAUSE THE COMPLEX COMMUNICATION NEEDS OF THE FUTURE WILL REQUIRE FLEXIBILITY TO MEET INDIVIDUAL DESIRES, SOME MIX OF HIERARCHIAL AND PEER-TO-PEER OR FLAT MANAGEMENT SCHEMES WILL BE ADOPTED. WHAT THE RECIPIENT OF AN ELECTRONIC DOCUMENT SIGNED WITH A DIGITAL SIGNATURE NEEDS TO KNOW IS HOW MUCH WEIGHT TO GIVE THAT SIGNATURE -- OR, IN OTHER WORDS, WHAT ACTIONS TO TAKE BASED ON AN EVALUATION OF THE SENDER. THIS IS EXACTLY THE SAME THING THAT IS DECIDED EVERY DAY BY PEOPLE -- SHOULD WE SELL SECURITIES TO A VOICE OVER THE PHONE? SHOULD WE PLACE AN ORDER WITH A NEW SALESMAN? GIVEN THE INFINITE VARIETY OF POSSIBLE TRANSACTIONS AND ENCOUNTERS, THERE IS NO POINT IN TRYING TO IMPOSE ON ELECTRONIC TRANSACTIONS A SINGLE PARADIGM FOR AUTHENTICATION. DIFFERENT LEVELS OF ASSURANCE, AND DIFFERENT ARCHITECTURES, WILL BE NECESSARY FOR DIFFERENT USES. WHAT IS IMPORTANT IS THAT THE PARTIES TO THE TRANSACTION ARE AWARE OF THE LEVEL OF ASSURANCE PROVIDED. THE POSTAL SERVICE CAN BE OF ASSISTANCE IN FILLING SOME SPECIFIC NEEDS IN THE CERTIFICATE ARENA, BUT IT HAS NO INTENTION OF CONTROLLING OR DOMINATING THAT ARENA. FOR THE NEAR FUTURE THE UNIVERSE OF ELECTRONIC COMMERCE WILL CONTINUE TO HAVE MANY DIFFERENT GALAXIES. MANY VARYING CONCEPTS AND SERVICES WILL BE ABLE TO MAKE VALUABLE CONTRIBUTIONS. MANY OTHER ENTITIES WILL PROVIDE SERVICES IN THIS AREA: AS VICE PRESIDENT GORE HAS NOTED IN NUMEROUS SPEECHES, THERE IS A ROLE FOR BOTH PRIVATE AND PUBLIC ENTITIES. WE PLAN TO PROVIDE SERVICES BASED UPON IDENTIFIED NEEDS, WHICH CUSTOMERS WILL DECIDE WHETHER OR NOT THEY WILL USE. IN KEEPING WITH THE PHILOSOPHY I HAVE ARTICULATED, LET ME SAY THAT THE POSTAL SERVICE, IN ANY DEVELOPMENT OF THESE PRODUCTS, INTENDS TO SUPPORT MULTIPLE CRYPTOGRAPHIC PRODUCTS IN THE MARKET PLACE. IN ADDITION, WE WILL NOT COMPETE WITH NETWORK SERVICE PROVIDERS, NOR WILL WE BECOME A NETWORK OR CARRIER. IN DEVELOPING THESE SERVICES, WE ARE KEENLY INTERESTED IN THE WORK OF THIS GROUP. WHILE THE TECHNOLOGY AND SCALE ISSUES SEEM TO US TO BE MANAGEABLE, WE RECOGNIZE THAT THERE ARE STILL MANY LEGAL QUESTIONS CONCERNING THE WAY IN WHICH THE DESIGN OF A PUBLIC KEY INFRASTRUCTURE MANAGEMENT SERVICE MIGHT BEST WORK. THE LIABILITY ISSUES ARE NOT YET COMPLETELY CLEAR, AND THE DUTIES OF EACH ENTITY IN SUCH AN INFRASTRUCTURE NEED TO BE ARTICULATED. AS CUSTOMERS SEEK OUR SERVICES, WE WILL HAVE TO FACE QUESTIONS OF SCALABILITY, INVESTMENT, AND THE REGULATORY ISSUES ASSOCIATED WITH THE INTRODUCTION OF A NEW SERVICE. CAN THE SERVICE BE MANAGED? WHAT INVESTMENT WILL BE REQUIRED? HOW WILL REGULATORS HAVE US PRESENT THE SERVICE TO THE PUBLIC AND AT WHAT PRICE? WE GREATLY APPRECIATE THE EXCHANGE OF VIEWS THAT THIS FORUM MAKES POSSIBLE. WE ALL HAVE MUCH TO LEARN IN THIS AREA, AND I BELIEVE WE SHOULD WELCOME THE FACT THAT WE LIVE IN SUCH INTERESTING TIMES. [end] -- Stanton McCandlish
mech at eff.org

Electronic Frontier Fndtn.

Online Activist From tcmay at netcom.com Thu Aug 4 11:15:32 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 4 Aug 94 11:15:32 PDT Subject: Voluntary Governments? In-Reply-To: Message-ID: <199408041815.LAA26807@netcom17.netcom.com> Bob Snyder writes: > I think there is a balance that can be struck between code-only talk and > politics. The list seems to be heavily tilted towards politics, probably > because a good portion of the subscribers may not have the math/computer > science background to follow all the code/protocol discussion. I know that > I have a hard time following it some times. But I think opening the list > up to generic, non-cryptological debate is a bad idea. > "Opening the list up"? I've been on the list since the beginning, and anarcho-capitalist, politico-cryptologic themes have _always_ been with us. The role and nature of government in the presence of strong cryptography is a recurring, and important, theme. Those who want to discuss the mathematics and engineering of cryptology are certainly encouraged to do so, but not to stop other threads. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From frissell at panix.com Thu Aug 4 13:26:20 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 4 Aug 94 13:26:20 PDT Subject: US Postal Public Key Message-ID: <199408042025.AA18823@panix.com> At 10:39 AM 8/4/94 -0400, John Young quoted others as writing: >Richard Rothwell, Senior Director of Technology Integration for >the USPS, officially released the news today in Quebec City, in a >paper delivered to an international working group of the Information >Security Committee of the American Bar Association's Section of >Science and Technology, which has been developing guidelines >for public key certification authorities. What is the most important character in the above paragraph? The 's' in 'authorities.' It means no monopoly. DCF Who will be using the (now private) *Dutch* Post Office as (one of) *his* certification authorities. From frissell at panix.com Thu Aug 4 13:26:51 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 4 Aug 94 13:26:51 PDT Subject: Egalitarianism vs. Strong Cryptography Message-ID: <199408042025.AA18791@panix.com> At 08:01 AM 8/4/94 -0400, Perry E. Metzger wrote: > >I'm not certain you understand the tremendous economic pressure that >taxes bring to bear. True enough. Note that untaxed income is worth almost twice as much as taxed income. An efficient market will exert tremedous pressure to shave even 1% off a price spread. Income taxation gives us a juicy 40%+ "price" spread to cut out. Vast profits. >> In a society where taxes were managable, and put to a use all >> citizens felt was worthy, such forces would be much less and >> there would be enormous peer pressure on individual citizens to >> do their fair share. > >And if my grandmother had wheels she'd be a bicycle. It isn't >happening now -- the trend is towards larger taxes, bigger government >and more repression, not less. In a marketing war between private companies and the government in which the government can't use force (because the contest is conducted over the nets), the government loses. It just can't compete. No value added. DCF "Who's proud to be called a social Darwinist by Her Royal Clintoness (HRC)." From jdd at aiki.demon.co.uk Thu Aug 4 13:41:28 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 4 Aug 94 13:41:28 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) Message-ID: <3778@aiki.demon.co.uk> The problem of designing a reliable and trusted remailer network is a generalization of the problem of constructing a reliable Internet and so many of the solutions can be the same. The structure of the Internet has been gone over and over again for twenty years or so and is probably optimal. This suggests that * all packets should be acknowledged * messages should be broken down into packets which are routed independently * users should communicate with trusted gateways * users should be accessible through a hierarchy of logical names which includes the gateway name * gateways should be known to users only through their logical names * the gateways should frequently exchange routing information * that routing information should have an expiry date * gateway operators can choose who they announce routing information to and accept routing information from * users may have accounts with gateways and be charged for gateway usage * gateway operators can settle accounts between each other periodically * system software should be obtained [only] from trusted sites; to make things simpler, it should be possible to distribute bootstrap diskettes that allowed the bulk of the software to be downloaded or updated over the net without being compromised Specifically cryptographic elements are easily added to the system * all inter-gateway traffic should be encoded * packets can be delayed for random intervals * routing of packets can be somewhat stochastic; that is, you don't generally packets by the quickest route, and the choice of forwarding gateway is not 100% predicatable, given the destination gateway * packets can be fragmented and padded with noise at random * noise packets can be added at random * route selection, packet fragmentation, and noise generation can be continuously adjusted to defeat traffic analysis The following suggestions raised in recent postings are included in this scheme: * cjl's MIRV capability (except that it is supplied by the system and not the user) * Jidan's noise injection * Rochkind's stability-from-being-paid and web-of-trust notions * Markowitz's automated contacts between mailers * a form of digital postage * Rochkind's pinging The following are very easily supported by the scheme: * a form of digital cash (the gateway operator would run a tab for users, like a credit card company) * digital signatures * message transfer via custom Internet protocols as well as via the email system * users could specify the degree of confidentiality required and the system would use stronger encryption, increase chaff (anti-traffic analysis measures), and restrict use to more trusted gateways as required Where email is used to transfer messages, the format used should be a subset of that specified in the SMTP RFCs. Restricting the structure of the headers would simplify the remailer software at little cost to the user. The use of alt.x groups to exchange gateway information does not seem to add anything to this system; in fact it would seem to make it easier to spoof the system. There could be multiple remailer nets, some commercial (paid for) and some free. The commercial networks could choose to exchange traffic with the free networks at no charge. Commercial remailers would probably be very concerned with legal issues, both criminal (pornography, etc) and non-criminal (copyright violations). -- Jim Dixon From jamesd at netcom.com Thu Aug 4 14:46:54 1994 From: jamesd at netcom.com (James A. Donald) Date: Thu, 4 Aug 94 14:46:54 PDT Subject: USPS digital signature annoucement In-Reply-To: <199408041740.NAA19691@eff.org> Message-ID: <199408042146.OAA21677@netcom8.netcom.com> > MY NAME IS RICHARD ROTHWELL. I AM SENIOR DIRECTOR OF TECHNOLOGY > INTEGRATION FOR THE UNITED STATES POSTAL SERVICE. > > ... (much excellent and very true commentary deleted) > > THIRD, WE ARE UNIQUELY SITUATED TO PROTECT CORE VALUES > SUCH AS SECURITY AND INDIVIDUAL PRIVACY AS WELL AS UNIVERSAL > ACCESS TO THE TOOLS OF ELECTRONIC COMMERCE. Translation: We never got into bed with the NSA, because steaming letters open was too much like hard work, so give us a job please. A most excellent argument. From jrochkin at cs.oberlin.edu Thu Aug 4 15:01:12 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Thu, 4 Aug 94 15:01:12 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) Message-ID: <199408042200.SAA07928@cs.oberlin.edu> > * Rochkind's stability-from-being-paid and web-of-trust notions I'm not sure I like being credited with the "stability from being paid" notion. I think there _is_ stability from being paid, but I think if the infrastructure depends on it, it's not a good infrastructure. The system should be able to create a stable top-level infrastructure on top of an inherently instable environment, with remailers going up and down, and popping into existence, and dying. It should route around dead remailers, like the internet itself. > Where email is used to transfer messages, the format used should be > a subset of that specified in the SMTP RFCs. Restricting the structure of the headers would simplify the remailer software at little cost to the user. > > The use of alt.x groups to exchange gateway information does not seem > to add anything to this system; in fact it would seem to make it easier > to spoof the system. It _would_ make it easier to spoof the system, but I think it does add several very important things: 1) New remailers can easily announce themselves to the remailernet. [Whether they are to be trusted or not should depend on pgp-signed keys and web of trust, but the newsgroup provides an way to announce yourself to the system, and have that announcment by automatically dealt with by all participating parties] 2) Users (not people operating remailers, people using them) could make use of the newsgroup, to compile a database of remailers, and make long remailer chains. Users could have automated software doing this. [again, taking account of web-of-trust through signatures]. Messages posted to the newsgroup could include information on whether the remailer is free, or whether ecash is charged, and the user's software could automatically take account of this, enclosing ecash certificates in the proper encryption blocks for for-profit remailers. (and reporting costs to user for approval, of course). These are really two facets of the one problem, of allowing a user or remailer who has just arrived on the seen to quickly get a list of remailers, and make use of them, all automatically. That's sort of the super-set problem which encompasses the other two, and whose solution solves the other two. I don't think it's a coincidence that the newsgroup system solves these two problems at the expense of security (the newsgroup makes it easier to spoof). I have a gut feeling that any solution which solves these problems is going to be at the expense of security. But I think these two problems need to be solved if we want to create an easy to use, low-human-maintance, infrastructure in a universe of hundreds of remailers. The fact is, that even remailers exchanging mail _can_ be spoofed, if not quite as easily as the newsgroup idea. It seems to be a premise of cryptographic protocols and schemes, that you've got to assume a worst case and get a system working where even under the worst case, everything works. I think this is a good way to work, and that's why you've got to assume that if it can be spoofed, it will be spoofed. And you've got to build in a web of trust relying on cryptographically secure signatures, instead of relying on false security you get from thinking that it hasn't been spoofed just because it would be a little bit dificult to do so. Once you adopt this frame of mind, the newsgroup method is just as secure as the mail method (both can be spoofed, but you rely on web-of-trust to prevent spoofing from doing any harm), but the newsgroup method solves the two problems I brought up. I agree that it seems a good idea for the SMTP RFCs to be used to exchnage info, and we could post to the alt.remailernet newsgroup with articles that adhere to the SMTP RFCs, even though that isn't exactly what the those RFCs are intended for. Although we almost certainly need some agreed upon standards in addition to the SMTP RFCs, because there is additional information we want to exchange. From ianf at simple.sydney.sgi.com Thu Aug 4 15:35:12 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Thu, 4 Aug 94 15:35:12 PDT Subject: URGENT: Please Tell Congress to Allow Encryption Export In-Reply-To: <9408041706.AA05151@infobase.InterNex.net> Message-ID: <9408050823.ZM6861@simple.sydney.sgi.com> On Aug 4, 10:08am, Chris Corpuz wrote: > The House and Senate Intelligence Committees, the only watchdogs for > the NSA, tend to follow the agency's wishes when they wave the magic > "national security" wand. Reading this, I was reminded that I have rarely seen any mention on the net as to one of the reasons why the "national security" wand is so effective with many politicians. Imagine this: you're a politician. If you're a US politician in particular you will be correctly told that you are, by virtue of your position, a target for a lot of "extremeist" groups and terrorism. You will then be told that one of the main weapons on your side is the tremendous security infrastructure which has been constructed to intercept and prevent acts of violence against the government (ie. you). They'd probably then drop little pieces of information - strictly secret of course to make sure that you treated them with the proper respect - which would leave you with the impression that these guys do such a good job of protecting YOUR ass. They might even have some intelligence showing your name on some documents from some politicial organisation with a violent tendencies, and who wouldn't be a bit worried after that? After this little speech, you'll have had the presence and influence of the various security services entwined with the protection of your very life. It's been personalised for you in a very intimate way, and for most politicians, this is works. It's always worth bearing in mind when you see one of them do an abrupt 180 degree turn after a visit from the spooks. Ian. From nobody at CSUA.Berkeley.EDU Thu Aug 4 17:35:03 1994 From: nobody at CSUA.Berkeley.EDU (Tommy the Tourist (Anon User)) Date: Thu, 4 Aug 94 17:35:03 PDT Subject: Censorship/protecting children is not on topic... Message-ID: <199408050034.RAA20172@soda.CSUA.Berkeley.EDU> This debate about protecting children from censorship, et al is great, but arn't we veering off the charter/topic of this mailing list? ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 8 lines: :: Response-Key: the-clipper-key ====Encrypted-Sender-Begin==== MI@```%E^&2?(E+Y2-*'0G?5^"B%&EG M0_U[L1(6_(\$"))OK>(OA8H+I%T at 3K;%1ON[7^#@]3[:`$.O0\]*<1^R&ZKY $R7JWF@`` ====Encrypted-Sender-End==== From hfinney at shell.portal.com Thu Aug 4 19:43:56 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 4 Aug 94 19:43:56 PDT Subject: Remailer ideas Message-ID: <199408050244.TAA16584@jobe.shell.portal.com> The MIRV idea for messages is not bad, but by itself it does not provide enough cover. If you have a 33K byte message come in and a while later a 21K and a 12K byte message go out, there might not be many other possible messages that could add up to 33K. A more complete solution is to pad all messages to a standard size. If every message which goes into the remailer is the same size, and every message which comes out of the remailer is the same size, and each has no carried-over header or message-body information, then there should be no way of matching up incoming to outgoing message. This was the simple solution in Chaum's original February 1981 CACM paper, which I would strongly suggest that people read. CACM is probably the most widely available of the computer science journals and should be at every university library. Chaum's paper has some interesting aspects that are not often mentioned. He actually proposes two different solutions that differ somewhat. (People should also be aware of his alternative solution to the traffic analysis problem, the "Dining Cryptographers" network. I think Tim may have scanned that in at some point, so it might be on the net. DC nets tend to be high bandwidth and are more suitable for LANs or WANs than email, IMO.) The first solution in Chaum's paper is the "Cascade". In this there is a sequence of "Mixes", what we would call remailers, which are used in a FIXED order by everyone. It's as though everyone first sent their messages to soda, then to portal, then to catalyst, and so on through some specific sequence. Furthermore, these are all sent in a set of batches which stay together as they move through the network. A batch of messages starts at soda, then at a later time that same batch pops out the other end, having been decrypted and shuffled at each step. >From our perspective, this seems like a wasteful way of using the network. By keeping the messages together like this, the whole cascade does no more shuffling than would a single mix. Using the cascade provides no more confusion of messages. But the advantage it does provide comes from the fact that there is no guarantee that the remailers are honest. This is something which is often overlooked by people who make suggestions that remailers should cooperate, should automatically choose the message paths, etc. Chaum uses the cascade so that if even one mailer on the chain is honest and uncorrupted, the whole chain is strong. If you _knew_ you were using a good remailer you wouldn't need a cascade. But by using a cascade you get that much more assurance that you have security. The other reason for using a fixed cascade, I think, has to do with the details of message padding. The problem is that, generally, when you decrypt a message it is not exactly the same size as it was when you started. Particularly with remailer messages, where there may be some encrypted address information along with the message, the output will tend to be smaller than the input. By using a cascade, the messages will all shrink in step as they move along. All of the messages coming in to any mix in the cascade will be the same size, and all the messages going out will be the same size, but the outgoing messages may not be the same size as the incoming ones. It is this size differential which would make it hard to safely combine messages which have gone through different numbers of mixes. Chaum does go on to suggest a solution to this as the second main part of his paper. That part is considerably harder to follow, but the main idea seems to be that the mixes themselves will add padding to the end of the messages so that they stay the same size. Chaum describes this in terms of messages composed of fixed-size blocks, but it would seem that the idea could be generalized to a remailer which added random padding to bring the output message up to the standard size. I can't see any security leaks in this generalization. One interesting idea Chaum suggests is that after the remailer decrypts the messages in its batch, it does not simply send each one to the next address, but rather broadcasts them (perhaps to all of the other remailers). Those remailers try decrypting all of the incoming messages and only those messages for which the decryption succeeds will be sent on. Again, I'd suggest people interested in reamailers read this paper. I believe there were some follow-ups in the Crypto 89 proceedings, but my library is missing that volume so I haven't seen them. Hal From blancw at microsoft.com Fri Aug 5 18:23:25 1994 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 5 Aug 94 18:23:25 PDT Subject: No Subject Message-ID: <9408060028.AA13655@netmail2.microsoft.com> who cypherpunks From paul at hawksbill.sprintmrn.com Fri Aug 5 20:18:01 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Fri, 5 Aug 94 20:18:01 PDT Subject: (fwd) Latest Cyberwire Dispatch Message-ID: <9408060354.AA20180@hawksbill.sprintmrn.com> I couldn't recall this already being posted to the list, so apologies if you've already seen it. As the syaing goes, "Be afraid. Be very afraid." - paul Forwarded message: > From: mech at eff.org (Stanton McCandlish) > Newsgroups: comp.org.eff.talk > Subject: Latest Cyberwire Dispatch (fwd) > Date: 5 Aug 1994 11:18:07 -0500 > Organization: UTexas Mail-to-News Gateway > Lines: 186 > Sender: nobody at cs.utexas.edu > Distribution: inet > Message-ID: <199408051618.MAA21205 at eff.org> > NNTP-Posting-Host: news.cs.utexas.edu > > [This is just an informational forward, and is not an EFF statement.] > > > ****** begin fwd ******* > > CyberWire Dispatch // Copyright (c) 1994 // > > Jacking in from the "The Good, the Bad and the Ugly" Port: > > Washington, DC -- For months now a kind of high stakes privacy poker has > been played out here behind the closed doors of congressional subcommittees > as the FBI, telephone industry executives, congressional staffers and civil > libertarians have played a kind of five card draw with the privacy of all > your future telephone calls, faxes and electronic mail. > > The betting's all but over now; Congress has "called" the hand and laid > its cards on the table: A soon to be introduced bill that will mandate > --forever -- that all the nation's telephone networks be designed to give > the FBI easy wiretap access. The bill's sponsors, Senator Patrick Leahy > (D-Vt.) and Rep. Don Edwards (D- Cal.), have fought through a numbing array > of options, opinions and (FBI) obfuscation in order feel comfortable enough > to sign their names to a bill that, just years ago, was laughed off Capitol > Hill because it was severely flawed. > > My how time changes things. > > It's been two years since the FBI first introduced what amounted to an > "Easy Wiretap America" bill. Now we have a new President, a new FBI > director and suddenly, a new bill that requires the nation's > telecommunications providers to reengineer their facilities so the FBI can > do wiretaps easier. > > The Leahy and Edwards staffs have dumped hundreds of hours of "sweat > equity" into this bill, which could be introduced as early as today > (Friday) but certainly before next Tuesday. > > Leahy and Edwards have never been known to tape "kick me" signs on the back > of American privacy rights. The bill that's been hammered out here -- and > that phrase isn't used lightly -- by Leahy and Edwards is a damn sight > better than the FBI's laughable attempts at drafting legislation. In fact, > it was Leahy and Edwards that stepped into the breach to thwart those early > FBI proposals from being passed "as is." > > An earlier version of this bill, which, among other things, gave the > Justice Department the right to shut down any telephone company's network, > regardless of size, if they didn't comply with the wiretap statute, was set > to be introduced by Sen. Joseph Biden (D-Del.), with heavy support from > others in congress. That bill, if introduced, would have passed, > congressional sources have said. > > But the Leahy and Edwards tag team effort took Sen. Biden off the scent. > So, we get a more palatable bill. Call it the "cod liver oil act" of 1994. > It tastes horrible, but it's necessary, considering the earlier > alternatives. Without this Leahy/Edwards bill our privacy rights would > have really been fucked over. At least now we get kissed. (Sorry, no > tongues.) > > Still Got The Power > ==================== > > A draft copy of the latest bill, obtained by Dispatch, shows that the > Justice Department and FBI still have the tools to intimidate and harass > the future development of the nation's telecommunications infrastructure. > > The bill, as it stands, does keep Justice and law enforcement from > mandating any "specific design of features or system configurations to be > adopted." But the requirements to build wiretap capability into all public > telecommunications carrier systems is steadfast. This means that while the > FBI can't expressly tell a company "how to get there," it can definitely > say, "just get there." > > Never again, under the provisions of this bill, will a telecommunications > provider be able to develop a service or technology without first and > foremost asking the question: How can I design this so that it pops off > the assembly line wiretap ready? > > Read it again. The key word there: Never. > > There is an "out" however, and it comes thanks to Leahy. If a new > technology doesn't fit with the mandate, that is, if you can't make that > new hand held satellite phone wiretap ready and you've made every > "reasonable effort" to make it so, it can still be sold. How? > > "The court can enforce the (wiretap) requirement of this act only if > compliance with the act is 'reasonably achievable' through the application > of 'available technology,'" said Jeff Ward, director of governmental affair > for the Nynex telephone company. > > Ward -- who says the bill has been an "albatross" around his neck for 2 > years -- has focused his efforts during this 2 year time frame, on ensuring > that such "reasonably achievable" provisions allow telephone industry and > equipment makers to be "good corporate citizens." That is, these > companies are required to consider [wiretap] design factors, but if after > "due consideration, we can't do it, we've got to be able to proceed." > > This effort is supported by the bill; however, it is a court of law that > decides what is "reasonable" or not. Such litigation, brought by Justice > no doubt, could tie up a new technology for years while the case is > decided, thus giving Justice and the FBI a kind of de facto control over > the development of new technologies. > > Make That Check Out To... > ========================= > > Then there's cost. The FBI insists that the cost to industry to retrofit > all their networks will be only $500 million. But that's a bullshit figure > and everyone from FBI Director Louis Freeh to the newest line programmer at > AT&T knows it. > > In fact, so many lines of code will have to be written and maintained to > comply with these wiretap mandates that one Internet pioneer, Dave Farber, > has called the FBI proposal "the programmers full employment act." > > Provisions in the bill make it basically a blank check for the FBI. Within > the first 4 years, there is $500 million approved to be spent on > "upgrading" all the nation's telephone systems to provide law enforcement > with easy wiretap access. There are provisions in the bill that require > the government to repay all costs of installing wiretap software throughout > all networks forever, with no cap. What's not clear, however, is what > happens when FBI demands for wiretap capability exceed the $500 million > mark (and it will) during those first 4 years. > > Maybe we'll get some answers when this bill (in whatever language is > finally passed) is discussed at joint hearings to be held by Leahy and > Edwards on it August 11th. > > Take It or Take It > =================== > > Take it or take it. Those are your only choices here. This bill is a slam > dunk for passage. But you didn't lose everything. > > All electronic systems will be exempt from complying with the bill's > mandates. But hold on before you cheer... > > This simply means that the FBI can't tap your Email from, say, America > Online's computers; rather, they can do what they've always been allowed > to do: Snag it off the telephone company's central switch. But at least > we don't have the Internet being hung with "FBI: Tap In Here" signs. > > Transactional data, Dispatch has been told, will get some beefed up > protection. Just how this language shakes out remains to be seen, however. > > > Yeah, but Can They Count? > ========================= > > At the very end of the draft we obtained, the FBI is given a curious > additional reporting requirement under its annual wiretap reports. The > addition, in our draft copy, says the Bureau must quantify "the number of > interceptions encountering electronically encrypted communications, > specifying the number of such interceptions that could not be decrypted." > > Throughout the history of this bill and the now ignominious Clipper Chip > proposal, the FBI has touted the fact that it's investigations are > continually stymied by encryption technologies. Small problem: The Bureau > refuses to provide any kind of documentation to back up those claims. > > At first blush, then, this extra requirement finally means the G- men will > have to give us some concrete numbers. All well and good... *if* that's > what this requirement actually is used for. > > There's potentially a much darker use for these stats... yes, I see all you > Crypto-rebels nodding your anxious heads. You see, such a formal gathering > of statistics could be used by the Bureau or... say, the National Security > Agency, to "prove" that private encryption schemes are just too great a > threat to "catching bad guys." > > Citing these newly gathered statistics the White House could, one day, > order the banning of private encryption methods. Far fetched you say? > > Yeah, it's far-fetched... something on the order of, oh, say a bill that > mandates telephone companies give the FBI easy access to all conversations > from now until forever. > > Meeks out... > > ******* end ******** > > > -- > Stanton McCandlish >


mech at eff.org >

Electronic Frontier Fndtn. >

Online Activist > > From jeffb at sware.com Fri Aug 5 20:23:43 1994 From: jeffb at sware.com (Jeff Barber) Date: Fri, 5 Aug 94 20:23:43 PDT Subject: Voluntary Governments? In-Reply-To: <9408050241.AA07660@ua.MIT.EDU> Message-ID: <9408052101.AA10905@wombat.sware.com> solman at MIT.EDU writes: > That's because neither is. A and B are just two folks who might want to > communicate with each other. Party A may have a "law" that prohibits any > form of fraud and fines violators an amount set by some "politician". > The law that A chooses might be quite restrictive (like many > of the truth in advertising laws we have in the physical realm.) B is just > some random person who wants to communicate with A. Maybe he has something > he wants to sell to A. Suppose that B is not adhering to the laws that A > has chosen. When he attempts communication, A's agents will inform B's > agents that A wouldn't feel safe under B's laws. One of three things will > happen: > 1) B really would like to do business with A so he temporarilly accepts A's > laws. This probably involves giving the following process: I think I now understand what it is you're saying. But the protocol you describe is merely that of a trusted escrow agent, which is not a government. Governments can sometimes act in that capacity (for example, if you default on your mortgage, the govt. will hand over your house to the mortgage holder). One difference between the government and other trusted "adjudicators" is that -- and this goes back to an earlier idea in this thread -- the government has the force of arms to back up its decisions. (If you don't make your monthly payment, the bank goes to the adjudicator [the govt.] who turns over the property to the bank and evicts you. If you refuse to leave, the govt. sends men with guns to your house to force you out.) Any other agent would need to have some economic or other pressure it could apply to you to compel you to follow the "rules" you agreed to. Without the threat of force, though, this can hardly be called a government. You're simply taking an existing concept -- that of a trusted adjudicator, which need have no connection with a government -- and calling it "government". This doesn't make it so. I am reminded of this [Lewis Carroll?] quote Steve Bellovin posted several months ago: ``When *I* use a word,'' Humpty Dumpy said, in rather a scornful tone, ``it means just what I choose it to mean---neither more nor less.'' > > Please describe how a "voluntary" > > government would prevent "aliens" from conducting their own economic > > transactions completely outside this system. > > It wouldn't. But a cyberspatial government could limit the contact > that ailiens have with its citizenry, thus denying the aliens access to > the information and resources of the government's citizenry. In tyranical > cases, the government could even prevent aliens from explaining to the > citizens just how much money they are losing by remaining in the government. This whole scheme rests on the willingness of relatively large groups to put themselves under the control and protection of this cyberspace "government" in the first place. I still don't see what the motivation will be. What advantage to me will there be in allying myself with this government, when I could instead choose a particular trusted arbitrator or adjudicator or escrow agent on a case-by-case basis when and if it's needed? How will one of these governments ever acquire the critical mass necessary to make anyone care what their rules are? And the question of motivation is central to your conclusion, which was: > > > Without extreme cultural upheaval, it is highly probable that voluntary > > > economic coercion alone will be sufficient to allow big government > > > to move from the physical realm into cyberspace. -- Jeff From solman at mit.edu Fri Aug 5 20:23:55 1994 From: solman at mit.edu (solman at mit.edu) Date: Fri, 5 Aug 94 20:23:55 PDT Subject: Voluntary Governments? In-Reply-To: <9408052101.AA10905@wombat.sware.com> Message-ID: <9408052122.AA12980@ua.MIT.EDU> > solman at MIT.EDU writes: > > That's because neither is. A and B are just two folks who might want to > > communicate with each other. Party A may have a "law" that prohibits any > > form of fraud and fines violators an amount set by some "politician". > > The law that A chooses might be quite restrictive (like many > > of the truth in advertising laws we have in the physical realm.) B is just > > some random person who wants to communicate with A. Maybe he has something > > he wants to sell to A. Suppose that B is not adhering to the laws that A > > has chosen. When he attempts communication, A's agents will inform B's > > agents that A wouldn't feel safe under B's laws. One of three things will > > happen: > > > 1) B really would like to do business with A so he temporarilly accepts A's > > laws. This probably involves giving the following process: > > I think I now understand what it is you're saying. But the protocol you > describe is merely that of a trusted escrow agent, which is not a > government. In the protocol I describe, S is obviously a trusted escrow agent, (well an escrow agent anyway, sufficiently distributed secret splitting can eliminate the trust requirement) but P is very definitely a government like organization. P is making, monitoring and enforcing resrictions on the freedom of its citizens. Its entire purpose is to create law and make sure that you follow it. It just isn't able to fall back on physical force. > Governments can sometimes act in that capacity (for example, if you > default on your mortgage, the govt. will hand over your house to the > mortgage holder). One difference between the government and other > trusted "adjudicators" is that -- and this goes back to an earlier idea > in this thread -- the government has the force of arms to back up its > decisions. (If you don't make your monthly payment, the bank goes to > the adjudicator [the govt.] who turns over the property to the bank and > evicts you. If you refuse to leave, the govt. sends men with guns to > your house to force you out.) Any other agent would need to have some > economic or other pressure it could apply to you to compel you to follow > the "rules" you agreed to. Please note (and this is VERY important) that the government and the adjudicators in my model are NOT the same The are fulfilling very different functions. The adjudicators are handling disputes, the government is restricting its citizen's freedom. > > > Please describe how a "voluntary" > > > government would prevent "aliens" from conducting their own economic > > > transactions completely outside this system. > > > > It wouldn't. But a cyberspatial government could limit the contact > > that ailiens have with its citizenry, thus denying the aliens access to > > the information and resources of the government's citizenry. In tyranical > > cases, the government could even prevent aliens from explaining to the > > citizens just how much money they are losing by remaining in the government. > > This whole scheme rests on the willingness of relatively large groups to > put themselves under the control and protection of this cyberspace > "government" in the first place. I still don't see what the motivation > will be. What advantage to me will there be in allying myself with this > government, when I could instead choose a particular trusted arbitrator > or adjudicator or escrow agent on a case-by-case basis when and if it's > needed? How will one of these governments ever acquire the critical mass > necessary to make anyone care what their rules are? > > And the question of motivation is central to your conclusion, which was: > > > > > Without extreme cultural upheaval, it is highly probable that voluntary > > > > economic coercion alone will be sufficient to allow big government > > > > to move from the physical realm into cyberspace. Indeed it is. Without societal changes most Americans would blindly walk from the restrictive government of the physical realm into the open arms of governments in cyberspace. Getting many people to actually exmine the economic benefits of the existance of government would be a major step forward. JWS From jdd at aiki.demon.co.uk Fri Aug 5 20:33:12 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 5 Aug 94 20:33:12 PDT Subject: URGENT: Please Tell Congress to Allow Encryption Export Message-ID: <3923@aiki.demon.co.uk> In message <9408050823.ZM6861 at simple.sydney.sgi.com> Ian Farquhar writes: > On Aug 4, 10:08am, Chris Corpuz wrote: > > The House and Senate Intelligence Committees, the only watchdogs for > > the NSA, tend to follow the agency's wishes when they wave the magic > > "national security" wand. > > Reading this, I was reminded that I have rarely seen any mention on the net > as to one of the reasons why the "national security" wand is so effective with > many politicians. > > Imagine this: you're a politician. If you're a US politician in particular > you will be correctly told that you are, by virtue of your position, a target > for a lot of "extremeist" groups and terrorism. [etc] This has little to do with being a politician and even less with being a US politician. People at all levels everywhere at all times are willing to pay for what they perceive as additional security. Look at the world around you. Just before the USSR collapsed, they were well on their way towards building a world class navy, to counter the "US threat". This was a huge investment. Singapore is armed to the teeth, what the hell, most of Southeast Asia is armed to the teeth. What do the Chinese need nuclear missiles for? At a more prosaic level, people everywhere splash out on life insurance policies. The insurance salesman's patter is much the same as the generals' line when talking to the politicians in Washington. Everyone everywhere will pay for what they perceive as security. -- Jim Dixon From hughes at ah.com Fri Aug 5 20:34:00 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 5 Aug 94 20:34:00 PDT Subject: Latency vs. Reordering Message-ID: <9408051737.AA14793@ah.com> This horse isn't dead yet. The distinction between latency and reordering is if primary importance to the cryptanalysis of a remailer network. To repeat yet again: reordering provides security and latency is a by-product of reordering. I assert that anyone who's given a modicum of thought about how to cryptanalyze a remailer network understands this distinction well. I also assert that those who haven't thought about cryptanalysis don't understand the distinction, even if they do believe in it by authority. One of the oldest maxims in the book is "Don't design ciphers until you've tried to break some." A remailer network is intended to be a cryptographic object, a new kind of cipher. I assert that if you don't understand the distinction between reordering and latency, you've not thought enough about the cryptanalysis of remailers and shouldn't be designing them. Therefore, in the future, from here on out, I will label the promoters of latency as "sellers of snake oil." It's the same fallacy as creating a new cipher by putting lots of complicated operations inside it without understanding where the security comes from. Eric From lcottrell at popmail.ucsd.edu Fri Aug 5 20:34:06 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Fri, 5 Aug 94 20:34:06 PDT Subject: Clipper in the Commics Message-ID: <199408051813.LAA29384@ucsd.edu> -----BEGIN PGP SIGNED MESSAGE----- Well, I guess this is about as mainstream as the issue can get. In today's paper, the comic strip "On the Fast Track" is about the clipper chip. It suggests that we need a way to spy on government in return (other than by bribery). To say that I was surprised to see a clipper statement in the 'toons would be an understatement. Looks like our campaign to inform the public is paying off. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkKPYVVkk3dax7hlAQEg9AP5AXe5mr++9Af3QCcyozIKqKqp5FXadKqG Eaj+2An+loxXafaqNVwuKoZJMemA68yRYKguIZKjk6kQPhw3zp5D1h6Ynj3OoUvI AhPHHnDBiA+ehz5FSZfQESdRJtjM+6qQ/vcbgnSBeFvEEYi4531Q9t36pQJcWB8X n2Jlr6U3jjE= =BVHe -----END PGP SIGNATURE----- -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From hughes at ah.com Fri Aug 5 20:36:16 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 5 Aug 94 20:36:16 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) In-Reply-To: <3778@aiki.demon.co.uk> Message-ID: <9408051716.AA14773@ah.com> Back to the start, I guess. > Specifically cryptographic elements are easily added to the system > * packets can be delayed for random intervals Let me repeat: REORDERING IS OF PRIMARY IMPORTANCE FOR REMAILER SECURITY. ADDING LATENCY IS NOT. And I don't want to hear any excuses that you can say latency and mean reordering, because that's self-delusion. Not only is it false, but misleading. Reordering is necessary for security, and latency is a by-product. You don't get security by adding by-products. Eric From hughes at ah.com Fri Aug 5 20:36:22 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 5 Aug 94 20:36:22 PDT Subject: email packet length size Message-ID: <9408051700.AA14756@ah.com> Message length quantization is necessary for security in a remailer network. Right now there's not enough traffic through the remailers to warrant more than one such quantized length. What length should that be? This information can be readily calculated from the length distribution of the current messages passing through the remailers. If only one or two remailers would instrument their devices in order to record just lengths, that would provide the necessary data. Any volunteers? My complete guess is that it's going to be around 4-5 KB. Eric From s009amf at discover.wright.edu Fri Aug 5 20:37:26 1994 From: s009amf at discover.wright.edu (Aron Freed) Date: Fri, 5 Aug 94 20:37:26 PDT Subject: Announcing: The Censorship Escrow System (CES) In-Reply-To: <199407312249.AA17767@access3.digex.net> Message-ID: On Sun, 31 Jul 1994, Ray wrote: > > The Censorship Escrow System is a new service being provided > by The People for a Better Tommorow and SAVE OUR CHILDREN. CES's goals > are: > > o to provide children with a sanitized world view > o to prepare our children as proper citizens for their government > o to prevent children from developing sexual/political deviancy > o to preclude dangerous independent thinking > o to parent the child in absense of proper parental guidance > > The CES concept is simple. CES will archive all of your children's > books, tv, and educational products. We will also record and archive > all of your child's telephone conversations. If you suspect that > your child is being exposed to Dangerous Ideas, you will provide > us with a key to unlock our archives for your child. We will then review > all of the materials for offending ideas, and then recommend a plan of Who is writing or doing this crap!!!! This is ludicrous... It's brainwashing and it teaches nothing but ignorance... If you want your cchildren to learn things you expose them to everything, but you guide them through it. If you can't do that, you will ultimately fail as a parent. Why hire someone to tell your kids what they should be reading. Soon people will be banning books like Huck Finn, The Crucible, Grapes of Wrath, and many others through this method of CES... THE FUTURE OF TOMORROW WILL BE DOOMED IF THIS THING TAKEN SERIOUSLY FOR USAGE!!!! Aaron From hughes at ah.com Fri Aug 5 20:37:35 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 5 Aug 94 20:37:35 PDT Subject: Remailer ideas In-Reply-To: <3778@aiki.demon.co.uk> Message-ID: <9408051709.AA14763@ah.com> Jim Dixon analogizes between the Internet and remailer networks. The analogy has some merit, but yet breaks down badly with the very first point: * all packets should be acknowledged This is not the way the Internet works. IP, Internet Protocol, is unreliable. TCP, the reliable stream protocol, does not acknowledge individual packets but rather advancement along a sequence. The lesson is that reliable delivery should be built on top of unreliable delivery. Here the analogy breaks down on technical grounds. With TCP, the destination knows the source, yet in a remailer network this may not be the case. A good first cut, though, would be to forgo reliable delivery for remailer-created pseudonymity and work out a reliability mechanism for regular correspondents. In this case the source _is_ known, it's just that it's not shown on the outside of the message. Further, in email, there's currently no notion of a connection. Email message are much more like datagrams than bit streams. In order to do reliable delivery, there would have to be persistent state information on each side of the communication. If I send a message for the first time to a party and there's no reply, I cannot conclude whether the message was not delivered or whether the message was delivered and not answered. Connection-oriented email would be much more complicated than the current systems. It is, perhaps, time for email to become more complex. * messages should be broken down into packets which are routed independently Length quantization is necessary for security in the face of total network monitoring. Multiple quanta may be warranted in the case of high volume, which is certainly not the case right now. So this point holds. * users should communicate with trusted gateways This point is only half true, because the analogy only subsumes one kind of trust. For remailers there is both trust in delivery and trust in silence, the destruction of the message and information about it. On the Internet the only trust required is delivery; there is not a desiderata in the design (although it's certainly in some people's minds) that packet monitoring _not_ be possible. * the gateways should frequently exchange routing information Again, this works for trust in delivery but not for trust in silence. Eric From jrochkin at cs.oberlin.edu Fri Aug 5 20:44:36 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Fri, 5 Aug 94 20:44:36 PDT Subject: RemailerNet Message-ID: <199408051528.LAA18523@cs.oberlin.edu> Part of our disagreement/misunderstanding might be in differing conceptions of the form the remailer net should take. > There should be two anonymous IDs, one for sending, one for > receiving. You seem to be talking about a Julf-style anon system, where the system knows who you really are. If the system is corrupt, if Julf were an NSA agent, then the entire system is compromised and useless. I like the cypherpunks remailer concept better, where each link in the chain only knows the next link in the chain, and security is achieved by multiple links. If several of the links are actually NSA agents, your security is reduced, but not compromised completely. If you've got a chain of, say 10 links, even if 7 of them are evil NSA agents, you still can probably retain your anonymity. Return addresses are accomplished by encrypted "resend-to:" blocks. It seems much preferable to have a system where it isn't neccesary to trust any one net entity completely, as it is in a Julf-style anon-ID system. [Of course one could use a combination of both in communications too, but I wouldn't feel safe unless my anonimity was safe even if the Finish FBI raided Julf's site.] When looked at with this goal in mind, I think maybe the newsgroup as a method of passing remailer net information makes a bit more sense. I don't think the possibility of the newsgroup being spoofed is actually fatal to the system. Let's examine ways in which it could be attacked: 1) The Enemy could introduce completely made-up "i'm here" messages, pointing to non-existent remailers. This doesn't harm anything at all when combined with a "ping"ing of remailer sites, as I've suggested. (One idea would be just to periodically mail all your remailers with the resend-to: being yourself, to make sure they exist, and are forwarding mail at least some of the time). 2) The Enemy could announce his own Evil-remailers to the net. These remailers would in fact exist, but would do evil things designed to compromise the net. What could they do? They could publicize all messages they get. Again, as long as you have 3 or 4 non-evil remailers in your chain, this doesn't really compromise your anonymity. You can decrease the risk further by only using remailers whose announced keys were signed by a trusted source. The evil-remailer could also just drop all communications in the bit bucket. This doesn't compromise security, but does make the remailer net unusable. By periodically pinging the remailer sites as I've suggested above, this risk can be minimized. If you've pinged the site 25 times, and all 25 times the remailer has forwarded your ping back to you, then odds are that it isn't dropping any messages in the bitbucket. (remember, the evil-remailer can't tell the difference between your ping a a normal remailer message, if done correctly.) 3) The Enemy could intercept announcement messages from good remailers, and replace their public key with his own. He could then intercept all mail to this good remailer, and read it, and forward it on, or drop it in the bitbucket. Using web-of-trust for signed remailer keys should help minimize this risk. 4) Denial of service: The enemy could intercept the announcement messages, and keep them from getting to the newsgroup. This doesn't compromise the security of the net at all, but is annoying. I can't think of any way to avoid this risk, but I think it might be acceptable, because it doesn't actually compromise any security, and would be fairly dificult for the enemy to do for long without being detected. 5) The enemy could intercept announcement messages from good remailers, and replace both the public key and address with his own. This is really just a combination of several of the previous attacks, nothing new. From mnemonic at eff.org Fri Aug 5 20:45:58 1994 From: mnemonic at eff.org (Mike Godwin) Date: Fri, 5 Aug 94 20:45:58 PDT Subject: Encryption (fwd) Message-ID: <199408051413.KAA18295@eff.org> Received this in the mail today. --Mike Forwarded message: From dance at cicero.spc.uchicago.edu Fri Aug 5 20:46:06 1994 From: dance at cicero.spc.uchicago.edu (Squeal) Date: Fri, 5 Aug 94 20:46:06 PDT Subject: Voluntary Governments? Message-ID: <9408051402.AA12655@cicero.spc.uchicago.edu> [JWS writes:] >Well, yeah. And this is a service. When individuals exercise their >freedoms, they frequently interfere with other people's freedoms. To >resolve this conflict, it is necessary to "control the actions or the >behavior of" individuals such that they don't interfere with each >other's freedoms. So they enter into a contract with each other >under which this is accomplished, but a contract isn't worth the paper >its written on unless somebody enforces it, so they hire a policing agency, >the government. That agency is providing a useful service. Well, as a tribalist, I don't agree that this "useful service" is ultimately necessary. I *do* agree, however, that government is necessary *at the moment.* As a species we have not evolved enough to learn to take personal responsibility for our actions, therefore an external restraint system is necessary. My particular slant on anarchy calls for personal responsibility, which I believe renders an external system of superintendence unnecessary. But as I said before, this species isn't ready. >> It would be great if government could be a service provider, or simply feel >> responsible for those it governs--but then it would not be a government any >> longer. > >I don't agree with that last clause. I would rather have Customer Service than government, but I don't believe I can have both. Write me some more and hear my other stupid ideas. ;) _/_/_/ _/_/_/ _/_/_/ _/ _/ The ancients who wished to _/ _/ _/ _/ _/_/ _/ illustrate illustrious virtue _/_/_/ _/ _/ _/_/_/ _/ _/ _/ throughout the world first _/ _/ _/ _/ _/_/_/_/ _/ ordered well their states. _/_/_/ _/_/_/ _/_/_/ _/ _/ _/_/_/ Wishing to order well their states, they _/ first regulated their families. Wishing to regulate their families, they first cultivated their persons. Wishing to cultivate their persons, they first rectified their minds.... --THE GREAT LEARNING (Text & Commentary, IX) From jdd at aiki.demon.co.uk Fri Aug 5 20:46:21 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 5 Aug 94 20:46:21 PDT Subject: RemailerNet Message-ID: <3906@aiki.demon.co.uk> In message <199408042200.SAA07928 at cs.oberlin.edu> Jonathan Rochkind writes: > > * Rochkind's stability-from-being-paid and web-of-trust notions > > I'm not sure I like being credited with the "stability from being paid" > notion. I think there _is_ stability from being paid, but I think > if the infrastructure depends on it, it's not a good infrastructure. If you look at the history of the Internet, there have been some free Internet services, but the ones that have thrived have been paid. (If the government or your school subsidizes your Internet access, it may appear free to you, but the staff all get their paychecks every month. > The system should be able to create a stable top-level infrastructure > on top of an inherently instable environment, with remailers > going up and down, and popping into existence, and dying. It should > route around dead remailers, like the internet itself. If it is built like the Internet, it will do just that. > > The use of alt.x groups to exchange gateway information does not seem > > to add anything to this system; in fact it would seem to make it easier > > to spoof the system. > > It _would_ make it easier to spoof the system, but I think it does add > several very important things: > 1) New remailers can easily announce themselves to the remailernet. > [Whether they are to be trusted or not should depend on pgp-signed keys > and web of trust, but the newsgroup provides an way to announce yourself > to the system, and have that announcment by automatically dealt with > by all participating parties] There are two things being blurred together here which should be kept distinct. The first is gateway-to-gateway announcements. The second is advertising of the RemailerNet gateways to the wider world. Generally I would expect gateways to introduce themselves to one another privately and negotiate an understanding. Part of this will normally take place off the Net. This is an infrequent event, and so can be time-consuming and expensive. The basic web of trust is that between gateways. Once gateways had entered into a relationship, there would be frequent encrypted private traffic between them which would maintain the trust. Gateways can also announce their presence to the wider world, and publish their public keys. This could be done in alt.RemailerNet or it could be done in alt.internet.services, or any of several other places, or all of these. Any information published in alt.RemailerNet would be suspect, because it could be a complete fabrication or it could be a modified version of the correct posting. Gateways could be started up by anyone and some postings to alt.RemailerNet would be spurious. The "gateway" could be a sink, just tossing traffic sent to it, or it could copy all messages to a TLA before forwarding them. The user-gateway web of trust would therefore be far more problematical. I think that this would function as a market, and unreliable and untrustworthy gateways would be driven out over time. At the same time, there would be a constant bubbling up of new remailer networks, because the software would be freely available and the protocols well defined. The longer lasting gateways that proved trustworthy would in time join established networks. > 2) Users (not people operating remailers, people using them) could make > use of the newsgroup, to compile a database of remailers, and make long > remailer chains. Users could have automated software doing this. Compiling a list of remailers, sure. But if you let the user control how messages are chained, you are inviting real traffic analysis. The user should only be able to specify his destination and the level of security desired. > [snip] > These are really two facets of the one problem, of allowing a user > or remailer who has just arrived on the seen to quickly get a list > of remailers, and make use of them, all automatically. That's sort of the > super-set problem which encompasses the other two, and whose solution solves > the other two. > > I don't think it's a coincidence that the newsgroup system solves these > two problems at the expense of security (the newsgroup makes it easier > to spoof). If the newsgroup is used as described above, RemailerNet itself is not threatened; it is only the users that can be spoofed. This level of risk is unavoidable. But gateways would never use the newsgroup for inter-gateway communications, because (a) it would be redundant (they can talk directly once they know each other and (b) you would have to assume that anything posted to a newsgroup had been compromised. > The fact is, that even remailers exchanging mail _can_ be spoofed, if not > quite as easily as the newsgroup idea. It seems to be a premise of cryptographic > protocols and schemes, that you've got to assume a worst case and get a system > working where even under the worst case, everything works. Well ... if you follow this line of reasoning too far, you are just saying 'nothing can be trusted, so don't bother being careful'. If I were running a remailer and someone posted his address in a public newsgroup and said "hey, here I am, and I run a really good remailer" I wouldn't trust him just because he signed it. I would get in touch with him, ask around about him, maybe run some low-security traffic through his remailer for a while. Then after some time I would raise my estimate of his trustworthyness. If he dropped traffic, if someone reported that something that they had sent privately had been compromised, I would drop him. > I agree that it seems a good idea for the SMTP RFCs to be used to exchnage > info, ... etc You already use the SMTP RFCs to exchange information -- this message comes to you courtesy of those RFCs. Email can have very complex headers and they can be in pretty much any order. This makes it difficult to write email software. I am simply suggesting that we allow only the minimal few headers, with possibly a few added to support RemailerNet protocols. ASSIGNMENT OF ANONYMOUS IDs These types of traffic are possible, where 'known' means your ordinary email address: known --> known known --> anon anon --> known anon --> anon There should be two anonymous IDs, one for sending, one for receiving. I assume that anonymous IDs are never assigned automatically. If you want an anonymous ID pair, you ask the gateway for one, possibly enclosing your public key encrypted with the gateway's public key. The gateway returns your new IDs, encrypted if you you gave it a key. The 'send' anonymous ID is used for sending messages from someone else's account. The gateway converts it into a 'receive' ID before forwarding your message. The 'receive' ID appears on your email after it goes through the gateway and can also be passed to other parties who want to send you remailed messages. Additional security can be added by using a digital signature. The gateway could be instructed ignore messages lacking such a signature or to take some specified action. ELECTRONIC CASH Ecash is easily added to such a system. 'Emints' would generate a message containing a bank identifier and an encrypted value. This would be the ecash. It could be given to anyone or anything. Messages containing ecash would be encrypted. The emint would credit the account of the first person to present it, and would bounce any copies presented subsequently. Giving change would be trivial. -- Jim Dixon From sommerfeld at orchard.medford.ma.us Fri Aug 5 20:47:37 1994 From: sommerfeld at orchard.medford.ma.us (Bill &) Date: Fri, 5 Aug 94 20:47:37 PDT Subject: USPS digital signature annoucement In-Reply-To: <199408041740.NAA19691@eff.org> Message-ID: <199408051245.IAA00379@orchard.medford.ma.us> OUR CUSTOMERS ARE ASKING US TO PLAY AN EXPANDED ROLE IN FACILITATING PAPER AND ELECTRONIC COMMERCE BECAUSE WE HAVE UNIQUE LEGAL AND INSTITUTIONAL RESOURCES TO ACCOMPLISH THE TASK. Would you trust a cyberspacial authority who couldn't figure out how to turn off CAPS LOCK? This speech just screams out for someone to MST3Kify it.. - BIll From tcmay at netcom.com Fri Aug 5 20:56:28 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 5 Aug 94 20:56:28 PDT Subject: What are Appropriate Topics? In-Reply-To: Message-ID: <199408050658.XAA24947@netcom12.netcom.com> First off, my sincere apologies to Bob Snyder for quoting and responding to his e-mail to me, without realizing he had not cc:ed it to the list as well. I'm so used to replying to the author and then having to manually cc: the Cyherpunks list that it was not until I got the message quoted below that I realized his comments were private. I will try to be more careful. Partly it was his civil tone that misled me--it read like a post to the list, and not a personal note. In any case, my apologies to Bob. But I may as well respond to his comments (which I just checked to make sure were sent to the list as well). > I have no problem with politico-cryptologic themes or discussions on the > role and nature of government in the presence of strong cryptography > appearing in Cypherpunks. They certainly beat "PGP good, > Sternlight/Detweiller bad" messages. I only question generic discussions > of forms of government without any reference to cryptography or even > privacy. I don't see that as any more appropriate for the group than > abortion or health care debates, if it doesn't have a cryptological theme. At least in my messages, I was not arguing merely statism vs. libertarianism, or some such stale abstraction, but the specific issue of taxation in the face of strong crypto and privacy, and the oxymoronic nature of "volunteer governments." (I also think there are issues related to privately-produced law which folks on this list ought to know about, as it is the likely form of crypto anarchic law, such as it is. The connections with crypto are quite strong, as it is untraceable communication and commerce which makes these discretionary communities possible.) As for pure crypto being discussed on the list, there's a fair amount of that. I've posted my share of explanations of zero knowledge proof systems, dining cryptographers protocols, complexity theory, etc. I'm not saying this to defend myself, per se, but to note that these topics produced almost no discussion, almost no interest. Make of this what you will. > If you disagree with me, fine, we'll disagree, and I'll mentally filter out > another subject line. :-) It's not all that hard, which is why I > originally responded via direct email rather than sending it to the list. > > Bob As I said, my apologies for quoting Bob's e-mail. At least nothing in his message was embarrassing or compromising or could have done with any changes. My real issue, which is perhaps why I reacted as I did, is with the growing chorus of messages attempting to do "mid-course corrections" on the topics discussed. Too many "We are deviating from the Cypherpunks charter" and "But let's get back to crypto" messages, when in fact the best way to steer discussion in the direction one wants is to write a post or essay that _does_ this. (My major pet peeve is the post which goes on and on and closes with the infamous "But this really has nothing to do with crypto, so let's end this thread.") Cypherpunks is not sci.crypt, nor is it alt.security.pgp. And the oft-quoted mantra of "Cypherpunks write code" is incorrectly applied in many cases. I was present at the founding of our illustrious group, and, speaking for myself and for my understanding of the interests expressed at the September 1992 Oakland meeting (at the home of Eric Hughes), the topics of interest are *much more* than just "Cypherpunks write code." It may be true that boring liberal-conservative, left-right, statism-libertarianism debates are best avoided (not to mention believer-atheist and pro-choice--pro-life debates), but there are numerous politico-cryptologic points of philosophy that merit scrutiny and debate. For example: * what happens to tax collection in an era of unbreakable cyphers? * how will the state react? (seen in the many converging threads involving national ID cards--including more news today on this, the Postal Service plan to take over much of electronic commerce, the software key escrow (SKE-GAK) schemes, the Clipper deal, etc.) [Surely these are Cypherpunk topics? If not, what's left?] * crypto anarchy issues. Hal Finney is more skeptical than I am, and Hal and I had some reasonably good debates....more folks should join in. Again, surely a prime Cypherpunks topic. If not, why do we exist? Or do you all plan to simply accept my views as the official doctrine? (I didn't think so.) [Resolution of some issues surrounding anonymous murder contracts, data havens for medical experiments on humans, etc., is a more interesting and fruitful area that "Can DES be broken?" debates, which were old and boring in 1985. We are apparently the only forum on the planet thinking about these important issues, so it seems foolish to not discuss them merely because some political issues come up.] * what's really holding back the spread of digital cash? * where do we go from here? And a dozen other juicy topics. If people want to debate these and similar issues, we should *encourage* them to, not announce that the topics are deviating from some imagined idea of the charter. In fact, "Cypherpunks write code" is just one manifestation of the idea that we can actually change the world through the technological development of privacy-enhancing systems. For some, it may mean writing Perl or C code. For others, hacking the legal and business systems to figure out how to actually build digital banks. For still others, it means building networks of remailers and digital mixes. It can mean a lot of things. It's generally best, I think, to lead by example. Instead of pronouncing a topic to be off-limits or not consistent with the charter, why not find a way to make what you *are* interested in also interesting to others? That's how we'll move forward into new areas. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From snyderra at dunx1.ocs.drexel.edu Fri Aug 5 20:59:06 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Fri, 5 Aug 94 20:59:06 PDT Subject: Voluntary Governments? Message-ID: At 2:15 PM 8/4/94, Timothy C. May wrote: >"Opening the list up"? I've been on the list since the beginning, and >anarcho-capitalist, politico-cryptologic themes have _always_ been >with us. The role and nature of government in the presence of strong >cryptography is a recurring, and important, theme. I have no problem with politico-cryptologic themes or discussions on the role and nature of government in the presence of strong cryptography appearing in Cypherpunks. They certainly beat "PGP good, Sternlight/Detweiller bad" messages. I only question generic discussions of forms of government without any reference to cryptography or even privacy. I don't see that as any more appropriate for the group than abortion or health care debates, if it doesn't have a cryptological theme. There's no question you've been involved longer than I. I've only been on the mailing list for 3 or 4 months. In fact, I tend to make a concerted effort to read messages from you, because they tend to be concise and reasonable. I'm just not sure that political commentary without a reference to cryptography fits the purpose of the cypherpunks mailing list. If you disagree with me, fine, we'll disagree, and I'll mentally filter out another subject line. :-) It's not all that hard, which is why I originally responded via direct email rather than sending it to the list. Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From corpuz at internex.net Fri Aug 5 21:00:20 1994 From: corpuz at internex.net (Chris Corpuz) Date: Fri, 5 Aug 94 21:00:20 PDT Subject: Mea Culpa; email blunder Message-ID: <9408050015.AA00744@infobase.InterNex.net> I accidentally hit the send again function instead of the delete function on an email file that I was processing. No need to respond -- I am apolitical, didn't even read it, and don't care what it said -- and I will try not to bother you in the future. Again, sorry for any inconvenience. From hfinney at shell.portal.com Fri Aug 5 21:00:33 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 5 Aug 94 21:00:33 PDT Subject: US Postal Public Key In-Reply-To: <199408042025.AA18823@panix.com> Message-ID: <199408050417.VAA22307@jobe.shell.portal.com> frissell at panix.com (Duncan Frissell) writes: >What is the most important character in the above paragraph? >The 's' in 'authorities.' It means no monopoly. Yes, towards the end they made it clear that this was not intended to be a monopolized certification hierarchy, but one of many. There was even a reference to "peer-to-peer" certification, which I thought might refer to a web of trust. It's not nice to make fun of the Post Office; they're such an easy target. But I couldn't help finding that the archaic all-caps format and the little "^G" characters by the bulleted points reminded me of the old 110-baud ASR-33 clankety teletypes I used in college, with each little bulleted point going "ding", "ding", as it printed out (^G being the bell character in ASCII). It didn't exactly bring to mind the streamlined new PO the speaker wanted to convey. Hal From hfinney at shell.portal.com Fri Aug 5 21:00:48 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 5 Aug 94 21:00:48 PDT Subject: Voluntary Governments? In-Reply-To: <9408041330.AA03044@ua.MIT.EDU> Message-ID: <199408050412.VAA22116@jobe.shell.portal.com> solman at MIT.EDU writes: >In cyberspace, the default condition is that there is no interaction. >Communication requires agreement by both parties. During this >agreement, the laws (contracts, whatever) that the two parties >follow can be communicated by each party to the other, and if >party A does not feel that party B's laws provide him with >enough protection from B, he can refuse contact until B agrees >(at least for the duration of the communication) to more >constraining laws. The cost of such a transaction will likely >be negligible in cyberspace. The problem I have with this is that there is no such place as cyberspace. I am not in cyberspace now; I am in California. I am governed by the laws of California and the United States even though I am communicating with another person, whether by postal mail or electronic mail, by telephone or TCP/IP connection. What does it mean to speak of a govern- ment in cyberspace? It is the government in physical space I fear. Its agents carry physical guns which shoot real bullets. Until I am able to live in my computer and eat electrons, I don't see the relevance of cyberspace. Hal From hfinney at shell.portal.com Fri Aug 5 21:00:51 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 5 Aug 94 21:00:51 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) In-Reply-To: <2e3ff46f.nemesis@nemesis.wimsey.com> Message-ID: <199408050412.VAA22070@jobe.shell.portal.com> Re putting remailer aliveness on usenet: What I think is a better idea was proposed here last year, and I think someone was doing it for a while. It is for someone to volunteer to be the keeper of the remailer aliveness information. He runs scripts every day to ping the remailers, keeps lists of which remailers are currently active, and so on. This information is collected and put into a file retrievable by email or finger. This way you need only check a single site to find out which remailers are up, and you don't have the usenet waste of sending stuff all over the world that only a few people are interested in (yes, I know usenet does this already, but it won't forever). Just like people set up web sites that point to interesting resources, some people will (and perhaps are already) run sites which point to good remailers. This is just as useful a service as running a remailer, and a good deal less controversial. This seems like a good solution to the problem of finding running remailers. Hal From solman at MIT.EDU Fri Aug 5 21:02:58 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Fri, 5 Aug 94 21:02:58 PDT Subject: Voluntary Governments? In-Reply-To: <9408041515.AA10173@cicero.spc.uchicago.edu> Message-ID: <9408050251.AA07767@ua.MIT.EDU> > > >> > > Imagine if the government stopped trying to force people to > >> > > join it. Or imagine if they tied decision making power to > >> > > how much you pay in taxes. The more you pay, the more say > >> > > you get. After accepting the idea that government is a > >> > >> Without the legal monopoly on coercion, this so-called "government" would > >> be just another service provider, like Safeway or Goodyear or K-Mart. > > [JWS writes:] > > >Well isn't that how its supposed to be? [....] > > No. The object of government is to limit the freedom of the people it > governs. The word is derived from "govern" which means "3. To control the > actions or behavior of 4. To keep under control; *restrain*" [American > Heritage Dict.] Well, yeah. And this is a service. When individuals exercise their freedoms, they frequently interfere with other people's freedoms. To resolve this conflict, it is necessary to "control the actions or the behavior of" individuals such that they don't interfere with each other's freedoms. So they enter into a contract with each other under which this is accomplished, but a contract isn't worth the paper its written on unless somebody enforces it, so they hire a policing agency, the government. That agency is providing a useful service. > It would be great if government could be a service provider, or simply feel > responsible for those it governs--but then it would not be a government any > longer. I don't agree with that last clause. Cheers, JWS From tcmay at netcom.com Fri Aug 5 21:12:03 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 5 Aug 94 21:12:03 PDT Subject: Latency vs. Reordering (Was: Remailer ideas... In-Reply-To: <9408051716.AA14773@ah.com> Message-ID: <199408060411.VAA09381@netcom11.netcom.com> Eric Hughes writes: > Back to the start, I guess. > > > Specifically cryptographic elements are easily added to the system > > * packets can be delayed for random intervals > > Let me repeat: > > REORDERING IS OF PRIMARY IMPORTANCE FOR REMAILER SECURITY. > > ADDING LATENCY IS NOT. > > And I don't want to hear any excuses that you can say latency and mean > reordering, because that's self-delusion. Not only is it false, but > misleading. Reordering is necessary for security, and latency is a > by-product. You don't get security by adding by-products. I don't understand this. My remailer (snakeoil at klaus.com.edy) gets about 3 or 4 messages a day through it, and I'm very careful to add a latency of 1 hour and sometimes 2 hours...surely this is more than enough! My friend Pandit says he gets 20 messages an hour, and he uses a latency of 1 hour, so why can't I? (Oh, you mean the key is to _randomly reorder_ the messages, not just delay them by an hour when the average number of messages in an hour is less than 1 anyway? Oh, now I see. Never mind!) --Tim May, who is as tired as Eric is of hearing the hoary old chestnuts about 'random delays,' this without regard to calculating the amount of reordering. Part of the problem, I'll grant folks, is that there are few if any papers showing calcultions on this--Chaum's 1981 paper only makes brief mention of reordering effects. I don't think it's a _hard_ calculation, and I've made some estimates of the "diffusion and confusion" deriving from a mix of 10 nodes, each with a diffusivity of 10...with equal packet sizes, and no other identifying clues, a simple analysis suggests 10^10 routes that could be followed. However, if only 10 messages entered the mix labyrinth (my nontechnical term!) and 10 left it, then regardless of the 10^10 routings, a monitor would still "know" that one of the 10 leaving was the targetted message. On the other hand, he would have no certainty as to which one. A condition true even if 2 messages entered a node and 2 left it after being mixed. (It is this latter area, about degrees of uncertaintly, that needs a more sophisticate combinatorial anylysis. Again, not a big project...maybe a nice little Masters thesis for someone to do, to extend Chaum's analysis a bit.) P.S. I presume the list is back up again? -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From nobody at CSUA.Berkeley.EDU Fri Aug 5 21:28:45 1994 From: nobody at CSUA.Berkeley.EDU (Tommy the Tourist (Anon User)) Date: Fri, 5 Aug 94 21:28:45 PDT Subject: A Helpful Tip for Impatient Souls Message-ID: <199408060429.VAA27860@soda.CSUA.Berkeley.EDU> Those wishing perhaps the ultimate in Cypherpunks ease-of-use and greatest peace of mind, may find it useful to simply delete everything that does NOT come from one of the following email addresses: tcmay at netcom.com frissell at panix.com sandfort at crl.com Additionally, you'll probably want to let through posts from Hal Finney, Eric Hughes, and Bruce Schneier, but I forgot their addresses off-hand and am much too lazy to look them up. :) If you're using the "ELM" mailer, you can do this by creating a file called filter-rules in your .elm directory, containing the following text (more or less): if (from contains "sandfort") then save "~/cypher" if (from contains "frissell") then save "~/cypher" if (from contains "tcmay") then save "~/cypher" if (to contains "cypherpunks") then delete Add additional addresses as needed, but be careful of excessive alliteration. ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 8 lines: :: Response-Key: the-clipper-key ====Encrypted-Sender-Begin==== MI@```&]^&2?(EE6`)=?D_W1Y'5P` ====Encrypted-Sender-End==== From tcmay at netcom.com Fri Aug 5 22:09:26 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 5 Aug 94 22:09:26 PDT Subject: Pinging Remailers In-Reply-To: <199408050412.VAA22070@jobe.shell.portal.com> Message-ID: <199408060510.WAA26575@netcom8.netcom.com> Hal Finney writes: > What I think is a better idea was proposed here last year, and I think > someone was doing it for a while. It is for someone to volunteer to > be the keeper of the remailer aliveness information. He runs scripts > every day to ping the remailers, keeps lists of which remailers are > currently active, and so on. This information is collected and put into > a file retrievable by email or finger. This way you need only check a Matthew Ghio was doing this for a while, and posted about it here several times. I told him I'd "subscribe to" a robust, stable, pinging service, one that offered a table of various things, including: - time in operation (important for deciding to use it or not) - successful remails out of last N (e.g., "32 of last 34 attempts were valid") - maybe a _recent_ result (e.g., "5 out of 5 in last 24 hours were valid") - remailer policy, including encryption, logging, etc. I still intend to pay Matthew once I get back to using such remailers (I haven't in a long while) and can confirm that Matthew is indeed offering a stable, robust, useful service. I doubt he'll maintain it just for me, so maybe others of you can help. (I hate donation-based systems, so clearly a true "subscription finger" or "subscription ftp" would be better...and maybe fairly easy to implement, too.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hfinney at shell.portal.com Fri Aug 5 22:11:28 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 5 Aug 94 22:11:28 PDT Subject: Remailer ideas In-Reply-To: <9408051709.AA14763@ah.com> Message-ID: <199408060511.WAA24892@jobe.shell.portal.com> hughes at ah.com (Eric Hughes) writes: >Further, in email, there's currently no notion of a connection. Email >message are much more like datagrams than bit streams. In order to do >reliable delivery, there would have to be persistent state information >on each side of the communication. If I send a message for the first >time to a party and there's no reply, I cannot conclude whether the >message was not delivered or whether the message was delivered and not >answered. >Connection-oriented email would be much more complicated than the >current systems. It is, perhaps, time for email to become more >complex. I would really like to see some kind of system for reliable email. I'm surprised that it doesn't exist yet. How many times have we said, "You didn't get my email? I'll resend it." What are computers for, after all? Automating repetitive tasks, classically. This is a perfect appli- cation. A copy of outgoing email could be kept, acknowledgements received on receipt, and the email deleted or re-transmitted as needed. Serial numbers would distinguish retransmissions so that redundant resendings (where the packets "crossed in the mail", so to speak) would be dropped. All this was designed in an afternoon in Xmodem. It's conceptually easy. The hard part is getting a standard and getting people to build it into their Mail User Agents. Then, once we had this, we could do another layer for crypto protocols. Lots of protocols go in stages. A sends X to B, receives f(X), sends g(Y,f(X)), etc. To do this in email would be impossibly cumbersome now, but the kind of mechanism used for reliable email could be extended to support these kinds of "stateful" protocols. As one obvious need for reliable email, consider the transmission of Chaum-style digital cash. You don't want to erase your copy until you are sure the other guy has received it, otherwise your money is permanently gone (just like when you send cash in postal mail and it is stolen). But keeping track of which cash you have sent to which people, who has gotten theirs, which needs to be re-sent, etc., is painful. A simple reliable email method would solve a big part of this problem. Hal From hughes at ah.com Fri Aug 5 22:37:16 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 5 Aug 94 22:37:16 PDT Subject: What are Appropriate Topics? In-Reply-To: <199408050658.XAA24947@netcom12.netcom.com> Message-ID: <9408060508.AA15993@ah.com> In fact, "Cypherpunks write code" is just one manifestation of the idea that we can actually change the world through the technological development of privacy-enhancing systems. All the coding in the world doesn't matter if we don't know what we want. Political discussions which have some relevance to the technical information structure of society are relevant here. It all reduces to writing code in the end, but it's not all just writing code. I remind everyone that the phrase "cypherpunks write code" is directed at every control freak, tyrant, oppressor, and spy out in the world. I am not going to whine; I am going to do something, and much more than just vote. Let the complainers and the enforcers of dogma leave, and may the doers and thinkers be welcome and remain. Eric From hfinney at shell.portal.com Fri Aug 5 22:42:43 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 5 Aug 94 22:42:43 PDT Subject: RemailerNet In-Reply-To: <3906@aiki.demon.co.uk> Message-ID: <199408060543.WAA26962@jobe.shell.portal.com> I think Jim Dixon has some interesting ideas in the RemailerNet. But I have a philosophical difference. I dislike solutions where the users have to put too much trust in the remailer operators. IMO, as much control as possible should be left in the hands of the users. To make the system easier to use, mail agents should be enhanced to be more powerful, rather than moving more power and control into the remailer network. Trusting a remailer to choose your path through the network is like trusting the sysop at your BBS to create your PGP key for you. Maybe it's OK a lot of the time, but isn't it better to do it yourself? Jim Dixon writes: >Generally I would expect gateways to introduce themselves to one >another privately and negotiate an understanding. Part of this will >normally take place off the Net. This is an infrequent event, and >so can be time-consuming and expensive. The basic web of trust is >that between gateways. Once gateways had entered into a relationship, >there would be frequent encrypted private traffic between them >which would maintain the trust. This is just the opposite of what I would like to see. I don't want the remailer operators getting too friendly. That makes it all the easier for them to conspire to track messages through the net. I'd much rather choose far-flung remailers whose operators have never heard of each other. Get one from Helsinki and the next from Timbuktu. Choose a path which will minimize the chances of all the remailers being corrupted. >Gateways could be started up by anyone and some postings to >alt.RemailerNet would be spurious. The "gateway" could be a sink, >just tossing traffic sent to it, or it could copy all messages to a >TLA before forwarding them. The user-gateway web of trust would >therefore be far more problematical. I think that this would function >as a market, and unreliable and untrustworthy gateways would be driven >out over time. I think this is right, although as I posted elsewhere I don't think usenet is the best structure for announcing remailer availability. (As I said, I'd rather see a few sites volunteer to do pings and publish the results, or even better would be widely used software packages which let people do their own pings.) But the question of remailer reliability is hard. What is the giveaway if a remailer is secretly archiving messages while claiming not to do so? How could you ever tell if the NSA infiltrated your favorite remailer? One possibility would be occasional physical audits, in which a remailer reviewer visited the site, looked at the software, checked the system for security holes, etc. This would be quite expensive, obviously, but perhaps eventually the remailer infrastructure would be extensive enough that this kind of checking could be done. Think of it as "Consumer Reports" for remailers. (Similar privacy audits might be de rigeur in the future for other net resources, such as file banks or compute servers.) >Compiling a list of remailers, sure. But if you let the user control >how messages are chained, you are inviting real traffic analysis. The >user should only be able to specify his destination and the level of >security desired. What? Again I would reverse this. The user should have maximum control of his path. It's up to him to choose a random one. Random number gen- erators are widely available. (I can get you a bargain on a used Blum- Blum-Shub.) If he has to trust the first remailer on his path, then if just this one remailer is subverted, he's lost all his privacy. By choosing his own path no one remailer knows both the source and the destination of any message. That is the key. No one must have those two pieces of information. Giving it all away to the first remailer means giving away all your security. >> The fact is, that even remailers exchanging mail _can_ be spoofed, if not >> quite as easily as the newsgroup idea. It seems to be a premise of cryptographic >> protocols and schemes, that you've got to assume a worst case and get a system >> working where even under the worst case, everything works. >Well ... if you follow this line of reasoning too far, you are just >saying 'nothing can be trusted, so don't bother being careful'. The point, though, is that with Chaum's scheme you have security if even one remailer in the network is honest. The chain becomes as strong as its strongest link. Systems which put more responsibility and power into the remailer network often can't achieve this. They have single-point failures where one compromised system can defeat the efforts of all the others. >If I >were running a remailer and someone posted his address in a public >newsgroup and said "hey, here I am, and I run a really good remailer" >I wouldn't trust him just because he signed it. I would get in touch >with him, ask around about him, maybe run some low-security traffic >through his remailer for a while. Then after some time I would raise >my estimate of his trustworthyness. If he dropped traffic, if someone >reported that something that they had sent privately had been >compromised, I would drop him. Yes, I think this is a reasonable and cautious attitude, but instead of saying "If I were running a remailer..." I'd say it should apply "if I were _using_ a remailer". There may be rating services and other sources of information to help users, but ultimately the decision should be theirs. One of the lessons of cryptography, IMO, is that you don't get security by farming out the hard work to others. The user should take responsibility for his own security. I'm getting too tired to reply to the rest. I think Jim has a lot of creative ideas and energy but I'd like to see it directed more towards empowering end users rather than putting so much reliance on trustworthy remailer operators. Hal From mccoy at io.com Fri Aug 5 22:55:16 1994 From: mccoy at io.com (Jim McCoy) Date: Fri, 5 Aug 94 22:55:16 PDT Subject: Remailer ideas In-Reply-To: <199408060511.WAA24892@jobe.shell.portal.com> Message-ID: <199408060555.AAA06154@pentagon.io.com> > >If I send a message for the first > >time to a party and there's no reply, I cannot conclude whether the > >message was not delivered or whether the message was delivered and not > >answered. Given a connectionless network absolute delivery is impossible (well, not completely, but just about...) > I would really like to see some kind of system for reliable email. I'm > surprised that it doesn't exist yet. What makes you think that it doesn't? You should check out Enabled Mail (I think that is the name of it...); it is a set of MIME extensions that would use a "safe" subset of Tcl to create triggers that can be set for message receipt/delivery or for when the message is read. I used to have a pointer to the proposed system, but you should be able to find it by poking around the comp.lang.tcl FAQ or asking over there. jim From M.Gream at uts.EDU.AU Fri Aug 5 22:56:06 1994 From: M.Gream at uts.EDU.AU (Matthew Gream) Date: Fri, 5 Aug 94 22:56:06 PDT Subject: Problem in draft FIPS `CRYPTOGRAPHIC SERVICE CALLS' Message-ID: <9408060559.AA02417@acacia.itd.uts.EDU.AU> Anyone producing cryptographic software elements should take notice of the recent FIPS draft standard on `cryptographic service calls' dated 23 May 1994. It attempts to define data structures and "function" calls towards the goal of making better interoperability between applications and crypto "libraries". However, you'll notice that both DSA and RSA modulus sizes are constrained to a `MODULUS_SIZE ' of 64 `BYTE's (unsigned char). This permissible maximum of 512 bits is too small, and a violation of FIPS-186 s.4.1. amongst others. I like this FIPS, but it would be pretty useless if it contained the above restriction. If you're also a software developer, make a comment to NIST on the issue, so they do change it. Matthew. -- Matthew Gream -- Consent Technologies, (02) 821-2043 Disclaimer: From? \nem speaking_for(Organization?) From jgostin at eternal.pha.pa.us Sat Aug 6 00:19:47 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Sat, 6 Aug 94 00:19:47 PDT Subject: (none) Message-ID: <940806012849E6Hjgostin@eternal.pha.pa.us> Blanc Weber writes: > who cypherpunks Good question, although it isn't the greatest english... :-) A wise man said cypherpunks assume privacy is a good thing. They are devoted to cryptography. They love to practice playing with public key cryptography and anonymous mailers. They write code. They don't care if you like the software they write. So, that's "who cypherpunks". :-) --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From karn at unix.ka9q.ampr.org Sat Aug 6 00:25:55 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Sat, 6 Aug 94 00:25:55 PDT Subject: fast 386 DES code figures Message-ID: <199408060726.AAA00390@unix.ka9q.ampr.org> To see if software DES could really be made acceptable in a IP security protocol, I've been bumming cycles out of my old DES code. I've completely translated the encrypt and decrypt routines to assembler, with no calls or jumps inside either routine. I picked up Richard Outerbridge's seriously clever initial and final permutation algorithm from Schneier, along with a few of his other tricks. The bottom line: about 38,373 encryptions/sec (2.456 megabits/sec) on a 50 Mhz Intel 486 running in 16-bit real mode. This includes the overhead of the C loop that calls the encrypt function and prints a status line every 10,000 loops. The code would probably run faster if assembled and run in 32-bit native mode, as this would eliminate a lot of 1-clock operand size prefixes (I do many 32-bit operations). Oh, by the way, if I eliminate the permutations the speed goes up to about 42,986 encryptions/sec (2.751 megabits/sec), an increase of about 12%. That says I should be able to do triple-DES at about 13,777 blocks/sec (881.7 kbit/sec) although I haven't tried it yet. What still bugs me is that Schneier lists the speed of one commercial DES implementation as 40,600 encryptions/sec on a 33 Mhz 486. I just don't see how that's possible without using a lot more memory for lookup table space (I use only 2K, which is nice in a DOS environment). In any event, this should be enough for a T1 link (half duplex) as long as too many cycles aren't needed for things like routing packets. :-) Phil From sameer at c2.org Sat Aug 6 04:34:10 1994 From: sameer at c2.org (sameer) Date: Sat, 6 Aug 94 04:34:10 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) In-Reply-To: <199408050412.VAA22070@jobe.shell.portal.com> Message-ID: <199408061132.EAA13655@infinity.c2.org> remail at c2.org and remailer at soda.csua.berkeley.edu both run such things accessible via finger. Unfortunately there is a bug in the code (written by Ray Cromwell.. not to place blame on him but to give him credit) which does it that clobbers the list of remailers to ping and I haven't gotten around to writing a backup mechanism so the list of active remailers isn't killed whenever the bug happens. (Yes, the bug *should* be fixed at the source..) If people could send their personal lists of remailers to sameer at c2.org and datura at leri.org (he's working on a remailer client) with the keys for these remailers, that *Would* be appreciated. > > Re putting remailer aliveness on usenet: > > What I think is a better idea was proposed here last year, and I think > someone was doing it for a while. It is for someone to volunteer to > be the keeper of the remailer aliveness information. He runs scripts > every day to ping the remailers, keeps lists of which remailers are > currently active, and so on. This information is collected and put into > a file retrievable by email or finger. This way you need only check a > single site to find out which remailers are up, and you don't have the > usenet waste of sending stuff all over the world that only a few people > are interested in (yes, I know usenet does this already, but it won't > forever). > > Just like people set up web sites that point to interesting resources, > some people will (and perhaps are already) run sites which point to good > remailers. This is just as useful a service as running a remailer, and > a good deal less controversial. This seems like a good solution to the > problem of finding running remailers. > > Hal > -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-841-0909 http://www.c2.org (or login as "guest") sameer at c2.org From sameer at c2.org Sat Aug 6 04:51:53 1994 From: sameer at c2.org (sameer) Date: Sat, 6 Aug 94 04:51:53 PDT Subject: RemailerNet In-Reply-To: <199408051528.LAA18523@cs.oberlin.edu> Message-ID: <199408061150.EAA13826@infinity.c2.org> > > You seem to be talking about a Julf-style anon system, where the system > knows who you really are. If the system is corrupt, if Julf were an > NSA agent, then the entire system is compromised and useless. > I like the cypherpunks remailer concept better, where each link in the chain > only knows the next link in the chain, and security is achieved by > multiple links. If several of the links are actually NSA agents, your security An alias-based anonymous server which does *not* have the insecurity of Julf's remailer is running on omega.c2.org. You can create an identity (terrorist at omega.c2.org for example) and mail to your identity will go through a remailernet path back to you. The server doesn't know who you are. Look at http://www.c2.org/services/blindserver.html and http://www.c2.org/services/blindclient.html -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-841-0909 http://www.c2.org (or login as "guest") sameer at c2.org From sameer at c2.org Sat Aug 6 04:53:54 1994 From: sameer at c2.org (sameer) Date: Sat, 6 Aug 94 04:53:54 PDT Subject: A Helpful Tip for Impatient Souls In-Reply-To: <199408060429.VAA27860@soda.CSUA.Berkeley.EDU> Message-ID: <199408061152.EAA13849@infinity.c2.org> I have found the following few procmail rules useful: ^TOcypherpunks-announce cypher-announce :2: ^TOcypherpunks at toad.com ^From:.*(tcmay at netcom.com|rjc at gnu.ai.mit.edu|frissell at panix.com|habs at warwick.com|hfinney at shell.portal.com|cfrye at ciis.mitre.org|whitaker at dpair.csd.sgi.com|hughes at ah.com|sameer at soda.berkeley.edu|ebrandt at jarthur.cs.hmc.edu|sandfort at crl.com|collins at newton.apple.com|lefty at apple.com|unicorn at access.digex.net|warlord at athena.mit.edu|gtoal at an-teallach.com|cdodhner at indirect.com|klbarrus at owlnet.rice.edu|nate at VIS.ColoState.EDU|hugh at toad.com|perry at imsi.com) cypher :: ^TOcypherpunks at toad.com noisy/cypher I haven't had any time to dip into noisy/cypher (well not much.. I'm dipping into it right now) lately so I'm probably missing some very valuable people. But I have found the preceding list to create a mailbox with essentially 90-95% signal. -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-841-0909 http://www.c2.org (or login as "guest") sameer at c2.org From merriman at metronet.com Sat Aug 6 05:41:53 1994 From: merriman at metronet.com (David K. Merriman) Date: Sat, 6 Aug 94 05:41:53 PDT Subject: latency Message-ID: <199408061245.AA11202@metronet.com> Looks like we had a little latency of our own on the list the last couple of days. Anyone know what happened? Dave Merriman -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi3uZ2MAAAEEALWQtxX77SZSaFls6cVbPp+fZS4MNyKK3ZFYQo0qWyj+0tMq YgRTPRJRaCQixo63RttknogfPp514qdVMZw5iPeOXmD+RxrmTTwlbGqA7QUiG1x5 LG2Zims5zk4U6/rt8hwLh0/8E4lIb9r5d31qc8L1A9Twk/cmN8VrTvyYOzAZAAUR tClEYXZpZCBLLiBNZXJyaW1hbiA8bWVycmltYW5AbWV0cm9uZXQuY29tPokAlQIF EC3uaE3Fa078mDswGQEBbI8D/0FiwDcbfeNyDVJ+7EIWHjIxVkIGu+ArYUEllR3G SBHVZ9Vh7n8bNXeNHMnG5cZ23TLMVvweyhxFS+cDi+I7omeDNr6x65z500LxfUvL K5bSuSiBVkTp2z+/iojY/662JwKHzEEunuJ4CO8Yhxy11CdeszEX7DpXzRxLL92r EmO2 =4ZfP -----END PGP PUBLIC KEY BLOCK----- Finger merriman at metronet.com for PGP2.6ui/RIPEM public keys/fingerprints. From cmullen at cs.oberlin.edu Sat Aug 6 07:03:51 1994 From: cmullen at cs.oberlin.edu (Spencer Mullen) Date: Sat, 6 Aug 94 07:03:51 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) In-Reply-To: <3778@aiki.demon.co.uk> Message-ID: <199408061404.KAA02300@cs.oberlin.edu> Jim Dixon writes: >Commercial remailers would probably be very concerned with legal >issues, both criminal (pornography, etc) and non-criminal (copyright >violations). It would seem that remailers shouldn't be anymore accountable for passing on illicit pornography than the postal services are today. ?? >-- >Jim Dixon From hfinney at shell.portal.com Sat Aug 6 08:31:20 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 6 Aug 94 08:31:20 PDT Subject: Improved remailer reordering Message-ID: <199408061531.IAA28014@jobe.shell.portal.com> Here is an interesting result I came up with while lying in bed last night. It has to do with the latency/reordering issue. As Eric and others have pointed out, what you want with a remailer is to mix up the messages so you can't link incoming to outgoing one. This implies that you have more than one message to work with, otherwise you don't have anything to mix. And this implies some necessary latency; you have to wait until you have more than one message on hand before sending things out. However, note that latency in itself is generally bad. You shouldn't wait longer than you need to to attain the desired degree of mixing. One simple way this can work is by batching messages up. This could be done by running the remailer at regular intervals, choosing the intervals so that you tend to have enough messages on hand based on average arrival times. But a simpler way is to simply wait until you have N messages on hand, then to promptly mix them up and send them out. This way you have a predictable number of messages to mix each time. Note that in a system like this you might as well send them all out as soon as the Nth message comes in; there is no point in holding on to them for any extra time as it adds latency without improving mixing. The interesting thing I came up with is that there is a simple modification to this batching scheme which gives better mixing with less average latency. To describe it I need some mathematics. One way to measure the benefit of a given degree of message-mixing is by looking at the uncertainty of position of a given message coming in and going out. If we had batches of 4, for example, a given message coming in has its position known with certainty. Going out, it may be any one of four messages, and the probability of it being any one of them is 1/4. A measure that is used for situations like this is entropy. It is defined as the negative of the sum of the product of each probability times its log. (I will use log to the base 2 for the calculations for simplicity.) That is, E = - sum pi * log pi. For the incoming message, we have just {1} as the probability distribution. We know exactly where it is and the probability is 1 that it is there. For the outgoing we have {1/4,1/4,1/4,1/4} as the distribution. It may be any of these four messages with equal probability. Applying the entropy formula to these we get E=0 for the incoming, and E=2 for the outgoing. If we had batches of 8 instead the distribution would have been {1/8,1/8, 1/8,1/8,1/8,1/8,1/8,1/8}, for E=3. Note that entropy is a log measure like the Richter scale. An increase from 2 to 3 is just as big as an increase from 1 to 2. To consider different batching strategies, consider a remailer where the messages come in one per hour, at 1:00, 2:00, 3:00, etc. A four-fold batching strategy would save up messages until there were four, then randomly reshuffle them and send them out. For this case we'd wait until the 4:00 message, then shuffle numbers 1,2,3,4 and send them out, say, at 4:01, in some random order, maybe 2,1,4,3. Then we'd save up more until 8:01 at which time we might send out 7,5,8,6. Note first that there is no point in waiting till after 4:01; once we have the four messages we might as well go. Note too that the average latency for messages in this system is 1.5 hours (the four messages have latencies of 0,1,2 and 3 hours). Four-fold batching produces entropy E of 2 and average latency L of 1.5 hours. Three-fold batching has E=1.58 and L=1; two-fold batching has E=1 and L=.5. Generally, N-fold batching has E=log base 2 of N, L=(N-1)/2. Okay, with this background, we can consider the alternative which gives improvement. It is to have some "rollover" of messages. Instead of sending all of the messages in a batch out, you retain some of them and use them to start the next batch. I call an (M,N) rollover system one which uses batches of M messages but retains N as rollover, sending M-N out each time. By this definition the four-fold latency system above could be called a (4,0) rollover where the 0 means we don't roll any over and send them all out. The simplest rollover case is (2,1). This uses batches of 2 messages, where you choose one at random to send out and keep one. Then when the next message arrives you again choose at random between the new one and the old one, send that out, and keep the other. In the timing example above, suppose we have the message from 1:00. Then at 2:00 when that message arrives, we pick one of the two messages at random and send it out. Suppose it is number 2. We retain number 1 until 3:00. Then we choose at random between 1 and 3. Maybe we pick 1 this time. We keep 3 until 4:00, then choose at random between 3 and 4, and so on. Each message has a 1/2 chance of being sent out immediately, a 1/4 chance of being sent out after 1 hour, a 1/8 chance of going out after 2 hours, a 1/16 chance of going out after 3 hours, and so on. This means that the outgoing probability distribution is {1/2,1/4,1/8,1/16,...}. The entropy of this probability distribution is 1/2+2/4+3/8+4/16+5/32+6/64+... from the formula above, which works out to be 2. The average latency is 0+1/4+2/8+3/16+4/32+5/64+..., which works out to be 1. So, (2,1) rollover batching produces E=2 and L=1. This is the same entropy as (4,0) batching with less average latency. Alternatively, it is more entropy than (3,0) batching with the same average latency. It also has the advantage that you never have to hold more than two messages, compared with three or four for the alternatives. So this scheme has several ad- vantages over simple batching. Now, it does have one disadvantage, which is that there is no upper bound on the latency of a message. With the (4,0) batching you may have had more latency, but you at least know that nothing would have more than 3 message-times. With (2,1) there is a small chance of having very large latencies. In fairness, though, it should be pointed out that in a real system messages arrive at irregular intervals rather than the clockwork model I used above, so even (4,0) would have random latency ceilings. Also, it might be possible to modify (2,1) so that messages never waited more than some maximum number of hours without seriously hurting the entropy. I haven't tried working out the details of other rollover methods, but I suspect that this will be a general method of improving entropy at little cost in latency. In real life we would want large entropies but starting with a (10,0) I'll bet many rollover systems would be superior. Hal From mpd at netcom.com Sat Aug 6 09:08:35 1994 From: mpd at netcom.com (Mike Duvos) Date: Sat, 6 Aug 94 09:08:35 PDT Subject: fast 386 DES code figures In-Reply-To: <199408060726.AAA00390@unix.ka9q.ampr.org> Message-ID: <199408061608.JAA27681@netcom12.netcom.com> Phil Karn writes: > I've completely translated the encrypt and decrypt routines > to assembler, with no calls or jumps inside either routine. > I picked up Richard Outerbridge's seriously clever initial > and final permutation algorithm from Schneier, along with a > few of his other tricks. I should confess that I am probably the only person on the list who has not yet read Schneier. So I apologize in advance if the following comments turn out to be redundant. > What still bugs me is that Schneier lists the speed of one > commercial DES implementation as 40,600 encryptions/sec on a > 33 Mhz 486. I just don't see how that's possible without > using a lot more memory for lookup table space (I use only > 2K, which is nice in a DOS environment). Since 2k is exactly what is needed for a precomputed table which combines the S-boxes and the wirecrossing, I will assume this is the approach you used. Given this data structure, there are a number of cute tricks which will get DES down to around 30 machine instructions per each of the 16 rounds on a machine with enough registers and a decent set of addressing modes. The important trick is to reorder the S-boxes so that you do lookups on the odd numbered ones and the even numbered ones separately. (1,3,5,7,2,4,6,8) works nicely. This permits the results to be ORed together in two groups of four with all the necessary indexing held in a single 32 bit register, which can be appropriately repositioned each time. The precomputed key schedule needs to be adjusted to reflect the new order. Note that with this ordering, the blocks of six bits used for lookup are byte aligned if you consider the even and odd S-boxes separately. If you store the upper two bits of lookup table addressing in the precomputed key schedule and shift both it and the right hand block left two bits, all explicit table indexing vanishes and you can accumulate the result of a lookup with a single indexed OR instruction. I'm not sure what 30-something instructions per round translates into for a 33 Mhz 486, but 40,600 encryptions per second doesn't sound too outrageous using the above approach. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From hughes at ah.com Sat Aug 6 09:54:18 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 6 Aug 94 09:54:18 PDT Subject: fast 386 DES code figures In-Reply-To: <199408060726.AAA00390@unix.ka9q.ampr.org> Message-ID: <9408061625.AA16701@ah.com> Phil Karn wonders where all the speed comes from in reports of fast software DES. I believe that the really fast DES variants use extremely large computed-at-key-init S-box tables. As I recall, these implementations tend to pay for it in terms of setup time, which makes them less that completely appropriate for multiple IP encryption, each with its own key and where only a few dozen encryptions are done per packet. The cost to change keys is paid for either in use of memory for multiple precomputed S-box sets (an attendant swapping) or in a high key-setup to encryption ratio. For a link cipher where the key doesn't change much, these fast implementations are right. For a situation where keys change frequently, they may not be a system win. Thanks to Perry Metzger for alerting me to this issue. Eric From karn at unix.ka9q.ampr.org Sat Aug 6 10:00:19 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Sat, 6 Aug 94 10:00:19 PDT Subject: fast 386 DES code figures In-Reply-To: <199408061608.JAA27681@netcom12.netcom.com> Message-ID: <199408061700.KAA00742@unix.ka9q.ampr.org> >Since 2k is exactly what is needed for a precomputed table which >combines the S-boxes and the wirecrossing, I will assume this is >the approach you used. Yup, it is. I could look up more than 6 bits (i.e., more than 1 S-box) at a time, but this really starts to eat RAM. >The important trick is to reorder the S-boxes so that you do >lookups on the odd numbered ones and the even numbered ones >separately. (1,3,5,7,2,4,6,8) works nicely. This permits the This is another trick from Outerbridge's code that I picked up. As you say, it does make a difference. It's especially nice in 386 assembler since I can do the key XOR E(R) AND mask in 32-bit operations, then pick off the 4 resulting bytes individually to do the SP box indexing. This trick took me from about 1.85 megabits/sec to the 2.45 megabit/sec figure I gave earlier. >If you store the upper two bits of lookup table addressing in the >precomputed key schedule and shift both it and the right hand >block left two bits, all explicit table indexing vanishes and you >can accumulate the result of a lookup with a single indexed OR >instruction. I'm doing this too, if I understand you correctly. By left-adjusting each subkey in the key schedule (i.e., shifting the 6 bits left 2 bits), I can pre-adjust for the x4 offset I need to index the SP table, which has 4-byte elements. This saves two 32-bit shifts per round. BTW, some of the code (including Outerbridge's in Schneier) accumulates the 8 intermediate SP results by ORing into a temporary, then XORs the temporary into the output data block. This is unnecessary; each table lookup can be XORed directly into the output block. Since XOR and OR take the same time, this avoids a temporary and an extra operation. At the moment I'm really down in the noise. I've discovered that 286/386/486 specific instructions like ROR EAX,31 execute slightly faster (2 clock cycles) on the 486 than the equivalent 8086 instruction ROL EAX,1 (3 clock cycles), even though the faster instruction is more bytes. Unexpected timings occur for several other 486 instruction sequences as well, such as LODS[BW] (5 clocks), which is much slower than writing out the equivalent MOV/INC (or ADD) sequence longhand (1 clock each). I guess code size is unimportant as long as everything lands in the cache. Phil From jdd at aiki.demon.co.uk Sat Aug 6 10:18:46 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sat, 6 Aug 94 10:18:46 PDT Subject: RemailerNet Message-ID: <4068@aiki.demon.co.uk> In message <199408051528.LAA18523 at cs.oberlin.edu> Jonathan Rochkind writes: > You seem to be talking about a Julf-style anon system, where the system > knows who you really are. If the system is corrupt, if Julf were an > NSA agent, then the entire system is compromised and useless. If you are using unmodified Internet hardware and TCP/IP as the underlying transport system, then your point of entry into a remailer network definitely knows which machine is originating a message and the point of exit definitely knows where it is going. If your transport system is the email system, the same holds true because email runs on top of TCP/IP. While fiddling with email headers may make you feel secure, it gives you no protection. It is a large project (say 30,000 lines of code, some of it at the kernel level) to build a remailer network which does not use SMTP and TCP/IP. >From the scale of efforts that you are talking about, I assume that you do not intend to do this. So the remailer gateways know the source and destination addresses, they know your electronic identity. This may or may not lead them to your physical identity. That can be concealed fairly easily, especially in large institutions with poor control over their network resources. But this has nothing to do with our discussion now. > I like the cypherpunks remailer concept better, where each link in the chain > only knows the next link in the chain, and security is achieved by > multiple links. If several of the links are actually NSA agents, your security > is reduced, but not compromised completely. If you've got a chain of, say > 10 links, even if 7 of them are evil NSA agents, you still can probably retain > your anonymity. Return addresses are accomplished by encrypted > "resend-to:" blocks. It seems much preferable to have a system where it > isn't neccesary to trust any one net entity completely, as it is in a > Julf-style anon-ID system. [Of course one could use a combination of both > in communications too, but I wouldn't feel safe unless my anonimity was > safe even if the Finish FBI raided Julf's site.] Promiscuity leads to infection. Each contact with a new RemailerNet gateway increases the probability of your being compromised. If you modify the proposed RemailerNet to allow reposting at gateways, you have all of the benefits of the system described above, without the risks. Reposted messages would be encrypted with the far gateway's public key. The near gateway would then have no idea of the ultimate destination of the message. In a well designed system, the far gateway would also not know the identity of the sender. > When looked at with this goal in mind, I think maybe the newsgroup as a method > of passing remailer net information makes a bit more sense. > > I don't think the possibility of the newsgroup being spoofed is actually > fatal to the system. Let's examine ways in which it could be attacked: > > 1) The Enemy could introduce completely made-up "i'm here" messages, pointing > to non-existent remailers. ... > 2) The Enemy could announce his own Evil-remailers to the net. These remailers > would in fact exist, but would do evil things designed to compromise the net... > 3) The Enemy could intercept announcement messages from good remailers, and > replace their public key with his own. ...He could then intercept all mail to this > good remailer, and read it, and forward it on, or drop it in the bitbucket. > 4) Denial of service: The enemy could intercept the announcement messages, and > keep them from getting to the newsgroup. ... > 5) The enemy could intercept announcement messages from good remailers, and > replace both the public key and address with his own. This is really just a > combination of several of the previous attacks, nothing new. In the early to mid 1950s the FBI set out to penetrate Communist Party USA cells. At some point, when the fear of the Red Menace began to recede, people began to talk. The communists said, "you could always tell who were the FBI agents. They were the ones who paid their dues." The FBI was actually providing most of the funds for CPUSA. If anyone cared enough, what they would do is (a) put up enough remailers so that they were, say, a steady 80% of those announcing in the alt.x group; (b) provide a good, reliable service nearly all of the time; and (c) drive the other 20% out of business with a steady disinformation campaign (rumors, complaints, etc) and other more aggressive tactics. The FBI types running (a) and (b) would be well funded and they would be the sort of steady, unimaginative people who run small businesses well. The CIA field agents masterminding (c) would be very well funded network freaks, some of them ex-hackers. They could operate outside the USA and pay little or no attention to US laws. Pity the poor 20% in the face of such attacks. Any traffic sent through this remailer network would have only a tiny chance of getting through without being compromised. If you picked 5 remailers, the chances of all being non-FBI would be about .2^5, 3 in 10,000. The other 9,997 messages would be copied immediately to Langley. The proposed RemailerNet could be attacked in much the same way. But if the network were widely distributed so that gateways were in different legal jurisdictions and different countries, and if most of the people involved knew one another, it would be more difficult to compromise it. -- Jim Dixon From jdd at aiki.demon.co.uk Sat Aug 6 10:19:38 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sat, 6 Aug 94 10:19:38 PDT Subject: Remailer ideas Message-ID: <4071@aiki.demon.co.uk> In message <9408051709.AA14763 at ah.com> Eric Hughes writes: > Jim Dixon analogizes between the Internet and remailer networks. The > analogy has some merit, but yet breaks down badly with the very first > point: > > * all packets should be acknowledged > > This is not the way the Internet works. There are some problems with vocabulary here and some conceptual problems. The objective is a system which is highly reliable and resistant to traffic analysis. If you have three messages in, one 10 bytes long, one 1000 bytes long, and one 1,000,000 bytes long, and you send them out to three different destinations, it does not take genius to see which is which, no matter what order they are dispatched in. But if you send them out as packets, each say 4096 bytes long, with all packets acknowledged, and the routing of the packets is random, and noise has been introduced ... traffic analysis is very difficult. TCP/IP is designed to work in an environment which is unreliable but also unhostile. The sliding window algorithm and acknowledgement at the message level is suitable for that environment. TCP/IP has been optimized for speed. [stuff omitted] > Further, in email, there's currently no notion of a connection. The internal functioning of RemailerNet is not the same as the functioning of the email system. All RemailerNet communications are reliable. Packets are acknowledged and the acknowledgement includes a hash of the packet contents, so that the packet cannot be tampered with. Acknowledgements will in general take different routes from packets. > * users should communicate with trusted gateways > > This point is only half true, because the analogy only subsumes one > kind of trust. For remailers there is both trust in delivery and > trust in silence, the destruction of the message and information about > it. 'Trust in silence' is a good term. This can be enhanced in a number of ways. If you are corresponding with someone you know, you encrypt your messages. If you are corresponding with a stranger, you encrypt your message with the public key of a far gateway; then post it to the far gateway through a near gateway. The near gateway knows who is sending, but cannot read the message and does not know the destination. The far gateway decrypts the message before delivering it, so it knows the message and the destination, but not the sender. If you are sufficiently paranoid, you put your message inside yet another envelope, mailing it through the near gateway to a far gateway, which posts it on to another gateway, which finally posts it to its destination. Remailer gateways should be spread very wide geographically if the network is to be secure. If you are very concerned about anonymity, bounce a message through gateways in, say, the USA, Finland, Russia, and Ireland. If your concerns are about your employer, say, the probability of his getting at four different gateways in four different jurisdictions simultaneously is vanishingly small. If your concerns are about governmental authorities, they are not that much higher. -- Jim Dixon From adam at bwh.harvard.edu Sat Aug 6 10:24:49 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sat, 6 Aug 94 10:24:49 PDT Subject: Remailer ideas In-Reply-To: <199408060511.WAA24892@jobe.shell.portal.com> Message-ID: <199408061724.NAA05169@bwh.harvard.edu> On M/N reordering schemes: A relatively simple way to avoid the unlucky message sitting in the queue problem would be to store a timestamped, ordered list of messages waiting to go. When a new message comes in, one is randomly selected to be sent out. The list is then examined to find messages older than H hours. The entries for those messages are then duplicated & reinserted into the list, thus increasing the chances that a message thats been sitting around for a while will be randomly selected. (As there are multiple pointers to it, and only single pointers to new messages.) Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From jdd at aiki.demon.co.uk Sat Aug 6 10:30:57 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sat, 6 Aug 94 10:30:57 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) Message-ID: <4087@aiki.demon.co.uk> In message <9408051716.AA14773 at ah.com> Eric Hughes writes: > Back to the start, I guess. > > > Specifically cryptographic elements are easily added to the system > > * packets can be delayed for random intervals > > Let me repeat: > > REORDERING IS OF PRIMARY IMPORTANCE FOR REMAILER SECURITY. > > ADDING LATENCY IS NOT. No need to shout, we heard you the first time. ;-) In a system that is carrying continuous traffic, random packet delay is functionally identical to packet reordering. If messages are fragmented, random delays on sending packets out is functionally identical to reordering. More importantly, RemailerNet as described defeats traffic analysis by more significant techniques than reordering. Reordering is a weak technique. The introduction of noise, 'MIRV'ing of messages, fragmentation of messages, random choice of packet routes, and encyphering of all traffic are stronger techniques. -- Jim Dixon -- +-----------------------------------+--------------------------------------+ | Jim Dixon | Compuserve: 100114,1027 | |AIKI Parallel Systems Ltd + parallel processing hardware & software design| | voice +44 272 291 316 | fax +44 272 272 015 | +-----------------------------------+--------------------------------------+ From adam at bwh.harvard.edu Sat Aug 6 10:39:12 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sat, 6 Aug 94 10:39:12 PDT Subject: RemailerNet In-Reply-To: <4068@aiki.demon.co.uk> Message-ID: <199408061739.NAA05213@bwh.harvard.edu> Jim Dixon: | In message <199408051528.LAA18523 at cs.oberlin.edu> Jonathan Rochkind writes: | > You seem to be talking about a Julf-style anon system, where the system | > knows who you really are. If the system is corrupt, if Julf were an | > NSA agent, then the entire system is compromised and useless. | | If you are using unmodified Internet hardware and TCP/IP as the underlying | transport system, then your point of entry into a remailer network | definitely knows which machine is originating a message and the point | of exit definitely knows where it is going. IP is not reliable & trustworthy. It it was, RFC931 ident servers would be useful. ;) Theres source routing to make packets appear to come from someplace else, and there is outright forgery, which has limits, but can work quite well. For a good discussion of some of TCP/IP's reliability & trustworthyness, see Steve Bellovin's paper, research.att.com:/dist/internet_security/ipext.ps.Z An aside: Does anyone care to share thoughts on IPng's security features? Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From tcmay at netcom.com Sat Aug 6 10:52:48 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 6 Aug 94 10:52:48 PDT Subject: Common Carriers and Illicit Shipments In-Reply-To: <199408061404.KAA02300@cs.oberlin.edu> Message-ID: <199408061753.KAA11320@netcom2.netcom.com> Spencer Mullen writes: > It would seem that remailers shouldn't be anymore accountable for > passing on illicit pornography than the postal services are today. > > ?? I'll take the "??" as an invitation for comment. Package delivery services like UPS and Federal Express *do* have immunity from prosecution based on what they carry, but this is in exchange for allowing inspection of packages under specified circumstances. Thus, if the DEA suspects a package contains cocaine, it can be inspected, and the shipper will most likely cooperate in resealing the package and continuing the shipment. This is part of "common carrier" status. (I don't have any cites for this, as I'm not a lawyer. But this topic has come up many times on the Net, and the consensus of knowledgeable people is that "participation in legitimate law enforcement investigations" is part and parcel, so to speak, of being a common carrier.) Caveat: I'm not claiming any of this is as it should be, etc. Just stating facts as I understand them. The implications for crypto are unknown, but between the Digital Telephony Bill mandating easy tapping access and the various key escrow schemes, I expect that a remailer network which cannot possibly cooperate may face legal problems. (One scenario: Digital Telephony III, in 1997, mandates that all mail sites must keep records of incoming and outgoing packets, and where they mailed them to, and must keep explicit mapping between incoming and outgoing packets. These records must be available for inspection, with a $10,000 a day fine fro noncompliance. With such a mandate, the authorities could go to each and every remailer they find and demand these records. A wrinkle: what about *offshore* remailers? Ah, things then get very interesting.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jdd at aiki.demon.co.uk Sat Aug 6 11:13:31 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sat, 6 Aug 94 11:13:31 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) Message-ID: <4089@aiki.demon.co.uk> In message <199408061404.KAA02300 at cs.oberlin.edu> Spencer Mullen writes: > Jim Dixon writes: > > >Commercial remailers would probably be very concerned with legal > >issues, both criminal (pornography, etc) and non-criminal (copyright > >violations). > > It would seem that remailers shouldn't be anymore accountable for > passing on illicit pornography than the postal services are today. I really do not want to try to argue the legal issues here; I am not a lawyer and claim no expertise. At a practical level, if you were running, let us say, an Internet Service Provider (ISP) and offered remailer services, you would in time attract the business of people who used your services for various unlawful purposes. You could not stop this without going through everyone's private mail. This would itself probably be illegal and certainly would lose you business. I understand that Playboy magazine spends lots of money pursuing people for copyright violations, and that criminal charges have been filed by the authorities in Tennessee or Arkansas against someone in California who sent them pornographic materials over a telephone line. The Post Office has what is called in the UK "crown immunity" against such prosecutions. So do "common carriers" in the USA. They are given special legal status. I do not know, but I believe that the telephone companies are legally common carriers. As a remailer gateway operator, you would probably have to argue things out in court, which could be very expensive. In the case of criminal charges, you would have to expect to lose your equipment for some time, and perhaps your freedom. I suspect that legally the key step would be to never store messages for any period of time. It would be prudent to erase them as soon as their receipt was verified. This would also save disk space, and it would be in line with the 'trust in silence' ethic. I would do this and then publicize the fact that I did so widely. This would discourage public prosecutors, who really don't like to do futile things. And I would incorporate the gateway and make sure it wasn't worth a great deal. This would discourage civil suits; clients get very irritated when they win the lawsuit and find that after all their legal expenses the target has filed for bankruptcy. -- Jim Dixon From merriman at metronet.com Sat Aug 6 11:40:08 1994 From: merriman at metronet.com (David K. Merriman) Date: Sat, 6 Aug 94 11:40:08 PDT Subject: Remailer listings/strategy Message-ID: <199408061843.AA17840@metronet.com> This may have been hashed out in a previous incarnation, but on the subject of remailers and their availability, why not just have each one broadcast a message of it's availability periodically (hourly? every 4 hours?) on, say, the Cypherpunks mailing list. Then, each remailer could also listen in, read in who's up, and if it doesn't hear from a remailer within some period of time (or some number of scheduled broadcasts), assume that it's down until it hears from that system again. This would also allow individuals to maintain personal listings of available remailers, as well, and automate the process of keeping track of what remailers are up/down/available. The additional traffic wouldn't seem to be _too_ much of a burden, those individuals who didn't want the broadcasts cluttering up their mailboxes could filter them out, and doesn't require massive effort or changes to implement (ie, new newsgroups, etc). What blazingly obvious thing am I missing here, or does it make too much sense to work? :-) Dave Merriman Finger merriman at metronet.com for PGP2.6ui/RIPEM public keys/fingerprints. From blancw at microsoft.com Sat Aug 6 11:53:49 1994 From: blancw at microsoft.com (Blanc Weber) Date: Sat, 6 Aug 94 11:53:49 PDT Subject: (none) Message-ID: <9408061855.AA19178@netmail2.microsoft.com> From: Jeff Gostin So, that's "who cypherpunks". :-) ......................................................................... I really meant to ask 'where cypherpunks'. It had been a whole day & more without the hordes messages and my day seemed empty, without code or purpose, lacking controversy & jibber jabber. Blanc From jdd at aiki.demon.co.uk Sat Aug 6 12:02:45 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sat, 6 Aug 94 12:02:45 PDT Subject: RemailerNet Message-ID: <4094@aiki.demon.co.uk> In message <199408061739.NAA05213 at bwh.harvard.edu> Adam Shostack writes: > | If you are using unmodified Internet hardware and TCP/IP as the underlying > | transport system, then your point of entry into a remailer network > | definitely knows which machine is originating a message and the point > | of exit definitely knows where it is going. > > IP is not reliable & trustworthy. It it was, RFC931 ident > servers would be useful. ;) Theres source routing to make packets > appear to come from someplace else, and there is outright forgery, > which has limits, but can work quite well. My "if you are using unmodified ..." clause shows that I understand this. You can send from a very large network and forge your TCP/IP or (more difficult) Ethernet source address. But I can sit on the same network, build a table relating TCP/IP to ethernet (or whatever) addresses, and filter out messages that should not be there. There are commerical packages that do this sort of thing. Basically, this is a different topic. One problem is designing a generic software package and set of protocols that will allow you to route mail anonymously. This is a general problem. The hacking of specific networks is a different, if related, problem. -- Jim Dixon From tcmay at netcom.com Sat Aug 6 13:36:14 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 6 Aug 94 13:36:14 PDT Subject: Remailer listings/strategy In-Reply-To: <199408061843.AA17840@metronet.com> Message-ID: <199408062037.NAA06711@netcom15.netcom.com> David Merriman writes: > This may have been hashed out in a previous incarnation, but on the > subject of remailers and their availability, why not just have each one > broadcast a message of it's availability periodically (hourly? every 4 > hours?) on, say, the Cypherpunks mailing list. Then, each remailer could > also listen in, read in who's up, and if it doesn't hear from a remailer > within some period of time (or some number of scheduled broadcasts), assume > that it's down until it hears from that system again. This would also allow > individuals to maintain personal listings of available remailers, as well, > and automate the process of keeping track of what remailers are > up/down/available. > The additional traffic wouldn't seem to be _too_ much of a burden, > those individuals who didn't want the broadcasts cluttering up their > mailboxes could filter them out, and doesn't require massive effort or > changes to implement (ie, new newsgroups, etc). > What blazingly obvious thing am I missing here, or does it make too > much sense to work? :-) Several flaws: Mailing lists are a poor forum for sending "I'm up" messages out, for various reasons: 1. Volume. 20 remailers x a message every 4 hours = 120 message a day to the list. Not a good idea, for many reasons. 2. Scaling. Even with fewer than 20 remailers, the system breaks down. Imagine if our goal of hundreds of remailers is met! 3. Not automated. Sending a text message out to everyone, and then having interested folks write a script to parse the messages and whatnot, is more work (probably) than having them finger or ping the remailers themselves (don't have to go through mail as the intermediary). And the remailer operators themselves would have to do the donkeywork of creating and sending messages automatically, which most of them probably won't do. 4. Mail to the list is hardly perfect itself, as we've seen many times. Delays, downtime, etc. Why inject a new delay/variable? 5. Function. Basically, it's not the function of a mailing list like ours to broadcast such messages. If many remailers do it, why not money providers, other mailing lists, etc.? 6. Not all remailer users are going to be on the Cyherpunks list, so why would the list be the solution? (Better would be either distribution of the pinging scripts, a centralized finger pinger (I like the sound of that: "finger pinger") such as Matt Ghio was running, or perhaps an "alt.anonymous.messages.status" group, acting as a message pool. These are just the objections that come inmmediately to mind. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From blancw at microsoft.com Sat Aug 6 13:40:30 1994 From: blancw at microsoft.com (Blanc Weber) Date: Sat, 6 Aug 94 13:40:30 PDT Subject: What are Appropriate Topics? Message-ID: <9408062041.AA19705@netmail2.microsoft.com> From: Timothy C. May "As for pure crypto being discussed on the list, there's a fair amount of that. I've posted my share of explanations of zero knowledge proof systems, dining cryptographers protocols, complexity theory, etc. I'm not saying this to defend myself, per se, but to note that these topics produced almost no discussion, almost no interest. Make of this what you will." I would say some reasons for the silence are that: . those who have read your comments have not thought extremely much about these themselves, so are not ready to add anything at the time. . your treatment of the subject matter was thorough enough that others don't feel the need to add further to your points. . you presented some deep thoughts that require time to digest & process. . the ideas you have about future events may have no present means to carry them out, good as they may be, and the way from point A to point B is not yet possible to achieve, as no practical method or system could yet be constructed. "* what happens to tax collection in an era of unbreakable cyphers? * how will the state react?" I would add: how will the general population react, when their security blanket is rendered ineffective? (* crypto anarchy issues from the perspective of the other side) * what's really holding back the spread of digital cash? What is the status of the work on this? I would like to keep up with its progress, if there are sources for the information. (besides The Economist) * where do we go from here? [Who's 'we', Kimosabe? :>) ] Where was anyone planning to go? There isn't anywhere else to go, physically, so it's necessary to resolve the problem of interacting in the same place at the same time with opposing methodologies. How does that work? (You aren't going to be invisible all the time, nor to everyone.) "..."Cypherpunks write code" is just one manifestation of the idea that we can actually change the world through the technological development of privacy-enhancing systems..." And privacy-enhancement isn't the *only* thing which will change the world, is it? There are other forces of cause-effect and influence which determine people's reactions to each other and to the problems of living. It lies within the broader subject of 'control': self-control, self-determination, as managed by the individual. This is where the controversy occurs - whether any or only some individuals shall be "permitted" to excercise it, and to what tolerable degree, and who shall be the "authority" that makes that decision. Much as some on the list would wish otherwise, "privacy-enhancement" goes in the direction of favoring the individual above the group, and this is difficult for some people to live with. I have seen some of Tim's ideas for future possibilities in terms of things which could come to pass or could be achieved, but I realized that I have not seen anything from him to indicate any projects which he is actually working on to bring these about. You do communicate a lot of information & ideas and do much work of explaining & clarifying fuzzy areas, which is excellent & valuable, but it still waits for others to put together the actual parts & pieces of things, if they are to be brought into actual existence as functional systems which can be employed and which can affect future conditions. "For want of a horseshoe, the war was lost." I would like to read more on what you have to say about this, as you are the pre-eminent poster on the list who likes to digress into abstract discussion. Blanc From perry at imsi.com Sat Aug 6 13:56:16 1994 From: perry at imsi.com (Perry E. Metzger) Date: Sat, 6 Aug 94 13:56:16 PDT Subject: IPv6 Security (was Re: RemailerNet) In-Reply-To: <199408061739.NAA05213@bwh.harvard.edu> Message-ID: <9408062056.AA18737@snark.imsi.com> Adam Shostack says: > An aside: Does anyone care to share thoughts on IPng's security > features? I'm the person assigned to edit/write the drafts for IPSP, which is to be the successor to swIPe, and portions of which will be mandatory parts of conformant IPv6 security. (Now that the decision on which protocol is to be IPng, the politically correct name for IPng is "IPv6"). The basic technique of packet encapsulation for security, which is the basis for SP3, NLSP and swIPe, is being adopted, although the packet format is being radically simplified even from that of swIPe, consisting mainly of an SAID (what swIPe calls a "Policy Identifier). Authentication and opaque cryptographic encapsulation formats are to be slightly different for technical reasons. The IPSP definition is (nearly) nailed down. The hard part, key management, which is the layer that goes on top of IPSP, is still being intensively discussed. I expect there will be extensive battles there still to come, particularly on the naming of authenticated entities -- to tell you how shaky things are there, no real proposals are yet in draft RFC form. The one thing there is widespread agreement on is that the DNS should be used to store keys, although this will likely require extension of the maximum size currently permitted for RRs in the DNS (512 bytes as defined right now.) It is my hope that a unified IKMP (internet key management protocol) and IPSP will provide sufficient functionality that no other security mechanisms will be required for authenticating and securing remote connections on the internet, and any telnet, ftp, finger, or anything else that anyone does can be transparently made secure simply by setting administrative requirements on the authentication and encryption level needed by connections. Security of store-and-forward traffic, like electronic mail and routing information, will still require seperate mechanisms -- I hope the basic keys for those mechanisms will be stored in the same way with the same naming, for instance, and that most of the mechanisms will be shared. It is also my hope that all trust mechanisms will be based on web-of-trust rather than certification heirarchies, although that is another speculation. Perry From blancw at microsoft.com Sat Aug 6 14:01:47 1994 From: blancw at microsoft.com (Blanc Weber) Date: Sat, 6 Aug 94 14:01:47 PDT Subject: Voluntary Governments? Message-ID: <9408062103.AA19844@netmail2.microsoft.com> From: Hal What does it mean to speak of a government in cyberspace? It is the government in physical space I fear. Its agents carry physical guns which shoot real bullets. ................................................................ Good point. What does it mean to speak of governance (or 'govenment') at all? Questions I would seek to have the answers to, in making decisions about government per se: . Who or what is to be governed? . What is inimical/destructive and to be regulated/prevented, or what is sacred which is to be upheld? . How will anyone come to know the difference? What difference does it really make (to anyone in the real world)? . Who is to do all the work of preventing or upholding (how do they qualify for the job)? . What is to be done about non-conformists to the rules (without contradicting the rules?) . When did you realize that you were an absolute authority on the subject? Blanc From perry at imsi.com Sat Aug 6 14:07:59 1994 From: perry at imsi.com (Perry E. Metzger) Date: Sat, 6 Aug 94 14:07:59 PDT Subject: RemailerNet In-Reply-To: <4094@aiki.demon.co.uk> Message-ID: <9408062108.AA18761@snark.imsi.com> Jim Dixon says: > You can send from a very large network and forge your TCP/IP or > (more difficult) Ethernet source address. But I can sit on the same > network, build a table relating TCP/IP to ethernet (or whatever) > addresses, and filter out messages that should not be there. There > are commerical packages that do this sort of thing. Huh? If you are sitting on a network in England, which you appear to be, I defy you to record anything at all about the ethernet addresses of the machines that originated this message. I'll happily telnet to your machine any time you like, and give you all the opportunity you like to record the ethernet address of my packets. You might be on the same internet, but you very likely have no access to the original physical network, and you have no capacity to build any tables of any sort. Perry From nobody at c2.org Sat Aug 6 14:24:42 1994 From: nobody at c2.org (Anonymous User) Date: Sat, 6 Aug 94 14:24:42 PDT Subject: A Helpful Tip for Impatient Souls Message-ID: <199408062123.OAA03921@zero.c2.org> -----BEGIN PGP SIGNED MESSAGE----- Tommy the Tourist (Anon User) wrote: Welcome back, Tommy, we missed you! Hope you're enjoying your new (CSUA) "home"... (Time for everyone to update their "chain.ini" file, BTW.) > Those wishing perhaps the ultimate in Cypherpunks ease-of-use > and greatest peace of mind, may find it useful to simply delete > everything that does NOT come from one of the following email > addresses: > tcmay at netcom.com > frissell at panix.com > sandfort at crl.com But Tommy ... if we did that, we wouldn't be able to read *YOUR* posts, either. Perhaps anyone who had a fetish for "ease-of-use", or was troubled by even seeing "cryptographically INcorrect" ideas (the analog of "politically correct") would tire of Cypherpunks altogether and just read the party line from Sternlight and Co. (tm). The other problem is that if some brave, anonymous soul wanted to, let's say, "leak" the Clipper algorithm to the net, he'd have to forge e-mail from one of the "approved sources" above to gain an audience. However, despite your anonymity, Tommy, don't I see your tongue firmly implanted in your cheek? I sure hope so... I find the posts from the "approved three" individuals highly informative. OTOH, if *THEY* did as you suggested, traffic would be drastically reduced because it would only consist of those three talking amongst themselves. --- Diogenes -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkOdOeRsd2rRFQ1JAQHi4AP+LuJhvQPRiB0rZvDjuhfZwG+Q95N8WpTt 4lVNjLecXHKjFE6qn6tsed3/Fh/mwQUzRzx4kUihvRxqR3MAoBp1/SREXt+Rsd30 4zsxIs+BDkCCloX7rxVptZLJYG587oaIQOL0Wn/7MiDKChm/LoXrdbRwUeLL2gIU ZvvMDBBuYpI= =Vk7F -----END PGP SIGNATURE----- From rah at shipwright.com Sat Aug 6 15:30:08 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 6 Aug 94 15:30:08 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408062229.SAA24471@zork.tiac.net> At 1:38 PM 8/6/94 -0700, Blanc Weber wrote: >From: Timothy C. May >* what's really holding back the spread of digital cash? > > What is the status of the work on this? I would like to keep > up with its progress, if there are sources for the information. > (besides The Economist) e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$e$ I'll bite. I think that practically the only thing holding digital cash back at this point is pure and simple hucksterism. The whole concept of e$ (shorthand for e-money, with apologies to other currencies) should be promoted more. People who Really Work for a Living in Finance should be educated about the potential impact of strong crypto on money. There was a comment from Perry a while back which hit home with me. He said: >The problem is not a need for a killer app -- there are dozens. The >obstacle is regulatory problems, and finding a large and reputable >sponsoring organization (like a big bank). Now, that makes sense to me. It would go a long way towards legitimizing e$ and strong crypto if a largish bank put up a pilot project where they were exchanging, that is, making a secondary market in, real e$; maybe even DigiCash(tm). Ethier they or someone else could actually underwrite it, because you have to have both to make the market exist. Having heard what Eric has said about potential regulatory problems, I think that most of them are inadvertant obstacles, because they certainly weren't put there to obstruct e$, which didn't exist when they were written. I think if a reasonable (i.e. not illegal) business case were put to the regulators, they would (as usual) conform to whatever business interests want. I think that in order for the above to happen, some softening up of the targets has to occur. I understand that there are people on this list who are interested in selling seminars on strong crypto to the finance community. What about doing that in the context of a conference program to a larger audience? Get some famous heavies in the business world and in cyberspace to salt the conference flyer with. A certain EFFer comes to mind, among others who may be sympathetic to e$. Invite mostly businesspeople, preferably those in finance and finance operations, but also regulatory/political types. Teach them what e$ is and how it works. In return, e$vangelists can learn what questions their potential market actually need to have answered before e$ will be real. Maybe a deal or two happens, who knows? Repeat the process every year or two, but start the first one off as a "ground school" in the fundamentals. This thing doesn't have to be affiliated with the cypherpunks list any more than the original Computer Faire was affiliated with the Homebrew Computer Club. I wrote up an agenda when I was in the throes of the idea, and it's somewhere around here (I *know* it is...). Off the top of my head, I figured there'd be a schmooze reception the evening before, a brief primer on strong crypto and e$ in the morning, a schmooze luncheon (with speaker), a "where do we go from here" panel populated with business heavies in the afternoon, and a schmooze reception (with product demos, if any) in the evening to close. Notice it's very heavy on the schmooze. I challenge you to do huckster without lots of schmooze... This is not to be a volunteer effort. People who worked on this would get paid. The conference wouldn't happen if the attendance numbers weren't there. The participants will pay somewhat serious money to attend, and they will be interested in making money with the information obtained and contacts made at the conference. I'm pretty sure I want to do this one. I'd like to do it on this coast (Boston) because the money's over here, anyway, and there's still some technology over here that hasn't been made obsolete in the Bay Area. Besides, the east coast's halfway to Amsterdam, right? (yeah, I know, so's Anchorage...) So. Does anyone have any pointers? Cheers, Robert Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 6 15:51:37 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 6 Aug 94 15:51:37 PDT Subject: Mr. Bill wants you! Message-ID: <199408062250.SAA24656@zork.tiac.net> It seems that Microsoft is hiring a "Program manager for Electronic Commerce". I just saw it in misc.jobs.offered: >Program Manager for Electronic Commerce >You will lead the design and deployment of a new electronic commerce >service at Microsoft. Your experience in cryptography, banking, electronic >commerce, or communications will be put to use on this project. >Requirements include at least three years of software development and >project management experience and a Bachelor's degree in Computer Science >or a related field. Oh Boy. You cannot resist the Dark side of the Force, Luke... Lots of "or"s and not many "and"s in that requirements punchlist though... Usual apologies to MSerfs, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From merriman at metronet.com Sat Aug 6 16:03:35 1994 From: merriman at metronet.com (David K. Merriman) Date: Sat, 6 Aug 94 16:03:35 PDT Subject: Remailer listings/strategy Message-ID: <199408062307.AA13549@metronet.com> >Mailing lists are a poor forum for sending "I'm up" messages out, >for various reasons: > >1. Volume. 20 remailers x a message every 4 hours = 120 message a day >to the list. Not a good idea, for many reasons. Okay, every 8 hours. Now we're down to 60 messages - not too different than a lively C'punks day. :-) > >2. Scaling. Even with fewer than 20 remailers, the system breaks down. >Imagine if our goal of hundreds of remailers is met! So instead of one central remailer, we use some number of 'regional' listservers (4 remailers, each handling 5 'local' remailers). Then if one croaks, it's a minimal loss to the system. > >3. Not automated. Sending a text message out to everyone, and then >having interested folks write a script to parse the messages and >whatnot, is more work (probably) than having them finger or ping the >remailers themselves (don't have to go through mail as the >intermediary). And the remailer operators themselves would have to do >the donkeywork of creating and sending messages automatically, which >most of them probably won't do. "Cypherpunks write code" > >4. Mail to the list is hardly perfect itself, as we've seen many >times. Delays, downtime, etc. Why inject a new delay/variable? (2) above. > >5. Function. Basically, it's not the function of a mailing list like >ours to broadcast such messages. If many remailers do it, why not >money providers, other mailing lists, etc.? C'punks remailer was used as a f'rinstance (functionality example). So there's a different remailer mailing list, and a banks remailer mailing list, and money provider's mailing list, ad nauseum. Who cares? Those interested in remailers listen in on the remailers mailing list, and don't listen to the banks list, and versey-vicey. > >6. Not all remailer users are going to be on the Cyherpunks list, so >why would the list be the solution? (Better would be either >distribution of the pinging scripts, a centralized finger pinger (I >like the sound of that: "finger pinger") such as Matt Ghio was >running, or perhaps an "alt.anonymous.messages.status" group, acting >as a message pool. (5) above >These are just the objections that come inmmediately to mind. >--Tim May Finger merriman at metronet.com for PGP2.6ui/RIPEM public keys/fingerprints. From an114 at vox.hacktic.nl Sat Aug 6 16:03:39 1994 From: an114 at vox.hacktic.nl (an114 at vox.hacktic.nl) Date: Sat, 6 Aug 94 16:03:39 PDT Subject: Cyphers Out There? Message-ID: <199408062304.AA24735@xs4all.hacktic.nl> :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.6 hEwCTL2DNtw2i0EBAf4joQKrL2wlyfeRCIHGKaIlSnDhfNdSJ3+MPylu1fix0TIr E//Iw3Z9H2rdbVkJ4gyMQrE7kZzpquyys5ia4031pgAAAjb/CvnS8B2ZX0gpx+dh 8+7dS7i0vbwOePbd/6RIMaemyQhc98npIqQqWodr7z4a+hPp9PyBw5tVPa9N29CF 5b/X50eaeK9vuUVAp1qAB247LsqmQ+nWlFtVXlcy2M3AqZFG0KwvGCg1FLcrSIKj 4gEbp+qD42cetTBe3HFY45Xie1tcEVrTblpibIKZ41NgKcGdRJ8s+ivv/tKu+bDh pftPmiJjqIM1hpOtDqAQvlocP/j4RmxrZFCkdtmczAOKPhG0F6B4tmW/GKY7Kfdk 7vfhrMF6+8sAQSXLSp8xSCpjSGT/RsZKRNOLFK8E6QGCk5MToV5FBtCUd7sVSY7H t+GEsVT4KgLq1jdGGwrsegB99K4ttQ0rYxPn5xQUgUNt6ekOK3v2mfUHQbuY2rdf OTN+RHGRiFI8oplVYVUQGo0q/Ghl7P56TSxVZTHTrxRbFDc/xcnflQHsrVHS/9KC xxP3xuZTrCJaXrZEi8xZ2h/gyQB7xT7VdNvFm4KpFapkt9UP510+4YmyN06SSMq7 zSX4lmcihnf1FGt0A3Q5KOjUjzXz4V4xD9BYtC2Tg+Bp+QtVfJTVhSJ8u8tGs0cB LMSHkj5H2RocbhMhpnmm5Lqnwp+UgUWbH2cVNnx51DbAlOt1NrwetjXs75YZbtfw JBgLj2AOfAi5txky+4xZx/S2uSyrwe0OSFTsBXoSonSSRMjkBPjJ/H0d1XU715oN RSxlTlFIlS8GnUlaiq+eYhHp3sbZILS57A== =YwyP -----END PGP MESSAGE----- -------------------------------------------------------------------------- To find out more about the anon service, send mail to help at vox.hacktic.nl Please report any problems, inappropriate use etc. to admin at vox.hacktic.nl Direct replies to the sender of this message are -not- anonymised From anonymous at hacktic.nl Sat Aug 6 16:03:47 1994 From: anonymous at hacktic.nl (An0nYm0Us UsEr) Date: Sat, 6 Aug 94 16:03:47 PDT Subject: Re: Remailer ideas (Was: Re: Latency vs. Reordering) Message-ID: <199408062304.AA24750@xs4all.hacktic.nl> Jim Dixon writes: >Commercial remailers would probably be very concerned with legal >issues, both criminal (pornography, etc) and non-criminal (copyright >violations). Those commercial remailers probably will be located around the world, so pornography could be send by using an "offshore" [=non-american] remailer as last link in the chain. The jurisdiction where this remailer could be located, preferably shouldn't care about pornografy. [Holland, Scandinavia ?] >-- >Jim Dixon From hughes at ah.com Sat Aug 6 16:31:20 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 6 Aug 94 16:31:20 PDT Subject: Remailer ideas In-Reply-To: <199408060555.AAA06154@pentagon.io.com> Message-ID: <9408062302.AA17213@ah.com> Given a connectionless network absolute delivery is impossible (well, not completely, but just about...) Here is a theme I'm going to mention a few times today: the complexity class of probabilistic algorithms is the one that matters most for practical applications. Which is to say, that when you have a partially unreliable connectionless network, you can't, can not, can never _assure_ delivery. You can, however, set up the protocols so that the assurance in delivery is arbitrarily close to probability one, even though it can't ever actually reach it. Here's the fallacy which is common, that something which is probabilistically bounded but is not deterministically bounded is somehow flawed. Or, rather, you can trust expected values. Hal's random-send spool has an expected value of latency which is approximately the size of the spool but has no deterministic upper bound for that latency. Fine. Great. No problem. There should be zero hesitation here, because the expected value -- the probabilistic average -- is what you want. When you start off with probabilistic assumptions about the underlying reliability of the network, the best you can get is probabilistic answers. Even if the network components are deterministic, you still get probabilistic results. Adding probabilistic components also gives you probabilistic results. So what's the bid deal? The hesitation to accept a probabilistic measurement is still all-too-frequent. I will refrain from commenting on why I think that is, and merely admonish folks not to pull their punches and bewail a probabilistic result about device behavior. Eric From hughes at ah.com Sat Aug 6 16:48:42 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 6 Aug 94 16:48:42 PDT Subject: Improved remailer reordering In-Reply-To: <199408061531.IAA28014@jobe.shell.portal.com> Message-ID: <9408062320.AA17234@ah.com> About message mixing: A measure that is used for situations like this is entropy. Indeed. This is exactly the mathematical measure for what I've called "privacy diffusion" in a remailer network. It is, namely a measure of of the uncertainty to a watcher of what ingoing message corresponds to what outgoing message. As soon as you begin to write down some of the equations for this value, several things become distinct possibilities: -- duplicate messages may decrease security -- retries may reduce security -- interactive protocols may reduce security -- there is such a thing as a needlessly lengthy remailer path -- noise messages might not be worth the bother -- multiple different routes may reduce security One thing becomes blaringly obvious: -- it's reordering that's mathematically significant; that's what goes directly into the equations. To consider different batching strategies, consider a remailer where the messages come in one per hour, at 1:00, 2:00, 3:00, etc. Since the particulars of the time don't matter for this analysis, I'd suggest using the terminology "message interval", since the entropy calculation is time-scale invariant. Hal's suggestion for rollover schemes is a good one. I'll be working on the math for it. Eric From hughes at ah.com Sat Aug 6 16:59:46 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 6 Aug 94 16:59:46 PDT Subject: Remailer ideas In-Reply-To: <199408061724.NAA05169@bwh.harvard.edu> Message-ID: <9408062331.AA17257@ah.com> On M/N reordering schemes: A relatively simple way to avoid the unlucky message sitting in the queue problem would be to store a timestamped, ordered list of messages waiting to go. The key word in the above sentence is the word "unlucky". When I formalize the word unlucky, I get "expected value is arbitrarily close to zero". Therefore, I completely ignore this situation, because it just doesn't happen often enough to worry about. If you have a higher level protocol which corrects errors, then staying in a mix too long is just another cause of failure. It should be tallied up with the rest of the causes of failure and then, once its contribution to unreliability has been established, ignored. The probabilistic reasoning which says that "the message will get out with the following distribution of latencies" is perfectly fine, and as long as the systemic consequences of late messages have a fixed upper bound, the total effect of delayed messages does also. Estimate the damage, and if it's workable just don't worry about it. And when I claim that some folks just empathize too much with that poor little datagram who went on an incredible journey through lots of out-of-the-way place to finally come home, well, I'm exactly half joking. Eric From tk at ai.mit.edu Sat Aug 6 17:01:22 1994 From: tk at ai.mit.edu (Tom Knight) Date: Sat, 6 Aug 94 17:01:22 PDT Subject: Remailer message bundling Message-ID: <9408070001.AA27760@entropy> If each remailer encrypts outgoing traffic with its (immediate) recipient forwarder's public key, then several outgoing messages headed in the same direction can be bundled together, obfuscating further the message identities. No need to have 1 message in ==> 1 message out, with or without delay, reordering, or whatever. But maybe everyone already thought of this. From hughes at ah.com Sat Aug 6 17:34:17 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 6 Aug 94 17:34:17 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) In-Reply-To: <4087@aiki.demon.co.uk> Message-ID: <9408070005.AA17290@ah.com> In a system that is carrying continuous traffic, random packet delay is functionally identical to packet reordering. OK. Prove it. Here are some difficulties I expect you'll find along the way. First, "continuous traffic" is the wrong assumption; some sort of multiple Poisson distribution for arrival times is. This is by no means a hypothetical. The backoff algorithms for TCP had to be developed because packet streams are not continuous, but bursty. There is such a thing as too many packets arriving at a router simultaneously. Routers don't swap packets to disk when they run out of RAM; they drop them. So given any relation between arrival interval, processing time, and machine capacity, there some _percentage_ of the time that the router is going to overflow exactly because the traffic is not continuous. Second, the beginnings and endings of operation are special. The idea of "stochastic deconvolution" hits me immediately, throwing out completely any reasoning based only on steady state assumptions. Third, these two effects interfere with each other, as there are bursts of silence in Poisson arrival times which will tend to reset the deconvolution. Fourth, the problem is incompletely specified, since the distribution of random added latencies is not made specific. If I assume a flat distribution over a given number of message intervals, that's not the same as assuming a geometrically decreasing distribution, or some other distribution. I'd guess there are more. If messages are fragmented, random delays on sending packets out is functionally identical to reordering. This is false; a system that concentrates on reordering has provably better average latency that one based only on adding latencies. Consider the following. If I send out a message sometime between two messages, I've acheived no more reordering (the significant thing, remember) than if I sent out that same message immediately after the arrival of the first of the two bracketing messages. So I can take _any_ latency-adding system and reduce its average latency with minimal effect on reordering by the following modification. When a message comes it, each message in the queue is tagged to go out at some time relative to present. For each of these messages, I can calculate the probability that no other incoming message will arrive before a particular outgoing time. Pick some probability bound close to 1, and send out all messages with probability greater than the cutoff _now_, before waiting for their time to be up. The decrease in reordering can be normalized to zero by lengthening the time scale of the added latencies. You'll then find that the modified system shows lower latency. And that's only the first inequivalency. Latency-adding systems are less efficient at memory usage than reordering systems. Reordering systems can get pretty close to 100% use, since the queue can be kept full, as in Hal's threshold sending scheme. The random delays can't have full usage, because there's an maximum to memory; it can't be borrowed like money when you temporarily need more of it. The analysis has similarities to gambler's ruin. Anyone else care to point out more inequivalencies? More importantly, RemailerNet as described defeats traffic analysis by more significant techniques than reordering. Reordering is a weak technique. WHAT?? Anyone else listening to this: I believe the above quoted two sentences to be distilled snake oil. The introduction of noise, 'MIRV'ing of messages, fragmentation of messages, random choice of packet routes, and encyphering of all traffic are stronger techniques. Encyphering is necessary. Reordering of quanta is necessary. "MIRV" messages may actually decrease security; multiple routes may decrease security; fragmentation may decrease security. Noise messages may not be resource effective. All the above claims require some justification, and I have seen nothing robust yet. Eric From hughes at ah.com Sat Aug 6 18:01:04 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 6 Aug 94 18:01:04 PDT Subject: In-Reply-To: <199408062304.AA24750@xs4all.hacktic.nl> Message-ID: <9408070032.AA17321@ah.com> Those commercial remailers probably will be located around the world, so pornography could be send by using an "offshore" [=non-american] remailer as last link in the chain. One assumption here is that someone in one country can easily pay someone in another country, and an automatic currency conversion can take place. The prerequisites to happen generally for that are the electronification of retail money in both jurisdictions and a retail-level currency exchange system. None of this really exists yet, although the first beginnings are here. Also, for anonymous payment for such overseas services, anonymous transfer in at least one of the two currencies is necessary. I point all this out to show that we're a long way from here to there. The jurisdiction where this remailer could be located, preferably shouldn't care about pornografy. [Holland, Scandinavia ?] Yes, that's the right attitude. The mantra is "regulatory arbitrage", or, always find a place to do something where it's already legal. And it's not just the USA. Expect Britain's libel system to be stretched by anonymous overseas speech. Eric From hughes at ah.com Sat Aug 6 18:10:13 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 6 Aug 94 18:10:13 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <199408062229.SAA24471@zork.tiac.net> Message-ID: <9408070041.AA17335@ah.com> I'll bite. I think that practically the only thing holding digital cash back at this point is pure and simple hucksterism. It certainly needs that, but I don't think it's sufficient. Having heard what Eric has said about potential regulatory problems, I think that most of them are inadvertant obstacles, because they certainly weren't put there to obstruct e$, which didn't exist when they were written. The obstacles are certainly not for electronic money, which the Fed's been using for some time now, but rather for electronic cash, which includes anonymity. The USA provides a fair amount of financial privacy to everyone but the government, particularly law enforcement. So the _business_ case for privacy is largely felt to be already satisfied by the regulators. I think if a reasonable (i.e. not illegal) business case were put to the regulators, they would (as usual) conform to whatever business interests want. The Treasury department, among others, really _doesn't_ want non-recorded transactions. Unless the banking community as a united front _does_, I don't think it will happen domestically (USA) before other deployments. If there's not a united front, it'll be divide and conquer. Eric From karn at unix.ka9q.ampr.org Sat Aug 6 18:29:29 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Sat, 6 Aug 94 18:29:29 PDT Subject: Dallas Morning News article Message-ID: <199408070130.SAA01067@unix.ka9q.ampr.org> Dallas Morning News, July 23, 1994, Page 5F Cryptography tests rights of electronic word Tom Steinert-Threlkeld Cybertalk The electronic word appears to have fewer rights than the printed word. At least that could be the conclusion drawn from an unusual case emerging from the Bureau of Politico-Military Affairs in the U.S. State Department's Office of Defense Trade Controls. There, a book about encryption techniques has won an export license, but a computer disk containing the same information has not. The book in question is titled "Applied Cryptography", an attempt by data security consultant Bruce Schneier to translate 20 years of academic research in scrambling computer traffic "into terms understandable by mere mortals." In so doing, Mr. Schneier hopes to do "more to further the spread of cryptography around the globe than any single (encryption) product could." So far, his publishers, John Wiley & Sons, believe the 600-page tome has been doing almost that. Since its release in November, almost 15,000 copies of the book have been sold. Of that, between 1,500 and 2,000 have been to programmers and other interested parties abroad. Those foreign sales are possible because the book did not have to get an export license. Such controls are used by the State Department to guard against the spread of cryptographic methods that could be too difficult to break, posing a threat to national security. The book contains what Mr. Schneier estimates is about 100 pages of algorithms, hash functions and other lines of computer code that can be used to encrypt messages. But the Office of Defense Trade Controls in March rendered the opinion that the book "is not subject to the licensing jurisdiction of the Department of State since the item is in the public domain." No so with two disks containing the same "source" code. In a May 11 letter, office director William B. Robinson designated the disks as an article "under category XIII(b)(1) of the United States Munitions List." As such, the author would require an export license for the disks. The code itself was not a finished product. It would have to be "compiled" into an executable program before it actually could be used to disguise any data on a computer network. The code was also exactly the same as appeared in the book, or at least as nearly as possible, given the transfer to a magnetic disk. But that appeared to be enough of a difference for the State Department. Mr. Robinson stated, "The text files on the subject disk are not an exact representation of what is found in 'Applied Cryptography'. Each source code listing...has the capability of being easily compiled into an executable subroutine." A State Department official Friday translated the distinction this way: "The difference with the code in the book is you have to type it all in and correct all the errors" before it is usable by a computer programmer. The "value added" by putting the code on the disk is that it is already typed in. "That was the determination we made", the official said. Practically speaking, the distinction escapes the author, Mr. Schneier. Once one overseas programmer types in the code and corrects the errors, hundreds of copies can be easily made and shipped to any country. For the programmer who is too lazy to type, the book's pages even can be scanned in. "What do we think? Foreigners can't type? Or is the worldwide scanning industry influencing this decision?" he asks. Others see larger, constitutional questions. "They're trying to say electronic words have less protection than written words," said David Banisar, policy analyst with the Electronic Privacy Information Center in Washington, D.C. "That's not a proposition that I think any court will support." As more and more words -- from book, magazine and newspaper publishers, for instance -- become electronic, the issue could become critical. "When all words are electronic, they won't be able to be protected under the First Amendment" if this difference between words on a paper medium and words on a digital medium gains footing, he said. Phil Karn, an engineer and ally of Mr. Schneier, however, is appealing the stand on the disks. The State Department's view also is not the final law of the land. "It seems like kind of a foolish distinction and one which in any case is ultimately doomed to failure," said Internet Society executive director Anthony Rutkowski. The different rulings on the book and the disk are "utterly stupid, but that's the way bureaucracies work." Mr. Robinson and the trade control office's deputy director, Rose Brancaniello, declined to comment. Another officer, Tom Denner, said comment was prohibited by confidentiality provisions contained in section 38(e) of the Arms Export Control Act. ------ CyberTalk appears every other Saturday, discussing people, places and problems populating the world of computer communications known as cyberspace. Tom Steinert-Threlkeld can be reached at the Internet address, tomhyphen at onramp.net; at America Online, tomhyphen; or at Prodigy, trfj19a. From hfinney at shell.portal.com Sat Aug 6 18:38:26 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 6 Aug 94 18:38:26 PDT Subject: (none) In-Reply-To: <9408061855.AA19178@netmail2.microsoft.com> Message-ID: <199408070138.SAA08024@jobe.shell.portal.com> Blanc Weber writes: >I really meant to ask 'where cypherpunks'. It had been a whole day & >more without the hordes messages and my day seemed empty, without code >or purpose, lacking controversy & jibber jabber. List members who are internet connected might try doing "telnet toad.com" and see if they get a login prompt. The recent list outages have correlated with a lack of response from toad, so I presume the machine was either down or off the net. Hal From perry at imsi.com Sat Aug 6 19:01:10 1994 From: perry at imsi.com (Perry E. Metzger) Date: Sat, 6 Aug 94 19:01:10 PDT Subject: (none) In-Reply-To: <199408070138.SAA08024@jobe.shell.portal.com> Message-ID: <9408070201.AA19095@snark.imsi.com> Hal says: > List members who are internet connected might try doing "telnet toad.com" > and see if they get a login prompt. The recent list outages have correlated > with a lack of response from toad, so I presume the machine was either down > or off the net. ping is considered far more sociable in general than trying to telnet... Perry From hfinney at shell.portal.com Sat Aug 6 19:09:27 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 6 Aug 94 19:09:27 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <199408062229.SAA24471@zork.tiac.net> Message-ID: <199408070209.TAA08709@jobe.shell.portal.com> There are two legal problems that I could see being used against digital cash. The first is the civil war era prohibition on banks issuing private bank notes. This was done in an attempt to force people to switch over to U.S. government notes, and was successful. (Actually, it is not a pro- hibition per se, but rather a prohibitive tax on the use of such notes.) I don't have a reference to where this actually appears in the code, but I have read about it in many histories of currency in the U.S. It seems to me that digital cash issued by a bank is functionally very similar to a paper bank note issued by that same bank, suggesting that this law would apply. The second problem is the regulation of "scrip" and barter systems. This was pointed out on the list last year by someone who had actually been involved in a private barter or scrip system which was shut down by the government, at great cost to all concerned. These regulations can be found at 26 CFR 1.6045-1. From subsection (f)(5)(ii), "Scrip is a token issued by the barter exchange that is transferable from one member or client, of the barter exchange to another member or client, or to the barter exchange, in payment for property or services". I think this one will eventually get the "NetBank" people in trouble. (You call a 900 number and in exchange for a charge on your phone bill they give you a digital token you can exchange for property or services by participating merchants.) Barter exchanges are required to get the names and SS numbers of all participants and report their transactions to the IRS. This would be inconsistent with the privacy we seek from ecash. There are probably other regulations but I would think these two would have to be addressed initially, at least by anyone thinking of setting up these services within the United States. Hal From hfinney at shell.portal.com Sat Aug 6 19:15:45 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 6 Aug 94 19:15:45 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) In-Reply-To: <9408070005.AA17290@ah.com> Message-ID: <199408070216.TAA09025@jobe.shell.portal.com> I had an interesting thought. Remailer networks are hard to analyze, with messages whizzing this way and that. But Tim pointed out that if you have N messages coming in to the network as a whole and N going out, all that zigging and zagging really can't do much better than N-fold confusion. This suggests, that IF YOU COULD TRUST IT, a single remailer would be just as good as a whole net. Imagine that God offers to run a remailer. It batches messages up and every few hours it shuffles all the outstanding messages and sends them out. It seems to me that this remailer provides all the security that a whole network of remailers would. If this idea seems valid, it suggests that the real worth of a network of remailers is to try to assure that there are at least some honest ones in your path. It's not to add security in terms of message mixing; a single remailer seems to really provide all that you need. Hal From rah at shipwright.com Sat Aug 6 19:29:40 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 6 Aug 94 19:29:40 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408070228.WAA26202@zork.tiac.net> At 5:41 PM 8/6/94 -0700, Eric Hughes wrote: >The obstacles are certainly not for electronic money, which the Fed's >been using for some time now, but rather for electronic cash, which >includes anonymity. We've chased each other around a tree like this one before... Let's see what the differences are this time. I've been doing some thinking about this... Anonymity can come out of retail settlement of e$, if the transactions aren't tracked. We've talked here before about how you think that the tracking of those transactions at the retail level is pretty trivial, so the cost to the user of traceable e$ may be meaningless. I'm not so sure that that's the case, and I think (I hope!) I remember Perry agreeing with me on that point. But if we fiat the argument just to see where it takes us, we come to the sheer volume of transaction records themselves. Is it possible to accurately estimate the cash transaction load of an economy? I bet that if we could, you'd see that the data from each transaction would cause the problem news servers have by several orders of magnitude. The information would get dumped pretty frequently. This is probably the same problem the NSA has now picking out signals to listen in on, but running down an audit trail is different, it's a historical process. Since you don't know whose transactions you need, you need to keep them all. True, this doesn't keep TLAs from trying trying to drink from a firehose, or more to the point, to free-dive to the bottom of the Marianas Trench (if they could keep all of the data), or high-dive into a wading pool (if they couldn't). Hmmm... >The USA provides a fair amount of financial >privacy to everyone but the government, particularly law enforcement. >So the _business_ case for privacy is largely felt to be already >satisfied by the regulators. When *every* business transaction can be scrutinized (as much as physically possible, per above) at any time, for any reason the government deems necessary, it makes a sizable business case *for* traceable electronic cash. This is probably the place to put the lever on the business community. >The Treasury department, among others, really _doesn't_ want >non-recorded transactions. Unless the banking community as a united >front _does_, I don't think it will happen domestically (USA) before >other deployments. If there's not a united front, it'll be divide and >conquer. Non-recorded transactions exist already. It's keeping them from dissapearing that we're really talking about here. It's quite possible to get banks to present a united front. They have one of the largest lobbies in Washington. They have fought reporting requirements tooth and nail with some considerable success, but every time they get greedy (S&Ls) the noose tightens. It might be the threat of international deployment and regulatory arbitrage which brings them around, and fires up the lobbying apparatus on our side of the issue. It has worked before (gold, et.al.). On the other hand if those reporting requirements are frictionless, they don't *need* to fight it, do they... It's time to leave the ring. Somebody tag me. My brain hurts... Now to plug the topic of the thread a bit, how receptive would people in the crypto community be to participating in an annual dog&pony/schmoozefest for the suits? Who should chair the morning "primer" session? *E-mail* me with your ideas, everyone. Thanks, Robert Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 6 19:52:10 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 6 Aug 94 19:52:10 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408070251.WAA26419@zork.tiac.net> At 7:09 PM 8/6/94 -0700, Hal wrote: >There are two legal problems that I could see being used against digital >cash. The first is the civil war era prohibition on banks issuing private >bank notes. Where you stand on this one depends on where you sit. ;-). It seems to me that one could just as easily treat digicash as securities denominated in dollars, just like shares in a money market mutual fund, or more to the point, the actual money market instruments, repos, for instance. It's going to take a sophistical titan to get this through the courts, but if there's a market for digicash, hey, it can happen. It won't happen if this titan's employers never hear about it, though. >The second problem is the regulation of "scrip" and barter systems. This >was pointed out on the list last year by someone who had actually been >involved in a private barter or scrip system which was shut down by the >government, at great cost to all concerned. These regulations can be >found at 26 CFR 1.6045-1. From subsection (f)(5)(ii), "Scrip is a token >issued by the barter exchange that is transferable from one member or >client, of the barter exchange to another member or client, or to the >barter exchange, in payment for property or services". I think this one >will eventually get the "NetBank" people in trouble. (You call a 900 >number and in exchange for a charge on your phone bill they give you a >digital token you can exchange for property or services by participating >merchants.) Barter exchanges are required to get the names and SS numbers >of all participants and report their transactions to the IRS. This would >be inconsistent with the privacy we seek from ecash. Indeed. This is probably where we have a problem. The only thing I can think of here is that the technology of the internet and it's limitless opportunity for regulatory arbitrage. When you make the possession of a medium of exchange illegal you get the same problems that all closed economies have. With the internet, enforcement is half next to useless (an expression I picked up in Albuquerque a while back...). Like I said to Eric in the last post, it may be the threat of regulatory arbitrage that wins the day here, like it has in the past. To plug the thread a bit here, who should chair the afternoon business-heavy session? *Email* me your suggestions, please... Cheers, Robert Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From an114 at vox.hacktic.nl Sat Aug 6 22:21:41 1994 From: an114 at vox.hacktic.nl (an114 at vox.hacktic.nl) Date: Sat, 6 Aug 94 22:21:41 PDT Subject: Cyphers Out There? Message-ID: <199408070522.AA07732@xs4all.hacktic.nl> :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.6 hEwCTL2DNtw2i0EBAf4joQKrL2wlyfeRCIHGKaIlSnDhfNdSJ3+MPylu1fix0TIr E//Iw3Z9H2rdbVkJ4gyMQrE7kZzpquyys5ia4031pgAAAjb/CvnS8B2ZX0gpx+dh 8+7dS7i0vbwOePbd/6RIMaemyQhc98npIqQqWodr7z4a+hPp9PyBw5tVPa9N29CF 5b/X50eaeK9vuUVAp1qAB247LsqmQ+nWlFtVXlcy2M3AqZFG0KwvGCg1FLcrSIKj 4gEbp+qD42cetTBe3HFY45Xie1tcEVrTblpibIKZ41NgKcGdRJ8s+ivv/tKu+bDh pftPmiJjqIM1hpOtDqAQvlocP/j4RmxrZFCkdtmczAOKPhG0F6B4tmW/GKY7Kfdk 7vfhrMF6+8sAQSXLSp8xSCpjSGT/RsZKRNOLFK8E6QGCk5MToV5FBtCUd7sVSY7H t+GEsVT4KgLq1jdGGwrsegB99K4ttQ0rYxPn5xQUgUNt6ekOK3v2mfUHQbuY2rdf OTN+RHGRiFI8oplVYVUQGo0q/Ghl7P56TSxVZTHTrxRbFDc/xcnflQHsrVHS/9KC xxP3xuZTrCJaXrZEi8xZ2h/gyQB7xT7VdNvFm4KpFapkt9UP510+4YmyN06SSMq7 zSX4lmcihnf1FGt0A3Q5KOjUjzXz4V4xD9BYtC2Tg+Bp+QtVfJTVhSJ8u8tGs0cB LMSHkj5H2RocbhMhpnmm5Lqnwp+UgUWbH2cVNnx51DbAlOt1NrwetjXs75YZbtfw JBgLj2AOfAi5txky+4xZx/S2uSyrwe0OSFTsBXoSonSSRMjkBPjJ/H0d1XU715oN RSxlTlFIlS8GnUlaiq+eYhHp3sbZILS57A== =YwyP -----END PGP MESSAGE----- -------------------------------------------------------------------------- To find out more about the anon service, send mail to help at vox.hacktic.nl Please report any problems, inappropriate use etc. to admin at vox.hacktic.nl Direct replies to the sender of this message are -not- anonymised From jgostin at eternal.pha.pa.us Sun Aug 7 01:49:39 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Sun, 7 Aug 94 01:49:39 PDT Subject: (none) Message-ID: <940807032036K5cjgostin@eternal.pha.pa.us> Blanc Weber writes: > I really meant to ask 'where cypherpunks'. It had been a whole day & > more without the hordes messages and my day seemed empty, without code > or purpose, lacking controversy & jibber jabber. Actually, my response was more of a joke... More than a few people commented on the fact that WHO CYPHERPUNKS is the 'domo command to get a list of subscribers. Your name looked familiar from the list, so I decided to gamble a joke. Guess the joke's on me, eh? :-) --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From jdd at aiki.demon.co.uk Sun Aug 7 04:39:26 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sun, 7 Aug 94 04:39:26 PDT Subject: RemailerNet Message-ID: <4190@aiki.demon.co.uk> In message <9408062108.AA18761 at snark.imsi.com> perry at imsi.com writes: > > Jim Dixon says: > > You can send from a very large network and forge your TCP/IP or > > (more difficult) Ethernet source address. But I can sit on the same > > network, build a table relating TCP/IP to ethernet (or whatever) > > addresses, and filter out messages that should not be there. There > > are commerical packages that do this sort of thing. > > Huh? > > If you are sitting on a network in England, which you appear to be, I > defy you to record anything at all about the ethernet addresses of the > machines that originated this message. [etc] Forgive my casual use of the English language. "A may send from a very large network and forge his or her TCP/IP or Ethernet source address. But if B is on the same network, he or she can build a table ..." The size of the source network is related to the difficulty of determining which machine is forging addresses. If you are ... sorry, one is on a large network, forgery without detection is much easier. Assuming idiocy on the part of correspondents may make for easy and fast responses, but it injects an undue amount of noise. -- Jim Dixon From jdd at aiki.demon.co.uk Sun Aug 7 04:39:44 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sun, 7 Aug 94 04:39:44 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) Message-ID: <4192@aiki.demon.co.uk> In message <9408070005.AA17290 at ah.com> Eric Hughes writes: > In a system that is carrying continuous traffic, random packet delay > is functionally identical to packet reordering. > > OK. Prove it. Here are some difficulties I expect you'll find along > the way. > > First, "continuous traffic" is the wrong assumption; some sort of > multiple Poisson distribution for arrival times is. Sigh. I say "A implies B". You say, "not A, and so proposition is incorrect". In elementary logic, you are wrong. IF the traffic is continuous, THEN random delays introduce reordering. The proposition is completely obvious. Do I really have to spell out a trivial proof? > This is by no > means a hypothetical. The backoff algorithms for TCP had to be > developed because packet streams are not continuous, but bursty. Under this modified assumption, you must remember that I proposed that noise packets be introduced to defeat traffic analysis. The bursts will be smoothed out. Not perfectly. Many of the characteristics of TCP/IP derive from its design being optimized for speed. RemailerNet would give less importance to speed, and more importance to opaqueness to traffic analysis. [snip] > Fourth, the problem is incompletely specified, since the distribution > of random added latencies is not made specific. Correct. You assume details that have not been specified, and then critique them at length. > If messages are fragmented, random delays on sending packets out is > functionally identical to reordering. > > This is false; a system that concentrates on reordering has provably > better average latency that one based only on adding latencies. If a message is fragmented into N packets, and then the dispatch time slot for each packet is assigned randomly, the packets are reordered. [Comments deleted ignore the fact that messages are fragmented, and so are irrelevant.] His arguments also ignore the fact that reordering messages of different lengths is useless as a defense against traffic analysis, suggesting that this is polemic rather than a serious argument. > More importantly, RemailerNet as described defeats traffic analysis by > more significant techniques than reordering. Reordering is a weak > technique. > > WHAT?? > > Anyone else listening to this: I believe the above quoted two > sentences to be distilled snake oil. I say again: reordering is not weak, it is irrelevant if messages are of signficantly different lengths and are not fragmented. > The introduction of noise, 'MIRV'ing of messages, > fragmentation of messages, random choice of packet routes, and > encyphering of all traffic are stronger techniques. > > Encyphering is necessary. Reordering of quanta is necessary. > > "MIRV" messages may actually decrease security; multiple routes may > decrease security; fragmentation may decrease security. Noise > messages may not be resource effective. > All the above claims require > some justification, and I have seen nothing robust yet. If by "the above claims" you mean the preceding two sentences, I do agree. -- +-----------------------------------+--------------------------------------+ | Jim Dixon | Compuserve: 100114,1027 | |AIKI Parallel Systems Ltd + parallel processing hardware & software design| | voice +44 272 291 316 | fax +44 272 272 015 | +-----------------------------------+--------------------------------------+ From jdd at aiki.demon.co.uk Sun Aug 7 04:40:08 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sun, 7 Aug 94 04:40:08 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) Message-ID: <4194@aiki.demon.co.uk> In message <199408070216.TAA09025 at jobe.shell.portal.com> Hal writes: > This suggests, that IF YOU COULD TRUST IT, a single remailer would be just > as good as a whole net. Imagine that God offers to run a remailer. It > batches messages up and every few hours it shuffles all the outstanding > messages and sends them out. It seems to me that this remailer provides > all the security that a whole network of remailers would. > > If this idea seems valid, it suggests that the real worth of a network of > remailers is to try to assure that there are at least some honest ones > in your path. It's not to add security in terms of message mixing; a > single remailer seems to really provide all that you need. Yes, in an ideal world. Each additional remailer introduces another chance of being compromised. But in an ideal remailer network operated by real human beings, you cannot trust the operator. You would prefer that at least the points of entry and exit from the network be different, because this decreases the probability of the message being 'outed' by a very large factor. If you are seriously concerned about legal factors, you would prefer that the remailer gateways be in different legal jurisdictions. However, if you trust the operator and if this trust is guaranteed to be continued forever, the ideal number of remailers is one. -- Jim Dixon From perry at imsi.com Sun Aug 7 05:19:35 1994 From: perry at imsi.com (Perry E. Metzger) Date: Sun, 7 Aug 94 05:19:35 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <199408070228.WAA26202@zork.tiac.net> Message-ID: <9408071220.AA19695@snark.imsi.com> Robert Hettinga says: > Is it possible to accurately estimate the cash transaction load of an > economy? I bet that if we could, you'd see that the data from each > transaction would cause the problem news servers have by several orders of > magnitude. The information would get dumped pretty frequently. This is > probably the same problem the NSA has now picking out signals to listen in > on, but running down an audit trail is different, it's a historical > process. Since you don't know whose transactions you need, you need to > keep them all. True, this doesn't keep TLAs from trying trying to drink > from a firehose, or more to the point, to free-dive to the bottom of the > Marianas Trench (if they could keep all of the data), or high-dive into a > wading pool (if they couldn't). Hmmm... It is perfectly feasable to track all financial transactions in the U.S., down to the "quarter for a phone call" level, without eliminating all capacity to use the data or placing more than, say, another several percent burden on the cost of all transactions. I know how to architect such a system, and I'm sure that I'm not the only one. It would be a big job, but not an impossible one, especially not with modern computer systems. A several percent burden on the economy would be devistating, but from the point of view of the bureaucrats it probably isn't such a bad thing. I feel that it is inevitable that the folks in Washington will eventually come to the conclusion that such systems are needed -- the boys at FINCEN will start bawling for them, and the drug warriors will want them, and the rest of us are all just a bunch of folks who are upset that we couldn't go to woodstock because we had to do our trig homework... Perry From perry at imsi.com Sun Aug 7 05:24:22 1994 From: perry at imsi.com (Perry E. Metzger) Date: Sun, 7 Aug 94 05:24:22 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <199408070251.WAA26419@zork.tiac.net> Message-ID: <9408071224.AA19705@snark.imsi.com> Robert Hettinga says: > At 7:09 PM 8/6/94 -0700, Hal wrote: > >There are two legal problems that I could see being used against digital > >cash. The first is the civil war era prohibition on banks issuing private > >bank notes. > > Where you stand on this one depends on where you sit. ;-). It seems to me > that one could just as easily treat digicash as securities denominated in > dollars, just like shares in a money market mutual fund, or more to the > point, the actual money market instruments, repos, for instance. It's going Robert, you don't understand. The U.S. is not governed by laws any more. In the financial community, every action you perform is illegal. The only way that you stay out of jail is by being nice to the bureaucrats. They allow money market funds, even though they technically violate a dozen laws, because they feel like it. They could prohibit them if they felt like it, too. The bureaucrats aren't going to want digicash, so they are going to find plenty of excuses to prohibit it. You can't do legal hacks in an environment like this. It doesn't work. If the bureaucrats don't like you, they shut you down, and there is not a damn thing you can do about it, period. True, you can leave the country and do your business there -- I know several hedge funds that already refuse to take any customers from the U.S. because they don't want the headaches, and there are other similar things happening in lots of other parts of the financial industry. However, don't think you can finesse the folks at the Fed, the IRS, the Treasury, and the SEC -- they are monsters, and they won't be stopped by the courts. Perry From mimir at io.com Sun Aug 7 05:34:25 1994 From: mimir at io.com (Al Billings) Date: Sun, 7 Aug 94 05:34:25 PDT Subject: Latest mention in Wired Message-ID: I noticed in the Sat Pirate article in the latest Wired (which I finally read this evening), there is a mention of the Cypherpunks in connection to PGP and opposition to the creation of a Police State. Page 128, I think. -- Al Billings mimir at io.com http://io.com/user/mimir/asatru.html Nerd-Alberich Admin for Troth - The Asatru E-mail List Lord of the Nerd-Alfar Sysop of The Sacred Grove - (206)322-5450 Poetic-Terrorist Lodge-Master, Friends of Loki Society From rah at shipwright.com Sun Aug 7 08:07:15 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 7 Aug 94 08:07:15 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408071506.LAA29437@zork.tiac.net> At 8:20 AM 8/7/94 -0400, Perry E. Metzger wrote: >It is perfectly feasable to track all financial transactions in the >U.S., down to the "quarter for a phone call" level, without >eliminating all capacity to use the data or placing more than, say, >another several percent burden on the cost of all transactions. I know >how to architect such a system, and I'm sure that I'm not the only >one. It would be a big job, but not an impossible one, especially not >with modern computer systems. A several percent burden on the economy >would be devistating, but from the point of view of the bureaucrats it >probably isn't such a bad thing. Ahh. Perry to the rescue. This is even better than being technologically impossible. Economic impossibility is *just* as physical (I cite the failure of command economies like the USSR and Cuba as my evidence) as is technology, and since we're looking for a business case here, your reply comes in at the nick of time. One more point for regulatory arbitrage. That "several percent" deducted from the gross domestic product of a nation could tip the balance of it's international competitiveness, and could forgo that country's requirement for trapdoor ecash. The threat of that could be enough to shoot down the idea on this side of the American border. Parkinson's law holds that organizations like bureaucracies tend to expand to use all their available resourcess. But it's a law of biology that a parasite doesn't kill its host. Does your Forbin project above include the ability to store and retrieve *all* transactions down to a quarter phonecall permanently? ObThreadPlug: Here's my panel categories for the afternoon "where do we go" session: Chair: Famous Software/Biz Heavy or TechnoVisionary 1. Internet access provider, 2. Underwriter, 3. Financial Operations Person, 4. Regulator or Lawyer, 5. Politician. Any other ideas?? Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sun Aug 7 08:07:53 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 7 Aug 94 08:07:53 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408071507.LAA29453@zork.tiac.net> At 8:24 AM 8/7/94 -0400, Perry E. Metzger wrote: >Robert, you don't understand. The U.S. is not governed by laws any >more. In the financial community, every action you perform is illegal. >The only way that you stay out of jail is by being nice to the >bureaucrats. This reminds me of my criminology class in college. The prof's main point was that there is no crime, particularly organized crime. It is all just illegal business. There was some research done in Seattle in the early 60's. The researchers discovered that practically every business could be found to be breaking a serious law in Seattle's byzantine city code. Vending machines were illegal, for instance. This allowed cops to shake down anyone they pleased. It also allowed a sizable criminal class to exist, because those people just paid the cops and went about their business. There was reason to believe that all this was done on purpose to enhance the income of various politicians at the top of the payoff tree. Of course, vending machines were everywhere, particularly in cash-based businesses like resturaunts and bars. This could be extended to people in the main business district as well. Their "fees" may not be so much outright bribes, but campaign contributions, "donations" to a politician's favorite charity or civic event, investments in a politician's business activities, and of course, taxes. >They allow money market funds, even though they >technically violate a dozen laws, because they feel like it. They >could prohibit them if they felt like it, too. The bureaucrats aren't >going to want digicash, so they are going to find plenty of excuses to >prohibit it. You can't do legal hacks in an environment like this. It >doesn't work. If the bureaucrats don't like you, they shut you down, >and there is not a damn thing you can do about it, period. Democracy is in fact mob rule, with various Robbespierres guillotining people to keep the crowd happy. Michael Milken was one of those people who got it in the neck, not so much because what he did was wrong (it was) in the eyes of the people who pulled him down, but because he was too good at what he did and thought he could ignore the crowd. Hubris. So, we have to include Mme LaFarge in our thinking. I believe that legal hacks are necessary, but not sufficient. The economic necessity of ecash, the business case, has to be demonstrated. We can't really know whether it will work unless it's tried. We can't really do that until the "civic authorities" let us put up the vending machines. To do that, we need to be able to incent their cooperation. The possibility of profit furthers that discussion enormously. If regulatory agencies can be convinced to allow non-bank banking ala Fidelity, and a multi-billion dollar industry can result, than it might be possible to allow a non-treasury currency (with proper controls of money supply, to keep Uncle Miltie happy) on the promise of another multi-billion dollar industry. In the above quote you're assuming that they aren't going to want ecash, that they won't find plenty of excuses to allow it. The point is, we have to make the bureaucrats *like* us. The best way to get that to happen is to talk about the business e$ could create. It is a proven fact that sizable proportions of regulatory officials leave their agencies for jobs in the markets they regulate. If there's to be a market on the other side of that revolving door, they have to help us out a little. It was ever thus. Columbus did it. Brahe did it. Oppenheimer did it. Friedman did it with the Chicago Mercantile Exchange. Hell, even Lysenko did it and made it stick for 50 years even when the science was bogus. Fortunately, we don't have our dear comrade, the "Man of Steel", to back us up. > >True, you can leave the country and do your business there -- I know >several hedge funds that already refuse to take any customers from the >U.S. because they don't want the headaches, and there are other >similar things happening in lots of other parts of the financial >industry. However, don't think you can finesse the folks at the Fed, >the IRS, the Treasury, and the SEC -- they are monsters, and they >won't be stopped by the courts. Ever since I've been old enough to understand English, I've heard the various libertarians and ultraconservatives in my family say that they had Seen the Golden Age of America and It's Over Now. I have no idea if they, or you, are right about that. (Not to call you either of those political labels, I know better.) The Roman Empire mutated into the Holy Roman Empire (can you say "Byzantine"?, I knew ya could) and lasted another 1000 years before it was sacked by the Turks in the 1400's. People did business in Constantinople the day the place burned; they were doing business there the day after it burned. If there's a market, there'll be a business. If there's a business there'll be excess money (profits). If there's excess money, there'll be politicians, elected or otherwise. However, it's a stupid parasite which kills it's host, and that's what I'm counting on here. Cheers, Bob Hettinga ObThreadRelevance: Anyone have speaker/demo ideas for the morning "intro to e$" session? ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From werewolf at io.org Sun Aug 7 08:12:11 1994 From: werewolf at io.org (Mark Terka) Date: Sun, 7 Aug 94 08:12:11 PDT Subject: A Helpful Tip for Impatient Souls In-Reply-To: <199408062123.OAA03921@zero.c2.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <199408062123.OAA03921 at zero.c2.org>, you wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Tommy the Tourist (Anon User) wrote: > > Welcome back, Tommy, we missed you! Hope you're enjoying your > new (CSUA) "home"... (Time for everyone to update their > "chain.ini" file, BTW.) > How come? Has soda gone down or something? Or has there been an address change? -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkRJ/EyJS+ItHb8JAQGmjwQAjaceBiHUi3x5d/KmhKuxPQTYWlwrm0mM kRtXwEGNNhsfzr0o+oPp8VXIweFVlnDFoRBHhlZTWMvfZhJkG9HwHbzhuPbdPiMY mSI2E+gGgc4Wh/nEBas0ql1zhsDbZq7mgdVt2S+jtxdvSL3nRm8j/pcODFVF6XAZ Q2i8IZS07wI= =5dxU -----END PGP SIGNATURE----- From hughes at ah.com Sun Aug 7 10:11:33 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 7 Aug 94 10:11:33 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) In-Reply-To: <4191@aiki.demon.co.uk> Message-ID: <9408071643.AA18197@ah.com> Sigh. I say "A implies B". You say, "not A, and so proposition is incorrect". No, I say that messages distributions are not continuous, so the model which assumes they are is not the right model. IF the traffic is continuous, THEN random delays introduce reordering. I've never said they didn't induce some reordering. That's not my point, which is about known and not merely suspected properties of systems. Cryptography is about assurances as well as actual security. Information security is a negative property; it works when nothing bad happens, and something bad may happen without it being directly observed. Since one can't always see an actual cryptosystem failure, unlike, say, a robbery, the way to extend the security is by understanding what is possible. And for understanding, proof is always better than intuition, guessing, or supposition. I'll reiterate again. Reordering is what yields privacy, directly. Adding latency adds privacy ONLY insofar as it adds reordering. If you feel like you have to have a latency based system, fine, but the understanding of just how much reordering such systems actually induce is still lacking. It does not suffice to wave hands and say it induces 'enough' reordering. You need to know how much, and that takes a calculation, which has not been done yet. Furthermore, I demonstrated two reasons why latency-based systems are less efficient in implementation than reordering-based systems. So, in upshot, latency based reordering is not only less efficient, but also less well understood. Until someone comes up with a latency-based scheme which can't be algorithmically modified to make a more efficient reordering system, and has similar memory usage, and until someone does some calculations on just how much reordering is induced by various latency schemes, I will continue to call latency based mixing by the name snake oil. > Fourth, the problem is incompletely specified, since the distribution > of random added latencies is not made specific. Correct. You assume details that have not been specified, and then critique them at length. By not specifying exactly what distribution of latencies you're talking about, I assume that you are making a universal claim about latency-adding systems with _any_ distribution. I do not see you claiming that there exists some special distribution that makes latency systems work, because for implementation you actually have to exhibit one. Therefore, I point out that this is another lack of understanding. And I _know_ that if you haven't thought before about the issue of the distributions of the added latencies that you haven't thought very hard about the cryptanalysis of such systems. His arguments also ignore the fact that reordering messages of different lengths is useless as a defense against traffic analysis, suggesting that this is polemic rather than a serious argument. Oh, really? You even quoted me explicitly not ignoring the issue: > Encyphering is necessary. Reordering of quanta is necessary. The phrase "reordering of quanta" seems perfectly clear to me. Eric From hughes at ah.com Sun Aug 7 10:23:58 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 7 Aug 94 10:23:58 PDT Subject: Latency vs. Reordering In-Reply-To: <199408070216.TAA09025@jobe.shell.portal.com> Message-ID: <9408071655.AA18215@ah.com> This suggests, that IF YOU COULD TRUST IT, a single remailer would be just as good as a whole net. If you could trust it and if it were large enough. There's scaling reasons to use multiple remailers as well. Consider a network of mailers running on a private network with link encryptors. Whenever you join two nodes with a full-time link encryptor you remove the information about message arrival and departure, which is to say that you remove all the remaining information not already removed by encryption and reordering. In other words, two remailers (physical) hooked up with link encryptors are almost the _same_ remailer for purposes of traffic analysis, and almost only because of the link latency and relative bandwidth. Likewise, multiple remailers hooked up with link encryptors all collapse to the same node for traffic analysis. Open links between two remailers which are connected otherwise by a path of encrypted links turn into an edge from the collapsed remailer set back onto itself. Simulating any of the salient features of a link encryptor over the Internet is an interesting exercise, particularly in regard to price negotiation with your service provider. Eric From hfinney at shell.portal.com Sun Aug 7 10:32:32 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 7 Aug 94 10:32:32 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) In-Reply-To: <4194@aiki.demon.co.uk> Message-ID: <199408071733.KAA21999@jobe.shell.portal.com> jdd at aiki.demon.co.uk (Jim Dixon) writes: >In message <199408070216.TAA09025 at jobe.shell.portal.com> Hal writes: >> If this idea seems valid, it suggests that the real worth of a network of >> remailers is to try to assure that there are at least some honest ones >> in your path. It's not to add security in terms of message mixing; a >> single remailer seems to really provide all that you need. >Yes, in an ideal world. Each additional remailer introduces another >chance of being compromised. Once again I find myself with an understanding that is exactly the opposite of Jim's. I must be missing the point of his network design. In the remailer networks I am familiar with, each additional remailer introduces another chance of being uncompromised, rather than being compromised! Only if all the re- mailers in the chain are cooperating and logging messages can they recon- struct the path my message took. If any one remailer is honest, my message is successfully mixed with the others. A design in which any one remailer in the chain can compromise the privacy of the user seems to have a very big flaw. >But in an ideal remailer network operated by real human beings, you cannot >trust the operator. You would prefer that at least the points of entry >and exit from the network be different, because this decreases the >probability of the message being 'outed' by a very large factor. If >you are seriously concerned about legal factors, you would prefer that >the remailer gateways be in different legal jurisdictions. Yes, this makes a lot of sense. Use different jurisdictions to make attacks by government agencies more difficult, use multiple remailers in a chain, etc. I just don't follow the earlier comment which suggests a different model of information exposure than I use. Hal From hughes at ah.com Sun Aug 7 10:52:24 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 7 Aug 94 10:52:24 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <199408070228.WAA26202@zork.tiac.net> Message-ID: <9408071723.AA18249@ah.com> Is it possible to accurately estimate the cash transaction load of an economy? I have some 1992 USA figures on this. The number of checks was 58 billion (58 * 10^9). The number of card transactions was 12 billion. There were about 2 billion other electronic transfers. 72 billion total. Cashless transactions are about a tenth (roughly, this is from memory) of the total. So as a first cut, assume about one trillion (10^12) transactions to be tracked per year. Assume 1/8 Kbyte per transaction (that's a lot). If you stored transactions on 8 Gbyte tapes, that's 2^40 xact * 2^7 bytes/xact * 2^-33 tapes/byte = 2^14 tapes, or about 16 thousand. A robotic retreival device for 16 thousand tapes is certainly feasible; I've seen a similar system for about 2 thousand 9-track tapes -- it was feeding a Cray 2 at Livermore in their fusion center. Now that's just storage, not the whole system. But it's apparent from these estimates that a real system is certainly affordable, and, possibly, relatively inexpensive as such totalitarian devices go. Remember, "suspects" (10^-3 of the population) can be filtered out before hitting tape and stored on about 128 Gbytes of hard disk, for very fast retreival and realtime analysis. When *every* business transaction can be scrutinized (as much as physically possible, per above) at any time, for any reason the government deems necessary, it makes a sizable business case *for* traceable electronic cash. This is probably the place to put the lever on the business community. It might be, but remember that in making the case to business, the financial privacy, such as it exists today, is _not_ "at any time, for any reason". It might be in the future, but then you're making a perceived-weaker argument. Non-recorded transactions exist already. It's keeping them from dissapearing that we're really talking about here. The number of non-recorded transactions, however, is dropping. The largest class, cash, got some reporting requirements clamped on it recently. We are talking about both ensuring that the current non-recorded transactions stay that way and allowing for non-recorded electronic transactions in the future. It might be the threat of international deployment and regulatory arbitrage which brings them around, and fires up the lobbying apparatus on our side of the issue. With that in mind, shouldn't you have your first conference in London, invite a bunch of US bankers, and raise the issue explicitly? As soon as you can get different countries competing for revenue, you're more than halfway home. On the other hand if those reporting requirements are frictionless, they don't *need* to fight it, do they... Nope. And remember, the divide-and-conquer is likely already starting. The first bank to provide FINCEN with a live transaction feed will likely see some regulatory hurdles fall, no? Eric From hughes at ah.com Sun Aug 7 10:59:47 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 7 Aug 94 10:59:47 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <199408070251.WAA26419@zork.tiac.net> Message-ID: <9408071731.AA18270@ah.com> >There are two legal problems that I could see being used against digital >cash. The first is the civil war era prohibition on banks issuing private >bank notes. It seems to me that one could just as easily treat digicash as securities denominated in dollars, [etc.] It didn't occur to me before, but you could also have 'nonbank notes'. If the issuer isn't a bank, does the regulation still apply? Eric From perry at imsi.com Sun Aug 7 11:19:33 1994 From: perry at imsi.com (Perry E. Metzger) Date: Sun, 7 Aug 94 11:19:33 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <9408071731.AA18270@ah.com> Message-ID: <9408071819.AA20194@snark.imsi.com> Eric Hughes says: > It didn't occur to me before, but you could also have 'nonbank notes'. > If the issuer isn't a bank, does the regulation still apply? If it doesn't the simple expedient of the Fed ruling that you are a bank would screw you up nicely. If all else fails, they will just pass a new law, so as to prevent the evil Child Pornographers, Terrorists, Drug Dealers and the rest from using this horrible new technology. I'm not sanguine about the possibilities of getting any of what we would like through regulatory and legislative hurdles. The regulators have taken ten years just to eliminate the restrictions on interstate banking, and they still haven't quite done the job yet (although hopefully the restrictions will go away by '96 or so.) They understood that stuff fairly well. They probably won't understand digital cash as well, although it will probably be even worse for us if they do. Perry From jrochkin at cs.oberlin.edu Sun Aug 7 11:47:10 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Sun, 7 Aug 94 11:47:10 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) Message-ID: <199408071847.OAA17445@cs.oberlin.edu> > What I think is a better idea was proposed here last year, and I think > someone was doing it for a while. It is for someone to volunteer to > be the keeper of the remailer aliveness information. He runs scripts > every day to ping the remailers, keeps lists of which remailers are > currently active, and so on. This does seem like a better idea, except for one thing: Everybody has got to trust the Keeper of the Aliveness Info. I'm not sure how much of a problem this is, nor am I sure that the newsgroup method neccesitates any less trust. But I do think that a system where all trust doesn't lie in any one entity is desirable, and I think that such a system is going to have to be decentralized like netnews, rather then centralized . The other problem that a centralized system imposes is that if the Keeper Of Aliveness Info goes down, everyone is scrambling to find a new one. This doesn't seem like a major problem, but again, an ideal system wouldn't have this flaw. From jdd at aiki.demon.co.uk Sun Aug 7 11:50:46 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sun, 7 Aug 94 11:50:46 PDT Subject: Improved remailer reordering Message-ID: <4210@aiki.demon.co.uk> In message <9408062320.AA17234 at ah.com> Eric Hughes writes: > About message mixing: > > A measure that is used for situations like this is entropy. > > Indeed. This is exactly the mathematical measure for what I've called > "privacy diffusion" in a remailer network. It is, namely a measure of > of the uncertainty to a watcher of what ingoing message corresponds to > what outgoing message. > > As soon as you begin to write down some of the equations for this > value, several things become distinct possibilities: > > -- duplicate messages may decrease security > -- retries may reduce security > -- interactive protocols may reduce security > -- there is such a thing as a needlessly lengthy remailer path > -- noise messages might not be worth the bother > -- multiple different routes may reduce security > > One thing becomes blaringly obvious: > > -- it's reordering that's mathematically significant; that's what goes > directly into the equations. On thing is glaringly obvious: if you use the wrong assumptions, you will get the wrong answers. Imagine a RemailerNet (v0.2) that maintained a fixed level of traffic between gateways. Messages are injected into the system at various gateways and emerge at various gateways. All traffic between gateways is encrypted. All traffic takes the form of packets of the same length, perhaps 1024 bytes. [It is possible that a much smaller packet size might be desirable, specifically the ATM packet size, with 48 bytes of data payload.] Messages are fragmented according to policies at the entry gateway. Intervening gateways may or may not further fragment incoming packets according to gateway policy. The exit gateway is responsible for reassembling packets into messages. The routing of packets is randomized to some extent. Message transmission is guaranteed to be reliable in the sense that either the message will get there or the sender will be told that it didn't. Users desiring a high level of security are required to participate in the game. They must accept and send a fixed number of packets at each connection. These users should be responsible for packetizing their own messages when sending and assembling their own messages when receiving. They must encrypt all communications with gateways. These 'empowered' users are in fact operating RemailerNet gateways. It is likely that different levels of gateway would have to be defined, depending upon the degree of physical control that the operator had over the gateway and the level of resources that he or she was willing to devote to RemailerNet operations. Entry level users would communicate using ordinary email. Major gateway operators would communicate using RemailerNet protocols over TCP/IP. Time is measured in this system in steps. Each step corresponds to the dispatch of one set of packets. The relationship between 'step time' and chronological time will vary from link to link. This system will tolerate an arbitrary level of traffic. Over time the level of traffic (in bytes/sec) would be some multiple of the average volume (bytes/sec) of messages carried. The gateways would automatically adjust the traffic level. [Probably it should rise quickly and fall gradually.] The functioning of the system as a whole makes it very difficult to do any kind of realistic traffic analysis. Any reordering of messages is performed at the packet level. In general, the messages do not exist as wholes along the lines connecting the gateways, so a discussion of their reordering is a good way to waste time. A detailed mathematical analysis of what makes the system difficult to attack would itself be quite difficult. But I would suggest that the key factors are the fragmenting of messages, the use of fixed length packets, the systematic introduction of noise, and random delays in dispatching packets. [The random delays reorder the packets and they also introduce noise -- an unused timeslot is filled with a noise packet.] If, of course, your equations include only measures of the reordering of messages, your results will depend only upon measures of reordering of messages. -- Jim Dixon [this is not a complete or final description of RemailerNet] [v0.2 but should be sufficient to encourage a few attacks ] From die at pig.jjm.com Sun Aug 7 14:36:58 1994 From: die at pig.jjm.com (Dave Emery) Date: Sun, 7 Aug 94 14:36:58 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <9408071220.AA19695@snark.imsi.com> Message-ID: <9408072140.AA04971@pig.jjm.com> > It is perfectly feasable to track all financial transactions in the > U.S., down to the "quarter for a phone call" level, without > eliminating all capacity to use the data or placing more than, say, > another several percent burden on the cost of all transactions. > > Perry > Already, at least here in the northeast, virtually all credit card transactions are on-line verified - it would take relatively little additional effort to capture additional transaction details including ID from our spiffy new national ID card and a more specific description of what was bought. And many supermarkets around here now do a substantial part of their business via debit or credit cards and checks - the added burden of converting everything over to watchable on-line electronic transactions is probably not measured in percent per transaction but in fractions of a percent. The major investment in on line retail infrastructure has already been made in most cases, what needs to be added is just some additional software and a more legally binding ID card. One suspects that the cost of physically handling cash, providing security for it and so forth is actually quite comparable to costs of such a cashless electronic regime. Outlawing cash is indeed (unfortunately) quite practical. If I had to guess as to what *the major* domestic target of wideband electronic surveillance and monitoring by the TLAs is licit or illict, I would name the credit card authorization data streams. Probably that and interbank wire and check clearing transfers consitute much the largest cross section of data being watched regularly. And I am unclear as to whether such surveillance, with the tacit consent of the banks and credit card companies of course, is obviously and specifically illegal. Dave Emery From rah at shipwright.com Sun Aug 7 14:59:50 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 7 Aug 94 14:59:50 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408072158.RAA02422@zork.tiac.net> At 2:19 PM 8/7/94 -0400, Perry E. Metzger wrote: >The regulators >have taken ten years just to eliminate the restrictions on interstate >banking, and they still haven't quite done the job yet (although >hopefully the restrictions will go away by '96 or so.) It really isn't to most of the individual banking entities' advantage for interstate banking to exist because almost all of them would merged out of existence. It isn't the regulators' fault; it's a wonder they got this far as fast as they did, and that's primarily because the foriegn markets are driving the regulators to it. Regulatory arbitrage. If there was a clearcut financial advantage to interstate banking to First Podunk Bank and Trust, it would have happened already. >They understood >that stuff fairly well. They probably won't understand digital cash as >well, although it will probably be even worse for us if they do. Which, I believe, is the point of this thread. It's time to shuck and jive a bit. If it can be demonstrably proved that a market exists, that there's some boards of directors for those hoary old regulators to sit on in their golden years, then there's a chance to make retail trade settlement a reality. You can't do that without a legimate test, and you can't get that without mau-mauing the regulators some, eh? Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sun Aug 7 14:59:51 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 7 Aug 94 14:59:51 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408072158.RAA02419@zork.tiac.net> At 10:31 AM 8/7/94 -0700, Eric Hughes wrote: > >There are two legal problems that I could see being used against digital > >cash. The first is the civil war era prohibition on banks issuing private > >bank notes. > > It seems to me > that one could just as easily treat digicash as securities denominated in > dollars, [etc.] > >It didn't occur to me before, but you could also have 'nonbank notes'. >If the issuer isn't a bank, does the regulation still apply? OK. Your question has two parts. First, Eric, what exactly do you mean by 'nonbank notes'. Like the kind issued by corporations in the money markets, or Amex Traveller's Checks?. Second, we need a lawyer. This is a good thing, 'cause a you can't hack laws without a lawyer (most of the time, anyway...), and (ObThreadRelevance) we need one to pitch this stuff to other lawyers (regulators, et. al.) anyway... In search of Vinnie "the Pro" Bono, honorable second cousin of the esteemed mayor of Palm Springs, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sun Aug 7 14:59:51 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 7 Aug 94 14:59:51 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408072158.RAA02425@zork.tiac.net> At 10:23 AM 8/7/94 -0700, Eric Hughes wrote: >It might be, but remember that in making the case to business, the >financial privacy, such as it exists today, is _not_ "at any time, for >any reason". It might be in the future, but then you're making a >perceived-weaker argument. Ah, my Burroughsian hyperbole strikes again... Gotta get that AJ subroutine fixed... > It might be the threat of > international deployment and regulatory arbitrage which brings them around, > and fires up the lobbying apparatus on our side of the issue. > >With that in mind, shouldn't you have your first conference in London, >invite a bunch of US bankers, and raise the issue explicitly? As soon >as you can get different countries competing for revenue, you're more >than halfway home. One could accuse you wanting to get a "deductable junket" to Europe here ;-), and you might be right about doing it in London, but it seems to me that to present a xenophobic argument to the American banking community, it's best do to that on American soil. Without sounding too parochial, it's entirely possible to incite greed in the international markets with leaving home. I really want to get regulators into the same room, also. The site I have in mind is six blocks from the Federal Reserve Building in Boston. Boston is, you understand, the fulcrum of the universe, even if the long end of the lever finishes up somewhere about Berkeley... > > On the other hand if those reporting > requirements are frictionless, they don't *need* to fight it, do they... > >Nope. And remember, the divide-and-conquer is likely already >starting. The first bank to provide FINCEN with a live transaction >feed will likely see some regulatory hurdles fall, no? JargonQuery(FINCEN?) I'm having fun now. Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From blane at squeaky.free.org Sun Aug 7 16:38:30 1994 From: blane at squeaky.free.org (Brian Lane) Date: Sun, 7 Aug 94 16:38:30 PDT Subject: CreditCard info Message-ID: An interesting sideline - I ran into an interesting situation at a local video rental place yesterday. If you give them your credit card number they charge you .25 less a tape to rent it(2.75 compared to 3.00) Your number goes into their customer databse. I laughed, and said i'd rather pay the .25 a tape than take the chance of some part-time HS kid getting ahold of my CC number. It's unbelieveable (to me anyway) that people would give this kind of information out and trust that it can't be abused. It's bad enough that we're asked to hand out our SS number for everything. Brian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From hughes at ah.com Sun Aug 7 16:54:00 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 7 Aug 94 16:54:00 PDT Subject: Improved remailer reordering In-Reply-To: <4210@aiki.demon.co.uk> Message-ID: <9408072325.AA18643@ah.com> Imagine a RemailerNet (v0.2) that maintained a fixed level of traffic between gateways. This is exactly what I was talking about when I posted earlier about link encryptors, and effective collapse of nodes for traffic analysis purposes. Traffic analysis of mixes and remailers assumes, as an abstraction, that all the messages going into and coming out of a particular node are visible. As soon as you remove this condition, the analytical situation changes completely. And it changes for the better, since the reduction in observed information can only improve security. Message arrival and departure times are not irrelevant, and their removal gives less useful information. The desired net result is a single node for traffic analysis purposes. But even for a single node, estimates of reordering still need to be made. The problem with implementation of link encryption is, like everything else, cost. Link encryption off the Internet requires dedicated lines. Link encryption on the Internet likely won't get you into trouble now, but likely will be an issue as subsidies go away. In general, the messages do not exist as wholes along the lines connecting the gateways, so a discussion of their reordering is a good way to waste time. You still have to worry about reordering in the network as a whole. The system you've described has reassembly done at the endpoints, who might not be the final receiver. I pass over the flaw of lack of message quantization in the final sending of reassembled messages. We may assume for discussion that they're all the same length. Now, you still need to calculate the likelihood that a particular outgoing message is the same message as a particular incoming message. These probabilities have to do with message reordering. You still need to do the calculation. Eric From ianf at simple.sydney.sgi.com Sun Aug 7 17:30:05 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Sun, 7 Aug 94 17:30:05 PDT Subject: URGENT: Please Tell Congress to Allow Encryption Export In-Reply-To: <3922@aiki.demon.co.uk> Message-ID: <9408081028.ZM11026@simple.sydney.sgi.com> On Aug 5, 5:53pm, Jim Dixon wrote: >> Imagine this: you're a politician. If you're a US politician in particular >> you will be correctly told that you are, by virtue of your position, a target >> for a lot of "extremeist" groups and terrorism. [etc] > This has little to do with being a politician and even less with being > a US politician. People at all levels everywhere at all times are willing > to pay for what they perceive as additional security. The original point was an explanation as to one of the reasons why politicians can do unaccountable 180 degree turns of opinion when entering politics. As such it had everything to do with being a politician. Your point that it is a manifestation of a more general desire for security is valid, but you missed the main point at issue here. Ian. From v-garthb at microsoft.com Sun Aug 7 17:43:54 1994 From: v-garthb at microsoft.com (Garth Brown (Semaphore Software)) Date: Sun, 7 Aug 94 17:43:54 PDT Subject: CreditCard info Message-ID: <9408080045.AA26869@netmail2.microsoft.com> ---------- | From: Brian Lane | It's unbelieveable (to me anyway) that people would give this kind of | information out and trust that it can't be abused. It's bad enough that | we're asked to hand out our SS number for everything. It's my understanding that it's technically illegal for anyone to require your SSN for anything if they are not using it for SS related purposes. I had heard that congress passed a law when SSNs were issued to this effect. Am I hallucinating, or has someone else heard this too?! garthB> ---------------------------------------------------------------------- ------- Garth S. Brown, Semaphore Corporation 122 South Jackson Street, Suite 350 garthb at semaphore.com Seattle, Washington 98104 InterNIC WHOIS: GB(31) -Public key available via finger of garthb at semaphore.com -PGP2.6 Key fingerprint = 65 0E 48 A1 F7 38 DB 03 3F 77 77 9E B5 53 2E 96 ---------------------------------------------------------------------- ------- All problems can be solved with the proper application of high explosives. From blane at squeaky.free.org Sun Aug 7 18:02:30 1994 From: blane at squeaky.free.org (Brian Lane) Date: Sun, 7 Aug 94 18:02:30 PDT Subject: CreditCard info In-Reply-To: <9408080045.AA26869@netmail2.microsoft.com> Message-ID: On Sun, 7 Aug 1994, Garth Brown wrote: > > ---------- > | From: Brian Lane > | It's unbelieveable (to me anyway) that people would give this kind of > | information out and trust that it can't be abused. It's bad enough that > | we're asked to hand out our SS number for everything. > > It's my understanding that it's technically illegal for anyone to require > your SSN for anything if they are not using it for SS related purposes. > I had heard that congress passed a law when SSNs were issued to this > effect. > > Am I hallucinating, or has someone else heard this too?! > I have also heard this. At school they ask you for your SSN when signing up for classes, but you can get a random id number assigned instead(I found this out long after giving them my SSN). I filled out a credit app at Sears last month that asked for my SSN, I didn't give it and didn't get credit either. What exactly is SS related use? Banks, Employment only? BRian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From jrochkin at cs.oberlin.edu Sun Aug 7 18:02:49 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Sun, 7 Aug 94 18:02:49 PDT Subject: remailer ideas Message-ID: <199408080103.VAA23382@cs.oberlin.edu> My newsgroup-RemailerNet ideas seem to be getting mixed reviews, but I think that part of the p roblem is that some people don't understand what I'm trying to accomplish. There are several features I think are extremely desirable in a remailernet infrastructure, which our current infrastructure doesn't accomplish, and which no proposed infrastructure that I've seen accomplishes either. I'm not certain my newsgroup/pinging idea addresses these concerns, either, but I'm going to lay them all out, and y'all can see what you think. These points aren't distinct, I realize. They're all interrelated somewhat. 1) New remailers should be able to enter the "remailernet" easily, and with a minimum of human intervention. If I decide to run a remailer, the infrastructure should provide a way to make it visible to all other particpants in the remailer net, other remailers and users. Whether the other participants make use of it or not, is another question, and would presumably depend on a web-of-trust kind of situation. But currently, someone who wants to stay current with this kind of info basically has to read cypherpunks, and take notes when people announce new remailers. Better, would be if this sort of "new remailer" info could be distributed automatically, to both users and other remailers. 2) Remailers should be able to leave the remailernet without devestating it. If my remailer is temporarily, or permanently, down, the remailernet should route around it. Again, the current way for operators to announce this would basically be to post to cypherpunks list, and maybe alt.security.pgp too. If other remailernet particpants miss the announcement, havok can ensue. If a middle link of your remailer chain is down, all you know is your messages aren't getting to their destination, you won't know which link is down. We shouldn't require all particpants to read cypherpunks religiously, and if an operator isnt' conscientious enough to post to the expected places, it shouldn't be fatal. Both users and remailers should have an automatic way of finding out about down remailers. 3) Remailers themselves should have a way of automatically learning the topography of the remailernet. If we want to form a cohesive black-box remailernet, remailers are going to need this info. Maybe they're sending fake padding between themselves to thwart traffic analysis. Maybe they're encrypting with the key of the next remailer down the line automatically for you. I don't know enough about it to know what methods are best, but it seems probable from discussion that remailers are going to need to do something that requires knowing about all the other remailers, and their PGP keys and such. 4) Users should have a way of learning the topography of the remailernet too. A way which doesn't require so much human intervention. I should be able to tell my software "send an anon message to X, put 10 links in the remailer chain," and it will do it. To use the remailer net, I shouldn't need to read cypherpunks in order to keep track of all various remailers, and which are up, and which are down. My software should do that for me. And again, your software doesn't need to use all the remailers that it knows about, it can rely on web-of-trust based on PGP signatures and such. [Although I'm not certain this is neccesary, as I've come to the same conclusion as Hal Finney: as long as you've got one (or maybe two) trustworthy remailers in the chain, you are pretty much okay. Although Jim Dixon points out that a concerted effort by the TLAs could make even finding one trustworthy remailer a serious chore. But this is an implementation problem; we're talking theory here at the moment.] 5) No one entity participating in the remailer net structure should be able to compromise the security of the net acting alone. For example, An "evil remai ler" operating solely for the purpose of compromising the remailernet shouldn't be fatal. This is a matter of degree to some extent: if everyone but you is "evil", you're going to be out of luck in just about any system. But the more robust the infrastructure is, the more evil participants it can handle before it cracks, the better. The current remailer net actually fulfills this requirement fairly well, but it's an important one, and worth noting anyhow. Now I think the infrastructure I've proposed that uses a newsgroup, as well as a pinging mechanism, fulfills all these requirements. But I'm not going to try to defend it now, instead, what do you all think about those requirements? Are they all in fact neccesary? Or desirable? Are there any more that should be added? Can you think of any infrastructure systems that might fill some or all of them? From karn at unix.ka9q.ampr.org Sun Aug 7 18:06:27 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Sun, 7 Aug 94 18:06:27 PDT Subject: IDEA vs DES Message-ID: <199408080106.SAA01619@unix.ka9q.ampr.org> Now that I've got DES running about as fast as it can go on the 486, I did a little analysis on IDEA. The algorithm is definitely more straightforward to implement than DES, but not necessarily that much faster. It uses three primitive operations, all on 16-bit quantities: XOR, ADD and multiplication modulo 65537. Each encryption involves 48 XORs, 34 adds and 34 multiplies, plus a few exchanges. The multiplies are a problem. On the 486, a 16x16 integer multiply takes from 13-26 clocks, depending on how many significant bits there are in the multiplicand. Random data usually has 15-16 significant bits, so this distribution is probably weighted more toward the 26 clock figure. So I count an optimistic total of 990 clocks per 64-bit encryption, assuming plenty of registers (which I don't have), not counting the modular reduction steps for each multiply, and ignoring the memory references for the subkeys. I figure my DES code is currently taking about 1300 clocks per encryption. So IDEA won't be much faster, though it may be more secure. Anybody know the speed of the integer multiply instruction on the various PowerPC chips? Along with modular exponentiation and vocoders, which also do a lot of multiplies, it looks like fast multiplication is becoming rather important in secure communications. Phil From peace at BIX.com Sun Aug 7 19:00:11 1994 From: peace at BIX.com (peace at BIX.com) Date: Sun, 7 Aug 94 19:00:11 PDT Subject: e$ Message-ID: <9408072158.memo.40958@BIX.com> I can recall that many years back the casinos in Las Vegas all accepted the chips from the other ones and then had a great exchange each day where the accounts were settled up. Even the gift shops took chips in place of cash. The US Treasury put a stop to this as it was considered to be a replacement for cash. Also I hear a lot about bearer bonds, but never in the US. OTOH the NYC subways have started a cash card that they expect merchants to accept in lieu of coins. It would be nice to know what the Feds will or won't accept. BTW, does it matter if the e$ are US denominated? Could e$ be presented as travelers checks? The possibilities here are extremely interesting. - - - Bob said> However, it's a stupid parasite which >kills it's host, and that's what I'm counting on here. Not really true. All parasites kill their host or they would not be considered parasites (ie. live at the EXPENSE of the host). The only question is how quickly the host dies. There is an entire epidemiology of parasitism, ie. which strategies are best for the parasite. The virulent ones must be able to find a new host quickly, the ones that can't exit quickly rely on the host living for a long time. There was a good article in SciAm on this a little while back. Also remember, it is the US Supreme Court which ruled that the power to tax is the power to destroy. Sounds like as good a definition of parasitism as any. Peace From nobody at shell.portal.com Sun Aug 7 19:43:25 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sun, 7 Aug 94 19:43:25 PDT Subject: CreditCard info Message-ID: <199408080244.TAA25091@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- Brian Lane asked: > I filled out a credit app at Sears last month that asked for my SSN, I > didn't give it and didn't get credit either. What exactly is SS related > use? Banks, Employment only? Employers are REQUIRED to obtain an SSAN for tax purposes, as are banks for reporting interest, etc. to the IRS. Regarding credit, they generally ask for an SSAN because that's the "unique personal identifier" that most credit bureaus index your records by (and still screw them up, even then!). --- Diogenes -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkWV9+Rsd2rRFQ1JAQHKqAP/UISqmaWkX/n+4NwlpL6GBOxPVfcS6af+ zWU8SCpqNcdZWic1ioDq60vO1sji8zBf0jeoOfUXPaNQkcdKGp61y4gxbSZOoqBH VtDSuHCY35X+3ihCFwhp9pshqIWwJTTxvJ9KA6DMZhKM5V5nAC8+GBD7Ofhr81gZ RHPtr/Y2Tgo= =azV1 -----END PGP SIGNATURE----- From hfinney at shell.portal.com Sun Aug 7 20:13:53 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 7 Aug 94 20:13:53 PDT Subject: Improved remailer reordering In-Reply-To: <9408072325.AA18643@ah.com> Message-ID: <199408080314.UAA26470@jobe.shell.portal.com> hughes at ah.com (Eric Hughes) writes, quoting Jim Dixon: > Imagine a RemailerNet (v0.2) that maintained a fixed level of > traffic between gateways. >This is exactly what I was talking about when I posted earlier about >link encryptors, and effective collapse of nodes for traffic analysis >purposes. Traffic analysis of mixes and remailers assumes, as an >abstraction, that all the messages going into and coming out of a >particular node are visible. As soon as you remove this condition, >the analytical situation changes completely. So, I guess what you are saying is, two remailer nodes connected by a fully-encrypted link which carries dummy traffic so the data rate is constant (and hence effectively invisible) can be thought of as one node for some purposes. So let me ask: how does a network which contains these two nodes compare with one which has only a single node in their place? I can see three models to compare. The first is a single node network. The second is a tightly-coupled two-node network with link encryption so no information is available on the traffic between them. Messages will be sent into and out of this pair of nodes in such a way as to maximize entropy of distribution. The third is a loosely-coupled two-node network where the nodes are used as a Chaum-style cascade, but with half the messages going in each direction. For the first network, if the bandwidth into (and hence out of) the single node is N, we get the maximal possible confusion, as I suggested before. If the total bandwidth into the remailer network is N, then the tightly-coupled two-node network might average N/2 into each of the nodes, with N/2 out of each of them. For maximal confusion, half of the incoming data would be sent over to come out of the other node, so we have N/4 going in each direction on the link. The net result is that the two-node net has each node with a bandwidth of 3/4 N coming in (and going out) to attain the confusion level of an ideal one-node system. This is superior in per-node bandwidth but greater in total network bandwidth. As for security against corrupt operators, this gives some improvement over a one-node system, but not as much as with two independent nodes. In this model, only half the messages go through both nodes, so only half get the benefit of a two-node chain. (Also, as I suggested before, we might question whether two node operators who were able to cooperate and trust each other well enough to set up this kind of link would be truly independent.) For the third model, two nodes connected by an ordinary link and used as two-node chains, each node now has an input bandwidth of N: N/2 from users (who choose each node at random as the first of the chain), and N/2 from the other remailer (where the node is acting as the second of the chain). So we have paid a price in bandwidth, with each node carrying N, and a total net bandwidth of 2N. But we have gained in security against operator malfeasance: all messages now go through both remailers and if either one is hiding the mapping then it is lost. So, there appears to be some tradeoffs between bandwidth savings and security against dishonest operators. It will be interesting to see how these results extend to larger numbers of nodes. Hal From nobody at ds1.wu-wien.ac.at Sun Aug 7 21:05:01 1994 From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at) Date: Sun, 7 Aug 94 21:05:01 PDT Subject: Tommy the Tourist's New Home Message-ID: <9408080404.AA29726@ds1.wu-wien.ac.at> -----BEGIN PGP SIGNED MESSAGE----- werewolf at io.org (Mark Terka) asked: > > Tommy the Tourist (Anon User) wrote: > > > > Welcome back, Tommy, we missed you! Hope you're enjoying your > > new (CSUA) "home"... (Time for everyone to update their > > "chain.ini" file, BTW.) > How come? Has soda gone down or something? Or has there been an address > change? Soda was down for a week while it was moved to a different location. The new address is "remailer at soda.csua.berkeley.edu". I'm told that the old address will continue to work for a limited time, but it's best to get in the habit of using the correct one. I also understand that the crypto archives have also moved, but I'm not really sure of the details. --- Diogenes -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkWDGuRsd2rRFQ1JAQH9UQP/Y5IVnEPiOVtxYmaakHMxK9huPvdsOqsC qgaH9OUKEc6MDVz7NWI/ZtW9V8FqMGfEXEN0a4rMuvgyeq5P2VgqOuMWUcOOKwKP m8jEioG+AoJy6ZWRdufz8rkkc7rU73s9a2Xfktf62rG0PSjs7g9xJrjXPCKSk+PT 2iq18F2sBPo= =5LAw -----END PGP SIGNATURE----- From adam at bwh.harvard.edu Sun Aug 7 21:47:39 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sun, 7 Aug 94 21:47:39 PDT Subject: Digicash address? Message-ID: <199408080448.AAA08240@bwh.harvard.edu> Could someone send me contact information for David Chaum's Digicash company? An email address would be great... Thanks in advance, Adam From blane at squeaky.free.org Sun Aug 7 21:49:59 1994 From: blane at squeaky.free.org (Brian Lane) Date: Sun, 7 Aug 94 21:49:59 PDT Subject: CreditCard info In-Reply-To: <199408080244.TAA25091@jobe.shell.portal.com> Message-ID: On Sun, 7 Aug 1994 nobody at shell.portal.com wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Brian Lane asked: > > > I filled out a credit app at Sears last month that asked for my SSN, I > > didn't give it and didn't get credit either. What exactly is SS related > > use? Banks, Employment only? > > Employers are REQUIRED to obtain an SSAN for tax purposes, as are banks for > reporting interest, etc. to the IRS. Regarding credit, they generally ask > for an SSAN because that's the "unique personal identifier" that most credit > bureaus index your records by (and still screw them up, even then!). > > --- Diogenes > Yep, you give them the numbers and they still mess it up. My boss's credit report had him with 2 Sears cards, one not his. My friend's credit report showed that he had a lein agains his house(he doesn't own one), a reposses car(not true), garnished(sp?) wages(not true). Pretty sad. I guess a nation ID card/number/barcode/embedded microchip would solve this, wouldn't it? I can see us making the progression - in 10 years all newborns will have a small uP implanted into their hand(ala Demolition Man) that will keep track of all their electronic data. Scares the crap out of me. Brian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From tcmay at netcom.com Sun Aug 7 22:00:21 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 7 Aug 94 22:00:21 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) In-Reply-To: <199408070216.TAA09025@jobe.shell.portal.com> Message-ID: <199408080501.WAA27022@netcom7.netcom.com> I've left the subject line unchanged, to show an unusual _triple nesting_ of subjects! Also, I just got back after a weekend away, and so am only now seeing these interesting messages about remailers, entropy, etc. A subject of great interest. Hal Finney writes: > I had an interesting thought. Remailer networks are hard to analyze, > with messages whizzing this way and that. But Tim pointed out that if > you have N messages coming in to the network as a whole and N going > out, all that zigging and zagging really can't do much better than > N-fold confusion. Yes, in _principle_, the theory is that Alice could be the only the remailer in the universe, and still the "decorrelation" of incoming and outgoing messages would be good. For example, 100 messages go in, 100 leave, and no one can make a better 1 chance in 100 chance of matching any single input to any output. From a _legal_ point of view, a wild guess, hence inadmissable, blah blah. (From a RICO point of view, to change subjects, Alice might get her ass sued. Or a subpoena of her logs, etc. All the stuff we speculate about.) But we can go further: a single remailer node, or mix, that takes in 1 input and produces 2 outputs breaks the correlation capability as well. However, we all "know" that a single remailer doing this operation is in some very basic way less "secure" (less diffusing and confusing, less entropic) than a network of 100 remailers each taking in hundreds of messages and outputting them to other remailers. Why--or if--this hunch is valid needs much more thinking. And the issues need to be carefully separated: multiple jurisdictions, confidence/reputation with each remailer, etc. (These don't go to the basic mathematical point raised above, but are nonetheless part of why we think N remailers are better than 1.) By the way, there's a "trick" that may help to get more remailers established. Suppose by some nefarious means a message is traced back to one's own system, and the authorities are about to lower the boom. Point out to them that you are yourself a remailer! This is more than just a legalistic trick. Indeed, as a legalistic trick it may not even work very well. Nonetheless, it helps to break the notion that every message can be traced back to some point of origin. By making all sites, or many sites, into remailers, this helps make the point that a message can never be claimed to have been traced back "all the way." There are lots of interesting issues here, and I see some vague similarities to the ideas about "first class objects"...in some sense, we want all nodes to be first class objects, capable of being remailers. (There's an even more potentially interesting parallel to digital banks: admit the possibility of everybody being a digital bank. No artificial distinction between "banks" and "customers." Helps scaling. And helps legally. I'm not saying we'll see this anytime soon, especially since we have no examples of digital banks, period. But a good vision, I think.) > This suggests, that IF YOU COULD TRUST IT, a single remailer would be just > as good as a whole net. Imagine that God offers to run a remailer. It > batches messages up and every few hours it shuffles all the outstanding > messages and sends them out. It seems to me that this remailer provides > all the security that a whole network of remailers would. > > If this idea seems valid, it suggests that the real worth of a network of > remailers is to try to assure that there are at least some honest ones > in your path. It's not to add security in terms of message mixing; a > single remailer seems to really provide all that you need. Yes, which is why increasing N increases the chance that at least one non-colluding remailer is being used. A trick I have long favored--and one I actually used when we played the manual "Remailer Game" at our first meeting--is to *USE ONE'S SELF* as a remailer. This still admits the possibility of others being colluders, but at least you trust yourself and get the benefits described above. [The alert reader will not that a spoofing attack is possible, as with DC-Nets, in which all traffic into your node is controlled in various ways. The graph partition work Chaum does, and others who followed him do (Pfaltzmann, Boz, etc.), is very important here.] Practically speaking, we need to see hundreds of remailers, in multiple legal jurisdictions, with various policies. Messages routed through many of these remailers, including one's own remailer, should have very high entropies. I still say that a formal analysis of this would make a nice project for someone. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From rarachel at prism.poly.edu Sun Aug 7 22:06:57 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 7 Aug 94 22:06:57 PDT Subject: CIA eating internet email & usenet news In-Reply-To: Message-ID: On Wed, 3 Aug 1994, Brian Lane wrote: > > See this week's Computerworld. Anyone have a scanner they can post this > > article up with? I'm not up to typing it... > > What do you mean by email monitoring, their own or ours? Maybe we > should bombard them with encrypted copies of the Digital Telephony bill? Don't know for sure. That article was a bit too vague as tot he exact nature of the data vacuuming. I suspect however that while Computerworld may be quite vague all by its self, the CIA wasn't too talkative as to what they'd eat up. However, you can bet that any TCP/IP packets sent through their hardware will duplicate themselves on their hard drives. It's certain that they will eat up usenet news. They mentioned that the reason that this system is up is so that they can do research, but in such a way as to prevent traffic/question analysis of their querries so as to prevent others from finding out just what they're working on. Who knows, maybe they'll get accounts on internet providers or use anon mail to post their querries, but "They're here!" I certainly wouldn't put it past them to read any email they can though. :-( =============================================================================== | + ^ + || ' . . . . . . . Ray (Arsen) Arachelian || | \|/ || . . . ' . ' . : . . rarachel at photon.poly.edu || |<--+-->||. . . |' '| .' . . ... ___ sunder at intercom.com || | /|\ || . . \___/ . . . : .... __[R] || | + v + || . oOOo /o.O\ oOOo :. : .. |A| "And bugs to kill before I sleep"|| =========/---vvvv-------VVVV------------|I|----------------------------------/ / . : . ' : ' |D| This signature pannel is / / The Next Bug to kill(tm) --- now open. / /___________________________________________________________________/ From tcmay at netcom.com Sun Aug 7 22:13:49 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 7 Aug 94 22:13:49 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) In-Reply-To: <4194@aiki.demon.co.uk> Message-ID: <199408080514.WAA28015@netcom7.netcom.com> Jim Dixon writes: (quoting Hal Finney) > > If this idea seems valid, it suggests that the real worth of a network of > > remailers is to try to assure that there are at least some honest ones > > in your path. It's not to add security in terms of message mixing; a > > single remailer seems to really provide all that you need. > > Yes, in an ideal world. Each additional remailer introduces another > chance of being compromised. No, I'm afraid you have this backwards. A remailer cannot introduce a chance of increase the chance of being compromised. (I'm assuming that nested encryption is used, as all "ideal mixes" should use this, cf. Chaum. The bastardized version we play around with, in which encryption is skipped, is entirely unsecure.) Perhaps I am misunderstanding you (Jim) here, but in no conceivable way can I imagine that "Each additional remailer introduces another chance of being compromised." Perhaps each additional remailer can increase the chance of not forwarding the mail properly--as might be done in a denial of service attack--but this does not mean security is compromised. The remailer chain as strong as strongest link point that Hal and others have made. > However, if you trust the operator and if this trust is guaranteed to be > continued forever, the ideal number of remailers is one. Since the trust in remailers in not unity, and since the addition of remailers can only increase security and not decrease it, the ideal number of remailers is greater than one. Else, using the "trick" I described in my last post, simple establish that one is a remailer and then stop bothering with other remailers. (Not that I recommend this, for various reasons.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From rarachel at prism.poly.edu Sun Aug 7 22:15:03 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 7 Aug 94 22:15:03 PDT Subject: Digital Telephony bill, August 1 draft (fwd) Message-ID: ---------- Forwarded message ---------- Date: Thu, 4 Aug 1994 21:17:35 -0400 (EDT) From: Sal Denaro To: Arsen Ray Arachelian Subject: Re: Digital Telephony bill, August 1 draft (fwd) >From panix!MathWorks.Com!europa.eng.gtefsd.com!library.ucla.edu!agate!headwall.Stanford.EDU!cindy.stanford.edu!user Thu Aug 4 21:03:35 1994 Path: panix!MathWorks.Com!europa.eng.gtefsd.com!library.ucla.edu!agate!headwall.Stanford.EDU!cindy.stanford.edu!user From: rogo at forsythe.stanford.edu (Mark Rogowsky) Newsgroups: comp.sys.intel,comp.sys.powerpc Subject: Re: IBM Power-PC future In article , issa at cwis.unomaha.edu (Issa El-Hazin) wrote: > * OS/2 and NT. > Microsoft's Windows NT will probably become the OS of choice > for the IBM PPS's and the Intel PCI local-bus will be the only > bus offered with IBM's new machines. Now wasn't a main idea with > the new architecture is to compete/get ride of the MS/Intel > dominance so IBM/Apple can start making a good buck again! OS/2 > for the PowerPC (previously known as WorkPlace OS) keeps on getting > delayed and when it's finally released, I don't think it will compete > with Windows NT 3.5. Beside being a very robust OS, NT is also > available for Intel, MIPS, DECs, and other workstations and its' > been out for a while. Your chip-mania is lunacy... Let's try a new lens... Q2,'95, PPC 604 in machines, chip costs around $400 at 100MHz. Q4,'95 P6 in machines, chip costs around $1100 at 133MHz. PPC 604 matches P6 performance (or betters it) with 133MHz and 150MHz versions. 100MHz version is $250. Developers routinely recompiled Win32 apps for PPC. PPC 620 shipping in quantity. Initial price, $999. AMD K5 variants and Cyrix M1 variants begin really annoying Intel by matching all P5 performance points with lower prices. The ensuing price war begins chopping away something from Intel's gargantuan profits. Q1,'96 P6 machines now available in quantity. Few willing to pay the high price. Really fast P5s keep those not looking for change quite happy. Some, looking for price/performance, begin thinking about PPC machines. Q2,'96 PPC620 machines ship. Faster 604s, P5s, P6s, abound. Nothing can touch 620 in the PC marketplace. Machines expensive. PPC604 chip price now at about $150. P6 at about $750. Q4,'96 Word of the PowerPC 800 series just swept Comdex (IBM and Moto did a big show on the new series). Systems should begin appearing in 12-18 months. Intel cloners becoming really annoying. IBM, making money selling PPC systems, also has figured out what Intel already knows: you can make more money selling whole logic boards to PC cloners rather than just chips. Using Cyrix technology, they are cutting deeper into the P5-class x86 business. Intel/HP briefing ignored. Who cares about a chip coming out in two years? Gateway and Dell merge but keep identities separate. HP again considers buying Apple. Q2,'97 Intel fights back with much cheaper P6s and much faster ones. First PPC 800 series silicon is becoming available. Q4,'97 PPC running 800 SPECint. Q2,'98 Intel/HP first silicon using VLIW technology. Compatible with existing x86 binaries. Intel encouraging ISVs to write to the "native mode" of the new chips, though. That was fun.... IBM's PPCs will have preemption, threads, telephony, video, etc. (as soon as they ship). Macs will have threads, telephony, video, etc. (as soon as 7.5 ships). I don't think lack of preemption will kill, or even severely wound, Apple's efforts to keep -- and perhaps increase -- its market share. Also, that PnP stuff and multimedia will still be better on Macs (because they've always been plug and play and because QuickTime is really going to win the race over Video for Windows -- call Bell Atlantic if you disagree). *** should have been posted to alt.prose :> sal at panix.com Yes, I use PGP. Salvatore Denaro Live fast, Die young, Hack C++ My heart is broke/but I have some glue Sex, Drugs and Cryptography. Help me inhale/and mend it with you From an118 at vox.hacktic.nl Sun Aug 7 23:06:14 1994 From: an118 at vox.hacktic.nl (an118 at vox.hacktic.nl) Date: Sun, 7 Aug 94 23:06:14 PDT Subject: No Subject Message-ID: <199408080606.AA26364@xs4all.hacktic.nl> I saw an interesting post in sci.crypt last week about a particular cypher. I think it ws called "The Penknife Cypher" or something along those lines. I guess I have been so PGP oriented that i've sort of stuck my head in the sand and ignored other possibilities regarding encryption. ARE there any other good cypher's out there, suitable for e-mail usage? And more importantly, are they readily available, likely through ftp from some European source. I guess it doesn't matter how popular they are, but how secure they are. I'd be interested in a strong one for usage between a couple of friends and myself. The keys could be spread via PGP and then I suppose we could start using the cypher. Any ideas? Or is my best bet to pickup Schneir's Applied Cryptography and use an algorithim from that? -------------------------------------------------------------------------- To find out more about the anon service, send mail to help at vox.hacktic.nl Please report any problems, inappropriate use etc. to admin at vox.hacktic.nl Direct replies to the sender of this message are -not- anonymised From nobody at CSUA.Berkeley.EDU Sun Aug 7 23:10:57 1994 From: nobody at CSUA.Berkeley.EDU (Tommy the Tourist (Anon User)) Date: Sun, 7 Aug 94 23:10:57 PDT Subject: TOMMY THE TOURIST IS COMPROMISED DON'T USE IT Message-ID: <199408080611.XAA16299@soda.CSUA.Berkeley.EDU> Tommy the Tourist is compromised, it is possible to trace who sent the message from the anonymous remiler called "Tommy the Tourist" Anonymity cannot be assured, please direct anonymous traffic through other anonymous remailers. ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 8 lines: :: Response-Key: the-clipper-key ====Encrypted-Sender-Begin==== MI@```%Q^&2?(E ---------- | From: "Pat Farrell" | | I'm sure that you are correct. I talked just this past Friday to | David Banistar at EPIC/CPSR on this. But the law seems to | be mostly ignored, as is the fact that SSN's are not unique. | | The key is, what do we do about it? I routinely refuse to give my SSN to agencies that have no government affiliation. I've been hassled for this stance, and frequently refused service/credit. My phone company demanded an exorbitant deposit because I wouldn't give them my SSN when signing for service. I am greatly disturbed by the amount of personal information currently available on an individual, and accessible with keys as simple as SSN, full name, and mother's maiden name. I, however, have no clue what to do other than continue to refuse to supply data whenever possible. garthB> ------------------------------------------------------------------------------ Garth S. Brown, Semaphore Corporation 122 South Jackson Street, Suite 350 garthb at semaphore.com Seattle, Washington 98104 InterNIC WHOIS: GB(31) -Public key available via finger of garthb at semaphore.com -PGP2.6 Key fingerprint = 65 0E 48 A1 F7 38 DB 03 3F 77 77 9E B5 53 2E 96 ------------------------------------------------------------------------------ All problems can be solved with the proper application of high explosives. From v-garthb at microsoft.com Sun Aug 7 23:44:41 1994 From: v-garthb at microsoft.com (Garth Brown (Semaphore Software)) Date: Sun, 7 Aug 94 23:44:41 PDT Subject: Looking for info on PGP enabling mail apps. . . . Message-ID: <9408080646.AA29668@netmail2.microsoft.com> i'm looking for info on enabling automatic PGP signing of mail messages from PINE and ELM. Perhaps i'm babbling about something in a FAQ i missed, in which case i'll filter flames to /dev/null. =) thanks garthB> ------------------------------------------------------------------------------ Garth S. Brown, Semaphore Corporation 122 South Jackson Street, Suite 350 garthb at semaphore.com Seattle, Washington 98104 InterNIC WHOIS: GB(31) -Public key available via finger of garthb at semaphore.com -PGP2.6 Key fingerprint = 65 0E 48 A1 F7 38 DB 03 3F 77 77 9E B5 53 2E 96 ------------------------------------------------------------------------------ All problems can be solved with the proper application of high explosives. From jgostin at eternal.pha.pa.us Mon Aug 8 01:03:01 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Mon, 8 Aug 94 01:03:01 PDT Subject: Anonymous Transport Agents (Was: Latency vs. Reordering) Message-ID: <940808023733B6Mjgostin@eternal.pha.pa.us> hughes at ah.com (Eric Hughes) writes: > Simulating any of the salient features of a link encryptor over the > Internet is an interesting exercise, particularly in regard to price > negotiation with your service provider. I'm about to branch into the limits of my knowledge on this particular topic: I run a DOS site under a heavily modified version of Waffle (1.65 base), so the Unix-ish transport mechanisms are a tad out of my realm of knowledge. With that in mind... Suppose an encryption-savvy mail transport agent, say ESMTP, was developed. Further suppose that part of handshaking protocol for this transport protocol included an ENCRYPTED reverse lookup on IP identities to check that the message is actually coming from where it claims it's coming from. Suppose again that the results of this lookup were only checked for correctness (boolean), and then discarded WITHOUT LOGGING, or at least with minimal logging. If the reverse lookup was TRUE (IE: the sending machine was who it said it was), the message was accepted. If it failed, the message would be accepted, and then sent to the bit bucket. In this model, one could provide anonymous transportation of anonymous mail FOR EVERY MACHINE ON INTERNET providing that the original message wasn't forged. All that would be required (beyond running ESMTP) is an encrypted version of the return address (a la Soda remailer) to be placed some predetermined place in the message. This seems too easy: What am I missing? Have I actually come up with a way to do this? --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From beker at netcom.com Mon Aug 8 01:21:44 1994 From: beker at netcom.com (Brian Beker) Date: Mon, 8 Aug 94 01:21:44 PDT Subject: Latest mention in Wired In-Reply-To: Message-ID: > I noticed in the Sat Pirate article in the latest Wired (which I finally > read this evening), there is a mention of the Cypherpunks in connection > to PGP and opposition to the creation of a Police State. Page 128, I think. Who cares. A mention of WIRED in cypherpunks is far more noteworthy. The lag time inherent in magazine production, particularly a magazine dealing with the expansion of cyberspace, is oxymoronic. Here, at least there is immediacy combined with no whit of concern for the expectations of readership. Wired isn't even worth reading any more. BB From sidney at taurus.apple.com Mon Aug 8 02:48:57 1994 From: sidney at taurus.apple.com (Sidney Markowitz) Date: Mon, 8 Aug 94 02:48:57 PDT Subject: CreditCard info Message-ID: <9408080949.AA18980@apple.com> [various people speculated about legality of a company requiring your SSN] There's a Social Security Number FAQ posted regularly on alt.privacy, and also available from the usual usenet FAQ sites. It says that government agencies in the U.S. have restrictions regarding asking for and using your SSN, but private sector organizations do not. There's a lot more detail, but I don't need to repeat it here. -- sidney From jdd at aiki.demon.co.uk Mon Aug 8 03:07:04 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Mon, 8 Aug 94 03:07:04 PDT Subject: Improved remailer reordering Message-ID: <4283@aiki.demon.co.uk> In message <9408072325.AA18643 at ah.com> Eric Hughes writes: > Imagine a RemailerNet (v0.2) that maintained a fixed level of > traffic between gateways. > > This is exactly what I was talking about when I posted earlier about > link encryptors, and effective collapse of nodes for traffic analysis > purposes. Traffic analysis of mixes and remailers assumes, as an > abstraction, that all the messages going into and coming out of a > particular node are visible. As soon as you remove this condition, > the analytical situation changes completely. There is little difference between RemailNet v0.1 and v0.2 in this regard. Fragmenting messages into packets of fixed length, randomizing routing, and noise injection were all present in v0.1. > The problem with implementation of link encryption is, like everything > else, cost. Link encryption off the Internet requires dedicated > lines. I think that there is some confusion here. Time is defined in terms of steps, each one of which represents the dispatch of one packet. The packets can be received and dispatched in batches. > In general, the messages do not exist > as wholes along the lines connecting the gateways, so a discussion of > their reordering is a good way to waste time. > > You still have to worry about reordering in the network as a whole. > The system you've described has reassembly done at the endpoints, who > might not be the final receiver. I pass over the flaw of lack of > message quantization in the final sending of reassembled messages. > We may assume for discussion that they're all the same length. You need not pass over the 'flaw of lack of message quantization in the final sending'. Someone running a private high security gateway, an "empowered user", participates in the same way as the other RemailerNet gateways, and there is in fact no way to determine even whether he is sending or receiving, or in fact whether he is doing anything at all. He may be just sending and receiving noise packets. Users accessing the net using low security versions of the software do have less security, but that is a consequence of their use of low security software. > Now, you still need to calculate the likelihood that a particular > outgoing message is the same message as a particular incoming message. > These probabilities have to do with message reordering. You still > need to do the calculation. Some of the discussion here is at cross purposes. My focus has been on specifying a system which is itself very difficult to attack using cryptoanalytic techniques. An "empowered" user of RemailerNet v0.2 who sends messages via a system which acts as a gateway need not worry very much about traffic analysis. A user whose access to RemailerNet is via a low security system will be exposed to a higher level of risk. Which factors are the most important element in causing risk depend upon the nature of the traffic through the system and the size and geographic distribution of the network itself. A functioning RemailerNet with widely distributed gateways and at least a moderate level of traffic from at least a moderate number of widely distributed users is not easily subjected to what I might call external traffic analysis. Essentially, you make a model of the system which removes many of the features that defeat traffic analysis and then say, hey, this thing is easily subject to traffic analysis. Well, if you go far enough, sure. -- Jim Dixon From mimir at io.com Mon Aug 8 03:10:46 1994 From: mimir at io.com (Al Billings) Date: Mon, 8 Aug 94 03:10:46 PDT Subject: Latest mention in Wired In-Reply-To: Message-ID: On Mon, 8 Aug 1994, Brian Beker wrote: > > > I noticed in the Sat Pirate article in the latest Wired (which I finally > > read this evening), there is a mention of the Cypherpunks in connection > > to PGP and opposition to the creation of a Police State. Page 128, I think. > > > Who cares. A mention of WIRED in cypherpunks is far more noteworthy. > The lag time inherent in magazine production, particularly a magazine > dealing with the expansion of cyberspace, is oxymoronic. Here, at least > there is immediacy combined with no whit of concern for the expectations > of readership. Wired isn't even worth reading any more. Thank you for sharing (not). There are some people here interested in media references to the Cypherpunks. If you aren't, that's your business. From perry at imsi.com Mon Aug 8 05:00:38 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 8 Aug 94 05:00:38 PDT Subject: amateur ciphers In-Reply-To: <199408080606.AA26364@xs4all.hacktic.nl> Message-ID: <9408081200.AA21156@snark.imsi.com> an118 at vox.hacktic.nl says: > I saw an interesting post in sci.crypt last week about a particular cypher. > I think it ws called "The Penknife Cypher" or something along those lines. > I guess I have been so PGP oriented that i've sort of stuck my head in the > sand and ignored other possibilities regarding encryption. > > ARE there any other good cypher's out there, suitable for e-mail usage? The only really reasonable symmetric key ciphers out there in publically described form these days are DES, 3-DES and IDEA. There are a couple of things that may be okay, but which aren't out in the public literature (RC2 and RC4), a couple of things that are likely okay but which we are REALLY not going to find anything out about for a while (Skipjack :-) and a couple of things that are promising (like Coppersmith's new SEAL stream cipher, which looks quite interesting indeed.) Periodically, on sci.crypt and on this list, flakey people post their latest bathtub cipher. Most of these are extremely poor. Sometimes people post long dissertations on their new cipher, which last for tens of pages full of what the authors imagine to be extremely scholarly commentary. Sometimes these people get very angry that no one is responding to their comments. Don't use these ciphers. There are also people out there who are "talented amateurs" or "experimenting professonals" who post experimental ciphers that they've come up with that they know probably aren't that great but which they discuss in public. These shouldn't be used, either, but they are more interesting to look at. Constructing a cipher which is actually safe for real use is a VERY difficult thing. Most amateurs don't even know why their attempts are silly looking. Don't assume that because something is posted to the net that its safe to use. Perry From rah at shipwright.com Mon Aug 8 05:46:46 1994 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 8 Aug 94 05:46:46 PDT Subject: CreditCard info Message-ID: <199408081244.IAA08135@zork.tiac.net> At 11:49 PM 8/7/94 -0500, Brian Lane wrote: > ....in 10 years all >newborns will have a small uP implanted into their hand(ala Demolition >Man) that will keep track of all their electronic data. Scares the crap >out of me. We just had thread about that. I had brought up Gerry O'Neill's old book "2081", which had a discussion of buying things by picking them up and walking away with them (everything, including you, had an identifying transponder). There was some talk about Xerox PARC's work with transponders in their "Ubiquitous Computing" office concept. What I didn't understand was how to implement Esther Dyson's idea about people owning all their personal information and protecting all that "property" with strong crypto. Paradoxically, I bet both these ideas (transponders and personal information as property through strong crypto) can work together. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From tc at phantom.com Mon Aug 8 05:54:32 1994 From: tc at phantom.com (Dave Banisar) Date: Mon, 8 Aug 94 05:54:32 PDT Subject: Digicash address? In-Reply-To: <199408080448.AAA08240@bwh.harvard.edu> Message-ID: You can reach David Chaum at chaum at digicash.nl -dave On Mon, 8 Aug 1994, Adam Shostack wrote: > > Could someone send me contact information for David Chaum's > Digicash company? An email address would be great... > > Thanks in advance, > > Adam > From blane at squeaky.free.org Mon Aug 8 07:39:46 1994 From: blane at squeaky.free.org (Brian Lane) Date: Mon, 8 Aug 94 07:39:46 PDT Subject: Looking for info on PGP enabling mail apps. . . . In-Reply-To: <9408080646.AA29668@netmail2.microsoft.com> Message-ID: On Sun, 7 Aug 1994, Garth Brown wrote: > i'm looking for info on enabling automatic PGP signing > of mail messages from PINE and ELM. > > Perhaps i'm babbling about something in a FAQ i missed, > in which case i'll filter flames to /dev/null. =) > > thanks This depends on your setup. I am running PGPsendmail on my Linux box. This is a wrapper for sendmail/smail that allows automatic encryption to specified recepients, adn per mail encryption and signing through the use of a X-Secure: command line. If you are reading your mail on a remote machine you might be able to talk the sysadmin into installing this program, or you might try one of the scripts out there(look at soda.berkeley.edu in /pub/cypherpunks/utilities I think?) Brian ---------------------------------------------------------------------------- Linux : The choice of a GNU generation | finger blane at free.org witty comments pending | for PGP key and subLit ---------------------------------------------------------------------------- From hfinney at shell.portal.com Mon Aug 8 07:58:11 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 8 Aug 94 07:58:11 PDT Subject: Anonymous Transport Agents (Was: Latency vs. Reordering) In-Reply-To: <940808023733B6Mjgostin@eternal.pha.pa.us> Message-ID: <199408081457.HAA07967@jobe.shell.portal.com> Jeff Gostin writes: > Suppose an encryption-savvy mail transport agent, say ESMTP, was >developed. Further suppose that part of handshaking protocol for this >transport protocol included an ENCRYPTED reverse lookup on IP identities >to check that the message is actually coming from where it claims it's >coming from. Suppose again that the results of this lookup were only >checked for correctness (boolean), and then discarded WITHOUT LOGGING, or >at least with minimal logging. If the reverse lookup was TRUE (IE: the >sending machine was who it said it was), the message was accepted. If it >failed, the message would be accepted, and then sent to the bit bucket. I can see two problems. First, at least the first machine on the trans- port path will see both your origin address and your destination address. So it is in a perfect position to do traffic analysis. Many users may not have the ability to control which machine this is since routing is usually automatic these days. Second, if each machine simply saves a message and sends it on, then even if the messages are encrypted there will probably be timing relationships between the incoming and outgoing messages which will allow them to be linked. So someone monitoring the intersite communication channels may be able to track a message through the network just by noticing when it comes into and goes out of each node. This is why Chaum introduces message batching and mixing at each node. Hal From hfinney at shell.portal.com Mon Aug 8 08:02:43 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 8 Aug 94 08:02:43 PDT Subject: Improved remailer reordering In-Reply-To: <4283@aiki.demon.co.uk> Message-ID: <199408081502.IAA08127@jobe.shell.portal.com> jdd at aiki.demon.co.uk (Jim Dixon) writes: >You need not pass over the 'flaw of lack of message quantization in >the final sending'. Someone running a private high security gateway, >an "empowered user", participates in the same way as the other RemailerNet >gateways, and there is in fact no way to determine even whether he is >sending or receiving, or in fact whether he is doing anything at all. >He may be just sending and receiving noise packets. >Users accessing the net using low security versions of the software do >have less security, but that is a consequence of their use of low >security software. I could see this would come up in Jim's description. Who exactly are these "empowered users"? And how much security do the second-class citizens ac- tually get? Will it work for everyone to become "empowered", or are there scaling problems in terms of bandwidth? It seems to me that the most sensible approach is to make message fragmen- tation into standard-sized packets, along with reassembly, be at the end user site. This way everyone becomes a first-class citizen. Hal From jdd at aiki.demon.co.uk Mon Aug 8 08:11:13 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Mon, 8 Aug 94 08:11:13 PDT Subject: Latency vs. Reordering (Was: Remailer ideas (Was: Re: Latency vs. Reordering)) Message-ID: <4308@aiki.demon.co.uk> In message <199408080514.WAA28015 at netcom7.netcom.com> "Timothy C. May" writes: > Jim Dixon writes: > (quoting Hal Finney) > > > If this idea seems valid, it suggests that the real worth of a network of > > > remailers is to try to assure that there are at least some honest ones > > > in your path. It's not to add security in terms of message mixing; a > > > single remailer seems to really provide all that you need. > > > > Yes, in an ideal world. Each additional remailer introduces another > > chance of being compromised. > > No, I'm afraid you have this backwards. A remailer cannot introduce > a chance of increase the chance of being compromised. There are at least two models of remailer networks being kicked around. In what I have called RemailerNet, if a gateway is compromised, then some degree of traffic analysis is possible, and other parts of the system become less secure. Security increases when there are two remailers handling your traffic, because then neither should know the identity of both sender and receiver. Whether the addition of more intervening remailers increases the security of the system in RemailerNet is a complex question. In the second model of remailer networks, I also believe that using more than two remailers and the random selection of remailers decreases the security of the system if there is regular traffic between correspondents. To argue this at all, one would need a much clearer model with all of the assumptions spelled out in detail. For the argument to be interesting, the model would have to be realistic. My personal impression is that the second model is highly insecure in cases where there is regular traffic between two parties and some third party has significant resources. -- Jim Dixon From jdd at aiki.demon.co.uk Mon Aug 8 08:12:03 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Mon, 8 Aug 94 08:12:03 PDT Subject: RemailerNet v0.2 Message-ID: <4309@aiki.demon.co.uk> RemailerNet v0.2 (RN0.2 for short) 1.0 a number N of RN gateways exist 1.1 these communicate using encrypted packets of a fixed length L 1.2 messages may originate from gateways or from outside the network 1.3 messages are passed across the network in packets 1.4 a packet may contain data from 0, 1, or more messages 1.5 routing of the packets is randomized (this does not mean that the probability of a route being chosen is equal for all routes, it means that if N>2, there is no route for which the probability is 1) 1.6 the order of dispatch of packets is randomized 1.7 on average, all gateways are required to send and receive the same number of packets per unit of chronological time 1.8 the dispatch randomization function adjusts the average latency and the distribution of latencies so that the preceding commitment is met, introducing noise packets as required 1.9 mechanisms allow the traffic level to rise quickly but constrain them to fall slowly 1.10 gateways are required to exchange the same number of packets in any session 1.11 inter-gateway connections may be either open at all times (in which case sessions begin only when the connection has gone down by accident) or they may be established periodically 2.0 any message has a source gateway and a destination gateway 2.1 message fragmentation takes place at the source gateway 2.2 message reassembly takes place at the destination gateway 2.3 all packets are acknowledged 2.4 message delivery is reliable, in the sense that the destination gateway will report delivery of incomplete or damaged messages to the gateway 2.5 messages may be sent to a gateway for forwarding to another gateway 2.6 message delivery time can be specified 2.7 message delivery policy can be specified 2.8 delivery policies include (a) hold until picked up, (b) hold for a specified period of time, (c) discard if not received immediately 2.9 gateways should always destroy mail after delivery is acknowledged [unless the mail is to an as-yet-unspecified persistent store] 3.0 gateways frequently exchange routing information 3.1 that routing information has an expiration date 3.2 gateway operators can choose who they announce routing information to and accept routing information from 3.3 gateways can settle accounts with one another periodically 4.0 level 2 gateways will communicate with one another using RN protocols using IP datagrams 4.1 level 1 and 2 gateways will communicate using the same protocols using email (SMTP) datagrams 4.2 where gateways are operated by users, the requirement that gateways should exchange the same number of packets per unit time would be weakened in some as yet unspecified way 5.0 end users may either operate gateways or communicate with a level 1 or 2 gateway using email 5.1 in either case, users may have accounts with gateways and may be charged for usage 6.0 RN gateway software should be available only from trusted sites by FTP 6.1 RN bootstrap software should be available on diskette 6.2 the bootstrap software should allow the secure downloading of system updates over RemailerNet 7.0 an alt.? group could be used to announce new gateways 7.1 established gateways would be encouraged to rate new gateways 7.2 software updates would be announced in the alt.? group 7.3 a FAQ would be published in the alt.? group every ten days or so 8.0 users would be encouraged to use gateways in geographically distant locations -- Jim Dixon [adding the notion of a persistent store would allow the creation of electronic safety deposit boxes] From mmarkley at microsoft.com Mon Aug 8 08:37:50 1994 From: mmarkley at microsoft.com (Mike Markley) Date: Mon, 8 Aug 94 08:37:50 PDT Subject: CreditCard info Message-ID: <9408081538.AA06789@netmail2.microsoft.com> Garth Brown writes: ---------- | From: Garth Brown (Semaphore Software) | To: ; | Subject: RE: CreditCard info | Date: Sunday, August 07, 1994 5:41PM | | It's my understanding that it's technically illegal for anyone to require | your SSN for anything if they are not using it for SS related purposes. | I had heard that congress passed a law when SSNs were issued to this | effect. | | Am I hallucinating, or has someone else heard this too?! | I have heard this also. On a related note it is also no longer legal to require credit cards for identification when writing a check. Mike. ===================================================== Mike Markley I'm not a Microsoft spokesperson. All opinions expressed here are mine. ===================================================== From rfb at lehman.com Mon Aug 8 08:40:54 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Mon, 8 Aug 94 08:40:54 PDT Subject: Remailer ideas In-Reply-To: <199408060511.WAA24892@jobe.shell.portal.com> Message-ID: <9408081539.AA25778@fnord.lehman.com> Date: Fri, 5 Aug 1994 22:11:59 -0700 From: Hal To: cypherpunks at toad.com Subject: Re: Remailer ideas References: <9408051709.AA14763 at ah.com> . . . A copy of outgoing email could be kept, acknowledgements received on receipt, and the email deleted or re-transmitted as needed. Serial numbers would distinguish retransmissions so that redundant resendings (where the packets "crossed in the mail", so to speak) would be dropped. All this was designed in an afternoon in Xmodem. It's conceptually easy. The hard part is getting a standard and getting people to build it into their Mail User Agents. I think that many of the simple cases are conceptually easy, but even slightly complicated ones are non-trivial. For example, I tend to include Return-Receipt-To: lines in my messages, so I get a bunch of responses. Interpreting those responses and deciding what action would be appropriate raises some interesting questions, not the least of which is ``What does it mean for a message to be successfully delivered to the cypherpunks list?''. Just as an example how easily the issue can become confused, I'll throw in, ``How is the meaning of successful delivery affected by changes in list membership during transmission?'' Considering that some of the addresses to which cypherpunks is distributed are also distribution lists, any list related problems are multiplied. Practical issues make this whole thing more difficult. The ``getting people to build it into their Mail User Agents'' part in particular. The idea of a Return-Receipt-To: field has been around for a while, but the semantics have never been pinned down. Some mailer daemons generate replies meaning that the bits were delivered. Some readers (MUAs?) generate replies based on end-user actions. This thread of discussion got me thinking about a really sick thought though: Using email messages to represent UDP packets. Rick From jgostin at eternal.pha.pa.us Mon Aug 8 09:21:00 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Mon, 8 Aug 94 09:21:00 PDT Subject: TOMMY THE TOURIST IS COMPROMISED DON'T USE IT Message-ID: <940808112403B8Bjgostin@eternal.pha.pa.us> Tommy the Tourist (Anon User) writes: > Tommy the Tourist is compromised, it is possible to trace who sent the > message from the anonymous remiler called "Tommy the Tourist" > Anonymity cannot be assured, please direct anonymous traffic through > other anonymous remailers. I'll believe you when you post this signed with TtT's PGP key? Is there a 'punk that can verify this, or is just an assanine game played by adolesents? --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From koontzd at lrcs.loral.com Mon Aug 8 10:03:50 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Mon, 8 Aug 94 10:03:50 PDT Subject: Problem in draft FIPS `CRYPTOGRAPHIC SERVICE CALLS' Message-ID: <9408081703.AA13961@io.lrcs.loral.com> It appears to be an attempt to formalize the interface to the Tessera card. The file cryptcal.txt can be found on csrc.ncsl.nist.gov From tcmay at netcom.com Mon Aug 8 10:32:36 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 8 Aug 94 10:32:36 PDT Subject: reordering In-Reply-To: <9408081651.AA25282@smds.com> Message-ID: <199408081731.KAA02667@netcom16.netcom.com> Steve Witham writes: > > (Oh, you mean the key is to _randomly reorder_ the messages, not just > > delay them by an hour when the average number of messages in an hour > > is less than 1 anyway? Oh, now I see. Never mind!) > > > > --Tim May, who is as tired as Eric is of hearing the hoary old > > chestnuts about 'random delays,' this without regard to calculating > > the amount of reordering. > > Tim, you sound like you mean calculating the amount of reordering based > on the delay vs. average traffic--exactly what Eric is arguing against! > The thing is to write the software to do reordering directly, not > calculate how much it's going to do after you've written it... No, I mean that if it is desired to reorder with a batch of 10 messages (10 messages in, 10 messages out), then that's what one does, whether it takes 10 minutes or 10 hours to get this many messages. I think in my last paragraph above I made it clear that "random delays" are a lose, generally, and that the "amount of reordering" is what's needed. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jim at acm.org Mon Aug 8 10:57:55 1994 From: jim at acm.org (Jim Gillogly) Date: Mon, 8 Aug 94 10:57:55 PDT Subject: TOMMY THE TOURIST IS COMPROMISED DON'T USE IT In-Reply-To: <940808112403B8Bjgostin@eternal.pha.pa.us> Message-ID: <9408081658.AA03471@mycroft.rand.org> > Jeff Gostin writes: > I'll believe you when you post this signed with TtT's PGP key? Is > there a 'punk that can verify this, or is just an assanine game played by > adolesents? I think I can shed light on the report: a guy posted a message through the remailer addressed to BlackNet, and encrypted the message with PGP so it could be read either by himself or by L. Detweiler's BlackNet key. I posted a response that mentioned the user ID associated with his key. He assumed I had penetrated the remailer, not realizing he had exposed his key ID nor that his key was on a server. Jim Gillogly Hevensday, 16 Wedmath S.R. 1994, 16:54 From jdd at aiki.demon.co.uk Mon Aug 8 11:21:18 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Mon, 8 Aug 94 11:21:18 PDT Subject: Improved remailer reordering Message-ID: <4336@aiki.demon.co.uk> In message <199408081502.IAA08127 at jobe.shell.portal.com> Hal writes: > >You need not pass over the 'flaw of lack of message quantization in > >the final sending'. Someone running a private high security gateway, > >an "empowered user", participates in the same way as the other RemailerNet > >gateways, and there is in fact no way to determine even whether he is > >sending or receiving, or in fact whether he is doing anything at all. > >He may be just sending and receiving noise packets. > > >Users accessing the net using low security versions of the software do > >have less security, but that is a consequence of their use of low > >security software. > > I could see this would come up in Jim's description. Who exactly are these > "empowered users"? And how much security do the second-class citizens ac- > tually get? Will it work for everyone to become "empowered", or are there > scaling problems in terms of bandwidth? > > It seems to me that the most sensible approach is to make message fragmen- > tation into standard-sized packets, along with reassembly, be at the > end user site. This way everyone becomes a first-class citizen. I think that you want at least three levels in this system, with increasingly strong requirements as you go up the levels and (necessarily) increasingly weak security as you go down. You should be able to pop messages into the system from any terminal anywhere, just using ordinary email. But you should also be able to casually dump a few hundred megabytes into the system without making too big a splash, if you have the right equipment. Ideally, the empowered user's (your term, yes?) system is functionally a gateway, but it has a nice front end on it, something like Mosaic. It is probably a single user system with a RemailerNet interface bolted on to it; it probably runs under Windows; it may even be a modified version of Mosaic. The system at the next level up is a workhorse. Its user interface would be a system manager's, designed to show him how traffic is flowing, highlighting bottlenecks, etc. It would be designed to run automatically. -- Jim Dixon From cknight at crl.com Mon Aug 8 11:35:56 1994 From: cknight at crl.com (Chris Knight) Date: Mon, 8 Aug 94 11:35:56 PDT Subject: CreditCard info In-Reply-To: <9408080045.AA26869@netmail2.microsoft.com> Message-ID: On Sun, 7 Aug 1994, Garth Brown wrote: > It's my understanding that it's technically illegal for anyone to require > your SSN for anything if they are not using it for SS related purposes. > I had heard that congress passed a law when SSNs were issued to this > effect. It's true... You do not HAVE to give your ssn to anyone other than the IRS and your employer... So many companies have changed their proceedures so that credit apps, buyers club memberships, and that such stuff, are more of a pain if you do not give your ssn. They won't make you give it, but they will make whatever you want harder to get if you don't... -ck From dwomack at runner.utsa.edu Mon Aug 8 11:42:05 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Mon, 8 Aug 94 11:42:05 PDT Subject: PGP 2.6 for UNIX Message-ID: <9408081843.AA01037@runner.utsa.edu> I've been having difficulty compiling PGP 2.6 for UNIX V, Release 4.0. There *_were_* some compiled executables out there for 2.3, but I've failed to find the same for the 2.6 version. Any ideas? Thanks! Dave From t-vinodv at microsoft.com Mon Aug 8 11:59:58 1994 From: t-vinodv at microsoft.com (Vinod Valloppillil) Date: Mon, 8 Aug 94 11:59:58 PDT Subject: Digicash address? Message-ID: <9408081900.AA19199@netmail2.microsoft.com> If you're looking for info on digicash, it might be more polite to mail to info at digicash.nl than to mail directly to David Chaum's account.... Vinod ---------- From: Dave Banisar To: Adam Shostack Cc: Cypherpunks Mailing List Subject: Re: Digicash address? Date: Monday, August 08, 1994 8:53AM You can reach David Chaum at chaum at digicash.nl -dave On Mon, 8 Aug 1994, Adam Shostack wrote: > > Could someone send me contact information for David Chaum's > Digicash company? An email address would be great... > > Thanks in advance, > > Adam > From greg at ideath.goldenbear.com Mon Aug 8 12:04:18 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Mon, 8 Aug 94 12:04:18 PDT Subject: Anonymous Transport Agents Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > Suppose an encryption-savvy mail transport agent, say ESMTP, was > developed. Further suppose that part of handshaking protocol for this > transport protocol included an ENCRYPTED reverse lookup on IP identities > to check that the message is actually coming from where it claims it's > coming from. Suppose again that the results of this lookup were only > checked for correctness (boolean), and then discarded WITHOUT LOGGING, or > at least with minimal logging. [. . .] > In this model, one could provide anonymous transportation of > anonymous mail FOR EVERY MACHINE ON INTERNET providing that the original > message wasn't forged. It looks to me like you've "supposed" away the real obstacle to anonymous messages - the practice of logging traffic. Once you assume that people won't keep logs, the rest of the protocol is unnecessary - everyone's got anonymous messaging capability already. Forgery prevention is more useful when it's user-to-user, not host-to-host; we can do this already with PGP. The tricky part is finding a way to preserve anonymity where the majority of sites on the Internet continue to log traffic carefully, refuse to install new software (especially anon-positive software), and are administrated by people with simplistic and outdated ideas about identity and punishment. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLkZ7wH3YhjZY3fMNAQH3FQP9FWac8oASgwTJp4rI9fRLHsAXEVXKdNDE jwDzSYTy38ZJnaa1kBYpsqJzrPnFdYNY6t2vlIjNmZMHOevarfkwF+uKabJxah1L Wt1rlkN06P8XpgsYVGTre1L28/HB+NtrEImTm9OzQGx+LRdY0OqLW1U/vSPwOjqw /DeLaSNzBnE= =bdDT -----END PGP SIGNATURE----- From jim at bilbo.suite.com Mon Aug 8 12:22:36 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Mon, 8 Aug 94 12:22:36 PDT Subject: Digicash address? Message-ID: <9408081921.AA07555@bilbo.suite.com> I see others have posted e-mail addresses..here's DigiCash's Web URL in case you're looking for general info: http://digicash.support.nl/ Jim_Miller at suite.com From johndo at microsoft.com Mon Aug 8 12:39:33 1994 From: johndo at microsoft.com (John Douceur) Date: Mon, 8 Aug 94 12:39:33 PDT Subject: Remailer ideas Message-ID: <9408081940.AA21249@netmail2.microsoft.com> -----BEGIN PGP SIGNED MESSAGE----- >From: Eric Hughes >Date: Saturday, August 06, 1994 4:02PM >Hal's random-send spool has an expected value of latency which is >approximately the size of the spool but has no deterministic upper >bound for that latency. Fine. Great. No problem. There should be >zero hesitation here, because the expected value -- the probabilistic >average -- is what you want. There is an important distinction between systems for which the only observable behavior is the probabilistic average and those for which the observable behavior is that of the individual actions. An example of the former system is a hash table with open addressing: The absolute worst case for a lookup is as bad as that in an unsorted list; however, this is not usually a problem, because programs generally perform large numbers of lookups, and the performance that the user observes is therefore equal to the probabilistic average. An example of the latter system is the case in point, a remailer: If a message is delayed unduly, the sender is unlikely to be contented by the fact that many other users' messages were serviced with considerably greater promptness. Therefore, the probabilistic distribution of service times is as important a metric of a remailer's performance as the probabilistic average service time. It may thus be quite reasonable to build in a hard cutoff in service time, such that any message that has been delayed by more than a set amount will be guaranteed to be sent on the next transmission. For some user of the remailer, this will make an observable improvement in performance; and since the extreme delay which triggers the expedited transmission is an unpredictable and infrequent event, it will not make cryptanalysis of the remailer any easier. JD -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkaHjEGHwsdH+oN9AQGOjAP/eCDAPlVfsdzB7HsBO5FLmFaxt5udMAPE UrFYw1EvrFP8gbMd6976dU6+o/A6xtDbZXCN8UOX5SYsY4+ixWxR3X5x86f4VAPi BowglJWs9hrGH/iSGH1tk2+ehbpFNKA4vUlvRtjKfX5vudYr5+fHWjCndFiVTo6K VXy0N2iQI4U= =uTv6 -----END PGP SIGNATURE----- From CCGARY at MIZZOU1.missouri.edu Mon Aug 8 12:54:34 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Mon, 8 Aug 94 12:54:34 PDT Subject: *credit info Message-ID: <9408081954.AA29356@toad.com> *CREDIT CARD INFO " Among other faults, being disarmed causes you to be despised." - close quote of Machiavelli. According to Chariman Mao "Political Power grows out of the barrel of a gun." In which case wouldn't a democracy be made by widely distributed, numerous, individual owned, Non-confiscable weapons, & other "democracies" would be mere frauds? In Missouri, in order to get your driver's license, you MUST supply your SSN. They have signs that say that since driving is a "privilege", not a right, it is ok to require the SSN. I understand that this practice is spreading to other states as well & is being pushed sy- stematically by the feds. Funny, when they 1st started out social security, they promised that the SSN would never be used for purposes other than social security. Then again, when they first started out the federal income tax they promised that it would only be on the rich & would never be more than a few %. Don't they also promise that the National census would only be used for statistical purposes, Yet I believe that it has been used to track down "dead beat dads" among other things. I'm not clear on that. Will walking be our next "privilege"? I've never seen it expressed legally as a right. OTHER LAW DEVELOPMENTS On the CRUSADERS news program on tv last night, they reported that a Ca. city, I believe Palo Alto, has been enforcing traffic law, such as revoked licenses & drunk driving, by taking the drivers' cars. They brag that the program pays for itself. They think that it is a bright innovation & are promoted it for other jurisdictions as well. Very clever, stealing peoples' property to enforce law. Reminds me when the law 1st started doing "sting" operations & bragged that they were terribly clever - participating in crime to catch criminals. The criticism of entrapment now has mostly been forgotten. STALKING LAWS By the way, these current stalking laws - whats up? The utility of a stalking law is so obvious, that in the U.S.'es 200 + year history they could not possibly be overlooked. Therefore, their faults must be being purposely overlooked. Media conspiracy? population stupidity? both? No debate - strange. Yours Truly, Gary Jeffers From adam at bwh.harvard.edu Mon Aug 8 13:06:08 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 8 Aug 94 13:06:08 PDT Subject: *credit info In-Reply-To: <9408081954.AA29356@toad.com> Message-ID: <199408082005.QAA07869@bwnmr5.bwh.harvard.edu> Gary Jeffers: | On the CRUSADERS news program on tv last night, they reported that | a Ca. city, I believe Palo Alto, has been enforcing traffic law, such | as revoked licenses & drunk driving, by taking the drivers' cars. | They brag that the program pays for itself. They think that it | is a bright innovation & are promoted it for other jurisdictions as | well. Very clever, stealing peoples' property to enforce law. Reminds | me when the law 1st started doing "sting" operations & bragged that | they were terribly clever - participating in crime to catch criminals. | The criticism of entrapment now has mostly been forgotten. Taking property as a form of punishment has a long history (fines); usually, the criminal has a choice of what property to give up, but not always. As long as the city is going through with judicial hearings, respecting individuals rights not to be searched at random, and not rewarding the cops who seize the most cars, I'm not sure I see this as a bad thing(tm). Of course, they probably seize the car on the spot, after random breathalyzer tests, and give the cop who meets his quota an extra bonus at the end of the monthl; at which point I have serious problems with it. However, in theory, it strikes me as a good idea, likely to be poorly implemented. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From test at vmd.cso.uiuc.edu Mon Aug 8 13:30:16 1994 From: test at vmd.cso.uiuc.edu (Test) Date: Mon, 8 Aug 94 13:30:16 PDT Subject: TEST Message-ID: TEST TEST TEST TEST TEST From jgostin at eternal.pha.pa.us Mon Aug 8 13:52:07 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Mon, 8 Aug 94 13:52:07 PDT Subject: Anonymous Transport Agents (Was: Latency vs. Reordering) Message-ID: <940808152144F3jjgostin@eternal.pha.pa.us> Hal writes: > I can see two problems. First, at least the first machine on the trans- > port path will see both your origin address and your destination address. > So it is in a perfect position to do traffic analysis. Many users may > not have the ability to control which machine this is since routing is > usually automatic these days. Fair enough. Let's assume that ESMTP will anonymize and sanitize each message, making it appear as if it first appeared on the site. In other words, lets say I send a message via ESMTP to someone. It gets sanitized and anonymized (the return address is encrypted). This removes ALL traces of the fact that it left from my node. Every site up the chain until it gets to you will do the same. Finally you get a VERY anon/sanitized message. I said the return address is encrypted. That's true: it's encrypted piece-meal. What happens is that the originator's site the sender's name with its own key. Then, it encrypts its site name with the next site's key. When it's sent, the site encrypts it's name, PLUS the previous encrypted packet with the key of the next site up the net. This happens until it reaches its destination. Even if the packet is intercepted, the hacker only knows the previous site it came from. Let's say he intercepts it between my feed and my feed's feed. This gives some 15+ choices as to which MACHINE it came from, let alone which USER sent it, and that's only on the first hop. On the Nth hop, it's AT LEAST 2^N possible MACHINES, assuming that each hop has at least two feeds. More realistically, after about 4 hops, the number of choices becomes entirely too large to efficiently track. What do you think? > Second, if each machine simply saves a message and sends it on, then even > if the messages are encrypted there will probably be timing relationships > between the incoming and outgoing messages which will allow them to be > linked. Quite true. However, if the encryption system adds random-x bytes of entropy to _each message_, the message sizes will never be the same coming in as going out. It will always be larger, but each additional hop makes the chance of tracking less and less. How many hackers can watch the whole backbone?? > So someone monitoring the intersite communication channels may be > able to track a message through the network just by noticing when it comes > into and goes out of each node. This is why Chaum introduces message > batching and mixing at each node. Very true. But, again, it shouldn't matter... By the time it gets to a place where the message is passed through 3 or 4 machines that one person can watch, it's already been sanitized to the point of obsurdity, no? Opinions? --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From fnerd at smds.com Mon Aug 8 13:57:19 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 8 Aug 94 13:57:19 PDT Subject: Postal Inspection (was Common Carriers...) Message-ID: <9408082050.AA26145@smds.com> Tim May says- > Package delivery services like UPS and Federal Express *do* have > immunity from prosecution based on what they carry, but this is in > exchange for allowing inspection of packages under specified > circumstances. Thus, if the DEA suspects a package contains cocaine, > it can be inspected, and the shipper will most likely cooperate in > resealing the package and continuing the shipment. That reminds me. I once got a conference announcement from Europe in the mail. Printed on the envelope was a little icon showing a profile of the head of a guy wearing a hat (like a policeman or mailman's hat), and an arrow pointing from about his eye level to a picture of an open envelope. This looked like the original envelope, untouched, and the icon seemed to have been there from the start. Anybody know what it means? -fnerd - - - - - - - - - - - - - - - nutritional information per serving: less than one (1) bit -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From werewolf at io.org Mon Aug 8 15:08:12 1994 From: werewolf at io.org (Mark Terka) Date: Mon, 8 Aug 94 15:08:12 PDT Subject: TOMMY THE TOURIST IS COMPROMISED DON'T USE IT In-Reply-To: <199408080611.XAA16299@soda.CSUA.Berkeley.EDU> Message-ID: On Sun, 7 Aug 1994, Tommy the Tourist wrote: > Tommy the Tourist is compromised, it is possible to trace who sent the > message from the anonymous remiler called "Tommy the Tourist" > Anonymity cannot be assured, please direct anonymous traffic through > other anonymous remailers. Is this true? Or is it NSA inspired B/S? Not that I care as I use hactick and wimsey for my transmissions. --------------------------------------------------------------------------- Mark Terka | werewolf at io.org | public key (werewolf) by Toronto,Canada | dg507 at cleveland.freenet.edu | public key server or request --------------------------------------------------------------------------- From solman at MIT.EDU Mon Aug 8 15:09:24 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Mon, 8 Aug 94 15:09:24 PDT Subject: amateur ciphers In-Reply-To: <9408081200.AA21156@snark.imsi.com> Message-ID: <9408082159.AA26505@ua.MIT.EDU> > > an118 at vox.hacktic.nl says: > > I saw an interesting post in sci.crypt last week about a particular cypher. > > I think it ws called "The Penknife Cypher" or something along those lines. > > I guess I have been so PGP oriented that i've sort of stuck my head in the > > sand and ignored other possibilities regarding encryption. > > > > ARE there any other good cypher's out there, suitable for e-mail usage? > > The only really reasonable symmetric key ciphers out there in > publically described form these days are DES, 3-DES and IDEA. There > are a couple of things that may be okay, but which aren't out in the > public literature (RC2 and RC4), a couple of things that are likely > okay but which we are REALLY not going to find anything out about for > a while (Skipjack :-) and a couple of things that are promising (like > Coppersmith's new SEAL stream cipher, which looks quite interesting > indeed.) What about MDC and Luby-Rackoff (spelling?). I mean sure, they haven't been subjected to much scrutiny, but they appear to be as strong as their underlying one-way hashes. I think that their blazing speed merits giving them serious consideration. Besides, weren't people calling IDEA pretty secure when it had been subjected to as much analysis as LR and MDC have been subjected to thus far? JWS From tcmay at netcom.com Mon Aug 8 17:04:14 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 8 Aug 94 17:04:14 PDT Subject: Gore Letter and Software Key Escrow Message-ID: <199408090004.RAA25895@netcom11.netcom.com> Some interesting comments from a recent issue of "EE Times": "While some critics declared Clipper dead, Gore made it clear that any encryption system used for voice communications must retain that the key-escrow framework that is the central feature of the Clipper chip. The only difference will be whether private-sector escrow agents will be added." ["Gore letter clouds U.S. Clipper policy," George Leopold, "EE Times," 1994-07-25, p. 4] [the article mentioned Gore's "We welcome the opportunity to work with industry to develop a more versatile, less expensive system. Such a key-escrow system would be implemented in software, firmware, hardware or any combination thereof, would not rely on upon a classified algorithm, would be voluntary and would be exportable."] In an earlier article: "Sen. Patty Murray, D-Wash., cosponsor of the Senate bill, said the Clipper-chip proposal "has had a chilling effect on software manufacturers in my state," particularly Microsoft Corp. She and other Clipper critics testifying last week argued that software encryption is widely available. "Federal efforts to put the genie back in the bottle will be futile," Murray said." ["Congress adds its voice to Clipper debate," George Leopold, "EE Times," 1994-05-09, p. 16] And this chilling comment from Stephen Walker of TIS: " "Most Americans would accept government-imposed key escrow if it was established by law" and subject to judicial review, said Stephen Walker, president of Trusted Systems Inc. [sic] and a former NSA official." ["Congress adds its voice to Clipper debate," George Leopold, "EE Times," 1994-05-09, p. 16] >From these and other articles I continue to believe that several related things are happening: * The Administrations has backed away from the hardware-based, proprietary Skipjack approach that Clipper and EES represented. Though Clipper is not yet officialy dead, its brain wave has flatlined. * The software industry was apparently pressured, based on comments by various people, including Rep. Maria Cantwell (D-Wash) and Sen. Patty Murray. The form and timing of this pressure is not public knowledge, but hints of it keep emerging. * A software-based key escrow system, involving the new Walker-Belenson-others algorithm, is the likely basis for this new "more versatile, less expensive system" that Gore says would be "implementable in software, firmware, hardware or any combination thereof..." Practically speaking, this means software, as the hardware base of machines already out in the world pretty much makes hardware- or firmware-based deployment very problematic...few people will buy new hardware, which is what helped to kill Clipper. * Ostensibly this will be "voluntary," but the "voluntary" part may only be choice from a Chinese menu of approved and licensed escrow agents. [This is my interpretation, reading between the line of a dozen or so articles, articles which quote sources about how "private industry" will provide escrow agents, how choice will be preserved, and how the infamous "legitimate needs of law enforcment" will be preserved. * This compromise will likely put software key escrow (SKE, or Carl Ellison's "GAK"..."Government Access to Keys") into the software for audio and video teleconferencing, communication, and possibly into the OS itself (as this would be needed to ensure wide coverage of installed machines). * The articles suggest Sen. Leahy, Rep. Cantwell, and many others have already accepted this compromise. Enabling legislation could come at any time, and may be closely related to the Digital Telephony Bill, which has had the same behind-the-scenes negotiating. In closing, I reject the point made by Walker, that Americans will accept a "government imposed key escrow if it was established by law." I think this is the real threat on the horizon. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From CCGARY at MIZZOU1.missouri.edu Mon Aug 8 17:50:14 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Mon, 8 Aug 94 17:50:14 PDT Subject: e$ barter & sub(parasites) Message-ID: <9408090050.AA02275@toad.com> My congraulations to Hal for his contribution to the e$... thread with his barter text. My congradulations to Peace for his contributions to the e$ thread with his barter & parasite text. Hal says: ---------------------------------------------------------- >The second problem is the regulation of "scrip" and barter systems. Ths >was pointed out on the list last year by someone who had actually been >involved in a private barter or scrip system which was shut down by the >government, at great cost to all concerned. These regulations can be >found at 26 CFR 1.6045-1. From subsection (f)(5)(ii), "Scrip is a toke >issued by the barter exchange that is transferable from one member or >client, of the barter exchange to another member or client, or to the >barter exchange, in payment for property or services". I think this on >will eventually get the "NetBank" people in trouble. (You call a 900 >number and in exchange for a charge on your phone bill they give you a >digital token you can exchange for property or services by participatin >merchants.) Barter exchanges are required to get the names and SS numbrs >of all participants and report their transactions to the IRS. This woud >be inconsistent with the privacy we seek from ecash. ------------------------------------------------------------------- Peace says:******************************************************* >I can recall that many years back the casinos in Las Vegas all >accepted the chips from the other ones and then had a great >exchange each day where the accounts were settled up. Even the >gift shops took chips in place of cash. The US Treasury put a stop >to this as it was considered to be a replacement for cash. >Also I hear a lot about bearer bonds, but never in the US. OTOH >the NYC subways have started a cash card that they expect merchants >to accept in lieu of coins. It would be nice to know what the Feds >will or won't accept. BTW, does it matter if the e$ are US denominated >Could e$ be presented as travelers checks? The possibilities here are >extremely interesting. - - - >Bob said>> However, it's a stupid parasite which >>kills it's host, and that's what I'm counting on here. >Not really true. All parasites kill their host or they would not >be considered parasites (ie. live at the EXPENSE of the host). The >only question is how quickly the host dies. There is an entire >epidemiology of parasitism, ie. which strategies are best for the >parasite. The virulent ones must be able to find a new host quickly, >the ones that can't exit quickly rely on the host living for a long tim. >There was a good article in SciAm on this a little while back. >Also remember, it is the US Supreme Court which ruled that the >power to tax is the power to destroy. Sounds like as good a >definition of parasitism as any. ******************************************************************* They have demonstrated that the Fed state will not tolerate an alt- ternate cash system & repeatedly kill them. This is because they know that an alternate cash system could be easily fashioned to kill them. - as though there was any benefit to keeping the giant Federal parasite alive. They have also demonstrated that the only in-US alternate cash system that will survive is an alternate cash system that will florish without the Feds permission. This implies anonymous e$ with encryption & remail- ers. Chaum's e$ with an offshore clearinghouse comes to mind. I thought Peace'es more accurate description of a parasite & his characterization of the Fed State as a parasite were particularly NICE:- :-) : -) :-) :-) There are other evils of this monocash system. 1. It allows elite in- siders to profit from secret Federal Reserve moves. 2 It allows a privat organization (the Federal Reserve) to manipulate the US'es money system. 3. It is an anti-freedom monopoly of cash. 4. It kills experiments with superior cash systems that would proliferate otherwise. & 5.It supresses script driven barter systems that circumvent the frequent low volocity problems with other instruments that is in conventional systems.-Some- times most people hold their cash & wait for a buyer (with cash) before they spend. That way everybody is waiting for someone to buy from them before they buy. With script driven barter systems, you make script by providing something. To restate this more clearly, in barter systems business activity is encouraged. - The increased volocity of "cash" is encouraged. Deals are more fluidly made & business (tranactions) are encouraged. PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCK! BBBEEEAAATTTT STATE! From bogus@does.not.exist.com Mon Aug 8 18:17:03 1994 From: bogus@does.not.exist.com () Date: Mon, 8 Aug 94 18:17:03 PDT Subject: Remailer chaining results Message-ID: <199408090116.SAA05028@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- I've done some calculations on the mixing properties of Chaum-style networks and gotten some interesting results. Recall that in a Chaum-type remailer network users use nested encryption and remailing instructions to set up a chain or "cascade" of remailers. Each remailer strips off the encryption envelope and sees the address of the next remailer in the chain or, for the final remailer, the ultimate destination. All messages are the same size and carry no distinguishing features. We assume that the opponent is monitoring all messages traffic into and out of all remailers on the net but can't see what is happening within each remailer. Let's take a concrete example and suppose there are four remailers. Everyone sets up a chain of 2 remailers, chosen at random from these four. A batch of messages is received by each remailer, which strips off the envelope and sends them on to the next remailer in the chain, where they are mixed with the other messages which chose that remailer as the 2nd in the chain, then sent out to their ultimate destinations. This model is a little artificial in that we are assuming a certain amount of synchrony of the operation of the various remailers for simplicity. (Note that for this four-node network there are twelve possible two-node chains where the nodes are different.) There are three measures that I am interested in: bandwidth used (the less the better); message mixing (the more the better); and immunity to subversion (the more the better). For bandwidth we can measure the flow through the remailer. Due to the symmetry of the situation, the inflow and outflow are equal and the same for all remailers. Message flows per remailer are the sum of the flow into the remailer from outside (the user messages), plus all flows into the remailer from the other remailers. Mixing can be measured by a probability distribution over the outgoing messages which represents how likely they are to be a given incoming message. For simplicity this can be expressed simply as the number M of messages which are equally likely to be the original (in an earlier message I used entropy which is a log measure of the same thing). I am thinking of measuring immunity to subversion in terms of how much mixing is lost by a certain number of "failed" (that is, subverted) nodes. Some networks are vulnerable to "single point failures", where a single subverted node destroys all the anonymity. A more robust network would require multiple failures for this to happen. However, it turns out that even in a multiple-failure network a single-point failure may reveal some information about the messages, which we can express as a loss in mixing. Let the total message bandwidth into the network be N packets per time unit. Due to symmetry, each node will receive N/4 packets. With the chains as defined above, the other three nodes will all be equally likely to be the 2nd in the chain, so N/12 packets are sent to each of them. Simultaneously, N/12 packets come to this node from each of the others. This is a total internode bandwidth of N/4 in each direction per node, or N total per direction. Add this internode bandwidth to the user-link bandwidth of N per direction and we get 2N total, or N/2 per node. At the beginning of each chain, we have N/4 packets come in and get mixed as each node. As the packets go out, they are sent to the other three remailers, and when they leave they may be any of the output of those three. Thus they are equally likely to be any of 3N/4 of the packets, and this is the amount of mixing we have. If one of the two nodes in your remailer chain is compromised, it provides no effective mixing. This means that your message is only mixed at one node, where it is combined as part of a batch of N/4, so that is the degree of mixing you have with a single failure. If both remailers are compromised then of course you have no mixing, which we would write as a factor of 1 in uncertainty increase. This can also be expressed in terms of a percentage compromise of the network. If 1 node is compromised, which can be represented as p=.25, then the six of the twelve remailer paths which use that node will have single-point failures with the comcomitant reduction in mixing. In other words, half of the messages will have the full 3N/4 mixing while half have N/4. With p=.50, two nodes are compromised. Two paths are safe, eight have single failures, and two have double-failures. So we have 1/6 of the messages with 3N/4, 2/3 with N/4, and 1/6 with only 1 mixing. With p=.75, three nodes compromised, there are no safe paths; half have single failures and half have double. So 1/2 the messages have mixing of N/4 and half have 1. And of course with p=1 all messages are compromised with mixing factor 1. Let me just go on and extend this analysis in one way. In the discussion of the chains, we have assumed that the two nodes in the chain would be different. Logically though one could have chains where both nodes were the same. Let us compare this network with the one we just did. There are now 16 possible chains. Total bandwidth is somewhat less (since we don't count the messages which stay in one remailer). Now only 3/4 of the messages from each node need to get exchanged. Per node, there will be N/4 messages to users and 3N/16 messages to other nodes, for a total of 7N/16 per node or 7N/4 total (above the 7's were 8's). Mixing is actually improved; there is no limitation on which input messages might map to which output ones, so we have full N-fold mixing (compared to 3N/4 above). With single-point failure mixing is again N/4 as above. The failure behavior is quite different. With p=.25, 1 of the 16 paths is totally compromised, 6 of the 16 have single failures for N/4 mixing, and 9 of the 16 have no failures for N mixing. With p=.50, 4/16 of the paths have mixing 1, 8/16 have mixing N/4, and 4/16 have mixing N. With p=.75, 9/16 have mixing 1, 6/16 have N/4, and 1/16 have N. It's not clear what measure is useful to compare these failure situations. A double-point failure seems much worse than a single one. I wonder whether taking a geometric mean (which would be equivalent to taking the arithmetic mean of the entropies) would be valid. If we did that for the p=.25 case, we get average mixing of .59N^(15/16) for the self-chain network, and .27N for the network where all chains are two different nodes. For N less than about 250,000 packets per (network-wide) batch the self-chain network provides superior average mixing in the p=.25 case by this measure. Sparing the math, for p=.50 the self-chain network is superior for batch sizes smaller than 29 packets, and for p=.75 the self-chain network is only superior for batch sizes smaller than 16 packets. This suggests that if the network is likely to be mostly safe then the extra mixing allowed by same-node chains is worth the small increased risk of exposure. But as the chance of encountering bad nodes rises it becomes unwise to take this chance. Here is a quick summary of the extension of these results to larger numbers of remailers and longer chains. Let there be R remailers and let the chain length be K. Let the number of message packets per batch (network wide) again be N. (I will neglect the differences between same-node chains and different-node chains as they are generally small effects on the order of 1/R.) Bandwidth per node is approximately KN/R. Network wide it is therefore KN. Adding remailer hops increases network bandwidth loads directly in proportion to the number of hops. Mixing is approximately N for K=2 and up, which is the maximum possible. For K=1 mixing is N/R. Fault tolerance is interesting. A K-length cascade is invulnerable to up to K-2 failures! At K-1 the mixing decreases from N to N/R, a significant decrease. And with K failures of course the mixing drops to 1. I was surprised how robust these networks are. The reason is that with even K-2 compromised remailers in a K-length cascade there still remains a safe length 2 cascade, and as we saw above that provides N-fold mixing. This provides some guidelines on the choice of K. First, K should clearly be at least 2. The increase from K=1 to K=2 increases mixing from N/R to N, a considerable increase. Secondly, K should probably be at least 3. This will provide full mixing even if you are unlucky enough to choose a compromised remailer. Beyond this, you can calculate that with a chain length of K and probability p of a compromised node, the expected number of compromised nodes in your chain is Kp. This suggests that you should choose K large enough that Kp is well below K-2. If you estimate p=.50, for example, you might choose K=8. The binomial theorem states that the chance of x failures out of k nodes where the probability of each failure is p is (p^x)*((1-p)^(k-x))*k!/x!(k-x)!. In this example, the chance of 7 failures out of 8 is about 3% and the chances of 8/8 is about .5% for a total risk of 3.5% that you won't be fully protected. Now, how many people read this far? ;-) Hal -----BEGIN PGP SIGNATURE----- Version: 2.1e (yikes, where'd I find this old version!) iQCVAgUBLkbYB6gTA69YIUw3AQHligP+PBRC1pmZ6+T10WCQ91SZ2GdYX4/iEsKQ eMfCLlQ0PFbPEWZ5TaDwbOLCCUSBAbb6OO3Y2U8SHF/zZKJLrHI09/Ssl/ZeQ3st 9G9JrncU9Wo7Z9N1zMPJuQy21qFKNOkAwVQHxThObMSxQWh+TWem8lDKzm6ea0VH sejMQG+nVyo= =BWsP -----END PGP SIGNATURE----- From banisar at washofc.epic.org Mon Aug 8 18:26:23 1994 From: banisar at washofc.epic.org (Dave Banisar) Date: Mon, 8 Aug 94 18:26:23 PDT Subject: FWD>Health Care Privacy Ale Message-ID: <00541.2859225761.7229@washofc.epic.org> Date 8/8/94 Subject FWD>Health Care Privacy Ale From Dave Banisar To Interested People CC Beverly Woodward >From CPSR FWD>Health Care Privacy Alert FYI, pls respond directly to the address below. Date: Sun, 7 Aug 1994 12:43 EDT From: WOODWARD at BINAH.CC.BRANDEIS.EDU (Beverly Woodward) Subject: Health Care Privacy Alert ALERT The health care legislation proposed by Gephardt in the House and Mitchell in the Senate contains provisions which would establish a national health care data network and override most state medical confidentiality laws. All health care providers, whether paid by insurance or not, will be required to provide the network with data from the patient medical record after every clinical encounter. (The data elements will not be limited to what is necessary for billing purposes.) A very weak "privacy" (or "fair information") code will regulate the redisclosure of such patient-identified information. The law will permit person-identified information to be made available in various circumstances to law enforcement officials, medical and social studies researchers, and government authorities without the knowledge or consent of the patient. These legislative provisions are being promoted as administrative simplification and cost-saving measures, but they will seriously erode patient privacy. Unfortunately the general public has not been informed about these sections of the health care reform bills. Legislation of this kind requires intensive debate and should not be folded into a bill to extend insurance coverage and reform health care financing. Contact your Representative and your Senators to urge that the "Administrative Simplification," "National Health Care Data Network," and so-called "Privacy" and "Fair Information Practices" sections of these bills be deleted. The general telephone number for Capitol offices is 202, 224-3121. Watch for further updates! You may contact us at 617, 433-0114. Coaltion for Patient Rights, Massachusetts From hfinney at shell.portal.com Mon Aug 8 20:15:50 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 8 Aug 94 20:15:50 PDT Subject: Remailer ideas In-Reply-To: <9408081539.AA25778@fnord.lehman.com> Message-ID: <199408090315.UAA22167@jobe.shell.portal.com> Rick Busdiecker writes: >I think that many of the simple cases are conceptually easy, but even >slightly complicated ones are non-trivial. For example, I tend to >include Return-Receipt-To: lines in my messages, so I get a bunch of >responses. Interpreting those responses and deciding what action >would be appropriate raises some interesting questions, not the least >of which is ``What does it mean for a message to be successfully >delivered to the cypherpunks list?''. Just as an example how easily >the issue can become confused, I'll throw in, ``How is the meaning of >successful delivery affected by changes in list membership during >transmission?'' Considering that some of the addresses to which >cypherpunks is distributed are also distribution lists, any list >related problems are multiplied. I can see that there may be difficult cases, but I still think that there would be real utility in the ability to specify that a particular piece ofmail should be re-transmitted if it does not get delivered to the destination machine within a certain period of time. As I said, this would help with the implementation of cryptographic protocols that worked via email, not to mention the many other applications. >Practical issues make this whole thing more difficult. The ``getting >people to build it into their Mail User Agents'' part in particular. >The idea of a Return-Receipt-To: field has been around for a while, >but the semantics have never been pinned down. Some mailer daemons >generate replies meaning that the bits were delivered. Some readers >(MUAs?) generate replies based on end-user actions. That's one reason I like the "enabledmail" approach. All we have to do is persuade everyone to run a system which allows anyone on the network to get your computer to run an arbitrary program for them. Then everything will be fine. One nice thing is that enabledmail scripts can trigger either on delivery to the dest machine, or on being read by the recipient. This gives even more flexibility in how you want to define a "received" message. Hal From hfinney at shell.portal.com Mon Aug 8 20:47:47 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 8 Aug 94 20:47:47 PDT Subject: RemailerNet v0.2 In-Reply-To: <4309@aiki.demon.co.uk> Message-ID: <199408090347.UAA24150@jobe.shell.portal.com> I'm glad to see Jim's description of his RemailerNet v0.2. I still have a few questions, though. What is the goal of the RN as far as defeating traffic analysis? Is it just to get messages from one "gateway" to another? Or is there also a desire to prevent traffic analysis from one non-gateway end user to another? What are the allowed capabilities of the opponent? Can he watch all of the links? Can he subvert some gateways? Does every user expose the source and destination information of his messages to the initial gateway? What other information is sent by the user to the RN? Are there any limitations on the information which spreads through the RN? E.g. are gateways allowed to send source/dest information along with the messages? Here are some questions related to Jim's specific points: >1.6 the order of dispatch of packets is randomized For 1.5 you defined what randomized means. What does it mean here? >1.7 on average, all gateways are required to send and receive the same > number of packets per unit of chronological time Do you mean that all gateways send the same number of packets per time all the time? E.g. all gateways send 100 packets per hour all the time >1.8 the dispatch randomization function adjusts the average latency > and the distribution of latencies so that the preceding commitment > is met, introducing noise packets as required This could be accomplished by adding no latency at all during times when the incoming traffic load happens to equal the desired internal traffic level. But presumably some latency is actually used to provide reordering. What rule would determine how much latency would be used in that case? >1.10 gateways are required to exchange the same number of packets in > any session What is a session? Do you mean, during every session exactly (say) 1000 packets will be exchanged, or do you mean, during any session the number of packets exchanged by each gateway will equal the number ex- changed by every other gateway (but this number may vary from session to session)? >2.4 message delivery is reliable, in the sense that the destination > gateway will report delivery of incomplete or damaged messages > to the gateway To which gateway? The source gateway? >4.2 where gateways are operated by users, the requirement that gateways > should exchange the same number of packets per unit time would be > weakened in some as yet unspecified way Why do this? >5.1 in either case, users may have accounts with gateways and may be > charged for usage What gateways would be in a position to charge users? Only the source gateway? The destination gateway? Others in between? >6.0 RN gateway software should be available only from trusted sites by FTP What are you trying to prevent by this, and what would happen if someone wrote his own version of the RN software? >7.1 established gateways would be encouraged to rate new gateways What kind of information would be available to them to create the ratings? From hughes at ah.com Mon Aug 8 21:39:20 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 8 Aug 94 21:39:20 PDT Subject: ANNOUNCE: the TAZONO is here Message-ID: <9408090403.AA20990@ah.com> I'm flying to New York this week to go to the HOPE conference put on by 2600, so I've arranged to throw a party. Here's the announcement. HOPE is the two days after this, so if you're planning on that, come a day earlier. You're all invited, but I only expect those in range of New York to actually attend. And I would like to meet all the NYC cypherpunks, or at least as many as I can. So show! Eric ----------------------------------------------------------------------------- The Blazin' Cypherpunks present a T.A.Z.O.N.O. Temporary Autonomous Zone One Night Only (perhaps also to be known as just a party) Friday, August 12, 1994 8:00 p.m. EDT until whenever almost in New York City, but not quite with the theme of Bring Your Own Everything (or) The Creation of Anarchy out of a Cipher Eric Hughes, cypherpunks founder, and Matt Blaze, swIPe'r of Tesserae security, are throwing a party, and Eric, who lives somewhere other than the East Coast, will be in town for it. We've managed to liberate, through completely legal means, an almost completely empty apartment for the purposes of joy and frivolity and much talking. Join us! Special Event: Midnight Impromptu Two-Minute Rant Contest. A suitable theme will be chosen by shout-outs, and judging will progress by catcall and heckling volume. Real Prizes! Given the manner of acquisition of space, there will be nothing there when the party starts. It's Bring Your Own Everything. We need all of the following: Your Friends and other Diverse People Furniture (street discards accepted, as long as _you'd_ use it) Music (live and recorded) Drink (as always) an Internet connection Food (whatever you like to eat) a Gong Stimulants (my favorite being Neitzsche) as many copies of the game Twister as we can get Pillows and Cushions a Roll of Butcher Paper a Constitutional Amendmend Guaranteeing Freedom of Cryptography and Anonymity Special Prize for the "Most Creative Use of Scavenged Material in Furtherance of the Ludic Atmosphere of the TAZONO." So, uh, where is it? It's in Jersey City, at an address we're not going to tell you just here. We just thought it best not to post the address to the world. But we'll give you a clue; it's near the Pavonia-Newport Path Train station. In fact, if you just show up there, there may be more clues. And I'll send you the address if you send me, Eric Hughes, email at the address hughes at ah.com. You can also call me at 510-849-4729 (I'm in the phone book, so this is no big deal). Rules of Invitation: If you see this, you're invited. It's the day before 2600's HOPE, so any of you that are in town the night before can stop by. Please print out copies and get them to your non-Internet friends who'd be interested. Please feel free too forward this by private email as well. THE SECRET WORD IS "PLUGH". REMEMBER THE SECRET WORD. From rfb at lehman.com Mon Aug 8 21:55:26 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Mon, 8 Aug 94 21:55:26 PDT Subject: Remailer ideas In-Reply-To: <9408081940.AA21249@netmail2.microsoft.com> Message-ID: <9408090454.AA03934@fnord.lehman.com> From: John Douceur Date: Mon, 8 Aug 94 12:32:32 PDT Subject: RE: Remailer ideas It may thus be quite reasonable to build in a hard cutoff in service time . . . since the extreme delay which triggers the expedited transmission is an unpredictable and infrequent event This is not a safe assumption. Check out the stats for ghio at kaiwan.com. it will not make cryptanalysis of the remailer any easier. I'm pretty sure that cryptanalysis, per se, is not the question, but rather traffic analysis. Rick From rfb at lehman.com Mon Aug 8 22:21:33 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Mon, 8 Aug 94 22:21:33 PDT Subject: Remailer ideas In-Reply-To: <199408090315.UAA22167@jobe.shell.portal.com> Message-ID: <9408090521.AA04161@fnord.lehman.com> Date: Mon, 8 Aug 1994 20:15:36 -0700 From: Hal . . . I still think that there would be real utility in the ability to specify that a particular piece ofmail should be re-transmitted if it does not get delivered to the destination machine within a certain period of time. Agreed. That's one reason I like the "enabledmail" approach. All we have to do is persuade everyone . . . . I also agree that this approach is desireable. My contention is not that these things are undesireable, but rather that they are not as trivial as was originally suggested. Rick From ruf at osiris.cs.uow.edu.au Mon Aug 8 22:42:59 1994 From: ruf at osiris.cs.uow.edu.au (Justin Lister) Date: Mon, 8 Aug 94 22:42:59 PDT Subject: amateur ciphers In-Reply-To: <9408081200.AA21156@snark.imsi.com> Message-ID: <199408090541.AA14118@osiris.cs.uow.edu.au> > an118 at vox.hacktic.nl says: > > I saw an interesting post in sci.crypt last week about a particular cypher. > > I think it ws called "The Penknife Cypher" or something along those lines. > > I guess I have been so PGP oriented that i've sort of stuck my head in the > > sand and ignored other possibilities regarding encryption. > > > > ARE there any other good cypher's out there, suitable for e-mail usage? > The only really reasonable symmetric key ciphers out there in > publically described form these days are DES, 3-DES and IDEA. There > are a couple of things that may be okay, but which aren't out in the > public literature (RC2 and RC4), a couple of things that are likely > okay but which we are REALLY not going to find anything out about for > a while (Skipjack :-) and a couple of things that are promising (like > Coppersmith's new SEAL stream cipher, which looks quite interesting > indeed.) I wonder on which evidence you base your assumptions ?? (I would assume schneiers book) While I agree with the above ciphers, I would also add Loki and Redoc-II both achieved good results (much better than DES) in regards to differential cryptanalysis. Also Loki has also performed well against Linear cryptanalysis - Matsui. (Biham & Shamir - Differential Cryptanalysis of the Data Encryption Standard) [ deleted info about trusting amateur ciphers ] While Schneier's book is a very good guide, it is not very advisable to make assumptions on the security of algorithms based on his book. One should look at results from those performing cryptanalysis of such ciphers. Such as biham and matsui. > Perry -- +---------------------+--------------------------------------------------+ | ____ ___ | Justin Lister ruf at cs.uow.edu.au | | | \\ /\ __\ | Center for Computer Security Research | | | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-214-330 | | | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329 | | |_/ \/ \_/ |_| (tm) | Computer Security a utopian dream... | | | LiNuX - the only justification for using iNTeL | +---------------------+--------------------------------------------------+ From 7CF5048D at nowhere Mon Aug 8 23:01:12 1994 From: 7CF5048D at nowhere (7CF5048D at nowhere) Date: Mon, 8 Aug 94 23:01:12 PDT Subject: Key Coercion after encrypted message transmission. Message-ID: <199408090533.AA06475@xtropia> -----BEGIN PGP SIGNED MESSAGE----- There seems to be much written about key coercion lately. It seems to me that the key coercion problem can be divided into two problems. First, there is the problem of Princess Leia storing data on her computer disk for later reference. Then Darth Vadder seizes the disk and the Princess and coerces the Princess for the encryption key. This problem may be called the static storage coercion problem (SSCP). I am not sure that there is a good way of addressing this problem short of dividing the key in some way among multiple people so that Darth has a hard time seizing them all. This idea has already been discussed elsewhere. The second problem is the case where the Princess wants to send a secret message to Hans Solo in the horsehead nebula. She sends the message encrypted to Hans, but the encrypted message is intercepted by Darth. Hans decrypts the message, but unfortunately six months later Hans is captured by Darth who tortures him for the decryption key. Note the Hans is in a worse position than if he were tortured for the content of the message, because if he were merely asked the contents of the message with no way to verify, he could simply lie. But Darth can verify if any keys that Hans gives really does decrypt the intercepted cipper-text to a sensible message. This problem could be called the transmission retroactive coercion problem (TRCP). Unlike the static storage coercion problem, the transmission retroactive coercion problem does have a technical solution. If Hans and the Princess were using a public key encryption system that stores secret keys on disk as a conventionally encrypted file, like PGP, then Hans could create a separate key pair for each message. Hans has one long term public/secret key pair which never changes. He could send temporary public keys in advance to the Princess as a signed (using his long term public key) message. Then when the Princess needs to send him a message she chooses one stored temporary public keys and sends Hans the message using that key. She then throws the key away and never uses it again. When Hans receives and decrypts the message, he destroys the secret key stored on disk by overwriting it. Then when Darth goes to torture Hans six months later for the secret key, Hans can only tell him the passphrase for the now non-existent key. People can use this protocol right now with PGP to protect themselves against this kind of retroactive coercion. It will work. However, the problem of manually generating the keys and sending them to the other party and the whole bureaucratic hassle of keeping track of everything makes it unlikely that anyone would actually do so. Software to the rescue! Suppose that Hans runs a mail server on his account which recognizes certain messages as requests for new public keys and responds by sending back unused temporary public keys to the requester. It could work similarly to some cypherpunk remailers which look for some special characteristic in the message to be responded to, letting the rest pass normally to the owner of the account. The Princess could also have a mail server on her account which looks for returned temporary public keys and automatically stores them in her database after checking for the correct signature without bothering her. Further, whenever she sends a message, a program could check her database of unused temporary keys, and if it is low, a request for more keys could automatically be sent. It seems clear that the whole protocol could be made largely automatic with no constant intervention required by the parties concerned once the system was set up. It works best if Hans has a hardware random number generator. Then the key generator part of the process could be set up to run when no one is using the computer. (Modifications to PGP have been published that use hardware RNG's for their Random numbers.) Since in this case, the computer is unattended, the PGP passphrase associated with the secret key must be assumed to be known. To protect the secret keys against theft in this case, the temporary secret key file could be encrypted using Hans' long-term Public key. If there is no Hardware RNG present, then Hans must be present at temporary key generation time, to type in all of the stupid keyboard timing strokes! In this case, Hans will want to create a number of keys in advance to be stored in a database so that the mailserver can dole them out when people request them. A little thought shows that such a system could be used in some applications of interest to cypherpunks. The ability to implement such a system is clearly within our grasp. Therefore, the cypherpunk CODE requires that the cypherpunks analyze, design, code and make such a system widely available according to the grand traditions established by previous cypherpunks. Here are some beginning questions to get the ball rolling. How many different CPU's Operating systems, mail transport mechanisms and mail programs can such a program be adapted to? Should such a program use PGP to do its encryption, or should it have its own built in encryption routines. What Language should such a program be written it? I think the program should be portable to all computers for which the program is technically possible. Can someone outside the U.S. be persuaded to code such a program? It would be best if such a person could be found. What do our fellow cypherpunks think? Remember that when disusing this or any other encryption software on the net, it is important that our usages be defensively formulated. Encryption technology should always be used against evil and for good. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkA6ug2Gnhl89QSNAQFEwwQAv00ZbSiZnFSEg/hBZvFX6RMAAt6uqa2y UACKlf235ShWff0J2jk6tt2LjrZzoNr1J2qBpaeuXgRqj5zIN3vrvxlW3m9ntlSb BgLLZbpSjt8FcgWOxDPIIo6bp4U4Qh2NzkNl77kKInpquYmnn3WYZl+KQdwRlsf+ VC3zCfh966M= =pzkq -----END PGP SIGNATURE----- From dave at esi.COM.AU Tue Aug 9 01:07:03 1994 From: dave at esi.COM.AU (Dave Horsfall) Date: Tue, 9 Aug 94 01:07:03 PDT Subject: broadcast encryption In-Reply-To: Message-ID: On Thu, 4 Aug 1994, Bob Snyder wrote: > This may be blasphomey on this list, but I don't have a problem with the > restriction on obscuring the meaning of transmissions on the amateur bands. Etc. I've been using PGP for authenticating my packet messages for some months, for precisely the reasons you outlined. I get the occasional "stop wasting bl**dy bandwidth" but most of the time it results in more PGP users. I'm also careful to explain that PGP can't be used to prove I did NOT write an unsigned nasty-gram (until we get true authentication within the BBS, by which I hope the concept of a BBS will disappear :-) but it makes a strong case if I sign ALL my bulletins. Yes, we get forged messages on Amateur packet radio; some of them are quite defamatory. -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD From danielce at ee.mu.oz.au Tue Aug 9 01:47:19 1994 From: danielce at ee.mu.oz.au (Daniel Carosone) Date: Tue, 9 Aug 94 01:47:19 PDT Subject: forwarded message from System Daemon Message-ID: <199408090845.SAA15655@anarres.mame.mu.oz.au> Another one.. *sigh* it's still going on? please remove this anon id, I won't be using it. ------- start of forwarded message (RFC 934 encapsulation) ------- Message-Id: <9408090808.AA14325 at anon.penet.fi> From: daemon at anon.penet.fi (System Daemon) To: danielce at ee.mu.oz.au Subject: Anonymous code name allocated. Date: Tue, 9 Aug 94 11:08:40 +0300 You have sent a message using the anonymous contact service. You have been allocated the code name an120044. You can be reached anonymously using the address an120044 at anon.penet.fi. If you want to use a nickname, please send a message to nick at anon.penet.fi, with a Subject: field containing your nickname. For instructions, send a message to help at anon.penet.fi. ------- end ------- From greg at ideath.goldenbear.com Tue Aug 9 01:47:37 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Tue, 9 Aug 94 01:47:37 PDT Subject: Key Coercion after encrypted message transmission. In-Reply-To: <199408090533.AA06475@xtropia> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- An anonymous author writes: [describes an interesting technique to avoid coerced key disclosure] > A little thought shows that such a system could be used in some > applications of interest to cypherpunks. The ability to implement such > a system is clearly within our grasp. Therefore, the cypherpunk CODE > requires that the cypherpunks analyze, design, code and make such a > system widely available according to the grand traditions established > by previous cypherpunks. Unfortunately, you seem to have received one of the early drafts of the Cypherpunk Code; they're easy to spot because a fumble-fingered editor left out a few words while recopying meeting minutes. The Revised Cypherpunk Code of 1993 states: RCC 23.110: In accordance with the grand traditions established by previous cypherpunks (RCC 10.100, et seq), any cypherpunk who suggests that "someone" or "a cypherpunk" or "the cypherpunks" must implement a new idea shall be required to code the implementation themselves, on the platform of their choice. RCC 23.120: A cypherpunk required by RCC 23.110 to code an implementation may employ the work of others as a base for their implementation. The Librarian of the Cypherpunks is authorized to lend the implementor a copy of _Applied Cryptography_ until the implementation is finished. Fans of legislative history will remember the passionate debates between the theoretical cypherpunks - who stood opposed to any coerced effort - and the practice-based cypherpunks, who argued that this re-education effort was required to build the proper [post-] revolutionary consciousness, particularly in the "why can't someone else do it for me" climate of the mid-1990's. The debate ended when Zaxxon, an outspoken critic of the remailers, insisted that all cypherpunk software be rewritten - twice - to his specifications. The Cypherpunk Assembly voted 99-0 (1 abstention) to enact the "Do It Your Own Damn Self Act" of 1993, codified as RCC 23.110-120. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLkdCuX3YhjZY3fMNAQFvYAP/SH/FHSOXO+CDDikY9G3Cz9PSGhxUQTAC gMjtTaxafxA8m1MrbW0TPc6lz0HHQfm5f1rkouBhUp8HEvum1LdybbZ79FDfF8Rz 0OtQUt/2oPfVnZd28XhwKZTSPn4tFSa074xMwFJLEcP2YpJoB/U6bEbe1ACA/3+U ypHvbQDA60w= =bQ5X -----END PGP SIGNATURE----- From bill at kean.ucs.mun.ca Tue Aug 9 03:00:07 1994 From: bill at kean.ucs.mun.ca (Bill Garland) Date: Tue, 9 Aug 94 03:00:07 PDT Subject: No Subject Message-ID: <00982AE0.B5866330.262@Leif.ucs.mun.ca> -----BEGIN PGP SIGNED MESSAGE----- There has been much Meta Discussion of late. There has also been much but not too much trivial and meta-meta stuff, of which I gues I would have to categorize _this_ posting. I don't suppose anyone is interested in metabolizing this any further... All I have to do is take a break for a few days and I have these 457 New Messages to catch up on. You all know what I am talking about, I presume. Now that I have lost my job, and am more or less finished with soaking the hapless taxpayers, I can finally get around to doing those things I have previously referred to as homework, and turn them around into revenue generating memes. I am going to unsub for a week or so, and ::exclude all for a while, and unsub permanently from anything else except moribund IMP - I'll wait to see if anything happens in that arena - cypherpunks have assumed control over IMP memes anyway...so that when I get back, there will only be regular personal mail from net.friends and darters (my secret passion - a wonderful type A behaviour pattern) mail. I may have only five weeks of net.access at this address, anyway, but my seniority and status as alumnus and donor and decus membership entitle me to to historical use of my bill at kean.ucs.mun.ca True Name address. I can, I expect, get a forwarding privilege as part of my severance package, although I _will_ be going to a commercial internet service as soon as I get a round tuit. There are other possibilities, which I wont bore you with right now. So I'm off to write some code, do some homework, and take some annual r & r. Before I go, I thought I'd send this rant to the list, just one message or so before I send the appended .sig in to the Idea Factory for maintenance. We have discussed this before, so maybe after my Annual General Meeting coming up this Perseids, deep in the woods, I'll come up with an idea of how to make this come about - how to, say, achieve the goal - meanwhile I am just going to rant. I want Extropian mailing list software equivalent for Cypherpunks! Others want it. It has been mentioned as a possibility. I understand there are some intellectual property rights involved, but jesus h christ as my old man used to say, what can we say about the intellectual property rights of prz that we now take for granted? [Did anyone notice the AP article about prz the other day that was okay as a news bite but they spelled his name incorrectly!] [[Someone with a much-too-long-but-only-occassionally-used .sig also spells his name wrong...homework for another cypherpunk...]] I understand there are machine property rights involved, too. Perhaps these can be hashed out at TAZONO. I'll be there in spirit, if not in the flesh nor by upload... I know there are other problems, too, but hey, this code has already been written. Let's get it done. I haven't yet used the ::exclude features of Extropian list software for Extropian mail, but I could _sure_ use it for cypherpunk mail. Meanwhile I am about to unsub cypherpunks for a week, and ::exclude all for a while, and I'll be back RSN with some non-meta harangues. Opps, redundancy noted. Some notes for the future : 1. HEx will reanimate itself as a reputation market. I have to read some Chaum, first. 2. INFO_Banque will spontaneously order itself into existence. I have to read some Chaum, first, and tend to some other stuff. 3. Watch for the INFO_Banque_Protocols and the INFO_Banque_PPL. I claim copyright to these words...I guess I am going to have to sign this rant. 4. Perhaps I should sign all my future postings as a matter of personal discipline and policy, as I embark upon some personal self-transformation. 5. Perhaps I should invent another pseudonym for myself. It is known publically, although not widely, that I sometimes write things for an alter ego personality I have named Wendell Noseworthy. The new nym will have to be a credentialled entity... But I have to read some Chaum first, and I _still_ can't find a copy of Schnier in our library and now that I need all my paper cash to feed my replicant units, well, there may be some delays involved... Meanwhile, I will be interested in receiving encrypted mail from cypherpunks and Extropians, just for practice, of course. Very soon now I hope to get my PGP key signed by somebody, but I have been waiting a decision on moving to 2.6ui or 2.7...or 3. Use this public key for now, and we can verify it later in life. You can check the signature if you wish and let me know if I have made any blunders. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiynHCkAAAEEANbd5hw0IR+keK2U2DoGnAPdcctWxipdXbJ2Qr83ScX7d7K1 uP1bkRkGOCYJpQTksgtHf/ulUsZwq4TEFb7QUyvHnoRJcO4q0RX7CnH9fhXQ1F+k LeuU4NSCYIzrvI6kdoMR1nTN3N8zm793CafB/SI0ZoJs2b5p1UqYjDfdkCPxAAUR tCxCaWxsIEdhcmxhbmQgKFdtLlIuKSAgPGJpbGxAa2Vhbi51Y3MubXVuLmNhPg== =Z9Sb - -----END PGP PUBLIC KEY BLOCK----- So, as I said, I'm off for some R&R to write some meta-code. I'll retire this .sig below now, [perhaps another message or two will sneak through to other channels...] Copyright 1994, right now, me. Please do not distribute this rant. Bill Garland /----------------------------------------------------------------------\ | I am an Extropian. | Macronic Systems, Inc. offers Ideas for Sale ! | | BEST: DO_IT_SO ! | Go for it : Pledge a Digital US Dollar now. | | CryptoAnarchist. | Send PGP key for more information. | | Cypherpunk. | Get in on the ground floor. Invest Now. Trust me! | | Owner : MSInc., |---------------------------------------------------| | HEx, INFO_Banque | Bill Garland = bill at kean.ucs.mun.ca | \__________________________________o o_________________________________/ -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLkdEdkqYjDfdkCPxAQEkTgP+LZeoDVqECXIwaF8W5SrdsI57PNrd9818 /kTrMNBwq5Vq24Z17BBSD7AojT07TjBSdoM8sVJAfjFWanHvLslbGipraKdVv8cK robByfFvazcGTHEX/8tslKOChmSkS2yhU6aQzNOKgN4HS29GqBnFeAaTSU08sSZX 7gBrRoBUI50= =n0Cp -----END PGP SIGNATURE----- From jkreznar at ininx.com Tue Aug 9 03:44:08 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Tue, 9 Aug 94 03:44:08 PDT Subject: legal hacking Message-ID: <9408091043.AA27965@ininx> -----BEGIN PGP SIGNED MESSAGE----- Eric says ``... legal hacking is almost a necessity.'' Perry says ``You can't do legal hacks in an environment like this. It doesn't work.'' Delicious dichotomy. Here are the more extended contexts: At Wed, 18 May 94 12:13:28 -0700 hughes at ah.com (Eric Hughes) wrote > Legal hacking is a lot of fun. Prerequisites are a humility to learn > the structure of legal argument and access to legal materials. The > study guides for law students are generally excellent introductions to > the subject. Access to a law library is also useful for looking up > statute and decisions, but not essential, although reading at least a > few decisions is necessary for ensuring an understanding of the social > process involved in the creation of law. > And if what you want to accomplish with your computer hacking > requires, for implementation, something outside the computer hardware > and networks, legal hacking is almost a necessity. But at Sun, 07 Aug 1994 08:24:57 -0400 "Perry E. Metzger" wrote > The bureaucrats aren't > going to want digicash, so they are going to find plenty of excuses to > prohibit it. You can't do legal hacks in an environment like this. It > doesn't work. If the bureaucrats don't like you, they shut you down, > and there is not a damn thing you can do about it, period. > True, you can leave the country and do your business there -- I know > several hedge funds that already refuse to take any customers from the > U.S. because they don't want the headaches, and there are other > similar things happening in lots of other parts of the financial > industry. However, don't think you can finesse the folks at the Fed, > the IRS, the Treasury, and the SEC -- they are monsters, and they > won't be stopped by the courts. What differing views of ``legal hacking''! It would be wonderful if society's response to legal hacking had more of the predictability of computer hacking. But there are a hundred million constituents out there (the power behind Perry's ``monsters'') who gratuitously accept government benefits. Such a person doesn't gladly suffer any legal technicality standing between him and the pound of your flesh to which he thinks he's entitled. If you can prove that the law permits you to keep your pound, then he and his majority allies will simply change the law, requiring the IRS to collect it from you after all. This inclines me to accept Perry's cynical skepticism that legal hacking can do any good. On the other hand, Eric demonstrates time and again that his remarks are not made lightly. In this case, they bear on the prospects for the ``State Citizen'' movement that seems to be so emergent these days. I wonder how he would respond to Perry here. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLkdKgcDhz44ugybJAQFj5gP+IMMUdQLMY8vqG4pcmNGAroSNIxvkXlbE rSIIbR3wZddeWLxNBsK+pMT8Le3RLRqQa7bRI8MVgEed23VAmpccAn8tiLsQOzSq MdUbuFIrI7MY/t3ov0fE6pWBvoZb345g0ZH83F5EZcU9NARNp6wsVDBA2bs9aQ9d 7cz/P4kxJHQ= =JBcR -----END PGP SIGNATURE----- From paul at hawksbill.sprintmrn.com Tue Aug 9 03:53:39 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Tue, 9 Aug 94 03:53:39 PDT Subject: NRO spoof Message-ID: <9408091156.AA29504@hawksbill.sprintmrn.com> On the local news this morning (Washington DC) there was a clip with Sen. John Warner expressing his displeasure with how the "intelligence community" has hidden the money for a massive construction effort to house the NRO. The land was bought and permits were applied for under the guise of a development for Rockwell International. There will probably be a follow-up story in this morning's Washington Post. - paul From jya at pipeline.com Tue Aug 9 05:50:36 1994 From: jya at pipeline.com (John Young) Date: Tue, 9 Aug 94 05:50:36 PDT Subject: NRO spoof & Wiretapping Bill Message-ID: <199408091250.IAA11953@pipe1.pipeline.com> Responding to msg by paul at hawksbill.sprintmrn.com (Paul Ferguson) on Tue, 9 Aug 6:56 AM The NY Times today also reports on the controversial NRO headquarters. Another long article reports on the wiretapping bill. One quote: "I'm not a great fan of wiretapping," said Rep. Don Edwards, who is a former FBI agent and is viewed by many as a sort of civil-rights sentry over the bureau. "But it's legal and we have to take care of it. . . . I don't think there will be objections except perhaps from purists who don't like the idea of Government listening in on conversations." End quote. From perry at imsi.com Tue Aug 9 05:56:05 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 9 Aug 94 05:56:05 PDT Subject: amateur ciphers In-Reply-To: <199408090541.AA14118@osiris.cs.uow.edu.au> Message-ID: <9408091254.AA22930@snark.imsi.com> Justin Lister says: > > The only really reasonable symmetric key ciphers out there in > > publically described form these days are DES, 3-DES and IDEA. There > > are a couple of things that may be okay, but which aren't out in the > > public literature (RC2 and RC4), a couple of things that are likely > > okay but which we are REALLY not going to find anything out about for > > a while (Skipjack :-) and a couple of things that are promising (like > > Coppersmith's new SEAL stream cipher, which looks quite interesting > > indeed.) > > I wonder on which evidence you base your assumptions ?? > (I would assume schneiers book) More the papers in the public literature, actually. > While Schneier's book is a very good guide, it is not very advisable to make > assumptions on the security of algorithms based on his book. One should look > at results from those performing cryptanalysis of such ciphers. Such as > biham and matsui. I fully agree. I was reading in this field a long time before Bruce even began writing. Perry From usura at hacktic.nl Tue Aug 9 06:09:37 1994 From: usura at hacktic.nl (usura at hacktic.nl) Date: Tue, 9 Aug 94 06:09:37 PDT Subject: Message-ID: <199408091309.AA17897@xs4all.hacktic.nl> In article <199408062304.AA24750 at xs4all.hacktic.nl> you wrote: : The jurisdiction where this remailer could be located, preferably : shouldn't care about pornografy. [Holland, Scandinavia ?] Pornografy isn't illegal in the Netherlands, but -contrary to popular believe- child pornografy *IS* illegal in the Netherlands. -- ____ Alex de Joode \ /__ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- \/ / "It's dangerous to be right when the government is wrong." \/ --Voltaire --finger usura at hacktic.nl for PGPpublicKEY-- From paul at hawksbill.sprintmrn.com Tue Aug 9 06:29:20 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Tue, 9 Aug 94 06:29:20 PDT Subject: NRO spoof and deception Message-ID: <9408091432.AA00220@hawksbill.sprintmrn.com> Front page story in the Washington Post, as expected, entitled, "Spy Unit's Spending Stuns Hill," and subtitled, "$310 Million Facility Secretly Sprouts Up Near Dulles Airport." Gee, I wondered what that building was. ,-) A couple of select quotes from the article: "The Senate Select Committee on Intelligence yesterday charged that the clandestine agency that manages the nation's spy satellites has concealed from Congress the mushrooming cost of a $310 million compund it has been secretly building near Dulles International Airport. "President Clinton declassified the existence of the proposed headquarters for the National Reconnaissance Office (NRO) yesterday after several senators protested to him privately that they had been kept in the dark about the cost and scope of the project. At 1 million square feet, it is nearly one-fourth the size of the Pentagon. "The NRO, whose very existence was until two years ago an officially classified secret, is jointly overseen by the CIA and the Department of Defense. Until yesterday, the headquarters project had been publicly described as an office complex for Rockwell International Corp., the Los Angeles-based defense contractor." "DeConcini critized the Pentagon and the CIA for not providing Congress adequate information. The intelligence community is a culture that 'believes we don't have to account like everybody else in government,' he said." --------- - paul From infante at acpub.duke.edu Tue Aug 9 06:35:42 1994 From: infante at acpub.duke.edu (Andrew Infante) Date: Tue, 9 Aug 94 06:35:42 PDT Subject: ANNOUNCE: the TAZONO is here Message-ID: <199408091335.JAA11077@teer1.acpub.duke.edu> Eric - If you wouldn't mind - I'd like to be removed from these mailings (for the umpteenth time! :) andy From merriman at metronet.com Tue Aug 9 06:36:19 1994 From: merriman at metronet.com (David K. Merriman) Date: Tue, 9 Aug 94 06:36:19 PDT Subject: Message-ID: <199408091339.AA11840@metronet.com> >In article <199408062304.AA24750 at xs4all.hacktic.nl> you wrote: > >: The jurisdiction where this remailer could be located, preferably >: shouldn't care about pornografy. [Holland, Scandinavia ?] > >Pornografy isn't illegal in the Netherlands, but -contrary to popular >believe- child pornografy *IS* illegal in the Netherlands. > But what is the age of consent for such in the Netherlands? I believe I saw on an educational TV program here in the U.S. that the age of consent in the Netherlands was 14. If so, what affect does that have on what is considered "child pornography"? [before the flames start, I would like to point out that my question is 'scholarly' :-] Dave Merriman From jdd at aiki.demon.co.uk Tue Aug 9 06:48:03 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 9 Aug 94 06:48:03 PDT Subject: Postal Inspection (was Common Carriers...) Message-ID: <4590@aiki.demon.co.uk> In message <9408082050.AA26145 at smds.com> FutureNerd Steve Witham writes: > That reminds me. I once got a conference announcement from Europe > in the mail. Printed on the envelope was a little icon showing a > profile of the head of a guy wearing a hat (like a policeman or > mailman's hat), and an arrow pointing from about his eye level to a > picture of an open envelope. This looked like the original envelope, > untouched, and the icon seemed to have been there from the start. What was the conference about? (If the icon was printed on the envelope, I suspect that it represented the topic of the conference or the group sponsoring it.) -- Jim Dixon From jdd at aiki.demon.co.uk Tue Aug 9 06:48:22 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 9 Aug 94 06:48:22 PDT Subject: e$ Message-ID: <4591@aiki.demon.co.uk> In message <9408072158.memo.40958 at BIX.com> peace at bix.com writes: > I can recall that many years back the casinos in Las Vegas all > accepted the chips from the other ones and then had a great > exchange each day where the accounts were settled up. Even the > gift shops took chips in place of cash. The US Treasury put a stop > to this as it was considered to be a replacement for cash. > > Also I hear a lot about bearer bonds, but never in the US. OTOH > the NYC subways have started a cash card that they expect merchants > to accept in lieu of coins. It would be nice to know what the Feds > will or won't accept. BTW, does it matter if the e$ are US denominated? > Could e$ be presented as travelers checks? The possibilities here are > extremely interesting. There is a small point to be made here which I think is really a big point. The US government does not object to the use of financial instruments so long as they are backed by the US $ (or another accepted currency). Most of us use such financial instruments daily -- checks and credit cards, for examples. Most financial transactions involve no cash at all. If an e$ is backed by US $1.00, the government will not object. The government objects if you create an alternative currency. Barter systems based on scrip are an alternative currency, and therefore illegal. If you had $1,000,000 in the bank and wrote out and signed 1,000,000 checks for $1.00 each, I think that these could be traded without violating any laws. But if you issue $e carelessly, you will probably find that you are acting as a bank, and therefore violating several Federal laws. You also need to be concerned about Federal regulations covering the import and export of money. I think that at $5,000 or $10,000 you have to report the transaction. I believe that the forms issued on airplanes make it clear that checks and other financial instruments are included. The action taken to stop the exchange of tokens between casinos would seem to contradict this. It would be useful if someone were able to find more information on this. The legal point might be that the tokens simply had an amount written on them ("$100) with no currency specified and without the name of a bank directed to pay this amount -- having said this, I am reasonably sure that they would not allow banks to pay out against their tokens, and so therefore they would definitely represent an alternative currency, and not an IOU. -- Jim Dixon From perry at imsi.com Tue Aug 9 07:02:53 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 9 Aug 94 07:02:53 PDT Subject: e$ In-Reply-To: <4591@aiki.demon.co.uk> Message-ID: <9408091402.AA23089@snark.imsi.com> Jim Dixon says: > There is a small point to be made here which I think is really a big > point. The US government does not object to the use of financial > instruments so long as they are backed by the US $ (or another > accepted currency). Yes it does. Bearer bonds are illegal in the US. > Most of us use such financial instruments daily > -- checks and credit cards, for examples. Most financial transactions > involve no cash at all. The point is that anonymous transactions are coming under increasing regulation. Commercial paper and the like is not a problem. Perry From cme at tis.com Tue Aug 9 07:22:18 1994 From: cme at tis.com (Carl Ellison) Date: Tue, 9 Aug 94 07:22:18 PDT Subject: Gore Letter and Software Key Escrow In-Reply-To: <199408090004.RAA25895@netcom11.netcom.com> Message-ID: <9408091421.AA16080@tis.com> Tim, >From: tcmay at netcom.com (Timothy C. May) >Date: Mon, 8 Aug 1994 17:04:09 -0700 (PDT) Thanks for the quotes. >* This compromise will likely put software key escrow (SKE, or Carl >Ellison's "GAK"..."Government Access to Keys") into the software for >audio and video teleconferencing, communication, and possibly into the >OS itself (as this would be needed to ensure wide coverage of >installed machines). Let me push even harder for use of the term "GAK". Your use of SKE here is not appropriate. "Escrow" is (or at least was) a neutral or positive term -- it's something on the side of the user. GAK is opposed to the user (unless the user is the Gov't, I suppose). The Administration, by using the words "Key Escrow" for GAK, no doubt attempted to sugar coat what they were doing. Thanks to the effort of many people (including us), that bit of sugar coating was washed off for the public to taste what was underneath. However, that combined effort has done damage to the English language. The word "escrow" is no longer neutral or positive. It evokes images of GAK and becomes negative. I agree that SKE (gov't use of "escrow") is potentially more threatening than Clipper/Capstone because it removes the distaste for hardware. But, even though that is something currently on your mind, I wish you would not try to limit my phrase GAK to SKE. By GAK I'm talking about any form of government access to citizens' keys -- hardware, software, rubber hoses, .... That was the son-of-an-English-major speaking. Meanwhile, there are positive uses for salting a master key away. For example, I encrypted a file on my Mac with Curve Encrypt earlier this year and then forgot the password. It took a month to remember it. If I hadn't remembered it, I would have to have written a program to guess passwords (knowing the forms I use). (Fortunately, I remembered it.) It would have been nice to have a key someplace (e.g., split in 3 pieces among 3 friends of mine who don't know each other) which I know I can always get in an emergency. [There's a danger here that those people might not be protected by the 5th Amendment, if the gov't were to learn who they were. ..any lawyers out there?] Several people are working on features like this, not for the gov't. The problem comes that a natural term to use to describe this feature would be "key escrow". However, the gov't has soiled that term. Now, I need a new term, hopefully true to the language to describe a feature like this without calling up images of GAK. -------------------------------------------------- >In closing, I reject the point made by Walker, that Americans will >accept a "government imposed key escrow if it was established by law." I do too. However, he might be right, if you take this as a prediction. If the gov't had not tried to pull the Clipper/Capstone crap in the manner it did (half spook, half Madison Avenue), but instead had initiated legislation to get this access, we cypherpunks would have been upset but we might not have gotten 80% of the public on our side. I don't know if the gov't has shot itself in the foot permanently, from the public's point of view. What I hope is immaterial. Walker might be right. The gov't might try it and we might lose. We can't relax in our efforts but we can't get anywhere just talking to recipients of cypherpunks. We have to keep getting the word out. [begin soap box] I also think we need to start writing the code that's needed -- not new ciphers or UNIX hacks to demonstrate feasibilities -- but polished end-user code for the computer-phobic users of Macs or Windows. [end soap box] - Carl From mpd at netcom.com Tue Aug 9 07:38:34 1994 From: mpd at netcom.com (Mike Duvos) Date: Tue, 9 Aug 94 07:38:34 PDT Subject: In-Reply-To: <199408091339.AA11840@metronet.com> Message-ID: <199408091438.HAA22753@netcom3.netcom.com> > But what is the age of consent for such in the Netherlands? I believe I saw > on an educational TV program here in the U.S. that the age of consent in the > Netherlands was 14. If so, what affect does that have on what is considered > "child pornography"? [before the flames start, I would like to point out > that my question is 'scholarly' :-] The age of sexual consent in the Netherlands is 16. However, there was a reform of the penal code a few years back which prohibits prosecution between the ages of 12-16 without a formal complaint being filed by the minor or the minor's parent or guardian. So for consensual relationships with minors with enlightened parents, the effective age is really 12. Pornography featuring performers under age 16 is also illegal, but only production and trafficking is criminalized, private possession is not. There have been a number of recent court cases which have set liberal precedents for child porn laws in Holland, such as the right of research organizations like university libraries to be exempt from the laws. Also, if the material doesn't show actual sex taking place, it is probably legal in Holland unlike the United States, where anything vaguely "suggestive" can get you in trouble. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From snyderra at dunx1.ocs.drexel.edu Tue Aug 9 08:00:36 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Tue, 9 Aug 94 08:00:36 PDT Subject: What are Appropriate Topics? Message-ID: At 2:58 AM 8/5/94, Timothy C. May wrote: >First off, my sincere apologies to Bob Snyder for quoting and >responding to his e-mail to me, without realizing he had not cc:ed it >to the list as well. I'm so used to replying to the author and then >having to manually cc: the Cyherpunks list that it was not until I got >the message quoted below that I realized his comments were private. I >will try to be more careful. > >Partly it was his civil tone that misled me--it read like a post to >the list, and not a personal note. In any case, my apologies to Bob. No problem. I'll try to remember to flame you next time. :-) >At least in my messages, I was not arguing merely statism vs. >libertarianism, or some such stale abstraction, but the specific issue >of taxation in the face of strong crypto and privacy, and the >oxymoronic nature of "volunteer governments." (I also think there are >issues related to privately-produced law which folks on this list >ought to know about, as it is the likely form of crypto anarchic law, >such as it is. The connections with crypto are quite strong, as it is >untraceable communication and commerce which makes these discretionary >communities possible.) OK. Perhaps I misread your article. I appear to have erased it from my Cypherpunks mailbox, or I'd reread it. I was reacting primarily to your initial comments on why you felt it should be on the list. I don't object to (and am happy to see) discussions of "applied" cryptography on the list, such as tax laws in the presence of cryptography. I would only object to the discussion of government in the abscence of either a (preferably) cryptological reference, or a privacy one. >As for pure crypto being discussed on the list, there's a fair amount >of that. I've posted my share of explanations of zero knowledge proof >systems, dining cryptographers protocols, complexity theory, etc. I'm >not saying this to defend myself, per se, but to note that these >topics produced almost no discussion, almost no interest. Make of this >what you will. Yes, and I appreciate you doing so. I try to work though such postings, and often check with _Applied Cryptography_ for more background. But I usually don't have any response for it. "Oh, no, that's completely wrong"? :-) Such postings are often a stretch for me, with my limited math background, and this isn't an appropriate place to ask the kind of math questions that would bring me up to speed. >And a dozen other juicy topics. If people want to debate these and >similar issues, we should *encourage* them to, not announce that the >topics are deviating from some imagined idea of the charter. I agree. I should apologize then, for misunderstanding your posting. My only concern was that the thread was going to start out without any cryptological reference, and who knows where it could veer from there. :-) The topics you listed (and I deleted in this response) appear to me to be perfectly legitimate topics. >It's generally best, I think, to lead by example. Instead of >pronouncing a topic to be off-limits or not consistent with the >charter, why not find a way to make what you *are* interested in also >interesting to others? That's how we'll move forward into new areas. I don't disagree with this. But this takes a skill set I'm still working to acquire; enough knowledge of cryptological concepts to start a discussion. And I don't mean to sound like I'm trying to set the Cypherpunks' agenda. I know what I would like to see here, and I phrase my responses as such. I hope I'm not one of the "complainers and the enforcers of dogma" Eric Hughes mentioned in his post. Bob -- Bob Snyder N2KGO MIME, PGP, RIPEM mail accepted snyderra at post.drexel.edu PGP & RIPEM keys on key servers When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From snyderra at dunx1.ocs.drexel.edu Tue Aug 9 08:00:59 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Tue, 9 Aug 94 08:00:59 PDT Subject: broadcast encryption Message-ID: At 4:06 AM 8/9/94, Dave Horsfall wrote: >Etc. I've been using PGP for authenticating my packet messages for >some months, for precisely the reasons you outlined. I get the >occasional "stop wasting bl**dy bandwidth" but most of the time it >results in more PGP users. I'm also careful to explain that PGP can't >be used to prove I did NOT write an unsigned nasty-gram (until we get >true authentication within the BBS, by which I hope the concept of a >BBS will disappear :-) but it makes a strong case if I sign ALL my >bulletins. What I would like to see is low-level digital signatures on the level of IP or AX.25. IP is doable, I would think. There's swIPe, and amateur packet drivers for Linux, but to get people to really use it, you'd need to put it in the software or hardware they use, like KA9Q (Hi Phil) for IP, and AX.25. Would it be possible to fit this into AX.25? I don't recall that much about the protocol, and all my packet reference materials are about 300 miles away. Bob -- Bob Snyder N2KGO MIME, PGP, RIPEM mail accepted snyderra at post.drexel.edu PGP & RIPEM keys on key servers When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From nzook at math.utexas.edu Tue Aug 9 08:02:22 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 9 Aug 94 08:02:22 PDT Subject: (fwd) Anonymous posters & Misinformation = Net pollution Message-ID: <9408091458.AA06151@vendela.ma.utexas.edu> Path: math.utexas.edu!news.dell.com!swrinde!cs.utexas.edu!uwm.edu!reuter.cse.ogi.edu!netnews.nwnet.net!news.u.washington.edu!mcdaniel From: mcdaniel at u.washington.edu (McDaniel) Newsgroups: talk.politics.misc,news.admin.policy Subject: Anonymous posters & Misinformation = Net pollution Date: 7 Aug 1994 08:13:45 GMT Organization: University of Washington Lines: 39 Message-ID: <32253p$220 at news.u.washington.edu> NNTP-Posting-Host: stein4.u.washington.edu Keywords: misinformation disinformation propaganda net anon anonymous Xref: math.utexas.edu talk.politics.misc:239273 news.admin.policy:19179 The problem: Anonymous posters supplying pseudo-news reports or otherwise wasting bandwidth in groups more concerened with fact or atleast genuine concerns (such as political talk groups and sci groups.) The soultion: Limited anonymous posters to forums where accountability for what one says is of little concern (such as rec groups where applicable.) OR provide the owners of moderated groups with detailed accounts of the true identity of any anonymous poster who post to a serious newsgroup and make that procedure known to the would-be anonymous user. I attempted recently to secure the actual address of an anon poster who deliberetly spread misinformation concerning a non-existant U.S. Presidential Executive Order and a news-look-alike story dealing with proven falsehoods. Needless to say the administrator of the popular anon.penet.fi server has not been cooperative. I suggest that groups wishing to deal with issues based a little stronger in reality ban anonymous posters and encourage their posters NEVER to repeat information supplied by anonymous posters elsewhere. Some groups have already come to that same conclusion. I believe that anonymous posting is a valuable service in many forums. However, it seems that service is being abused in political and technical newsgroups. I suppose yet another solution would be to make widely known the general untrustability of anonymous posters in groups where truth and fact are paramount. But this letter should go a tiny ways towards that goal. Opinions? -McDaniel From nzook at math.utexas.edu Tue Aug 9 08:02:28 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 9 Aug 94 08:02:28 PDT Subject: (fwd) Re: Anonymous posters & Misinformation = Net pollution Message-ID: <9408091458.AA06155@vendela.ma.utexas.edu> Path: math.utexas.edu!news.dell.com!swrinde!cs.utexas.edu!usc!rand.org!usenet From: Jim Gillogly Newsgroups: talk.politics.misc,news.admin.policy Subject: Re: Anonymous posters & Misinformation = Net pollution Date: 7 Aug 1994 15:17:31 GMT Organization: Banzai Institute Lines: 51 Message-ID: <2o7sni$4!nb at bogus-site.org> References: <32253p$220 at news.u.washington.edu> Reply-To: jim at acm.org NNTP-Posting-Host: mycroft.rand.org Keywords: misinformation disinformation propaganda net anon anonymous Xref: math.utexas.edu talk.politics.misc:239321 news.admin.policy:19182 In article <32253p$220 at news.u.washington.edu>, McDaniel wrote: >The problem: Anonymous posters supplying pseudo-news reports or >otherwise wasting bandwidth in groups more concerened with fact >or atleast genuine concerns (such as political talk groups and >sci groups.) .. >Opinions? Since you asked: my opinion is that there are more non-anonymous posters supplying pseudo-news reports or otherwise wasting bandwidth in serious groups. For example, in sci.crypt one poster consistently posts off-topic flamebait, and others consistently take the bait; while there's widespread consternation and killfiling, so far as I know nobody's suggested retroactively moderating him. On the other side, a consistent anonymous poster has produced and released useful crypto and digicash code... I assume his/her identity is masked to avoid ITAR prosecution for sending crypto out of the US without a license. In short, anonymity isn't the problem: cluelessness is the problem. In sci.crypt we may to eventually get rid of off-topic posts by moderating. I would hope the moderators will let anything clueful through, whether it's anonymous or not. I'll point out in passing that an anonymous poster can build up a reputation the same way as anybody else simply by signing articles with the same PGP key each time -- I'd be more confident that a signed message is from Pr0duct Cypher (i.e. the same person who posted as Pr0duct Cypher month) than that an unsigned one is from McDaniel... I could forge one of the latter in a trice. McDaniel also said: >applicable.) OR provide the owners of moderated groups with detailed >accounts of the true identity of any anonymous poster who post to >a serious newsgroup and make that procedure known to the would-be >anonymous user. This sounds challenging. Many of the for-profit services allow the users to pick their own net identity... it's a feature. Do you know the True Name of the person behind the account evidence at netcom.com? Do you think Netcom would cough it up without a court order? Either AOL or Delphi -- I forget which, now -- allows users to have several different identities for their Net traffic. How would prove identity to this moderator? Maybe by signing my application to post with my PGP key, which is in turn signed by somebody they trust? Seems quite difficult. certainly wouldn't want that burden as a moderator. I suggest you devote your time to finding a way to suppress idiocy and cluelessness on the Net in general... and if you can have it in place before the fall quarter starts, that would be lovely. Jim Gillogly Trewesday, 15 Wedmath S.R. 1994, 15:17 From nzook at math.utexas.edu Tue Aug 9 08:02:33 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 9 Aug 94 08:02:33 PDT Subject: (fwd) Re: Anonymous posters & Misinformation = Net pollution Message-ID: <9408091459.AA06167@vendela.ma.utexas.edu> Path: math.utexas.edu!news.dell.com!tadpole.com!uunet!news.sprintlink.net!sun.cais.com!cais2.cais.com!jdfalk From: jdfalk at cais2.cais.com (J.D. Falk) Newsgroups: talk.politics.misc,news.admin.policy Subject: Re: Anonymous posters & Misinformation = Net pollution Followup-To: talk.politics.misc,news.admin.policy Date: 8 Aug 1994 20:27:54 GMT Organization: Capital Area Internet Service Lines: 2 Message-ID: <3264ga$adk at sun.cais.com> References: <32253p$220 at news.u.washington.edu> NNTP-Posting-Host: 199.0.216.200 X-Newsreader: TIN [version 1.2 PL2] Xref: math.utexas.edu talk.politics.misc:239596 news.admin.policy:19191 What you propose would involve rewriting news and mail software at every site. This will not happen. From nzook at math.utexas.edu Tue Aug 9 08:02:36 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 9 Aug 94 08:02:36 PDT Subject: (fwd) Re: Anonymous posters & Misinformation = Net pollution Message-ID: <9408091459.AA06159@vendela.ma.utexas.edu> Path: math.utexas.edu!news.dell.com!swrinde!cs.utexas.edu!usc!nic-nac.CSU.net!charnel.ecst.csuchico.edu!olivea!decwrl!decwrl!amd!amdahl!svpal.org!svpal.org!not-for-mail From: billy at svpal.org (Bill Yeakel) Newsgroups: talk.politics.misc,news.admin.policy Subject: Re: Anonymous posters & Misinformation = Net pollution Followup-To: talk.politics.misc,news.admin.policy Date: 7 Aug 1994 09:42:21 -0700 Organization: Silicon Valley Public Access Link Lines: 30 Message-ID: <3232td$qe7 at svpal.svpal.org> References: <32253p$220 at news.u.washington.edu> NNTP-Posting-Host: localhost.svpal.org X-Newsreader: TIN [version 1.2 PL2] Xref: math.utexas.edu talk.politics.misc:239317 news.admin.policy:19181 McDaniel (mcdaniel at u.washington.edu) wrote: : The problem: Anonymous posters supplying pseudo-news reports or : otherwise wasting bandwidth in groups more concerened with fact : or atleast genuine concerns (such as political talk groups and : sci groups.) : I believe that anonymous posting is a valuable service in many forums. : However, it seems that service is being abused in political and technical : newsgroups. : I suppose yet another solution would be to make widely known the : general untrustability of anonymous posters in groups where truth and : fact are paramount. But this letter should go a tiny ways towards that : goal. : Opinions? Nice in theory, but.... How do know if someone is anonymous? Doesn't the act of checking itself show that you have doubts? What if someone using their real name posts that they have seen a flying saucer? Or posts an astrological prediction? If someone believes everything they are told, the consequence is their responsibility. Just my $2.00 worth. (I value my opinion 100 times greater than other's) Bill From nzook at math.utexas.edu Tue Aug 9 08:02:41 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 9 Aug 94 08:02:41 PDT Subject: (fwd) Re: Anonymous posters & Misinformation = Net pollution Message-ID: <9408091459.AA06171@vendela.ma.utexas.edu> Path: math.utexas.edu!news.dell.com!tadpole.com!uunet!spool.mu.edu!news.clark.edu!netnews.nwnet.net!news.u.washington.edu!mcdaniel From: mcdaniel at u.washington.edu (McDaniel) Newsgroups: talk.politics.misc,news.admin.policy Subject: Re: Anonymous posters & Misinformation = Net pollution Date: 9 Aug 1994 14:27:30 GMT Organization: University of Washington Lines: 16 Message-ID: <3283oi$nt7 at news.u.washington.edu> References: <32253p$220 at news.u.washington.edu> <3264ga$adk at sun.cais.com> NNTP-Posting-Host: stein3.u.washington.edu Xref: math.utexas.edu talk.politics.misc:239698 news.admin.policy:19195 jdfalk at cais2.cais.com (J.D. Falk) writes: > What you propose would involve rewriting news and mail software >at every site. This will not happen. Oh? All it would require is for anonymous posting services to keep a list of the onwers of moderated newsgroups and notify the individual moderator on a periodical basis, as to what the real e-mail address of the anonymous poster is (and what message the posted.) Right now many moderated groups have banned anonymous posting. I only hope that trend continues in groups where misinformation is very destructive (political and sci groups for instance.) -McDaniel From nzook at math.utexas.edu Tue Aug 9 08:02:52 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 9 Aug 94 08:02:52 PDT Subject: (fwd) Re: Anonymous posters & Misinformation = Net pollution Message-ID: <9408091459.AA06163@vendela.ma.utexas.edu> Newsgroups: talk.politics.misc,news.admin.policy Path: math.utexas.edu!news.dell.com!swrinde!howland.reston.ans.net!math.ohio-state.edu!uwm.edu!news.alpha.net!mvb.saic.com!eskimo!wix From: wix at eskimo.com (Dennis Wicks) Subject: Re: Anonymous posters & Misinformation = Net pollution Message-ID: Keywords: misinformation disinformation propaganda net anon anonymous Organization: Eskimo North BBS - The BEST! (206) 367-3837 References: <32253p$220 at news.u.washington.edu> Date: Sun, 7 Aug 1994 18:13:59 GMT Lines: 55 Xref: math.utexas.edu talk.politics.misc:239350 news.admin.policy:19183 In article <32253p$220 at news.u.washington.edu>, McDaniel wrote: >The problem: Anonymous posters supplying pseudo-news reports or >otherwise wasting bandwidth in groups more concerened with fact >or atleast genuine concerns (such as political talk groups and >sci groups.) > >The soultion: Limited anonymous posters to forums where accountability >for what one says is of little concern (such as rec groups where >applicable.) OR provide the owners of moderated groups with detailed >accounts of the true identity of any anonymous poster who post to >a serious newsgroup and make that procedure known to the would-be >anonymous user. > >I attempted recently to secure the actual address of an anon poster >who deliberetly spread misinformation concerning a non-existant >U.S. Presidential Executive Order and a news-look-alike story dealing >with proven falsehoods. > >Needless to say the administrator of the popular anon.penet.fi server >has not been cooperative. I suggest that groups wishing to deal with >issues based a little stronger in reality ban anonymous posters and >encourage their posters NEVER to repeat information supplied by anonymous >posters elsewhere. Some groups have already come to that same conclusion. > >I believe that anonymous posting is a valuable service in many forums. >However, it seems that service is being abused in political and technical >newsgroups. > >I suppose yet another solution would be to make widely known the >general untrustability of anonymous posters in groups where truth and >fact are paramount. But this letter should go a tiny ways towards that >goal. > >Opinions? Non-problem. Anonymous posters don't propogate any more disinformation, lies, or junk than "real" posters. I could post my kill file for t.p.g in support of this, but I won't. Anyone who belives anything posted to the net without verification has only themselves to blame. A well-known person posting from a prestigious .edu site has no more authority than any anon poster. The credence you place on the content has to be determined by the posters previous statements. Indeed, I find that several people post very accurate and insightful articles in some groups, but in others their personal biases are very obvious and their posts are worth no more than the typical TV news "man on the street" interview. -- My own opinions E-mail responses to On my own time Articles may be On my own dime Posted at my option From jdd at aiki.demon.co.uk Tue Aug 9 08:19:23 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 9 Aug 94 08:19:23 PDT Subject: EDDB/RN Message-ID: <4604@aiki.demon.co.uk> I don't know if anyone else has had this particular idea before, but it might be worth some consideration. I referred to it very briefly in my posting on RemailerNet v0.2 (RN02). Eric points out that users of remailer networks want to be able to trust in silence as well as trust in delivery, and RN02 accordingly specifies that messages should be erased immediately after acknowledgement of delivery. However, there should be a use for persistent store, for a remote encrypted database accessible anonymously. Everyone must have had this sort of experience: someone walks into your office. There is something on your desk that you would rather this other person not see. So you toss it into a drawer, to get it out of sight. Imagine that you are working on a document and someone walks into your office. Rather than tossing it into a drawer, you toss it to Finland. The document is sent encrypted. (The storage facility also encrypts it.) When its receipt is acknowledged, your local copy is destroyed, if you wish. You can retrieve it in seconds from anywhere, providing that the system supports the notion of an identify distinct from your log-in address. Ideally, the data is stored on a distributed data base, with some redundancy in case one or more gateways go down, and with the data striped across gateways, so that no one gateway has all of the data. Because the data is encrypted by you and encrypted by the EDDB, it cannot be recovered by anyone without your cooperation. If the data is striped over a number of gateways (with, say, every first byte here, the next byte there, the next byte at a third gateway, and every fourth byte at a fourth gateway), it would take widespread collusion even to recover a copy of the encrypted document. Once you have such a system in place, you could then do interesting things like storing a document in the EDDB, and selling it to someone by selling him your passwords. I also think that a very reliable version of this system could be used to handle electronic cash (e$). -- Jim Dixon From p.v.mcmahon.rea0803 at oasis.icl.co.uk Tue Aug 9 08:22:09 1994 From: p.v.mcmahon.rea0803 at oasis.icl.co.uk (p.v.mcmahon.rea0803 at oasis.icl.co.uk) Date: Tue, 9 Aug 94 08:22:09 PDT Subject: Problem in draft FIPS `CRYPTOGRAPHIC SERVICE CALLS' Message-ID: <9408091522.AA25889@getafix.oasis.icl.co.uk> DATE FROM SUBJECT Two related points: 1. Sorry to waste list bandwidth with such a question, but could someone please post to me the original "Problem in draft FIPS `CRYPTOGRAPHIC SERVICE CALLS'" item? (my server was down at the weekend). 2. NIST have proposed the draft FIPS to a number of standards development organisations - including X/Open and POSIX - and I know that Microsoft have reviewed it, so it will likely influence interfaces to commercially available cryptographic software and devices. If there is anybody with interest in crypto APIs on this list, then your informed comments on this NIST proposal, or other candidates (which I could make available if the level of interest warranted it), or alternatives, would be useful and timely. Thanks Piers -------------------------------------------------------------------- P V McMahon 09AUG94 ICL Enterprises post: Kings House, 33 Kings Road, Reading, RG1 3PX, UK email: p.v.mcmahon at rea0803.wins.icl.co.uk OR p.mcmahon at xopen.co.uk phone: +44 734 634882 fax: +44 734 855106 --------------------------------------------------------------------- From hughes at ah.com Tue Aug 9 08:47:16 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 08:47:16 PDT Subject: NRO spoof In-Reply-To: <9408091156.AA29504@hawksbill.sprintmrn.com> Message-ID: <9408091518.AA22320@ah.com> with Sen. John Warner expressing his displeasure with how the "intelligence community" has hidden the money for a massive construction effort to house the NRO. Steal this line: "The black budget is taxation without representation." Eric From paul at poboy.b17c.ingr.com Tue Aug 9 08:50:56 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Tue, 9 Aug 94 08:50:56 PDT Subject: GAK & RSA Message-ID: <199408091553.AA28248@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- RSADSI has been adamantly opposed to Clipper. You'd expect them to be opposed on business grounds; after all, Clipper wouldn't bring them any revenue and could quite possibly put them out of business if other forms of encryption were outlawed. I don't remember seeing many specific comments indicating that RSA was opposed to GAK on philosophical grounds (well, OK; some quotes on their "Sink Clipper" poster, if those count). Other groups were opposed to Clipper because Skipjack is of unknown strength. Putting the cypherpunkesque arguments about how GAK is a big step down the path towards a surveillance state, is it possible that the software GAK (SGAK) scheme could easily incorporate RSA's technology? Imagine: Schlafly et al win their court case, and RSADSI's patents on RSA and other public-key technology are declared invalid. SGAK can thus use RSA without any problem. The "Skipjack, DSS, and SHA may be weak" crowd can't object to RSA's strength, and of course RSADSI will be in no position to object. Another scenario: RSADSI wins and their patent remains valid. They can't refuse licensing to any entity which meets their terms, so SGAK can still be deployed, but RSADSI then gets a royalty. _This_ is what's scaring me. If Microsoft, Apple, et al offer weak encryption as part of SGAK, objections can be made to the weakness. If they use RSA, that avenue is gone. - -Paul - -- Paul Robichaux, KD4JZG | "Information is the currency of democracy." perobich at ingr.com | - some old guy named Thomas Jefferson Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkemSKfb4pLe9tolAQGYiAP9EEwh/ImtxO6VoeGW6Ur15lwM+eJy9MRR liYk+LMisjfJUwdO7Ngz2EDg/gKWky3u/t2LOm5347tekShXJXEqFqmRlGIt2xu7 8eSMRxRpewYTtYstPWPBaxBe6nzBSfD7BciQseqEU1b6ug21pB53hzHgYP7OwtrY NEZSuas7C9g= =+J/I -----END PGP SIGNATURE----- From hughes at ah.com Tue Aug 9 09:04:30 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 09:04:30 PDT Subject: EDDB/RN In-Reply-To: <4604@aiki.demon.co.uk> Message-ID: <9408091536.AA22362@ah.com> I don't know if anyone else has had this particular idea before, Yes, lots. However, there should be a use for persistent store, for a remote encrypted database accessible anonymously. The real questions are "how big is the market?" and "how much revenue is there in it?". Something like this doesn't get made reliable by volunteers. Ideally, the data is stored on a distributed data base, with some redundancy in case one or more gateways go down Look in Schneier for secret sharing. Eric From hughes at ah.com Tue Aug 9 09:16:15 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 09:16:15 PDT Subject: GAK & RSA In-Reply-To: <199408091553.AA28248@poboy.b17c.ingr.com> Message-ID: <9408091547.AA22396@ah.com> the path towards a surveillance state, is it possible that the software GAK (SGAK) scheme could easily incorporate RSA's technology? That depends on what you consider "RSADSI's technology". First, there are the direct claims of the patents. RSA and Diffie-Hellman primarily. The "public key" pattent of Hellman, Merkle, Diffie is the knapsack, which doesn't work. The Hellman, Pohlig patent is for a method of exponentiation as a secret key cipher. These claims are not very arguable if you believe the patents. (And there's an 'if' there, too.) But there's also the matter of patent extensions, the minor modifications to the actual patents that are also covered. I have heard that RSADSI claims that all use of modular exponentiation for cryptography are covered under their patents, as well as any public key type system. I think those claims are full of shit, myself, but that wouldn't stop RSADSI from suing for infringement and arguing the case and turning the attack from merit to one of lawyerdom. Eric From perry at imsi.com Tue Aug 9 09:19:30 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 9 Aug 94 09:19:30 PDT Subject: NRO spoof In-Reply-To: <9408091518.AA22320@ah.com> Message-ID: <9408091619.AA23352@snark.imsi.com> Eric Hughes says: > with Sen. John Warner expressing his displeasure with how the > "intelligence community" has hidden the money for a massive > construction effort to house the NRO. > > Steal this line: "The black budget is taxation without representation." The black budget, as with most things Congress does these days, is unconstitutional, as in: No money shall be drawn from the treasury but in consequence of appropriations made by law; and a regular statement and account of the receipts and expenditures of all public money shall be published from time to time. Perry From johndo at microsoft.com Tue Aug 9 09:21:35 1994 From: johndo at microsoft.com (John Douceur) Date: Tue, 9 Aug 94 09:21:35 PDT Subject: Remailer ideas Message-ID: <9408091622.AA21758@netmail2.microsoft.com> -----BEGIN PGP SIGNED MESSAGE----- >From: Rick Busdiecker >Date: Tuesday, August 09, 1994 12:54AM > It may thus be quite reasonable to build in a hard cutoff in > service time . . . since the extreme delay which triggers the > expedited transmission is an unpredictable and infrequent event >This is not a safe assumption. Check out the stats for ghio at kaiwan.com. The context of my above assertion was a hypothetical message-mixing system proposed by Hal Finney. Although I must confess that I haven't examined the statistics that you cited, I do not see their relevance to this hypothetical system. Of his own proposal, Hal says, "...it does have one disadvantage, which is that there is no upper bound on the latency of a message.... there is a small chance of having very large latencies.... it might be possible to modify [this system] so that messages never waited more than some maximum number of hours without seriously hurting the entropy." I believe that this is correct. The message delays introduced by Hal's proposed system were of exponentially diminishing probability; thus, linear increases in delay cutoff become multiplicative decreases in cutoff probability, and it is therefore easy to set a cutoff value for delay which will occur with sufficient infrequency as to be useless to the cryptanalyst. > it will not make cryptanalysis of the remailer any easier. >I'm pretty sure that cryptanalysis, per se, is not the question, but >rather traffic analysis. By "cryptanalysis," I mean traffic analysis. Considering the remailers to be a cryptosystem was suggested recently on this list by someone (I forget whom). JD -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkerrEGHwsdH+oN9AQHAjgP+NqSxhzz/N/Wa8y9D5zulPEStYUkZVvpR +krk8VbMRgcbw8OuMYQLG5VUO5viTrSw1zSEu1Hg7hVfZ1HKq8wgE2F/tOJA6r70 sKXfgXkQWi7Nxkz4pqPQSlpniVxW2G9rc4PK9U5aYIIktDKEzFigcZdcsGu20UJl sJUlTlmrpn8= =YvXF -----END PGP SIGNATURE----- From hughes at ah.com Tue Aug 9 09:24:58 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 09:24:58 PDT Subject: broadcast encryption In-Reply-To: Message-ID: <9408091556.AA22438@ah.com> What I would like to see is low-level digital signatures on the level of IP or AX.25. IP is doable, I would think. What is the policy purpose for signing packets? It will affect the design. Do you want to identify users, processes, or machines? If you want to reject packets not signed or badly signed _before_ further processing, that's one way. If you want to detect interposition in a stream parallel to the use of that stream, that would be another. Do you want each packet to carry an independent signature, or can packets be aggregated for signature? This is a separate problem, since "aggregation" doesn't mean a delay, it means there is state information carried which is involved in checking the signature. This question involves the abstraction level where authentication is taking place. Too often a particular situation is in mind and remains unspoken. Making assumptions explicit is necessary for good design and useful debate. Eric From hughes at ah.com Tue Aug 9 09:27:37 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 09:27:37 PDT Subject: Gore Letter and Software Key Escrow In-Reply-To: <9408091421.AA16080@tis.com> Message-ID: <9408091559.AA22451@ah.com> The problem comes that a natural term to use to describe this feature would be "key escrow". However, the gov't has soiled that term. Now, I need a new term, hopefully true to the language to describe a feature like this without calling up images of GAK. "Remote Backup" seems to be OK. Certainly backing up data is a perfectly respectable thing. Private keys are just more data. Eric From perry at imsi.com Tue Aug 9 09:34:26 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 9 Aug 94 09:34:26 PDT Subject: broadcast encryption In-Reply-To: <9408091556.AA22438@ah.com> Message-ID: <9408091634.AA23392@snark.imsi.com> Eric Hughes says: > What I would like to see is low-level digital signatures on the > level of IP or AX.25. IP is doable, I would think. > > What is the policy purpose for signing packets? It will affect the > design. Anyone even making such suggestions has not been following the IPSP standardization work... Perry From hughes at ah.com Tue Aug 9 09:34:45 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 09:34:45 PDT Subject: e$ In-Reply-To: <4591@aiki.demon.co.uk> Message-ID: <9408091606.AA22481@ah.com> There is a small point to be made here which I think is really a big point. The US government does not object to the use of financial instruments so long as they are backed by the US $ (or another accepted currency). No, this isn't so. They also object to barter schemes that are backed by dollars. The object to them not by making them illegal _per se_, but by making it illegal not to report all the transactions that occur inside them. You also need to be concerned about Federal regulations covering the import and export of money. I think that at $5,000 or $10,000 you have to report the transaction. This applies to cash and some cash-like instruments, not to "money". Originally it was just cash; it has been extended to other instruments, but not to all of them, insofar as I know. Eric From p.v.mcmahon.rea0803 at oasis.icl.co.uk Tue Aug 9 09:50:07 1994 From: p.v.mcmahon.rea0803 at oasis.icl.co.uk (p.v.mcmahon.rea0803 at oasis.icl.co.uk) Date: Tue, 9 Aug 94 09:50:07 PDT Subject: Problem in draft FIPS `CRYPTOGRAPHIC SERVICE CALLS' Message-ID: <9408091650.AA17029@getafix.oasis.icl.co.uk> > someone please post to me the original "Problem in draft FIPS > `CRYPTOGRAPHIC SERVICE CALLS'" item? (my server was down at the Thanks very much. I now have the mail. > 2. NIST have proposed the draft FIPS to a number of standards > development organisations - including X/Open and POSIX - and I > know that Microsoft have reviewed it, so it will likely influence > interfaces to commercially available cryptographic software and > devices. > If there is anybody with interest in crypto APIs on this list, > then your informed comments on this NIST proposal, or other > candidates (which I could make available if the level of interest > warranted it), or alternatives, would be useful and timely. My interest in this is that I am chair of the X/Open security working group defining a industry consensus specification for which the draft FIPS is one of the inputs, along with other inputs from RSADSI (via Sun), IBM, HP, Olivetti, SESAME etc. Piers From hughes at ah.com Tue Aug 9 09:57:22 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 09:57:22 PDT Subject: legal hacking In-Reply-To: <9408091043.AA27965@ininx> Message-ID: <9408091629.AA22518@ah.com> Such a person doesn't gladly suffer any legal technicality standing between him and the pound of your flesh to which he thinks he's entitled. On the other hand, if you can convince them that they don't have to contribute their pound of flesh likewise, they'll take that opportunity. I wonder how he would respond to Perry here. Well, Perry's right too, in that the amount of arbitrariness is enormous and that makes it _extremely_ challenging. I point out that one outlet for legal hacking is the legislature. Some things are cut and dried. Many more aren't. For example, the SEC has no jurisdiction on commercial paper of duration nine months or less, by statute. So that gets rid of one hurdle, if you can ensure that your devices are considered commercial paper. Using wording and agreements which are close analogues of commercial paper will help. [Aside: This is a practical failing with Chaum's digicash, is that it, being relatively uninterpreted mathematics, can be _called_ all sorts of stuff, some of which fall under more regulation than others. The regulators, of course, will pick the interpretation which gives them the most control.] So perhaps now you don't have to worry about the SEC. There are four regulators of banks in the USA, plus general regulation of commerce. Lots and lots of obstacles to avoid. And it's easy, easy, easy to overlook something. In addition, much regulatory power has be statutorily ceded to the regulators. In don't think I can stress this enough, because the regulators make rules which have the statutory force of law. The regulators can change or extend these rules _at will_. You won't get much warning, if you get any at all. Therefore, you want to avoid the purview of the regulators entirely, if possible. Moving offshore is one way. Performing substantive activity in another way also works, but that usually just means switching regulators. You can, for example, transfer value by moving stocks and bonds, that puts you under the SEC; you could also transfer value by moving real estate, and that's another set of law. Legal hacking is not easy. Syntactic hacks, for example, don't work. The whole bit with "self-incriminating pass phrases" is a syntactic hack; it doesn't work because it does not touch upon the substance of the law. Moving activity to another jurisdiction is not a syntactic hack, and it works because jurisdiction is legally significant. Eric From ecarp at netcom.com Tue Aug 9 10:01:15 1994 From: ecarp at netcom.com (Ed Carp) Date: Tue, 9 Aug 94 10:01:15 PDT Subject: winpgp 1.0 bugs Message-ID: <199408091701.KAA26325@netcom14.netcom.com> Is there a newer version of winpgp than 1.0? I've found what appears to be several bugs in 1.0: 1) if I attempt to encrypt more than one file, winpgp says "Illegal function call" and terminates. 2) if I encrypt a file with "Binary" checked, the resulting file is named ".PGP". If I attempt to decrypt this .PGP file, winpgp will only allow me to encrypt .PGP files, but not decrypt them. 3) if I encrypt a file with "ASCII" checked, the resultng file is named ".ASC". If I decrypt this file, pgp gives me an error message (apparently pgp is being called with the "-d" option). If I decrypt it by hand without the "-d" option, PGP loses the file extension; i.e., XXX.DOC encrypts to XXX.ASC, but decrypts to just XXX without the .DOC extension. I'm using pgp 2.6 and winpgp 1.0 running under windows 3.11 (workgroups). Please email directly, as I don't have access to the list from work. Thanks in advance for any assistance... :) -- Ed Carp, N7EKG/VE3 Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From perry at imsi.com Tue Aug 9 10:02:17 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 9 Aug 94 10:02:17 PDT Subject: Problem in draft FIPS `CRYPTOGRAPHIC SERVICE CALLS' In-Reply-To: <9408091650.AA17029@getafix.oasis.icl.co.uk> Message-ID: <9408091701.AA23510@snark.imsi.com> p.v.mcmahon.rea0803 at oasis.icl.co.uk says: > My interest in this is that I am chair of the X/Open security working group > defining a industry consensus specification for which the draft FIPS is one > of the inputs, along with other inputs from RSADSI (via Sun), IBM, HP, > Olivetti, SESAME etc. Have you been following the IETF's GSS-API work? .pm From hughes at ah.com Tue Aug 9 10:04:09 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 10:04:09 PDT Subject: Key Coercion after encrypted message transmission. In-Reply-To: <199408090533.AA06475@xtropia> Message-ID: <9408091635.AA22556@ah.com> I am not sure that there is a good way of addressing this problem short of dividing the key in some way among multiple people so that Darth has a hard time seizing them all. This idea has already been discussed elsewhere. Remote backup and secret sharing, yes. This problem could be called the transmission retroactive coercion problem (TRCP). This one has also been discussed here, just last week, by me. It's the problem of forward secrecy. It already has a perfectly good name, thank you. The original author of the message should find out what Diffie-Hellman key exhange is and how it can be used for forward secrecy. Eric From hughes at ah.com Tue Aug 9 10:15:35 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 10:15:35 PDT Subject: Remailer ideas In-Reply-To: <9408091622.AA21758@netmail2.microsoft.com> Message-ID: <9408091647.AA22577@ah.com> multiplicative decreases in cutoff probability, and it is therefore easy to set a cutoff value for delay which will occur with sufficient infrequency as to be useless to the cryptanalyst. They will be useless only as long as you have an assurance that these cutoffs are not correlated with anything "too large" (left deliberately hand-waving). In particular, delivery times are related to the retry algorithms at the higher level of the protocol. These retry algorithms operate between some two ends and therefore introduce correlations into the message patterns. It's not obvious (and may not be true) that arbitrary latency limiting is a safe behavior. By "cryptanalysis," I mean traffic analysis. Considering the remailers to be a cryptosystem was suggested recently on this list by someone (I forget whom). That was me. I'll have more to say on that subject later. Eric From hughes at ah.com Tue Aug 9 10:17:56 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 10:17:56 PDT Subject: broadcast encryption In-Reply-To: <9408091634.AA23392@snark.imsi.com> Message-ID: <9408091649.AA22593@ah.com> > What is the policy purpose for signing packets? It will affect the > design. Anyone even making such suggestions has not been following the IPSP standardization work... I wasn't asking what _the_ purpose was, but rather what the purpose the original author (coming out of the context of a radio discussion) had in mind. I know _lots_ of reasons for signing packets in some way. Eric From banisar at epic.org Tue Aug 9 10:21:20 1994 From: banisar at epic.org (Dave Banisar) Date: Tue, 9 Aug 94 10:21:20 PDT Subject: EPIC Seeks Release of FBI Wiretap Data Message-ID: <9308091315.AA11509@Hacker2.cpsr.digex.net> Electronic Privacy Information Center PRESS RELEASE _____________________________________________________________ For Release: August 9, 1994 2:00 pm Group Seeks Release of FBI Wiretap Data, Calls Proposed Surveillance Legislation Unnecessary Washington, DC: A leading privacy rights group today sued the Federal Bureau of Investigation to force the release of documents the FBI claims support its campaign for new wiretap legislation. The documents were cited by FBI Director Louis Freeh during testimony before Congress and in a speech to an influential legal organization but have never been released to the public. The lawsuit was filed as proposed legislation which would mandate technological changes long sought by the FBI was scheduled to be introduced in Congress. The case was brought in federal district court by the Electronic Privacy Information Center (EPIC), a public interest research organization that has closely monitored the Bureau's efforts to mandate the design of the nation's telecommunications infrastructure to facilitate wiretapping. An earlier EPIC lawsuit revealed that FBI field offices had reported no difficulties conducting wiretaps as a result of new digital communications technology, in apparent contradiction of frequent Bureau claims. At issue are two internal FBI surveys that the FBI Director has cited as evidence that new telephone systems interfere with law enforcement investigations. During Congressional testimony on March 18, Director Freeh described "a 1993 informal survey which the FBI did with respect to state and local law enforcement authorities." According to Freeh, the survey describes the problems such agencies had encountered in executing court orders for electronic surveillance. On May 19 the FBI Director delivered a speech before the American Law Institute in Washington, DC. In his prepared remarks, Freeh stated that "[w]ithin the last month, the FBI conducted an informal survey of federal and local law enforcement regarding recent technological problems which revealed over 180 instances where law enforcement was precluded from implementing or fully implementing court [wiretap] orders." According to David L. Sobel, EPIC's Legal Counsel, the FBI has not yet demonstrated a need for the sweeping new legislation that it seeks. "The Bureau has never presented a convincing case that its wiretapping capabilities are threatened. Yet it seeks to redesign the information infrastructure at an astronomical cost to the taxpayers." The nation's telephone companies have consistently stated that there have been no cases in which the needs of law enforcement have not been met. EPIC is a project of the Fund for Constitutional Government and Computer Professionals for Social Responsibility. ================================================================ FBI Director Freeh's Recent Conflicting Statements on the Need for Digital Telephony Legislation _______________________________________________________________ Speech before the Executives' Club of Chicago, February 17: Development of technology is moving so rapidly that several hundred court-authorized surveillances already have been prevented by new technological impediments with advanced communications equipment. * * * Testimony before Congress on March 18: SEN. LEAHY: Have you had any -- for example, digital telephony, have you had any instances where you've had a court order for a wiretap that couldn't be executed because of digital telephony? MR. FREEH: We've had problems just short of that. And I was going to continue with my statement, but I won't now because I'd actually rather answer questions than read. We have instances of 91 cases -- this was based on a 1993 informal survey which the FBI did with respect to state and local law enforcement authorities. I can break that down for you. * * * Newsday interview on May 16: We've determined about 81 different instances around the country where we were not able to execute a court-authorized electronic surveillance order because of lack of access to that particular system - a digital switch, a digital loop or some blocking technology which we didn't have to deal with four or five years ago. * * * Speech before the American Law Institute on May 19: Within the last month, the FBI conducted an informal survey of federal and local law enforcement regarding recent techno- logical problems which revealed over 180 instances where law enforcement was precluded from implementing or fully implementing court orders [for electronic surveillance]. ============================================================ From perry at imsi.com Tue Aug 9 10:24:16 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 9 Aug 94 10:24:16 PDT Subject: broadcast encryption In-Reply-To: <9408091649.AA22593@ah.com> Message-ID: <9408091723.AA23559@snark.imsi.com> Eric Hughes says: > > What is the policy purpose for signing packets? It will affect the > > design. > > Anyone even making such suggestions has not been following the IPSP > standardization work... > > I wasn't asking what _the_ purpose was, but rather what the purpose > the original author (coming out of the context of a radio discussion) > had in mind. I know _lots_ of reasons for signing packets in some > way. Oh, I understood what you were saying -- I didn't understand what the orignal author could be looking for... .pm From 73211.3713 at compuserve.com Tue Aug 9 10:30:40 1994 From: 73211.3713 at compuserve.com (Loren Fleckenstein) Date: Tue, 9 Aug 94 10:30:40 PDT Subject: remailers Message-ID: <940809172505_73211.3713_DHI21-2@CompuServe.COM> Can anyone supply me with a list of remailers? I'm writing an article for a general circulation newspaper on encryption, anonymous contact services and privacy in the Information Age. I want to provide readers with a list of remailing services. Also, what is the BBS tel. number at MIT to download PGP 2.6? From jdd at aiki.demon.co.uk Tue Aug 9 10:41:22 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 9 Aug 94 10:41:22 PDT Subject: e$ Message-ID: <4652@aiki.demon.co.uk> In message <9408091402.AA23089 at snark.imsi.com> perry at imsi.com writes: > > point. The US government does not object to the use of financial > > instruments so long as they are backed by the US $ (or another > > accepted currency). > > Yes it does. Bearer bonds are illegal in the US. Perhaps my use of terms was insufficiently precise. Bearer bonds do not actually represent money in the same sense that a check does. Their value [usually] fluctuates. They are a different kind of financial instrument. > > Most of us use such financial instruments daily > > -- checks and credit cards, for examples. Most financial transactions > > involve no cash at all. > > The point is that anonymous transactions are coming under increasing > regulation. Commercial paper and the like is not a problem. Hmmm. Neither of the types of financial transactions that I listed is anonymous. If A writes a check to 'cash', pays B with it, and B passes it on to C, and so forth, are you saying that this is or will one day be illegal? -- Jim Dixon From perry at imsi.com Tue Aug 9 10:52:05 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 9 Aug 94 10:52:05 PDT Subject: e$ In-Reply-To: <4651@aiki.demon.co.uk> Message-ID: <9408091751.AA23619@snark.imsi.com> Jim Dixon says: > In message <9408091402.AA23089 at snark.imsi.com> perry at imsi.com writes: > > > point. The US government does not object to the use of financial > > > instruments so long as they are backed by the US $ (or another > > > accepted currency). > > > > Yes it does. Bearer bonds are illegal in the US. > > Perhaps my use of terms was insufficiently precise. Bearer bonds do not > actually represent money in the same sense that a check does. Perhaps you don't actually know what it is that you are trying to say? > If A writes a check to 'cash', pays B with it, and B passes it on to > C, and so forth, are you saying that this is or will one day be illegal? If the check is written to "cash" and is used to avoid federal transfer reporting requirements, it is CURRENTLY illegal. I suspect that checks made out to "cash" would be illegal in all cases if they were widely used to avoid reporting requirements. Perry From tcmay at netcom.com Tue Aug 9 10:52:40 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Aug 94 10:52:40 PDT Subject: GAK & RSA In-Reply-To: <199408091553.AA28248@poboy.b17c.ingr.com> Message-ID: <199408091752.KAA25070@netcom8.netcom.com> Paul Robichaux writes: > RSADSI has been adamantly opposed to Clipper. You'd expect them to be > opposed on business grounds; after all, Clipper wouldn't bring them > any revenue and could quite possibly put them out of business if other > forms of encryption were outlawed. I don't remember seeing many > specific comments indicating that RSA was opposed to GAK on > philosophical grounds (well, OK; some quotes on their "Sink Clipper" > poster, if those count). I communicated with Jim Bidzos about this, asking him what he'd heard about the Karlsruhe/Walker-Belenson proposal--he said he'd gotten no wind of it, thinking it to be just another academic paper. Later messages indicated he was taking it more seriously. As to RSADSI's objections or approvals, I can't say. They are a _company_, planning to (someday??) turn a profit for their investors (Note: Alan Alcorn, the inventor of "Pong," invested in them in the early or mid-80s, and says he's not seen a dime come back, nor has the company gone public). That is, RSADSI is not run along Cypherpunkesque lines, but you all knew that. > Putting the cypherpunkesque arguments about how GAK is a big step down > the path towards a surveillance state, is it possible that the > software GAK (SGAK) scheme could easily incorporate RSA's technology? My understanding is that the Walker-Belenson algorithm is quite strong as it is. I tried to ftp to ftp.tis.com, and succeeded, but could not find the Karlruhe paper(s) there, yet. If someone knows where they are (Carl?) or otherwise gets ahold of them, they might be useful additions to our own archives. Or a pointer, at least. > thus use RSA without any problem. The "Skipjack, DSS, and SHA may be > weak" crowd can't object to RSA's strength, and of course RSADSI will be > in no position to object. I think 95% of the opposition to Clipper came from two sources: 1. General opposition to the principle of "escrowed encryption" 2. Disinterest/opposition to the idea of buying special hardware. I don't see the "Skipjack is weak" argument as ever having been persuasive. Hence, I don't see the following as too big a concern: > _This_ is what's scaring me. If Microsoft, Apple, et al offer weak > encryption as part of SGAK, objections can be made to the weakness. If > they use RSA, that avenue is gone. What scares me is the incorporation of the SKE or GAK into products. Not that RSA may offer an even stronger system. It's the principle. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hughes at ah.com Tue Aug 9 10:53:57 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 9 Aug 94 10:53:57 PDT Subject: e$ In-Reply-To: <4652@aiki.demon.co.uk> Message-ID: <9408091725.AA22702@ah.com> If A writes a check to 'cash', pays B with it, and B passes it on to C, and so forth, are you saying that this is or will one day be illegal? An individual note and its transfers are unlikely to be made illegal. But that's not the whole story. A company engaged in the business of issuing such notes and not recording (perhaps, a fortiori, by not being able to record) the transactions among people for these instruments, however, could be ruled to be performing a separate activity which could then be made illegal. Just because a single act is legal doesn't mean that a bunch of the same acts are. For example, not reporting a $5000 cash transfer is legal, but not reporting half a dozen of them made to the same person in the same day almost certainly is. Eric From tcmay at netcom.com Tue Aug 9 11:19:21 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Aug 94 11:19:21 PDT Subject: Strucured Transactions and Crypto In-Reply-To: <9408091725.AA22702@ah.com> Message-ID: <199408091818.LAA29474@netcom8.netcom.com> Eric Hughes writes: > If A writes a check to 'cash', pays B with it, and B passes it on to > C, and so forth, are you saying that this is or will one day be illegal? > > An individual note and its transfers are unlikely to be made illegal. > But that's not the whole story. A company engaged in the business of > issuing such notes and not recording (perhaps, a fortiori, by not > being able to record) the transactions among people for these > instruments, however, could be ruled to be performing a separate > activity which could then be made illegal. > > Just because a single act is legal doesn't mean that a bunch of the > same acts are. For example, not reporting a $5000 cash transfer is > legal, but not reporting half a dozen of them made to the same person > in the same day almost certainly is. The IRS/Treasury/etc. has the term "structuring" to refer to attempts to circumvent the reporting laws by doing "individually legal" transactions which are "collectively illegal." For example, getting around the $10,000 limit (which may have been lowered, I hear) by doing multiple $9,000 transactions. FinCEN (Financial Crimes Enforcement Network) is a multi-agency body that looks for things like this. Consistent with earlier points about the government not wanting to make it completely clear what's legal and what's illegal (regulatory discretion), the laws about structuring are not clear. Suspicion of structuring seems to be enough for a costly investigation and possible prosecution. It'll be interesting to see how crypto transactions are treated. The possibilities for structuring are exciting to we Cypherpunks, which means the Feds may act quickly to declare such transactions illegal. (Connections to key escrow/GAK, illegality of digital cash, legal hacking, and the huge new NRO complex near the credit card companies is left as an exercise.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From cme at tis.com Tue Aug 9 11:24:40 1994 From: cme at tis.com (Carl Ellison) Date: Tue, 9 Aug 94 11:24:40 PDT Subject: GAK & RSA In-Reply-To: <199408091752.KAA25070@netcom8.netcom.com> Message-ID: <9408091823.AA26987@tis.com> From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Aug 1994 10:52:48 -0700 (PDT) I don't see the "Skipjack is weak" argument as ever having been persuasive. [...] What scares me is the incorporation of the SKE or GAK into products. Not that RSA may offer an even stronger system. It's the principle. exactly .. This entire debate was sidetracked with a flurry of non-essentials. Who cares if Skipjack has a weakness? Who cares that it's classified? I don't need anything stronger than RSA and triple-DES, so Skipjack doesn't mean anything to me. However, it formed a kernel of controversy to distract a bunch of reporters and people posting to USENET. The only issue, as far as I'm concerned, is that in 4000 years of history of crypto (as documented by Kahn), private citizens have always had strong crypto and have kept their keys to themselves and there's no reason to believe the gov't should have the right, now or ever, to these keys. To me, the *only* issue is GAK. All the rest is moot...stuff to distract the critics and get them arguing among themselves (or with DERD and Sternlight). - Carl From Ben.Goren at asu.edu Tue Aug 9 11:37:43 1994 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Tue, 9 Aug 94 11:37:43 PDT Subject: No more NSA supra-computer? Message-ID: Yesterday I was talking with a friend, and the subject of supercomputers came up. Naturally, I mentioned the NSA 7000 Y-MP equivalent and Gunter Ahrendt's list of supercomputers worldwide (finger gunter at yarrow.wt.uwa.edu.au). My friend sent me a note this morning saying that he couldn't find that machine on Gunter's list; sure enough, it's been removed. Anybody know what happened to this machine? Did they lose funding? Decide it's not worth it? Is there some sort of subterfuge involved? It would be nice to think the Congress killed it, or decided to give the computer to a university, instead. b& -- Ben.Goren at asu.edu, Arizona State University School of Music net.proselytizing (write for info): We won! Clipper is dead! BUT! Just say no to key escrow. And stamp out spamming, too. Finger ben at tux.music.asu.edu for PGP 2.3a (soon 2.6) public key. From koontzd at lrcs.loral.com Tue Aug 9 12:10:56 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Tue, 9 Aug 94 12:10:56 PDT Subject: Digital Telephony Act Message-ID: <9408091909.AA15015@io.lrcs.loral.com> Whats going to happen when direct satellite phone service becomes a reality ( as in the joint Loral/Qualcomm effort ) ? When one notes that it is difficult to impossible to prevent service stealing in the cellular environment, how will it be prevented in direct broadcast? It might not be possible to detect unauthorized encryption schemes without direct monitoring. Do the Feds think this is can be won? From adam at bwh.harvard.edu Tue Aug 9 12:26:41 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 9 Aug 94 12:26:41 PDT Subject: Offline reading Message-ID: <199408091928.PAA01878@hermes.bwh.harvard.edu> I just finished (last night) Guns of the South, by Harry Turtledove. Before that I read Out of Control by Kevin Kelly. Both were recommended by folks on this list, and both were very good. Does anyone else care to share thoughts on books they're read recently? I'm looking for anything interesting. Also, could anyone recommend a good intro to F.A. Hayek's work? (in or out of print; Boston has many good used bookstores.) Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From tcmay at netcom.com Tue Aug 9 12:38:14 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 9 Aug 94 12:38:14 PDT Subject: Digital Telephony Act In-Reply-To: <9408091909.AA15015@io.lrcs.loral.com> Message-ID: <199408091937.MAA13077@netcom14.netcom.com> David Koontz writes: > > Whats going to happen when direct satellite phone service becomes a > reality ( as in the joint Loral/Qualcomm effort ) ? And don't forget "Teledesic," the 800-satellite (or something huge) project of Bill Gates and McCaw Cellular. Graham Toal discussed this recently in a post on software key escrow and Microsoft's possible involvement in SKE. Teledesic plans to enter the data/voice market, so any mandate for wiretapping would impinge on them. (End-to-end encryption, as with PGP, bypasses this....the great Unresolved Question has always been how all these proposed schemes will deal with end-to-end encryption, aka "superencryption.") > When one notes that it is difficult to impossible to prevent service > stealing in the cellular environment, how will it be prevented in > direct broadcast? > > It might not be possible to detect unauthorized encryption schemes > without direct monitoring. > > Do the Feds think this is can be won? Should the Surveillance State not be thwarted (via contributions of technology from groups like ours), I can imagine all sorts of draconian laws about encryption, demands that cleartext be produced on demand, etc. Suspicion of "structuring" communications to evade the intent of the law may be enough to trigger sanctions. But this is what we're here to fight. Deploying technology ubiquitously is more important than writing letters to Congressrodents. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From pcw at access.digex.net Tue Aug 9 12:47:20 1994 From: pcw at access.digex.net (Peter Wayner) Date: Tue, 9 Aug 94 12:47:20 PDT Subject: No more NSA supra-computer? Message-ID: <199408091946.AA27864@access2.digex.net> >Yesterday I was talking with a friend, and the subject of supercomputers >came up. Naturally, I mentioned the NSA 7000 Y-MP equivalent and Gunter >Ahrendt's list of supercomputers worldwide (finger >gunter at yarrow.wt.uwa.edu.au). My friend sent me a note this morning saying >that he couldn't find that machine on Gunter's list; sure enough, it's been >removed. > My guess, and this is only a guess, is that it disappeared for "security" reasons. They have a habit of keeping the smallest bit of light from emerging. For instance, no one knows the "Black" part of the budget. It's classified. But you can take the total budget amount and subtract the non-Black section and get the result. They make you do the math. From mccoy at io.com Tue Aug 9 13:02:35 1994 From: mccoy at io.com (Jim McCoy) Date: Tue, 9 Aug 94 13:02:35 PDT Subject: Digital Telephony Act In-Reply-To: <9408091909.AA15015@io.lrcs.loral.com> Message-ID: <199408091957.OAA10546@pentagon.io.com> > > Whats going to happen when direct satellite phone service becomes a > reality ( as in the joint Loral/Qualcomm effort ) ? [...] > Do the Feds think this is can be won? There is a clause in the Digital Telephony Act that states that the wiretapping requirements are waived if the technology is fundementally unable to provide this service to law enforcement due to it's design. This little bit leads me to believe that we might see telco designers putting a bit of effort to make the designs untappable from the start to get around such requirements if there is a market for it. It was probably put in for sats and wireless services, but in the right hands it might be a useful loophole to drive a crypto truck through... jim From nzook at math.utexas.edu Tue Aug 9 13:20:26 1994 From: nzook at math.utexas.edu (nzook at math.utexas.edu) Date: Tue, 9 Aug 94 13:20:26 PDT Subject: (fwd) Anonymous posters & Misinformation = Net pollution Message-ID: <9408092015.AA06563@vendela.ma.utexas.edu> Could you chalk this one up my lack of sophistication as a net.user? I thought c-punks might want to shower this guy with dissenting opinion. No, I've not done so--my poster is down... Nathan From jgostin at eternal.pha.pa.us Tue Aug 9 15:36:51 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Tue, 9 Aug 94 15:36:51 PDT Subject: No more NSA supra-computer? Message-ID: <940809174148S3cjgostin@eternal.pha.pa.us> Ben.Goren at asu.edu writes: > Anybody know what happened to this machine? Did they lose funding? Decide > it's not worth it? Is there some sort of subterfuge involved? Hmmm: "Dear Sir; Here at the NSA, we take National Security very seriously. Persuant to USC 422.932(b), we can pluck out your fingernails for releasing information about our computer resources. Please remove all information and references to and about the National Security Agency from your listing. Sincerely, Sue D. Nym, Agent at Large" True, this is an OBVIOUS spoof, but the point is still there.... --jeff From ianf at simple.sydney.sgi.com Tue Aug 9 16:25:48 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Tue, 9 Aug 94 16:25:48 PDT Subject: Digital Telephony Act In-Reply-To: <199408091937.MAA13077@netcom14.netcom.com> Message-ID: <9408100921.ZM15652@simple.sydney.sgi.com> On Aug 9, 12:37pm, Timothy C. May wrote: > And don't forget "Teledesic," the 800-satellite (or something huge) > project of Bill Gates and McCaw Cellular. Graham Toal discussed this > recently in a post on software key escrow and Microsoft's possible > involvement in SKE. One of the things which has to be worrying the spooks right now is that communications in general is swiftly becoming an international business, and much less susceptible to parochial arm-twisting. The days of the Black Chamber when the cable companies bosses could be talked into releasing telegrams for the good of their country are receeding into the distance, and this really must worry the TLA's we all have come to know and love. None of this is news for any of us. I have often felt that bills like Digital Telephony have a much deeper motive, in that although they seem a lot less than justifiable now, it may be that the spooks are trying to beat the technology and have a surveillance infrastructure in place simply so that it's existance can either frustrate or influence the structure of international communications infrastructure. It would he hard for any country to demand the inclusion of monitoring facilities in a new system, but it is MUCH easier for them to point out that the new system really should be able to provide the same "law enforcement" facilities as the existing infrastructure does. Just an idle thought. Ian. From lrh at crl.com Tue Aug 9 17:21:36 1994 From: lrh at crl.com (Lyman Hazelton) Date: Tue, 9 Aug 94 17:21:36 PDT Subject: Direct Satellite phone service In-Reply-To: <9408091909.AA15015@io.lrcs.loral.com> Message-ID: On Tue, 9 Aug 1994, David Koontz wrote: > > Whats going to happen when direct satellite phone service becomes a > reality ( as in the joint Loral/Qualcomm effort ) ? > > When one notes that it is difficult to impossible to prevent service > stealing in the cellular environment, how will it be prevented in > direct broadcast? > > It might not be possible to detect unauthorized encryption schemes > without direct monitoring. > > Do the Feds think this is can be won? > I am currently working on the IRIDIUM(r) effort. IRIDIUM is an international consortium which will fly 66 (+spares) satellites in polar orbits to achieve a global space-based cellular phone system. It is significant that *ALL* government involvement from *ANY* government or agency is being avoided by the IRIDIUM consortium. This is just good business: Who in another country wants to use a system that they know will be monitored in some secret way by their own or some other country's intelligence service? Instead, no encryption will be included in the mission (telephone) data portion of the IRIDIUM system. If a subscriber wants to use their own crypto-system on top of the basic communication service provided by the system, that is up to them. On the other hand, if no encryption is provided by the subscriber, anyone can listen into their conversations. As to preventing unauthorized use of the system, I know less. While it would be relatively easy and cheap to use any of our well known authentication protocols with strong crypto to prevent such crimes, I don't know if its use as a standard part of the system is planned. Finger lrh at crl.com for PGP 2.4 Public Key Block. From bogus@does.not.exist.com Tue Aug 9 17:42:21 1994 From: bogus@does.not.exist.com () Date: Tue, 9 Aug 94 17:42:21 PDT Subject: More on remailer chaining Message-ID: <199408100042.RAA15568@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- I have one small addition to the analysis I did yesterday of remailer chaining effects. Previously I was assuming that there was a uniform distribution of messages across remailers, so that all saw the same number of packets. How does this change if some remailers are used more than others? Again I will sneak up on the problem by taking a concrete example. Suppose there are two remailers and that we are using two-remailer chains which include the possibility of using the same remailer twice. Suppose one of the remailers is used much more than the other. Take an extreme case, where remailer 1 is used 90% of the time and remailer 2 is used 10% of the time. If we suppose that these probabilities affect both the choice of the first and second remailer in the chain, then the four possible chains have the following frequencies of use: 1,1 81% 1,2 9% 2,1 9% 2,2 1% Notice that this also implies that 90% of the messages enter the net at remailer 1 and 10% at 2, and also that 90% leave via 1 and 10% leave via 2. Now, ignoring for a moment the fact that there may be some reason people are shunning 2 (they suspect it is compromised, or it is unreliable, or something - but maybe it's just new and a lot of people haven't heard about it yet), what is the safest way to use this network? The key, I believe, is to imitate the observed statistics in your own choice of a chain, at least for the 2nd hop. 90% of the messages coming out of the first stage of either remailer will go to remailer 1. If you want your message to be lost most effectively among the others, you should choose remailer 1 as your own 2nd hop 90% of the time. This way your message will be 9 times more likely to go to 1 than 2, but since there is 9 times the traffic going to 1 than to 2 it will be perfectly masked. The result will be that your message is equally likely to be any of the N messages coming out of the remailer. Your statistics will match all of the others. Therefore, you get a full factor of N mixing with such an unbalanced network, just as much as you get with a perfectly symmetrical network - as long as you imitate the network statistics. The choice of the first remailer in your chain does not appear to be critical. We assume the opponent can see which remailer you have chosen (by tracking your message from your site to the remailer) so there is no advantage to choosing 1 over 2 as far as secrecy. You will get full N-fold mixing in either case. This is a bit counter-intuitive; it might seem that choosing 1 is superior to choosing 2 in terms of mixing. But look at a specific example: Suppose 100 messages enter the network, 90 at 1 and 10 at 2. After the first step, 9 messages go from 1 to 2 (10% of the 90) and 9 messages go from 2 to 1 (90% of the 10). Then 90 messages are sent from 1 and 10 from 2. Now, if your message entered at 2, but had a 90% probability of going to 1 at the second hop, then there is a 90% chance that it ended up as one of the 90 messages leaving 1, and a 10% chance that it ended up as one of the 10 messages leaving 2. This tells observers exactly nothing about where your message is. So choosing 2 as the first hop is just as good as choosing 1. Although I have not yet extended these results to longer hops and larger numbers of remailers, my guess is that the same general rule will apply there as well. This suggests that it will be useful and important to have accurate information about the usage levels of the various remailers so that you can accurately mimic those probabilities. How bad is it if you don't have accurate usage information? According to my calculations, in the case of two remailers, if the actual probabilities of the two remailers being used are p and 1-p, and the probabilities you use are q and 1-q, the mixing level you get decreases from N to N * (p/q)^q * ((1-p)/(1-q))^(1-q). If q=p and you have accurate information there is no reduction. In the example above, with p=.9, if you didn't know this and used q=.5, your mixing level reduces to N*.6. This is not a huge reduction even for this rather extreme case, but I can't guess how this will extend to larger networks and chains. Assuming these results do hold true, though, it suggests some interesting "market" dynamics. Patterns of usage of the remailers may tend to be stable since anyone who departs from the current usage pattern will stand out and hence lose security. It may be difficult for new remailers to become established since their initial usage level will be low, making it risky to use them to any significant degree. These considerations are somewhat similar to situations where there are competing but incompatible standards (e.g. Beta vs VHS VCR's) in terms of the barriers to entry. There may also be considerable misinformation about usage levels. It will be to the advantage of a site to exaggerate the number of messages they are handling. Especially if noise messages are used (a strategy I haven't tried to analyze yet) it would be easy to generate bogus statistics. Maybe some organization could collect statistics by polling remailer users about their practices rather than believing the operators, and make that information available. Another point is that, assuming that remailer operation is actually going to be profitable some day, there will be advantages to being one of the first to market. Getting your remailer widely known and used in the early days could establish market leadership which will have considerable staying power just from the inherent properties of how these networks work. Heavily-used remailers could charge premium prices while the "little guys" have to be cut rate in order to grow, compensating users for the loss of security they will experience. Maybe this will encourage people to make the investment to become what Tim May has called "Mom and Pop" remailers. This might be the golden opportunity to get in on the ground floor. For more information, send $10 in digital cash for our investment kit: "How you can make a fortune running anonymous remailers!" Please include an anonymous return address. :-) Hal -----BEGIN PGP SIGNATURE----- Version: 3.14159 iQCVAgUBLkghT6gTA69YIUw3AQFaJgP/e7RRWrEowQDQ9RdN+w9wC5zQ3Zod2w5n oeZLFlMJFzEjer2gxjh0yt+a0CPJA1p33W1BvxNODI2nmPHiFeVcD24L9oNzoyf9 QBrUMAJiuR09QQCPz8MjBwXdIXD1hU25hMiCN/drrJuRCgsFpp1wPlmWU2EnHK4g uoiDsWb4Wg4= =l7nS -----END PGP SIGNATURE----- From Ben.Goren at asu.edu Tue Aug 9 17:46:51 1994 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Tue, 9 Aug 94 17:46:51 PDT Subject: No more NSA supra-computer? Message-ID: At 3:41 PM 8/9/94, Jeff Gostin wrote: >Ben.Goren at asu.edu writes: > >> Anybody know what happened to this machine? Did they lose funding? Decide >> it's not worth it? Is there some sort of subterfuge involved? >Hmmm: > >"Dear Sir; > Here at the NSA, we take National Security very seriously. Persuant >to USC 422.932(b), we can pluck out your fingernails for releasing >information about our computer resources. Please remove all information >and references to and about the National Security Agency from your >listing. > > Sincerely, > Sue D. Nym, Agent at Large" > >True, this is an OBVIOUS spoof, but the point is still there.... Yeah, but the guy keeping the list is an Aussie. What would you do if MI5 asked you to remove mention of their 10,000 Cray Y-MP equivalent from *your* published list? I don't know about you, but that's one of the few times I might actually be glad for the TLAs. > --jeff b& -- Ben.Goren at asu.edu, Arizona State University School of Music net.proselytizing (write for info): We won! Clipper is dead! BUT! Just say no to key escrow. And stamp out spamming, too. Finger ben at tux.music.asu.edu for PGP 2.3a (soon 2.6) public key. From dave at esi.COM.AU Tue Aug 9 18:03:31 1994 From: dave at esi.COM.AU (Dave Horsfall) Date: Tue, 9 Aug 94 18:03:31 PDT Subject: broadcast encryption In-Reply-To: <9408091723.AA23559@snark.imsi.com> Message-ID: On Tue, 9 Aug 1994, Perry E. Metzger wrote: > Oh, I understood what you were saying -- I didn't understand what the > orignal author could be looking for... And by now I've lost track of the original discussion, so I'm not sure whether I am the one being referred to above (I'm the one who PGP signs all his packet radio messages, in response to Bob Snyder saying he sees no problem with this, and Bob replied saying he'd like to see it at the link level), and it sort of diverged from there... Given that the FCC (and other countries' equivalents) are starting to crack down on packet radio abuse (it's all too easy to fake someone else's callsign) I imagine it won't be long before we Amateurs are forced to implement some form of authentication (down to the callsign i.e. the user). You out there, Phil? -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD From nowhere at chaos.bsu.edu Tue Aug 9 18:36:38 1994 From: nowhere at chaos.bsu.edu (Chael Hall) Date: Tue, 9 Aug 94 18:36:38 PDT Subject: Remailer stuff In-Reply-To: <9408041450.AA12817@ah.com> Message-ID: <199408100131.UAA25868@chaos.bsu.edu> Eric Hughes wrote: >My criterion for a successful deployment is when the authors of a >mailer distribute encryption, signing, and remailing support as a >basic part of their packages. Yes, but as my package stands, it will compile on most systems and anybody with a passing knowledge of sendmail.cf, aliases, or .forward files and knows the location of their mailer can install and run it. PGP has been through so many changes, I'm just waiting until I can find a version that I can (1) run for a while without becoming outdated, and (2) use on my system without having security risks all over the place. I will *not* customize my software to work with PGP. I will make it work with encryption, but I'm not going to make it do anything different for PGP than for any other mail-processing software. If anyone has the time and the inclination to monkey with the code, it's available via anonymous FTP from chaos.bsu.edu:/pub/development. It is named something like remailer-current.tar.gz. Remember, this is C code, I don't waste RAM and CPU cycles running PERL on my system (no offense intended to those who use it.) Chael -- Chael Hall, nowhere at chaos.bsu.edu From hayden at vorlon.mankato.msus.edu Tue Aug 9 19:49:19 1994 From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden) Date: Tue, 9 Aug 94 19:49:19 PDT Subject: This is a test Message-ID: I apologize for this test. But, in the end, it will probably serve a good purpose :-) ____ Robert A. Hayden <=> hayden at vorlon.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or anyone else, dammit -=-=-=-=-=-=-=- (GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++ j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++** From alano at teleport.com Tue Aug 9 20:51:16 1994 From: alano at teleport.com (Alan Olsen) Date: Tue, 9 Aug 94 20:51:16 PDT Subject: CreditCard info Message-ID: <199408100351.UAA09774@teleport.com> > > An interesting sideline - > I ran into an interesting situation at a local video rental place >yesterday. If you give them your credit card number they charge you .25 >less a tape to rent it(2.75 compared to 3.00) Your number goes into their >customer databse. > > I laughed, and said i'd rather pay the .25 a tape than take the chance >of some part-time HS kid getting ahold of my CC number. > > It's unbelieveable (to me anyway) that people would give this kind of >information out and trust that it can't be abused. It's bad enough that >we're asked to hand out our SS number for everything. > There are businesses that are just as clueless. I work for a mailing company that gets credit card orders from a telemarketing firm. All of the information that I would need to commit major credit card fraud flows across my computer every morning. (I actaully do the processing via computer to the bank. The bank program was written in Microsoft Basic by someone in California.) The company I work for wanted to print ALL of the credit card information on the packslips. This means that anyone along the production line could have taken that information and done with it what he/she will. The information is not stored in any sort of encrypted form on the computer. Anyone who has access to the system and the least amount of knowlege could get to it. Now you know why I do not have any credit cards. /========================================================================\ |"I would call him a Beastialic Sadomasochistic | alano at teleport.com | |Necrophile but that would be beating a dead | Disclaimer: | |horse." -- Teriyaki (What's up Tiger Lily?) | As if anyone cares! | \========================================================================/ From tcmay at localhost.netcom.com Tue Aug 9 21:36:03 1994 From: tcmay at localhost.netcom.com (Timothy C. May) Date: Tue, 9 Aug 94 21:36:03 PDT Subject: No more NSA supra-computer? Message-ID: <199408100435.VAA02566@netcom13.netcom.com> >>Yesterday I was talking with a friend, and the subject of supercomputers >>came up. Naturally, I mentioned the NSA 7000 Y-MP equivalent and Gunter >>Ahrendt's list of supercomputers worldwide (finger >>gunter at yarrow.wt.uwa.edu.au). My friend sent me a note this morning saying >>that he couldn't find that machine on Gunter's list; sure enough, it's been >>removed. >> > >My guess, and this is only a guess, is that it disappeared for "security" >reasons. They have a habit of keeping the smallest bit of light from >emerging. For instance, no one knows the "Black" part of the budget. It's >classified. But you can take the total budget amount and subtract the >non-Black section and get the result. They make you do the math. I was intrigued by this disappearance, so I sent an e-mail message to Gunter Ahrendt. Through the joys of time zones, my message this evening was answered within minutes, from Australia. He told me the NSA machine remains, though it has been renamed, has been put under another site, and its performance rating has been recalculated based on a new metric. Gunter's latest report (in comp.sys.super) explains the new metric. Grepping for the name "SMPP," here's where I found it: 58) 16.46 - (APR-1994) [SRC] Supercomputing Research Center,Bowie,Maryland,US,root at super.org 1) Cray 3/4-128 [-4Q96] 11.46? 2) SRC Terasys ~ 5 3) SRC SMPP-4/2M [+4Q96] 503.33? This is also very intriguing. The machine formerly called the "NSA SMPP-2/2M" and expected to be located at NSA Central Security Service, is now to be located in nearby Bowie at the Supercomputing Research Center. I guess that means the SRC is doing more than just "academic computing"! --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From die at pig.jjm.com Tue Aug 9 23:24:53 1994 From: die at pig.jjm.com (Dave Emery) Date: Tue, 9 Aug 94 23:24:53 PDT Subject: Satellite Cellphones In-Reply-To: <9408091909.AA15015@io.lrcs.loral.com> Message-ID: <9408100627.AA17861@pig.jjm.com> > > > Whats going to happen when direct satellite phone service becomes a > reality ( as in the joint Loral/Qualcomm effort ) ? > > When one notes that it is difficult to impossible to prevent service > stealing in the cellular environment, how will it be prevented in > direct broadcast? My understanding of both IRIDIUM and the Loral effort are that the satellite will be used to directly connect a remote user to a ground based MTSO (switch) which will actually route the call out over land lines or another satellite link. This implies that the satellite is not being used as a classical bent-pipe repeater linking the transmitter of one satellite phone to the receiver of another, but rather as a space born cell-site linked to the MTSO via a separate radio system on a completely different frequency band not unlike the terrestrial microwave links that link most cell sites to the current MTSOs. This means that there is no way for a mobile satellite user to bypass the switch and use the satellite directly to relay his communications to another satellite phone, just as there is no way in the current analog AMPS/NAMPS cellphone system for a user on one cellphone to talk directly to another cellphone without going through a cell site relay and the MTSO switch. Thus the switch can always serve as a gateway authenticating users, and providing billing and access control services. Even in the more advanced concepts in which the satellite actually does some measure of on-board switching between the mobile terminal uplinks and downlinks, this switching is almost certainly going to be controlled and managed from the ground even if the actual traffic path goes only through one or more satellites. And hopefully, someone has already thought of the problem of a user of a satellite switched link having his direct satellite link taken over by a higher powered bad guy perhaps only for a few seconds to transmit a burst of data to a confederate monitoring the downlink. Thus the problem of satellite phone access security is not very different from the problem of current terrestrial cell phone access security - namely that a remote user coming from somewhere out there and preporting to be a legitimate subscriber requests a connection over a very unsecure link subject to both easy monitoring and various kinds of spoofing. Obviously this is a very natural place to apply cryptographic authentication technology such as zero knowlage proofs. As most of you are no doubt aware, the problems with fraud in the current AMPS cellular system in the US are due to a very bad design decision 15-20 years ago to not use some form of strong encryption of the authentication exchanges between the mobile phone and the switch. Instead all of these take place completely in the clear, including transmission of the ESN (electronic serial number) which is the only trully unique ID a cellphone contains. Thus anyone with trivially simple equipment (basically a scanner and a PC and a very simple interface card) can determine the ESN and MIN (telephone number) of someone elses cellphone by listening in to its tranmissions and use these to make fraudulant calls charged to that number. Had the designers of the system simply cbc DES encrypted these messages under a fixed cell or system wide key, most of this fraud would have been too difficult for all but those with much better things to do with their time and resources to attempt (assuming some elementary common sense in the design of the message formats to thwart simple replay attacks). One suspects that these kinds of fraud in a cellphone system designed using the concepts well known now for proper crytographic authentication and resistance to spoofing and replay attacks would be so rare as to be unimportant compared to other losses. In such a system security of the authentication information would no doubt be the major risk, as the designers of the European GSM system seem to indicate with their choice of a removable smartcard security module (token) that can be carried on one's person. > It might not be possible to detect unauthorized encryption schemes > without direct monitoring. Do the Feds think this is can be won? > I don't imagine it is ever possible to detect unauthorized encryption without direct monitoring. And for data transmission as opposed to voice, this is a very hard problem since some considerable fraction of data transmitted is such things as compressed binaries and images and things in unusual formats which don't lend themselves to easy automatic recognition at low cost. Dave Emery From jdwilson at gold.chem.hawaii.edu Tue Aug 9 23:49:49 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Tue, 9 Aug 94 23:49:49 PDT Subject: CreditCard info In-Reply-To: Message-ID: On Mon, 8 Aug 1994, Chris Knight wrote: > > It's true... You do not HAVE to give your ssn to anyone other than the > IRS and your employer... So many companies have changed their Actually you are not required to give your SSN to any government agency including the IRS, but they tell you in the Privacy Act acknowledgement that if you do not (voluntarily) give them your SSN, they won't process your tax payment. This would result in failure to pay taxes, and potentially jail-time etc. But it is "voluntary." -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.4: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From ianf at simple.sydney.sgi.com Wed Aug 10 01:07:24 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Wed, 10 Aug 94 01:07:24 PDT Subject: No more NSA supra-computer? In-Reply-To: Message-ID: <9408101804.ZM16350@simple.sydney.sgi.com> On Aug 9, 5:48pm, Ben.Goren at asu.edu wrote: > Yeah, but the guy keeping the list is an Aussie. > What would you do if MI5 asked you to remove mention of their 10,000 Cray > Y-MP equivalent from *your* published list? I don't know about you, but > that's one of the few times I might actually be glad for the TLAs. Well, I would imagine that it would be GCHQ in that case, but nevermind. MI5 is the UK equivalent of the FBI. In the case of an Australian mentioning something the NSA did not want mentioned, I would point out the existance of the UKUSA agreement (on which Australia is a signatory). I doubt that the DSD would contact anyone, they're rather pleasingly careful about not exceeding their charter. However, I would not be surprised if ASIO made a phone call and asked someone to cease and desist. Ian. From merriman at metronet.com Wed Aug 10 03:19:52 1994 From: merriman at metronet.com (David K. Merriman) Date: Wed, 10 Aug 94 03:19:52 PDT Subject: No more NSA supra-computer? Message-ID: <199408101022.AA08062@metronet.com> >This is also very intriguing. The machine formerly called the "NSA >SMPP-2/2M" and expected to be located at NSA Central Security Service, is >now to be located in nearby Bowie at the Supercomputing Research Center. > >I guess that means the SRC is doing more than just "academic computing"! > What was that IP address, again? :-( Dave Merriman From rah at shipwright.com Wed Aug 10 05:48:39 1994 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 10 Aug 94 05:48:39 PDT Subject: e$: Cypherpunks Sell Concepts Message-ID: <199408101246.IAA18622@zork.tiac.net> I posted this: > Second, we need a lawyer. This is a good thing, 'cause a you can't hack > laws without a lawyer (most of the time, anyway...), and > (ObThreadRelevance) we need one to pitch this stuff to other lawyers > (regulators, et. al.) anyway... > > In search of Vinnie "the Pro" Bono, honorable second cousin of the esteemed > mayor of Palm Springs, > > Bob Hettinga I got the following in e-mail from a law professor (shall we call him/her "Professor Vinnie"?) who wants to remain nameless for some reason... Somebody should teach "him" how to use a remailer, eh? This person is emblematic of all the usual interface problems with spiffy new stuff... Oh well. The posting is late because of the time took me to get permission. They should be a little faster next time. Here's what s/he said: >My specialties involve law about the government, not law about financial >transactions, so I'm guessing more than anything else here, but it seems >to me that there are two simple rules of thumb that ought to apply: > >1) E$ is not a security so long as there is no suggestion that you might >ever get back more than you paid. I.E. no interest, no dividends, no >profits. So long as e$ is exchanged at 1:1 (or less if there is a >transaction fee) with US$, then odds are very good it's not going to be >seen as a security, at least under federal law (who knows what funny rules >they may have in *your* state...). > >2) It's not going to be a scrip problem so long as every e$ is purchased >in advance for a US$. People run into problems when they are seen to be >creating value, e.g. as banks do with fractional reserve lending. So >long as e$ sticks close to the travellers check model, I would imagine >(remember: NO RESEARCH WAS DONE TO REACH THESE CONCLUSIONS) that the only >rules which apply in the US will be UCC rules that apply to checks, and >IOUs. This would seem to be a desireable state of affairs for e$. > >I am late to this subject, so if in fact e$ fails either of the tests >above, please let me know. After I got this, I asked "him" to reply directly to the list, and "he" replied declining to do so, the following is the only part of "his" reply that is relevant to the above. >I should warn you again: I'm an administrative lawyer. The 'research' >for that note consisted of five minutes conversation in bed with my >who is a securities lawyer. From another country. There's a good chance I >have no idea what I'm talking about... Great. We've got ourselves a lawyer in the loop who'll help us talk about this stuff. I fingered "him" and "he" looks real to me. Guess I have some reading to do about this anonymity stuff, eh? Anyway, it's real nice to have another pair of (trained) eyes looking at the problem. Cheers, Bob Hettinga (Human remailer and mouthpiece mouthpiece) ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From snyderra at dunx1.ocs.drexel.edu Wed Aug 10 06:42:32 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Wed, 10 Aug 94 06:42:32 PDT Subject: broadcast encryption Message-ID: At 11:56 AM 8/9/94, Eric Hughes wrote: >What is the policy purpose for signing packets? It will affect the >design. > >Do you want to identify users, processes, or machines? While I am a ham, I'm not directly on packet radio, so someone who spots something incorrect please speak up. I'll probably be getting the needed equipment within the month. I would think machines would need to be identified. Every packet contains a callsign within it, identifying the source of the packet. This is often the only criteria BBSes on packet radio will discriminate callers. You can change the callsign transmitted with a simple command to the TNC, and thus easily forge messages. Another situation this could solve would be the ability to log into a home machine without compromising the security on it. Your password must go in the clear, but if the packets are digitally signed, it would be difficult for someone to log into your machine using a replay attack. I had considered one of the challenge/response credit card devices out there, but someone could still break in by waiting for the chalenege/response to take place, and then send their own packets seemingly coming from the host that answered the challenge/response. I would say drop packets that are supposed to be coming from a signing source that aren't signed or have a wrong signature. For example, the local BBS would have listed that N2KGO uses signatures, and has a key on file. Any packet destined for the BBS with my call with a abscent/bad signature would be dropped. You need to keep the ability to respond to unsigned packets, though, since not everyone will switch at the same time, or switch at all. >Do you want each packet to carry an independent signature, or can >packets be aggregated for signature? This is a separate problem, >since "aggregation" doesn't mean a delay, it means there is state >information carried which is involved in checking the signature. This >question involves the abstraction level where authentication is taking >place. This one is a toss-up. One of the main characteristics of packet radio is its low bandwidth. A message digest on individual packets would probably take up more space than a digest on an aggregate group of packets, because the function should generate the same size digest either way. However, if testing a group of packets, and the signature is wrong becuase of an error, you now have many more packets to resend. Bob -- Bob Snyder N2KGO MIME, PGP, RIPEM mail accepted snyderra at post.drexel.edu PGP & RIPEM keys on key servers When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From snyderra at dunx1.ocs.drexel.edu Wed Aug 10 06:42:42 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Wed, 10 Aug 94 06:42:42 PDT Subject: broadcast encryption Message-ID: At 12:34 PM 8/9/94, Perry E. Metzger wrote: >Eric Hughes says: >> What I would like to see is low-level digital signatures on the >> level of IP or AX.25. IP is doable, I would think. >> >> What is the policy purpose for signing packets? It will affect the >> design. > >Anyone even making such suggestions has not been following the IPSP >standardization work... Is this the IPng work I just saw a bunch of RFC notices go out for, or something different? Any drafts you can point me to? Bob -- Bob Snyder N2KGO MIME, PGP, RIPEM mail accepted snyderra at post.drexel.edu PGP & RIPEM keys on key servers When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From perry at imsi.com Wed Aug 10 06:45:06 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 10 Aug 94 06:45:06 PDT Subject: broadcast encryption In-Reply-To: Message-ID: <9408101344.AA26604@snark.imsi.com> Bob Snyder says: > >Anyone even making such suggestions has not been following the IPSP > >standardization work... > > Is this the IPng work I just saw a bunch of RFC notices go out for, or > something different? Any drafts you can point me to? I posted a summary to this very mailing list only a few days ago. .pm From jdd at aiki.demon.co.uk Wed Aug 10 07:10:26 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 07:10:26 PDT Subject: e$ Message-ID: <4866@aiki.demon.co.uk> In message <9408091606.AA22481 at ah.com> Eric Hughes writes: > There is a small point to be made here which I think is really a big > point. The US government does not object to the use of financial > instruments so long as they are backed by the US $ (or another > accepted currency). > > No, this isn't so. They also object to barter schemes that are backed > by dollars. The object to them not by making them illegal _per se_, > but by making it illegal not to report all the transactions that occur > inside them. It may not be so, but this example is not relevant. A barter scheme is not a financial instrument or an exchange of financial instruments. If you agree to exchange a refrigerator for ten hours with your favorite shrink, no financial instruments change hands. But the IRS sees that your shrink is making "money" and not reporting it. > You also need to be concerned about Federal regulations > covering the import and export of money. I think that at $5,000 or > $10,000 you have to report the transaction. > > This applies to cash and some cash-like instruments, not to "money". > Originally it was just cash; it has been extended to other > instruments, but not to all of them, insofar as I know. When you fly into the US, you must fill out a customs declaration. You are required to declare money in various forms (cash, checks, etc) and then to sign a statement saying that your declaration is true. I believe that you must declare anything over a relatively small amount, a few thousand dollars. Banks are required to declare cash deposits and international movements of funds over either $5K or $10K, I forget which. The objective is to make money laundering difficult. -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 10 07:10:40 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 07:10:40 PDT Subject: Postal Inspection (was Common Carriers...) Message-ID: <4869@aiki.demon.co.uk> In message <9408091950.AA02763 at smds.com> FutureNerd Steve Witham writes: > > What was the conference about? (If the icon was printed on the envelope, > > I suspect that it represented the topic of the conference or the group > > sponsoring it.) > > Artificial Life. No relation to the icon that I can see. > Besides, it was on the back of the envelope on the flap. > > Some people have answered that it means "Okay to inspect, open here." > Scary icon (policeman looking into envelope). 1. Icons are commonly used in Europe because there are so many different languages. 2. You often get lower rates for printed paper. 3. He is a postman, not a policeman. "OK to open for postal inspection" (to verify that it is printed paper). -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 10 07:10:53 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 07:10:53 PDT Subject: broadcast encryption Message-ID: <4871@aiki.demon.co.uk> In message <9408091634.AA23392 at snark.imsi.com> perry at imsi.com writes: > > What is the policy purpose for signing packets? It will affect the > > design. > > Anyone even making such suggestions has not been following the IPSP > standardization work... How can one follow the IPSP standardization work? -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 10 07:11:20 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 07:11:20 PDT Subject: e$ Message-ID: <4878@aiki.demon.co.uk> In message <9408091725.AA22702 at ah.com> Eric Hughes writes: > If A writes a check to 'cash', pays B with it, and B passes it on to > C, and so forth, are you saying that this is or will one day be illegal? > > An individual note and its transfers are unlikely to be made illegal. > But that's not the whole story. A company engaged in the business of > issuing such notes and not recording (perhaps, a fortiori, by not > being able to record) the transactions among people for these > instruments, however, could be ruled to be performing a separate > activity which could then be made illegal. Yes. But my initial point was that a check for $1.00 does not constitute an alternative currency and you do not seem to be disagreeing with this. 'Therefore' if e$1.00 is essentially a promise to pay one US dollar, and if that $1.00 is on deposit with a bank somewhere, and if that bank will pay out US$1.00 when the e$ "check" is presented, the Feds will not be able to prosecute anyone for using an illegal currency. > Just because a single act is legal doesn't mean that a bunch of the > same acts are. For example, not reporting a $5000 cash transfer is > legal, but not reporting half a dozen of them made to the same person > in the same day almost certainly is. Yes. But you must remember my original point. I think that whether the $5000 is transferred as greenbacks or as $e is irrelevant, if the creation of $e is handled correctly. I think that if you look back through the recent postings on $e, you will find that in many cases a discussion which seemed to be about $e is actually about something else. You could substitute US$ for $e without changing the substance of the postings. > A company engaged in the business of > issuing such notes and not recording (perhaps, a fortiori, by not > being able to record) the transactions among people for these > instruments, however, could be ruled to be performing a separate > activity which could then be made illegal. Every bank in the United States that allows checks to be made out to cash already does this. A second point, relating to this paragraph: obviously, a foreign bank cannot be constrained in the same way to report financial transactions to US authorities. We have all heard of Swiss bank accounts. So I think that if a company issued $e "checks" denominated in US $ and if a foreign bank were willing to pay against the checks upon demand, then (a) the $e checks would not violate the Constitutional provisions against alternative currencies and (b) neither the foreign bank nor the foreign company issuing the checks would have to make any reports to US authorities. Our company is a UK company. We can easily open a US$ account at the bank down the street. We could then write US$ checks made out to cash. Our bank would not object, any more than they already object to the sterling checks that we occasionally make out to cash. If the US government tried to force either us or our bank to file reports with them, we would simply laugh at the requirements. -- Jim Dixon From perry at imsi.com Wed Aug 10 07:23:10 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 10 Aug 94 07:23:10 PDT Subject: broadcast encryption In-Reply-To: <4870@aiki.demon.co.uk> Message-ID: <9408101422.AA26709@snark.imsi.com> Jim Dixon says: > In message <9408091634.AA23392 at snark.imsi.com> perry at imsi.com writes: > > > What is the policy purpose for signing packets? It will affect the > > > design. > > > > Anyone even making such suggestions has not been following the IPSP > > standardization work... > > How can one follow the IPSP standardization work? Read the drafts, show up at IETF meetings, and subscribe to the working group mailing lists. (The list subscribe address is ipsec-request at ans.net; however, I'll caution that we do work on that mailing list, its not like cypherpunks. Distracting from the discussion, and posts from newbies who haven't followed the work thus far, are not encouraged. This isn't to say that new people are unwelcome; its just to say that it IS a working group, and its been in progress for a while.) Perry From perry at imsi.com Wed Aug 10 07:29:00 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 10 Aug 94 07:29:00 PDT Subject: e$ In-Reply-To: <4872@aiki.demon.co.uk> Message-ID: <9408101428.AA26732@snark.imsi.com> Jim Dixon says: > Precisely what do you mean by "is used to avoid federal transfer reporting > requirements" ? If you say that it is illegal, can you direct us to or > quote the relevant statute? I don't care to. It is widely known and understood that structuring transactions to avoid the $10,000 and over transaction reporting requirements is a felonly. Go and find out why on your own. > My point is that checks made out to cash are not regarded as an > alternative currency. My point is that the government doesn't give a flying fuck. They are simply trying to stop you from playing games. The law isn't like geometry -- there aren't axioms and rules for deriving one thing from another. The general principle is that they want to track all your transactions, and if you make it difficult they will either use existing law to jail you, or will produce a new law to try to do the same. Your hair spliting is really completely irrelevant. Perry From hughes at ah.com Wed Aug 10 07:35:20 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Aug 94 07:35:20 PDT Subject: e$ In-Reply-To: <4865@aiki.demon.co.uk> Message-ID: <9408101407.AA24943@ah.com> When you fly into the US, you must fill out a customs declaration. You are required to declare money in various forms (cash, checks, etc) What they ask for and what is required by law are two different things. It's not generally illegal to allow people to volunteer information that increases the power of the state. Banks are required to declare cash deposits and international movements of funds over either $5K or $10K, I forget which. In the US, the value is $10K, but that's only for cash transactions, and it's not just banks that are required to report. "International movements of funds" are not subject to reporting requirements as such. Eric From hughes at ah.com Wed Aug 10 07:42:54 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Aug 94 07:42:54 PDT Subject: e$ In-Reply-To: <4877@aiki.demon.co.uk> Message-ID: <9408101414.AA24954@ah.com> Yes. But my initial point was that a check for $1.00 does not constitute an alternative currency and you do not seem to be disagreeing with this. Merely the fact that an instrument is denominated in USA dollars is irrelevant to legality. What I was saying is that there are other activities that would be the ones ruled illegal. I think that whether the $5000 is transferred as greenbacks or as $e is irrelevant, if the creation of $e is handled correctly. Irrelevant to whom? As long as it's _not_ irrelevant to the government, it will be irrelevant to very few other parties. > A company engaged in the business of > issuing such notes [etc.] To clarify, I'm talking about a digital money company here, and since USA regulation is what is at issue, I'm talking about a USA digital money company. Every bank in the United States that allows checks to be made out to cash already does this. The one-at-a-time has never been an issue. And it's not banks that "allow" this, it's the Uniform Commercial Code. A second point, relating to this paragraph: obviously, a foreign bank cannot be constrained in the same way to report financial transactions to US authorities. Well, this is just what I've been talking about for some time. It's clearly possible to have the issuer in another country. Eric From farid at netcom.com Wed Aug 10 07:58:55 1994 From: farid at netcom.com (Farid F. El-Wailly) Date: Wed, 10 Aug 94 07:58:55 PDT Subject: Key Coercion after encrypted message transmission. In-Reply-To: <199408090533.AA06475@xtropia> Message-ID: <199408101459.KAA29853@netcom14.netcom.com> In article <199408090533.AA06475 at xtropia> you write: > > >People can use this protocol right now with PGP to protect themselves >against this kind of retroactive coercion. It will work. However, the >problem of manually generating the keys and sending them to the other >party and the whole bureaucratic hassle of keeping track of everything >makes it unlikely that anyone would actually do so. > Great idea. You don't need to generate public/private keypairs though. All you need are IDEA keys in these one time certificates and those are easy to generate. Regards, -- Farid F. El-Wailly farid at netcom.com From jdd at aiki.demon.co.uk Wed Aug 10 08:05:26 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 08:05:26 PDT Subject: RemailerNet Message-ID: <4895@aiki.demon.co.uk> In message <2e452e79.nemesis at nemesis.wimsey.com> Stuart Smith writes: > In article <4068 at aiki.demon.co.uk> you write: > >If you modify the proposed RemailerNet to allow reposting at gateways, > >you have all of the benefits of the system described above, without > >the risks. Reposted messages would be encrypted with the far gateway's > >public key. The near gateway would then have no idea of the ultimate > >destination of the message. In a well designed system, the far > >gateway would also not know the identity of the sender. > > But how could we do this if we followed your advice, and did not > allow the user to select their own chain, as you said > previously? I have assimilated criticisms made and modified the proposal. > By making users *trust* the remailnet as an entity, > you make it possible for that entity to be compromised. (a) I don't force the users to trust RemailerNet as a single entity, (b) how does their trust make it possible for the entity to be compromised?? It is not possible to guarantee that some or all components of a remailer network are not compromised. You can only take steps which reduce the probability. > If the > remailernet is not one entity, but a large group of independent > entities, compromise is *much* harder. It is NOT one entity, is IS a large group of independant (but cooperating) entities. > >Any traffic sent through this remailer network would have only a tiny > >chance of getting through without being compromised. If you picked > >5 remailers, the chances of all being non-FBI would be about .2^5, > >3 in 10,000. The other 9,997 messages would be copied immediately > >to Langley. > > > >The proposed RemailerNet could be attacked in much the same way. But > >if the network were widely distributed so that gateways were in > >different legal jurisdictions and different countries, and if most of > >the people involved knew one another, it would be more difficult to > >compromise it. > > But if the user does not know the people in the remailnet, how > can he or she trust *them*? In most cases, you do not want the person operating a remailer to know you personally. Ideally, you know them, because they have a widespread reputation (eg, julf at penet.fi). But they do not know you. As a practical matter, the fewer remailers there are, the more likely they are to have an accurate reputation, because more people will have had experience with them. > It's fine and dandy that the > remailnet operators trust each other, but the point is to give > the end user anonymity, not to form an old boys club of remail > operators. If they all know each other, I do *not* think that > makes the system more secure, I think it makes it weak. People have been building systems like this, that involve webs of trust, for millenia. Banks are such institutions. While it is true that familiarity between trusted individuals makes for collusion, it also makes for knowledge. Most people use banks. Few banks are corrupt. A cruder example is the dope dealer. The police regularly attempt to compromise them. Anyone buying dope learns to (a) be skeptical about all dope dealers but also (b) find one that he can trust and stick with him. Dope dealers apply the same sort of heuristic to their suppliers. They ask around all the time, they listen to gossip, they talk to their peers. > As is often stated, a mix-net like this should still be secure > if some of the remailers are compromised, so could we speculate > on just how easy or hard traffic analysis is with any given > percentage of a remailnet compromised? i.e. if we took it as a > fact of life that 90% of any announced remailers were > spook-mills, could we still trust the remailnet if we used > *long* chains in the hope that our messages would pass often > enough through *good* remailers to confuse the trail? RemailerNet v0.2 allows "empowered users" to participate as equals with established RemailerNet operators. This means that the gateway that they are connected to has no way of knowing whether they are originating any traffic, let alone who that traffic is addressed to. The gateway will know that the user is receiving traffic, but it will not know whether that traffic is intended for the user or whether the user is simply acting as a reflector. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Therefore, two users could communicate through a RemailerNet network with ALL nodes [gateways] compromised, and still be secure against most forms of attack. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Jim Dixon [sorry about the delay in answering this posting. It is dated 7 Aug but I received it 10 Aug] From bshantz at spry.com Wed Aug 10 08:14:45 1994 From: bshantz at spry.com (Brad Shantz) Date: Wed, 10 Aug 94 08:14:45 PDT Subject: GAK? Message-ID: <9408101513.AA07188@homer.spry.com> Forgive me for asking a naive question, but what exactly is GAK? I have seen it mentioned on the list several times in the last few days and don't recognize it. Brad From paul at hawksbill.sprintmrn.com Wed Aug 10 08:32:17 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Wed, 10 Aug 94 08:32:17 PDT Subject: GAK? In-Reply-To: <9408101513.AA07188@homer.spry.com> Message-ID: <9408101635.AA06912@hawksbill.sprintmrn.com> > > Forgive me for asking a naive question, but what exactly is GAK? I have seen > it mentioned on the list several times in the last few days and don't > recognize it. > It's a cypherpunk' coined acronym for "Government Access to Keys;" a parody on the possibility of SKE (Software Key Encryption). - paul From cme at tis.com Wed Aug 10 08:42:33 1994 From: cme at tis.com (Carl Ellison) Date: Wed, 10 Aug 94 08:42:33 PDT Subject: GAK? In-Reply-To: <9408101513.AA07188@homer.spry.com> Message-ID: <9408101541.AA26975@tis.com> >Date: Wed, 10 Aug 94 08:13:24 PDT >From: bshantz at spry.com (Brad Shantz) >Forgive me for asking a naive question, but what exactly is GAK? I have seen >it mentioned on the list several times in the last few days and don't >recognize it. It's my term. GAK = "Government Access to [Citizens'] Keys" I am offended at the gov't's use of the innocent sounding "Key Escrow" to describe GAK, so I am using GAK to refer to this practice. That term zooms in on the one important characteristic of what the gov't is trying to do here. "Key escrow", on the other hand, could be something very innocent -- an arrangement I set up with my lawyer and a bank, for example. - Carl From cme at tis.com Wed Aug 10 09:08:41 1994 From: cme at tis.com (Carl Ellison) Date: Wed, 10 Aug 94 09:08:41 PDT Subject: GAK? In-Reply-To: <9408101635.AA06912@hawksbill.sprintmrn.com> Message-ID: <9408101607.AA04019@tis.com> >From: paul at hawksbill.sprintmrn.com (Paul Ferguson) >Date: Wed, 10 Aug 1994 11:35:06 -0500 (EST) >It's a cypherpunk' coined acronym for "Government Access to Keys;" >a parody on the possibility of SKE (Software Key Encryption). Tim May keeps tying GAK to SKE, but I object to that. SKE is a small subset of "Key Escrow" (using the gov't's term for the moment) while GAK is a superset of "Key Escrow". IMHO, it is GAK we need to stay focussed on. SKE is a danger to track, but it's by no means the whole danger. - Carl From jdd at aiki.demon.co.uk Wed Aug 10 10:44:01 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 10:44:01 PDT Subject: The Terrorists are coming! Message-ID: <4899@aiki.demon.co.uk> In message <9408031132.ZM695 at simple.sydney.sgi.com> Ian Farquhar writes: > Out of curiousity, is anyone aware of whether the USSR employed PAL's > (Permissive Activation Links) in their strategic nuclear weaponary? If so, > is anyone aware of how secure the PAL's the Soviets actually used were? > There was a rumor on USENET some time back that the Soviets were using RSA > in their PAL's, but it sounded too much like an urban myth to me. According to recent press reports in the UK, when Soviet bombers were loaded with nuclear weapons, they were actually dummies (because the generals, etc, didn't trust the crews). This suggests that the Soviets did not have reliable safeguards on the bombs. Various arguments between the Ukraine and the USSR about ICBM warheads, also reported in the press, suggest that the safeguards on the warheads were reliable, because both parties seemed to agree that the Ukrainians couldn't set them off, although they are otherwise technically competent in dealing with the missiles. -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 10 10:44:19 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 10:44:19 PDT Subject: EDDB/RN Message-ID: <4901@aiki.demon.co.uk> In message <9408091536.AA22362 at ah.com> Eric Hughes writes: > However, there should be a use for persistent store, for a remote > encrypted database accessible anonymously. > > The real questions are "how big is the market?" and "how much revenue > is there in it?". > > Something like this doesn't get made reliable by volunteers. I think that the market is potentially large. > Ideally, the data is stored on a distributed data base, with some > redundancy in case one or more gateways go down > > Look in Schneier for secret sharing. We won't have a copy of Schneier here for three weeks or so. Can you elaborate? However, almost certainly, the crypto aspects would be relatively minor. Most of the work would be in building a reliable widely distributed data base accessible over the Internet. When I last looked at this sort of problem, it was very complex. -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 10 10:44:41 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 10:44:41 PDT Subject: Message-ID: <4903@aiki.demon.co.uk> In message <9408070032.AA17321 at ah.com> Eric Hughes writes: > One assumption here is that someone in one country can easily pay > someone in another country, and an automatic currency conversion can > take place. The prerequisites to happen generally for that are the > electronification of retail money in both jurisdictions and a > retail-level currency exchange system. None of this really exists > yet, although the first beginnings are here. Also, for anonymous > payment for such overseas services, anonymous transfer in at least one > of the two currencies is necessary. The last point is certainly not true. If user X communicates with service A (a gateway) in one country to purchase something from service B in another country, X can settle accounts with A anonymously (say in US$) and then A and B can settle accounts with one another (say in sterling) openly. In fact, few Europeans would object to simply trading in digital money denomenated in US dollars. No currency conversion is necessary. Many European companies have US dollar bank accounts because the banks charge so much money for conversion of currencies. -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 10 10:45:26 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 10:45:26 PDT Subject: RemailerNet v0.2 Message-ID: <4905@aiki.demon.co.uk> In message <199408090347.UAA24150 at jobe.shell.portal.com> Hal writes: > What is the goal of the RN as far as defeating traffic analysis? Is it > just to get messages from one "gateway" to another? Or is there also > a desire to prevent traffic analysis from one non-gateway end user to > another? The goal is to completely defeat traffic analysis, while allowing the user the freedom to make use of the system through ordinary email. If email is used, the risk taken by that user goes up, but without reducing the security of other users. > What are the allowed capabilities of the opponent? Can he watch all of > the links? Can he subvert some gateways? In the real world, it would be very difficult to watch all of the links but fairly easy to subvery some gateways to some extent. However, as I have argued elsewhere, I think that all of the central gateways could be compromised and it would make no difference, so long as the number of users was reasonably large and so long as all of the users used gateways. From the opponent's point of view, the problem is that he cannot tell whether there is any traffic at all. Everyone could be whiling away a hot summer afternoon sending noise. The only attack would be to destroy or modify the incoming traffic. If there are any gateways functioning correctly, RN software should detect the damaged packets and route around the gateways that don't work right. This is exactly what the Internet does. > Does every user expose the source and destination information of his > messages to the initial gateway? What other information is sent by the > user to the RN? A user sending encrypted messages via email reveals his source address. He should encrypt his message. The message can be to a 'far' gateway which then remails it; in this case the 'near' gateway does not know the destination address. Messages can be nested to an arbitrary depth. If a user is using a gateway, the other gateways know that the message originated at the gateway, but they cannot tell whether that is the true source of the message. If the destination is another gateway, the other gateways do not know whether that is the true destination. > Are there any limitations on the information which spreads through the > RN? E.g. are gateways allowed to send source/dest information > along with the messages? If the message is to be acknowledged back to the source, the source gateway must be able to receive the acknowledgement. This creates a trail of pointers through the network back to the source. Only the final gateway, which reassembles the message, knows the ultimate destination. > Here are some questions related to Jim's specific points: > > >1.6 the order of dispatch of packets is randomized > For 1.5 you defined what randomized means. What does it mean here? Each gateway must dispatch a certain number of packets. There are a certain number of slots to be filled and a certain number of packets queued for dispatch. Packets are assigned an output slot (that is, they are delayed for a certain amount of "time") according to some sort of probabilistic distribution function. Empty slots are filled with noise packets. Inter-gateway administrative traffic is queued just like any other packet. If a gateway is always connected to the internet, packets can be dispatched at more or less equal intervals (measured in seconds) or they can be batched. > >1.7 on average, all gateways are required to send and receive the same > > number of packets per unit of chronological time > Do you mean that all gateways send the same number of packets per time > all the time? E.g. all gateways send 100 packets per hour all the time Yes, on average, as qualified by 1.8 and 1.9. > >1.8 the dispatch randomization function adjusts the average latency > > and the distribution of latencies so that the preceding commitment > > is met, introducing noise packets as required > This could be accomplished by adding no latency at all during times when > the incoming traffic load happens to equal the desired internal traffic > level. But presumably some latency is actually used to provide reordering. > What rule would determine how much latency would be used in that case? Assume that there are only two links, one in and one out. Packets will be coming in at a more or less fixed rate. Some will be consumed locally, either because they are being used to build messages or because they are noise. So per unit time N come in and C are consumed, on average. The remaining (N-C) packets are available for dispatch. In the same time interval, G packets are generated locally. So a total of N-C+G packets are to be dispatched. The system uses a random number generator to assign a packet a dispatch time slot when it becomes ready. When the clock ticks, the next packet in the queue is dispatched. If there is no next packet, a noise packet is dispatched. The system knows how long the output queue is. If the length of the queue is increasing, the rate at which packets are dispatched will be increased. [I have used the term "latency" here to be provocative.] > >1.10 gateways are required to exchange the same number of packets in > > any session > What is a session? Do you mean, during every session exactly (say) 1000 > packets will be exchanged, or do you mean, during any session the > number of packets exchanged by each gateway will equal the number ex- > changed by every other gateway (but this number may vary from session to > session)? If your gateway connects by dial-up, then the length of time that you are connected to RN is the session time. There must be some handshaking at the beginning of the session and at the end. For machines that are always on line, a session lasts from one breakdown in inter-machine connections to the next. If two machines A and B are connected, then if A sends B 100 packets per unit time, B must send A 100 packets. > >2.4 message delivery is reliable, in the sense that the destination > > gateway will report delivery of incomplete or damaged messages > > to the gateway > To which gateway? The source gateway? To the gateway which packetized the message, the source gateway. Assuming that 'MIRVing' of messages is permitted, the second message in a group could be an acknowledgement back to the originator. > >4.2 where gateways are operated by users, the requirement that gateways > > should exchange the same number of packets per unit time would be > > weakened in some as yet unspecified way > Why do this? I think that you must allow for the possibility that the gateways carry very heavy traffic, say a T1 load (about 1.5Mbit/s). Then if a user's machine was talking down a 14.4Kb/s line, allowing the user to connect would effectively stop the network. There must be some provision for inequality in traffic rates along different links. > >5.1 in either case, users may have accounts with gateways and may be > > charged for usage > What gateways would be in a position to charge users? Only the source > gateway? The destination gateway? Others in between? I assume that in a commercial network, the gateways have accounts with one another that are settled periodically. Essentially they charge each other for non-noise incoming packets at some agreed rate and then pay the accumulated difference every so often. Users should pay the gateway which fragments a message. The charge should be proportional to the size of the message in packets. If messages are nested, you need to include postage. This requires anonymous ecash. > >6.0 RN gateway software should be available only from trusted sites by FTP > What are you trying to prevent by this, and what would happen if someone > wrote his own version of the RN software? I am trying to prevent the inevitable. Weaken this requirement, eliminating the word 'only'. Publish the specs as well, and then say "RN gateway specs should also be available from trusted sites..." > >7.1 established gateways would be encouraged to rate new gateways > What kind of information would be available to them to create the ratings? Gossip, rumors, route announcements and 'hello, here I am' messages from the operators of the new gateways, experience in RN data communications with them, reports from commercial credit agencies, ... whatever information they could lay their hands on. The technical information would be published in some standard format, for example a matrix of claimed lost message rates. -- Jim Dixon From frissell at panix.com Wed Aug 10 11:10:18 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 10 Aug 94 11:10:18 PDT Subject: e$ Message-ID: <199408101809.AA27221@panix.com> At 01:51 PM 8/9/94 -0400, Perry E. Metzger wrote: > >> > Yes it does. Bearer bonds are illegal in the US. >If the check is written to "cash" and is used to avoid federal >transfer reporting requirements, it is CURRENTLY illegal. I suspect >that checks made out to "cash" would be illegal in all cases if they >were widely used to avoid reporting requirements. > >Perry > Bearer bonds are not illegal in the US. Under the Tax Equity and Fiscal Responsibility Act of 1982 (TEFRA), any interest payments made on *new* issues of domestic bearer bonds are not deductible as an ordinary and necessary business expense so none have been issued since then. At the same time, the Feds administratively stopped issuing treasury securities in bearer form. Old issues of government and corporate debt in bearer form still exist and will exist and trade for 30 or more years after 1982. Additionally, US residents can legally buy foreign bearer securities. DCF "Who promises the Black Caucus that if they will help kill the Crime Bill, he will support affirmative action in executions -- starting with the White Guys responsible for the Waco Massacre." From jdd at aiki.demon.co.uk Wed Aug 10 11:16:55 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 11:16:55 PDT Subject: e$ Message-ID: <4932@aiki.demon.co.uk> In message <9408101407.AA24943 at ah.com> Eric Hughes writes: > When you fly into the US, you must fill out a customs declaration. > You are required to declare money in various forms (cash, checks, > etc) > > What they ask for and what is required by law are two different > things. It's not generally illegal to allow people to volunteer > information that increases the power of the state. As I recall, you are not asked to volunteer information, you are required to provide it, and the form specifies penalties if you do not. But I will have someone who is going to the States in the next week or two get me a copy of the form. -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 10 11:17:10 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 10 Aug 94 11:17:10 PDT Subject: e$ Message-ID: <4934@aiki.demon.co.uk> In message <9408101428.AA26732 at snark.imsi.com> perry at imsi.com writes: > > My point is that checks made out to cash are not regarded as an > > alternative currency. > > My point is that the government doesn't give a flying fuck. They are > simply trying to stop you from playing games. The law isn't like > geometry -- there aren't axioms and rules for deriving one thing from > another. The general principle is that they want to track all your > transactions, and if you make it difficult they will either use > existing law to jail you, or will produce a new law to try to do the > same. On what experience or observation do you base these rather extreme remarks? > Your hair spliting is really completely irrelevant. If you are saying that any form of legal argument is irrelevant to the issues being discussed, then you are simply wrong. The government is staffed by a population which has more or less the same distribution of attributes as the rest of the population of the US, except that, probably they are on average somewhat better educated, somewhat more intelligent, somewhat, generally, more middle class. There are thugs working for the government who will speak and reason much as you do. There are also many reasonable and intelligent people. And there are real, genuine lawyers who understand precisely what they are doing and are moved by legal arguments. Demonization of the government is simply silly, as is dismissing all logical argument. -- Jim Dixon From jrochkin at cs.oberlin.edu Wed Aug 10 11:19:37 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Wed, 10 Aug 94 11:19:37 PDT Subject: future existence of free remailers? Message-ID: <199408101819.OAA23594@cs.oberlin.edu> People often like to postulate on the list that eventually there won't be any more of these philantropic free remailers, and people will be charging small amounts for every remailed message, to make some money off it. I've thought of a pretty good reason why this might not ever happen. Hal Finney (or maybe it was Jim Dixon. Probably both) recently realizd and revealed to us that if one operates a remailer oneself, you effectively hide your identity from even the _first_ remailer on your chain, because it doesn't know if the mesage is in fact from _you_, or from someone using your remailer. In practice, simply having some remailer software running that no one other then you uses wont' work. You've got to have a busy remailer running with lots of traffic coming in as well as going out. This means that if someone wants to send secure anonymous mail using remailers, it's in his best interest to operate a remailer himself, and to try and get as many people to use it as possible. So philanthropy or profit aren' the only reasons to run a remailer; one's primary reason might be to ensure oneself anonymity. You could try to get some profit out of it too, but the more people who use your remailer, the better for you, so it's in your interest to make it free so many people will use it. This motivation could provide us with lots of free remailers for years to come. Maybe. It's an interesting thing to think about, anyhow. From pstemari at bismark.cbis.com Wed Aug 10 11:28:44 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Wed, 10 Aug 94 11:28:44 PDT Subject: soda.csua.berkeley.edu Message-ID: <9408101828.AA24965@focis.sda.cbis.COM> Does anyone know what the status of soda.csua.berkeley.edu is? Neither soda.csua.berkeley.edu or soda.berkeley.edu seems to be accepting anon ftp connections today. --Paul From perry at imsi.com Wed Aug 10 12:02:19 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 10 Aug 94 12:02:19 PDT Subject: e$ In-Reply-To: <4933@aiki.demon.co.uk> Message-ID: <9408101902.AA27154@snark.imsi.com> Jim Dixon says: > In message <9408101428.AA26732 at snark.imsi.com> perry at imsi.com writes: > > They are simply trying to stop you from playing games. The law > > isn't like geometry -- there aren't axioms and rules for deriving > > one thing from another. The general principle is that they want to > > track all your transactions, and if you make it difficult they > > will either use existing law to jail you, or will produce a new > > law to try to do the same. > > On what experience or observation do you base these rather extreme > remarks? Plonk. .pm From prig0011 at gold.tc.umn.edu Wed Aug 10 12:11:54 1994 From: prig0011 at gold.tc.umn.edu (prig0011 at gold.tc.umn.edu) Date: Wed, 10 Aug 94 12:11:54 PDT Subject: e$ In-Reply-To: <199408101809.AA27221@panix.com> Message-ID: <0012e492668a27630@gold.tc.umn.edu> According to legend, Duncan Frissell said: > > Bearer bonds are not illegal in the US. > > Under the Tax Equity and Fiscal Responsibility Act of 1982 (TEFRA), any > interest payments made on *new* issues of domestic bearer bonds are not > deductible as an ordinary and necessary business expense so none have been > issued since then. At the same time, the Feds administratively stopped > issuing treasury securities in bearer form. Old issues of government and > corporate debt in bearer form still exist and will exist and trade for 30 or > more years after 1982. Additionally, US residents can legally buy foreign > bearer securities. The last US Bearer Bond issues mature in 1997. I also believe that to collect interest, and to redeem the bond at maturity, you must give your name and tax-id number to the paying agent. (I can check with the department here that handles it if anyone is interested in the pertinent OCC regs that apply) From adam at bwh.harvard.edu Wed Aug 10 12:22:15 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 10 Aug 94 12:22:15 PDT Subject: soda.csua.berkeley.edu In-Reply-To: <9408101828.AA24965@focis.sda.cbis.COM> Message-ID: <199408101917.PAA02571@james.bwh.harvard.edu> My understanding is that the CS dept at Berkeley is moving to a new building, which means many of their machines are down for a while. Adam | Does anyone know what the status of soda.csua.berkeley.edu is? | Neither soda.csua.berkeley.edu or soda.berkeley.edu seems to be | accepting anon ftp connections today. | | --Paul | -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From tcmay at netcom.com Wed Aug 10 12:22:40 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 10 Aug 94 12:22:40 PDT Subject: future existence of free remailers? In-Reply-To: <199408101819.OAA23594@cs.oberlin.edu> Message-ID: <199408101922.MAA05685@netcom14.netcom.com> > People often like to postulate on the list that eventually there won't > be any more of these philantropic free remailers, and people will be charging > small amounts for every remailed message, to make some money off it. > > I've thought of a pretty good reason why this might not ever happen. > Hal Finney (or maybe it was Jim Dixon. Probably both) recently realizd I think this was me, or at least I've advocated that many people become "first class citizens" be being remailers themselves. There are thus no "sources" or "sinks" of messages...any Federales who pound on your door can be told "Oh, but I was just _remailing_ that message you traced to me." > and revealed to us that if one operates a remailer oneself, you effectively > hide your identity from even the _first_ remailer on your chain, because > it doesn't know if the mesage is in fact from _you_, or from someone using > your remailer. In practice, simply having some remailer software running > that no one other then you uses wont' work. You've got to have a busy > remailer running with lots of traffic coming in as well as going out. > > This means that if someone wants to send secure anonymous mail using remailers, > it's in his best interest to operate a remailer himself, and to try > and get as many people to use it as possible. So philanthropy or profit > aren' the only reasons to run a remailer; one's primary reason might be > to ensure oneself anonymity. You could try to get some profit out of it too, > but the more people who use your remailer, the better for you, so it's in your > interest to make it free so many people will use it. This motivation could > provide us with lots of free remailers for years to come. Maybe. It's > an interesting thing to think about, anyhow. This ubiquitousness is why I advocate "Mom and Pop" remailers, including "Remailer-in-a-box" easy-to-install packages. (Apologies to the "Internet-in-a-box" folks.) Whether remailing services are free or not is not for us to decide--the market will eventually evolve prices, strategies, etc. I don't mean anything "academic" here, I mean simply that various people will set their own policies. As long as we don't try to force people to charge, or not charge, then all of them can compete. Maybe some free remailers will exist (as many "free" things exist now, including remailers), and maybe many people will pay a bit extra for "businesslike" remailers. Who can say? All as it should be. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From frissell at panix.com Wed Aug 10 12:46:17 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 10 Aug 94 12:46:17 PDT Subject: e$ Message-ID: <199408101945.AA23597@panix.com> At 06:53 PM 8/10/94 GMT, jdd at aiki.demon.co.uk wrote: >> What they ask for and what is required by law are two different >> things. It's not generally illegal to allow people to volunteer >> information that increases the power of the state. > >As I recall, you are not asked to volunteer information, you are >required to provide it, and the form specifies penalties if you do >not. The instructions on the back of the "Landing Card" given to travelers entering the US *are* deceptive. The law on reporting the import/export of currency requires that anyone who imports or exports more than $10,000 in "currency or monetary instruments" has to file a report with the Feds. "Currency" is currency. "Monetary instruments" are monetary instruments in bearer form such that their value can be transfered to *any* other person just by handing them over. Examples include: 1) Checks or other drafts made payable to 'cash' or 'bearer'. 2) Checks endorsed by the payee without restriction (that means just signed on the back.) 3) Blank travelers checks. 4) Double signed travelers checks. These are all "cash substitutes." Checks made payable to a specific party (Bank of Butterfield, Bermuda for example); travelers checks with just your single signature on them; $100,000,000 SWIFT wires from Citicorp in NYC to Swiss Bank Corp, Panama City, Panama need *not* be reported. The instructions on the back of the Landing Card, however, mention checks and travelers checks in such a way that they unwary might think that they have to file reports on their travelers checks they are carrying along or on the $50,000 that they just wired to Switzerland. The Feds are trying to get banks to report wire transfers but the banks are resisting. Just a note further on the discussion about checks made payable to 'cash'. These are no different than checks endorsed by the payee without restriction (signed on the back). Every time you just endorse a check, you have converted it into a bearer instrument. Perfectly legal. Note too that there are currently no restrictions on the use of cash in transactions or the transfer of unlimited amouts of cash into and out of the country. There are reporting requirements and if the cash represents 'unlawful proceeds' money laundering laws may apply. The acts themselves are legal though. DCF "A 'violent fanatic' who opposes the Health Security Act." From jito at netcom.com Wed Aug 10 12:59:37 1994 From: jito at netcom.com (Joichi Ito) Date: Wed, 10 Aug 94 12:59:37 PDT Subject: future existence of free remailers? Message-ID: <9408101956.AA04136@portola.com> >I think this was me, or at least I've advocated that many people >become "first class citizens" be being remailers themselves. There are >thus no "sources" or "sinks" of messages...any Federales who pound on >your door can be told "Oh, but I was just _remailing_ that message you >traced to me." > Please excuse me if this has already been discussed... but... What about the trend of busting the sysops of bbs'? The recent Fidonet bust in Italy seems to support this trend. It sounds to me like any remailers remailing illegal stuff may get caught in the dragnet. No? - Joi -- true name: closest email address: closest fax number: <+81-3-5454-7218> current physical location: travel path: mosaic home page: http://www.eccosys.com/ -- finger jito at netcom.com for PGP Public Key, RIPEM Public Key -- Things are more like they used to be than they are now. From perry at imsi.com Wed Aug 10 13:11:11 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 10 Aug 94 13:11:11 PDT Subject: broadcast encryption In-Reply-To: <4942@aiki.demon.co.uk> Message-ID: <9408102010.AA27273@snark.imsi.com> If you misspell things, they generally don't work. .pm Jim Dixon says: > In message <9408101422.AA26709 at snark.imsi.com> perry at imsi.com writes: > > Read the drafts, show up at IETF meetings, and subscribe to the > > working group mailing lists. (The list subscribe address is > > ipsec-request at ans.net;... > > > > ===== transcript follows ===== > > > > While talking to ans.net: > > >>> RCPT TO: > > <<< 550 ... Invalid recipient - Not registered > > >>> DATA > > <<< 503 Need valid RCPT (recipient) > > > > ===== Unsent message follows ==== > > Date: Wed, 10 Aug 94 19:08:45 GMT > > From: jdd at aiki.demon.co.uk (Jim Dixon) > ... etc ... > > -- > Jim Dixon > +-----------------------------------+--------------------------------------+ > | Jim Dixon | Compuserve: 100114,1027 | > |AIKI Parallel Systems Ltd + parallel processing hardware & software design| > | voice +44 272 291 316 | fax +44 272 272 015 | > +-----------------------------------+--------------------------------------+ From rfb at lehman.com Wed Aug 10 13:47:18 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 10 Aug 94 13:47:18 PDT Subject: tyranny In-Reply-To: <9408091518.AA22320@ah.com> Message-ID: <9408102045.AA09244@fnord.lehman.com> Date: Tue, 9 Aug 94 08:18:56 -0700 From: Eric Hughes Steal this line: "The black budget is taxation without representation." So is living in New Jersey and working in NYC :-) In general, there's *lots* of taxation without representation. Just consider sales tax for starters . . . . Rick From rfb at lehman.com Wed Aug 10 14:26:41 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 10 Aug 94 14:26:41 PDT Subject: e$ In-Reply-To: <9408101428.AA26732@snark.imsi.com> Message-ID: <9408102125.AA09600@fnord.lehman.com> Date: Wed, 10 Aug 1994 10:28:48 -0400 From: "Perry E. Metzger" Jim Dixon says: > Precisely what do you mean by "is used to avoid federal transfer reporting > requirements" ? If you say that it is illegal, can you direct us to or > quote the relevant statute? I don't care to. It is widely known and understood that structuring transactions to avoid the $10,000 and over transaction reporting requirements is a felonly. Go and find out why on your own. A good starting place would be the hermes project (aka courts.usa.federal.supreme). There is (was?) an archive at hermes.cwru.edu. There was a case decided within the last year involving a payment restructuring. At issue was whether the restructuring took place with the *intent* to avoid the reporting requirements. This is completely off-the-top-of-my-head. I'm not going to do any actual research on this. Another place would be the local branch office of your bank. I believe that the reporting requirement has been at $3000 for a number of years. Rick From hughes at ah.com Wed Aug 10 15:59:57 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Aug 94 15:59:57 PDT Subject: ANNOUNCE: August Bay Area physical meeting is CANCELLED Message-ID: <9408102225.AA25786@ah.com> ANNOUNCEMENT ============ What: nothing When: would have been Saturday, August 13 Why: summer doldrums So I'm going to be out of town, and one of our main speakers cancelled, and our host at SGI would just as soon have the day off, and so, hey, we're cancelling for Saturday. That means you can stay up until all hours on Friday and watch the Perseids. Cool. Eric From hughes at ah.com Wed Aug 10 16:50:07 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Aug 94 16:50:07 PDT Subject: e$ In-Reply-To: <199408101945.AA23597@panix.com> Message-ID: <9408102322.AA25919@ah.com> These are no different than checks endorsed by the payee without restriction (signed on the back). Every time you just endorse a check, you have converted it into a bearer instrument. Perfectly legal. Just so folks don't misunderstand Duncan, the conversion to a bearer instrument only occurs with a blank endorsement (blank, or Pay to Bearer), not with a special endorsement (Pay To or Pay To The Order Of somebody else). And for minor terminology nits, an unrestricted endorsement is different. A restricted endorsement are words like "for deposit only" or "pay any bank". And these two categories are different from qualified endorsements, which affect liability. Eric From hughes at ah.com Wed Aug 10 16:52:51 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Aug 94 16:52:51 PDT Subject: anonymous settlement In-Reply-To: <4902@aiki.demon.co.uk> Message-ID: <9408102324.AA25933@ah.com> > Also, for anonymous > payment for such overseas services, anonymous transfer in at least one > of the two currencies is necessary. The last point is certainly not true. If user X communicates with service A (a gateway) in one country to purchase something from service B in another country, X can settle accounts with A anonymously (say in US$) and then A and B can settle accounts with one another (say in sterling) openly. May I point out that that in your example that X and A are performing an anonymous transfer in dollars, which is one of the two currencies? Eric From hughes at ah.com Wed Aug 10 16:53:45 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 10 Aug 94 16:53:45 PDT Subject: EDDB/RN In-Reply-To: <4900@aiki.demon.co.uk> Message-ID: <9408102325.AA25945@ah.com> We won't have a copy of Schneier here for three weeks or so. Can you elaborate? I can, but I won't. Have patience, and wait for the book to arrive. Eric From tcmay at netcom.com Wed Aug 10 18:00:10 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 10 Aug 94 18:00:10 PDT Subject: future existence of free remailers? In-Reply-To: <9408101956.AA04136@portola.com> Message-ID: <199408110059.RAA23931@netcom16.netcom.com> Joichi-san writes: > Please excuse me if this has already been discussed... but... What about > the trend of busting the sysops of bbs'? The recent Fidonet bust in Italy > seems to support this trend. It sounds to me like any remailers remailing > illegal stuff may get caught in the dragnet. > > No? With nested encryption through the Labyrinth (first the Net, then the Web, now the Labyrinth?), only the last remailer who remails to a site that is under observation or is a sting site (common in Memphis) is vulnerable. And even that last remailer may be able to claim ignorance (and win in court) if he can show that what he mailed was unreadable to him, i.e., encrypted to the recipient. (This is another reason I favor a goal of "everyone a remailer.") With canonical remailers, and no logging, earlier remailers should be safe. By the way, welcome Joichi (your first post to the list, that I can recall). --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Wed Aug 10 18:46:20 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 10 Aug 94 18:46:20 PDT Subject: (fwd) I won't be renewing my EFF membership Message-ID: <199408110145.SAA29134@netcom16.netcom.com> Someone commented earlier on the lack of outrage that the EFF has "sold us out" on the Digital Telephony Bill. Well, I posted this message to the comp.org.eff.talk news group. --Tim Newsgroups: comp.org.eff.talk From: tcmay at netcom.com (Timothy C. May) Subject: I won't be renewing my EFF membership Message-ID: Date: Thu, 11 Aug 1994 01:24:27 GMT I'm not especially pleased to be saying that I won't be renewing my membership in the EFF when the time comes, later this year. The involvement of the EFF in the drafting of the new Digital Telephony Bill is the proximate case, though I can't say I was ever too happy with the EFF's position on the National Information Infrastructure. I'm sure the argument is that "things would have been worse" had the EFF not helped Congress, but I just have never seen the wisdom of helping your hangman tie a better knot. Call me a rejectionist if you will. No compromises. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From lcottrell at popmail.ucsd.edu Wed Aug 10 18:53:26 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Wed, 10 Aug 94 18:53:26 PDT Subject: RemailerNet Message-ID: <199408110153.SAA15769@ucsd.edu> -----BEGIN PGP SIGNED MESSAGE----- Quoth Jonathan Rochkind : >Part of our disagreement/misunderstanding might be in differing >conceptions of the form the remailer net should take. > >> There should be two anonymous IDs, one for sending, one for >> receiving. > >You seem to be talking about a Julf-style anon system, where the system >knows who you really are. If the system is corrupt, if Julf were an >NSA agent, then the entire system is compromised and useless. >I like the cypherpunks remailer concept better, where each link in the chain >only knows the next link in the chain, and security is achieved by >multiple links. If several of the links are actually NSA agents, your security >is reduced, but not compromised completely. If you've got a chain of, say >10 links, even if 7 of them are evil NSA agents, you still can probably retain >your anonymity. Return addresses are accomplished by encrypted >"resend-to:" blocks. It seems much preferable to have a system where it >isn't neccesary to trust any one net entity completely, as it is in a >Julf-style anon-ID system. [Of course one could use a combination of both >in communications too, but I wouldn't feel safe unless my anonimity was >safe even if the Finish FBI raided Julf's site.] > I have been worrying a lot about these anonymous return addresses. They seem very vulnerable to attack. Say I post a message through remailers to Cypherpunks giving one of these reply blocks. The TLA need only send a flood of known size messages to this address, and look to see where the pop out of the net of remailers. Even if all messages were quantized and only reconstructed by the final recipient, the TLA could send timed bursts of messages which (even with reordering) would allow a statistical determination of the recipient. I think that the solution to this is some sort of hold and forward on demand system. An anon ID would be posted to Cypherpunks, and that account ID with a key, sent to the message holder. One would then request for a certain number of messages or number of kilobytes of messages to be sent to the address specified by the old sort of remailer block. This message would be signed by the key, and could indicate remailing to anywhere, even to another hold and forward location. This prevents the TLA from sending many messages to the final destination in such a way that they could be used for traffic analysis. Thoughts? -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkmSPVVkk3dax7hlAQGElQP7B14ChmebN2iEBRidpDFm1qrzbDRSE/Eh WGdcNwhn5wThxCKVaY6OjAgs61xMQPk7XGwO8MjJdZOAXCm9Mqos7wVEFaz5UqUV 7nnOcTHrCdCQcPULFt6mpjAug1KYtkFx+2NXa6PBzNTxkZ9Svh6Hk6mii/5p+dLH tEW3uihAERo= =tSI9 -----END PGP SIGNATURE----- -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From cjl at welchlink.welch.jhu.edu Wed Aug 10 19:23:24 1994 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Wed, 10 Aug 94 19:23:24 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) In-Reply-To: <199408110136.SAA14487@ucsd.edu> Message-ID: On Wed, 10 Aug 1994, Lance Cottrell wrote: > > > I remember seeing some scripts for creating multi-hop remailer chains. > All that is needed is that these accept a standard format file listing > remailers. This would be distributed by the designated remailer pingers at > regular intervals, and could simply be dropped in the same directory with > the script. This file could even contain the ID if the remailers key and > what options is supports (since they are not yet standardized). Chain is one such DOS program for chaining remailers [available on a c-punx site near you :-)]. It needs to be fed a file called chain.ini which is just a list of remailers with stars in front of the PGP-capable ones. I was grepping Matt Ghio's automagical remailer list and just editing it down to the list of remailers (and adding stars) after putting the public keys on my keychain. I very much appreciate the service he has been providing. Thanx Matt. C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From Richard.Johnson at Colorado.EDU Wed Aug 10 19:36:48 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Wed, 10 Aug 94 19:36:48 PDT Subject: Speed of Curve Encrypt (Macintosh IDEA file encryption) Message-ID: <199408110231.UAA14327@spot.Colorado.EDU> -----BEGIN PGP SIGNED MESSAGE----- How fast is Curve Encrypt 1.1? Here are times to encrypt and DOD Wipe a 685,557 byte file on various Macintoshes (System 7.1, booted with extensions off). Disk speed is the driver for wiping encrypted files, of course. A fast non-fragmented disk can also shave a percent or two off of encryption times (I used the fastest disk on each Mac for my tests). Otherwise, the faster your CPU, the better. Native code on PowerMacs really blazes, even on my crude development port to PowerPC. Version 1.2 of Curve Encrypt will be buildable for PowerMacs (at least using the Metrowerks compiler). Be patient, for it is coming soon to an export-controlled, Free-World-prohibited ftp site near you. Rich Machine & Disk Compiler Times (Averages over 5 encrypt operations) ------------ ------ Encrypt or Decrypt Encrypt & DOD Wipe PowerMac 8100/80 ---------------- ---------------- Quantum LPS270S Metrowerks 68k 17 23 Think C 7 (&5) 16 22 Metrowerks PPC 5 11 PowerMac 7100/66 Quantum LPS270S Metrowerks 68k 22 29 Think C 7 (&5) 20 27 Metrowerks PPC 6 13 Quadra 840AV Seagate ST11200N Metrowerks 68k 11 17 Think C 7 (&5) 10 16 Quadra 950 Seagate ST11200N Metrowerks 68k 12 18 Think C 7 (&5) 11 17 Quadra 700 Seagate ST11200N Metrowerks 68k 12 17 Think C 7 (&5) 13 18 IIfx Hitachi DK515C Metrowerks 68k 20 27 Think C 7 (&5) 21 28 Original (Think C 5) executable size: 63,454 bytes Think C 7 executable size: 63,378 bytes Metrowerks 68K executable size: 70,600 bytes Metrowerks PPC executable size: 86,978 bytes Compiler notes: The Think C 7.0.3 was upgraded from version 6 via the patches on umich and sumex-aim archives. (I'm still pissed about Symantec's $100-too-high pricing on an "upgrade" to a broken product, and won't buy a completely new copy again like I stupidly did for version 6. In fact, the only thing that keeps me using Symantec stuff at all is CMaster 2.0, from Jersey Scientific. Ahem, sorry about the rant. But get CMaster. :-) The Think C 5.0.4 was my last stable version of THINK C. The Metrowerks 68k was 1.0.1, from the CW 3.5 release The Metrowerks PPC was 1.0.1, from the CW 3.5 release -----BEGIN PGP SIGNATURE----- Version: 2.3a-sterno-bait iQCVAgUBLklbZ/obez3wRbTBAQGG1gQAgdrFsSJUXMbfLKdQD71Jf53JwstruOiu GFvhgDMoV09nKulKBx0UqGujNerP6p4P9mlW8vm4VA0XGIs8Ti/+gWO3oiZKLJ/O m8uVUCc5/bQcn70P5SMLNePn2piq2xTXNSgUNT+xM8u83861osuojU3hvT8OIuUW 9ObvoF2OF+w= =+Zd5 -----END PGP SIGNATURE----- From Banisar at epic.org Wed Aug 10 20:03:31 1994 From: Banisar at epic.org (David Banisar) Date: Wed, 10 Aug 94 20:03:31 PDT Subject: Privacy International Conference: Sept 9 - The Hague Message-ID: <9408102303.AA50414@Hacker2.cpsr.digex.net> CONFERENCE ANNOUNCEMENT ---------------------------- TECHNOLOGIES OF SURVEILLANCE TECHNOLOGIES OF PROTECTION -------------------------- Sponsored by Privacy International The University of Eindhoven The Electronic Privacy Information Center Friday,September 9, 1994 Nieuws Poort International Press Centre The Hague, The Netherlands The conference will bring together experts in law, privacy, human rights, telecommunications and technology to discuss new technological developments that affect personal privacy. The sessions will be interactive, starting with introductions to the subjects by leading experts, followed by questions and discussion led by the moderators. 8:45 Introduction Simon Davies, Chairman, Privacy International 9:00 Information Infrastructures Marc Rotenberg, Electronic Privacy Information Center (US) Stephanie Perrin, Industry Canada 10:00 Euopean Government Information Sharing Networks Jos Dumatier, professor of law and director of the Interdisciplinary Centre for Law and Information Technology (ICRI) at K.U.Leuven 11:00 Cryptography Policy David Banisar, Electronic Privacy Information Center Jan Smiths, University of Eindhoven 12:00 Lunch 1:00 Smart Cards and Anonymous Digital Transactions David Chaum, Digicash 2:00 Wrap up --------------------------------------------------------------------- Registration Fees [] Standard - 220 guilders ($120 US) [] Non-profit organisations/Educational - 75 guilders ($40 US) Information Name: ____________________________________________________________ Organization: ______________________________________________________ Address:_____________________________________________________________ ________________________________________________________________ Phone/Fax:___________________________________________________________ Electronic Mail: ____________________________________________________ Send registration to: Privacy International Washington Office Attn: Conference Registration 666 Pennsylvania Ave, SE, Suite 301 Washington, DC 20003 Make Check/Money Order in US Dollars out to Privacy International Space is limited, please contact us immediately if you wish to attend! For more information, contact: David Banisar 1+202-544-9240(voice) 1+202-547-5482(fax) banisar at epic.org (email) -- David Banisar (tc at EPIC.org) Electronic Privacy Information Center 666 Penn. Ave, SE Suite 301 Washington, DC 20003 202-544-9240 (v) 202-547-5482 (f) From ndw1 at columbia.edu Wed Aug 10 21:30:06 1994 From: ndw1 at columbia.edu (Nikolaos Daniel Willmore) Date: Wed, 10 Aug 94 21:30:06 PDT Subject: FWD: Cellular spoof? Not! Message-ID: <199408110429.AA17333@merhaba.cc.columbia.edu> clari.news.drugs (moderated) #575 [1] Comment: Subject mapped from all upper case From: C-reuters at clarinet.com (Reuters) Newsgroups: clari.local.florida,clari.news.drugs Distribution: clari.reuters [1] Phone Calls Lead to Cocaine Smugglers Copyright: 1994 by Reuters, R Date: Wed Aug 10 21:30:05 EDT 1994 Lines: 18 TAMPA, Fla (Reuter) - Authorities seized more than a ton of cocaine and arrested 11 people Wednesday, using information gleaned from the smugglers' cellular phone calls, a sheriff's spokesman said. The smugglers had tampered with the cellular phones to make it appear as if the calls were made from other telephone numbers. But U.S. Customs agents and local deputies eavesdropped on the conversations, using sophisticated technology to trace the calls to their true sources, said Jack Espinosa, spokesman for the Hillsborough County Sheriff's Office. The investigators learned the cocaine was being sent from Panama to Miami in a shipping container with false walls, then tracked the shipment to Tampa. They arrested 10 people in Tampa and one in Miami on racketeering and cocaine trafficking charges and seized the cocaine. It weighed in at 2,205 pounds, and is worth about $95 From hfinney at shell.portal.com Wed Aug 10 21:44:40 1994 From: hfinney at shell.portal.com (Hal Finney) Date: Wed, 10 Aug 94 21:44:40 PDT Subject: RemailerNet In-Reply-To: <199408110153.SAA15769@ucsd.edu> Message-ID: <199408110444.VAA20478@jobe.shell.portal.com> lcottrell at popmail.ucsd.edu (Lance Cottrell) writes: >Say I post a message through remailers to Cypherpunks giving one of these >reply blocks. The TLA need only send a flood of known size messages to this >address, and look to see where the pop out of the net of remailers. Even if >all messages were quantized and only reconstructed by the final recipient, the >TLA could send timed bursts of messages which (even with reordering) would >allow a statistical determination of the recipient. >I think that the solution to this is some sort of hold and forward on demand >system. An anon ID would be posted to Cypherpunks, and that account ID with >a key, sent to the message holder. One would then request for a certain number >of messages or number of kilobytes of messages to be sent to the address >specified by the old sort of remailer block. This message would be signed by the >key, and could indicate remailing to anywhere, even to another hold and forward >location. This prevents the TLA from sending many messages to the final >destination in such a way that they could be used for traffic analysis. This problem has long been recognized with anonymous reply blocks. Chaum, in his original 1981 CACM paper, suggested that anonymous reply blocks should be use-once in order to prevent variations on this attack. Of course, a use-once address is of limited usefulness. A problem with the maildrop idea is that the wiretappers can presumably follow the messages to the maildrop. Then the only question is whether they would be able to tell when your message came in and requested further forwarding of the collected messages. Maybe this could be done securely; I'm not sure. Other ideas have been proposed for this problem. Chaum suggested having a public area where messages for a group of people would arrive; everyone downloads all of them but can only read the ones for them. For this you would want a "stealthy" encryption envelope which did not give away any information about the recipient's ID. Miron Cuperman has been running such a "message pool" for over a year now. One problem with anonymous return addresses is that the address changes deterministicly as each layer is stripped off. This allows the message to be tracked by introducing copies with different bodies but the same ARA (which is why Chaum specified use-once). Eric Messick proposed a system in which the message bodies would be changed at each step by the remailers involved. I don't recall the details, but I think that in order to read the message the user had to send it back through those same re- mailers after receiving it, to undo the transformations which had been done on it. It was a complicated scheme and we really didn't spend enough time on it. I don't think anyone really trusts (or should trust) the ARA's we can make now with the remailer network. An ARA is a sitting duck, a tempting target for attacks. With an ordinary remailed message, by the time it arrives and someone is interested in tracking it, most of the needed infor- mation is (ideally) gone. With an ARA you are entrusting your deepest secret, your True Name, to a few layers of encryption with other people's keys. That is not a good feeling. I view easy-to-use, secure ARA's as an unsolved (and perhaps unsolvable) problem. Hal Finney hfinney at shell.portal.com From darklord+ at CMU.EDU Wed Aug 10 23:10:38 1994 From: darklord+ at CMU.EDU (Jeremiah A Blatz) Date: Wed, 10 Aug 94 23:10:38 PDT Subject: IDEA vs DES In-Reply-To: <199408080106.SAA01619@unix.ka9q.ampr.org> Message-ID: Excerpts from internet.cypherpunks: 7-Aug-94 IDEA vs DES by Phil Karn at unix.ka9q.ampr > Anybody know the speed of the integer multiply instruction on the > various PowerPC chips? Along with modular exponentiation and vocoders, > which also do a lot of multiplies, it looks like fast multiplication > is becoming rather important in secure communications. PowerPC integer performance is rather impressive, i.e. faster than Pentium by a bit. One craveat, tho, Apple says "No!" to programming in assembly, and I doubt that IBM is all this happy about it either. My guess is that MacOS is approaching the Unix "distribute source, 'cause you're gonna have to do lots of re-compiles" type of thing. Just a guess, though. Anyway, there is one assembly interpreter out for PowerMacs, I don't know about the IBM PowerPCs, though. Back to lurking, jer darklord at cmu.edu | "it's not a matter of rights / it's just a matter of war finger me for my | don't have a reason to fight / they never had one before" Geek Code and | -Ministry, "Hero" PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/ From tcmay at netcom.com Wed Aug 10 23:35:19 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 10 Aug 94 23:35:19 PDT Subject: IDEA vs DES In-Reply-To: Message-ID: <199408110635.XAA11903@netcom15.netcom.com> Jeremiah A Blatz writes: > PowerPC integer performance is rather impressive, i.e. faster than > Pentium by a bit. One craveat, tho, Apple says "No!" to programming in Actually, the reverse is true. Pentium integer performance (as measured in SPECints) is somewhat better than 601 PowerPC performance, MHz for Mhz. Thus, a 66 MHz Pentium has slightly better integer performance than a 66 MHz PowerPC. Not by much, but slightly. However, 90 MHz Pentium machines are now available in volume, even for under $2000, while PowerPC is not yet at this level. (Experimental Pentia running at 150 MHz have been shown..601s running at 120 MHz have been shown...and both Intel and IBM/Motorola/Apple have newer designs about to appear--the P6 and the 604.) Floating point is another story, with the PowerPC 601 significantly outperforming the Pentium. The exact numbers for all of these benchmarks are published and republished constantly, so I won't do so here. I happen to use Macs exclusively, but I worked for Intel for 12 years and still own their stock, so make of my comments what you will. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jito at netcom.com Wed Aug 10 23:56:40 1994 From: jito at netcom.com (Joichi Ito) Date: Wed, 10 Aug 94 23:56:40 PDT Subject: future existence of free remailers? Message-ID: <9408110653.AA05872@portola.com> At 5:59 PM 8/10/94 -0700, Timothy C. May wrote: >Joichi-san writes: > >> Please excuse me if this has already been discussed... but... What about >> the trend of busting the sysops of bbs'? The recent Fidonet bust in Italy >> seems to support this trend. It sounds to me like any remailers remailing >> illegal stuff may get caught in the dragnet. >> >> No? > >With nested encryption through the Labyrinth (first the Net, then the >Web, now the Labyrinth?), only the last remailer who remails to a site >that is under observation or is a sting site (common in Memphis) is >vulnerable. > >And even that last remailer may be able to claim ignorance (and win in >court) if he can show that what he mailed was unreadable to him, i.e., >encrypted to the recipient. (This is another reason I favor a goal of >"everyone a remailer.") > >With canonical remailers, and no logging, earlier remailers should be >safe. Interesting. So if the carrier is ignorant, they're off the hook? >By the way, welcome Joichi (your first post to the list, that I can >recall). Thanks for the welcome. I've been lurking, but hadn't had the opportunity to make any comments before, and it looks like this point wasn't much of a point anyway. :-) back to lurk mode. - Joi -- true name: closest email address: closest fax number: <+81-3-5454-7218> current physical location: travel path: mosaic home page: http://www.eccosys.com/ -- finger jito at netcom.com for PGP Public Key, RIPEM Public Key -- Things are more like they used to be than they are now. From tcmay at netcom.com Thu Aug 11 00:38:13 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 11 Aug 94 00:38:13 PDT Subject: Are Remailers Liable for What They Remail? In-Reply-To: <9408110653.AA05872@portola.com> Message-ID: <199408110736.AAA27319@netcom10.netcom.com> Joichi Ito writes: (quoting my post) > >And even that last remailer may be able to claim ignorance (and win in ^^^^^^^^^^^^^^^^^^^^ > >court) if he can show that what he mailed was unreadable to him, i.e., > >encrypted to the recipient. (This is another reason I favor a goal of > >"everyone a remailer.") > > > >With canonical remailers, and no logging, earlier remailers should be > >safe. > > Interesting. So if the carrier is ignorant, they're off the hook? Note my "may" above...none of this stuff has been tested in court. (Not even digital signatures have yet been tested.) Common carrier status--such as Federal Express has--has certainly not been granted to remailers. It seems plausible to me that most jurors would be sympathetic to a claim that a remailer was ignorant of what was being remailed. A bunch of bits is a bunch of bits. However, the actual crime may be the act of remailing itself. Not now, but maybe someday. (Speculation: Legislation will be passed that bans phone and packet remailers as being in contravention of the Digital Telephony Act. A "know your customers" clause may require ID for each packet. Lots of scenarios to consider.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From karn at qualcomm.com Thu Aug 11 00:45:22 1994 From: karn at qualcomm.com (Phil Karn) Date: Thu, 11 Aug 94 00:45:22 PDT Subject: IDEA vs DES In-Reply-To: <199408110635.XAA11903@netcom15.netcom.com> Message-ID: <199408110744.AAA20783@servo.qualcomm.com> I'm specifically interested in *fixed point* multiply and divide performance, since these operations appear to be crucial to IDEA and high quality speech coding, not to mention multiple precision modular exponentiation functions. My 486 reference shows 13-42 clocks for a 32x32 multiply and 40 clocks for a 64/32 divide. I've heard that the PowerPC can do a multiply-accumulate (the basic operation of a FIR digital filter) in one clock cycle, which qualifies it as a DSP chip in my mind. If true, then it may become possible to do high quality speech coding (essential for a secure phone) in software on a widely available general purpose computer instead of needing a high performance DSP subsystem that may be costly and/or less readily available. Here are some figures on my latest DES code. I'm placing it into the public domain; how do I go about putting it on soda.berkeley.edu? Measured execution speeds in crypts/sec: 11,488 (C version, 486DX-50, DOS, Borland C++ 3.1 -O2, 16-bit real mode) 39,185 (assembler version, same system) 62,814 (assembler version, 60 Mhz Pentium) 24,172 (C version, 486DX2-66, BSDI 1.1, GCC 1.42 -O, 32-bit prot mode) 64,185 (C version, 50 Mhz Sparc 10, GCC 2.5.8 -O) The C version is essentially identical to Outerbridge's code in Applied Cryptography, with a few extra tricks. The assembler version is the same thing rewritten in assembler, with numerous optimizations that were possible only in assembler. Anybody have a tool for translating Intel 486 assembler code to the Gnu assembler format? --Phil From frissell at panix.com Thu Aug 11 02:26:34 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 11 Aug 94 02:26:34 PDT Subject: e$ Message-ID: <199408110924.AA08662@panix.com> At 05:25 PM 8/10/94 -0400, Rick Busdiecker wrote: >I believe that the reporting requirement has been at $3000 for a >number of years. All businesses in the US have to report cash transactions of more than $10K. They have to keep records (but not report) on cash transactions of $3K or more. While the cash import/export rules require reporting only of "currency or monetary instruments" as I defined them in my last message, the domestic reports of cash transactions now include (in addition to currency and monetary instruments) the requirement to report $10K transactions involving cashier's checks, money orders and other instruments that can be purchased anonymously and are not connected with a specific bank account. This is a significant expansion of the definition of "cash". It may spread to the import/export realm later. DCF "There's no such thing as luck only adequate or inadequate preparation to cope with the statistical universe." From matsb at sos.sll.se Thu Aug 11 04:14:11 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Thu, 11 Aug 94 04:14:11 PDT Subject: DTB - grim for recreational spies In-Reply-To: <199408110145.SAA29134@netcom16.netcom.com> Message-ID: The Digital Telephony Bill states up to 15 years in jail for unauthorized tapping of wireless telephony. It seems that the EFF puts this on the plus side, as an example of the enhanced rights to privacy in the Bill. I have a problem with this approach. In presence of strong crypto, would even alligator clipping have to be outlawed? (Hidden microphones and other intrusions inside your estate is obviously another matter.) The present state of affairs in many countries (including .se), that the Ether is free to listen to and with no restrictions as to what electronic devices (possibly except for weaponry) a free citizen can construct, seems fair to me. Want privacy in the all-surrounding electromagnetic spectrum? Use crypto. If an enterprise expects money for the use of their airwaves they will have to outsmart the pirates. Here they recently outlawed the selling/distribution (haven't read the actual text) of pirate cable-TV decoders, but not the building or possession of such devices (thanks Mammon, saves me $100 a month). Even this legislation seems an example of unnecessary government obtrusion to me. It should not be the business of government to protect crypto-incompetent private enterprise from loosing money. And 15 years in jail? Scary, in any case totally out of proportion. (I cannot yet really believe that the EFF has been involved in this, being an overseas paying supporter since 2 years. If it comes out true I will go the way of Mr May - out.) Mats From simona at panix.com Thu Aug 11 06:35:47 1994 From: simona at panix.com (Simona Nass) Date: Thu, 11 Aug 94 06:35:47 PDT Subject: ANNOUNCE: SEA talk Message-ID: <9408111303.AA27213@ah.com> Simona Nass of SEA asked me to send this out. Eric ----------------------------------------------------------------------------- The Society for Electronic Access (SEA), a New York metro area cyberspace civil liberties and access activism group, presents: ERIC HUGHES Cypherpunks founder, mathematician, and cryptographer speaking on Cryptography, Anonymity and Financial Transactions Topics will include digital cash, as well updates of protocols Eric has been working on and recent developments in the field. When: Tuesday, August 16, 1994, at 6:30 pm Where: 49 Chambers St. (between Centre and Broadway in Manhattan) Room 610 This event is open to the public. No prior reservation is necessary to attend, but seating is limited. Admission is free, though a $2 donation is requested. For automated information on the Society for Electronic Access, send a blank message to sea-info at sea.org. From hfinney at shell.portal.com Thu Aug 11 07:48:26 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 11 Aug 94 07:48:26 PDT Subject: Are Remailers Liable for What They Remail? In-Reply-To: <199408110736.AAA27319@netcom10.netcom.com> Message-ID: <199408111448.HAA17336@jobe.shell.portal.com> tcmay at netcom.com (Timothy C. May) writes: >(Not even digital signatures have yet been tested.) Common carrier >status--such as Federal Express has--has certainly not been granted to >remailers. This is one of the things that worries me about the Digital Telephony bill. In the various apologias and explanations from EFF, CyberWire Dispatch, etc. about why EFF helped with this bill, it was mentioned that online service providers have been removed from its coverage because they are not "common carriers". It only applies, they say, to common carriers like phone companies. Obviously I haven't read the text of the bill (probably no one has ;-) but this certainly raises the question of whether pursuing common carrier status would cause electronic service providers to fall under the wiretap require- ments of the bill. Maybe I'll ask on usenet. Hal From merriman at metronet.com Thu Aug 11 08:12:12 1994 From: merriman at metronet.com (David K. Merriman) Date: Thu, 11 Aug 94 08:12:12 PDT Subject: NSA humor Message-ID: <199408111515.AA16663@metronet.com> Saw this on alt.security - figured it was too good not to share: In article <32d8gb$bml at ingate.adc.com> olsonm at ws3902.adc.com (Mark Olson) writes: >From: olsonm at ws3902.adc.com (Mark Olson) >Subject: Re: NSA >Date: 11 Aug 1994 13:19:07 GMT >daemon9 at netcom.com wrote: >: Does anyone know a *valid* number where I can reach the NSA? >: All my numbers are now invalid.... >No number needed! Just pick up your mouse and talk into >the hole in the bottom. Say: "Hello, NSA? I'd like to >speak to the Director, please." Dave Merriman From trollins at debbie.telos.com Thu Aug 11 08:25:04 1994 From: trollins at debbie.telos.com (Tom Rollins) Date: Thu, 11 Aug 94 08:25:04 PDT Subject: Remailer Status Message-ID: <9408111519.AA16825@debbie.telos.com> Hello, Is there any overall status on remailer use. Remailers up, specific commands, clear vs encrypted traffic, delays, un-acceptable types of mail. -tom From adam at bwh.harvard.edu Thu Aug 11 08:31:56 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Thu, 11 Aug 94 08:31:56 PDT Subject: DTB - grim for recreational spies In-Reply-To: Message-ID: <199408111531.LAA24367@bwh.harvard.edu> | The Digital Telephony Bill states up to 15 years in jail | for unauthorized tapping of wireless telephony. It seems | that the EFF puts this on the plus side, as an example of | the enhanced rights to privacy in the Bill. I have a problem | with this approach. In presence of strong crypto, would even | alligator clipping have to be outlawed? (Hidden microphones | and other intrusions inside your estate is obviously another | matter.) The problem here is twofild. First, as you point out, strong cryptography alliviates the need for strong laws, a point missed yb our legislators. Second, in the US, there is a court which handles federal wiretap requests. Its granted 6500 wiretap orders out of 6500 requests in the last 20 years. It seems to be too easy to get a federal wiretap order, and there exists insufficient oversight. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From Banisar at epic.org Thu Aug 11 08:48:23 1994 From: Banisar at epic.org (David Banisar) Date: Thu, 11 Aug 94 08:48:23 PDT Subject: Privacy Conference - Sept 9 - The Hague Message-ID: <9408110635.AA32647@Hacker2.cpsr.digex.net> Hello all, If I could break in here for a second, I thought that some of the European members of the list may be interested in this. It would be a good opportunity to meet and discuss issues, exchanges notes etc. dave CONFERENCE ANNOUNCEMENT ---------------------------- TECHNOLOGIES OF SURVEILLANCE TECHNOLOGIES OF PROTECTION -------------------------- Sponsored by Privacy International The University of Eindhoven The Electronic Privacy Information Center Friday,September 9, 1994 Nieuws Poort International Press Centre The Hague, The Netherlands The conference will bring together experts in law, privacy, human rights, telecommunications and technology to discuss new technological developments that affect personal privacy. The sessions will be interactive, starting with introductions to the subjects by leading experts, followed by questions and discussion led by the moderators. 8:45 Introduction Simon Davies, Chairman, Privacy International 9:00 Information Infrastructures Marc Rotenberg, Electronic Privacy Information Center (US) Stephanie Perrin, Industry Canada 10:00 Euopean Government Information Sharing Networks Jos Dumatier, professor of law and director of the Interdisciplinary Centre for Law and Information Technology (ICRI) at K.U.Leuven 11:00 Cryptography Policy David Banisar, Electronic Privacy Information Center Jan Smiths, University of Eindhoven 12:00 Lunch 1:00 Smart Cards and Anonymous Digital Transactions David Chaum, Digicash 2:00 Wrap up --------------------------------------------------------------------- Registration Fees [] Standard - 220 guilders ($120 US) [] Non-profit organisations/Educational - 75 guilders ($40 US) Information Name: ____________________________________________________________ Organization: ______________________________________________________ Address:_____________________________________________________________ ________________________________________________________________ Phone/Fax:___________________________________________________________ Electronic Mail: ____________________________________________________ Send registration to: Privacy International Washington Office Attn: Conference Registration 666 Pennsylvania Ave, SE, Suite 301 Washington, DC 20003 Make Check/Money Order in US Dollars out to Privacy International Space is limited, please contact us immediately if you wish to attend! For more information, contact: David Banisar 1+202-544-9240(voice) 1+202-547-5482(fax) banisar at epic.org (email) -- David Banisar (tc at EPIC.org) Electronic Privacy Information Center 666 Penn. Ave, SE Suite 301 Washington, DC 20003 202-544-9240 (v) 202-547-5482 (f) From jdd at aiki.demon.co.uk Thu Aug 11 08:52:06 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 11 Aug 94 08:52:06 PDT Subject: e$ Message-ID: <5184@aiki.demon.co.uk> In message <9408101902.AA27154 at snark.imsi.com> perry at imsi.com writes: > > On what experience or observation do you base these rather extreme > > remarks? > > Plonk. A reply showing true intelligence. -- Jim Dixon From jdd at aiki.demon.co.uk Thu Aug 11 08:52:26 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 11 Aug 94 08:52:26 PDT Subject: future existence of free remailers? Message-ID: <5186@aiki.demon.co.uk> In message <9408101956.AA04136 at portola.com> Joichi Ito writes: > Please excuse me if this has already been discussed... but... What about > the trend of busting the sysops of bbs'? The recent Fidonet bust in Italy > seems to support this trend. It sounds to me like any remailers remailing > illegal stuff may get caught in the dragnet. I think that perfect ignorance is a perfect excuse. If the traffic going through your remailer is encrypted, and you do not have the key, and you have no other way of knowing what it is, you can scarcely be held responsible for the contents, so long as you do not knowingly invite illegal use. This is a frequent topic of conversation among Internet access providers (IAPs) who are concerned about the contents of various ALT. groups which are either pornographic or copyright violations or both. The consensus seems to be that you are responsible if EITHER you are aware of the presence of these materials OR you are ignorant of any specific materials but you know that people have subscribed to your service in order to gain access to these materials. There have been no test cases, as far as I know, but I have read opinions ascribed to lawyers. IAPs would seem to be providing the same sort of service as remailers and in fact if operating remailers were a viable business they would be in an ideal position to provide the service. -- Jim Dixon From jdd at aiki.demon.co.uk Thu Aug 11 08:52:38 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 11 Aug 94 08:52:38 PDT Subject: e$ Message-ID: <5190@aiki.demon.co.uk> In message <9408101902.AA27154 at snark.imsi.com> perry at imsi.com writes: > > On what experience or observation do you base these rather extreme > > remarks? > > Plonk. Ah. I finally figured it out. You've been drinking too much cheap wine? -- Jim Dixon From jdd at aiki.demon.co.uk Thu Aug 11 08:52:58 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 11 Aug 94 08:52:58 PDT Subject: RemailerNet Message-ID: <5193@aiki.demon.co.uk> In message <199408110150.SAA15634 at ucsd.edu> Lance Cottrell writes: > > jdd at aiki.demon.co.uk writes: > >Compiling a list of remailers, sure. But if you let the user control > >how messages are chained, you are inviting real traffic analysis. The > >user should only be able to specify his destination and the level of > >security desired. > > How do you arrange things so that the remailers choose the path, and > that if the first remailer is actually a TLA the destination is not > compromised. I see no means by which any remailer which is not ultimately > trusted (i.e. owned by me) can be allowed to choose the routing of the > message packets. > > Example: I ask for a five link chain. Link one is NSA controlled. The NSA then > chains the message through 4 more NSA remailers, and on the final > destination. The upshot is a total loss of secrecy. Terms are being used loosely. I was responding to a critique of RemailerNet v0.1 (RN0.1). In this systems messages are packetized and the packets routed independently, with the packets reassembled into messages at the 'destination gateway'. User control of packet-level routing would weaken the system. RN0.2 permits the user to nest messages and to direct messages to gateways as destinations. This means that messages may be bounced around in the system, adding some additional security. So the user can control chaining/routing at the message level, but not at the packet level. -- Jim DIxon From jdd at aiki.demon.co.uk Thu Aug 11 08:53:14 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 11 Aug 94 08:53:14 PDT Subject: anonymous settlement Message-ID: <5195@aiki.demon.co.uk> In message <9408102324.AA25933 at ah.com> Eric Hughes writes: > > Also, for anonymous > > payment for such overseas services, anonymous transfer in at least one > > of the two currencies is necessary. > > The last point is certainly not true. If user X communicates with > service A (a gateway) in one country to purchase something from > service B in another country, X can settle accounts with A anonymously > (say in US$) and then A and B can settle accounts with one another > (say in sterling) openly. > > May I point out that that in your example that X and A are performing > an anonymous transfer in dollars, which is one of the two currencies? You are quite right. I misread what you wrote, thinking that you meant that X must pay B anonymously in one of the two currencies. -- Jim Dixon From talon57 at well.sf.ca.us Thu Aug 11 08:53:16 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Thu, 11 Aug 94 08:53:16 PDT Subject: Bruce Schneier appearance Message-ID: <199408111553.IAA08505@well.sf.ca.us> MEETING NOTICE ============== UniForum Chicago holds its monthly general meeting on Tuesday, August 16, 1994 at the College of DuPage and everyone is welcome. This month's speaker is Bruce Schneier, author of APPLIED CRYPTOGRAPHY, (B. Schneier, Wiley Inc., 1993). Quoting the back cover of Bruce's book: "The explosive growth of public and private computer networks has resulted in a tremendous increase in the colume of sensitive and valuable data that is routinely stored and transmitted digitally. From computer messages speeding through global networks to vast sums of money transferred electronically, the greatest challenge in this new digital world is keeping this formation out of the hands of unauthorized users who prey on vulnerable computer systems. "In APPLIED CRYPTOGRAPHY, data security expert Bruce Schneier details how programmers can use cryptography--the technique of enciphering and deciphering messages--to maintain the privacy of computer data. Covering the latest developments in practical cryptographic techniques, the book shows programmers who design computer applications, networks, and storage systems how security can be built into the computer software and systems we use every day. The meeting will be held at: College of DuPage Building M, Room 150 22nd & Lambert Glen Ellyn, IL 60137 Take 355 to Butterfield Rd. Butterfield West to Lambert Rd. Lambert Rd. North to 22nd St. West on 22nd Street to Lot 10 entrance South into Lot 10 Park in Lot 10 and walk to Building M Meeting Room is 150 For further information, call Mike Potter at 708 960-0133 x15. From jdd at aiki.demon.co.uk Thu Aug 11 08:53:31 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 11 Aug 94 08:53:31 PDT Subject: RemailerNet Message-ID: <5197@aiki.demon.co.uk> In message <199408110212.TAA17672 at ucsd.edu> Lance Cottrell writes: > >If anyone cared enough, what they would do is (a) put up enough remailers > >so that they were, say, a steady 80% of those announcing in the alt.x > >group; (b) provide a good, reliable service nearly all of the time; and > >(c) drive the other 20% out of business with a steady disinformation > >campaign (rumors, complaints, etc) and other more aggressive tactics. > >The FBI types running (a) and (b) would be well funded and they would > >be the sort of steady, unimaginative people who run small businesses > >well. The CIA field agents masterminding (c) would be very well > >funded network freaks, some of them ex-hackers. They could operate > >outside the USA and pay little or no attention to US laws. Pity the > >poor 20% in the face of such attacks. > > > >Any traffic sent through this remailer network would have only a tiny > >chance of getting through without being compromised. If you picked > >5 remailers, the chances of all being non-FBI would be about .2^5, > >3 in 10,000. The other 9,997 messages would be copied immediately > >to Langley. > > I fear that you have the math wrong. The odds that the path would be compromised > (that is all five nodes are FBI) is 1-(.8^5) = .67 Actually, the odds are better than this, .8^5, about 0.33. You will be compromised "only" 1/3 of the time. But if you are sending regular messages to another party, then traffic analysis will quickly show that you are communicating, because even if the boys at Langley are really dumb, you won't make send more than two or three messages without having all the cherries lining up. You will be protected if you have encrypted your messages, but using a remailer network offers little additional protection. > If I understand your system one compromised node is a total loss for that > message. No, as I have said elsewhere, I think that an 'empowered user' of RN0.2 can communicate with another empowered user through a completely compromised network with little risk, so long as there are many other such users. This is because the compromised gateways will not be able to tell when and whether either of the users is actually communicating. -- Jim Dixon From talon57 at well.sf.ca.us Thu Aug 11 09:05:09 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Thu, 11 Aug 94 09:05:09 PDT Subject: Schneier apperance update Message-ID: <199408111604.JAA13270@well.sf.ca.us> Sorry to post this twice, but they forgot to put the time.... MEETING NOTICE ============== UniForum Chicago holds its monthly general meeting on Tuesday, August 16, 1994 at the College of DuPage and everyone is welcome. This month's speaker is Bruce Schneier, author of APPLIED CRYPTOGRAPHY, (B. Schneier, Wiley Inc., 1993). Quoting the back cover of Bruce's book: "The explosive growth of public and private computer networks has resulted in a tremendous increase in the colume of sensitive and valuable data that is routinely stored and transmitted digitally. >From computer messages speeding through global networks to vast sums of money transferred electronically, the greatest challenge in this new digital world is keeping this formation out of the hands of unauthorized users who prey on vulnerable computer systems. "In APPLIED CRYPTOGRAPHY, data security expert Bruce Schneier details how programmers can use cryptography--the technique of enciphering and deciphering messages--to maintain the privacy of computer data. Covering the latest developments in practical cryptographic techniques, the book shows programmers who design computer applications, networks, and storage systems how security can be built into the computer software and systems we use every day. The meeting will be held at: College of DuPage Building M, Room 150 22nd & Lambert Glen Ellyn, IL 60137 MEETING TIME 7pm CST Take 355 to Butterfield Rd. Butterfield West to Lambert Rd. Lambert Rd. North to 22nd St. West on 22nd Street to Lot 10 entrance South into Lot 10 Park in Lot 10 and walk to Building M Meeting Room is 150 For further information, call Mike Potter at 708 960-0133 x15. From perry at imsi.com Thu Aug 11 09:29:46 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 11 Aug 94 09:29:46 PDT Subject: Are Remailers Liable for What They Remail? In-Reply-To: <199408111448.HAA17336@jobe.shell.portal.com> Message-ID: <9408111629.AA29020@snark.imsi.com> Hal says: > This is one of the things that worries me about the Digital > Telephony bill. In the various apologias and explanations from EFF, > CyberWire Dispatch, etc. about why EFF helped with this bill, it > was mentioned that online service providers have been removed from > its coverage because they are not "common carriers". It only > applies, they say, to common carriers like phone companies. UUNET, among others, considers itself to be a common carrier. Perry From juola at suod.cs.colorado.edu Thu Aug 11 09:46:15 1994 From: juola at suod.cs.colorado.edu (Patrick Juola) Date: Thu, 11 Aug 94 09:46:15 PDT Subject: Are Remailers Liable for What They Remail? Message-ID: <199408111645.KAA07094@suod.cs.colorado.edu> Perry sez: UUNET, among others, considers itself to be a common carrier. My understanding is that, legally speaking, "considering [oneself] to be a common carrier" amounts to exactly nil -- that it requires a special act of some governing body to declare you to be a common carrier. One might just as well consider oneself to be an accredited diplomat and therefore to have diplomatic immunity. Any of the real lawyers on the net care to comment? kitten From hfinney at shell.portal.com Thu Aug 11 09:49:21 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 11 Aug 94 09:49:21 PDT Subject: IDEA vs DES In-Reply-To: <199408110744.AAA20783@servo.qualcomm.com> Message-ID: <199408111648.JAA25239@jobe.shell.portal.com> According to my references, the PowerPC 601 does an integer multiply in 9 cycles (5 if the 2nd operand is 16 bits or less). An integer divide takes 36 cycles. Adds, etc. take 1 cycle. Floating-point multiplies take 1 cycle for single precision, 2 for double. However, they are pipelined, so if you need to use the results of the multiply on the next instruction, they will take 3 cycles. Floating-point adds take 1 cycle, again with the results available in 3. There is a floating-point (but no integer) multiply-and-add instruction. It has the same timing as the multiply. Hal From perry at imsi.com Thu Aug 11 10:04:57 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 11 Aug 94 10:04:57 PDT Subject: Are Remailers Liable for What They Remail? In-Reply-To: <199408111645.KAA07094@suod.cs.colorado.edu> Message-ID: <9408111704.AA29091@snark.imsi.com> Patrick Juola says: > My understanding is that, legally speaking, "considering [oneself] > to be a common carrier" amounts to exactly nil -- that it requires > a special act of some governing body to declare you to be a common > carrier. Not quite. If tomorrow you started a new overnight mail service, you would probably be a common carrier if you acted like one, no act of congress needed. The question is not a simple one. My one conversation on this subject with someone from UUNET more or less went "our lawyers say we should act like one and hope the courts decide that we are right." Perry From cactus at bb.com Thu Aug 11 10:26:28 1994 From: cactus at bb.com (L. Todd Masco) Date: Thu, 11 Aug 94 10:26:28 PDT Subject: Are Remailers Liable for What They Remail? Message-ID: <199408111732.NAA21237@bb.com> According to a discussion I had with Dave Lawrence (postmaster at UUNET, as well as moderator of news.admin.newgroups), UUNET is registered with the FCC as an "Enhanced Service Provider," which, according to Dave, amounts to similar protection as "Common Carrier." ("Common Carrier" seems to not be appropriate yet, since Congress is so behind the tech curve) -- L. Todd Masco | Bibliobytes books on computer, on any UNIX host with e-mail cactus at bb.com | "Information wants to be free, but authors want to be paid." From frissell at panix.com Thu Aug 11 11:47:53 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 11 Aug 94 11:47:53 PDT Subject: Are Remailers Liable for What They Remail? Message-ID: <199408111846.AA00988@panix.com> At 10:45 AM 8/11/94 -0600, Patrick Juola wrote: > >My understanding is that, legally speaking, "considering [oneself] >to be a common carrier" amounts to exactly nil -- that it requires >a special act of some governing body to declare you to be a common >carrier. One might just as well consider oneself to be an >accredited diplomat and therefore to have diplomatic immunity. > >Any of the real lawyers on the net care to comment? > > kitten > Ah, the eternal Common Carrier debate. The answer is the same as the last few times. "Common Carrier" status has little to do with exemption from liability. It has most to do with being unable to reject passengers, goods, or phone calls. The EFF would like the NII to be a common carrier so that 'the poor' could get 'free' connections, most of the libertarians here would not. Plenty of non-common carrier entities are immune from prosecution for ideas that they unkowingly communicate -- bookstores for example (unless they are *knowingly* porno bookstores in the wrong jurisdiction). Compuserve was held not liable for an (alleged) libel by one of its sysops. Not because of coomon carrier but because they had no knowledge or control. Remailers have no knowledge or control hence no scienter (guilty knowledge) hence no liability as a matter of law -- not a jury question BTW. DCF "Where is telecoms regulation when anyone can be a phone company? Where is banking regulation when anyone can be a bank?" From lrh at crl.com Thu Aug 11 13:33:52 1994 From: lrh at crl.com (Lyman Hazelton) Date: Thu, 11 Aug 94 13:33:52 PDT Subject: Satellite Cellphones In-Reply-To: <9408100627.AA17861@pig.jjm.com> Message-ID: On Wed, 10 Aug 1994, Dave Emery wrote: > My understanding of both IRIDIUM and the Loral effort are that > the satellite will be used to directly connect a remote user to a ground > based MTSO (switch) which will actually route the call out over land > lines or another satellite link. This implies that the satellite is not > being used as a classical bent-pipe repeater linking the transmitter of > one satellite phone to the receiver of another, but rather as a space > born cell-site linked to the MTSO via a separate radio system on a > completely different frequency band not unlike the terrestrial microwave > links that link most cell sites to the current MTSOs. > > This means that there is no way for a mobile satellite user to > bypass the switch and use the satellite directly to relay his > communications to another satellite phone, just as there is no way in > the current analog AMPS/NAMPS cellphone system for a user on one > cellphone to talk directly to another cellphone without going through a > cell site relay and the MTSO switch. Thus the switch can always serve > as a gateway authenticating users, and providing billing and access > control services. > Dave Emery Your understanding of how IRIDIUM(r) will work is incorrect. It most certainly WILL be the NORMAL operating mode for a subscriber unit (cell phone, if you will) to talk to another subscriber unit by only going through satellite links. The caller will be authenticated via a "home" equivalent to the MTSO switch, but the call itself will NOT go through the switch (or any other) unless it is to a phone number which is not a subscriber unit. ONLY in that case will the call be routed through the MTSO equivalent. Your thoughts about caller authentication are correct. I don't know if IRIDIUM is planning to do this correctly or not. Lyman Finger lrh at crl.com for PGP 2.7 Public Key Block. From hayden at vorlon.mankato.msus.edu Thu Aug 11 14:07:37 1994 From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden) Date: Thu, 11 Aug 94 14:07:37 PDT Subject: ANNOUNCEMENT: Digest Version of Cypherpunks List Message-ID: BY POPULAR DEMAND After consulting and working with Eric, I've made a digested version of the cypherpunks mailing list available to the public. ------------------------------------------------------------------------- What it is The cypherpunks-digest is a digested version of the mailing list cypherpunks at toad.com. The contents of the mail from cypherpunks-digest is IDENTICAL to the contents on the standard cypherpunks mailing list except that they are delivered in a single message of several postings instead of one at a time; the digested version is presented to allow lurkers and infrequent readers the chance to have fewer messages in their mailbox. In addition, the list is being archived and back issues along with detailed, by-subject indexes are available via a mail-based automated file server. To subscribe to this version of cypherpunks, you need to send a message to majordomo at vorlon.mankato.msus.edu containing the line: subscribe cypherpunks-digest Once you are subscribed to the digested version, you will probably want to unsubscribe to the individual-message list by sending a message to majordomo at toad.com containing the line: unsubscribe cypherpunks In addition, starting today, postings to cypherpunks with be archived, indexed and available through the following methods: A) send the majordomo at vorlon.mankato.msus.edu address the command 'index cypherpunks-digest'. In return, you will get a directory listing of all the available file. There are two important files in addition to the digest archives. CONTENTS This file contains a listing of the subjects within each individual digest. It is sorted by digest number TOPICS This file will list the subjects that are available in the entire archive, and tell you which digests those subjects appeared in. B) Once you have determined which messages you want to get, you send the majordomo address the command 'get cypherpunks-digest filename'. In return, you will get those requested files delivered to you via email. If you are getting multiple files, put each 'get' command on a seperate line. ------------------------------------------------------------------------------ If you have any questions, please let me know. ____ Robert A. Hayden <=> hayden at vorlon.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or anyone else, dammit -=-=-=-=-=-=-=- (GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++ j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++** From eric at Synopsys.COM Thu Aug 11 15:58:20 1994 From: eric at Synopsys.COM (Eric Messick) Date: Thu, 11 Aug 94 15:58:20 PDT Subject: RemailerNet In-Reply-To: <199408110153.SAA15769@ucsd.edu> Message-ID: <9408112258.AA09617@tiedye.synopsys.com> In message <199408110444.VAA20478 at jobe.shell.portal.com>, hfinney at shell.portal.com (Hal Finney) wrote: >Other ideas have been proposed for this problem. Chaum suggested >having a public area where messages for a group of people would arrive; This is an excellent way of getting around this problem, but it uses lots of bandwidth. Another idea I have been interested in is picking a message up from the middle of a chain. In other words, your return address block lists 10 remailers (for example), and you just happen to run the 7th. After the message hits your remailer, it continues through a few more hops and then gets eaten by /dev/null. Your remailer, meanwhile, has snarfed a copy of ALL of the traffic running through it to another machine. There you manually enter parameters to use to scan for messages to you. If the feds come to you and demand that you perform this process while they monitor it, you enter a different set of parameters that uncover innocent messages that you arrange to be occasionally passing through. If they've traced a message all the way to the end, they'll know it was to one of the 10 remailer operators in the chain, but several of them are in inconvenient jurisdictions... and maybe one of these tap-points was arranged to start another chain..... >One problem with anonymous return addresses is that the address changes >deterministicly as each layer is stripped off. This allows the message >to be tracked by introducing copies with different bodies but the same >ARA (which is why Chaum specified use-once). Eric Messick proposed a >system in which the message bodies would be changed at each step by the >remailers involved. I don't recall the details, but I think that in order >to read the message the user had to send it back through those same re- >mailers after receiving it, to undo the transformations which had been >done on it. Not quite that bad. Another message would have to be sent only if there was insufficient postage for one of the remailers, and that remailer decided to deliver it rather than just dropping it. Otherwise, all of the info necessary to decode the message is known to the recipient. > It was a complicated scheme and we really didn't spend enough >time on it. That is certainly true. I've been trying to figure out how to subdivide the project so that early implementations can be done without sacrificing the ability to do the more complex stuff later. >I view easy-to-use, secure ARA's as an unsolved (and perhaps unsolvable) >problem. I don't think they can be unconditionally secure without wasting lots of bandwidth. Having one of the links be a wide area broadcast is very secure, but expensive in bandwidth. It's all economics... >Hal Finney -eric messick From jim at bilbo.suite.com Thu Aug 11 16:15:19 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 11 Aug 94 16:15:19 PDT Subject: Crime Bill FAILED to pass Message-ID: <9408112314.AA12229@bilbo.suite.com> Hurray!!! From binski at u.washington.edu Thu Aug 11 16:29:39 1994 From: binski at u.washington.edu (binski at u.washington.edu) Date: Thu, 11 Aug 94 16:29:39 PDT Subject: e$ & Reporting Cash Trans In-Reply-To: <9408102125.AA09600@fnord.lehman.com> Message-ID: > ...structuring > transactions to avoid the $10,000 and over transaction reporting > requirements is a felonly. > > There was a case decided within the last year > involving a payment restructuring. At issue was whether the > restructuring took place with the *intent* to avoid the reporting > requirements. > Rick Wall Street Journal, perhaps April '94? I think it was a high-level court ruling that essentially said it's perfectly ok to intentionally structure cash transfers to avoid the $10,000 reporting requirement. That's all I recall. bf From p.v.mcmahon.rea0803 at oasis.icl.co.uk Thu Aug 11 16:34:33 1994 From: p.v.mcmahon.rea0803 at oasis.icl.co.uk (p.v.mcmahon.rea0803 at oasis.icl.co.uk) Date: Thu, 11 Aug 94 16:34:33 PDT Subject: Problem in draft FIPS `CRYPTOGRAPHIC SERVICE CALLS' Message-ID: <9408112335.AA27774@getafix.oasis.icl.co.uk> > Have you been following the IETF's GSS-API work? Yes - and implemented a GSS-API mechanism. The relationship between GSS-API and a general crypto interface is contentious - as the interfaces to "export" a key for a remote principal (cf ExportKey and PubExportKey in the draft FIPS) resemble the GSS-API context initiation interface (cf gss_init_sec_context in RFC 1509), but have more assumptions about the possible KM (key management) protocols than GSS-API - or at least only make explicit provision for X9.17, D-H, and RSA. GSS-API has been implemented over Kerberos, DASS, KryptoKnight, DCE1.1, SESAME, and possibly others I haven't heard of. Also, discussions for an extension of GSS-API to layer over PEM/PGP were kicked off at the last IETF to enable mail-enabled applications to be linked in to easily consume authentication and key management services. Hence GSS-API is somewhat proven to be KM-mechanism-independent. There is a potential relationship between this export/import class of interface and the IPSEC packet format (now - or soon to be? - documented), and ongoing IETF IPSEC WG discussions re KM. Specifically, it would be helpful for fast implementations (in both senses) if as much of the processing of IP security could potentially be handed off to hardware-implemented routines via common KM-mechanism-independent and algorithm-independent interfaces (which, based on the NIST proposal primitives, would be [Pub]ExportKey/[Pub]ImportKey, Encipher/Decipher, and GenerateDAC/VerifyDAC). If the right interfaces are standardised in h/w crypto, perhaps little other than negotiation and SAID handling need usually be in software. Piers From jya at pipeline.com Thu Aug 11 16:59:07 1994 From: jya at pipeline.com (John Young) Date: Thu, 11 Aug 94 16:59:07 PDT Subject: (Fwd) Computer Privacy Debate Coming To ZiffNet 08/11/94 Message-ID: <199408112358.TAA03443@pipe1.pipeline.com> Forwarding mail by: newsbytes at clarinet.com (NB-WAS) on 11 Aug 94 ------------------- BOSTON, MASS., U.S.A., 1994 AUG 11 (NB) -- ZiffNet, the online service of Ziff-Davis Publishing Co., will host a week-long debate on computer private issues, beginning August 15. Ziff spokeswoman Lisa Landa told Newsbytes the panelists will include: James Fallows, Washington editor of the Atlantic Monthly; Jim Bidzos of the encryption firm RSA; Doug Miller of the Software Publishers Association; and Rebecca Gould of the Business Software Alliance. Sam Whitmore, editorial director of PC Week, will host the event. Much of the electronic discussion will be about encryption, given the attention this subject has been getting. There is also likely to be a discussion of the Clinton administration electronic wiretap bill and the links between encryption, privacy and the information highway. "For the successful implementation of a global information infrastructure, these issues will need to be debated and, ultimately, resolved," said BSA's Gould. (Kennedy Maize/19940811/Contact: Lisa Landa, Ziffnet, tel 617-252-5211; Kim Willard, BSA, tel 202-872-5500) From tc at phantom.com Thu Aug 11 18:41:30 1994 From: tc at phantom.com (Dave Banisar) Date: Thu, 11 Aug 94 18:41:30 PDT Subject: (Fwd) Computer Privacy Debate Coming To ZiffNet 08/11/94 In-Reply-To: <199408112358.TAA03443@pipe1.pipeline.com> Message-ID: Oh I'm really impressed by this list of people discussing privacy..... On Thu, 11 Aug 1994, John Young wrote: > > Forwarding mail by: newsbytes at clarinet.com (NB-WAS) on 11 Aug > 94 > ------------------- > BOSTON, MASS., U.S.A., 1994 AUG 11 (NB) -- ZiffNet, the online > service of Ziff-Davis Publishing Co., will host a week-long > debate on computer private issues, beginning August 15. > > Ziff spokeswoman Lisa Landa told Newsbytes the panelists will > include: James Fallows, Washington editor of the Atlantic > Monthly; Jim Bidzos of the encryption firm RSA; Doug Miller of > the Software Publishers Association; and Rebecca Gould of the > Business Software Alliance. Sam Whitmore, editorial director of > PC Week, will host the event. > > Much of the electronic discussion will be about encryption, > given the attention this subject has been getting. There is > also likely to be a discussion of the Clinton administration > electronic wiretap bill and the links between encryption, > privacy and the information highway. "For the successful > implementation of a global information infrastructure, these > issues will need to be debated and, ultimately, resolved," said > BSA's Gould. > > (Kennedy Maize/19940811/Contact: Lisa Landa, Ziffnet, tel > 617-252-5211; Kim Willard, BSA, tel 202-872-5500) > > > From nobody at kaiwan.com Thu Aug 11 18:45:36 1994 From: nobody at kaiwan.com (Anonymous) Date: Thu, 11 Aug 94 18:45:36 PDT Subject: Reailers: To Log or Not to Log? Message-ID: <199408120145.SAA23405@kaiwan.kaiwan.com> -----BEGIN PGP SIGNED MESSAGE----- Tim May pondered: > And even that last remailer may be able to claim ignorance (and win in > court) if he can show that what he mailed was unreadable to him, i.e., > encrypted to the recipient. (This is another reason I favor a goal of > "everyone a remailer.") The only problem I see with the "everyone a remailer" concept is that, in the presence of traffic analysis, a locally generated message will show up as an imbalance between incoming and outgoing messages, will it not? > With canonical remailers, and no logging, earlier remailers should be > safe. That brings up an interesting point -- does the very act of logging remailing activity, specifically the recording of sources and destinations of forwarded messages perhaps open the operator up to INCREASED liability? IOW, if the remailer is being used in the furtherance of a "crime", the presence of a log which records the details of such traffic might be used as an argument that the operator "should have known" that suspicious, possibly illegal, activity was going on and possibly being considerd CRIMINALLY NEGLIGENT for not stopping it. Has he/she torpedoed any possibility of a "Sgt. Schultz" ("I know nuuuuthing!") defense by gathering detailed evidence and then not acting on it? Perhaps "Don't ask, don't tell" is a better policy... Also, I suspect that if increased activity on a remailer is useful in thwarting traffic analysis, then foreswearing the keeping of logs should serve to INCREASE the throughput as users gain confidence that any "footprints" they might leave behind are promptly erased. -- Diogenes -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkmVwORsd2rRFQ1JAQF8OAQAlQW2ft75QMkxxWR1FMBaz7ja7C+o1uuH aK4yEBfJ3uHIuzIPyfNbtat6hWF1JV8Ip1uAgVae/MSe/Eeu54uMnh9CgdtK+NW3 3LdO9qMH+4YazACh+VnFCdqJmenOxjRnqHlqcQlVrGW/oqiiWIyF3cLUPGYvsvMd SOysxBS3SDU= =u3TC -----END PGP SIGNATURE----- From klbarrus at owlnet.rice.edu Thu Aug 11 18:46:21 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Thu, 11 Aug 94 18:46:21 PDT Subject: MAIL: future free remailers Message-ID: <9408120146.AA17774@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- Jonathon Rochkind wrote: > People often like to postulate on the list that eventually there > won't be any more of these philantropic free remailers, and people > will be charging small amounts for every remailed message, to make > some money off it. > I've thought of a pretty good reason why this might not ever happen. > [...] one's primary reason might be to ensure oneself anonymity. Interesting point... I guess that is a good reason why free anonymous remailers might not ever die out, but pay remailers may be able to offer enhanced features and services that would tend to attract the vast majority of customers (assuming such a service would be considered as valuable by enough people ;) I mean, it is easy enough to run a remailer from a school account or something like that, except you have little control: it may be forbidden (here at Rice for example), you may be told to shut it down (Netcom, U of Buffalo, U of Washington), you may have a disk quota (previous remailer I ran which stored messages, mixed and sent them at midnight) which would limit certain features, you may not be able to use "cron" or "at", you may not be able to turn off sendmail logging, you may not have the account for very long... you may want to offer usenet posting but can't, you may be subject to various denial of service attacks, you may want to name your remailer "nobody" but can't, you may want to alter sendmail config files, etc. And then maybe you'd like to experiment with something really different, like running an fsp daemon and letting people fsp files to you to be remailed. Or something of this nature, which may require leaving a program running all the time, listening to a port for connections. But maybe you can't do this either. On the other hand, if you owned your own machine and net connection, you are in a position to address all these concerns, and the people who are concerned enough to seriously use anonymous remailers may be willing to pay a postage fee. Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkrT9MSF/V8IjI8hAQFACgP/VrZDA5uSq3yHKqUeca8YVsFIkbesoCiF OQAnUWBMRFpgLK1azYZSJBkfdxllk1SPIsryM87jofQ0U7RAIqF/u9j9Cf9Me5DF v0oPFdmBYFAPICevsXJDgFed9ZD9i9Vee/OWJYM+XQlZCBeCXu4xNrKG8IjUFPo3 vwV99N/MpBI= =Y3r6 -----END PGP SIGNATURE----- -- Karl L. Barrus: klbarrus at owlnet.rice.edu 2.3: 5AD633; D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5 E8 97 64 7E 20 95 60 D9 "One man's mnemonic is another man's cryptography" - K. Cooper From tcmay at netcom.com Thu Aug 11 19:26:07 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 11 Aug 94 19:26:07 PDT Subject: Reailers: To Log or Not to Log? In-Reply-To: <199408120145.SAA23405@kaiwan.kaiwan.com> Message-ID: <199408120226.TAA29483@netcom3.netcom.com> Diogenes the Anonymous Barrel Shifter writes: > Tim May pondered: > > > And even that last remailer may be able to claim ignorance (and win in > > court) if he can show that what he mailed was unreadable to him, i.e., > > encrypted to the recipient. (This is another reason I favor a goal of > > "everyone a remailer.") > > The only problem I see with the "everyone a remailer" concept is > that, in the presence of traffic analysis, a locally generated > message will show up as an imbalance between incoming and > outgoing messages, will it not? Several easy ways to avoid this: 1. No reason that "N messages in, N + M messages out" can't be a common occurrence, e.g., dummies. (Messages will in fact get absorbed by sinks, so dummies/padding/MIRVing is expected anyway.) (And the values of N and M will have scatter anyway.) 2. Or could delay one of "other" messages, inserting the locally-generated one. (Pushes the "problem" to next transmission, one could say, but I doubt it matters.) 3. Circulate dummy messages into one's won remailer, replacing the dummy with the "real" message. N messages in, N messages out. 4. No reason for the "N in, N out" approach anyway, as a probabalistic method can be used, with the (dreaded) "random delays" used. (Provided sufficient reordering occurs, as we've discussed so many times.) I don't think it's likely that all remailers will have some fixed policy for the value of N. > > With canonical remailers, and no logging, earlier remailers should be > > safe. > > That brings up an interesting point -- does the very act of > logging remailing activity, specifically the recording of sources > and destinations of forwarded messages perhaps open the operator > up to INCREASED liability? IOW, if the remailer is being used in > the furtherance of a "crime", the presence of a log which records This has always been a likely possibility, but not tested in court. Logging is a VERY BAD THING, though I understand why remailer operators feel compelled at this point to do it. (I don't run any remailers, so I won't moralize...the point about it being a very bad thing is in terms of what a "mix" is supposed to be. People should go out and find Chaum's 1981 CACM paper, which has been referenced so many times.) > Also, I suspect that if increased activity on a remailer is > useful in thwarting traffic analysis, then foreswearing the > keeping of logs should serve to INCREASE the throughput as users > gain confidence that any "footprints" they might leave behind are > promptly erased. ^^^^^^^^^^^^^^^^ Forward security, a la certain Diffie-Hellman protocols, is needed. A true Chaumian mix does this with some security hardware (tamper-responding modules), and the DC-net approach eliminates even the need for TRMs. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From die at pig.jjm.com Thu Aug 11 19:38:37 1994 From: die at pig.jjm.com (Dave Emery) Date: Thu, 11 Aug 94 19:38:37 PDT Subject: Satellite Cellphones In-Reply-To: Message-ID: <9408120242.AA24719@pig.jjm.com> > > On Wed, 10 Aug 1994, Dave Emery wrote: > > > Dave Emery > > Your understanding of how IRIDIUM(r) will work is incorrect. It most > certainly WILL be the NORMAL operating mode for a subscriber unit (cell > phone, if you will) to talk to another subscriber unit by only going > through satellite links. The caller will be authenticated via a "home" > equivalent to the MTSO switch, but the call itself will NOT go through > the switch (or any other) unless it is to a phone number which is not a > subscriber unit. ONLY in that case will the call be routed through the > MTSO equivalent. Thanks for the correction - there is not a lot published about the system that I'm aware of (at least in technical journals I see) so I'm apparently out of date on how the current system works. But your qualification about going to a phone number which is not a subscriber is a very big one. No doubt IRIDIUM service will cost more per minute than some current ripoff prime time AMPS cellular costs and even perhaps in the outrageous INMARSAT ($>6.00 minute) range and is unlikely to replace all but a small fraction of current wired phones and terrestrial cell phones, let alone the hordes of PCS and cable company phone connections coming in the near future. So on a statistical basis an IRIDIUM subscriber is rather unlikely to be calling another IRIDIUM subscriber. I will grant you that if IRIDIUM becomes competitive in remote areas that a certain amount of remote area to nearby remote area traffic will be IRIDIUM transported, but my guess is that nevertheless most IRIDIUM traffic will be to numbers outside the system and thus go via the MTSO equivalent. This does raise the point, however, about what the IRIDIUM system plans to do about pirates who wait for an IRIDIUM to IRIDIUM call to set up and then take over the uplink with higher power (probably just using high gain steerable antennas would do this fine) and talk on someone else's nickel. I imagine that if the satellite actually demodulates the digital voice/data stream to baseband and switches it as digital data rather than rf that it would be possible to incorperate cryptographic authentication of the packets and have the satellite borne switch check all its packet streams for valid user id. But of course this adds a weight and power penalty to the satellites... Do you know if this problem been thought of and addressed or is it being assumed to be as impossible as AMPS cellular spoofing apparently seemed to be to the developers of that system ? > > Your thoughts about caller authentication are correct. I don't know if > IRIDIUM is planning to do this correctly or not. It had better. Dave Emery From frissell at panix.com Thu Aug 11 19:39:38 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 11 Aug 94 19:39:38 PDT Subject: Crime Bill FAILED to pass Message-ID: <199408120238.AA03268@panix.com> At 06:13 PM 8/11/94 -0500, Jim_Miller at suite.com wrote: > > >Hurray!!! > > In celebration, everyone should go out and buy a MAC-11 this weekend. DCF From die at pig.jjm.com Thu Aug 11 20:02:34 1994 From: die at pig.jjm.com (Dave Emery) Date: Thu, 11 Aug 94 20:02:34 PDT Subject: Are Remailers Liable for What They Remail? In-Reply-To: <199408111846.AA00988@panix.com> Message-ID: <9408120306.AA25660@pig.jjm.com> Duncan Frissell writes > > Remailers have no knowledge or control hence no scienter (guilty knowledge) > hence no liability as a matter of law -- not a jury question BTW. > But is it not true that the state can simply decide that anonymous remailers are a nuisance and a tool of criminals and pass laws making remailer operators liable or outlawing remailers entirely ? Considering the things that have been outlawed for flimsy reasons in the US recently (eg assault weapons, some kinds of scanners) I find it nieve to presume that anonymous remailers will remain legal. They are just too much of a temptation to libelers and slanderers, software pirates, information thieves, blackmailers, extortionists, tax evaders etc. And their perceived positive uses so weak by comparision that I predict that within a very few years providing an anonymous mail service will either be strictly illegal or require logging of user ID's and screening of traffic for legality. Wait and see ... Dave Emery From rfb at lehman.com Thu Aug 11 20:35:37 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Thu, 11 Aug 94 20:35:37 PDT Subject: e$ & Reporting Cash Trans In-Reply-To: Message-ID: <9408120335.AA11574@fnord.lehman.com> From: binski at u.washington.edu Date: Thu, 11 Aug 1994 16:28:56 -0700 (PDT) I think it was a high-level court ruling that essentially said it's perfectly ok to intentionally structure cash transfers to avoid the $10,000 reporting requirement. That's all I recall. No. What was at issue was whether the prosecution was required and/or able to demonstrate the defendant's intent to circumvent the reporting requirements. If the defendant had admitted such an intent, there would not have been a case. Rick From werewolf at io.org Thu Aug 11 20:39:59 1994 From: werewolf at io.org (Mark Terka) Date: Thu, 11 Aug 94 20:39:59 PDT Subject: Remailer Status In-Reply-To: <9408111519.AA16825@debbie.telos.com> Message-ID: > Hello, > Is there any overall status on remailer use. > Remailers up, specific commands, clear vs encrypted traffic, > delays, un-acceptable types of mail. Yeah, check out this post I got yesterday from alt.privacy.anon-server: Newsgroups: alt.anonymous,alt.privacy.anon-server Subject: How to use the anonymous remailers Date: 7 Aug 1994 05:36:35 GMT The Cypherpunks' remailers allow you to send anonymous mail by adding the header Request-Remailing-To: and sending to one of the addresses listed below. Most (but not all) of these remailers also accept Anon-To: in place of Request-Remailing-To. These headers must be typed exactly as you see them; most remailers are case-sensitive. Mail without these headers is either rejected or delivered to the remailer administrators. The standard cypherpunks anonymous remailers are: hfinney at shell.portal.com hal at alumni.caltech.edu ghio at kaiwan.com nowhere at bsu-cs.bsu.edu remailer at chaos.bsu.edu remailer at rebma.mn.org remail at vox.hacktic.nl remailer at jpunix.com remailer at ds1.wu-wien.ac.at rperkins at nyx.cs.du.edu remail at c2.org usura at hacktic.nl If you can not add the required headers, place two colons (::) on the very first line of your message, then on the next line type Request-Remailing-To: and the address you want to send anonymously to. Skip a line, and then begin your message. Note that by using this method it is possible to send a message consecutively thru more than one remailer. Be sure to place the double colons on the first line of the message, and skip one line following the headers. Extra blank spaces (or forgetting to seperate the headers and message) may cause problems. You can add additional headers to your message by placing two number signs (##) at the beginning of the first line of the message body, and then add the special headers on subsequent lines. The bsu remailers require that you place the Subject: header in the body of the message, after the ##. The original subject line is removed. (remail at vox.hacktic.nl does not support this feature.) remailer at soda.berkeley.edu works slightly differently. It includes an encrypted reply block so that people can reply to your messages. It also requires that you use the header Anon-Send-To: to send anonymously, and features a usenet posting service. For more information on this remailer, finger remailer at soda.berkeley.edu, or send mail to the remailer with the Subject: remailer-info remail at extropia.wimsey.com requires that you public-key encrypt your messages with PGP. This added security prevents a hacker or nosey sysadmin at your site from reading your outgoing mail or finding out where it's going. This remailer is not directly connected to the internet, so messages will be delayed about an hour. Some of the other remailers support PGP as well. For remailers which support both encryption and plaintext messages, identify encrypted messages by adding a header which reads: Encrypted: PGP Encryption keys can be found below. The remailer ghio at kaiwan.com offers many additional features, in addition to the standard remailing commands. Usura at hacktic.nl also supports these features. Adding the header "Cutmarks:" will truncate the message starting with any line that begins with the same characters as in the Cutmarks header. This can be used to remove an automatically-inserted signature file. Also supported is the header "Latent-Time:". This allows a message to be delayed at the remailer and sent out at a later time. This is useful because it prevents people from correlating the times at which certain anonymous posts appear with the times that you are logged in. Both absolute and relative delays are possible. For example, "Latent-Time: 12:00" would have the remailer hold the message until 12:00 (noon) and then deliver it. Times must be in 24-hour format. "Latent-Time: +06:30" would deliver the message six hours and thirty minutes after it is received. The maximum permissible delay is 24 hours. These lines may be placed either in the message headers, or following the double colon. For more information on this remailer, send mail to ghio at kaiwan.com, Subject: remailer-help There is a pseudonym-based anonymous remailer at anon.penet.fi. For information on this remailer, send mail to: help at anon.penet.fi There is another anonymous contact service at chop.ucsd.edu. It's not as full-featured as anon.penet.fi, but is considerably faster since it is not burdened by such a heavy load. For information on this remailer, send mail to: acs-info at chop.ucsd.edu There is a similiar service at twwells.com. For information on this system, send mail to anon-help at twwells.com vox.hacktic.nl also has a anonymous account service. For more information, send mail to remail at vox.hacktic.nl with subject "help". Anonymous postings to usenet can be made by sending anonymous mail to one of the following mail-to-usenet gateways: group.name at demon.co.uk group.name at news.demon.co.uk group.name at bull.com group.name at cass.ma02.bull.com group.name at undergrad.math.uwaterloo.ca group.name at charm.magnus.acs.ohio-state.edu group.name at comlab.ox.ac.uk group.name at nic.funet.fi group.name at cs.dal.ca group.name at ug.cs.dal.ca group.name at paris.ics.uci.edu (removes headers) group.name.usenet at decwrl.dec.com (Preserves all headers) These were all verified as of August 1, but let me know if you have problems with any of the usenet gates listed above. Also tell me if you know of any more of these. The mail-to-news gateways do not anonymize messages; you must use a remailer if you want the message to be posted anonymously. It would also be advisable to try a post to alt.test before relying on any such system to function as expected. Also note the special syntax required at dec.com In addition, you can cross-post to several newsgroups by adding the header Newsgroups: with the names of the groups you want to post to and sending it to mail2news at demon.co.uk (Use the ## feature with the remailers to add the header line) Examples: Simple Remailing: > From: joe at site.com > To: remail at c2.org > Subject: Anonymous Mail > > :: > Anon-To: beth at univ.edu > > This is some anonymous mail. Chaining remailers: > From: sender at origin.com > To: remailer at rebma.mn.org > > :: > Request-Remailing-To: remailer at ds1.wu-wien.ac.at > > :: > Request-Remailing-To: receipient at destination.com > > This is an anonymous message Adding extra headers to the output message: > From: suzie at euronet.co.uk > To: remailer at chaos.bsu.edu > > :: > Request-Remailing-To: mail2news at demon.co.uk > > ## > Subject: Ignore this test > Newsgroups: alt.test > Comments: This is only a test > > This message will be posted to alt.test! Cutmarks and delay: > From: sam at eric.com > To: ghio at kaiwan.com > Subject: ignore > > :: > Anon-To: alt.test at nic.funet.fi > Latent-Time: +15:30 > Cutmarks: -- > > This is an anonymous test. > Note that it does not have my .sig appended to it! > > -- > sam at eric.com - 310-853-1212 - This is my .sig - Finger for PGP key! The following are PGP public keys of the remailers which support encryption: 1024-bit key, Key ID B5A32F, created 1992/12/13 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCNAisrAP0AAAEEAJr3OwIfOIOoh9JndwwqFg+VyWFTAyM8S0B7wyGKI+A9sMAB mbSOIU52EszvLdZk8NH8mrOD9m3EZlt9gXOjln881RMilAunnzdXaJ6ffBKqPL+l yiefCbCo6wScVNfMSV6Di/2HMoFzVqukwRjTx8lqKt6hgy0uedtwcCemtaMvAAUR tCVSZW1haWxlciA8cmVtYWlsQGV4dHJvcGlhLndpbXNleS5jb20+iQCVAgUQK2SV p4OA7OpLWtYzAQG8eQP9F9ye/F/rXhJLNR5W/HV5k+f6E0zWSgtmTTWUYyydfJw+ lKDEDH6v+OFOFE3+fuTIL5l0zsNMSMdF5u7thSSWiwcFgaBFQF9NWmeL/uByOTSY tsB6DQSbw656SBH7c7V7jvUsPit/DubwBXZi9sOlULau3kQqXeeQxPhNE+bpMy6J AJUCBRArKwSLk3G+8Dfo40MBAXYAA/4hCVDFD0zG47pYPMg+y7NPE5LktWt2Hcwt Z4CRuT5A3eWGtG8Sd5QuHzbE4S9mD3CFn79bxZi0UDhryD8dsCG4eHiCpAcZqSvR JSkpgamdRaUQHNmMxv5goxHhRem6wXrKxZQNn5/S0NtQOrS6QKhFlGrzDIh/2ad1 J9qpyzJ/IYkARQIFECsrA9RLrSJixHgP9wEBNcEBewWpzywKk/SBDwocXebJmsT6 zug/ae78U/cu9kTX620Xcj1zqOdx9Y9Ppwem9YShaQ== =I7QE -----END PGP PUBLIC KEY BLOCK----- Anonymous Remailer 510-bit key, Key ID 5620D5, created 1992/11/15 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQBNAisGf+IAAAEB/ieS6th8hI1QBjGpmctVvsIxZBtmpykVXc3psh0XVfH4sECS ugouk2zm/PJtt59A2E5SO3xjpDjeKlkQ745WINUABRG0LFJlbWFpbGluZyBTZXJ2 aWNlIDxoZmlubmV5QHNoZWxsLnBvcnRhbC5jb20+iQCVAgUQK3Azm4OA7OpLWtYz AQHzawQAwZPaJUR9iNwyKMDm4bRSao0uu381pq6rR3nw0RI+DSLKTXPqDaT3xBmL dVv1PVguLcoao/TRLkAheV7CIxodEiI9lAC2o6lqSXCP+vm3jYmulSgUlKafXYbj LAbZpsKRAUjCpyx0wlYmoHhkA+NZDzMcWp6/1/rM/V1i4Jbt2+GJAJUCBRArBpKv qBMDr1ghTDcBASTlBACfTqODpVub15MK5A4i6eiqU8MDQGW0P0wUovPkNjscH22l 0AfRteXEUM+nB+Xwk16RG/GdrG8r9PbWzSCx6nBYb7Fj0nPnRPtS/u69THNTF2gU 2BD0j2vZF81lEHOYy6Ixao2b6Hxmab2mRta2eTg7CV6XP3eRFDPisVqgooAWgw== =arSc -----END PGP PUBLIC KEY BLOCK----- Remailing Service 510/0BB437 1992/11/12 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAisCtU0AAAEB/jNOYzN1B2YzOxlK/Zb6axoOaGlPq5I7DV9GH3hcGRN5N6Fi T4sRLhi53Sc5rUdYDa8mFQd4tqvFG6rHcT8LtDcABRG0KlJlbWFpbGluZyBTZXJ2 aWNlIDxoYWxAYWx1bW5pLmNhbHRlY2guZWR1PokAlQIFECsGk/aoEwOvWCFMNwEB 24gEAJlpxL88gdKUxdgXCTCeFZ45bTbyiS0Mfy86iGthyuLRYjAEjJB5yerRaKDi JNOgCTvnO+I9YyFdXnPEpvBjqVfpqHF2WCc4f7BgzBbOKg79EyiOp2/eYIQT1Fkk cvisjRGlmHncfGgoq+OhVUw81imeSUPbv8vZyqskUU7djZKb =4W6s -----END PGP PUBLIC KEY BLOCK----- Remailer (remailer at rebma.mn.org) 1024/BA80A9 1992/11/26 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAisUI2QAAAEEAKgm07Hsje5KpmXYd5azk0R6AES+qK7LcofnVGojUs7GBghD WbwrmW8oOEOhRorlShRALKeYspV4xYIw4WDkJcJxuf1B254scz1urF/Eem3zPW9b yPAx7W/cGwvs6SouZvFcSDq4v1zApvGE9hP4szPzHeGmVr0NVNeaDK0guoCpAAUR tCBSZW1haWxlciAocmVtYWlsZXJAcmVibWEubW4ub3JnKQ== =/qHx -----END PGP PUBLIC KEY BLOCK----- Anonymous Remailer 1000/260935 1994/06/03 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCKAi3vhFUAAAED6KSE5JwFAstBYAUEASfQCEr1wA+1YsWZl7nlNBA8Xq4YSwlg eLCy9oiTDisxsxxxcbQdMtBTFcgQ2GVq7NhhjCEQkRzFRzPOG87T+0aUSufqD2RC PYnwacPDpiTUe/TobHMs/Ov+yDuji0bIacveflubU8DvHLjHgI58Jgk1AAURtCRB bm9ueW1vdXMgUmVtYWlsZXIgPGdoaW9Aa2Fpd2FuLmNvbT4= =v5cv -----END PGP PUBLIC KEY BLOCK----- Tommy the Tourist 512/5E6875 1994/04/25 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAi27mNAAAAECAONCUi/9jdl0SXGhOhT4Vvgl9uOYLgbOjU5kMXEkpFQriCYC hWfNuhH8zESs9DFTMHCXUsXYrkkm/bHdhGheaHUABRO0LlRvbW15IHRoZSBUb3Vy aXN0IDxyZW1haWxlckBzb2RhLmJlcmtlbGV5LmVkdT4= =aoJM -----END PGP PUBLIC KEY BLOCK----- vox.hacktic.nl 512/368B41 1994/04/29 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAi3BYrsAAAECALbhXUJWvniV9bGz67lGnXqc3BOjRwVBV9pY9V6cJEfw/UOn R9Bi0WWDelp20Z6u+CHijrq7iaRyTL2DNtw2i0EABRG0KlZvWCBSZW1haWwgU2Vy dmljZSAgIDxhbm9uQHZveC5oYWNrdGljLm5sPokAlQIFEC3H6O5Z33QUjVaRPQEB P0oEAJKp0uOhkx7uAfUQGpYLL3RlBR2xomvYdbf/ES7DMn2eAast+cO0YWkveNO1 6h+7K1/AFa3G/q2R0alOoFFYd4J/G5hn/NBdvp3KylhEC5OCe40Qb151NpkF++OE dtUPu0qd9VlQPNhFzF37sdffkuk5Uaac1/UrPJLaYDQJYIBGtCpWb1ggUmVtYWls IFNlcnZpY2UgPHJlbWFpbEB2b3guaGFja3RpYy5ubD6JAJQCBRAtx+lIWd90FI1W kT0BAaBGA/ixWSQsCYDAOw8udVKzcqzjkzcvqDXoOTeoCRCW5yKFjLq/O+jydj0+ Y6sSHgQWeNQMYuLAq3PZWi66POhrXCrQNTdu2+Ni0Zq1UpjDE6D/6bg0ujvJd+Tr rycJq8B7T81RR/nlkQNkWRji8b1GJ1QAz/NSWuskOKEgsH5fsdvL =RRIj -----END PGP PUBLIC KEY BLOCK----- 1024/4BB86375 1994/06/03 remailer at ds1.wu-wien.ac.at -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.5 mQCNAi3u8pcAAAEEAKqUa4Ihy5KH8Q4Z5DOBRc/n/5RJUiMhbOqxRMmRq+0ycEqi ogceTx4hksKuFa2iQe2Cre9VhB/Tq2Xf1/dSknGls10DkrpVTRoCPlJAJND6iAEA iLZapFvwiQzQ/JVIunEjLf63UdBLGUTHqj4z7MGR++bGwn9SOX/Oy25LuGN1AAUR tBpyZW1haWxlckBkczEud3Utd2llbi5hYy5hdIkAlQIFEC3u8/RYsqLFExS2VQEB R9EEAIVRwgpI/CpCgptao0tVfd7xDVvFrxBnW4724caoZ3tyCEXLgbJnR250yZYZ NKJzfsPcTzILUZ3WKAlsfdPdEaJZHsyRvBDxjdvUjLokQBqd/WyklZ4MibYu6Cod z+PnKG0zVwA/gR+vQ4/xXw9T1oSf6YVW25bP3kkCOxR8mpHo =Vriv -----END PGP PUBLIC KEY BLOCK----- 1024/FD5A2D 1994/06/16 The NEXUS-Berkeley Remailer -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi3/6FIAAAEEANggWtLprhvPDAdv503F5vChmF5jadD16dBke2yuP5iJwt0i X0eJC7dFoimNp03Cm7pkn5SkGr3i3hjtKLQGtneKNfdp29ELisOc9wMLiBMP46q3 Sr/9RseAt5Nnt4fW2Efi6xO8QLiMVG837gd5pEpXOqJ2FMCikEMvwOz0/VotAAUR tCtUaGUgTkVYVVMtQmVya2VsZXkgUmVtYWlsZXIgPHJlbWFpbEBjMi5vcmc+iQCV AgUQLf/owHi7eNFdXppdAQEctAP/aK+rTQxs5J8ev1ZtnYpGZPIEezQeC8z8kRdN jUKF7CutVLy09izYDSdonuHFyWoHtLb1RUj5fGUFhOzwmJTMlTRzEx8i2a1bKdmQ qPGNu2iVKIitkSSVZvz7vHXM+ZUFTSC4LGWsECukEONEeyGy+ehG3ON0vx1ATqY5 /ATzPpo= =N0yt -----END PGP PUBLIC KEY BLOCK----- Global Remail Services Ltd. 1024-bit key, Key ID 1FFADA15, created 1994/07/22 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCNAi4wTh8AAAEEAMb9gl6NlZHy4FdjADel4d+C+Th7+inTOV4mEsKk+N/QfJAj BN6YPnJ9bm+Ch19FrR1KeTwrpluP6J+GdJrMkVSosvIqBPpSRgOs7nvMhnn3Tnrn uUFZVDYslQ1wRZvFbTpCEW8TzgVhGy6HMznxEC4ttnOq8pFRFUpL3asf+toVAAUR tC5HbG9iYWwgUmVtYWlsIFNlcnZpY2VzIEx0ZC4gPHVzdXJhQGhhY2t0aWMubmw+ =+iYx -----END PGP PUBLIC KEY BLOCK----- The operation of this system of remailers is a group effort which relies on the contributions of many generous people. Please do not abuse the remailers. If you have problems with a remailer, most of the remailer operators can be contacted by sending mail to the remailer's address without a remailing request header. Otherwise, follow the instructions that come in the messages from the remailer. Do not send complaints to postmaster at the site. Most of the remailers are run by people who are not the site administrators. Sending to postmaster or the site admins will most likely just make them annoyed at you, and won't get your problem resolved. If you can run an anonymous remailer, please volunteer to do so. Software is availiable from anonymous-FTP at soda.berkeley.edu in the directory /pub/cypherpunks/remailer/ Other remailer software is availiable at chaos.bsu.edu in the directory /pub/cypherpunks/remailer/ or contact me and I'll send you what you need. The software can often be run on personal accounts; Root or sysadmin access is not required in most cases. There are two usenet forums for discussion of anonymous remailer systems, alt.privacy.anon-server and alt.anonymous The cypherpunks mailing list is a forum for discussing ways to promote privacy via cryptography. To join, send mail to cypherpunks-request at toad.com Additional information on the anonymous remailers is availiable from gopher://chaos.bsu.edu/ Path: io.org!uunet.ca!uunet.ca!spool.mu.edu!howland.reston.ans.net!gatech!news-feed-1.peachnet.edu!news.duke.edu!godot.cc.duq.edu!ddsw1!panix!zip.eecs.umich.edu!newsxfer.itd.umich.edu!uunet!news.claremont.edu!kaiwan.com!usenet From: ghio at kaiwan.com (Matthew Ghio) Newsgroups: alt.2600,alt.privacy,alt.privacy.anon-server,alt.anonymous,alt.anonymous.messages Subject: Anonymous Remailer Date: 10 Aug 1994 03:46:48 GMT Organization: KAIWAN Internet (310/527-4279,818/756-0180,714/741-2920) Lines: 5 Message-ID: <329ij8$6fa at kaiwan.kaiwan.com> NNTP-Posting-Host: kaiwan.kaiwan.com Xref: io.org alt.2600:18836 alt.privacy:17773 alt.privacy.anon-server:558 alt.anonymous:216 alt.anonymous.messages:40 I guess it's FAQ time again... If you want information on my anonymous remailer, send mail to ghio at kaiwan.com with Subject: remailer-help If you spell it right, the auto-reply daemon will answer you. :) From pfarrell at netcom.com Thu Aug 11 21:31:49 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Thu, 11 Aug 94 21:31:49 PDT Subject: Subject: Computer services in DTB was: Are Remailers Liable for What They Remail? Message-ID: <1698.pfarrell@netcom.com> Hal writes: > This is one of the things that worries me about the Digital Telephony > bill. In the various apologias and explanations from EFF, CyberWire > Dispatch, etc. about why EFF helped with this bill, it was mentioned that > online service providers have been removed from its coverage because they > are not "common carriers". It only applies, they say, to common carriers > like phone companies. > Obviously I haven't read the text of the bill (probably no one has ;-) but > this certainly raises the question of whether pursuing common carrier > status would cause electronic service providers to fall under the wiretap > require- ments of the bill. I was looking thru the text of an early markup of the bill today, and it includes information service providers. I'll go out to my car and get the page and cite. At today's congressional hearing, they did NOT provide text of the bill. EFF sold out, and I'd love to know why. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From pfarrell at netcom.com Thu Aug 11 21:32:10 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Thu, 11 Aug 94 21:32:10 PDT Subject: Crime Bill FAILED to pass Message-ID: <1711.pfarrell@netcom.com> jim at bilbo.suite.com (Jim Miller) writes: > Hurray!!! Yes, that is good news. And at the same time Digital Telophony looks like a lock to pass. Bummer. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From tcmay at netcom.com Thu Aug 11 22:05:20 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 11 Aug 94 22:05:20 PDT Subject: The EFF is no NRA! In-Reply-To: <1711.pfarrell@netcom.com> Message-ID: <199408120505.WAA23252@netcom5.netcom.com> "I know the NRA. I know people in the NRA. And the EFF is no NRA." Pat Farrell writes: > jim at bilbo.suite.com (Jim Miller) writes: > > Hurray!!! > > Yes, that is good news. And at the same time Digital Telophony looks like > a lock to pass. > > Bummer. Fact: The National Rifle Association took a "we can't compromise on this" position, and actually allied itself with the Black Caucus to defeat the Crime Bill. Fact: The EFF has, on the other hand, "helped" to create the Wiretap Bill. In comp.sys.eff.talk, critics of the Wiretap Bill like us are being characterized as taking "a cute absolutist screaming hero stance." With friends like these, I'm afraid, it's no wonder we're being sold out and the EFF is doing the selling. I think Mitch has taken a few too many rides on Air Force One. No compromises! Cypherpunks have to get a lot more radical. A lot more. --Tim, who always thought Janet Reno earned herself death by lethal injection after ordering the Waco Massacre ("we had to destroy the children in order to save the children") -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From die at pig.jjm.com Thu Aug 11 22:45:48 1994 From: die at pig.jjm.com (Dave Emery) Date: Thu, 11 Aug 94 22:45:48 PDT Subject: Is there a more recent text of Digital Telephone bill available / Message-ID: <9408120550.AA28718@pig.jjm.com> Is there a current text of the Digital Telephone bill somewhere on the Internet ? Yes, I have the one John Gilmore mailed to the list but that one was only a draft as of approximately August 1 and there have been reports of changes .... Dave Emery From lcottrell at popmail.ucsd.edu Thu Aug 11 22:46:10 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Thu, 11 Aug 94 22:46:10 PDT Subject: Cypherpunks munges sigs. Message-ID: <199408120545.WAA03436@ucsd.edu> -----BEGIN PGP SIGNED MESSAGE----- I am very glad to say that someone is checking the sigs on these messages. Mine have not been checking out. When I send him a signed message directly there is no problem. Would some of you please check this sig on this and tell me if there is any problem. Many thanks. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLksZVFVkk3dax7hlAQEd/wP+I+vjScGW3fgrRuCZXlK837F9UHdeLyFO PFCm6+QstQY38tnfsvsPhAGKuzQ9/Ewn8n4hBsbjBMT6/mEYkTDzcGWNDlstG3qU HwgXY6UuazRwOJKPGy8edXdUfIlhf7R/zaUcyapz9obdD++G1cdPMK4vKu2khqp1 SbTyQ5rna2Q= =Ekir -----END PGP SIGNATURE----- -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From norm at netcom.com Thu Aug 11 22:53:51 1994 From: norm at netcom.com (Norman Hardy) Date: Thu, 11 Aug 94 22:53:51 PDT Subject: IDEA vs DES Message-ID: <199408120554.WAA21416@netcom.netcom.com> At 02:09 1994/08/11 -0400, Jeremiah A Blatz wrote: .... >PowerPC integer performance is rather impressive, i.e. faster than >Pentium by a bit. One craveat, tho, Apple says "No!" to programming in >assembly, and I doubt that IBM is all this happy about it either. My >guess is that MacOS is approaching the Unix "distribute source, 'cause >you're gonna have to do lots of re-compiles" type of thing. Just a >guess, though. Anyway, there is one assembly interpreter out for >PowerMacs, I don't know about the IBM PowerPCs, though. The PowerPC floating point is even more impressive. The fmadd instruction can do "a <- b*c+d" every other clock or 30 per microsecond on the low end Power Mac. If we store 24 bits of a multiple precision number in successive elements of an arrary then the inner loop of a multiply is a routine such as: void m8(float * a, float * b, double * p) {p[0] = a[0]*b[0]; p[1] = a[0]*b[1] + a[1]*b[0]; p[2] = a[0]*b[2] + a[1]*b[1] + a[2]*b[0]; p[3] = a[0]*b[3] + a[1]*b[2] + a[2]*b[1] + a[3]*b[0]; p[4] = a[0]*b[4] + a[1]*b[3] + a[2]*b[2] + a[3]*b[1] + a[4]*b[0]; p[5] = a[0]*b[5] + a[1]*b[4] + a[2]*b[3] + a[3]*b[2] + a[4]*b[1] + a[5]*b[0]; .... p[13] = a[6]*b[7] + a[7]*b[6]; p[14] = a[7]*b[7];} The overhead consisting of loads and stores can largely be hidden since the 601 can issue both a floating point and fixed point instruction in a single clock. 1000 bit numbers can thus be multiplied in (1000/24)^2 (1/30,000,000MHz) = 59 microseconds. The outer loop is also significant but I would expect that it can be done in under 100 microseconds. Modular exponentiation of 1000 bit numbers should take about 2*(1000/24)^3 (1/30,000,000MHz) = 2.5 ms without outer loop overhead. The MPW compiler from Apple doesn't compile this code well and I may have to write it in Assembler. The documentation that comes with MPW does not discourage assembler and MPW (from Apple) includes a great assembler! In another context I wrote some C code that compiles some optimized 601 machine code (to move pixels fast) and executes it. You don't need no stinking assembler. From tcmay at netcom.com Thu Aug 11 23:00:45 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 11 Aug 94 23:00:45 PDT Subject: Is there a more recent text of Digital Telephone bill In-Reply-To: <9408120550.AA28718@pig.jjm.com> Message-ID: <199408120559.WAA29552@netcom5.netcom.com> > Is there a current text of the Digital Telephone bill somewhere > on the Internet ? > > Yes, I have the one John Gilmore mailed to the list but that > one was only a draft as of approximately August 1 and there have been > reports of changes .... > > Dave Emery Extensive arguing about this is going on in comp.org.eff.talk. The EFF has also provided details of "their" bill in these places: ** 1994 final draft, as sponsored ** ftp.eff.org, /pub/EFF/Policy/FBI/digtel94.bill gopher.eff.org, 1/EFF/Policy/FBI, digtel94.bill http://www.eff.org/pub/EFF/Policy/FBI/digtel94.bill bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital Telephony; file: digtel94.bil I checked and the texts are the complete bills, as of the 1994-08-09 introduction in Congress. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From norm at netcom.com Thu Aug 11 23:19:19 1994 From: norm at netcom.com (Norman Hardy) Date: Thu, 11 Aug 94 23:19:19 PDT Subject: Direct Satellite phone service Message-ID: <199408120619.XAA24771@netcom.netcom.com> At 14:58 1994/08/09 -0700, Lyman Hazelton wrote: .... >in the mission (telephone) data portion of the IRIDIUM system. If a >subscriber wants to use their own crypto-system on top of the basic >communication service provided by the system, that is up to them. On the >other hand, if no encryption is provided by the subscriber, anyone can >listen into their conversations. .... Does IRIDIUM provide digital or analog channels? From lcottrell at popmail.ucsd.edu Thu Aug 11 23:49:52 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Thu, 11 Aug 94 23:49:52 PDT Subject: RemailerNet Message-ID: <199408120649.XAA07108@ucsd.edu> -----BEGIN PGP SIGNED MESSAGE----- >Actually, the odds are better than this, .8^5, about 0.33. You will be >compromised "only" 1/3 of the time. > >But if you are sending regular messages to another party, then traffic >analysis will quickly show that you are communicating, because even if >the boys at Langley are really dumb, you won't make send more than >two or three messages without having all the cherries lining up. > >You will be protected if you have encrypted your messages, but using >a remailer network offers little additional protection. > >-- >Jim Dixon I am not sure I see why you think that the "cherries" will line up. If one has the two honest remailers in the chain, then the only information the TLA has is that you sent a message, and the other person received one of the N messages in the labyrinth. N is the number of messages sent which could have been the received message (this is proportional to the number of messages in being reordered). It all depends on how big N is. Given the current traffic load, I suspect you are correct. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLksoL1Vkk3dax7hlAQFf2wP9EqXHQxpYZXs09oTR84CYKKZ0NFdv/rbj 6X7CpP1luGC41LDNZ0jaKJHlsNA8akULf6Q79mZ53lKqrUOREDQp5lz8j3LKU0G9 EXmvM1P10c9dAcTvrWPei+TyzZgc2PzM1By57u5hAomCoiuGHjSJEpWNJa8qGwYc CO3a7/0SyaI= =AeYf -----END PGP SIGNATURE----- -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From GMP3 at PSUVM.PSU.EDU Fri Aug 12 00:48:43 1994 From: GMP3 at PSUVM.PSU.EDU (Gerald M. Phillips, Ph.D.) Date: Fri, 12 Aug 94 00:48:43 PDT Subject: Health Care Privacy Alert Message-ID: <199408101402.HAA15259@mail.netcom.com> Posted for general interest - - The original note follows - - From: Susan Evoy Newsgroups: comp.org.cpsr.announce Subject: Health Care Privacy Alert Date: 10 Aug 1994 02:05:14 -0700 Sender: al at snyside.sunnyside.com FYI, please respond directly to the phone number below. Do not inquire of CPSR about the Coaltion for Patient Rights. ALERT The health care legislation proposed by Gephardt in the House and Mitchell in the Senate contains provisions which would establish a national health care data network and override most state medical confidentiality laws. All health care providers, whether paid by insurance or not, will be required to provide the network with data from the patient medical record after every clinical encounter. (The data elements will not be limited to what is necessary for billing purposes.) A very weak "privacy" (or "fair information") code will regulate the redisclosure of such patient-identified information. The law will permit person-identified information to be made available in various circumstances to law enforcement officials, medical and social studies researchers, and government authorities without the knowledge or consent of the patient. These legislative provisions are being promoted as administrative simplification and cost-saving measures, but they will seriously erode patient privacy. Unfortunately the general public has not been informed about these sections of the health care reform bills. Legislation of this kind requires intensive debate and should not be folded into a bill to extend insurance coverage and reform health care financing. Contact your Representative and your Senators to urge that the "Administrative Simplification," "National Health Care Data Network," and so-called "Privacy" and "Fair Information Practices" sections of these bills be deleted. The general telephone number for Capitol offices is 202, 224-3121. Watch for further updates! You may contact us at 617, 433-0114. Coaltion for Patient Rights, Massachusetts --- CPSR ANNOUNCE LIST END --- From frissell at panix.com Fri Aug 12 04:16:32 1994 From: frissell at panix.com (Duncan Frissell) Date: Fri, 12 Aug 94 04:16:32 PDT Subject: Health Care Privacy Alert Message-ID: <199408121115.AA19389@panix.com> At 09:57 AM 8/10/94 EDT, Gerald M. Phillips, Ph.D. wrote: >Posted for general interest >Subject: Health Care Privacy Alert > The health care legislation proposed by Gephardt in the House and >Mitchell in the Senate contains provisions which would establish a >national health care data network and override most state medical >confidentiality laws. All health care providers, whether paid by >insurance or not, will be required to provide the network with data >from the patient medical record after every clinical encounter. *Any* bill that passes will have all sorts of juicy, privacy-invading provisions. Leftists in the "privacy community" will have to decide which they like better: privacy or "health security." There's no way you can have a government-directed, third-party-paid, health care "system" without throwing privacy out the window. Bureaucracies *keep* records, they don't destroy them. Our president likes the "German System" -- 'nuff said. DCF "According to the CBO report on the 'Clinton-Mitchell Bill,' the effective marginal tax rate on some lucky moderate income families ($20K-$30K) will be 85%(!) due to 1) ordinary taxes, (2) phase out of the earned income tax credit, and (3) phase out of health insurance subsidies under the 'Clinton-Mitchell Bill'." From frissell at panix.com Fri Aug 12 04:18:10 1994 From: frissell at panix.com (Duncan Frissell) Date: Fri, 12 Aug 94 04:18:10 PDT Subject: Are Remailers Liable for What They Remail? Message-ID: <199408121115.AA19438@panix.com> At 11:06 PM 8/11/94 -0400, die at pig.jjm.com wrote: > But is it not true that the state can simply decide that >anonymous remailers are a nuisance and a tool of criminals and pass laws >making remailer operators liable or outlawing remailers entirely ? >Considering the things that have been outlawed for flimsy reasons in the >US recently (eg assault weapons, some kinds of scanners) I find it nieve >to presume that anonymous remailers will remain legal. They have yet to outlaw accomodation addresses, voice mail systems, answering services, pay phones, the new phone parlors, the new phone cards (buy one from Sprint inside a Hallmark Card at your local Hallmark store), etc. It is very hard to outlaw something that everyone has or can easily do -- ie. switch voice, data, or physical mail. It is currently easier to send communications than it has ever been. Mere legislation is unlikely to reverse this trend. DCF "So how do you outlaw accomodation addresses, remailers, voice-mail systems, and private phone switches in *other* countries." From jya at pipeline.com Fri Aug 12 05:47:22 1994 From: jya at pipeline.com (John Young) Date: Fri, 12 Aug 94 05:47:22 PDT Subject: NY Times on e$ Message-ID: <199408121246.IAA20422@pipe1.pipeline.com> The NY Times today reports on "the first retail transaction on the Internet using a readily available version of powerful data encryption software designed to guarantee privacy." Quotes: "Even if the NSA was listening in, they couldn't get his credit card number," said Daniel M. Kohn, the 21-year-old chief executive of the Net Market Company of Nashua, N.H. * * * * The data encryption program is called PGP. . . * * * * "I think it's an important step in pioneering this work, but later on we'll probably see more exciting things in the way of digital cash," said Philip Z. Zimmermann . . . In other words, [e$] are packets of worth that have value in cyberspace, the same way dollars have value in the real world, except that they have the properties of anonymity, privacy, and untraceability. Many details remained to be worked out, Mr. Zimmermann said. End quotes. Includes discussion of net security and encryption. See Business Section, pp. D1, D2. AOL offers access to NY Times. Anyone who wants a copy email me. John From perry at imsi.com Fri Aug 12 06:05:10 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 12 Aug 94 06:05:10 PDT Subject: NY Times on e$ In-Reply-To: <199408121246.IAA20422@pipe1.pipeline.com> Message-ID: <9408121304.AA00881@snark.imsi.com> John Young says: > The NY Times today reports on "the first retail transaction on > the Internet using a readily available version of powerful data > encryption software designed to guarantee privacy." It was the usual Times junk. It wasn't the first retail transaction by a long shot, and wasn't the first to use encryption by a long shot. Unfortunately, the Times gave this beat to Lewis and not to Markoff, and Lewis doesn't seem to think he has to "live" on the net and have a personal feel for it in order to report on it. I'm sure he's not a bad guy personally, but he's made a hash of almost every story he's covered (sigh). (The recent story on the size of the internet community was an especially bad one -- he didn't understand the distinctions being made between people behind firewalls and people not behind firewalls (I know of about 100,000 machines on wall street behind firewalls), and didn't understand, probably because he doesn't read the net too much, that there are fairly reliable statistics for Usenet readership.) Perry From jdd at aiki.demon.co.uk Fri Aug 12 06:30:45 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 12 Aug 94 06:30:45 PDT Subject: e$ Message-ID: <5442@aiki.demon.co.uk> In message <199408111921.MAA08505 at netcom7.netcom.com> Sheldon Glass writes: > | > Plonk. > | > | A reply showing true intelligence. > > I saw it differently. To me, the plonk was the sound of your wadded up > email hitting the bottom of the trash can. An entirely deserved > destination, in my opinion. If you really believe in the sanctity of > govenrment and in the intelligence and integrity of the government > employees, then you're so far out of phase that discussion is pointless. I believe that government employees are drawn from the general population and the distributions of their attributes are roughly the same as those of the general population. 'Sanctity of government' is not a phrase or concept that I introduced. > Government's fucked, as are it's employees. It's axiomatic. Fanaticism and other types of inflexibility and to be found among government employees, among the general population, and in fact among most groups of any size. -- Jim Dixon From jdd at aiki.demon.co.uk Fri Aug 12 06:31:02 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 12 Aug 94 06:31:02 PDT Subject: RemailerNet Message-ID: <5445@aiki.demon.co.uk> In message <199408120649.XAA07108 at ucsd.edu> Lance Cottrell writes: > >Actually, the odds are better than this, .8^5, about 0.33. You will be > >compromised "only" 1/3 of the time. > > > >But if you are sending regular messages to another party, then traffic > >analysis will quickly show that you are communicating, because even if > >the boys at Langley are really dumb, you won't make send more than > >two or three messages without having all the cherries lining up. > > > >You will be protected if you have encrypted your messages, but using > >a remailer network offers little additional protection. > > I am not sure I see why you think that the "cherries" will line up. Remember that the original assumption was that you were choosing five remailers at random, on each transmission. I argue against this strategy; I think that if you know someone is reliable you should stick with them. 80% of the remailers are compromised, so 2/3 of single messages get through OK, 45% of two message sequences, 30% of three message sequences, etc. If a population of users selects five remailers at random and sticks to their initial selection, 1/3 of the population will be compromised immediately. Langley will have to try harder to get the rest. -- Jim Dixon From jdd at aiki.demon.co.uk Fri Aug 12 06:48:52 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 12 Aug 94 06:48:52 PDT Subject: Are Remailers Liable for What They Remail? Message-ID: <5464@aiki.demon.co.uk> In message <199408111645.KAA07094 at suod.cs.colorado.edu> Patrick Juola writes: > > Perry sez: > UUNET, among others, considers itself to be a common carrier. > > My understanding is that, legally speaking, "considering [oneself] > to be a common carrier" amounts to exactly nil -- that it requires > a special act of some governing body to declare you to be a common > carrier. One might just as well consider oneself to be an > accredited diplomat and therefore to have diplomatic immunity. The area is a bit grey. Quoting from other correspondence: > Current case law, most notably Cubby vs. Compuserve, suggests > that a BBS can have either publisher or common-carrier status depending on > what content-control policies it implements. There is precedent for this in > other media; one important case involved fraud liability on an un-controlled > supermarket bulletin-board (the cork kind). No control, no liability (that > is, the cork-board was ruled to be a common carrier). The reply was: > I'd be very surprised if you put two attorneys in one room and they > agreed on to what extent common carrier protection applied to IP > providers. There just isn't enough legal precedence so it is an > still uncertain area. > We have two attorneys on staff and I've heard them talk about this in > the same room. ;-) -- Jim Dixon From perry at imsi.com Fri Aug 12 06:53:19 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 12 Aug 94 06:53:19 PDT Subject: plonk Message-ID: <9408121353.AA29447@webster.imsi.com> For the benefit of those who have asked me, "plonk" is an indicator that I've put someone on my "filter out from now on -- no point in reading" list. .pm From matsb at sos.sll.se Fri Aug 12 06:57:42 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Fri, 12 Aug 94 06:57:42 PDT Subject: Health Care Privacy Alert In-Reply-To: <199408121115.AA19389@panix.com> Message-ID: Duncan Frissell wrote: > There's no way you can have a government-directed, third-party-paid, health > care "system" without throwing privacy out the window. Bureaucracies *keep* > records, they don't destroy them. Yes, this is a lesson history tells us. But maybe, theoretically, strong crypto could make a change. Nested information with keys known only to parties with legitimate interest in a specific info layer and the master key only known to the patient and programs for self destruction (including backups) of data no longer needed. I repeat, theoretically that is. Mats From pfarrell at netcom.com Fri Aug 12 07:31:36 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Fri, 12 Aug 94 07:31:36 PDT Subject: Computer services NOT in DTB was: Are Remailers Liable for What They Remail? Message-ID: <37693.pfarrell@netcom.com> > Following up on myself... > I was looking thru the text of an early markup of the bill today, and it > includes information service providers. I'll go out to my car and get the > page and cite. I misread the wording of the bill. It carefully defines information service providers, and then many pages later says that they are not covered by the requirements of the bill. At least this is the text of the hardcopy that I have, and in the text files in the ftp.eff.org files. (The EFF files seem to be exactly what I have, except for formatting, etc.) Since it explicitly excludes information service firms, I expect that remailer operators are safe from this one. I appologise for any confusion I've caused. And I still think the bill is a crock. The bill has not been thru "markup" so the wordings, inclusions and exclusions may change. Some bills even go thru markup after they are voted on. This may be one of those, altho with the defeat of crime bill, the politicians are pretty busy today. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From talon57 at well.sf.ca.us Fri Aug 12 07:37:49 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Fri, 12 Aug 94 07:37:49 PDT Subject: EFF on why they did it. Message-ID: <199408121437.HAA14189@well.sf.ca.us> Leahy and Edwards introduce a narrow Digital Telephony bill with major new privacy protections ============================================================ Today Senator Patrick Leahy (D-VT) and Representative Don Edwards (D-CA) introduced their version of Digital Telephony legislation. Since 1992, the Electronic Frontier Foundation has been successful at stopping a series of FBI Digital Telephony proposals, which would have forced communications companies to install wiretap capability into every communications medium. However, earlier this year, Senator Leahy and Rep. Edwards, who have helped to quash previous FBI proposals, concluded that the passage of such a bill was inevitable this year. To head off passage of the FBI's bill, Leahy and Edwards stepped in to draft a narrow bill, and asked for EFF's help in the process. EFF remains deeply troubled by the prospect of the federal government forcing communications networks to be made "wiretap ready," but we believe that the legislation introduced today is substantially less intrusive that the original FBI proposals. Jerry Berman, EFF Policy Director said: "We have opposed digital telephony proposals for the past three years and still do not believe that such legislation is necessary." "Thanks to the work of Senator Leahy and Rep. Edwards and Senator Biden, however, the bill contains a number of significant privacy advances, including enhanced protection for the detailed transactional information records generated by online information services, email systems, and the Internet," Berman said. Many online communication and information systems create detailed records of users' communication activities as well as lists of the information that they have accessed. The new legal protection is critical in that it recognizes that this transactional information created by new digital communications systems is extremely sensitive and deserves a high degree of protection from casual law enforcement access which is currently possible without any independent judicial supervision. Under current law, the government can gain access to transactional records with a mere subpoena, which can be obtained without the intervention of a court. Under the new privacy protections in this bill, law enforcement would have to convince a court to issue an order based on a finding that there are "specific and articulable facts" which prove that the information sought would be relevant to an ongoing criminal investigation. "The fact that law enforcement has to take a case to court in order to get permission to access records is a major new privacy protection which will benefit all users of online communication systems," said Daniel Weitzner, EFF Deputy Policy Director. Another important privacy protection is that there is a cap on the amount of money that can be spent on surveillance technology in the first four years. The Attorney General is authorized to spend up to $500 million on reimbursement telecommunications carriers who retrofit their systems so as to come into compliance with the bill. So that this cap truly functions as a privacy protection, we believe that carriers should only be responsible for complying with the bill if the Attorney General actually pays for modifications. Government should get what it pays for, and no more. "Although we do not support the concept of digital telephony legislation, we believe that if Congress is to pass any version of the bill this year, it should be along the lines of the Leahy/Edwards version," said Berman. "The version crafted by Senator Leahy and Rep. Edwards," Berman explained, "is substantially better from a privacy, technology policy, and civil liberties standpoint than the draconian measures offered in the past by the Bush Administration." "As the bill works through the legislative process," Berman continued, "EFF will work to ensure that privacy and public process provisions are strengthened, and that the scope remains narrow -- continuing to exclude the Internet, electronic bulletin board systems, and online communications services such as America Online, Prodigy and Compuserve. Also, we note that the radio communication provisions have not yet been subject to public discussion, and hope that this will occur before the bill is considered by the full House and Senate." FOR MORE INFORMATION CONTACT: Jerry Berman Policy Director Daniel Weitzner Deputy Policy Director +1 202 347 5400 * * * * * * * * EFF Analysis of and comments on major provisions of the bill ============================================================ A. Key new privacy protections 1. Expanded protection for transactional records sought by law enforcement Senator Leahy and Rep. Edwards have agreed that law enforcement access to transactional records in online communication systems (everything from the Internet to AOL to hobbyist BBSs) threatens privacy rights because the records are personally identifiable, because they reveal the content of people's communications, and because the compilation of such records makes it easy for law enforcement to create a detailed picture of people's lives online. Based on this recognition, the draft bill contains the following provisions: i. Court order required for access to transactional records instead of mere subpoena In order to gain access to transactional records, such as a list of to whom a subject sent email, which online discussion group one subscribes to, or which movies you request on a pay-per view channel, law enforcement will have to prove to a court, by the showing of "specific and articulable facts" that the records requested are relevant to an ongoing criminal investigation. This means that the government may not request volumes of transactional records merely to see what it can find through traffic analysis. Rather, law enforcement will have to prove to a court that it has reason to believe that it will find some specific information that is relevant to an ongoing criminal investigation in the records that it requests. With these provisions, we have achieved for all online systems, a significantly greater level of protection than currently exists for telephone toll records. The lists of telephone calls that are kept by local and long distance phone companies are available to law enforcement without any judicial intervention at all. Law enforcement gains access to hundreds of thousands of such telephone records each year, without a warrant and without even notice to the citizens involved. Court order protection will make it much more difficult for law enforcement to go on "fishing expeditions" through online transactional records, hoping to find evidence of a crime by accident. ii. Standard of proof much greater than for telephone toll records, but below that for content The most important change that these new provisions offer, is that law enforcement will (a) have to convince a judge that there is reason to look at a particular set of records, and (b) have to expend the time and energy necessary to have a US Attorney or DA actually present a case before a court. However, the burden or proof to be met by the government in such a proceeding is lower than required for access to the content of a communication. 2. New protection for location-specific information available in cellular, PCS and other advanced networks Much of the electronic surveillance conducted by law enforcement today involves gathering telephone dialing information through a device known as a pen register. Authority to attach pen registers is obtained merely by asserting that the information would be relevant to a criminal investigation. Courts have no authority to deny pen register requests. This legislation offers significant new limits on the use of pen register data. Under this bill, when law enforcement seeks pen register information from a carrier, the carrier is forbidden to deliver to law enforcement any information which would disclose the location or movement of the calling or called party. Cellular phone networks, PCS systems, and so-called "follow-me" services all store location information in their networks. This new limitation is a major safeguard which will prevent law enforcement from casually using mobile and intelligent communications services as nation-wide tracking systems. i. New limitations on "pen register" authority Law enforcement must use "technology reasonably available" to limit pen registers to the collection of calling number information only. Currently, law enforcement is able to capture not only the telephone number dialed, but also any other touch-tone digits dialed which reflect the user's interaction with an automated information service on the other end of the line, such as an automatic banking system or a voice-mail password. 3. Bill does not preclude use of encryption Unlike previous Digital Telephony proposals, this bill places no obligation on telecommunication carriers to decipher encrypted messages, unless the carrier actually holds the key. 4. Automated remote monitoring precluded Law enforcement is specifically precluded from having automated, remote surveillance capability. Any electronic surveillance must be initiated by an employee of the telecommunications carrier. 5. Privacy considerations essential to development of new technology One of the requirements that telecommunications carriers must meet to be in compliance with the Act, is that the wiretap access methods adopted must protect the privacy and security of each user's communication. If this requirement is not met, anyone may petition the FCC to have the wiretap access service be modified so that network security is maintained. So, the technology used to conduct wiretaps cannot also jeopardize the security of the network as a whole. If network-wide security problems arise because of wiretapping standards, then the standards can be overturned. B. Draconian provisions softened In addition, the surveillance requirements imposed by the bill are not as far-reaching as the original FBI version. A number of procedural safeguards are added which seek to minimize the threatens to privacy, security, and innovation. Though the underlying premise of the Act is still cause for concern, these new limitations deserve attention: 1. Narrow Scope The bill explicitly excludes Internet providers, email systems, BBSs, and other online services. Unlike the bills previously proposed by the FBI, this bill is limited to local and long distance telephone companies, cellular and PCS providers, and other common carriers. 2. Open process with public right of intervention The public will have access to information about the implementation of the Act, including open access to all standards adopted in compliance with the Act, the details of how much wiretap capacity the government demands, and a detailed accounting of all federal money paid to carriers for modifications to their networks. Privacy groups, industry interests, and anyone else has a statutory right under this bill to challenge implementation steps taken by law enforcement if they threaten privacy or impede technology advancement. 3. Technical requirements standards developed by industry instead of the Attorney General All surveillance requirements are to be implemented according to standards developed by industry groups. The government is specifically precluded from forcing any particular technical standard, and all requirements are qualified by notions of economic and technical reasonableness. 4. Right to deploy untappable services Unlike the original FBI proposal, this bill recognizes that there may be services which are untappable, even with Herculean effort to accommodate surveillance needs. In provisions that still require some strengthening, the bill allows untappable services to be deployed if redesign is not economically or technically feasible. C. Provisions that must be changed EFF plans to work on the following issues in the bill as the legislative process continues: 1. Strengthened public process In the first four years of the bill's implementation, most of the requests that law enforcement makes to carriers are required to be recorded in the public record. However, additional demands for compliance after that time are only required to be made by written notice to the carrier. All compliance requirements, whether initial requests or subsequent modification, must be recorded in the Federal Register after public hearings, to allow for public scrutiny. 2. Linkage of cost to compliance requirements -- the FBI gets what it pays for and no more The bill authorizes, but does not appropriate, $500 million to be spent by the government in reimbursing telecommunications carriers for bringing their networks into compliance with the bill. The FBI maintains that this is enough money to cover all reasonable expenses. The industry, however, has consistently maintained that the costs are five to ten times higher. Given the FBI's confidence in their cost estimate, we believe that telecommunications carriers should only be required to comply to the extent that they have been reimbursed. This spending cap is both a safeguard against requiring unnecessary surveillance technology, and a way to guarantee that carriers' expenses for electronic surveillance are truly paid for by the government, not by the customers. 3. Ensure right to deploy untappable services The enforcement provisions of the bill suggest, but do not state explicitly, that services which are untappable may be deployed. The bill should be state directly that if it is technically and economically unreasonable to make a service tappable, then it may be deployed, without interference by a court. 4. Clarify definition of call identifying information The definition of call identifying information in the bill is too broad. Whether intentionally or not, the term now covers network signaling information of networks which are beyond the scope of the bill. To maintain the narrow scope of the bill, this definition should be clarified. 5. Review of minimization requirements in view of commingled communications The bill implicitly contemplates that law enforcement, in some cases, will intercept large bundles of communications, some of which are from subscribers who are not subject of wiretap orders. For example, when tapping a single individual whose calls are handled by a PBX, law enforcement may sweep in calls of other individuals as well. Currently the Supreme Court requires "minimization" procedures in all wiretaps, to minimize the intrusion on the privacy of conversations not covered by a court's wiretap order. We believe that the bill should reinforce the current minimization requirements by recognizing that stronger minimization procedures may be required. * * * Locating Relevant Documents =========================== ** Original 1992 Bush-era draft ** ftp.eff.org, /pub/EFF/Policy/FBI/Old/digtel92_old_bill.draft gopher.eff.org, 1/EFF/Policy/FBI/Old, digtel92_old_bill.draft http://www.eff.org/pub/EFF/Policy/FBI/Old/digtel92_old_bill.draft bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital Telephony; file: digtel92.old ** 1993/1994 Clinton-era draft ** ftp.eff.org, /pub/EFF/Policy/FBI/digtel94_bill.draft gopher.eff.org, 1/EFF/Policy/FBI, digtel94_bill.draft http://www.eff.org/pub/EFF/Policy/FBI/digtel94_bill.draft bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital Telephony; file: digtel94.dft ** 1994 final draft, as sponsored ** ftp.eff.org, /pub/EFF/Policy/FBI/digtel94.bill gopher.eff.org, 1/EFF/Policy/FBI, digtel94.bill http://www.eff.org/pub/EFF/Policy/FBI/digtel94.bill bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital Telephony; file: digtel94.bil ** EFF Analysis of sponsored version ** ftp.eff.org, /pub/EFF/Policy/FBI/digtel94_analysis.eff gopher.eff.org, 1/EFF/Policy/FBI, digtel94_analysis.eff http://www.eff.org/pub/EFF/Policy/FBI/digtel94_analysis.eff bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital Telephony; file: digtel94.ana Personnally this makes me want to puke...... No Compromise!!!! From jya at pipeline.com Fri Aug 12 07:46:35 1994 From: jya at pipeline.com (John Young) Date: Fri, 12 Aug 94 07:46:35 PDT Subject: Crime Bill FAILED, so too DTA? Message-ID: <199408121446.KAA07375@pipe1.pipeline.com> Pat Farrell says: >At the same time Digital >Telephony looks like a lock to pass. Maybe not. NY Times reports today that industry tells Congress that cost will be far greater than FBI says, and that big subsidies will be needed. Quote: The FBI Director, Louis J. Freeh, agreed that it would be "very, very difficult" to estimate costs. "But I certainly know what the cost of not proceeding will be in terms of crime and destruction," he added. End quote. Cost could be the Achilles heel of the bill. Taxpayers arise, sayeth T. May; and cypherpunks write good goad. John From lstanton at sten.lehman.com Fri Aug 12 07:59:28 1994 From: lstanton at sten.lehman.com (Linn Stanton) Date: Fri, 12 Aug 94 07:59:28 PDT Subject: Crime Bill FAILED to pass In-Reply-To: <1711.pfarrell@netcom.com> Message-ID: <9408121501.AA23345@sten.lehman.com> In message <1711.pfarrell at netcom.com> Pat Farrel writes: > jim at bilbo.suite.com (Jim Miller) writes: > > Hurray!!! > > Yes, that is good news. And at the same time Digital Telophony looks like > a lock to pass. > > Bummer. Only to be expected. Even congress can figure out that information is more subversive than weaponry. From frissell at panix.com Fri Aug 12 08:11:46 1994 From: frissell at panix.com (Duncan Frissell) Date: Fri, 12 Aug 94 08:11:46 PDT Subject: Suggested Book Message-ID: <199408121510.AA01131@panix.com> There was a discussion a while ago on books for cypherpunks. A very good fictional discussion of the issues that motivate us in a non-crypto context can be found in Poul Anderson's book "Shield." It is the story of an explorer who returns from Mars with the technology for a (semi-impenetrable) personal force field. The story is relevant because the current FBI briefing book on how to pitch the Digital Telephony Initiative to the press emphasizes the "what if your daughter's kidnappers had a wall or a shield that couldn't be broken, you'd demand that we be able to break it, wouldn't you?" argument. Easy enough to answer with "if my daughter had a wall or shield that couldn't be broken, she couldn't be kidnapped in the first place" reply. The "force field" is a fair analogy to crypto since, as Tim May, has argued, the energy cost necessary to break strong cypto is the equivalent of a journey to the end of the universe and back (or whatever). "Shield" displays the attitudinal differences between control freaks and libertarians (like Poul Anderson) quite well. Impenetrable shields scare control freaks and give hope to believers in personal autonomy. Also, the climax of "Shield" includes a decades-old version of the technique that some members of cypherpunks have used to solve secrecy problems -- uploading the "secret" document to the nets to forestall censorship. Recommended. DCF "Who for decades hoped for the two inventions that would bring about a de facto free society without having to change anybody's politics -- a force field or a $5 a pound orbital launch system -- but who never predicted the direction from which Liberation Technology would sneak up on him." "Hmmm.. 'Liberation Technology' there's a book title in there or is it too close to 'Liberation Management?" From solman at MIT.EDU Fri Aug 12 09:29:37 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Fri, 12 Aug 94 09:29:37 PDT Subject: e$ & Reporting Cash Trans In-Reply-To: <9408120335.AA11574@fnord.lehman.com> Message-ID: <9408121629.AA19375@ua.MIT.EDU> > From: binski at u.washington.edu > Date: Thu, 11 Aug 1994 16:28:56 -0700 (PDT) > > I think it was a high-level court ruling that essentially said > it's perfectly ok to intentionally structure cash transfers to > avoid the $10,000 reporting requirement. That's all I recall. > > No. What was at issue was whether the prosecution was required and/or > able to demonstrate the defendant's intent to circumvent the reporting > requirements. If the defendant had admitted such an intent, there > would not have been a case. Of course this means that if you split e-cash transfers into small amounts to avoid any security problems that could otherwise affect the entire transfer, you are in the clear. While the logic of this decision is debatable, it should certainly be sufficient to win in court. Especially if it is built into the software as a feature. JWS From pfarrell at netcom.com Fri Aug 12 09:30:38 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Fri, 12 Aug 94 09:30:38 PDT Subject: DTB a lock RE: EFF sells out Message-ID: <44826.pfarrell@netcom.com> The EFF's justification/analyis of DTB says: > Today Senator Patrick Leahy (D-VT) and Representative Don Edwards > (D-CA) introduced their version of Digital Telephony legislation. > Since 1992, the Electronic Frontier Foundation has been successful > at stopping a series of FBI Digital Telephony proposals, which > would have forced communications companies to install wiretap > capability into every communications medium. However, earlier this > year, Senator Leahy and Rep. Edwards, who have helped to quash > previous FBI proposals, concluded that the passage of such a bill > was inevitable this year. To head off passage of the FBI's bill, > Leahy and Edwards stepped in to draft a narrow bill, and asked for > EFF's help in the process. EFF remains deeply troubled by the > prospect of the federal government forcing communications networks > to be made "wiretap ready," but we believe that the legislation > introduced today is substantially less intrusive that the original > FBI proposals. > > "Although we do not support the concept of digital telephony > legislation, we believe that if Congress is to pass any version of > the bill this year, it should be along the lines of the > Leahy/Edwards version," said Berman. On the Hill yesterday, Don Edwards (D-CA) and house side sponsor of the bill said that without Jerry's help, there would be no bill. (Someone at EPIC or EFF should have the exact quote wording, but I've got the meaning here.) If they are against it, why are they crafting and creating it? But this is straying from the creed. I'm off to try Phil's DES code under MS's 32 bit C++ compiler. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From jim at bilbo.suite.com Fri Aug 12 09:31:38 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Fri, 12 Aug 94 09:31:38 PDT Subject: EFF on why they did it. Message-ID: <9408121631.AA02707@bilbo.suite.com> > This spending cap is...a way to guarantee that carriers' > expenses for electronic surveillance are truly paid for > by the government, not by the customers. > Paid for "by the government"?!! And just where does the EFF think the government gets its money? Are there any taxpayers out there who don't use the phone systems? Looks like they're are going to get a big bill from the government in the next few years. I can't belive the EFF is actually using this as a pro argument. I can't believe the EFF is supporting the Wiretap bill. The EFF is not getting any more money from me. Jim_Miller at suite.com From VACCINIA at UNCVX1.OIT.UNC.EDU Fri Aug 12 10:26:22 1994 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Fri, 12 Aug 94 10:26:22 PDT Subject: Mail-Future Free Remailers Message-ID: <01HFTNFVL4PE003NM3@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- Karl writes: >> People often like to postulate on the list that eventually there >> won't be any more of these philantropic free remailers, and people >> will be charging small amounts for every remailed message, to make >> some money off it. >> I've thought of a pretty good reason why this might not ever happen. >> [...] one's primary reason might be to ensure oneself anonymity. >Interesting point... I guess that is a good reason why free anonymous >remailers might not ever die out, but pay remailers may be able to >offer enhanced features and services that would tend to attract the >vast majority of customers (assuming such a service would be >considered as valuable by enough people ;) In actuality having only purely commercial remailers in a chain would likely lead to security concerns of the following nature. When remailers end up requiring postage, people will tend to use the cheapest remailers to cut down on costs. Who will be in a position to offer the cheapest rates under a commercial proposition? Someone who has deep pockets, perhaps? An entity that really doesn't rely on profit to stay in business? Our own governmental TLA's could attract much remailer traffic by offering unbeatable prices (with our own taxes), even a modest price edge skews traffic in their favor. This speaks highly for the "every man a remailer" concept. If you know people who run remailers and trust that they are not compromised, a mix of commercial and philanthropic remailers may actually be the most secure chain of remailers to use. One could then safely use the price edge of the commercial remailers and the advanced features they offer and at the same time thwart the TLA planted remailers attempts to trace traffic (at least ideally). This could be done by inserting personally trusted philanthropic remailers into the chain in strategic places. Hal has been mentioning such strategic placement of remailers which is very interesting indeed. Since I leave for Honduras tommorrow I must soon unsubscribe until the 23rd so that I don't usurp all available disk space on our system with cpunks mail while I'm gone. All the organized mayhem on the list will be missed (but I'm not giving up diving in Roaton for it!) see you guys later. Vaccinia at uncvx1.oit.unc.edu -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkkMAz2paOMjHHAhAQFMFQP/er5g6MCw74epniILFOLR2U8TkzDtRDJB KeZU4ghq+FxZVLjOrFUS6ofDAddwnLE4fPG6cFX3L5vRFowh8p+UzbjVNL/uS2Zv Ac5BtIEylRC0kPMwFxc+SiiijJq1qfmdz/RiCE7yD4Vp6pv4Kqps40JmSy1HDC3B 3HvgSqCKu90= =SKvc -----END PGP SIGNATURE----- From tcmay at netcom.com Fri Aug 12 10:40:34 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 12 Aug 94 10:40:34 PDT Subject: Why Cash is So Important (was: National Health Care) In-Reply-To: Message-ID: <199408121740.KAA01304@netcom5.netcom.com> Mats Bergstrom writes: > > Duncan Frissell wrote: > > > There's no way you can have a government-directed, third-party-paid, health > > care "system" without throwing privacy out the window. Bureaucracies *keep* > > records, they don't destroy them. > > Yes, this is a lesson history tells us. But maybe, theoretically, strong > crypto could make a change. Nested information with keys known only to > parties with legitimate interest in a specific info layer and the master > key only known to the patient and programs for self destruction (including > backups) of data no longer needed. I repeat, theoretically that is. The simplest solution is *cash*. It's worth taking a minute to see why cash is so important in this context, and why accounting-based systems that compile records are inherently insecure. The beauty of a cash transaction, throughout history, is *immediate settelement*. Parties have to examine a deal, look for flaws, and then make a judgement about whether to complete the deal. Once completed, it's hard to change one's mind, go back on the deal, complain, etc. This enforces a kind of due diligence. Cash on the barrelhead, as they say. Non-cash systems are of course sometimes desirable: credit cards, insurance schemes, contractual relationships, leases, etc. All kinds of variants. However, these contractual relationships involved *time extent*, that is, they are not settled immediately, on the spot. This has many potentially negative effects: - confusion of time...people evolve different expectations of a contract, causing disputes - people often fail to do the due diligence of a cash transaction (for example, the very same people who are good at haggling at a flea market, and understand "caveat emptor" implicitly, will bitch and moan and complain about contracts...seeking more, changes, adjustments, etc.--an interesting contrast). - temporal extent implies record-keeping, such as insurance records, hospital visits, etc. This is automatically a potential privacy concern. (And when the contract is more than just patient-doctor, but involves other payers, the records-keeping mushrooms. When the government is the ultimate payer, through mandatory plans, they'll have the records. No amount of crypto can possibly change that.) - efficiency. Parties in cash transactions get what they paid for, else they wouldn't have made the transaction. - fraud. While cash transactions can have fraud (con jobs, fake merchandise, etc.), the opportunities for fraud increase dramatically with non-cash systems. When others are paying, such as for health care, the temptation to participate in frauds is higher. (When a patient pays cash, no problem. When a central service is used, opportunities for fraud increase. Doctors with ghost patients, kickbacks, etc. Any central-payment system must then have records and investigations at that central point. Hence, a central bureaucracy. Hence, a loss of privacy at that level.) And so on. My point is mostly that cash has certain elegant properties which are lost when replaced with a central accounting scheme. "Locality of reference" is the computer-related equivalent. Why should this matter to Cypherpunks, if you've read this far? (By the way, yes, Hal, I *did* read to your "Has anyone read this far?" question a few days ago.) Systems which preserve this cash/locality of reference feature, such as digital cash, digital postage, and the "Digital Silk Road" proposal of Hardy and Tribble, have likely advantages over centralized, record-oriented systems. You all know that digital cash is important. This is why the National Health Care Plan is a bad idea, will destroy privacy, and basically can't be fixed by band-aids that allegedly protect patient records. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Fri Aug 12 11:03:49 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 12 Aug 94 11:03:49 PDT Subject: "Fortress Crypto" (was: Suggested Book) In-Reply-To: <199408121510.AA01131@panix.com> Message-ID: <199408121803.LAA03697@netcom5.netcom.com> Duncan Frissell writes: > There was a discussion a while ago on books for cypherpunks. A very good > fictional discussion of the issues that motivate us in a non-crypto context > can be found in Poul Anderson's book "Shield." > > It is the story of an explorer who returns from Mars with the technology for > a (semi-impenetrable) personal force field. > > The story is relevant because the current FBI briefing book on how to pitch > the Digital Telephony Initiative to the press emphasizes the "what if your > daughter's kidnappers had a wall or a shield that couldn't be broken, you'd > demand that we be able to break it, wouldn't you?" argument. These are related. Law enforcement is already referring to unbreakable crypto as "fortress crypto" and is trying to scare the public into banning strong crypto by invoking the Four Horsemen of the Infocalypse: terrorism, pedophilia, money laundering, and drug dealing. The comments of Donn Parker along these lines are especially chilling. > The "force field" is a fair analogy to crypto since, as Tim May, has > argued, the energy cost necessary to break strong cypto is the equivalent of > a journey to the end of the universe and back (or whatever). Indeed, this is what has excited me for so long about strong crypto. I certainly knew about the public-key work, and I met Diffie and Hellman many years ago. But it was not until late 1987-early 1988 that I put it all together and realized what all this stuff meant for personal liberty and the eventual undermining of states. "Crypto anarchy" was born in the spring of 1988. (As I've said before, I approached David Chaum at the 1988 Crypto Conference in Santa Barbara and told him about my ideas on remailer networks, on how a "Labyrinth" of anonymous remailers could ensure electronic mail transmission that was not traceable and not regulatable, that cyberspatial economies could then evolve, independent of states. Chaum looked at me, nodded with bemusement, and pointed out that his 1981 paper had anticipated and examined these points! I was both pleased and chagrinned. Pleased that I had duplicated Chaum's "mix" idea, though not in the same cryptographic detail Chaum used, and chagrinned that it was not my invention. > "Shield" displays the attitudinal differences between control freaks and > libertarians (like Poul Anderson) quite well. Impenetrable shields scare > control freaks and give hope to believers in personal autonomy. > > Also, the climax of "Shield" includes a decades-old version of the technique > that some members of cypherpunks have used to solve secrecy problems -- > uploading the "secret" document to the nets to forestall censorship. I'd forgotten this point...it's been 22 years since I read "Shield." Have to find a copy and read it again. > "Who for decades hoped for the two inventions that would bring about a de > facto free society without having to change anybody's politics -- a force > field or a $5 a pound orbital launch system -- but who never predicted the > direction from which Liberation Technology would sneak up on him." Yes, crypto technology makes for the equivalent of Anderson's "shields," of Vernor Vinge's "bobbles." (in "Peace War" and "Marooned in Realtime") More energy needed to penetrate these crypto bobbles than exists in the universe. [This is the point where believers in reversible computation usually step in and explain that reversible nanocomputers--or the legendary "quantum computers"--can overcome this energy limit. I remaine skeptical, but if they've read this far and wish to comment, go right ahead.] The important point is that crypto technology offers a *technological means* to ensure personal liberty and a lessening of collectivist power, much as the *technology* of printing nuked the power of medieval guilds and ushered in the modern information age. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jazz at hal.com Fri Aug 12 11:15:46 1994 From: jazz at hal.com (Jason Zions) Date: Fri, 12 Aug 94 11:15:46 PDT Subject: Problem in draft FIPS `CRYPTOGRAPHIC SERVICE CALLS' Message-ID: <9408121815.AA23295@jazz.hal.com> -----BEGIN PGP SIGNED MESSAGE----- In article <3287ki$5aq at news.hal.COM> p.v.mcmahon.rea0803 at oasis.icl.co.uk writes: 2. NIST have proposed the draft FIPS to a number of standards development organisations - including X/Open and POSIX' I can personally guarantee that NIST has *not* proposed their draft FIPS to POSIX. I've attended every POSIX meeting since mid-'88; I chair the PASC management subcommittee which sees every proposal for new work. What probably *did* happen was that the POSIX working group developing a security framework received a copy of the draft FIPS to use in their work. This committee isn't producing APIs of any sort, nor is it producing a standard; their document is classed as a Guide, not a Standard. I can also state that PASC (the sponsoring body for POSIX) has created a Study Group on encryption APIs; the announcement is attached below. I am also the official contact for the study group. Jason Zions Chair, IEEE 1003.8 POSIX Transparent File Access Convenor, PASC Encryption Services API Study Group IEEE PASC Study group on encryption interfaces and system services The PASC (Portable Applications Standards Committee) group will be hosting a study group on API's for Encryption services as an extension to the POSIX standards. The meetings on this will be held at the Sea-Tac Red Lion Inn, Seattle, WA, Oct. 17th and 18th in conjunction with the quarterly PASC meetings. There is a meeting fee of $100/day or $350 for the week that includes lunches. The contact for this work is Jason Zions who can be reached at: jazz at hal.com. A general meeting announcement is available on request from NAPS International who can be reached at ++(612) 888-0074 or tc at bungia.mn.org The study group will investigate the feasibility of developing IEEE and ISO standards for both command line and application program interfaces to encryption services. Encryption services are expected to include basic encryption, public/private key encryption, digital signatures and digital cash. The PASC study group would like to invite broad participation from interested parties consisting of private individuals, industry, government, users and producers. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLku7Sh9D05Qo3c9BAQE4hwP/dRlqYGFCkZAfVeeWn0iROMIQIeISOnAS PjWohoAPtcDtF7ZJXIhLw2uavUdOXHNkKL0mu/sy+GzPIubDh+LDKOGd2u52mxTb Sr0wSPLdEL8JTtacKJD7mt4YxEnN9MN8xhgMQiERdi6uAhffIJ2V88Q19vaOrPoO YpxDqKjMKKE= =38Ct -----END PGP SIGNATURE----- (Phone calls only for verifying PGP key: 512-834-9962 x5316) From tcmay at netcom.com Fri Aug 12 11:24:21 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 12 Aug 94 11:24:21 PDT Subject: Profiting from the Wiretap Bill In-Reply-To: <9408121631.AA02707@bilbo.suite.com> Message-ID: <199408121824.LAA06502@netcom5.netcom.com> > > This spending cap is...a way to guarantee that carriers' > > expenses for electronic surveillance are truly paid for > > by the government, not by the customers. > > > > Paid for "by the government"?!! And just where does the EFF think the > government gets its money? Are there any taxpayers out there who don't > use the phone systems? Looks like they're are going to get a big bill > from the government in the next few years. > > I can't belive the EFF is actually using this as a pro argument. I can't > believe the EFF is supporting the Wiretap bill. The EFF is not getting > any more money from me. Nor from me. They've sold out. The NRA took a "no compromises" stance, and just helped to defeat the terrible Crime Bill. EFF has learned yet that you can't compromise with the Beast...it's always hungry. But this is not my point here. Rather, I have somde idea on using the "government will pay for retrofitting" clause to make the whole thing into a charade. The idea is to build systems which clearly fall under the provisions of the EFF's Wiretap Bill, but which are designed so as to require a special gadget to make them tappable....a gadget only for sale from May Enterprises, or Frissell Incorporated or Toal Ltd. And for a "very reasonable" price of only, say, $250,000. If the Feds refuse to pay, or demand a lower price for the gadget, all sorts of repercussions will follow. I'm only partly joking here, as I think the "$500 million" (or was it billion?) set aside--supposedly--to pay for upgrades to make systems easily wiretappable will vanish into hundreds of scams like this. The scams will be better disguised than mine, but the effect will be the same. Here's a piece I wrote for comp.org.eff.talk on this plan: Newsgroups: comp.org.eff.talk From: tcmay at netcom.com (Timothy C. May) Subject: Profiting from the Wiretap Bill Message-ID: Date: Thu, 11 Aug 1994 06:13:10 GMT So the Feds will pay us to make our switching systems wire-tappable? Hmmmhhh... Well, the switching system I'm now using in un-tappable unless a special gadget is added, a gadget only available from May Enterprises, my other company, for a mere $250,000 in quantities of one. If the Wiretap Bill becomes law, and they want my switch made tappable, and they'll pay to make it tappable, I'll be very happy to "order" one of these special gadgets from May Enterprises. (Of course, then I'll shut down the tappable system and build another one...) It's pretty clear that this idea about the Feds _paying for_ the wire tap upgrades (Fedgrades?) just won't fly. They may pay for their favored suppliers, the MCIs and AT&Ts, but not for folks like us. And as others have noted, we'll be building alternatives that make the Wiretap Bill pointless. (More than a year ago we ran a DES-encrypted conference linkup between Cypherpunks meetings in Silicon Valley, Boston, and Washington...all over the Internet! VoicePGP is coming, fast. What will the Feds do with schemes like these?) (If they claim our encrypted link has to be made tappable, there's that special $250,000 gadget I was telling you about....) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Fri Aug 12 11:44:43 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 12 Aug 94 11:44:43 PDT Subject: Mail-Future Free Remailers In-Reply-To: <01HFTNFVL4PE003NM3@UNCVX1.OIT.UNC.EDU> Message-ID: <199408121843.LAA08809@netcom5.netcom.com> > while I'm gone. All the organized mayhem on the list will be missed (but I'm > not giving up diving in Roaton for it!) see you guys later. > > Vaccinia at uncvx1.oit.unc.edu "Gone to Roaton," eh? A nicely Cypherpunkish ring to that phrase, reminiscent of the cryptic "Gone to Croatan" message that was all that was left of the vanished first English colony in the New World. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Fri Aug 12 12:56:17 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 12 Aug 94 12:56:17 PDT Subject: Wiretap Bill is just the beginning... Message-ID: <199408121956.MAA01058@netcom14.netcom.com> An interesting message from Brock Meeks, citing FBI Director Louis Freeh's admission that the government may not be content with the Wiretap Bill as written. We all knew this. I hope the collaborators at EFF wake up. --Tim From: brock at well.sf.ca.us (Brock N. Meeks) Newsgroups: alt.activism.d,alt.politics.datahighway,alt.privacy,alt.society.resistance,comp.org.eff.talk Subject: Re: EFF Statement on Leahy/Edwards Digital Telephony Bill Date: 12 Aug 1994 05:38:03 -0500 Organization: UTexas Mail-to-News Gateway Lines: 23 Sender: nobody at cs.utexas.edu Distribution: inet Message-ID: References: <9407117766.AA776643994 at ccgate.infoworld.com> NNTP-Posting-Host: news.cs.utexas.edu On Thu, 11 Aug 1994, Brett Glass wrote: > > There is a real danger that ANY > concession the EFF makes will be leveraged by the spooks -- who do not > appear to care a whit about 4th Amendment rights or personal privacy -- to > further undermine our rights in the future. No bill without incredibly > strong firewalls against future erosions of civil rights should have ANY > support from the EFF. During hearings on this bill yesterday (thurs.), FBI Director Freeh was asked if, at some point, he thought that the FBI would try to extend the coverage of this bill because, as Freeh admitted, "some criminals aren't going to be caught" because they will use communications systems not covered under this bill Freeh said "it's possible" that the FBI would seek an expanded scope. It's clear the FBI isn't thinking of this bill as an end point, it's just the start for them. Brock Meeks CyberWire Dispatch From claborne at microcosm.sandiegoca.NCR.COM Fri Aug 12 14:00:57 1994 From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris) Date: Fri, 12 Aug 94 14:00:57 PDT Subject: Gaining ISDN Privacy with data encryption Message-ID: <2E4BB81B@microcosm.SanDiegoCA.NCR.COM> I have the following article on my PC (someone typed it in and sent it to me). Do the cypherpunks want me to post? It's one type-set page worth. Communications News - August 1994 Gaining ISDN Privacy with data encryption by Kevin Tanzillo ... __o .. -\<, chris.claborne at sandiegoca.ncr.com ...(*)/(*). CI$: 76340.2422 PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA Avail on Pub Key server. From claudel at netcom.com Fri Aug 12 14:57:13 1994 From: claudel at netcom.com (Claude V. Lucas) Date: Fri, 12 Aug 94 14:57:13 PDT Subject: Bug in PgP2.6??? Message-ID: <199408122157.OAA10363@netcom8.netcom.com> C'punks: a friend of mine forwarded this to me to post with the following question: Should this bug preclude the use of the MIT PgP2.6 executable as distributed? As I personally am more of a tool-user than a tool builder I defer to the more knowlegeable... thanks in advance claude ############################################################### begin forwarded post ======================================================================== Date: 06-01-94 06:06 = Message #: 10210 NITELOG From: Colin Plumb Status: PUBLIC To: ALL Ref #: 0 Subject: I screwed up - PGP bug Conf: AltSecurePGP |29 (2042) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @FROM :colin at nyx.cs.du.edu Message-ID: <2si4kp$sjg at nyx.cs.du.edu> Newsgroups: alt.security.pgp,talk.politics.crypto,sci.crypt Organization: /usr/lib/news/organi[sz]ation -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.5 mQCNAi3L864AAAEEAKRe8j9QUqL4PDQSsliTKQ0yTkdLL8BFBm7c03RC9Ol5PP9K j/RtnsdxFMTtW7wkMwTpY1jF23HR+x54LrOpi8ig6HEmiXVVWuNByRjSMgz8jvrn MM0/tIOCPAgNMxiANUWqretPEWCZE9sLbylkJrrOd54ZKyXBTw/D7AL7u4qxAAUR tCFDb2xpbiBQbHVtYiA8Y29saW5Abnl4LmNzLmR1LmVkdT6JAJUCBRAtyxCUZXmE uMepZt0BAeiyA/4tNXz6loqEwyMv65TMGtqxTlT5ocGNzyE8mkZXvbmoS0m7sdsd aVBvHfK8lrkQz/anrzAHJMBOaZ0V6T7aCLAK6GnjHoeanP8ZyhaXpc2e7EVut4Zi hCpmq45uiA/1diwLXhC8OoHwKqZDT+uNnJLLdlAzrJiOaELAzXXeOvtMXokAYAIF EC3L/BnKPaH9hlqn8wEBXWgCWMgIh8Lsww5pFHRFbAe2HehjGIiOmQ+ZcnL3pOhw tLdoGm6lqWZ4njDSTULxDpKUtbe4pWNv6Go13t9p+1GmTh+RrnGoq6rs3Mlg+IkA lQIFEC3L+zgPw+wC+7uKsQEBDZkEAJYkHK5n02GXLwEEgFKpxQvWLqI2xz33rPDa 0eT6+RYMDcr/1vzTqX7CwNpCuTaFTVNRbRznvwNTDcQXVsnyPg5yGdRIIMPnWuGf gSEP7vjm8zzvfdh5te4ag6jobCN1PVyqIIxIV5S8iPv632gm4vQboJiQ+4+53qoS WJ6BNDq9 =Wjfi -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNED MESSAGE----- I have the unpleasant task of reporting a significant bug in PGP's random number generation (for making primes), and that it's my fault. It *is* a significant problem, although it is *not* end-of-the-world severity. That is, the code is not doing performing as intended, and the results aren't as random as intended. On the other hand, this does not appear to make any generated keys easier to break. Because it has to do with random-number generation, there are no interoperability issues raised. Please read on for details. Thanks to the many people who have submitted other bug reports and porting patches. A new release from MIT is forthcoming with more cleanups. * The Bug In pgp 2.6 (and 2.5), there is a file named "randpool.c", which accumulates entropy from keyboard timings. These random numbers are used in generating session keys, although the primary random number generator for session keys, based on IDEA, is unaffected. The main use of these random numbers is the much more sensitive task of generating RSA secret keys. In that file, a tiny helper function is xorbytes: static void xorbytes(byte *dest, byte const *src, unsigned len) { while (len--) *dest++ = *src++; } A character is missing. '^', to be precise. That "=" should be "^=". I wrote it, and I knew when I was writing it that it was critical code. Since you can't test a random-number generator (except for the most trivial of flaws), you have to walk through the code very carefully. I did, or thought I did, yet still managed to miss this. Oops is too mild. That code is not supposed to have ANY bugs. In other words, I screwed up. There's a lesson in there somewhere. I'll try to learn it. * The Effect The randpool.c code works by maintaining a pool (buffer) of random bits and adding in new "noise" from the environment each time a key is pressed. This "adding" is done by exclusive-oring it with successive bytes from the existing pool. When the pool is "full", a cryptographic stirring operation is performed to mix all the information in the pool together and get ready for new noise. The bytes in the pool at the end are intended to be uncorrelated with the noise bytes that will be added, so the XOR adding does not cause any sort of "cancellation" of information. This stirring is done with a key, which is taken from the pool at the end of each pass. With the bug in place, the noise bytes *replace* the bytes in the pool rather than being added to them. So the information that was in the pool is obliterated. The only trace that remains is what's stored in the key. This is at most the size of the key, 512 bits, rather than the size of the whole pool, 3072 bits. PGP tries to ensure that generated RSA keys are completely unpredictable by accumulating enough Shannon information to make the whole key. Thus, infinite computational power would not let you predict a generated secret RSA key. This bug subverts that. * Security Analysis What effect does this have on someone's chances of breaking an RSA secret key generated with PGP 2.6? Not much, as far as I can tell. But it requires more careful thought and that eats into the comfort margin that should be there. Just for comparison, the RSAREF library's random number generation routines are also based on MD5, but use 16 bytes of seed. Successive random bytes are taken by computing the MD5 hash of the 16-byte seed, using those 16 bytes, incrementing the seed by 1 (taken as a 128-bit number), and repeating. Taking the MD5 of a 16-byte value involves one pass of the MD5Transform function, with 16 of the 64 key bytes unknown, 48 bytes are known (fixed, in fact), and the input hash is known (fixed, in fact). Compared to this, PGP 2.6, even with the bug, is excellent. All 64 bytes of key to MD5Transform are dependent on all of the seed, the input hash varies widely, and the output is XORed with some difficult-to-predict data. The reason that you can get away with less than perfect random numbers (less Shannon information than the size of the generated key) is that you only have to make sure that the weakness does not make any attack easier than the best known attack without the weakness. As long as guessing is only useful to a brute-force attack, it remains far easier to factor. Paul Leyland estimated that the work to try all possible 128-bit IDEA keys is equivalent to factoring a 3100-bit RSA key. Now, recent work by Arjen Lenstra on the number field sieve (Paul Leyland was assuming the MPQS used in RSA-129) has raised this RSA key length somewhat. Thus, an argument can be made in favour of RSAREF's use of a 128-bit random number seed, since that's all that is necessary. PGP prefers to be a little bit more paranoid. Still, once you have 512 bits of uncertainty, trying all possibilities is more work than trying to break a 1024-bit RSA key by trial division. So let's see just how much entropy is in there. Each keystroke, the following data is added to the random pool: - - The cahracter typed, an int (2 or 4 bytes) - - the time_t result of time() (4 bytes) - - the clock_t result of clock() (4 bytes) - - On MS-DOS, 2 bytes of hardware timer 0 - - On Unix, 8 bytes of gettimeofday() and 20 bytes of times() results - - On VMS, 8 bytes of high-resolution timer. The total is 12 bytes on MS-DOS, 32 bytes on Unix (this may vary, but that's very common), and 20 bytes on VMS. The information content of the bytes is taken at a maximum of 8 bits, although it's actually closer to 15 bits on MS-DOS, and less (maybe as low as 1 or 2) on a Unix system with a fast typist and a slow (60 Hz) clock. VMS is in between. This means that the entropy density in the added bytes varies from 1/12 (or better) in MS-DOS to 1/256 on Unix. Thus, the content of a pool's worth (3072 bits) is 256 bits (or more) under MS-DOS and may be as low as 12 bits on some flavours of Unix. The random number accumulation operation adds bytes to the pool until it is either full or the desired number of bits have been accumulated. Then it stors the pool. For a maximum-sized key (1024 bits), it will take many passes through the pool to accumulate the entropy, but owing to the bug, each time the pool is overwritten with the most recently collected data. The only entropy that remains from the previous pass is in the 512-bit key buffer. This applies to every stirring pass until the last, after the last noise data has been added and new data is about to be withdrawn from the pool. This last pass is very likely to be incomplete; some of the data at the tail of the pool is probably not overwritten. This can carry over extra entropy from the previous pass. No more than is there (the 12 to 256 bit range observed before), and then you have to add an unknown fraction of that for data that has been added in the current pass, but the total will vary from 12 bits (an average of 18) to 256 bits (an average of 384). Plus the entropy preserved in the key buffer. So there is from just over 512 to an average of 896 bits of entropy in the pool. 1016 random bits are used to make the starting values for the two primes in a 1024-bit key. This is clearly not the perfect Shannon entropy PGP aims for. As long as the stirring operation is still considered cryptographically strong, this reduction in the possible range of generated keys is not useful to a factoring algorithm, so it doesn't make a factoring attack any easier, yet a factoring attack is still far easier than a guessing attack, so the easiest attack is no easier. So I don't think anything is more attackable. Still, it's NOT what was intended, and that's always bad. My apologies to users of PGP. - -- -Colin -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLeyVSw/D7AL7u4qxAQEjCQP/YlzY5DWT4FrSErQ8W0TP9ibRqpck4gKL YOkUgiMQnvCE2XHEvP1VTfUANgU9O/P7lClJ1oaOXIEbt5GW45DAVPgSZk5PoJ10 TZ5Ly4wqDzMa8YLDu4I2l2Use5wwIIYl5IbGEdZiRlYdox7eWaGRLfOiA8CPVb9p yZ7PgFZU10Y= =Bj83 -----END PGP SIGNATURE----- From warlord at MIT.EDU Fri Aug 12 16:06:50 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 12 Aug 94 16:06:50 PDT Subject: Bug in PgP2.6??? In-Reply-To: <199408122157.OAA10363@netcom8.netcom.com> Message-ID: <9408122306.AA23584@toxicwaste.media.mit.edu> Gee, Claude, where have _you_ been hiding? Look at the date on that message. As for using 2.6 -- I do. It's _only_ a factor in key generation, and it doesn't weaken key generation enough to be a concern. Also, there is a planned bugfix release for sometime soon that will have the one character patch that fixes that problem. -derek From eb at comsec.com Fri Aug 12 18:00:10 1994 From: eb at comsec.com (Eric Blossom) Date: Fri, 12 Aug 94 18:00:10 PDT Subject: Multiprecision integer mult using FPU In-Reply-To: <199408120554.WAA21416@netcom.netcom.com> Message-ID: <199408122359.QAA04429@modmult.comsec.com> Norm Hardy writes: > The PowerPC floating point is even more impressive. The fmadd instruction > can do "a <- b*c+d" every other clock or 30 per microsecond on the low end > Power Mac. If we store 24 bits of a multiple precision number in successive > elements of an arrary then the inner loop of a multiply is a routine such > as: > > void m8(float * a, float * b, double * p) > {p[0] = a[0]*b[0]; > p[1] = a[0]*b[1] + a[1]*b[0]; > p[2] = a[0]*b[2] + a[1]*b[1] + a[2]*b[0]; > p[3] = a[0]*b[3] + a[1]*b[2] + a[2]*b[1] + a[3]*b[0]; > p[4] = a[0]*b[4] + a[1]*b[3] + a[2]*b[2] + a[3]*b[1] + a[4]*b[0]; > p[5] = a[0]*b[5] + a[1]*b[4] + a[2]*b[3] + a[3]*b[2] + a[4]*b[1] + a[5]*b[0]; > .... > p[13] = a[6]*b[7] + a[7]*b[6]; > p[14] = a[7]*b[7];} Nice hack Norm. This would appear to apply to any processor where the floating point performance is substantially greater than the integer. This is true of the Pentium too. Floating point: latency/throughput FADD 3/1 FMUL 3/1 FLD 1/1 FST 2/2 1/1 if storing to FPU stack Integer: ADD 1 MUL 10 From nobody at vox.hacktic.nl Fri Aug 12 18:12:18 1994 From: nobody at vox.hacktic.nl (An0nYm0Us UsEr) Date: Fri, 12 Aug 94 18:12:18 PDT Subject: No Subject Message-ID: <199408130112.AA21528@xs4all.hacktic.nl> Diogenes pondered: > The only problem I see with the "everyone a remailer" concept is > that, in the presence of traffic analysis, a locally generated > message will show up as an imbalance between incoming and > outgoing messages, will it not? Don't most remailers have a 'bit bucket' address tho? Generating some bogus bit-bucket messages would solve that problem... Also, Ghio's remailer lets you put two (or more) messages inside a PGP envelope, so in theory you could have one message go in and two come out. There is the size problem tho. :( From hayden at vorlon.mankato.msus.edu Fri Aug 12 18:22:14 1994 From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden) Date: Fri, 12 Aug 94 18:22:14 PDT Subject: Congressional Committee takes to the Net (long) (fwd) Message-ID: This was emailed to me and thought I'd pass it on. ----------------- This is the initial posting from the Committee on Science, Space, and Technology of the U.S. House of Representatives, chaired by the Honorable George Brown of California. We have agreed to serve as the "beta" testers for House Committees trying to learn how to use the Internet. We posted this message to some of the USENET newsgroups that discuss topics relevant to our jurisdiction over Federal civilian research and development activities to: (1) Increase the number of people who know we do have Internet access; (2) Indicate how we can be reached on the net; and (3) Start learning how to take advantage of this information system in our daily activities. Getting the Congress to use Internet has been discussed in a few threads on various USENET newsgroups of late. Some of you may be familiar with the E-Mail Pilot Project established by the Committee on House Administration, chaired by the Honorable Charlie Rose of North Carolina. Those Members of the House currently maintaining an electronic mailbox for constituent communications may be found by e-mailing "congress at hr.house.gov" with the text "HELP" or "INFO" in the message body. You will receive an automated response with the necessary instructions. Also, the text of legislation introduced in the U.S. House of Representatives during the current Congress is now available on a W.A.I.S server located at the House Information Systems data center. The server may be accessed from the directory at quake.think.com or using the following information: Server: diamond Port: 210 Database Name: USHOUSE_house_bill_text_103rd It can also be found on gopher.house.gov in: Congressional Information/Legislative Resources The database contains the text of House bills beginning with October 1993 and is updated daily. What follows now is the message you will automatically receive in response to messages sent to housesst at hr.house.gov, the Committee's Internet address. It describes items like the Committee's gopher server, which you can also find at gopher.house.gov. ----------- begin ----------- Welcome to the electronic mailbox system for the Committee on Science, Space, and Technology of the U.S. House of Representatives. This Internet service is provided for ease of communication with the Members and staff of the Committee. If your message is addressed to a specific Member, it will be printed out in hard copy and forwarded to the Member's office for response by U.S. Mail. If your message is addressed to a staff member of the Committee, it will be forwarded electronically to that staff member for response. Depending on the nature of the response, it might reach you in either electronic or postal form. Messages for the Committee press office will be acknowledged electronically and then followed up on, if necessary, with material by post or fax. You can reach the press office directly via Internet at "sstpress at hr.house.gov". The Committee also maintains a bulletin board on the House of Representatives Internet gopher server at "gopher at hr.house.gov". Much of the public information material provided by the Committee is available on this gopher system. Much of this information also is available on the Committee's "Straight Talk" voice-response system. Dial 202/225-3018 and follow the menu instructions for a touch-tone telephone. Thank you for contacting the House Science Committee. Please be patient as we experiment with this new way of better serving your communications needs. If you wish to write to the Committee, please direct your correspondence to: Committee on Science, Space, and Technology 2320 Rayburn House Office Building U.S. House of Representatives Washington, DC 20515 ----------- end ----------- At this time, we suggest you supply both your e-mail and postal addresses in any communication to the Committee. Each office in Congress has its own policy for responding to public inquiries. So, if we forward your e-mail to a particular Member's office, they may choose to respond with a regular letter. Our Committee hopes to increase our use of e-mail in responding to public inquiries. We have chosen the following subset of USENET groups for our initial foray into the net.world: alt.california alt.cyberspace alt.dcom.telecom alt.politics.datahighway comp.dcom.telecom comp.org.cpsr.talk comp.org.eff.talk misc.education misc.education.science misc.legal sci.agriculture sci.astro sci.bio.ecology sci.chem sci.energy sci.engr sci.environment sci.geo.geology sci.math sci.med sci.misc sci.physics sci.research sci.space.policy talk.environment talk.politics.crypto Please feel free to repost this message to other groups that might find the information of value. Your comments on what should be carried by this channel of communications would also be welcomed. --------------- Committee on Science, Space, and Technology U.S. House of Representatives Washington, D.C. 20515 HOUSESST at HR.HOUSE.GOV DISCLAIMER: Opinions expressed in this posting are those of the sender and do not necessarily reflect those of the Committee, the Chairman or any Member of Congress. -- ____ Robert A. Hayden <=> hayden at vorlon.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or anyone else, dammit -=-=-=-=-=-=-=- (GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++ j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++** From norm at netcom.com Fri Aug 12 18:35:51 1994 From: norm at netcom.com (Norman Hardy) Date: Fri, 12 Aug 94 18:35:51 PDT Subject: IDEA vs DES Message-ID: <199408130136.SAA21956@netcom.netcom.com> This morning I said: >would expect that it can be done in under 100 microseconds. Modular >>exponentiation of 1000 bit numbers should take about 2*(1000/24)^3 >>(1/30,000,000MHz) = 2.5 ms without outer loop overhead. Sorry, I goofed! Thanks to Phil Karn for catching me on this. I omitted a factor of 12 which is half of the number of bits in one of my "words". With 24 bits per word the 601 could do a 1000 bit by 1000 bit multiply in (1000/24)^2 fmadd instructions, plus several times (1000/24) fixed point instructions. The fmadd takes 2 clocks. Doing the modular multiply requires about twice as much. Exponentiating by an n bit number requires about n/2 modular multiplies worst case. Doing mod(n^k, m) for 1000 bit numbers thus requires about 2*2*(1000/24)^2*1000/2 clocks. For the slowest (60MHz) 601 this is 58ms. From klbarrus at owlnet.rice.edu Fri Aug 12 20:45:21 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Fri, 12 Aug 94 20:45:21 PDT Subject: MAIL: commercial remailers Message-ID: <9408130345.AA22435@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- I wrote: >>Interesting point... I guess that is a good reason why free anonymous >>remailers might not ever die out, but pay remailers may be able to >>offer enhanced features and services that would tend to attract the >>vast majority of customers (assuming such a service would be >>considered as valuable by enough people ;) Scott wrote: > In actuality having only purely commercial remailers in a chain > would likely lead to security concerns of the following nature. When > remailers end up requiring postage, people will tend to use the > cheapest remailers to cut down on costs. Who will be in a position to > offer the cheapest rates under a commercial proposition? Someone who But this assumes that commercial remailers will not take in enough money to keep themselves afloat. Which could very well be true! What you describe is a serious problem indeed: in which only a "deep pockets/government front/whatever" can run a pay remailer and most free remailers exist on unsecure systems. > This speaks highly for the "every man a remailer" concept. If you know > people who run remailers and trust that they are not compromised But this is the problem, if the remailer operator is just an ordinary user, he/she may not even know their remailer is compromised, since there is only so much an ordinary user can do. You're trustworthy friends may be victim of a sysadmin who does sendmail logging, etc. Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkxBbsSF/V8IjI8hAQF4rQP+NOtdzvtGUSK6sZzR1BL6fVAuehZGMM1A bjlGmPFOjN3G+44AsL8+l2BF4RvujGZ7YCRwvhggjpQC2yqI02m7xqlgIukqQlQR zUec88zzGi+XC0CrBovOXZVzlbkl8UxdQXa/FNTjczf4QLd1+8hv7h2D1wb0J0yD BknFwcAibZw= =QhUQ -----END PGP SIGNATURE----- -- Karl L. Barrus: klbarrus at owlnet.rice.edu 2.3: 5AD633; D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5 E8 97 64 7E 20 95 60 D9 "One man's mnemonic is another man's cryptography" - K. Cooper From wb8foz at nrk.com Fri Aug 12 21:40:06 1994 From: wb8foz at nrk.com (David Lesher) Date: Fri, 12 Aug 94 21:40:06 PDT Subject: EFF on why they did it. In-Reply-To: <9408121631.AA02707@bilbo.suite.com> Message-ID: > Paid for "by the government"?!! And just where does the EFF think the > government gets its money? One difference -- the Hill must allocate money for "paid for by the government" as compared to "just rape the switch designer" financing. No money, not wiretaps. That may {or may not} limit the effect of FBI Wiretap, depending on how [much/little] the Hill loosens the pursestrings. -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close............(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From claborne at microcosm.sandiegoca.NCR.COM Fri Aug 12 22:12:17 1994 From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris) Date: Fri, 12 Aug 94 22:12:17 PDT Subject: POST:Gaining ISDN Privacy with data encryption Message-ID: <2E4BF2DC@microcosm.SanDiegoCA.NCR.COM> I received a ton of requests for the article below. One comment. This looks like a perfect application for PGP mainly because of the ease of use and the fact that it includes compression. I may send something in to the editor. REMEMBER: What fallows is a direct quote from the zine. ------------------------------------------------------------ Communications News - August, 1994 Gaining ISDN Privacy with data encryption by Kevin Tanzillo Making the public ISDN network private is possible though data encryption to maintain security, say a pair of ISDN researchers whose organization is soon to become and ISDN user. Wunnava V. Subbarao, professor of electrical and computer engineering Florida International University (FIU), along with research associate Irma B. Fernandez, wrote a paper on testing and evaluating encryption based data security in the ISDN environment. Their interest goes beyond academic. The university, located in Miami, will become an ISDN user when classes resume this fall, linking remote campus in a distance learning application. So far, though, the use of ISDN has been in the university+s research lab. Subbarao explains that BellSouth and Northern Telecom grants have enabled the university to bring in five basic rate ISDN lines and work with a range of equipment. Why we have gotten heavily involved in this is because ISDN is quickly emerging as a real, operational, reliable and cost-effective technology for end-to-end digital connectivity, says Subbarao. Here at FIU a large number of ISDN-based applications are being developed. Some of these are point of sale, security monitoring, medical network and medical imaging. In any of these high-speed data transfers, security is a pressing concern. We have investigated possible standards for ISDN security that allow data, including voice, transmitted over ISDN to have encrypted so that only intended receiver can decipher it. This will make the public network behave like a private network and allow ISDN to be a solution in applications that require authentication, privacy and confidentiality without the expense of leased lines. In a software implementation developed a the FIU lab, the overhead incurred to add security to an ISDN communication is small enough that it will be transparent to the end user, says the paper. We have successfully implemented the DES algorithm in software and the results obtained are satisfactory. The hybrid cryptosystem developed at FIU uses RSA public key cryptogrophy for key pair generation and encrypts a random DES key, then uses DES for encryption of the contents. They used an RSAREF cryptographic tool kit from RSA laboratories. On an average, it takes 68 seconds to generate a pair of 508-bit keys running on a 486 PC base. The RSAREF tool kit allows creation of a key pair of up to 1,024 bits, but the overhead incurred in the time to generate these keys is not warranted, given these keys will only be valid for one communication session. The time to seal, encrypt and decrypt an eight-character file was less than a second, and the time to verify the signature was around three seconds. RSAREF allows for signature and encryption of message files of length up to 1,000 bytes, and timing studies for a file length of 700 bytes resulted in the same overhead as that of the length of eight bytes. We are currently updating our software to test signature and encryption of large binary files, such as image files. Taking more than a minute to create an encryption key may be acceptable in some applications, Subbarao observes, but he has his eye on transmission of medical data, when every second counts. As a result, the FIU lab is working on a time-saving hardware implementation for creating keys. As the Subarao-Fernandez paper concludes, hardware implementation of DES and RSA scheme to privatize public ISDN are virtually transparent to the end users, and the time penalty incurred is insignificant. Regarding privacy of voice, the research paper observes: In the implementation of the ISDN prototype, the voice digitization will require encryption eight characters (64 bits) at a time. Also, for voice applications, since the length and contents of the full voice message is not known beforehand, the message digest and signature for integrity is not applicable. Data transfers over ISDN on the other hand, can take advantage of the message digest and signature for integrity. The appropriate data files will be parsed into eight character (64 bit) blocks for encryption in DES CBC mode. As far as the particulars of the encryption research, the paper explains that the file transfer software was implemented in C programming language. To transfer binary files, we wrote an interrupt-driven serial communications program based on the XModem-1K protocol, which extends the packet size from 128 to 1,024 bytes. File transfers were tested using the B channel in a BRI line. future enhancements include implementation of the Zmodem protocol, which uses a 2K packet size, to take full advantage of the digital characteristics of the transfer medium. What the future holds for this security concept is terminal adapter security extension module that plugs into the PC bus and provides security to the ISDN user while protecting the investment in existing terminal adapters. That module could support speeds to 4 Mb/s. ------------------------------------------- [end of article] ... __o .. -\<, chris.claborne at sandiegoca.ncr.com ...(*)/(*). CI$: 76340.2422 PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA Avail on Pub Key server. From Ben.Goren at asu.edu Fri Aug 12 22:22:42 1994 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Fri, 12 Aug 94 22:22:42 PDT Subject: EFF on why they did it. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- At 7:37 AM 8/12/94, Brian D Williams wrote: >Leahy and Edwards introduce a narrow Digital Telephony bill >with major new privacy protections >============================================================ > >Today Senator Patrick Leahy (D-VT) and Representative Don Edwards >(D-CA) introduced their version of Digital Telephony legislation. >[. . . .] The prisoner was served a meal of fresh lobster and fine wine. All were moved by the priest's blessing, and touched by the prisoner's speech. The doctor signed the death certificate shortly after midnight. b& -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: My key is not 'escrowed' with any government agency. iQCVAgUBLkxYOkNl71nP8jvVAQHrMQP+Pd8l8tCN0oMEhuc77VZIoAnK6Z/KGGJ3 7wSSANYo/lSP6qkt+lmYIuf4FoelCHe6GZNS9yt92H3d2opcs0TTPjkXfkQu8scj XE0/ggwhg8IwvRkB5mj0JzsUH6p0cOr6HSLPXmkzDGP5OYpjPOK+TGp9mO8oa08b oxTDn81SQwg= =nRqo -----END PGP SIGNATURE----- -- Ben.Goren at asu.edu, Arizona State University School of Music net.proselytizing (write for info): We won! Clipper is dead! BUT! Just say no to key escrow. And stamp out spamming, too. Finger ben at tux.music.asu.edu for PGP 2.6 public key CFF23BD5. From Ben.Goren at asu.edu Fri Aug 12 22:22:57 1994 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Fri, 12 Aug 94 22:22:57 PDT Subject: Bug in PgP2.6??? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- At 4:06 PM 8/12/94, Derek Atkins wrote: >Gee, Claude, where have _you_ been hiding? Look at the date >on that message. > >As for using 2.6 -- I do. It's _only_ a factor in key generation, >and it doesn't weaken key generation enough to be a concern. > >Also, there is a planned bugfix release for sometime soon that >will have the one character patch that fixes that problem. Except that the fix has been a *long* time coming. Hasn't it been about a month since I complained about this? And there's still not even a simple readme on the distribution site. As I said before, if it's serious enough to shout to the world, "we goofed," then it's serious enough to take the ten seconds necessary to make the fix or make the instructions on how to do so obviously available. The EFF has sold us out, and this is making MIT look rather unprofessional. >-derek b& -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: My key is not 'escrowed' with any government agency. iQCVAgUBLkxYmkNl71nP8jvVAQFh4QP/dKmW/OV4nLHknfFVKgJJqgwV9mwjsZ9n myekwvvI8liZmcjSwAJDxTjk4V7xMMrRbE/2zC1fcl7bstgP+5SvbQ/c0jMlPJJ6 i81CXYcIY8WQ5stQmNN+9Qi0wU8E2KUiw96+LgH4P9kc6059aKQYOb26qF3bypQB g5G015QkOQo= =8ala -----END PGP SIGNATURE----- -- Ben.Goren at asu.edu, Arizona State University School of Music net.proselytizing (write for info): We won! Clipper is dead! BUT! Just say no to key escrow. And stamp out spamming, too. Finger ben at tux.music.asu.edu for PGP 2.6 public key CFF23BD5. From karn at qualcomm.com Fri Aug 12 22:34:44 1994 From: karn at qualcomm.com (Phil Karn) Date: Fri, 12 Aug 94 22:34:44 PDT Subject: POST:Gaining ISDN Privacy with data encryption In-Reply-To: <2E4BF2DC@microcosm.SanDiegoCA.NCR.COM> Message-ID: <199408130535.WAA03143@servo.qualcomm.com> Looks like these guys haven't noticed that Diffie-Hellman was added to RSAREF 2.0. Even with its highly suboptimum exponentiation code, I can generate a 1K bit key in roughly 20 seconds on a 50 Mhz 486, assuming precomputation of the first phase of the protocol (generating a random number and exponentiating it). That's much faster than generating a transient RSA key pair. Phil From yusuf921 at raven.csrv.uidaho.edu Fri Aug 12 22:46:17 1994 From: yusuf921 at raven.csrv.uidaho.edu (Jidan) Date: Fri, 12 Aug 94 22:46:17 PDT Subject: Bug in PgP2.6?? SWITCH TO 2.6ui!! In-Reply-To: Message-ID: Was this bug introduced in 2.6 or was it in previous versions? From werewolf at io.org Fri Aug 12 23:23:53 1994 From: werewolf at io.org (Mark Terka) Date: Fri, 12 Aug 94 23:23:53 PDT Subject: RemailerNet In-Reply-To: <5445@aiki.demon.co.uk> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- In article <5445 at aiki.demon.co.uk>, you wrote: > In message <199408120649.XAA07108 at ucsd.edu> Lance Cottrell writes: > > >Actually, the odds are better than this, .8^5, about 0.33. You will be > > >compromised "only" 1/3 of the time. > > > > > >You will be protected if you have encrypted your messages, but using > > >a remailer network offers little additional protection. > Remember that the original assumption was that you were choosing five > remailers at random, on each transmission. I argue against this > strategy; I think that if you know someone is reliable you should > stick with them. I'm not sure what other people think of the "trustworthiness" of various remailers, but when chaining I usually bounce it through two, AND the first leg goes offshore to hacktic which seems superably reliable. After that, it goes to either wimsey or ghio. Be better to hacktic and then another Euro-mailer before going back to North America, but what other European remailers are as reliable as hacktic? -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkuF9UyJS+ItHb8JAQGm7gP/QgHjySdT3++zHdkkZkWpC9SsyUyuHAW+ GZQcalGGmN71xdO8hk+UY5IEAPYUYDBqfRdUq0eVGdariQU50LbEoH7W2sSEmupF 9LjxAZUq95kLxAqLvt97O6qb/KZcVdZrja3WIeuLTYohxGESZZdD1VKtmV9D9ghA cIOBkUjR4wc= =rAxK -----END PGP SIGNATURE----- From mikepb at freke.lerctr.org Sat Aug 13 02:41:19 1994 From: mikepb at freke.lerctr.org (Michael P. Brininstool) Date: Sat, 13 Aug 94 02:41:19 PDT Subject: Bug in PgP2.6??? In-Reply-To: Message-ID: <1994Aug13.092024.23350@freke.lerctr.org> In article , wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >>Also, there is a planned bugfix release for sometime soon that >>will have the one character patch that fixes that problem. > >As I said before, if it's serious enough to shout to the world, "we >goofed," then it's serious enough to take the ten seconds necessary to >make the fix or make the instructions on how to do so obviously available. In the 'shout to the world' Colin gave the fix. It is easier to manually apply the fix than to run the patch program. It is unecessary anyway. ---------------------------------------------------------| | #include "std/disclaimer.h" Michael P. Brininstool | | mikepb at freke.lerctr.org OR mikepb at netcom.com | |--------------------------------------------------------- From nobody at kaiwan.com Sat Aug 13 08:02:52 1994 From: nobody at kaiwan.com (Anonymous) Date: Sat, 13 Aug 94 08:02:52 PDT Subject: RemailNet Message-ID: <199408131502.IAA18745@kaiwan.kaiwan.com> -----BEGIN PGP SIGNED MESSAGE----- werewolf at io.org (Mark Terka) wrote: > I'm not sure what other people think of the "trustworthiness" of various > remailers, but when chaining I usually bounce it through two, AND the > first leg goes offshore to hacktic which seems superably reliable. After > that, it goes to either wimsey or ghio. Be better to hacktic and then > another Euro-mailer before going back to North America, but what other > European remailers are as reliable as hacktic? There might be at least one good reason for NOT going overseas on that first leg. The NSA's charter restricts it to international operations. By making that first leg a foreign one, you've made your transmission, the one with your address visible, fair game for them. I don't know how closely they obey the "rules", given their inherent lack of accountability, but if you forced them to break the rules to monitor you, they might at least be a bit more hesitant to use the info against you. -- Diogenes -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkzWp+Rsd2rRFQ1JAQHnrgQAhW/ohz+yxaDCNA1eho68blAqudvE8sUd SjyfgW0sfeow7ExIM9xcCBW2hxYgwIUDWPF5b18dtcz5U4nnY3snvovgIV8FcSuE dkaNQDcC3wPZzmWfzMxXPQjjAtddYVj4uHHyzPdA1tLEUW/2C1vf8L2O8Rv8YREw 2okxTNbgvtY= =FNn/ -----END PGP SIGNATURE----- From jya at pipeline.com Sat Aug 13 08:19:48 1994 From: jya at pipeline.com (John Young) Date: Sat, 13 Aug 94 08:19:48 PDT Subject: RemailNet Message-ID: <199408131519.LAA00496@pipe1.pipeline.com> Responding to msg by nobody at kaiwan.com (Anonymous) on Sat, 13 Aug 8:2 AM >There might be at least one good reason for NOT going >overseas on that first leg. The NSA's charter >restricts it to international operations. According to published reports, such as Bamford's "Puzzle Palace", NSA does not have a "charter", in part because the originators intent to avoid limitations on operations. The CIA has a charter like you suggest. If you have a public reference on *any* limitation of NSA's operations please post here or send by email. Thanks. John From cactus at bb.com Sat Aug 13 08:56:17 1994 From: cactus at bb.com (L. Todd Masco) Date: Sat, 13 Aug 94 08:56:17 PDT Subject: That NYT article... Message-ID: <199408131601.MAA13393@bb.com> We're talking to the author -- FWIW, he'll be printing a retraction. Off to HOPE. -- L. Todd Masco | Bibliobytes books on computer, on any UNIX host with e-mail cactus at bb.com | "Information wants to be free, but authors want to be paid." From hayden at vorlon.mankato.msus.edu Sat Aug 13 09:00:53 1994 From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden) Date: Sat, 13 Aug 94 09:00:53 PDT Subject: WWW> ANNOUNCE: PGP Encrypted Mosaic Sessions for Purchases (fwd) Message-ID: Forwarded from Net-Happenings... ---------- Forwarded message ---------- Date: Fri, 12 Aug 1994 10:23:58 -0400 SENDER: Guy H. T. Haskin Subject: WWW> ANNOUNCE: PGP Encrypted Mosaic Sessions for Purchases -----BEGIN PGP SIGNED MESSAGE----- The NetMarket Company is now offering PGP-encrypted Mosaic sessions for securely transmitting credit card information over the Internet. Peter Lewis wrote an article on NetMarket on page D1 of today's New York Times (8/12/94). For more information on NetMarket, connect to http://www.netmarket.com/ or, telnet netmarket.com There is no charge to browse around the service and no charge to set up an account. The NetMarket Company is currently offering CDs from Noteworthy Music and flowers from 800-THE-ROSE. If you do not have access to a PGP-capable version of X Mosaic, NetMarket also allows accounts to be set-up toll-free by calling 800-867-3777 or by sending PGP encrypted e-mail to pgp at netmarket.com. NetMarket was able to offer this service because Phil Zimmerman's PGP is now free and available for personal use and because support for encryption functions had been added to the recent versions of X Mosaic software from the NCSA. NetMarket has secured a commercial license for PGP, configured our server to allow encrypted transactions and provided directions for configuring X Mosaic and exchanging public keys. For more information on NetMarket, please e-mail or finger info at netmarket.com or use the automated comments page after connecting to our server. NetMarket's public key is available by fingering pgp at netmarket.com and on our WWW server. - -- guy at netmarket.com (Guy H. T. Haskin)| Noteworthy Music on the Internet The NetMarket Company | Multimedia interface to 17,000+ CDs www: http://www.netmarket.com/ | finger/email: info at netmarket.com ftp/telnet/gopher: netmarket.com | voice:603-881-3777 fax:603-881-3776 -----BEGIN PGP SIGNATURE----- Version: 2.7 iQCVAgUBLkuCw8ov4aYyIJbZAQFcuAP+O4LTod9047nKuubRtVeH/kwcp/0At4To 3C5cee6jUb/2ETzavoDyRz3X4edsMzOgCtvBtmMB1tuqqBSMs0xh0eXnUiQ6oRTI JSu9Z/UmIBofUPC5lGd9gyoMjVJaVv41R8SMI1R9XD9WBFwlyrAifimiLo6zs4ML tqnXeAJ4F54= =jBCt -----END PGP SIGNATURE----- From jgostin at eternal.pha.pa.us Sat Aug 13 10:11:35 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Sat, 13 Aug 94 10:11:35 PDT Subject: Bug in PgP2.6??? Message-ID: <940813120832v2vjgostin@eternal.pha.pa.us> Ben.Goren at asu.edu writes: > The EFF has sold us out, and this is making MIT look rather unprofessional. Wild conspiracy theories aside for the moment, I back MIT on this one. People are only beginning to get clued in as to what version the current version is. Releasing a new version at this point, IMHO, would be a MAJOR headache. If you've ever worked for a software company, and tried to deal with the maintenance-version-of-the-day, you'll understand where I'm coming from. OTOH, guys [Hey you! MIT!], if it's an easy bug to fix, at least post a SOURCE PATCH. --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From matsb at sos.sll.se Sat Aug 13 12:42:34 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Sat, 13 Aug 94 12:42:34 PDT Subject: Why Cash is So Important In-Reply-To: <199408121740.KAA01304@netcom5.netcom.com> Message-ID: Timothy C. May wrote: > - temporal extent implies record-keeping, such as insurance records, > hospital visits, etc. This is automatically a potential privacy > concern. Yes, but... An insurance company would hardly accept a totally anonymous agent as a customer, for obvious reasons (how would they know that the agent was paid for by the body needing repair and not used for an unfortunate uninsured friend?). Now, if there was only one insurance agency thad had to pay for everyone anyway, that agency wouldn't have to trust the patients, 'only' the doctors (to deliver the true figures of their care production) and so wouldn't necessarily have to be given the identities of patients. Such a system has other implications not belonging in this discussion but this is just to show that no simle rules apply. (In the present situation all insurance companies are so mixed up with each other in reinsurances that in a way they are a single entity.) > (And when the contract is more than just patient-doctor, but involves > other payers, the records-keeping mushrooms. When the government is > the ultimate payer, through mandatory plans, they'll have the records. > No amount of crypto can possibly change that.) Yes, since doctors are not to be trusted the ultimate payer needs records. So they get to know that unit SSN XYZ has been given treatment amounting to DRG (Diagnose Related Group - the system widely used by insurance entities to equalize and minimize costs, which can be used by doctors to 'diagnose' mostly the profitable entries) 384 (abortion, spontaneous or provocated - detailed like this to enable easy record- raiding by the DRG police, I guess). Crypto no use? Perhaps, but ... Suppose those Central Records are encrypted in layers. The DRG Paymasters have the key to the outermost layer so they can read: A patient, anon-9Aq7r, was treated by dr Bob Livingstone for DRG-New XY, where XY only points to the costs without diagnose, at a specified date. They pay Joe what they owe him. If they suspect him of grand fraud he is asked to reveal the key to the next layer, where the identity (no SNN needed, only name and address) of Alice is in the open. The Paymasters can now ask Alice if she was treated by Bob Livingstone at the specified date. If they suspect Bob of salting his bills they have to ask a court for permission to request his second key, further opening the records to reveal DRG-Old 384, making it possible to check with Alice if she was treated for abortion, spontaneous or (e g AND) provocated. If they suspect Alice of collaborating with Bob in a scam they have to ask another (higher) court for permission to request Alice's key, the only key to open the actual treatment records (if these are falsified, well...). This scheme is not a proposal, I just thought it up for the moment, and has several obvious flaws. Like if Alice lies when the Paymasters approach her, or just says 'no comment' or refuses to give away her key. But some scheme might be possible that at least makes it more difficult for the ultimate payer to invade privacy, still keeping an eye on money-hungry doctors. > (When a patient pays cash, no problem. When a central service is used, > opportunities for fraud increase. Doctors with ghost patients, > kickbacks, etc. Any central-payment system must then have records and > investigations at that central point. Hence, a central bureaucracy. > Hence, a loss of privacy at that level.) One problem with cash here is of course the high costs of helth care, making it necessary for almost everybody to be insured if they are not suicidal or willing to gamble their lifes. Another problem is the unconsious-patient situation - or half-consious, might be hard to remember the password to the e$ anonymous account. These are general arguments. I have no opinion in the specific case of the NHCP, a very domestic US discussion. Mats From 73211.3713 at compuserve.com Sat Aug 13 13:01:08 1994 From: 73211.3713 at compuserve.com (Loren Fleckenstein) Date: Sat, 13 Aug 94 13:01:08 PDT Subject: appropriate laptop Message-ID: <940813195755_73211.3713_DHI22-1@CompuServe.COM> Advice, please: I plan on purchasing notebook PCs for myself and colleagues to that are capable of running much-awaited Phil Zimmermann's voice encryption program. I'll probably get something based on the 486 DX2 chip. What type of sound card must these computers be capable of accepting in order to run the encryptor? From tcmay at netcom.com Sat Aug 13 13:32:20 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 13 Aug 94 13:32:20 PDT Subject: Why Cash is So Important In-Reply-To: Message-ID: <199408132032.NAA14779@netcom13.netcom.com> > Timothy C. May wrote: > > > > > - temporal extent implies record-keeping, such as insurance records, > > hospital visits, etc. This is automatically a potential privacy > > concern. > > Yes, but... An insurance company would hardly accept a totally > anonymous agent as a customer, for obvious reasons (how would they > know that the agent was paid for by the body needing repair and not > used for an unfortunate uninsured friend?). Now, if there was only I wasn't arguing that insurance companies would take anonymous customers, per se, though I suspect a privacy-preserving system could in fact be designed. In systems where a customer and insurance provider work out a mutually-beneficia contract, and where there is no requirement to forward records to the government, then privacy is mostly maintained. The concern many of us have is with systems in which governments demand to be "silent partners" in all contractual relationships. > > (When a patient pays cash, no problem. When a central service is used, > > opportunities for fraud increase. Doctors with ghost patients, > > kickbacks, etc. Any central-payment system must then have records and > > investigations at that central point. Hence, a central bureaucracy. > > Hence, a loss of privacy at that level.) > > One problem with cash here is of course the high costs of helth care, > making it necessary for almost everybody to be insured if they are > not suicidal or willing to gamble their lifes. Another problem is the > unconsious-patient situation - or half-consious, might be hard to > remember the password to the e$ anonymous account. I'm not insured. Most health-care costs are payable directly...unless and until the U.S. gets a socialist health care system, in which case I'll still be uninsured (I'm not employed, I'm not indigent, so I won't be covered by any of the current proposals, as I understand it). I'm not going to digress further into insurance issues, except to say that insurance has had the bad effect of decoupling payments and services, a la the well-known "tragedy of the commons." People pay for insurance, or their companies do, and then they try to demand the largest number of services...it's game-theoretically advantageous for them to do so. Hence the $2000 almost-obligatory CAT scan upon entering a hospital in the U.S. (fed also by the malpractice racket--doctors order these $2000 CAT scans to cover their asses against lawsuits and because they get legal kickbacks for these services). Life expectancy, in the U.S. at least, has remained at roughly 72-74 years for the past couple of decades, so this huge health care industry has had little real effect on our chances of living longer. For the rare person who is in fact saved by this expensive system, it is "worth it," of course. But the aggregate benefits tell a different story. The relevance to Cypherpunks? I don't know, but it's partly connected to issues of whether centralized systems and record-keeping are a good idea. I actually see no reason why we as potential patients should not carry around our medical records ourselves. Perhaps in a smart card...the technology has existed for years. Or in a "medical bracelet" which either directly contains local storage (flash memory, for example) or contains a pointer to a file on the Net--and access information, if encrypted, as it should be--which contains relevant medical information and perhaps even financial payment instructions. Selective disclosure of credentials, a la Chaum, should apply quite naturally to medical care. A dossier society is not needed. (I don't demand that others use such a system, only that I and my medical contractor not be required to use someone else's idea of a system. Seems fair to me.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hfinney at shell.portal.com Sat Aug 13 14:06:41 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 13 Aug 94 14:06:41 PDT Subject: Secret sharing made short Message-ID: <199408132106.OAA13869@jobe.shell.portal.com> I came upon a paper with this title in the 1993 Crypto conference proceedings, by Hugo Krawczyk. He pointed out that with the Shamir-type secret splitting which we discuss here periodically you have considerable space expansion. Splitting a message of M bits into N shares causes each share to itself be M bits. Krawczyk shows a simple system which basically has each share be only M/N bits. (I will ignore for simplicity the issue of providing a threshold K On 13 Aug 1994, Loren Fleckenstein wrote: > Advice, please: I plan on purchasing notebook PCs for myself and > colleagues to that are capable of running much-awaited Phil > Zimmermann's voice encryption program. I'll probably get something based > on the 486 DX2 chip. What type of sound card must these computers be > capable of accepting in order to run the encryptor? The specs I have say SoundBlaster, which I assume means just standard 8-bit SoundBlaster minimum, with 16-bit ASP or WaveBlaster not necessary or supported (at least at first...). All will become clear when Nautilus 0.2 is released, as VoicePGP will use that as its code base. The Mac version will just use the built-in sound hardware. The 486DX2 will be more than sufficient. Initially, the specs called for a 486 chip at least, but the Nautilus developer (forgot his name... Bill someone) said that a 386/33Mhz would be sufficient. ------------------------------------------------------------------ ------ Michael Brandt Handler -- Philadelphia, PA -- \bi/ PGP v2.6 public key available -- 1984: We're Behind Schedule \/ From dwomack at runner.utsa.edu Sat Aug 13 14:37:23 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Sat, 13 Aug 94 14:37:23 PDT Subject: pubring Message-ID: <9408132138.AA29928@runner.utsa.edu> I just abused the school computer by downloading the public keyring for pgp at ftp.demon.co.uk. It's dated July 30, which is fine... but they have a caution about it no longer being updated automatically. Will anyone be starting a new public keyring after Sept 1? Regards, Dave From mimir at io.com Sat Aug 13 17:25:45 1994 From: mimir at io.com (Al Billings) Date: Sat, 13 Aug 94 17:25:45 PDT Subject: Mail-Future Free Remailers In-Reply-To: <199408121843.LAA08809@netcom5.netcom.com> Message-ID: On Fri, 12 Aug 1994, Timothy C. May wrote: > > while I'm gone. All the organized mayhem on the list will be missed (but I'm > > not giving up diving in Roaton for it!) see you guys later. > > > > Vaccinia at uncvx1.oit.unc.edu > > "Gone to Roaton," eh? > > A nicely Cypherpunkish ring to that phrase, reminiscent of the cryptic > "Gone to Croatan" message that was all that was left of the vanished > first English colony in the New World. Cute but it actually wasn't that cryptic since it refered to a local Native tribe. To this day, there are members of tribes in that area with English names and European physical traits. The first American cultural drop-outs. Wes thu hal, Al Billings -- Al Billings mimir at io.com http://io.com/user/mimir/asatru.html Nerd-Alberich Admin for Troth - The Asatru E-mail List Lord of the Nerd-Alfar Sysop of The Sacred Grove - (206)322-5450 Poetic-Terrorist Lodge-Master, Friends of Loki Society From nobody at ds1.wu-wien.ac.at Sat Aug 13 18:07:51 1994 From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at) Date: Sat, 13 Aug 94 18:07:51 PDT Subject: Tommy the Tourist's New Home Message-ID: <9408140107.AA10052@ds1.wu-wien.ac.at> -----BEGIN PGP SIGNED MESSAGE----- werewolf at io.org (Mark Terka) asked: > > Tommy the Tourist (Anon User) wrote: > > > > Welcome back, Tommy, we missed you! Hope you're enjoying your > > new (CSUA) "home"... (Time for everyone to update their > > "chain.ini" file, BTW.) > How come? Has soda gone down or something? Or has there been an address > change? Soda was down for a week while it was moved to a different location. The new address is "remailer at soda.csua.berkeley.edu". I'm told that the old address will continue to work for a limited time, but it's best to get in the habit of using the correct one. I also understand that the crypto archives have also moved, but I'm not really sure of the details. --- Diogenes -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLkWDGuRsd2rRFQ1JAQH9UQP/Y5IVnEPiOVtxYmaakHMxK9huPvdsOqsC qgaH9OUKEc6MDVz7NWI/ZtW9V8FqMGfEXEN0a4rMuvgyeq5P2VgqOuMWUcOOKwKP m8jEioG+AoJy6ZWRdufz8rkkc7rU73s9a2Xfktf62rG0PSjs7g9xJrjXPCKSk+PT 2iq18F2sBPo= =5LAw -----END PGP SIGNATURE----- From anonymous at extropia.wimsey.com Sat Aug 13 20:40:26 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Sat, 13 Aug 94 20:40:26 PDT Subject: Anonymous posters & Misinformation Message-ID: <199408140306.AA13402@xtropia> -=> Quoting Jason Burrell to All <=- JB> mcdaniel at u.washington.edu (McDaniel) wrote: > Anonymity is possible with any e-mail address. I have noticed > however that a higher proportion of anonymous posters abuse > the trust of their fellow (and often gullible) netters with > clever deceptions and so on. I would love to see examples of this. "Macho" McDaniel seems to have a weed up his ass over the whole concept of anonymity on the net, and will flame any anonymous poster in any newsgroup. He simply doesn't get it. He presumably wants us all to wear red uniforms and advance in ranks in frontal assaults, "fight fair" and generally act like stationary targets in controversial netvenues. I was astonished to see the completely irrational flap the control addicts in rec.guns, talk.politics.guns and ca-firearms@ shell.portal.com put up when several people objected to the unilateral banning of anon posts. It was just incredible how these "freedom-loving Americans" couldn't handle the concept of anonymity or posts they couldn't _control_. I can't understand why they don't go get a job with Sarah Brady, the NSA or the BATF so they can make a paying career of oppressing others. Not once was a logical refutation of the anon argument posed but in spite of this the anti-anon hysteria prevailed. JB> Now, I could go into the process of forging mail using JB> the "magic 5*5", but I won't. I don't want to teach a bunch JB> of people to forge mail and give them a false sense of security. Yes, this is the whole point. If someone wants to hoax a newsgroup, he can _easily_ fabricate an "good" ID in the time it has taken me to write this message so far. If McDaniel is so phobic about remailered posts, _why doesn't he scroll past them and shut the fuck up?_ Anon posts _say_ they're anon and are posted on a take-it-or-leave-it basis. Obviously McDaniel is too neurotic to do either and wishes us to share his personal problem. His argument about anon "net pollution" is also absurd, considering the staggering differential level of "pollution" generated by other perennial net-banes such as gross over-quoting and irrelevant cross-posting. This reminds me of the stingingly accurate net adage... "Sig files are annoying, juvenile, stupid and a waste of bandwidth. Of course, so are 90% of the posts on Usenet." McDaniel can save his tantrums and stick to moderated newsgroups populated by like minded netnazis. > My proposal would only make anonymos posters known to the list > owner. I believe it is a pretty much accepted belief that NSA > keeps track of atleast those users of anon.penet.fi.. so > who are they being anonymous from? Just the general readers. JB> Now here we go. The cypherpunks remailers don't have mapping tables. JB> They don't send back confirmations. The messages come out in JB> a form like: "From: nobody at shell.portal.com". Ignorance strikes again, as it did in the rec.guns exchange! Penet is a trivial, unencrypted remailer. It provides only the most simple anonymity. Other remailers are run from private, unlogged machines using PGP and sophisticated traffic-analysis countermeasures. If PGP has been made transparent by NSA cryptanalysts all bets are off, but otherwise the sophisticated use of chained, encrypted cypherpunks remailers makes anon-posting virtually bulletproof. JB> These remailers are designed to PREVENT the kind of thing you want to JB> do. Indeed! > Perhaps a crack-down on current anonymous abuses would encourage > responsible parties to develop services more responsive to > taking care of abusive usage and educating their users as to > their own responsibility. "Crack-downs"... I'm really getting tired of this mindset. No doubt McDaniel is salivating profusely waiting for Gore's Federally controlled "Information Superhighway" with all e-mail identified and tracable by use of Clinton's National ID "SmartCard" (don't laugh - this was a specific, stated purpose of the project). JB> This defeats the purpose of an anonymous remailer. If I'm going JB> to send anonymous E-MAIL/posts and then have someone else know about JB> it, it isn't very anonymous, is it? I should say not. > There are some groups where I would never want to see anonymous > posting restricted. Having seen McDaniel's flames of anon users in other forums, I _really_ doubt the sincerity of this statement. From werewolf at io.org Sat Aug 13 23:21:12 1994 From: werewolf at io.org (Mark Terka) Date: Sat, 13 Aug 94 23:21:12 PDT Subject: Bruce Schnier Posting.... Message-ID: Anybody else notice that Bruce Schnier (author of Applied Cryptography) appears live and well on the Internet ... at least judging from his recent post to sci.crypt. He did return my E-Mail admitting to be the author, so it was rather interesting seeing someone known to us posting. sort of like seeing a message from Sterling or Gibson (although Gibson isn't connected). From werewolf at io.org Sat Aug 13 23:21:28 1994 From: werewolf at io.org (Mark Terka) Date: Sat, 13 Aug 94 23:21:28 PDT Subject: Tommy the Tourist's New Home In-Reply-To: <9408140107.AA10052@ds1.wu-wien.ac.at> Message-ID: <0eGJkOwsckj8070yn@io.org> In article <9408140107.AA10052 at ds1.wu-wien.ac.at>, nobody at ds1.wu-wien.ac.at wrote: > werewolf at io.org (Mark Terka) asked: > > > How come? Has soda gone down or something? Or has there been an address > > change? > > Soda was down for a week while it was moved to a different location. The > new address is "remailer at soda.csua.berkeley.edu". I'm told that the old > address will continue to work for a limited time, but it's best to get in > the habit of using the correct one. Ok, I take it this is the one that posts directly to the USENET groups? > > I also understand that the crypto archives have also moved, but I'm not > really sure of the details. Well as of about 3pm EDT today they seemed to still be at ftp.soda.berkeley.edu as I scooped a couple of files from that site at that time. From tcmay at netcom.com Sun Aug 14 01:13:44 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 14 Aug 94 01:13:44 PDT Subject: Bruce Schnier Posting.... In-Reply-To: Message-ID: <199408140814.BAA12266@netcom11.netcom.com> > > Anybody else notice that Bruce Schnier (author of Applied Cryptography) > appears live and well on the Internet ... at least judging from his > recent post to sci.crypt. > > He did return my E-Mail admitting to be the author, so it was rather > interesting seeing someone known to us posting. sort of like seeing a > message from Sterling or Gibson (although Gibson isn't connected). Bruce Schneier was on the Cypherpunks list for a while. Ditto for other people "known to us," left as an exercise for the diligent to spot. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From andreas.elbert at gmd.de Sun Aug 14 04:40:32 1994 From: andreas.elbert at gmd.de (andreas.elbert at gmd.de) Date: Sun, 14 Aug 94 04:40:32 PDT Subject: POST:Gaining ISDN Privacy with data encryption Message-ID: <9408141139.AB01789@darmstadt.gmd.de> > >Making the public ISDN network private is possible though data encryption to >maintain security, say a pair of ISDN researchers whose organization is soon >to become and ISDN user. > They probably are right :-) A daughter of the german PTT has been offering ISDN-DES-phones for some years now. Welcome to the Club ! From adwestro at ouray.Denver.Colorado.EDU Sun Aug 14 06:37:42 1994 From: adwestro at ouray.Denver.Colorado.EDU (Alan Westrope) Date: Sun, 14 Aug 94 06:37:42 PDT Subject: Zimmermann & Johnson at Sept. RMIUG Message-ID: I have been told that noted Colorado crypto experts Phil Zimmermann and Mike Johnson, along with Phil's attorney, Phil Dubois, will be panelists at the September meeting of the Rocky Mountain Internet Users Group. The meeting will be on Tues. 9/13, 7-9 pm at NCAR in the Sovereign Republic of Boulder. Corrections/additional info gratefully accepted. Alan Westrope __________/|-, (_) \|-' PGP 2.6 public key: finger/servers PGP 0xB8359639: D6 89 74 03 77 C8 2D 43 7C CA 6D 57 29 25 69 23 From cme at clark.net Sun Aug 14 07:56:51 1994 From: cme at clark.net (Carl Ellison) Date: Sun, 14 Aug 94 07:56:51 PDT Subject: FYI Message-ID: <199408141456.KAA23795@clark.net> Path: news.clark.net!news.sprintlink.net!neon.house.gov!hr.house.gov!JPX From: JPX at hr.house.gov Newsgroups: talk.politics.crypto Subject: Congressional Committee takes to the Net (long) Date: Fri, 12 Aug 1994 16:35:20 GMT Organization: Committee on Science, Space & Technology Lines: 130 Distribution: na Message-ID: NNTP-Posting-Host: 143.231.251.142 Summary: House Science Committee goes on-line Keywords: Congress House Science Committee This is the initial posting from the Committee on Science, Space, and Technology of the U.S. House of Representatives, chaired by the Honorable George Brown of California. We have agreed to serve as the "beta" testers for House Committees trying to learn how to use the Internet. We posted this message to some of the USENET newsgroups that discuss topics relevant to our jurisdiction over Federal civilian research and development activities to: (1) Increase the number of people who know we do have Internet access; (2) Indicate how we can be reached on the net; and (3) Start learning how to take advantage of this information system in our daily activities. Getting the Congress to use Internet has been discussed in a few threads on various USENET newsgroups of late. Some of you may be familiar with the E-Mail Pilot Project established by the Committee on House Administration, chaired by the Honorable Charlie Rose of North Carolina. Those Members of the House currently maintaining an electronic mailbox for constituent communications may be found by e-mailing "congress at hr.house.gov" with the text "HELP" or "INFO" in the message body. You will receive an automated response with the necessary instructions. Also, the text of legislation introduced in the U.S. House of Representatives during the current Congress is now available on a W.A.I.S server located at the House Information Systems data center. The server may be accessed from the directory at quake.think.com or using the following information: Server: diamond Port: 210 Database Name: USHOUSE_house_bill_text_103rd It can also be found on gopher.house.gov in: Congressional Information/Legislative Resources The database contains the text of House bills beginning with October 1993 and is updated daily. What follows now is the message you will automatically receive in response to messages sent to housesst at hr.house.gov, the Committee's Internet address. It describes items like the Committee's gopher server, which you can also find at gopher.house.gov. ----------- begin ----------- Welcome to the electronic mailbox system for the Committee on Science, Space, and Technology of the U.S. House of Representatives. This Internet service is provided for ease of communication with the Members and staff of the Committee. If your message is addressed to a specific Member, it will be printed out in hard copy and forwarded to the Member's office for response by U.S. Mail. If your message is addressed to a staff member of the Committee, it will be forwarded electronically to that staff member for response. Depending on the nature of the response, it might reach you in either electronic or postal form. Messages for the Committee press office will be acknowledged electronically and then followed up on, if necessary, with material by post or fax. You can reach the press office directly via Internet at "sstpress at hr.house.gov". The Committee also maintains a bulletin board on the House of Representatives Internet gopher server at "gopher at hr.house.gov". Much of the public information material provided by the Committee is available on this gopher system. Much of this information also is available on the Committee's "Straight Talk" voice-response system. Dial 202/225-3018 and follow the menu instructions for a touch-tone telephone. Thank you for contacting the House Science Committee. Please be patient as we experiment with this new way of better serving your communications needs. If you wish to write to the Committee, please direct your correspondence to: Committee on Science, Space, and Technology 2320 Rayburn House Office Building U.S. House of Representatives Washington, DC 20515 ----------- end ----------- At this time, we suggest you supply both your e-mail and postal addresses in any communication to the Committee. Each office in Congress has its own policy for responding to public inquiries. So, if we forward your e-mail to a particular Member's office, they may choose to respond with a regular letter. Our Committee hopes to increase our use of e-mail in responding to public inquiries. We have chosen the following subset of USENET groups for our initial foray into the net.world: alt.california alt.cyberspace alt.dcom.telecom alt.politics.datahighway comp.dcom.telecom comp.org.cpsr.talk comp.org.eff.talk misc.education misc.education.science misc.legal sci.agriculture sci.astro sci.bio.ecology sci.chem sci.energy sci.engr sci.environment sci.geo.geology sci.math sci.med sci.misc sci.physics sci.research sci.space.policy talk.environment talk.politics.crypto Please feel free to repost this message to other groups that might find the information of value. Your comments on what should be carried by this channel of communications would also be welcomed. --------------- Committee on Science, Space, and Technology U.S. House of Representatives Washington, D.C. 20515 HOUSESST at HR.HOUSE.GOV DISCLAIMER: Opinions expressed in this posting are those of the sender and do not necessarily reflect those of the Committee, the Chairman or any Member of Congress. From cme at tis.com Sun Aug 14 10:41:12 1994 From: cme at tis.com (Carl Ellison) Date: Sun, 14 Aug 94 10:41:12 PDT Subject: number of 2-way radios Message-ID: <9408141739.AA15896@tis.com> Does anyone have rough figures on the number of cellular phones produced versus the number of military 2-way radios ever produced? I'd be willing to bet the former far exceeds the latter, but it would be nice to have real figures. - Carl From rah at shipwright.com Sun Aug 14 12:04:54 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 14 Aug 94 12:04:54 PDT Subject: e$: Economic Development of the Caribbean In-Reply-To: Message-ID: <199408141902.PAA13168@zork.tiac.net> In article , francis at ecf.toronto.edu (FRANCIS ALVIN CYRILLE) wrote: > What are the major factors hindering economic development in the Caribbean..? I've been interested in this for a long time. I've started to form some ideas about it, and here they are. 1. No effective public health system. (Not really socialized medicine, just sanitation, epidemiology, etc.) 2. No educational infrastructure. 3. Monopolistic control of political structures. 4. Monopolistic control of critical markets. The above are interrelated, thus the ranking is only superficial. As island states with few resources, the nations of the caribbean can't afford to have political and economic monoculture. Small islands with few resources (Singapore, Hong Kong, Japan and the British Isles) must trade or die. Uniparty states, with sweetheart deals to extract resources and ship them away, tend to make their people poorer, unless there's an extreme premium on the resource (oil, guano, etc). Brunei, where the sultan owns everything and is the country's the richest in the world anyway (per capita) is a great example of being able to "afford" monopolistic political and market control. They have enormous oil reserves with which to pay for all the eggregious excesses of the government/theocracy, and still have lots left over for education, public health, and universal health access. It's interesting to think that that's pretty much what Fidel did in Cuba. His "premium resource" was a strategic position 90 miles off of Florida that was very very valuable to the USSR. Life gets better someplace only as the life expectancy goes up. This is called the Demographic Transition, and it is marked by a sharp decline in population growth as life expectancy crosses 50 years. People won't have children as a substitute for retirement pensions when they can see that they will be healthy enough to take care of themselves for most of their whole life. Children become a want rather than a need, and population growth tapers off. Most of the USA's population growth comes from immigration. Singapore has state-sponsored latin dance classes to get their citizens interested in having families earlier. (Go figure) The quickest way to drive up life expectancy is through public health. If people won't die from malaria or typhus or cholera or diptheria, or river blindness, or whatever, because their water's clean, and their wastes don't get back into their food chain, then their life expectancy doubles overnight. I stayed in the Galleon House in downtown Charlotte Amalie for a week a few years ago, and the open sewers are still right there out on the street. I remember seeing a "creek" running through an alluvial plain of shacks just outside St. John in Antigua, and the water was purple-green with raw sewage. The reason that this hasn't changed is because the population hasn't demanded it, and the reason for that is that they're not given enough education. The reason for that is that the governments are filled with people who want to line their own pockets, and can do so because they hold generational political dynasties. This is usually because of some sweetheart deal with an extractive monopoly/oligopoly, which can "contribute" large piles of cash to whoever does them a favor. If there was more of a trading tradition in the caribbean it would help drive growth. There are a few places where that has happened before and can happen again. St. Thomas, unencumbered by US government subsidy and regulation might be one, if those if monoparty cronyism didn't kill it. It had been a huge shipping and trading port for centuries. Now its primary function seems to be shaking down tourists. Trade of a sort, I suppose. Which leads me directly to another reason I'm interested in the small island nations of the caribbean. The idea of internet commerce. There are people in some circles in the net who think that the internet provides a perfect opportunity for people to buy and sell software and information securely and even anonymously. To do this properly one would need to reduce restrictions on cash transactions, the transfer of capital, and the use of strong cryptography. Cryptography is the enabling technology for the transfer of assets and money in a secure fashion over unsecure networks. The first result is that people can work anywhere they want. Personally, I think Boston is nice, but I'd rather hang in Cruz Bay for most of the year if I could get away with it. We just had a discussion in soc.culture.caribbean about the lack of full-blown USVI internet access which talked about that. You could have a whole class of "lifestyle refugees" coming from the developed world to the caribbean because they can work anywhere they want. This literally foriegn trade, only now a nation is re-exporting intellectual property. Sort of like a fair-weather maquilladora with imported gold-collar workers. Think about the development of america in the 19th century. The railroads brought immigrants from europe, who then homesteaded land and sold the agricultural products they grew to people who processed them into goods which generated foriegn exchange, which paid for interest on bonds that J.P. Morgan & Co. sold to the european money centers. Some of those bonds were then used to build more railroads, which brought in more settlers, etc. The other neat thing about this process is that it automatically brings in foriegn exchange and development capital which is independent of monopolistic controls. These "refugees" have to buy things, but they buy them from local, distributed sources: shops, builders, tradesmen, etc. Those people automatically have an independent entrepreneurial outlook, which is reflected eventually in the political and economic structure of the nation. You get a quasi-Jeffesonian nation of shopkeepers, tradesmen, and as their children are educated, technical/information professionals who work on the net for a living. This is how a nation can build a trading tradition from the ground up. Finally, the electronic money (e$ for short) which enables this commerce has to be denominated in something, probably dollars. The entities (call them banks, for the time being) have to live somewhere. These entities are responsible for moving assets and money on and off the internet and make their money by either taking a small fee (called a spread) when converting money from one form to another, or from collecting the interest (called the float) on the dollars that were converted into e$, but haven't been converted back to other dollars yet. The cool thing is that some caribbean nations have figured out offshore banking already. The reason this kind of banking is valuable is the concept of regulatory arbitrage. Regulations impede the flow of money. The Netherlands Antilles have made a reasonable living domiciling corporations whose sole purpose is to keep money out of the american banking system and thus its tax mechanism. Money made offshore which stays offshore doesn't get taxed as easily by the IRS. Regulatory Arbitrage is also exemplified by the banking and insurance industries of the Bahamas, the Caymans, Bermuda, and to a lesser extent, Antigua and the EC (Eastern Caribbean) nations. In those cases, those nations have modeled bank secrecy laws like those of the swiss. In order for a nation to become an e$-center, they would have to allow the creation of e$, particular dollar-denominated e-cash on their shores. There are enourmous regulatory hurdles in the US, but with a sufficiently arbitrary and capricious political infrastructure, it could happen pretty soon in the caribbean, if it was worth someone's while... Ah, the ironies of economics... Cheers, Bob Hettinga -- Robert Hettinga (rah at shipwright.com) "There is no difference between Shipwright Development Corporation someone who eats too little 44 Farquhar Street and sees Heaven and someone Boston, MA 02331 USA who drinks too much and sees (617) 323-7923 snakes." -- Bertrand Russell From cjl at welchlink.welch.jhu.edu Sun Aug 14 12:21:52 1994 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Sun, 14 Aug 94 12:21:52 PDT Subject: The Law and the Network Message-ID: C-punx, The following was retyped from SCIENCE magazine (vol 265:p691). I haven't seen it in E-circulation, and thought it would be of revelance to the recent discussion of remailer liability. Anyone out there feel like standing up to express one of the many Cypherpunk points of view in front of the ABA and the AAAS? I'd be curious to know who is attending from any of our favorite TLA's? This looks like just the kind of forum they might use to drop ominous hints about their real intentions. It would be good for there to be C-punk observers there at the very least. Someone with a better usenet feed might want to repost this to the usual newsgroups. IMPORTANT NOTE: Application deadline, August 19th 5pm EST Computer Issues: Call for Applications Applications are invited for participation in the second conference on "Legal, Ethical, and Technological Aspects of Network Use and Abuse" cosponsored by the National Conference of Lawyers and Scientists, a joint committee of the American Association for the Advancement of Science and the American Bar Association. The workshop, scheduled for 7 to 9 October 1994 at a conference center not far from Washington DC, will weigh ideas about what is acceptable behavior in a shared computer environment. Discussions will center on three themes: 1) determining accountablilty and liabiltiy for network content; 2) defining what network content is "public" and what is "private"; and 3) what ethical, legal, and administrative frameworks should be employed for the global information infrastructure. Up to three successful applicants will receive expenses to attend the workshop, which will have 40 participants from a variety of perspectives and disciplines. Each applicant must submit a 1000-word paper addressing one of the three themes above (the papers will be circulated prior to the meeting), a short resume or biographical sketch, and a brief statement of how one's expertise or perspective might contribute to the meeting. The application deadline is 19 August at 5pm EST. E-mail responses are preferred. Those selected will be notified by 9 September. Send applications or requests for more information to: Deborah Runkle Directorate for Science and Policy Programs American Association for the Advancement of Science 1333 "H" Street, NW Washington, DC 20005 Phone: (202) 326-6600 Fax: (202) 289-4950 E-mail: drunkle at aaas.org C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From cactus at bb.com Sun Aug 14 12:28:54 1994 From: cactus at bb.com (L. Todd Masco) Date: Sun, 14 Aug 94 12:28:54 PDT Subject: Eric Hughes talking in NYC on tuesday Message-ID: <199408141934.PAA13164@bb.com> At the Hughes/Blaze/Stratton talk at HOPE, Eric announced that he'd be speaking for the Society for Electronic Access in NYC on "Pivacy, Anonymity, and Money" on Tuesday. I don't remember seeing it on cypherpunks and don't know whether Eric would get a chance to announce it, so what the hell. It'll be Tuesday, August 16th, 1994, at 49 Chambers St., Room 610, in Manhattan. ("Where's the CRIME?"? Maybe that was Detweiler.) -- L. Todd Masco | HKS encrypted Point of Sale system for Internet commerce cactus at bb.com | "Information wants to be free, but authors want to be paid." From jamesd at netcom.com Sun Aug 14 12:52:03 1994 From: jamesd at netcom.com (James A. Donald) Date: Sun, 14 Aug 94 12:52:03 PDT Subject: e$ In-Reply-To: <5442@aiki.demon.co.uk> Message-ID: <199408141952.MAA29732@netcom8.netcom.com> Sheldon Glass writes: > > the plonk was the sound of your wadded up > > email hitting the bottom of the trash can. An entirely deserved > > destination, in my opinion. If you really believe in the sanctity of > > govenrment and in the intelligence and integrity of the government > > employees, then you're so far out of phase that discussion is pointless. Jim Dixon writes > I believe that government employees are drawn from the general population > and the distributions of their attributes are roughly the same as those > of the general population. 'Sanctity of government' is not a phrase or > concept that I introduced. You made a claim concerning our judicial and legal system, a claim so far out of contact with reality that nobody can be bothered to refute you. Any judge who thought of the law the way you think of it is going to be doing traffic cases, beggars, and prostitutes for the rest of his life, assuming he is going to remain a judge. Indeed even to become a lawyer one of the requirements is that you can cite certain infamous judicial interpretations with a straight face. (None of the above statements should be read as implying that Perry has ever been right about anything.) :-) -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From nobody at shell.portal.com Sun Aug 14 14:32:31 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sun, 14 Aug 94 14:32:31 PDT Subject: Tommy the Tourist's New Home Message-ID: <199408142132.OAA02722@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- werewolf at io.org (Mark Terka) wrote: > > Soda was down for a week while it was moved to a different location. The > > new address is "remailer at soda.csua.berkeley.edu". I'm told that the old > > address will continue to work for a limited time, but it's best to get in > > the habit of using the correct one. > > Ok, I take it this is the one that posts directly to the USENET groups? Yes it is, although I haven't seen any posts from "Tommy the Tourist" for several days, now. A test post sent a few days ago has still not shown up. Also, there seems to be some sort of problem with soda's public key on chained remailings. Even when the Usenet gateway was operational, chained posts where the message to soda was PGPed seemed to go into the bit bucket. Also, FYI, Matt Ghio's remailer now offers Usenet posting as well. > > I also understand that the crypto archives have also moved, but I'm not > > really sure of the details. > > Well as of about 3pm EDT today they seemed to still be at > ftp.soda.berkeley.edu as I scooped a couple of files from that > site at that time. Through the magic of dual entries in a Domain Naming server somewhere, no doubt. Next time, you might try the new "csua" name and see if that's working, too. --- Diogenes -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLk4kXORsd2rRFQ1JAQGjkQP+NVQ8X5Q/W40MpdMEah7aKZY7jT4HaR++ vZbegzYPZOX3dKhxPnVizr2znj+qYnJQeBwsHb0BvvI+V711U8UYpl6JFsGqFIRj MZzofuhDQzXvqaWmKaOvKlhmbgWHOIdlRCnLU3W3fLw6zvGJlUj0MNTxmnZmnkSh ycL6mXhzPq8= =I+lP -----END PGP SIGNATURE----- From mpj at netcom.com Sun Aug 14 14:41:39 1994 From: mpj at netcom.com (Michael Paul Johnson) Date: Sun, 14 Aug 94 14:41:39 PDT Subject: Where to get the latest PGP (Pretty Good Privacy) FAQ Message-ID: -----BEGIN PGP SIGNED MESSAGE----- WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) (Last modified: 11 August 1994 by Mike Johnson) WHAT IS THE LATEST VERSION? There is more than one latest version. Pick one or more of the following that best suits your computer, patent restrictions, and export restrictions. Some countries (like France) may also restrict import or even use of strong cryptography like PGP. |-----------------|--------------|-------------|---------------------| | Platform(s) | Countries | Allowed Use | Latest Version | |-----------------|--------------|-------------|---------------------| | DOS, Unix, | USA & Canada | Commercial | Viacrypt PGP 2.7 | | or WinCIM/CSNav | | Personal | | | | | Research | | |-----------------|--------------|-------------|---------------------| | DOS, Unix, Mac, | USA & Canada | Personal | MIT PGP 2.6 | | OS/2, others | | Research | | |-----------------|--------------|-------------|---------------------| | DOS, Unix, Mac, | Most of the | Personal | PGP 2.6ui | | OS/2, others | world except | Research | ui=unofficial | | | the USA. | | international | |-----------------|--------------|-------------|---------------------| | Mac Applescript | Most of the | Personal | MacPGP 2.6ui v 1.2 | | | world except | Research | | | | the USA. | | | |-----------------|--------------|-------------|---------------------| | Mac Applescript | USA | Research | MacPGP 2.6ui v 1.2 | |-----------------|--------------|-------------|---------------------| | Amiga | Most of the | Personal | Amiga PGP 2.3a.4 | | | world except | Research | | | | the USA. | | PGPAmi23a_4.lha | |-----------------|--------------|-------------|---------------------| | Amiga | USA | Personal | Amiga PGP 2.6 0b0.6 | | | | Research | | |-----------------|--------------|-------------|---------------------| | Atari | Most of the | Personal | Atari PGP 2.3a | | | world except | Research | | | | the USA. | | | |-----------------|--------------|-------------|---------------------| | Atari | USA | Research | Atari PGP 2.3a | |-----------------|--------------|-------------|---------------------| | Any of the | Countries | Commercial | Any of the above | | above | where IDEA | Personal | | | | is not | Research | | | | patented and | | | | | cryptography | | | | | is not | | | | | restricted. | | | |-----------------|--------------|-------------|---------------------| Note: there are other versions available, but these are either old, or outside of the mainstream PGP project. Look for new versions from one of three sources: Viacrypt (Commercial), MIT (North American freeware), or mathew at mantis.co.uk (the unofficially non-designated holder of the unofficial international version that parallels what Philip Zimmermann and the rest of the PGP development team is doing in the USA. Note that the MIT PGP 2.6 is illegal to export from the USA or Canada, but using it outside of the USA and Canada for noncommercial use is not illegal in most countries. In spite of the best efforts of MIT and the other primary developers and distributors of PGP not to violate the International Traffic in Arms Regulations, MIT PGP 2.6 is available on some of the same sites listed for PGP 2.6ui, below. The noncommercial use restriction comes from both the RSAREF license and the patent on the IDEA cipher in Europe and North America. WHAT IS ALL THIS NONSENSE ABOUT EXPORT CONTROLS? For a detailed rant, get ftp://ftp.csn.net/mpj/cryptusa.zip The practical meaning, until the law is corrected to make sense, is that you are requested to get PGP from sites outside of the USA and Canada if you are outside of the USA and Canada. If you are in France, I understand that you aren't even supposed import it. Other countries may be worse. WHAT IS THE "TIME BOMB" IN MIT PGP 2.6? As a concession to the RSA patent holders (in return for endorsement of the legality of the freeware MIT PGP 2.6), MIT placed an inducement in MIT PGP 2.6 to encourage upgrade from the alledgedly patent-infringing PGP 2.3a to the MIT version. The nature of this inducement is a change in a packet ID byte that causes PGP 2.3a and earlier to reject messages created by MIT PGP 2.6 after 1 September 1994. Altering MIT PGP 2.6 to bypass this annoyance (though technically an easy change to the LEGAL_KLUDGE), invalidates the blessing of Public Key Partners on the licence of MIT PGP 2.6. Therefore, it is a bad idea. On the other hand, it is trivial to hack PGP 2.3a to accept these packets, and that (plus a few other bug fixes) is essentially what PGP 2.6ui is. None of the versions of PGP greater than 2.3 have problems reading the old packet ID values, so for maximum compatibility, the ideal is to write the old value and accept either value. Unfortunately, this time bomb has a negative effect on Viacrypt PGP 2.4, as well, which never infringed on anyone's patents. Viacrypt's solution was to issue PGP 2.7, which, by default acts just like MIT PGP 2.6, but has a config.txt option (explained in the release) that allows compatibility with both PGP 2.4 and PGP 2.6. Naturally, this also allows compatibility with PGP 2.3a. The time bomb is annoying for those who still wish to use PGP 2.3a, and for those who use Viacrypt PGP 2.4 and don't want to spend US$10 to upgrade to Viacrypt PGP 2.7, but considering the magnitude of the concession made by Public Key Partners in legitimizing the freeware PGP for use in the USA, it was worth it. ARE MY KEYS COMPATIBLE WITH THE OTHER PGP VERSIONS? If your RSA key modulus length is less than or equal to 1024 bits (I don't recommend less, unless you have a really slow computer and little patience), and if your key was generated in the PKCS format, then it will work with any of the mainstream PGP versions (PGP 2.3a, Viacrypt PGP 2.4, MIT PGP 2.6, PGP 2.6ui, or Viacrypt PGP 2.7). If this is not the case, you really should generate a new key that qualifies. Philip Zimmermann is aware of the desire for longer keys in PGP by some PGP fans (like me), but wants to migrate towards that goal in an orderly way, by first releasing versions of PGP in for all platforms and for both commercial (Viacrypt) and freeware (MIT) flavors that ACCEPT long keys, then releasing versions that can also GENERATE long keys. He also has some other neat key management ideas that he plans to implement in future versions. WHAT ARE THE KNOWN BUGS IN PGP? These are the most annoying: MIT PGP 2.6 -- the function xorbytes doesn't. Replace the = with ^= to fix it. The effect of this bug is that RSA keys aren't quite as random as they should be -- probably not a practical problem, but worth fixing if you are going to compile the code yourself. MIT PGP 2.6 -- DON'T SET PGPPASS when editing your keys, because if you do, and if you don't change your pass phrase, the key is lost. (If this happens, rename your backup keyring files to the primary files before you do anything else). PGP 2.6ui -- Conventional encryption -c option doesn't use a different IV every time, like it is supposed to. (PGP 2.3a had this problem, too). WHERE CAN I GET VIACRYPT PGP? Versions are available for DOS, Unix, or WinCIM/CSNav Commercial software. Call 800-536-2664 to order. If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in Phoenix, Arizona, USA. The commecial version of PGP is fully licensed to use the patented RSA and IDEA encryption algorithms in commercial applications, and may be used in corporate environments in the USA and Canada. It is fully compatible with, functionally the same as, and just as strong as the freeware version of PGP. Due to limitations on ViaCrypt's RSA distribution license, ViaCrypt only distributes executable code and documentation for it, but they are working on making PGP available for a variety of platforms. Call or write to them for the latest information. The latest version number for their version of PGP is 2.7. Upgrade from Viacrypt PGP 2.4 to 2.7 is free if you bought version 2.4 after May 27, 1994, otherwise the upgrade is US$10. Viacrypt's licensing and price information is as follows: ViaCrypt PGP for MS-DOS 1 user $ 99.98 ViaCrypt PGP for MS-DOS 5 users $ 299.98 ViaCrypt PGP for MS-DOS 20 users or more, call ViaCrypt ViaCrypt PGP for UNIX 1 user $ 149.98 ViaCrypt PGP for UNIX 5 users $ 449.98 ViaCrypt PGP for UNIX 20 users or more, call ViaCrypt ViaCrypt PGP for WinCIM/CSNav 1 user $ 119.98 ViaCrypt PGP for WinCIM/CSNav 5 user $ 359.98 ViaCrypt PGP for WinCIM/CSNav 20 users or more, call ViaCrypt If you wish to place an order please call 800-536-2664 during the hours of 8:30am to 5:00pm MST, Monday - Friday. They accept VISA, MasterCard, AMEX and Discover credit cards. If you have further questions, please feel free to contact: Paul E. Uhlhorn Director of Marketing, ViaCrypt Products Mail: 2104 W. Peoria Ave Phoenix AZ 85029 Phone: (602) 944-0773 Fax: (602) 943-2601 Internet: viacrypt at acm.org Compuserve: 70304.41 WHERE CAN I GET MIT PGP? MIT PGP is Copyrighted freeware. Telnet to net-dist.mit.edu, log in as getpgp, answer the questions, then ftp to net-dist.mit.edu and change to the hidden directory named in the telnet session to get your own copy. MIT-PGP is for U. S. and Canadian use only, but MIT is only distributing it within the USA (due to some archaic export control laws). 1. Read ftp://net-dist.mit.edu/pub/PGP/mitlicen.txt and agree to it. 2. Read ftp://net-dist.mit.edu/pub/PGP/rsalicen.txt and agree to it. 3. Telnet to net-dist.mit.edu and log in as getpgp. 4. Answer the questions and write down the directory name listed. 5. QUICKLY end the telnet session with ^C and ftp to the indicated directory on net-dist.mit.edu (something like /pub/PGP/dist/U.S.-only-????) and get the distribution files (pgp26.zip, pgp26doc.zip, pgp26src.tar.gz, MacPGP2.6.sea.hqx, and MacPGP2.6.src.sea.hqx). If the hidden directory name is invalid, start over at step 3, above. File names (shortened file names are for DOS BBS distribution): pgp26doc.zip - documentation only pgp26.zip - includes DOS executable & documentation pgp26src.zip - source code pgp26src.tar or pgp26src.tar.gz - source code release for Unix and others macpgp26.hqx or MacPGP2.6.sea.hqx - Macintosh executable & documentation macpgp26.src or MacPGP2.6.src.sea.hqx - Macintosh source code mcpgp268.hqx or MacPGP2.6-68000.sea.hqx - Macintosh executable for 68000 pgp26os2.zip - OS/2 executable (may not be on the MIT archive) RSA and IDEA algorithms licenced for personal and noncommercial use. Uses RSAREF, which may not be modified without RSADSI permission. Contains "time bomb" to start generating messages incompatible with PGP 2.3 and 2.4 on 1 September 1994 as an incentive for people to not use PGP 2.3a in the USA, which RSADSI claims infringes on their patents. Mac versions are not yet Applescriptable. This version is not intended for export from the USA and Canada due to the USA's International Traffic in Arms Regulations and Canada's corresponding regulations. You can also get MIT PGP 2.6 from: ftp.csn.net/mpj ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26.zip ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26src.zip ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26os2.zip ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26src.tar.gz ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/mac MacPGP2.6.sea.hqx MacPGP2.6.src.sea.hqx MacPGP2.6-68000.sea.hqx ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/amiga/ pgp26-amiga0b0.6-000.lha pgp26-amiga0b0.6-020.lha pgp26-amiga0b0.6-src.lha amiga.txt See ftp://ftp.csn.net/mpj/README.MPJ for the ??????? See ftp://ftp.csn.net/mpj/help for more help on negotiating this site's export control methods. ftp.netcom.com/pub/mpj ftp://ftp.netcom.com/mpj/I_will_not_export/crypto_???????/pgp/pgp26.zip ftp://ftp.netcom.com/mpj/I_will_not_export/crypto_???????/pgp/pgp26src.tar.gz ftp://ftp.netcom.com/pub/mpj/I_will_not_export/crypto_???????/pgp/ MacPGP2.6.sea.hqx ftp://ftp.netcom.com/pub/mpj/I_will_not_export/crypto_???????/pgp/ MacPGP2.6.src.sea.hqx MacPGP2.6-68000.sea.hqx See ftp://ftp.netcom.com/pub/mpj/README.MPJ for the ??????? See ftp://ftp.netcom.com/pub/mpj/help for more help on negotiating this site's export control methods. TO GET THESE FILES BY EMAIL, send mail to ftp-request at netcom.com containing the word HELP in the body of the message for instructions. You will have to work quickly to get README.MPJ then the files before the ??????? part of the path name changes again (several times a day). ftp.eff.org Follow the instructions found in README.Dist that you get from one of: ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/README.Dist gopher.eff.org, 1/Net_info/Tools/Crypto gopher://gopher.eff.org/11/Net_info/Tools/Crypto http://www.eff.org/pub/Net_info/Tools/Crypto/ COMPUSERVE The NCSA Forum sysops have a library that is available only to people who send them a message asserting that they are within the U. S. A. This library contains PGP. I have also seen PGP 2.6 in some other places on Compuserve. Try searching for PGP26.ZIP in the IBMFF forum for up-to-date information on PGP in selected other areas. The last time I tried a search like this, PGP 2.6 was found in the PC World Online forum (GO PWOFORUM) new uploads area, along with several PGP shells and accessories. I've also heard that EUROFORUM caries PGP 2.6ui, but have not confirmed this. Compuserve file names are even more limited than DOS, so the file names to look for are PGP26.ZIP, PGP26S.ZIP (source code), and PGP26D.ZIP (documentation only). Colorado Catacombs BBS Mike Johnson, sysop Mac and DOS versions of PGP, PGP shells, and some other crypto stuff. Also the home of some good Bible search files and some shareware written by Mike Johnson, including DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP, MDIR, DELETE, PROVERB, SPLIT, ONEPAD, etc. v.FAST/v.32bis/v.42bis, speeds up to 28,800 bps 8 data bits, 1 stop, no parity, as fast as your modem will go. Use ANSI terminal emulation, of if you can't, try VT-100. Free access to PGP. If busy or no answer, try again later. Log in with your own name, or if someone else already used that, try a variation on your name or pseudonym. You can request access to crypto software on line, and if you qualify legally under the ITAR, you can download on the first call. Download file names: pgp26.zip (DOS version with documentation) pgp26src.tar (Unix version and source code) pgp26doc.zip (Documentation only -- exportable) macpgp26.hqx (MacPGP executables, binhexed .sea) macpgp26.src (MacPGP source, binhexed .sea) mcpgp268.hqx (MacPGP executables, binhexed .sea for 68000 processor). (303) 772-1062 Longmont, Colorado number - 2 lines. (303) 938-9654 Boulder, Colorado number forwarded to Longmont number intended for use by people in the Denver, Colorado area. Verified: This morning. Hieroglyphics Voodoo Machine (Colorado) Jim Still (aka Johannes Keppler), sysop. DOS, OS2, and Mac versions. (303) 443-2457 For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO" with the password "NEW" (good for 30 minutes access to free files). Other BBS and ftp sites do have these files, as well. I noticed that PGP26.ZIP is being distributed on FIDONET. WHERE CAN I GET PGP FOR USE OUTSIDE OF THE USA? The latest for outside the USA is the "Unofficial International" PGP 2.6 for most platforms, MacPGP 2.3aV1.2 for the Mac (although 2.6ui is under development and should appear very soon), and 2.3a.4 for the Amiga. The latest amiga version is fully compatible with MIT's PGP 2.6. Copyrighted freeware. Version 2.6ui released by mathew at mantis.co.uk. Amiga version 2.3a4 released by Peter Simons These versions do NOT use RSAREF. No RSA patent problems outside the USA, but this version is not legal for commercial or extensive personal use in the USA. IDEA licensed for presonal use only in countries where the IDEA patent holds. The freeware version of PGP is intended for noncommercial, experimental, and scholarly use. It is available on thousands of BBSes, commercial information services, and Internet anonymous-ftp archive sites on the planet called Earth. This list cannot be comprehensive, but it should give you plenty of pointers to places to find PGP. Although the latest freeware version of PGP was released from outside the USA (England), it is not supposed to be exported from the USA under a strange law called the International Traffic in Arms Regulations (ITAR). Because of this, please get PGP from a site outside the USA if you are outside of the USA and Canada. Even though the RSAREF license associated with PGP 2.6 from MIT no longer prohibits use outside the USA, it still carries the not-for-profit restriction that the original RSA code in PGP 2.6ui doesn't have. On the other hand, patents on the IDEA cipher may limit PGP use in your country to nonprofit applications, anyway. Indeed, I understand that there are some countries where private electronic mail is not legal, anyway. These listings are subject to change without notice. If you find that PGP has been removed from any of these sites, please let me know so that I can update this list. Likewise, if you find PGP on a good site elsewhere (especially on any BBS that allows first time callers to access PGP for free), please let me know so that I can update this list. Source code (gzipped tar format): * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26ui-src.tar.gz * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26ui-src.tar.gz.sig * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26ui-src.tar.gz * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26ui-src.tar.gz.sig.gz * _TW:_ ftp://nctuccca.edu.tw/PC/wuarchive/pgp/pgp26ui-src.tar.gz * _TW:_ ftp://nctuccca.edu.tw/PC/wuarchive/pgp/pgp26ui-src.tar.gz.sig.gz Source code (zip format): * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uis.sig * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uis.zip * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uis.sig * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uis.zip * _TW:_ ftp://nctuccca.edu.tw/PC/wuarchive/pgp/pgp26uis.zip Executable for DOS (zip format): * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uix.sig * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uix.zip * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uix.sig * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uix.zip MacIntosh: * _DE:_ ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/mac /MacPGP2.6ui_beta.sit.hqx * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/PGP/MacPGP2.6ui_V1.2sources.cpt.hqx Other sites to look for the above mentioned files at: ftp.informatik.uni-hamburg.de /pub/virus/crypt/pgp This site has most, if not all, of the current PGP files. ftp.wimsey.bc.ca /pub/crypto/software/dist/US_or_Canada_only_XXXXXXX/PGP (U. S. and Canadian users only) See /pub/crypto/software/README for the characters for XXXXXXXX This site has all public releases of the freeware PGP from 1.0 through 2.6 and 2.6ui. black.ox.ac.uk (129.67.1.165) /src/security/pgp26uix.zip (MS-DOS executables & docs) /src/security/pgp26uis.zip (Unix, MS-DOS, VMS, Amiga sources, docs, info on building PGP into mailers, editors, etc.) There are several other versions of PGP here, including the MIT release. ftp.csn.net /mpj/public/pgp/ contains PGP shells, faq documentation, language kits. ftp.netcom.com /pub/dcosenza -- Some crypto stuff, sometimes includes PGP. /pub/gbe/pgpfaq.asc -- frequently asked questions answered. /pub/qwerty -- How to MacPGP Guide, largest steganography ftp site as well. PGP FAQ, crypto FAQ, US Crypto Policy FAQ, Steganograpy software list. MacUtilites for use with MacPGP. Stealth1.1 + other steganography programs. Send mail to qwerty at netcom.com with the subject "Bomb me!" to get the PGP FAQ and MacPGP guide if you don't have ftp access. ftp.ee.und.ac.za /pub/crypto/pgp soda.berkeley.edu /pub/cypherpunks/pgp (DOS, MAC) ftp.demon.co.uk /pub/amiga/pgp /pub/archimedes /pub/pgp /pub/mac/MacPGP ftp.informatik.tu-muenchen.de ftp.funet.fi ftp.dsi.unimi.it /pub/security/crypt/PGP ftp.tu-clausthal.de (139.174.2.10) wuarchive.wustl.edu /pub/aminet/util/crypt src.doc.ic.ac.uk (Amiga) /aminet /amiga-boing ftp.informatik.tu-muenchen.de /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2) iswuarchive.wustl.edu pub/aminet/util/crypt (Amiga) nic.funet.fi (128.214.6.100) /pub/crypt/pgp23A.zip /pub/crypt/pgp23srcA.zip /pub/crypt/pgp23A.tar.Z ftp.uni-kl.de (131.246.9.95) qiclab.scn.rain.com (147.28.0.97) pc.usl.edu (130.70.40.3) leif.thep.lu.se (130.235.92.55) goya.dit.upm.es (138.4.2.2) tupac-amaru.informatik.rwth-aachen.de (137.226.112.31) ftp.etsu.edu (192.43.199.20) princeton.edu (128.112.228.1) pencil.cs.missouri.edu (128.206.100.207) StealthPGP: The Amiga version can be FTP'ed from the Aminet in /pub/aminet/util/crypt/ as StealthPGP1_0.lha. Also, try an archie search for PGP using the command: archie -s pgp26 (DOS & Unix Versions) archie -s pgp2.6 (MAC Versions) ftpmail: For those individuals who do not have access to FTP, but do have access to e-mail, you can get FTP files mailed to you. For information on this service, send a message saying "Help" to ftpmail at decwrl.dec.com. You will be sent an instruction sheet on how to use the ftpmail service. Another e-mail service is from nic.funet.fi. Send the following mail message to mailserv at nic.funet.fi: ENCODER uuencode SEND pub/crypt/pgp23srcA.zip SEND pub/crypt/pgp23A.zip This will deposit the two zipfiles, as 15 batched messages, in your mailbox with about 24 hours. Save and uudecode. For the ftp sites on netcom, send mail to ftp-request at netcom.com containing the word HELP in the body of the message. World Wide Web URLs: (Thanks to mathew at mantis.co.uk) _________________________________________________________________ MACPGP 2.3 Program * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.3.cpt.hqx * _UK:_ ftp://black.ox.ac.uk/src/security/macpgp2.3.cpt.hqx * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/macpgp2.3.cpt.hqx * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/macpgp2.3.cpt.hqx * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3.cpt.hqx * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/macpgp2.3.cpt.hqx.gz Source code Requires Think C. * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.2src.sea.hqx -- version 2.2 only * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/macpgp2.3src.sea.hqx.pgp * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3src.sea.h qx.pgp Documentation PGP is rather counter-intuitive to a Mac user. Luckily, there's a guide to using MacPGP in ftp://ftp.netcom.com/pub/qwerty/Here.is.How.to.MacPGP. _________________________________________________________________ OS/2 PGP You can, of course, run the DOS version of PGP under OS/2. * _DE:_ ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/2.6ui/pgp26ui-os2.zip * _US:_ ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26os2.zip ftp://ftp.csn.net/mpj/README.MPJ for the ??????? _________________________________________________________________ AMIGA PGP 2.3 * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a_3.lha * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a_3.lha Source * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a3_src.lha * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a3_src.lha _________________________________________________________________ ARCHIMEDES PGP * _UK:_ ftp://ftp.demon.co.uk/pub/archimedes/ArcPGP23a _________________________________________________________________ DOCUMENTATION ONLY * _US:_ ftp://net-dist.mit.edu/pub/PGP/pgp26doc.zip * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26doc.zip * _US:_ ftp://ftp.netcom.com/pub/mpj/public/pgp/pgp26doc.zip * _US:_ ftp://ftp.ftp.csn.net/mpj/public/pgp/pgp26doc.zip _________________________________________________________________ LANGUAGE MODULES These are suitable for most PGP versions. I am not aware of any export/import restrictions on these files. German * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_german.txt * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_german.txt * _US:_ ftp://ftp.csn.net/mpj/public/pgp/PGP_german_docs.lha Italian * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.italian.tar.gz * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/PGP/pgp-lang.italian.tar.gz * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.italian.tar.gz Japanese * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-msgs-japanese.tar.gz Lithuanian * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp23ltk.zip Russian * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26ru.zip (MIT version) * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26uir.zip (ui version) * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp26ru.zip Spanish * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.spanish.tar.gz * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.tar.gz * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.spanish.tar.gz Swedish * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_swedish.txt * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_swedish.txt _________________________________________________________________ OTHER SITES Some cryptographic software is available from ftp://van-bc.wimsey.bc.ca/pub/crypto/software/. Read the README file and proceed from there. BBS sites: Colorado Catacombs BBS (See also the entry above for PGP 2.6) (303) 772-1062 Longmont, Colorado (2 lines) (303) 938-9654 Boulder, Colorado (free call from Denver CO, but 1 line) For free access: log in with your own name, answer the questions, then select [Q]uestionaire 3 from the [M]ain menu. Verified: This morning. Hieroglyphics Voodoo Machine (Colorado) Jim Still (aka Johannes Keppler), sysop. DOS, OS2, and Mac versions. (303) 443-2457 Verified: 5-2-94 For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO" with the password "NEW" (good for 30 minutes access to free files). Exec-Net (New York) Host BBS for the ILink net. (914) 667-4567 The Ferret BBS (North Little Rock, Arkansas) (501) 791-0124 also (501) 791-0125 Special PGP users account: login name: PGP USER password: PGP This information from: Jim Wenzel If you find a version of the PGP package on a BBS or FTP site and it does not include the PGP User's Guide, something is wrong. The manual should always be included in the package. If it isn't, the package is suspect and should not be used or distributed. The site you found it on should remove it so that it does no further harm to others. ARCHIE WHO? There are many more sites. You can use archie and/or other "net-surfing" tools to find a more up-to-date listing, if desired. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.7 mQCNAi4PT2QAAAEEAPPCZnrshEJ9PSnV+mXEwjM4kzJF0kyg2MnLMzo83vWI40ei jogncqdkXT0c2TQWg+Bsu9ckFoXdId0utumYv0aqd8yI/oU/DwJ1zJrqRL2PFbxe ZLofHoKFjvq1TiNiJq9ps3jW6iYS4IU1SzyKhjmyE+K0+WyrPPX0zg8FAL9FAAUR tCdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajiJAJUCBRAu G3chZXmEuMepZt0BAZtAA/0Rw5mintlUDgHycNbeoyIiMHoLu8jWaCSaiGSt+dDU 1A/bUCo+gorv5TYxOClRf3XHjD6zSooWyUz3ehotrzPYLunhVOE2YBxPU+OvKFOc 37mcZrnXGBlF5NblnSYxp0186tGaTm7WMWx7NDlHT4GvhzHJQSOoo48ykDkKm/mk LIkAlQIFEC4PWbs/ZwY8hTPrxQEBKyMD/A7kv91C1ZZIRtkbC9k9lsWOgOnO8wG8 bGMajaco465Z5llWD+Y8QCMdSWcowtOBGfW0Wv1bZ1uebeCpg1L66pJ7C+BOExrk gPqRVCstLLiVerKGeSOZo3yXtxYKYX7mHQPrHp98ef7fUG4IiKS+S+znmGxpJwrV sHZRlhJ3hXUsiQCVAgUQLg9ZefX0zg8FAL9FAQFBTAQAh4u4Vun7WhPuL6fsXiXm paaGfeLtd3biRj/aOMAG1eHuhVdWejx71ormyKTdNB2YV56bpsE3JQ/KhBuYDo0N SkRnqeM2S+Ef7aZEg6Q44uXG52pqCZUldtCeYfOs3aLCR9SMlc6Y3zmpSwB1wKP0 5+tN9zruNYVKKBLWEIFAY7W0K01pY2hhZWwgUGF1bCBKb2huc29uIDxtLnAuam9o bnNvbkBpZWVlLm9yZz60IE1pY2hhZWwgSm9obnNvbiA8bXBqQG5ldGNvbS5jb20+ tChNaWtlIEpvaG5zb24gPDcxMzMxLjIzMzJAY29tcHVzZXJ2ZS5jb20+tCtNaWNo YWVsIFAuIEpvaG5zb24gPG1wam9obnNvQG55eC5jcy5kdS5lZHU+tC1EbyBub3Qg dXNlIGZvciBlbmNyeXB0aW9uIGFmdGVyIDI3IEp1bmUgMTk5Ni4= =rR4q - -----END PGP PUBLIC KEY BLOCK----- ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-772-1062 | | | | / _ | mpj at csn.org aka mpj at netcom.com m.p.johnson at ieee.org | | |||/ /_\ | ftp://ftp.csn.net/mpj/README.MPJ CIS: 71331,2332 | | |||\ ( | ftp://ftp.netcom.com/pub/mpj/README.MPJ -. --- ----- ....| | ||| \ \_/ |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.7 iQCVAgUBLkq2xfX0zg8FAL9FAQFTNgP+MRZEelkRWavsKsLKgTpZEXix++Bhk8CW s1jgJkyFEgEjS5EDPsKUOZKT+peohlfSmMO1dvO4125b+g+jg3rI/BQQOnWA65PT 8ylmelaoQSrzPhbYvPCk/a7zzOqoGnfa3x4C3ECJBRKFvofaZOgo1pzzCxwwa/wW PtYKpgCtp34= =H24Y -----END PGP SIGNATURE----- From mpjohnso at nyx10.cs.du.edu Sun Aug 14 14:54:34 1994 From: mpjohnso at nyx10.cs.du.edu (Michael Johnson) Date: Sun, 14 Aug 94 14:54:34 PDT Subject: Zimmermann & Johnson at Sept. RMIUG Message-ID: <9408142154.AA26719@nyx10.cs.du.edu> > I have been told that noted Colorado crypto experts Phil Zimmermann > and Mike Johnson, along with Phil's attorney, Phil Dubois, will be > panelists at the September meeting of the Rocky Mountain Internet > Users Group. The meeting will be on Tues. 9/13, 7-9 pm at NCAR in > the Sovereign Republic of Boulder. Duane Thompson tells me that cookies will be served starting at 6:30pm, so the early comers get more than the good seats. :-) I'm not sure if I'm REALLY a crypto expert, but I plan to be there. :-) ___________________________________________________________ | | |\ /| | | Michael Paul Johnson Colorado Catacombs BBS 303-772-1062 | | \/ |o| | PO Box 1151, Longmont CO 80502-1151 USA Jesus is alive! | | | | / _ | mpj at csn.org aka mpj at netcom.com m.p.johnson at ieee.org | | |||/ /_\ | ftp://ftp.csn.net/mpj/README.MPJ CIS: 71331,2332 | | |||\ ( | ftp://ftp.netcom.com/pub/mpj/README.MPJ -. --- ----- ....| | ||| \ \_/ | PGPprint=F2 5E A1 C1 A6 CF EF 71 12 1F 91 92 6A ED AE A9 | |___________________________________________________________| From shamrock at netcom.com Sun Aug 14 15:22:03 1994 From: shamrock at netcom.com (Lucky Green) Date: Sun, 14 Aug 94 15:22:03 PDT Subject: Ecash beta test Message-ID: <199408142222.PAA10396@netcom7.netcom.com> I assume we all signed up for the e$ beta test. Has anyone received a reply yet? -- Lucky Green PGP public key by finger From werewolf at io.org Sun Aug 14 15:23:58 1994 From: werewolf at io.org (Mark Terka) Date: Sun, 14 Aug 94 15:23:58 PDT Subject: Tommy the Tourist's New Home In-Reply-To: <199408142132.OAA02722@jobe.shell.portal.com> Message-ID: On Sun, 14 Aug 1994 nobody at shell.portal.com wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > werewolf at io.org (Mark Terka) wrote: > > > > > Ok, I take it this is the one that posts directly to the USENET groups? > > Yes it is, although I haven't seen any posts from "Tommy the > Tourist" for several days, now. A test post sent a few days ago > has still not shown up. Also, there seems to be some sort of Ok, I'll try sending a post through myself just to see what happens. > problem with soda's public key on chained remailings. Even when > the Usenet gateway was operational, chained posts where the > message to soda was PGPed seemed to go into the bit bucket. Hmmmm...glad someone esle was having this problem. Before they moved I tried bouncing a chained message through soda (after using the CHAIN program to prepare it) and soda must have barfed on it as it never made it out the other end. > > Also, FYI, Matt Ghio's remailer now offers Usenet posting as > well. Actually, in a couple of recent posts to the more obscure message bases in USENET I sent the posts first through ghio, then through hacktic, and from hactic through the gateway at news.demon.co.uk. The uk gateway seems to work flawlessly, so I'll figure on sticking with that as my anon gateway. You know how it is...once you find a remailer(s)/gateway combo that works, you tend to stick with it. I find lately i've been going with wimsey/hacktic/ghio and then out through demon.co.uk.....it seems pretty stable. > > Well as of about 3pm EDT today they seemed to still be at > > ftp.soda.berkeley.edu as I scooped a couple of files from that > > site at that time. > > Through the magic of dual entries in a Domain Naming server > somewhere, no doubt. Next time, you might try the new "csua" name > and see if that's working, too. Yeah, I'll give that a shot and see what happens. By the way, anybody notice if the crypto archives at dsi.unimi.it are up? I haven't been able to get through all day (Sunday). -------------------------------------------------------------------------- Mark Terka | werewolf at io.org | public key (werewolf) by Toronto,Canada | dg507 at cleveland.freenet.edu | public key server or request --------------------------------------------------------------------------- From pigsfly at unixg.ubc.ca Sun Aug 14 15:37:08 1994 From: pigsfly at unixg.ubc.ca (Ari Y. Benbasat) Date: Sun, 14 Aug 94 15:37:08 PDT Subject: t-shirts & general info Message-ID: Hey there... I was interested in the availabilty of your "Cypherpunk Criminal" shirts and in some general information about your organization... Any information which you could provide me with is greatly appreciated... thanks ari ------------------------------------------------------------------------------ Ari Y. Benbasat | What a piece of work is a man! How noble in reason, Pigsfly at unixg.ubc.ca | how infinite in faculty, in form and moving how Engineering Physics UBC | express and admirable, in action how like an angel, Court Jester in Training | in apprehension how like a god! ERTW | - Hamlet II ii 305-8 ------------------------------------------------------------------------------ Finger for World Wide Web Homepage URL and PGP 2.6 Public Key. ------------------------------------------------------------------------------ From rah at shipwright.com Sun Aug 14 15:40:44 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 14 Aug 94 15:40:44 PDT Subject: Ecash beta test Message-ID: <199408142238.SAA14912@zork.tiac.net> At 3:22 PM 8/14/94 -0700, Lucky Green wrote: >I assume we all signed up for the e$ beta test. Has anyone received a reply >yet? heh- eh. maybe he's only gonna use Real Players, not us lowly enthusiasts and wannabes. Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From hayden at vorlon.mankato.msus.edu Sun Aug 14 15:48:13 1994 From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden) Date: Sun, 14 Aug 94 15:48:13 PDT Subject: t-shirts & general info In-Reply-To: Message-ID: On Sun, 14 Aug 1994, Ari Y. Benbasat wrote: > Hey there... I was interested in the availabilty of your "Cypherpunk > Criminal" shirts and in some general information about your > organization... Any information which you could provide me with is > greatly appreciated... We formed an organization? When did that happen :-) (note the smiley :-) ____ Robert A. Hayden <=> hayden at vorlon.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or anyone else, dammit -=-=-=-=-=-=-=- (GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++ j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++** From nobody at CSUA.Berkeley.EDU Sun Aug 14 16:10:41 1994 From: nobody at CSUA.Berkeley.EDU (Tommy the Tourist (Anon User)) Date: Sun, 14 Aug 94 16:10:41 PDT Subject: No Subject Message-ID: <199408142310.QAA04946@soda.CSUA.Berkeley.EDU> I have noticed something... Soda's remailer has the IRRITATING feature of putting shit like bombing buildings, drugs, et al at the bottom of anon posts/mail. If an anon user is found, then he or she can get into some deep trouble not by way of his posts, but by way of Soda's text. I wish they had an option to turn that off. :( ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 8 lines: :: Response-Key: the-clipper-key ====Encrypted-Sender-Begin==== MI@```%ER&2?(EFM47+YB;N!KCVBZ*?%]&G%@*BG(UF+U@^A!7^NX> M]\AX5?P,\*3R!E`X5/N.B&F[D*0CM5[LY%`=Q[@5:63N\9D+)>FAC5Y`4M\9 $:]I)O``` ====Encrypted-Sender-End==== From Richard.Johnson at Colorado.EDU Sun Aug 14 16:22:24 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Sun, 14 Aug 94 16:22:24 PDT Subject: Ecash beta test In-Reply-To: <199408142222.PAA10396@netcom7.netcom.com> Message-ID: <199408142316.RAA22337@spot.Colorado.EDU> -----BEGIN PGP SIGNED MESSAGE----- | I assume we all signed up for the e$ beta test. Has anyone received a reply ye t? | | -- Lucky Green PGP public key by finger I've sent a few messages to the E-Cash address. Never got so much as an autoreply filled with propaganda. My conclusion is that E-Cash for regular folks is going to remain tantalizing vaporware for a long while to come. I wish them luck, but I'm not going to hold my breath waiting for the authentication problems and lack of client availability to get fixed. (Don't know what I'm referring to? Just poke around on the E-Cash web site...) Rich -----BEGIN PGP SIGNATURE----- Version: 2.3a-sterno-bait iQCVAgUBLk6zsfobez3wRbTBAQEiAwQAqyAVEyHfjaa/APLUEwEXFjSvKj7Ho52U IYzc2ivRV4D+i08oQMpSJntYImF1MWlzB2EFJZYoWALTXUa/wK7au0cnSJZ0tQHK ALW0K1TtKLwCPTOMLmN6/DrwPpTtnOg9xuU75UI3VbgI01dnICqpYjRn1Z3X+7CZ oHOdggBBqWU= =Y0w8 -----END PGP SIGNATURE----- -- Loudyellnet: Richard Johnson | Sneakernet: ECNT1-6, CB 429, CU Boulder Phonenet: +1.303.492.0590 | Internet: Richard.Johnson at Colorado.EDU RIPEM and PGP public keys available by server, finger or request Speaker to avalanche dragons. Do you really think they listen? From hanson at hss.caltech.edu Sun Aug 14 16:24:02 1994 From: hanson at hss.caltech.edu (Robin Hanson) Date: Sun, 14 Aug 94 16:24:02 PDT Subject: Seeking Clipper/Telephone Cost Estimates Message-ID: <199408142324.QAA17126@hss.caltech.edu> I've been invited to revise my 3700 word article "Can Wiretaps Remain Cost-Effective?" (which appeared in the CPSR Sourcebook on Cryptography, July 1993) into a 2000 word Viewpoint article in CACM (the Communications of the Association for Computing Machinery), to appear as soon as I'm ready. As a first year grad student, I haven't been keeping much track of Clipper & Digital-Telephony stuff, and am now struggling to catch up. If any cypherpunks could help, I'd be appreciative. For example, my paper last year included the sentence The current government contractor claims it will offer the wiretap chips for about $26 each in lots of 10,000 [2], over twice the $10 each a competing private developer claims it would charge [11] for a chip with comparable functionality, minus wiretap support. as part of an attempt to estimate the direct costs imposed by the "clipper" chip. I recall seeing that they are now offering these wiretap chips for $15 each, but can't seem to find the source for that. I'm also told the clipper chips are big VSLI chips, and too big to fit into cellular phones which are the main current potential market for encryption chips. Can anyone offer more technically savvy and up to date estimates of any of the added costs such wiretap chips impose over other encryption chips? The current Edwards/Leahy Digital Telephony Bill appears on the surface to be a big step in the direction of this proposal from my paper: Regarding phone company support for wiretaps, it seems clear that if wiretaps are in fact cost-effective, there must be some price per wiretap so that police would be willing to pay for wiretaps, and phone companies would be willing to support them. As long as the current law requiring police to pay phone company "expenses" is interpreted liberally enough, the market should provide wiretaps, if they are valuable. But there are big differences in reality. In this new bill, 1) the money to pay phone companies comes out of a different pot, so police in the field can't really make tradeoffs between paying more for wiretaps vs. more for other forms of investigation, and 2) instead of a volentary transaction to ensure that costs are more than benefits, "costs" reimbursed are estimated by some unclear legal process. What do folks think of the following analogy? We don't object to police being able to pay willing informants, but we would certainly object to requiring everyone to be an informant, even if we were paid court-determined "costs" for our efforts. Of better yet, consider that we don't require companies that make guns, cars, or computers to sell to the police at some court-determined "cost". Robin Hanson hanson at hss.caltech.edu 818-683-9153 2433 Oswego St., Pasadena, CA 91107 FAX: 818-405-9841 818-395-4093 Div. Hum. & Soc. Sci. 228-77 Caltech, Pasadena, CA 91125 From nobody at CSUA.Berkeley.EDU Sun Aug 14 17:59:00 1994 From: nobody at CSUA.Berkeley.EDU (Tommy the Tourist (Anon User)) Date: Sun, 14 Aug 94 17:59:00 PDT Subject: Tommy Tag Lines Message-ID: <199408150058.RAA10050@soda.CSUA.Berkeley.EDU> On Sun, 14 Aug 1994, Tommy the Tourist wrote: > Soda's remailer has the IRRITATING feature of putting shit like > bombing buildings, drugs, et al at the bottom of anon posts/mail. > That is to intentionaly trip NSA programs what look for particular words and weed out the amount of work actual agents have to sort through for Internet intelegence work. The intent is to make them less effective. there was some suggestion in some security group to compile a list of potential words the NSA would look for and have everyone take 7-8 and put them in your sig file and have EVERY one of your posts have to be sorted through exponetialy increasing the ammount of work NSA agents have to do manually. > If an anon user is found, then he or she can get into some deep > trouble not by way of his posts, but by way of Soda's text. I think it's pretty clear that they are apended to the end of the post and are nothing to do with the anon-poster; like at the end it says: please don't throw knives. ----- end transmission FBI Iran Iraq Nuclear North Korea NSA Pakistan PGP PLO TNT ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 8 lines: :: Response-Key: the-clipper-key ====Encrypted-Sender-Begin==== MI@```%E^&2?(E/X$3CAA.:G Is anyone out there working with MD5 for any application? I was recoding it for VoicePGP when I ran into a bizarre bug. If you've coded/played with coding MD5, please mail me, 'cause for the life of me I can't figure this one out. PS What happened to the list? ------------------------------------------------------------------ ------ Michael Brandt Handler -- Philadelphia, PA -- \bi/ PGP v2.6 public key available -- 1984: We're Behind Schedule \/ From sameer at c2.org Sun Aug 14 21:03:19 1994 From: sameer at c2.org (sameer) Date: Sun, 14 Aug 94 21:03:19 PDT Subject: Will pay nexusbucks for reliability testing of remailers Message-ID: <199408150401.VAA15461@infinity.c2.org> I will pay nexusbucks for reports on remailer reliability in terms of lossage. (I.e. 15 messages sent through remailer X on this day, 14 messages returned withint 3 days) Umm.. 16 NexusBucks per two weeks, for a remailer report every week, listing every remailer using the :: and Anon-To commands which support pgp. The listing should be in an easily-parseable format. Mail me if you are interested. -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-841-0909 http://www.c2.org (or login as "guest") sameer at c2.org From ben at Tux.Music.ASU.Edu Sun Aug 14 21:11:38 1994 From: ben at Tux.Music.ASU.Edu (Ben Goren) Date: Sun, 14 Aug 94 21:11:38 PDT Subject: Tommy Tag Lines Message-ID: On Sun, 14 Aug 1994, Tommy the Tourist wrote: > On Sun, 14 Aug 1994, Tommy the Tourist wrote: > > Soda's remailer has the IRRITATING feature of putting shit like > > bombing buildings, drugs, et al at the bottom of anon posts/mail. > > That is to intentionaly trip NSA programs what look for particular words > and weed out the amount of work actual agents have to sort through for > Internet intelegence work. > [. . .] > ----- > end transmission > FBI Iran Iraq Nuclear North Korea NSA Pakistan PGP PLO TNT Remember that note that Bruce Schneier sent some time ago about the software the NSA was willing to make available for a price? The NSA is more than capable enough to ignore NSA fodder, I would think. If you want to write something that'll get looked at by a human, you'll have to write the kind of thing that's likely to make you the target of an investigation: "Tim, the supplier screwed up--the .5 Kg Pu shipment ain't gonna happen. Though I guess you know that from reading the papers. I think I can find some from Sergei's friend, but he's getting worried that Mossad might be onto him. Found a sweed deal on 50 mg of *very* high grade U235. Too bad we can't use it with our detonator." Don't expect people to do that in numbers. Besides, what terrorist savvy enough to use the 'net is going to be ignorant of PGP? Or not be paranoid enough to find out about it? b& -- Ben.Goren at asu.edu, Arizona State University School of Music net.proselytizing (write for info): The battle is over; Clipper is dead. But the war against Government Access to Keys (GAK) goes on. Finger ben at tux.music.asu.edu for PGP 2.6 public key ID 0xCFF23BD5. From norm at netcom.com Sun Aug 14 21:36:55 1994 From: norm at netcom.com (Norman Hardy) Date: Sun, 14 Aug 94 21:36:55 PDT Subject: Secret sharing made short Message-ID: <199408150437.VAA09143@netcom.netcom.com> At 14:06 1994/08/13 -0700, Hal wrote: .... Obvious only in retorspect. Elegant in any case. Solving that problem had been at the back of my mind for several weeks. From jdwilson at gold.chem.hawaii.edu Sun Aug 14 22:06:30 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Sun, 14 Aug 94 22:06:30 PDT Subject: Bruce Schnier Posting.... In-Reply-To: <199408140814.BAA12266@netcom11.netcom.com> Message-ID: On Sun, 14 Aug 1994, Timothy C. May wrote: > Bruce Schneier was on the Cypherpunks list for a while. > As recently as a few weeks ago he responded to a request to post an article he had written in Dr. Dobbs here on the list. My guess is he does scan the traffic flow. -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.4: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From tcmay at netcom.com Sun Aug 14 23:25:49 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 14 Aug 94 23:25:49 PDT Subject: Tommy Tag Lines In-Reply-To: Message-ID: <199408150626.XAA06916@netcom6.netcom.com> > The NSA is more than capable enough to ignore NSA fodder, I would think. > If you want to write something that'll get looked at by a human, you'll > have to write the kind of thing that's likely to make you the target of an > investigation: "Tim, the supplier screwed up--the .5 Kg Pu shipment ain't Ben, ix-nay on the omb-bay talk! I asked you not to discuss these things on open channels. (But, yes, I did just hear about the BND's seizure of the shipment...our Polish friends are getting sloppy.) On the "Tommy the Tourist" tag lines. To use a netticism, "." The modern Net and the modern NSA will not be fooled for any significant amount of time by such naughty words. In fact, I'm sure they now have a set of filters for ignoring such blatant bait. As all readers of Ludlum, Deighton, and Forsythe know, messages would be phrased as things like "Order received, bill to follow," if not in even more obscure code or enciphered. (Enciphering arouses suspicion, of course, so codes are more likely.) --My name is May, _Tim_ May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From a.brown at nexor.co.uk Mon Aug 15 00:56:01 1994 From: a.brown at nexor.co.uk (Andrew Brown) Date: Mon, 15 Aug 94 00:56:01 PDT Subject: Who killed the list? Message-ID: What the heck has happened to the list? I haven't received a single message in about 4 days! Am I still subscribed? Has there been a software failure? Paranoid minds need to know. -Andy +-------------------------------------------------------------------------+ | Andrew Brown Internet Telephone +44 115 952 0585 | | PGP 2.6ui fingerprint: EC 80 9C 96 54 63 CC 97 FF 7D C5 69 0B 55 23 63 | +-------------------------------------------------------------------------+ From jdd at aiki.demon.co.uk Mon Aug 15 03:14:57 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Mon, 15 Aug 94 03:14:57 PDT Subject: e$ Message-ID: <5975@aiki.demon.co.uk> In message <199408141952.MAA29732 at netcom8.netcom.com> "James A. Donald" writes: > Jim Dixon writes > > I believe that government employees are drawn from the general population > > and the distributions of their attributes are roughly the same as those > > of the general population. 'Sanctity of government' is not a phrase or > > concept that I introduced. > > You made a claim concerning our judicial and legal system, > a claim so far out of contact with reality that nobody can be bothered > to refute you. I made no claim. I asked a question. I quote the exchange in its entirety: > Jim Dixon says: > > In message <9408101428.AA26732 at snark.imsi.com> perry at imsi.com writes: > > > They are simply trying to stop you from playing games. The law > > > isn't like geometry -- there aren't axioms and rules for deriving > > > one thing from another. The general principle is that they want to > > > track all your transactions, and if you make it difficult they > > > will either use existing law to jail you, or will produce a new > > > law to try to do the same. > > > > On what experience or observation do you base these rather extreme > > remarks? > > Plonk. This is fundamentalist ranting, followed by a reasonable question, followed by , followed by ritual denunciations from bystanders. I am an agnostic. I don't believe that 'they' exist. I believe that you have a system staffed by a random selection of the American population, somewhat skewed because people have some control over what area they work in. To work with a system, you need to understand it objectively, you need something more than incantations. -- Jim Dixon From matsb at sos.sll.se Mon Aug 15 03:18:08 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Mon, 15 Aug 94 03:18:08 PDT Subject: Seeking Clipper/Telephone Cost Estimates In-Reply-To: <199408142324.QAA17126@hss.caltech.edu> Message-ID: Robin Hanson wrote: > What do folks think of the following analogy? We don't object to > police being able to pay willing informants, but we would certainly I strongly object to police using my tax money to pay stool-pigeons. The possible benefits of this system are heavily outweighed by the drawbacks (police fraud, false accusations, benefits for despicable criminals). (Even more revolting is the system of police enticing people to commit crimes - stinges- and then prosecuting them. This seems to be such an everyday occurence in the US but I have seen very little opposition to it on the net. Can it be that growing up with such a system makes it seem fair? Many USAns don't even seem to know that such police tactics are forbidden in many European countries - and crimes commited after such enticements certainly not prosecutable.) Mats From sameer at c2.org Mon Aug 15 03:30:08 1994 From: sameer at c2.org (sameer) Date: Mon, 15 Aug 94 03:30:08 PDT Subject: The NEXUS-Berkeley announces low-cost internet access Message-ID: <199408151026.DAA19125@infinity.c2.org> Community ConneXion announces low-cost internet access Community ConneXion: The NEXUS-Berkeley, an Internet Access Provider in Berkeley, California, announced the installation of a modem pool for general dialup usage today. Community ConneXion (c2, c^2, or c-squared) has been founded in order to build up a strong community in the internet both locally and globally. "We are linked into the worldwide NEXUS-Gaia movement which is building up a worldwide community of like-minded network-oriented individuals," said Sameer Parekh, the Network Administrator. Community ConneXion offers many different level of service, including shell accounts, simple mailboxes, world-wide-web server space, psuedo-anonymous privacy services, and domain name service with mail forwarding. The NEXUS-Berkeley is putting a large emphasis on user community involvement. "We want everyone involved to feel vital to the success of the project because they *are*," said Sameer. He emphasized the fact that not only are people vital for a clientele, but necessary for the establishment of a strong community. They are offering one free week of service to people who sign up. To connect call 510-549-1383 (if that is busy try 510-841-0909.. this number will be removed on August 20th but replaced with a larger modem pool on 549-1383) and login as "guest". If you already have internet access, information can be had by using your favorite World-Wide-Web browser to look at http://www.c2.org or, if you don't have access to a WWW browser, telnet to c2.org and login as "guest". In order to subscribe to our mailing list, send the message "subscribe nexus-berkeley" to majordomo at c2.org. (From a UNIX prompt: "echo subscribe nexus-berkeley | mail majordomo at c2.org") If you have any questions, send mail to info at c2.org. From joshua at cae.retix.com Mon Aug 15 06:58:10 1994 From: joshua at cae.retix.com (joshua geller) Date: Mon, 15 Aug 94 06:58:10 PDT Subject: Seeking Clipper/Telephone Cost Estimates In-Reply-To: Message-ID: <199408151358.GAA01815@sleepy.retix.com> > Robin Hanson wrote: > > What do folks think of the following analogy? We don't object to > > police being able to pay willing informants, but we would certainly > I strongly object to police using my tax money to pay stool-pigeons. > The possible benefits of this system are heavily outweighed by the > drawbacks (police fraud, false accusations, benefits for despicable > criminals). > (Even more revolting is the system of police enticing people to > commit crimes - stinges- and then prosecuting them. This seems to > be such an everyday occurence in the US but I have seen very little > opposition to it on the net. Can it be that growing up with such a > system makes it seem fair? Many USAns don't even seem to know that > such police tactics are forbidden in many European countries - and > crimes commited after such enticements certainly not prosecutable.) it was forbidden in the US between the late 60's and the early 80's. what is even more threatening than this is DARE and similar programs that encourage people to nark on their friends and family. josh From 73211.3713 at compuserve.com Mon Aug 15 09:29:00 1994 From: 73211.3713 at compuserve.com (Loren Fleckenstein) Date: Mon, 15 Aug 94 09:29:00 PDT Subject: Zimmermann v. NSA debate Message-ID: <940815013126_73211.3713_DHI47-1@CompuServe.COM> I received this announcement from the World Affairs Council. Please cross post to other news groups: A debate pitting the issue of privacy against national security will be held at the next World Affairs Council event, Thursday Aug. 25 at the Thousand Oaks Inn, 75 West Thousand Oaks Blvd., in Thousand Oaks, Calif. Clinton Brooks, an assistant director of the National Security Agency and the leading force behind the "Clipper Chip," will debate civil libertarian Philip Zimmermann, author of the free encryption program Pretty Good Privacy (PGP). Cocktails and hors d'oeuvres will be served at 5:45 p.m. The debate begins at 6:30 p.m. The fee for advanced registration is $15. For more information, please contact Cindy Cook, (805) 373-9267. From fnerd at smds.com Mon Aug 15 09:42:15 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 15 Aug 94 09:42:15 PDT Subject: a fnerd by any other name Message-ID: <9408151619.AA00884@smds.com> Hi, folks. I hope to be posting a lot less as "fnerd at smds.com" from now on. I got a PPP account at The Internet Access Company (near Boston, where I live). I made sure my subscription to cypherpunks-digest was working there, then cut off my cpunx subscription here. THE NEW ADDRESS FOR ME: sw at tiac.net (Steve Witham, former fnerd) The fnerd at smds.com address will still work, but I'm hoping to spend fewer hours at work reading mail! Let me tell you, for someone who's never had direct internet access before, having it at home with a Macintosh interface is fun! (Bostonians: $30 for 40 hours/month, $25 to Boston Computer Society members.) I particularly like sending reminders to myself between work and home. By the way, I've never trusted my PGP key since I got it on my hard disk once. I should figure out how to produce an official revocation notice. The PGP signatures on my messages were a fake. So for now you'll have to wonder whether I'm just a tentacle of myself. Fractal personality disorder? Nah, just good ol' - -Steve - - - - - - - - - - - - - - - Wake up, puppet boy! --Devo -----DISCONTINUE PGP SIGNATURE----- Version: 2.3a From jdd at aiki.demon.co.uk Mon Aug 15 09:48:24 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Mon, 15 Aug 94 09:48:24 PDT Subject: Are "they" really the enemy? Message-ID: <6011@aiki.demon.co.uk> In message <940815.080301.3B8.rusnews.w165w at sendai.cybrspc.mn.org> "Roy M. Silvernail" writes: > > I am an agnostic. I don't believe that 'they' exist. I believe that > > you have a system staffed by a random selection of the American > > population, somewhat skewed because people have some control over > > what area they work in. To work with a system, you need to understand > > it objectively, you need something more than incantations. > > You've been pressing this point for some time. I think the fundamental > flaw in your reasoning is that you are assuming the system to be the sum > of its parts. That's not the case, though. What I said was : "to work with a system, you need to understand it objectively". Then your reply was : "the fundamental flaw in your reasoning is ..." I did not 'reason', I said that it was necessary to reason rather than shout incantations. You then proceed to reason, and I of course have no objection to this: > In _Systemantics_, John Gall conducts a very interesting examination of > man-made systems and their behavior. He notes that all man-made systems > exhibit certain traits, among them growth, encroachment and promulgation > of intra-system goals. Your observation on the people employed by > government may be right on target, but it doesn't take into account the > entity of government itself. This entity cannot be touched, > communicated with or coerced. I more or less agree. Now apply your arguments to this list as a man-made system. > Put another way, even though every person within the system may be a > "good man", the system itself isn't necessarily good. I agree. But recall that I never spoke of goodness; I just said that the people who work for the government are pretty much a random assortment of Americans. On the other hand, there have been several heated statements to the effect that 'all lawyers are X' and 'all government employees are Y'. It is this that I disagree with the most. > I'm sure part of this is a cultural difference, given your .uk address. > The US Gov't probably looks better from outside than it does from > within. I am an American living in the UK. I have had several years of unpleasant experiences with various bureaucracies and other agencies of the US and state governments. I have closehand experience of the operation of the US military, including military intelligence. In other words, I base my opinions on extensive experience and observation, not all of which I care to discuss. I have seen colossal waste and massive irresponsibility from very close up. I need no lectures on these topics, especially from, is there a polite way to say this?, the ignorant. I have also seen the operations of other governments from very close up. I have lived most of my adult life outside the USA. Those other governments are, on average, somewhat worse and sometimes very much worse than the US government. And I have also learned that the US government is staffed by, as I said, pretty much a random assortment of Americans, and if you understand it, you can deal with it. You simply have to look at what really happens, and try to understand it. Reciting incantations has very little effect. -- Jim Dixon From jdwilson at gold.chem.hawaii.edu Mon Aug 15 10:20:40 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Mon, 15 Aug 94 10:20:40 PDT Subject: Seeking Clipper/Telephone Cost Estimates In-Reply-To: <199408151358.GAA01815@sleepy.retix.com> Message-ID: On Mon, 15 Aug 1994, joshua geller wrote: > what is even more threatening than this is DARE and similar programs > that encourage people to nark on their friends and family. > > josh Wasn't that how Hitler converted the youth of Nazi Germany? Worked pretty good (or pretty bad) too. But the one that is *really* scary is groups of Priests/Pastors/etc. advocating the murder of abortion clinic staff as "justifyable homicide." "First they came for the..." -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.4: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From tcmay at netcom.com Mon Aug 15 10:26:15 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 15 Aug 94 10:26:15 PDT Subject: CARE -- Crypto Abuse Resistance Education In-Reply-To: <199408151358.GAA01815@sleepy.retix.com> Message-ID: <199408151726.KAA10719@netcom9.netcom.com> > what is even more threatening than this is DARE and similar programs > that encourage people to nark on their friends and family. > > josh "My Daddy types strange things on his computer, and, like, I've heard him talk about PGP." "Thank you, Pavel, for reporting this. The Computer Authority is very concerned about such unauthorized uses of computers. That's why we have the CARE program in all 5th and 6th grade classes. Now, wait in the Principal's office for the nice lady from Child Protective Services to pick you up for your nice vacation." --Klaus! von Future Prime "Hey, it could happen!" From Ben.Goren at asu.edu Mon Aug 15 10:29:12 1994 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Mon, 15 Aug 94 10:29:12 PDT Subject: Tommy Tag Lines Message-ID: At 11:26 PM 8/14/94, Timothy C. May wrote: >Ben, ix-nay on the omb-bay talk! I asked you not to discuss these >things on open channels. >[. . .] Ah, but that's the beauty of it. Who would believe that we're actually doing anything? Better yet, what jury would now believe that all those messages that the NSA has gotten via Tempest from us were anything but elaborate NSA fodder? (I *knew* I should have bought that Faraday cage!) Seriously, though, what with the simplicity of communicating in a very secure manner on the 'net--whether that means PGP or old-fashioned code (Aunt Sally's not feeling all that well, but the postcard you sent really cheered her up. Are we still on for coffee and bagles at ten on Saturday?)--it makes one wonder just what the NSA is trying to monitor, and what they hope to accomplish by it. >--My name is May, _Tim_ May b& (special agent 004) -- Ben.Goren at asu.edu, Arizona State University School of Music net.proselytizing (write for info): The battle is over; Clipper is dead. But the war against Government Access to Keys (GAK) goes on. Finger ben at tux.music.asu.edu for PGP 2.6 public key ID 0xCFF23BD5. From an5877 at anon.penet.fi Mon Aug 15 10:33:09 1994 From: an5877 at anon.penet.fi (deadbeat) Date: Mon, 15 Aug 94 10:33:09 PDT Subject: DSS flaw reported Message-ID: <9408151625.AA18587@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- I found this in the EDUPAGE clipping service. Does anyone have further information? BACK TO THE DRAWING BOARD ON DIGITAL SIGNATURES The Digital Signature Standard approved by the Commerce Department last May is in trouble. The algorithm may have a fatal flaw that would allow hackers to forge digital signatures needed for electronic funds transfers and alter supposedly secure documents. NIST (National Institute for Standards and Technology) claims all that's needed is a one-line fix, and an unfazed AT&T still plans to release a new version of its DSS-compatible Secretagent encryption software sometime soon. (Data Communications 8/94 p.11) DEADBEAT -----BEGIN PGP SIGNATURE----- Version: 2.4 iQBFAgUBLki4FPFZTpBW/B35AQG1WAF9Gu8qR0PZcipTw3c121kxIxwcbXVmMtGS tLN4XFjP+M672PigFQ7qCUWHgy94EP+v =J5f7 -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From joshua at cae.retix.com Mon Aug 15 10:51:58 1994 From: joshua at cae.retix.com (joshua geller) Date: Mon, 15 Aug 94 10:51:58 PDT Subject: CARE -- Crypto Abuse Resistance Education In-Reply-To: <199408151726.KAA10719@netcom9.netcom.com> Message-ID: <199408151747.KAA02050@sleepy.retix.com> > > what is even more threatening than this is DARE and similar programs > > that encourage people to nark on their friends and family. > "My Daddy types strange things on his computer, and, like, I've heard > him talk about PGP." > "Thank you, Pavel, for reporting this. The Computer Authority is very > concerned about such unauthorized uses of computers. That's why we > have the CARE program in all 5th and 6th grade classes. Now, wait in > the Principal's office for the nice lady from Child Protective > Services to pick you up for your nice vacation." I fully expect that, barring some major change in current trends, in ten years or less people will be leaving the US as refugees in search of freedom in eastern europe. I wish I was joking. josh From koontzd at lrcs.loral.com Mon Aug 15 11:19:13 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Mon, 15 Aug 94 11:19:13 PDT Subject: CARE -- Crypto Abuse Resistance Education Message-ID: <9408151812.AA22424@io.lrcs.loral.com> >I fully expect that, barring some major change in current trends, in ten >years or less people will be leaving the US as refugees in search of >freedom in eastern europe. Moving to Siberia in search of freedom From jamesd at netcom.com Mon Aug 15 11:20:20 1994 From: jamesd at netcom.com (James A. Donald) Date: Mon, 15 Aug 94 11:20:20 PDT Subject: e$ In-Reply-To: <5975@aiki.demon.co.uk> Message-ID: <199408151820.LAA13536@netcom8.netcom.com> "James A. Donald" writes: > > You made a claim concerning our judicial and legal system, > > a claim so far out of contact with reality that nobody can be bothered > > to refute you. > > I made no claim. I asked a question. I quote the exchange in its > entirety: > > > Jim Dixon says: > > > In message <9408101428.AA26732 at snark.imsi.com> perry at imsi.com writes: > > > > They are simply trying to stop you from playing games. The law > > > > isn't like geometry -- there aren't axioms and rules for deriving > > > > one thing from another. The general principle is that they want to > > > > track all your transactions, and if you make it difficult they > > > > will either use existing law to jail you, or will produce a new > > > > law to try to do the same. > > > > > > On what experience or observation do you base these rather extreme > > > remarks? > > > > Plonk. > > This is fundamentalist ranting, followed by a reasonable question, > followed by , followed > by ritual denunciations from bystanders. sigh. Perry was expressing, in his usual intemperate fashion, the legal philosophy known as "legal realism". Despite the name legal realism is quite different from the philosophies of moderate realism or extreme realism. It is in fact a form of nominalism. Today, any judge who is not a legal realist can look forward to a career of dealing with drunks in the night court at topeka. Happy now? -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From fnerd at smds.com Mon Aug 15 11:37:41 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 15 Aug 94 11:37:41 PDT Subject: Liberation Technology Message-ID: <9408151825.AA01385@smds.com> > "Hmmm.. 'Liberation Technology' there's a book title in there or is it too > close to 'Liberation Management?" Don't forget "Liberation Theology." - -Steve - - - - - - - - - - - - - - - Sometimes I sits and thinks and sometimes I just sits. --Anon. From jdd at aiki.demon.co.uk Mon Aug 15 12:05:58 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Mon, 15 Aug 94 12:05:58 PDT Subject: e$ Message-ID: <6035@aiki.demon.co.uk> In message <199408151803.LAA10559 at netcom8.netcom.com> "James A. Donald" writes: > I wrote: > > > You made a claim concerning our judicial and legal system, > > > a claim so far out of contact with reality that nobody can be bothered > > > to refute you. > > > Jim Dixon writes > > I made no claim. I asked a question. I quote the exchange in its > > entirety: > > > > > Jim Dixon says: > > > > In message <9408101428.AA26732 at snark.imsi.com> perry at imsi.com writes: > > > > > [Perry's claim deleted] > > > > On what experience or observation do you base these rather extreme > > > > remarks? > Sigh. > > Let me introduce you to the real world. > > Perry was expressing, in his usual intemperate fashion, the > dominant legal philosophy that is known to lawyers as > "legal realism". If you are a judge, and you are not > a "legal realist" you are likely to wind up in charge > of the night court at Upeka. > > "Legal realism" is not in fact a form of realism but of nominalism. While the claim made may indeed be a form of nominalism, you seem to miss the point entirely. I made no claim. Perry made the claim. I simply asked him what he based it on. You then commented that my claim (which I hadn't made) was far out of touch with reality. You now offer to introduce me to the real world. The world that you are introducing me to is something more like a funhouse, with everything upside down and backwords. I think that I have a good functioning understanding of how the US judicial system works. I have been in court on a number of occasions in various roles. The outcome of the system has a large random component -- we have won cases that I thought that we would or even should lose, and sometimes the opposite occurred. The results are also often skewed one way or the other because of personal or group bias. But we are getting pretty good at playing the system, so we generally win these days. If someone were to ask me to describe one part or another of the US system of government, I might or might not have a formed opinion. If I have a formed opinion and someone asks me a reasonable question like, "on what experience or observation do you base these beliefs?" I generally have no difficulty in answering the question. The answer might be tediously complex, because I do not believe the world is simple. This subthread began with my observing that if e$ were handled carefully, it would not violate the provisions of the Constitution against alternate currencies. Perry referred to this as 'splitting hairs' and then claimed that the legal system was a charade and that 'they' would reach any conclusions that they liked. Shortly after his outburst someone more rational asked a lawyer who asked his wife who is a lawyer specializing in securities. Her opinion was pretty much the same as mine. Other sources that I have checked with seem to have much the same opinion. My narrow observation seems to be correct. You and Perry have made claims about the general functioning of the US legal system. The only claims that I have made are two paragraphs back. -- Jim Dixon From raph at kiwi.CS.Berkeley.EDU Mon Aug 15 13:39:02 1994 From: raph at kiwi.CS.Berkeley.EDU (Raph Levien) Date: Mon, 15 Aug 94 13:39:02 PDT Subject: "finger remailer-list@kiwi.cs.berkeley.edu" now operational Message-ID: <199408152039.NAA06806@kiwi.CS.Berkeley.EDU> Hi all, I have written and installed a remailer pinging script which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, at http://http.cs.berkeley.edu/~raph/remailer-list.html Please do not take the uptime figures too seriously, at least for another week or so. The script has only been running reliably for a few days. Please let me know about any other remailers which I missed. I've only included remailers which can mail to arbitrary addresses, so I already know chop and twwells are missing. If you've got a Web page, please feel free to include a link to this page. If you think your Web page is relevant to the subject of remailers, let me know and I'll link it in. Comments and suggestions welcome! Raph Levien From adam at bwh.harvard.edu Mon Aug 15 14:43:07 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 15 Aug 94 14:43:07 PDT Subject: Seeking Clipper/Telephone Cost Estimates In-Reply-To: <199408142324.QAA17126@hss.caltech.edu> Message-ID: <199408152141.RAA07858@bwh.harvard.edu> At the HOPE (Hackers On Planet Earth) conference, there were a pair of AT&T 3600c telephone Surety devices on display & demo. The executive summary is that they sucked. The docs do not mention Clipper at all, but they do have an interesting disclaimer about how AT&T has no responsibility if the government, or anyone else, taps your phone. The device is $1300.00. This means someone put up 2600 on a credit card. (The conference, organized by 2600 magazine, was much amused.) Each unit includes a 4800 baud feature rich modem, a clipper chip (not marked as such), and some adapters to make it work with various phone handsets. The unit plugs in between the handset and the phone base unit. The hackers who bought the things had quite a hard time getting them to work at all. There were troubles getting it set up so that it would attempt to go into secure mode, and trouble getting it to do so reliably once a pair of phones that worked were found. AT&T service blamed the problems on line noise, even though the folks testing had a CO simulator, and were able to link V.fast modems through it, and also link through the CO. To make the unit go into secure mode, one person pushes a red button. The unit sends touchtone 2587 (we wern't sure why; someone suggested as a means of calibrating. 258 are in the same row on the phone.) Then the modems do their thing, making modem noises for about 20 seconds (your time may vary; AT&T manual said 10 seconds.) Once connected, the sound is very weak. We in the conference had trouble hearing when the earpiece was right next to a microphone. There was also a roughly quarter second delay (presumably this is for A/D conversion + encryption) in talking. This is a longish delay, roughly equal to an overseas satellite conversation. Lastly, if you send a dtmf down while in secure mode, you summon the clipper demon, which, we were told, sounds like something out of the exorcist. You also drop out of secure mode. Useful to know if demoing a clipper box. :) I did not catch the name of the speaker who was doing the demo. A post to alt.hope.d would probably find the info. There were also two honest to god clipper chips sent by a nice man at Mykrotronix. (Thanks to John Droach(?)) One was kept as by the guy who got them, the other was blown up with a small explosive device to close the conference with a bang. They were quite small; maybe 1 cm square, and .5 cm thick. Manufactured in the Phillipines, too. :) Anyway, thats my brain dump on clipper from HOPE. There were a fair number of cypherpunks there; anyone else want to offer additions or corrections? Adam | For example, my paper last year included the sentence | | The current government contractor claims it will offer the wiretap chips | for about $26 each in lots of 10,000 [2], over twice the $10 each a | competing private developer claims it would charge [11] for a chip with | comparable functionality, minus wiretap support. | as part of an attempt to estimate the direct costs imposed by the | "clipper" chip. I recall seeing that they are now offering these | wiretap chips for $15 each, but can't seem to find the source for | that. I'm also told the clipper chips are big VSLI chips, and too big | to fit into cellular phones which are the main current potential | market for encryption chips. Can anyone offer more technically savvy | and up to date estimates of any of the added costs such wiretap chips | impose over other encryption chips? From jya at pipeline.com Mon Aug 15 16:22:42 1994 From: jya at pipeline.com (John Young) Date: Mon, 15 Aug 94 16:22:42 PDT Subject: HOPE Message-ID: <199408152322.TAA14188@pipe3.pipeline.com> Responding to msg by adam at bwh.harvard.edu (Adam Shostack) on Mon, 15 Aug 5:41 PM > Anyway, thats my brain dump on clipper from HOPE. >There were a fair number of cypherpunks there; anyone >else want to offer additions or corrections? Thanks for the report Adam. If anyone wants the NY Times light-hearted article on HOPE today email me. John From nobody at kaiwan.com Mon Aug 15 17:02:32 1994 From: nobody at kaiwan.com (Anonymous) Date: Mon, 15 Aug 94 17:02:32 PDT Subject: Nym server? Message-ID: <199408160002.RAA10904@kaiwan.kaiwan.com> -----BEGIN PGP SIGNED MESSAGE----- So now do we need a Cypherpunks Nym Server? I notice that somebody else is using my alias... ah, well. For the record, the Diogenes who just got active on Cypherpunks isn't me, and, as you can tell by checking corresponding signatures, I'm the one who called attention to the 6-digit PGP ID clashes, related them to the birthday paradox, and recommended increasing the ID length back in April (Raise your hand if your PGP key ID is F3AF75). It shouldn't come as a surprise: as with everything else in cyberspace, Vernor Vinge predicted it in True Names a decade or so ago, when he noted in passing that the protagonist Mr. Slippery downloaded a massive chunk of bulletin board to his home machine and scanned through it for messages to him, tossing (manually, I think) messages to the several other Mr. Slipperys. Diogenes I -----BEGIN PGP SIGNATURE----- Version: 2.6 iQB3AgUBLk/w7/DWSFsVTVI5AQGa6AMLB4oFNC0k36qqimd6ci3hE1GTLLsfQO23 5vBQanWfmWZ5mSLJiI6ufnwIsXMqMGYhfKgGA+V+K+qb8nHDXrQU+W8ITPnxBSsG KFaPdD7D4Qe1A+x4LCM+nfB4eLJQpX4wxwQ= =FPdH -----END PGP SIGNATURE----- From karn at qualcomm.com Mon Aug 15 18:08:12 1994 From: karn at qualcomm.com (Phil Karn) Date: Mon, 15 Aug 94 18:08:12 PDT Subject: RemailNet In-Reply-To: <199408131502.IAA18745@kaiwan.kaiwan.com> Message-ID: <199408160108.SAA26235@servo.qualcomm.com> >There might be at least one good reason for NOT going overseas on >that first leg. The NSA's charter restricts it to international >operations. By making that first leg a foreign one, you've made >your transmission, the one with your address visible, fair game >for them. In theory, yes. But I've heard rumors from Canadian Bell people that their American counterparts routinely call them up to ask that they "throw switches" that they cannot legally throw themselves. That, plus well documented history, is enough for me to always assume that they *don't* follow the rules. Phil From turner at telecheck.com Mon Aug 15 18:22:28 1994 From: turner at telecheck.com (Zipper) Date: Mon, 15 Aug 94 18:22:28 PDT Subject: ecash-info In-Reply-To: <199408152026.NAA18081@netcom7.netcom.com> Message-ID: <9408160122.AA00880@TeleCheck.com> > I found the original message. Digicash has a great product, but their > marketing skills are rather weak. They need someone that knows how to put > their product out into the world. Since just about every store I go to > seems to be a Telecheck customer, you should definitely try to hook up with > them. I can see big $$ for both of you. Try to talk to the man (David > Chaum) himself. > Thanks. I send e-mail to the digicash.support.nl with no luck. After you responded, I was interested enough to web out to them until a core dump dropped me back to reality. I FTP'd some of their promotional stuff including Chaum's articles. For the most part I have been lurking and thought e$ would be nothing more than a pipe dream, until I saw the beta testing msgs. Now I am a little more interested and I am looking for any and all additional research I can find. I think it would be kinda nifty to come up with some kinda' experimental beta test here in the States. I'll do some headscratching and see with what I can find out. > It would be great if you could share any info you might obtain with the > list. Most of us are eager to become customers... > > --Lucky I will CC relevent messages to the list. Only, any system I develop would have to have a centralized database to prevent double-spending and fraud. I don't quite understand how they are going to work around such a problem, and I can probably surmize why the total lack of response from them. -- Joe N. Turner Telecheck International turner at telecheck.com 5251 Westheimer, PO BOX 4659, Houston, TX 77210-4659 compu$erv: 73301,1654 (800) 888-4922 * (713) 439-6597 Key fingerprint = EF E3 D5 8A EE F6 EB BB FA C6 BF 3E 12 70 FF 8E From tcmay at netcom.com Mon Aug 15 19:17:30 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 15 Aug 94 19:17:30 PDT Subject: RemailNet In-Reply-To: <199408160108.SAA26235@servo.qualcomm.com> Message-ID: <199408160216.TAA24250@netcom15.netcom.com> > > >There might be at least one good reason for NOT going overseas on > >that first leg. The NSA's charter restricts it to international > >operations. By making that first leg a foreign one, you've made > >your transmission, the one with your address visible, fair game > >for them. > > In theory, yes. But I've heard rumors from Canadian Bell people that > their American counterparts routinely call them up to ask that they > "throw switches" that they cannot legally throw themselves. > > That, plus well documented history, is enough for me to always assume > that they *don't* follow the rules. Yeah, and I got a recent report that "Long Lines" and other microwave tower lines were deliberately routed so as to cross over Indian Reservation lands in several places. Why? Allegedly because Indian lands are legally treated as "sovereign nations" and the (purported) rules against NSA listening could be ignored. And of course we've all read Bamford's account of the UK-USA Agreement, in which the UK spies on us and we spy on them, and all the legal niceties are thus met. Someday, when many people act as remailers, it won't matter as much. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Mon Aug 15 19:32:07 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 15 Aug 94 19:32:07 PDT Subject: The Difficulties of Doing Digital Cash Casually In-Reply-To: <9408160122.AA00880@TeleCheck.com> Message-ID: <199408160232.TAA25854@netcom15.netcom.com> Zipper writes: > For the most part I have been lurking and thought e$ would be nothing more > than a pipe dream, until I saw the beta testing msgs. Now I am a little more > interested and I am looking for any and all additional research I can find. > > I think it would be kinda nifty to come up with some kinda' experimental > beta test here in the States. I'll do some headscratching and see with > what I can find out. I would encourage people *not* to do "Yet Another Digicash Experiment." We've had several, and the problems of digital cash lie in the *launch* of viable, robust systems, not in casual, doomed-to-not-be-successful efforts. (Pr0duct Cypher's "Magic Money" system was considerably better programmed than most such experiments, and yet nobody would bother to try to use it. A less here.) > Only, any system I develop would have to have a centralized database > to prevent double-spending and fraud. I don't quite understand how > they are going to work around such a problem, and I can probably > surmize why the total lack of response from them. I don't mean to sound harsh to Zipper, but I surmise from his comments here that he has only vague ideas how Chaum's system works, which makes his plan to experiment with a digital cash system...well, I wonn't try to characterize it. People need to read *all* of the papers! Absorb them, work through them, and then make improvements. Recall Stefan Brands' improvements to Chaum's system (Brands was seeking investors/employment...my hunch is that a viable digicash system will come out of a combination of _deep pockets_, a la Visa International, Rupert Murdoch, etc., and _deep knowledge_, a la the researchers who've worked on digicash for years. I'm not saying Zipper can't do what they've failed to do...I'm just dubious. And because every few months, a new bunch of people make claims that they're going to "do" digital cash; usually they don't get much further than naming their product, often something cutesy like the execrable "e$" that someone picked recently. (I'm not a fan of "e$" for lots of reasons.) Folks, you can no more just start "moshing around" on digital money than you can pick up a saw and start doing brain surgery. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Mon Aug 15 19:38:24 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 15 Aug 94 19:38:24 PDT Subject: Nym server? In-Reply-To: <199408160002.RAA10904@kaiwan.kaiwan.com> Message-ID: <199408160238.TAA26591@netcom15.netcom.com> One of the Diogenes entities wrote: > So now do we need a Cypherpunks Nym Server? I notice that somebody > else is using my alias... ah, well. > > For the record, the Diogenes who just got active on Cypherpunks isn't > me, and, as you can tell by checking corresponding signatures, I'm Which is why name collision, or nym collision, is not a pressing problem. Better to decentralize the process to local machines, to the people who care, than to any kind of Cypherpunks Nym Server. > It shouldn't come as a surprise: as with everything else in cyberspace, > Vernor Vinge predicted it in True Names a decade or so ago, when he > noted in passing that the protagonist Mr. Slippery downloaded a massive > chunk of bulletin board to his home machine and scanned through it for > messages to him, tossing (manually, I think) messages to the several > other Mr. Slipperys. Wouldn't have happened with real crypto, of course. A point Vernor cheerfully conceded recently. "True Nyms" will be the sequel. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From rah at shipwright.com Mon Aug 15 19:49:11 1994 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 15 Aug 94 19:49:11 PDT Subject: ecash-info Message-ID: <199408160246.WAA04689@zork.tiac.net> At 8:22 PM 8/15/94 -0500, Zipper wrote: >I think it would be kinda nifty to come up with some kinda' experimental >beta test here in the States. I'll do some headscratching and see with >what I can find out. Me too. With that idea in mind, I called them about 6 weeks ago to get some stuff sent to me in the mail, and got put on the blower David himself. After I picked myself up off the floor, I told him how some cronies and I were interested in linking up with a bank to try a market test. The idea was that the bank puts up a (forgive me, but they'll understand it better this way, I swear) "drive up window on the information highway", and some third third party (or even the bank themselves) would issue and underwrite the digicash. If the bank doesn't do it, I was hoping there would be a market for third-party underwriters. That's where most of my team's skills might work, anyway. Anyway, when I screwed up the guts to ask, Chaum told me that the going price for the underwriter's license/code was $275K plus a percentage of the net profits. He said that it would include some development support. He said that he'd send some stuff, and he got my address, but I never got anything back either. The price didn't seem too outrageous to me at the time (Boone Pickens: "You can name any price you want, if I can set the terms"), but the problem is, there's no data to determine what the market would be. I guess that's why they call it risk capital. >From what I've read in the press about him, Chaum has talked to very large banks about this, and hasn't seemed to get anywhere with this except for non-internet uses (automated tollbooths, smartcards, etc.). It's possible he sensed my relative playerlessness and blew off the follow-up. Seeing the increase in traffic about his inactivity in promotion leads me to believe that he's either working hard in getting his product market-ready, which makes sense, or he's dropping the ball, which I would charitably say is an unfair reading of the facts. I think that accusing him of not properly promoting his product misses two points. The first is, everyone who is the least bit interested in e$ knows what Chaum is doing, and that's everyone who could do anything with the information, thus his promotional activities on that front are quite successful, I would say. The second point is if he really is bringing new code to market, increasing expectations until the code is ready could cause more harm than good. I agree with you. I expect that if a bank with a significant institutional, trustee, or transaction processing presence stepped up to the plate on this something interesting could happen. I am interested in approaching a bank here in Boston with those credentials once I have something (or even someone) to go in there and talk to them with. > >Only, any system I develop would have to have a centralized database >to prevent double-spending and fraud. I don't quite understand how >they are going to work around such a problem, and I can probably >surmize why the total lack of response from them. My own auto de fe on all this is that in the early stages, most digicash will go straight to the bank to be cashed out. Enough people will be sent to jail at this stage that people will be very careful not to double spend in later secondary transactions where a piece of cash is spent several times before being cashed out. Eventually, the protocols will be imbedded so far into the software's user interface that it will be very hard for the average person to double spend by accident. Professional criminals who do it on purpose will be as prevalent as counterfeiters are now. There will be a few determined people who will get caught inevitably and go to jail. I don't expect the level of fraud in digital cash to be much higher than that of credit card fraud, which as we've discussed here, is pretty low. I expect that the level of digital cash fraud will be about that of counterfeiting now, which is pretty damn low, I bet. I like this. I must say that the last month or so has been a really good month for e$ discussions here. Thanks to all who have been talking about it. We should remember that certain people around here are very good at what they do, and should be paid attention to even when their delivery can be upsetting for one reason or another. I chalk it up to interface fatigue, in the sense that there are certain abrasions that occur when so many brains of different viewpoints bump against each other here on the net. Another way to look at it may be another form of friction, the transaction cost of the information you get by interacting on the list. That's certainly appropriate to a discussion of internet commerce, eh? Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From pkm at maths.uq.oz.au Mon Aug 15 20:02:47 1994 From: pkm at maths.uq.oz.au (Peter Murphy) Date: Mon, 15 Aug 94 20:02:47 PDT Subject: CARE -- Crypto Abuse Resistance Education In-Reply-To: <9408151812.AA22424@io.lrcs.loral.com> Message-ID: <9408160301.AA01272@axiom.maths.uq.oz.au> > > >I fully expect that, barring some major change in current trends, in ten > >years or less people will be leaving the US as refugees in search of > >freedom in eastern europe. > > Moving to Siberia in search of freedom > Ironical as it seems, this may be a good idea in the near future. Yes, I know, the climate's not the best, and there's little infrastructure (apart from the Trans-Siberian railroad). Additionally, there's a small danger of being shot by some irritated poachers and lumberers. Finally, I wouldn't go swimming in the Sea of Okhotsk (sic) unless you are into foraging inside old decommisioned nuclear submarines.... But look on the plus side. There's still lots of natural resources remaining in Siberia. Apart from the massive forests of the Taiga, there should be still a plethora of minerals in the ground. The central govern- ments still pretty weak (well... weaker than it was :-), which should appeal to the libertarians and minarchists on the list. Plus, the area does have close proximity to the Asia-Pacific region - there should be some people interested in investment. As for labor... Well, there should be quite a few inhabitants in the Great/Dear Leader's gulags (near Vladivostok) who would be interested in looking for a quick career restructure. Now if they get that Bering Strait railroad tunnel going (in say, a couple of decade), things should be really happening. Yes, you too can be a tentacle of Adam Smith's invisible hand! (Sorry, shouldn't mix my metaphor....:-) Peter Murphy. From nobody at c2.org Mon Aug 15 20:07:40 1994 From: nobody at c2.org (Anonymous User) Date: Mon, 15 Aug 94 20:07:40 PDT Subject: Complaints against RSA & PKP Message-ID: <199408160305.UAA10423@zero.c2.org> I've taken the liberty of sending the text of the two recently-filed RSA lawsuits to this list, assuming that most of you would be interested. The text was obtained by scanning and then OCR'ing my paper copies, so you shouldn't be surprised to see an error from time to time. Also please note that I've reorganized the footnotes in the interest of readability, as the page & section boundaries are not obvious in the OCR'ed copy. You should be receiving the following three documents. (Note that I have not included the Schedules attached to the complaints, which are quite voluminous, and are not really required in order to understand what's going on here.) First, the Cylink complaint against RSA, filed June 30th. This suit is very brief. Second, RSA's relatively swift motion to dismiss the Cylink complaint, filed July 25th, and desire a hearing on or soon after September 9th on this motion. This document and its enclosed memorandum of supporting points, written by RSA, is substantially longer than the complaint itself and is quite interesting reading. Finally, I've enclosed an immensely interesting and in-depth complaint filed on July 26th by Roger Schlafley, which is probably the best of the bunch. Enjoy... From nobody at c2.org Mon Aug 15 20:07:57 1994 From: nobody at c2.org (Anonymous User) Date: Mon, 15 Aug 94 20:07:57 PDT Subject: Complaints: Schlafly's complaint against RSA & PKP Message-ID: <199408160305.UAA10417@zero.c2.org> -- Schlafly's complaint against PKP and RSA -------------------------------- Roger Schlafly, Pro Se PO Box 1680 Soquel, CA 95073 telephone: (408) 476-3550 In the United States District Court for the Northern District of California Civil Action File No. C-94 20512 Assigned to Judge Category 410, Antitrust ROGER SCHLAFLY, an individual, Plaintiff v. PUBLIC KEY PARTNERS, and RSA DATA SECURITY INC., Defendants. Complaint Against Unfair Business Practices Plaintiff makes complaint against defendants for unfair business practices, including libel, interference with contractual relationships, patent misuse, fraud, monopolization, and racketeering, and demands remedies available under federal law, including jury trial, declaratory judgment, monetary damages, and injunctive relief. Jurisdiction. The Federal Court has jurisdiction because it is based on Federal law, including antitrust and patent law. Venue is proper because defendants and plaintiff reside in this Judicial District. For its complaint against defendants, plaintiff alleges as follows: 1. This is an action for unfair business practices, libel, fraud, monopolization, and racketeering by Public Key Partners ("PKP"), which is managed by Mr. Robert Fougner, Director of Licensing, 310 North Mary Avenue, Sunnyvale, CA 94086 and by RSA Data Security Inc. ("RSADSI"), which does business at 100 Marine Parkway, Redwood City, CA 94065. 2. Plaintiff Roger Schlafly is a resident of the County of Santa Cruz, State of California. 3. Plaintiff is in the cryptography business, and develops computer software for customers. He is also a member of the IEEE Pl363 working group, a committee charged with adopting a public key standard. 4. Defendant PKP is a partnership between Defendant RSA and Caro-Kann Corp. of Sunnyvale. Their partnership agreement is attached as Exhibit A. Mr. Jim Bidzos is the president of both RSADSI and PKP. Cylink Corp. of Sunnyvale was also a partner in the formation of PKP. 5. Federal jurisdiction is based on antitrust law (title 15), patent law (title 35), and racketeering law (18 USC 1341, 1951, 1961-1965). Request for relief is also based on 28 USC 1331, 1337(a), 1338(a), 1338(b), 2201, and 2202. 6. Defendant RSADSI is the dominant U.S. vendor of cryptography software, and has monopoly power in that market. It is engaged in a significant amount of interstate commerce, totaling at least 55 million per year. 7. Defendants have engaged in tortious interference with business relationships between plaintiff and plaintiff's clients, including Information Security Corp. ("ISC") and AT&T. 8. Defendants claim to control certain patents related to public key cryptography. These are the following U.S. patents and their foreign equivalents. Diffie-Hellman 4,200,770 Hellman-Merkle 4,218,582 RSA 4,405,829 Hellman-Pohlig 4,424,414 Schnorr 4,995,082 These PKP patents, as issued in the U.S., are attached as Exhibit B. (There may also be foreign patents for Hellman Merkle and Schnorr.) 9. There is a substantial and continuing justiciable controversy between plaintiff and defendant PKP as to PKP's right to threaten or maintain suit for infringement of the PKP patents, and as to the validity, scope, and enforce ability thereof, and as to whether any of plaintiff's work infringes any valid claim thereof. 10. Plaintiff has not infringed these patents. 11. Plaintiff has signed a consent agreement with defendant RSADSI, attached as Exhibit C. He agreed not to sell a product infringing the RSA patent, except under license from RSADSI or the U.S. Government. (The U.S. Government funded the RSA invention, and retains certain rights.) The agreement also allows plaintiff to design and manufacture products using the RSA patent. 12. Defendant PKP sent a letter dated Jan. 12, 1994 to plaintiff's client, AT&T, alleging that Digital Signature, of which plaintiff is a partner, has breached the above consent agreement. The letter is attached as Exhibit D. In fact, no such breach has taken place. This letter was written without any notification to plaintiff or Digital Signature. 13. Defendant PKP's letter to AT&T stated: ... to the extent any of AT&T's products are tainted by ISC's violation of this injunction, we hereby demand that AT&T cease their further distribution and sale. The alleged violation is based on ISC's use of Digital Signature software. This is a tort for PKP to send such a letter, as no violation has taken place. PKP knew that there was no violation because AT&T has the appropriate patent licenses. Evidence that AT&T already had a license is in Exhibit E, a letter from Jim Bidzos to the editor of Scientific American. 14. Defendants' allegations have damaged plaintiff's reputation, hindered his ability to sell his services, and interfered with his business relationships. 15. Defendant PKP has mailed a letter dated April 4, 1994 to ISC referring to the "apparent breach of the November 15, 1988, Consent Judgment [sic]". The letter is attached as Exhibit F. Plaintiff denies any such breach. 16. Plaintiff sent a letter to PKP protesting its libelous actions and demanding a retraction. The letter was sent on April 4, 1994 and attached as Exhibit G. 17. In a letter from PKP dated April 18, 1994 and attached as Exhibit H, PKP refused to retract its earlier libel. The letter also states that: The practice of the DSA is described in the Hellman-Diffie, Hellman- Merkle and Schnorr patents ... This statement is obviously false, since the DSA patent application was filed after all of those other patents issued. Plaintiff's response is attached as Exhibit I. 18. Defendants have negotiated in bad faith, claiming to offer licenses but giving the run-around on terms and details. Plaintiff relied on defendants' promises that patent licenses would be available, and then lost business when PKP reneged on those promises. Copies of some correspondence with PKP on licensing is attached as Exhibit J. Plaintiff has never able to determine even what the PKP licensing policy is. 19. Defendants have fraudulently induced standards-making bodies, including American National Standards Institute ("ANSI") and Institute of Electrical and Electronics Engineers ("IEEE"), to draft standards based on the RSA and Diffie-Hellman patents by promising a reasonable and nondiscriminatory licensing policy, when in fact no such policy exists. ANSI and IEEE require such a policy, and would not have drafted RSA standards if PKP had not misrepresented its intentions. 20. Defendant PKP sent a letter dated March 15, 1991 to the American Bankers Association (in affiliation with ANSI) stating that "PKP has not denied a license to any party." A copy is attached as Exhibit K. Plaintiff was denied a license in 1990. 21. Plaintiff is informed and believes and on that basis alleges that ISC and other parties were also denied PKP licenses. Numerous users of Pretty Good Privacy ("PGP"), a widely used cryptography program, have complained about being denied PKP licenses. 22. A letter from PKP to ISC denying it an RSA license is attached as Exhibit F. 23. Plaintiff is informed and believes and on that basis alleges that defendant RSADSI attempted to rescind licenses granted for use of RSAREF, one of its products, even though the license agreement clearly states that the license is perpetual. 24. By getting their technology to be declared a draft standard, RSADSI has unfairly monopolized the cryptography market. Plaintiff has been damaged because competing technologies are regarded as nonstandard by the public. 25. Defendants' patent threats and fraudulent promises have prevented ANSI and IEEE from adopting public key standards, to the detriment of all others in the industry, including plaintiff. 26. Plaintiff and others on standards committees have invested valuable time and effort to develop a public Key standard, but have been thwarted by defendant PKP's patent threats and fraudulent promises. 27. Plaintiff is informed and believes and on that basis alleges that defendants have made hostile and unwarranted threats against potential customers and clients of plaintiff, including representatives of the U.S. Army. These threats have included false assertions that ISC software is illegal because of patent problems. (Even if the defendants' patent claims were valid, the U.S. Army has a license to use the patents anyway.) 28. Plaintiff is informed and believes and on that basis alleges that defendants have vindictively harassed competitors, including trying to promote a federal criminal investigation of the author of PGP. 29. The U.S. Dept. of Commerce has made a determination that practice of the Digital Signature Algorithm ("DSA") does not infringe PKP patents. Public notice to that effect has appeared in Federal Register vol. 56, no. 169, August 30, 1991, pp. 42980-42982, and Federal Register vol. 59, no. 96, May 19, 1994, pp. 26208-26211. Copies are attached as Exhibits L and M. A copy of the DSA patent is attached as Exhibit N. 30. Defendant PKP wrote a letter to the National Institute of Standards of Technology ("NIST") claiming that the DSA infringes PKP patents. The letter was dated Nov. 20, 1991 and attached as Exhibit 0. No PKP argument regarding the nature of the infringement was ever made public. U.S. patent 5,231,668 was issued and assigned to the United States on July 27, 1993. 31. When the DSA was adopted by NIST as the federal Digital Signature Standard, defendants publicly threatened to sue anyone who uses it. These threats were conveyed to the news media for the purpose of intimidating competitors, and the threats were widely disseminated. A copy of a typical story in the trade press is attached as Exhibit P. 32. Defendants have attempted to intimidate ANSI and IEEE not to adopt a DSA standard, based on patent claims they know to be invalid. A copy of a PKP letter is attached as Exhibit Q. They hoped to kill a DSA standard in order to monopolize the market with an RSA standard. 33. Defendant PKP has pooled patents in an attempt to monopolize public key technologies. The Hellman patents were originally issued to Stanford University and exclusively licensed to Cylink. Cylink apparently controls Caro-Kann Corp., a partner in defendant PKP. The RSA patent was originally issued to Massachusetts Institute of Technology and exclusively licensed to RSADSI. The Schnorr patent was issued to Klaus Schnorr, a German citizen who had no connection with PKP. The patents are not blocking. All are now under the exclusive licensing control of PKP. 34. Defendants have exaggerated the scope of their patents. In a publicly distributed letter dated April 20, 1990, PKP claimed: These patents cover all known methods of practicing the art of Public Key, including the variations collectively known as E1 Gamal [sic]. The letter is attached as Exhibit R. PKP knows that this claim is false, but makes it anyway to intimidate competitors. 35. Defendant PKP sent a threatening letter, attached as Exhibit S, to ISC claiming that any use of public key technology must necessarily infringe PKP patents. 36. The idea of public key cryptography and digital signatures is disclosed in a paper titled "Multiuser cryptographic techniques" by Whitfield Diffie and Martin E Hellman, National Computer Conference, vol. 45, 1976. The paper was presented at a public conference in mid-June 1976, and published as part of the conference proceedings shortly thereafter. This was more than one year before any patents were filed, and therefore in the public domain according to 35 USC 102(b). A copy of the paper is attached as Exhibit T. 37. Another paper by Diffie and Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory, vol. IT-22, no. 6, Nov. 1976, was submitted on June 3, 1976. It discloses the public key distribution system of the DiffieHellman patent. A copy of the paper is attached as Exhibit U. 38. A survey paper, "The First Ten Years of Public-Key Cryptography", was published by Diffie in Proceedings of the IEEE, vol. 76, no. 5, May 1988. A copy of the paper is attached as Exhibit V. It states on p. 563 that Exhibit U was publicly distributed in June 1976 and publicly disclosed at the National Computer Conference, also in June 1976. The Diffie-Hellman patent was filed on Sept. 6, 1977. This was more than one year later, and hence the patent is invalid and unenforceable according to 35 USC 102(b). 39. The Hellman-Merkle patent is invalid and unenforceable because it is inoperative as disclosed. Claims 1-6 and 1417 require a quantity computationally infeasible to generate from a public key. Claims 1-3 and 6- 17 require secure communication over an insecure channel. There are no other claims. While the inventors probably believed that their invention met these requirements at the time they filed their patent application, it was later proved that the invention does not meet the requirements. According to Exhibit V pp. 565-566, it turned out to be feasible to compute the secret key from the public key. It follows that the claimed computational infeasibility is not achieved, and the communication is not secure. In fact, according to Exhibit V, the inventor had to pay a $100 bet when the invention was proved to be useless. 40. RSADSI has known the Hellman-Merkle invention to be worthless since at least 1985, and have not used it in its commercial products for that reason. 41. The Hellman-Merkle invention is not useful because of the flaws cited in Exhibit V, and therefore fails to satisfy the 35 USC 101 requirements for patent protection. 42. The Hellman-Pohlig patent is not even a public key patent. PKP deceptively cites it to bolster their claim to own all public key technology. 43. Defendants have claimed that ElGamal encryption, as described in T. ElGamal, A Public Key Cryptosystem and a Signature Scheme 8ased on Discrete Logarithm, IEEE Transactions on Information Theory, IT-31 (no. 4, July 1985) pp. 469-472, or as implemented in SecretAgent (a product of ISC which uses software licensed from plaintiff), or as currently being considered by the IEEE P1363 committee, infringes PKP patents. Plaintiff asserts that there is no infringement, even if the PKP patents are valid. 44. ISC had kept SecretAgent out of the commercial (non-government) market for a couple of years because of PKP patent claims on ElGamal encryption. 45. Plaintiff has suffered lost royalties as a result of defendants claiming that SecretAgent infringes PKP patents. 46. The RSA patent claims preempt a mathematical formula, and hence fail to pass the Freeman-Walter-Abele two-step test for statutory subject matter under 35 USC 101. While such a rejection had been made by the examiner, it was traversed with the disingenuous argument that the apparent formula is not a mathematical formula because it uses an equivalence relation. The argument from the RSA patent file wrapper is attached as Exhibit W. Plaintiff alleges that this argument is mathematically incorrect. 47. Defendants have demanded licenses for use of the "RSA algorithm" even though such a demand is prohibited by the doctrine of file wrapper estoppel. Exhibit W emphatically says, However, there are no mathematical algorithms in the applicants' claims. An example of a statement that the RSA algorithm is patented can be found in Bidzos's letter of Sept. 16, 1986, included in Exhibit J. 48. Cylink has filed court papers, attached as Exhibit X, stating that it believes the RSA patent to be invalid. If so, PKP has knowingly extracted license fees and sued competitors based on an invalid patent. 49. According to item 13 of Exhibit X, it appears that RSADSI has denied an RSA license to Cylink. 50. Plaintiff will seek leave of court to amend this complaint to assert such additional grounds for invalidity as may be ascertained and shall give notice prior to trial as may be required by 35 USC 282 of the matters specified herein. 51. Defendant PKP acquired the Schnorr patent in a willful attempt to maintain its monopoly over public key technology. When use of the DSA appeared to be a non-infringing use of public key, RSADSI publicly attacked DSA technology as inferior, showed little interest in marketing DSA products, but acquired the Schnorr patent anyway in a predatory attempt to deter others from using the DSA. An example of Bidzos's public disparagement of the DSA (where it is referred to as the DSS) is attached as Exhibit Y. 52. Plaintiff is informed and believes and on that basis alleges that PKP ties licensing of its patents to the purchase of software and services from RSADSI, in an attempt to broaden the scope of its patents and monopolize the market for certain related software and services. 53. Defendants have organized an illegal secondary boycott of competitors. RSADSI has publicly distributed a "Sink Clipper" poster which urges people to boycott companies selling products based on a cryptographic technology other than that sold by RSADSI. It says: What you can do ... Boycott Clipper devices and the companies which make them exclusively: Don't buy anything with a Clipper chip in it. A copy of the text on the poster is attached as Exhibit Z. 54. Plaintiff has been developing software for the Tessera card, a device with Clipper chip technology. Plaintiff stands to suffer injury from RSADSI's secondary boycott if it kills the market for Tessera cards. 55. Defendants' conduct and tactics with regard to the PKP patents constitute patent misuse. 56. Plaintiff is informed and believes and on that basis alleges that defendants charge different royalties to different licensees, and use price discrimination to bolster their monopoly. 57. Defendants are in violation of antitrust laws with their monopolization tactics. 58. Defendants have defamed plaintiff by making allegations of patent infringement to third parties, in violation of libel laws and laws against unfair business practices. 59. Defendants concocted a joint scheme to fraudulently exaggerate the scope of their patents and deceive standards making bodies into drafting an RSA standard on or about April 6, 1990, the day the PKP partnership agreement in Exhibit A was consummated. Defendants formed an association - in-fact that constituted an "enterprise" within the meaning of 18 USC 1961(4). 60. Defendants intended to use the exaggerated patents and phony license promises to monopolize the public key cryptography market, with full knowledge of the ANSI and IEEE patent policies-and of the invalidity of the Hellman-Merkle patent. 61. Several of defendants' threats and fraudulent patent claims and threats were transmitted through the U.S. Mail, thus constituting mail fraud in violation of 18 USC 1341. One such letter, Exhibit R, was sent by registered mail on or about April 20, 1990. 62. PKP also sent Exhibits K and Q through the U.S. mail system. 63. Defendants have interfered with commerce, in violation of 18 USC 1951, with their predatory tactics, unwarranted threats, and other unfair business practices. 64. Plaintiff is informed and believes and on that basis alleges that defendants have engaged in extortion by using the threat of lawsuit to extract patent licensing fees, when in fact they knew the patent to be invalid. 65. Plaintiff has been damaged, as have others, by defendants' fraud, extortion, and interference with commerce. 66. Defendant PKP has conspired with defendant RSADSI to engage in a pattern of racketeering, in violation of the Racketeer Influenced and Corrupt Organizations (RICO) Act. 67. Plaintiff damages, in lost sales, contracts, and royalties, are estimated at $2 million. Much of this would have been interstate commerce, including royalties from ISC in Illinois. WHEREFORE, plaintiff prays for judgment as follows: 1. That defendants, defendants' agents, partners, servants, employees, and all others acting in concert or participating with them, be enjoined during the pendency of this action and permanently from further interference with plaintiff's business. 2. That defendants pay plaintiff $2 million in real and punitive damages, and that damages be trebled according to antitrust and RICO laws. 3. That defendants be required to comply with the ANSI and IEEE patent policies. 4. That defendants' patent claim on all public key technology be declared invalid. 5. That practice of ElGamal encryption does not infringe any PKP patents, whether those patents are valid or not. 6. That practice of the DSA does not infringe any PKP patents, whether those patents are valid or not. 7. That the Diffie-Hellman patent be declared invalid and unenforceable. 8. That the Hellman-Merkle patent be declared invalid and unenforceable. 9. That defendants be estopped from enforcing the RSA patent. 10. That defendants be enjoined from further libeling plaintiff. 11. That defendants supply a complete list of persons and businesses that they have given false or libelous information, and that they send written retractions to each party. 12. That defendant partnership PKP be dissolved, and its patent pool be divided and returned to each patent's rightful owner. 13. That plaintiff be compensated for court costs and legal fees. 14. That plaintiff have such other and further relief as is just and proper. Dated: July 26, 1994 By: Plaintiff, Roger Schlafly, Pro Se Roger Schlafly P0 Box 1680 Soquel, CA 95073 telephone: (408) 476-3550 -- End --------------------------------------------------------------------- From nobody at c2.org Mon Aug 15 20:08:25 1994 From: nobody at c2.org (Anonymous User) Date: Mon, 15 Aug 94 20:08:25 PDT Subject: Complaints: Cylink's complaint against RSA Message-ID: <199408160305.UAA10420@zero.c2.org> -- Cylink's complaint against RSA ------------------------------------------ Jon Michaelson, Esq., (State Bar No. 083815) Kurt H. Taylor, Esq., (State Bar No. 127077) Robert W. Ricketson, Esq., (State Bar No. 148481) HOPKINS & CARLEY A Law Corporation 150 Almaden Boulevard, Fifleenth Floor San Jose, California 95113-2089 Telephone: (408) 286-9800 Attorneys for Plaintiff CYLINK CORPORATION IN THE UNITED STATES DISTRICT COURT IN AND FOR THE NORTHERN DISTRICT OF CALIFORNIA CYLINK CORPORATION, Plaintiff, v. RSA DATA SECURITY, INC., Defendants. COMPLAINT FOR DECLARATORY JUDGMENT AND INJUNCTIVE RELIEF AND DEMAND FOR JURY TRIAL I . Plaintiff Cylink Corporation is incorporated under the laws of the State of California, and has its principal place of business therein. 2. Defendant RSA Data Security, Inc. ("RSADSI") is a corporation incorporated under the laws of the State of Delaware, and has its principal and a regular and established place of business a 100 Marine Boulevard, Redwood City, CA 94065. 3. Jurisdiction of this Court arises under the Federal Declaratory Judgments Act, Title 28, United States Code, Sections 2201 and 2202, and under the laws of the United States concerning actions relating to patents, Title 28, United States Code, Section 1338(a), as shown by the facts alleged below. 4. On September 20, 1983, U.S. Letter Patent No. 4,405,829 entitled "Cryptographic Communications System and Method" was issued to inventors and assignors R. Rivest, A. Shamir and L. Adleman ("the Patent"). 5. Cylink is informed and believes and on that basis alleges that in or about 1984 defendant RSADSI obtained an exclusive license to the Patent. 6. Cylink has made and/or offered for sale within the past six years and since the issuance of the said Letters Patent, certain encryption products. 7. Beginning in or about December 1993, RSADSI has charged that Cylink's manufacture and sale of said encryption products infringes the Patent and all claims thereof. On June 28, 1993, RSADSI delivered to Cylink's wholly- owned subsidiary, in this judicial district, a letter expressly stating RSADSI's intent to bring an infringement action against Cylink. A true and correct copy of RSADSI 's letter to Cylink dated June 29, 1994 is attached hereto as Exhibit A. 8. There is a substantial and continuing justiciable controversy between Cylink and RSADSI as to RSADSIs right to threaten or maintain suit for infringement of the Patent, and as to the validity, scope, and enforceability thereof, and as to whether any of Cylink's products infringes any valid claim thereof. 9. Cylink is informed and believes and on that basis alleges that the Patent is invalid unenforceable, and void, for one or more of the following reasons: (a) The alleged invention was not novel; (b) The differences (if any) between the alleged invention and the prior art were such that the alleged invention would have been obvious at the time made to a person having ordinary skill in the art; (c) The claims of the Patent, and/or the Patent as a whole, fails to meet one or more of the requirements of 35 U.S.C. section 1 12. (d) If there is any invention in the subject matter of the Patent, which is denied, the Patent nevertheless was not obtained in a manner consistent with the provisions of Title 35 of the United States Code. (e) The claims of the Patent are functional, indefinite, and are broader than the alleged invention as set forth in the specification of the Patent. 10. Cylink will seek leave of court to amend this complaint to assert such additional grounds for invalidity as may be ascertained and shall give such notice prior to trial as may be required by 35 U.S.C. section 282 of the matters specified therein. 11. Cylink is informed and believes and on that basis alleges that its encryption products do not infringe on the Patent or its claims. 12. Cylink is informed and believes and on that basis alleges that the Patent is unenforceable for reasons including, but not necessarily limited to the following: (a) RSADSI, with full knowledge of the activities of Cylink, has failed to assert the Patent for a period of 3 years while Cylink invested time and money in building its business and goodwill, and RSADSI is now guilty of laches and cannot maintain any cause of action against plaintiff under the Patent. (b) Pursuant to certain written agreements, RSADSI has obligated itself to license Cylink to make, use, and sell products employing all inventions claimed in the patent, and is therefore estopped from asserting the Patent against Cylink. True and correct copies of these agreements are attached hereto and incorporated in this complaint as Exhibits B and C. 13. RSADSI has denied that it is obligated to license Cylink as alleged in paragraph 12(b) above. Cylink and its wholly owned subsidiary have initiated an arbitration proceeding against RSADSI pursuant to the written agreements between the parties. By bringing this suit, as it has been forced to do in order to protect itself against the threat of litigation by RSADSI, Cylink does not waive its right to a determination through contractually mandated arbitration that RSADSI is obligated to grant to Cylink a license to the Patent according to the terms of the parties' agreements. WHEREFORE, plaintiff demands: (a) Entry of judgment that RSADSI is without right or authority to threaten or to maintain suit against plaintiff or its customers for alleged infringement of Letters Patent No. 4,405,829; that the Patent is invalid, unenforceable, and void in law; and that the Patent is not infringed by Cylink because of the making, selling, or using of any products made, sold, or used by Cylink. (b) Entry of a preliminary injunction enjoining RSADSI, its officers, agents, servants. employees, and attorneys, and those persons in active concert or participation with it who receive actual notice thereof from initiating infringement litigation and from threatening Cylink or any of its customers, dealers, agents, servants, or employees, or any prospective or present seller, dealer, or use of Cylink's products, with infringement litigation or charging any of them either verbally or in written with infringement of Letters Patent No. 4,405,829 because of the manufacture, use, sale, or offering for sale of products made by Cylink, to be made permanent following trial. (c) Entry of judgment for its costs and reasonable attorney fees incurred by Cylink herein. (d) Such other and further relief as the Court may deem appropriate. DATED: June 30, 1994 HOPKINS & CARLEY A Law Corporation BY: Kurt H. Taylor, Esq. Attorneys for Plaintiff CYLINK CORPORATION DEMAND FOR JURY TRIAL Cylink hereby demands trial by jury of all issues triable of right by jury. DATED: June 30, 1994 HOPKINS & CARLEY A Law Corporation By Kurt H. Taylor, Esq. Attorneys for Plaintiff CYLINK CORPORATION -- End --------------------------------------------------------------------- From die at pig.jjm.com Mon Aug 15 20:54:39 1994 From: die at pig.jjm.com (Dave Emery) Date: Mon, 15 Aug 94 20:54:39 PDT Subject: RemailNet In-Reply-To: <199408131519.LAA00496@pipe1.pipeline.com> Message-ID: <9408160357.AA07803@pig.jjm.com> > > > Responding to msg by nobody at kaiwan.com (Anonymous) on Sat, 13 > Aug 8:2 AM > > If you have a public reference on *any* limitation of NSA's > operations please post here or send by email. > There is indeed a NSA charter which has recently been published due, in part, as I understand it to the efforts of John Gilmore. But most of the actual detailed operational guidelines are contained in classified executive national security directives, most of which have not been revealed publicly even in vague terms. More significant however is the Foreign Intelligence Surveillance act of 1978 as amended and the ECPA (of 1986 as amended). These two Federal laws substantially tighten the definitions of permissable national security wiretapping (and later also radiotapping in the ECPA) which were originally contained in the Omnibus Crime and Safe Streets act of 1968. That is the law that for the first time spelled out the terms and conditions under which the government could legally intercept communications. (All of this is contained in title 18 of the Federal criminal code around about section 2100.) Dave Emery From claborne at microcosm.sandiegoca.NCR.COM Mon Aug 15 21:07:07 1994 From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris) Date: Mon, 15 Aug 94 21:07:07 PDT Subject: Codes, Keys and Conflicts: Issues in U.S Crypto Policy, Message-ID: <2E503314@microcosm.SanDiegoCA.NCR.COM> A panel of experts convened by the nation's foremost computing society today released a comprehensive report on U.S. cryptography policy. The report, "Codes, Keys and Conflicts: Issues in U.S Crypto Policy," is the culmination of a ten-month review conducted by the panel of representatives of the computer industry and academia, government officials, and attorneys. The 50-page document explores the complex technical and social issues underlying the current debate over the Clipper Chip and the export control of information security technology. Look at WWW page "http://Info.acm.org/reports/acm_crypto_study.html" ... __o .. -\<, chris.claborne at sandiegoca.ncr.com ...(*)/(*). CI$: 76340.2422 PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA Avail on Pub Key server. From CCGARY at MIZZOU1.missouri.edu Mon Aug 15 21:14:37 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Mon, 15 Aug 94 21:14:37 PDT Subject: PGP2.1 last pgp version not broken? rumors Message-ID: <9408160414.AA13275@toad.com> PGP versions after 2.1 broken? In conversation with a student computer site manager, I was told that all pgp versions after pgp2.1 had been broken. I pressed the kid for info.. He said that the matter had been settled on "alt.2600" & on "sci.cryptology". This is probably just loose talk but if anybody would like they could issue a challenge on these 2 newsgroups. It might help to squash rumors. I could get no more info. out of him. Yours Truly, Gary Jeffers From warlord at MIT.EDU Mon Aug 15 21:20:39 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Mon, 15 Aug 94 21:20:39 PDT Subject: Bug in PgP2.6?? SWITCH TO 2.6ui!! In-Reply-To: Message-ID: <9408160420.AA06656@cacciatore.MIT.EDU> It was introduced in 2.6 -- 2.6ui doesn't have this particular problem. There was a one-character patch sent along with the original mail describing the problem; in randpool.c the function xor_bytes is missing a "^" character. This was described fully in the mail. We expect that the next release of 2.6 will be the _final_ release of this code tree, and that future releases will be based on rewritten code. But I cannot guarantee that, it is onoly a hope (and a plan), not a way of life. -derek -- who is answering mail while on Vacation! From warlord at MIT.EDU Mon Aug 15 21:25:14 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Mon, 15 Aug 94 21:25:14 PDT Subject: pubring In-Reply-To: <9408132138.AA29928@runner.utsa.edu> Message-ID: <9408160425.AA06753@cacciatore.MIT.EDU> You can still ftp the keyring from: ftp://toxicwaste.mit.edu/pub/keys/public-keys.pgp This will still be good after Sept. 1, since old-version keys will still be good (just that old-version programs wont read new-version keys, but that does affect the keyserver nor the keyrings) -derek ---Why am I online during vacation? From adam at bwh.harvard.edu Mon Aug 15 22:05:20 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 15 Aug 94 22:05:20 PDT Subject: POST:Gaining ISDN Privacy with data encryption In-Reply-To: <2E4BF2DC@microcosm.SanDiegoCA.NCR.COM> Message-ID: <199408160505.BAA09790@bwh.harvard.edu> | REMEMBER: What fallows is a direct quote from the zine. | | ------------------------------------------------------------ | Communications News - August, 1994 | Gaining ISDN Privacy with data encryption | by Kevin Tanzillo | | Wunnava V. Subbarao, professor of electrical and computer engineering | Florida International University (FIU), along with research associate Irma | B. Fernandez, wrote a paper on testing and evaluating encryption based data | security in the ISDN environment. Does anyone know where this was published, or where I might be able to pick up a draft? Adam From lile at art.net Mon Aug 15 22:55:41 1994 From: lile at art.net (Lile Elam) Date: Mon, 15 Aug 94 22:55:41 PDT Subject: Bay Area Gnu Picnic... Message-ID: <199408160553.WAA11965@art.net> Bay Area GNU Picnic! Who: People who like or work on the GNU system. Perhaps you. What: A GNU picnic on the beach. With grill, music, and filking. When: Sunday August 21 from 4pm pm to sunset and beyond. Where: Half Moon Bay beach. More precisely, ... Take 280 to 92 West heading towards Half Moon Bay. Once you reach Half Moon Bay, 92 will dead-end into Highway 1. Turn left on Highway 1 and follow til the next stop light. Turn right and follow this road to the end. The HalfMoon Bay State Park Beach is on your left. There is a $4.00 cover charge to get in but once paid, will let you in to any other state beach for that day. So, one could puruse the beaaches before coming to the GNU Picnic. Half Moon Bay is north of Sante Cruz and south of San Francisco. Why: To have fun and get to know other people who use and work on GNU. Please bring: * Musical instruments. (ie. drums, flutes, and anything that makes a noise) * Frisbies and other suitable toys. * CDs and tapes to play. unset and beyon. * Blankets and towels for swimming (it's gonna be cold though :). * Food. Bring something you'd like to grill. Also bring another item according to your last name. If your last name starts with A through H, bring cooked veggies or salad. If your last name starts with I through P, bring dessert. If your last name starts with Q through Z, bring two quarts of a non-alcoholic beverage. If your last name starts with anything else, bring a dragon to grill the food. (If no one brings a dragon, we'll use charcoal.) Note that there are some fresh fish stores in Half Moon Bay and there is also a fresh veggie stand on the road to the beach. So you could possibly pick up something to bring "on the way". Note: tabouli containing more cracked wheat than parsley is strictly forbidden! ---------------------------------------------------------------------- From mpd at netcom.com Mon Aug 15 23:06:33 1994 From: mpd at netcom.com (Mike Duvos) Date: Mon, 15 Aug 94 23:06:33 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408160606.XAA22778@netcom7.netcom.com> Timothy C. May writes: > I would encourage people *not* to do "Yet Another Digicash > Experiment." > We've had several, and the problems of digital cash lie in > the *launch* of viable, robust systems, not in casual, > doomed-to-not-be-successful efforts. (Pr0duct Cypher's > "Magic Money" system was considerably better programmed than > most such experiments, and yet nobody would bother to try to > use it. A less here.) I haven't seen a Tacky Token in months, although there was quite a bit of activity when I first made my server available. Although I haven't heard how the other servers are doing, I would expect interest has trailed off there as well. The problem with practical digital cash lies not in the mathematics, but in the financial and legal arenas. It is very difficult to convince a real financial institution with deep pockets to underwrite a potentially unlimited liability for itself. I suspect that for the forseeable future, digital cash will take the smartcard route, and that money which can anonymously traverse cyberspace in large denominations will not be forthcoming. It is also unlikely that faith of financial institutions in supposedly unbreakable mathematics has been enhanced by the recent one-line fix announced for the DSS. Still, I look forward to the first person brave enough to attach a hard currency value to anonymous cyberbucks. It may actually make hacking a worthwhile pursuit again. -----Begin Totally Unrelated Topic----- BTW, Thinking Machines Inc. went Chapter 11 today and dismissed one third of its work force. They are blaming the end of the Cold War for their problems. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From nobody at c2.org Tue Aug 16 00:20:31 1994 From: nobody at c2.org (Anonymous User) Date: Tue, 16 Aug 94 00:20:31 PDT Subject: Complaints: RSA's motion to dismiss Cylink complaint Message-ID: <199408160405.VAA10595@zero.c2.org> -- RSA's motion to dismiss the Cylink complaint ------------------------------ JAMES R. BUSSELLE (SBN 75980) THOMAS E. MOORE III (SBN 115107) MARY O'BYRNE, (SBN 121067) TOMLINSON, ZISKO, MOROSOLI & MASER 200 Page Mill Road, Second Floor Palo Alto, California 94306 Telephone: (415) 325-8666 Attorneys for Defendant RSA Data Security, Inc. UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA CYLINK CORPORATION, Plaintiff, vs . RSA DATA SECURITY, INC., Defendant. CASE NO.: C 94 02332 CW NOTICE OF MOTION TO DISMISS UNDER RULE 12(b)(7) DATE: September 9, 1994 TIME: 10:30 a.m. BEFORE: Hon. Claudia Wilken TO THE PLAINTIFF AND ITS COUNSEL OF RECORD: PLEASE TAKE NOTICE that on September 9, 1994 at 10:30 a.m., or as soon thereafter as counsel may be heard by the above entitled Court, located at 450 Golden Gate Avenue, San Francisco, California, defendant RSA Data Security, Inc. will and hereby does move the Court to dismiss the action pursuant to Federal Rule of Civil Procedure 12(b)(7) for failure to join parties under Federal Rule of Civil Procedure 19. Such motion will be made on the grounds that Caro-Kann Corporation, Public Key Partners, the Massachusetts Institute of Technology and Stanford University are necessary parties to the action within the meaning of Rule l9(a). This motion is based on this Notice of Motion, the accompanying Memorandum of Points and Authorities, the Declaration of D. James Bidzos, all pleadings and papers on file in this action, and other such other matters as may be presented to the Court at the time of the hearing. Dated: July 25, 1994 TOMLINSON, ZISKO, MOROSOLI & MASER By Thomas E. Moore III Attorneys for Defendant RSA Data Security, Inc. -- Arguments supporting RSA's move for dismissal --------------------------- JAMES R. BUSSELLE (SBN 75980) THOMAS E. MOORE III (SBN 115107) MARY O'BYRNE, (SBN 121067) TOMLINSON, ZISKO, MOROSOLI & MASER 200 Page Mill Road, Second Floor Palo Alto, California 94306 Telephone: (415) 325-8666 Attorneys for Defendant RSA Data Security, Inc. UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA CYLINK CORPORATION, Plaintiff, vs. RSA DATA SECURITY, INC., Defendant. CASE NO.: C 94 02332 CW MEMORANDUM OF POINTS AND AUTHORITIES IN SUPPORT OF MOTION TO DISMISS UNDER RULE 12(b)(7) DATE: September 9, 1994 TIME: 10:30 a.m. BEFORE: Hon. Claudia Wilken TABLE OF CONTENTS I. INTRODUCTION AND ISSUES PRESENTED II. STATEMENT OF FACTS III. ARGUMENT A. Rule 19 is Designed to Protect the Interests of Absent Parties Whose Rights May be Impaired If the Action were to go Forward Without them B. MIT and PKP are Necessary Parties Because They Each Hold Substantial Rights to the MIT Patent, Including the Right to Bring an Infringement Action Against Cylink C. CKC and Stanford are Necessary Parties Because Each has an Interest that Would be Impaired if the MIT Patent were Held Invalid, and Their Relationship to Cylink is Such that RSA Could Not Adequately Represent Their Interests IV. CONCLUSION TABLE OF AUTHORITIES CASES CP National Corp. v. Bonneville Power Admin., 928 F.2d 905 (9th Cir. 1991) Caldwell Manufacturing Co. v. Unique Balance Co.. Inc., 18 F.R.D. 258, 108 U.S.P.Q. 7 (S.D.N.Y. 1955) Channel Master Corp. v. JFD Electronics Corp., 260 F. Supp. 568, 152 U.S.P.Q. 687 (E.D.N.Y. 1967) Classic Golf Co. v. Karsten Manufacturing Co., 231 U.S.P.Q. 884 (N.D. Ill. 1986) Dentsply International Inc. v. Centrex. Inc., 553 F. Supp. 289, 220 U.S.P.Q. 948 (D.-Del. 1982) Diamond Scientific Co. v. Amico. Inc., 848 F.2d 1220 (Fed. Cir. 1988) Lear. Inc. v. Adkins, 395 U.S. 653 (1969) Messerschmitt-Boelkow-Blohm GmbH. v. Huqhes Aircraft Co., 483 F. Supp. 49, 208 U.S.P.Q. 643 (S.D.N.Y. 1979) Micro-Acoustics Corp. v, Bose Corp., 493 F. Supp. 356, 207 U.S.P.Q. 378 (S.D.N.Y. 1980) Shermoen v. United States. 982 F.2d 1312 (9th Cir. 1992) United Mine Workers of America v. Gibbs, 383 U.S. 715 (1966) Waterman v, MacKenzie, 138 U.S. 252 (1891) STATUTES AND RULES Federal Rule of Civil Procedure 12(b)(7) Federal Rule of Civil Procedure l9(a) Federal Rule of Civil Procedure l9(b) MISCELLANEOUS 6 Chisum, Patents, � 21.03[4], pp. 21-300 21-301 (1993) 3A Moore, Moore's Federal Practice, 119.05[2], p. 19.78 (2d ed. 1993) 3A Moore, Moore's Federal Practice, 119.07-1, p. 19.90-1 (2d ed. 1993) 3A Moore, Moore's Federal Practice, 1 19.07[2.--1], p. 19.103 (2d ed. 1993) I. INTRODUCTION AND ISSUES PRESENTED This is a declaratory relief action to invalidate a patent that permits the coding or "encryption" of computer data transmissions. Prior to 1990, the plaintiff, Cylink Corporation ("Cylink") was in the data encryption market as a manufacturer of computer hardware, operating under a license to the so-called "Stanford Patents." The defendant, RSA Data Security, Inc. ("RSA"), was in the data encryption market as a software manufacturer, operating under a license to the so-called "MIT Patent." The MIT Patent is the subject of this invalidation action. In 1990, at Cylink's instigation, Cylink and RSA created complex inter- relationships between each other, Stanford University ("Stanford") and the Massachusetts Institute of Technology ("MIT") to exploit the licensing potential of both sets of patents. Two new entities were created: Caro-Kann Corporation ("CKC"), a wholly-owned subsidiary of Cylink; and Public Key Partners ("PKP"), a partnership between Cylink/CKC and RSA, whose sole assets consist of the licensing rights to both sets of patents. By filing this action, Cylink not only seeks to pull the thread that unravels these inter-relationships but also hopes to do so in the absence of PKP, CKC, MIT and Stanford. Because (i) PKP and MIT hold significant rights to the MIT Patent, including the right to bring infringement actions and (ii) the action stands to impair the interests of CKC and Stanford, the action must be dismissed under Federal Rule of Civil Procedure 12(b)(7), subject to the joinder of those parties as necessary parties under Rule l9(a).[1] II. STATEMENT OF FACTS RSA is a local company operating out of Redwood City, California. RSA develops, markets and distributes encryption software. Encryption software utilizes complex mathematical formulas or algorithms to create unbreakable codes for securing computer communications, such as data transmissions over telephone lines via modems, from eavesdropping. [2] RSA has been a pioneer in the field of developing encryption software and has worked in this field since 1982, when it was first formed. (Bidzos Decl. 11 2, 3). The founders of RSA were three scientists from MIT, Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman (the letters "RSA" are the initials of those three men). Together, they invented an algorithm which makes it possible to secure data transmissions. This algorithm was patented on September 20, 1983 as U.S. Letter Patent No. 4,405,829 and entitled "Cryptographic Communications System and Method" (the "MIT Patent"). Rivest, Shamir and Adleman assigned the patent to MIT. MIT owned, and continues to own, the MIT Patent. (Bidzos Decl., 1 4) Rivest, Shamir and Adleman formed RSA, and MIT granted RSA an exclusive license to the MIT Patent. RSA has paid royalties to MIT ever since. (Bidzos Decl., 1 5) After an initial slow period, RSA grew to be successful. It developed and marketed an "end user" product called "MailSafe in 1986 and sold thousands of copies. It also developed a software tool kit which was first sold to Lotus Corporation in 1986 and has since been sold to many other companies who have acted as original equipment manufacturers or "OEM's." RSA also sold patent licenses for use of the MIT Patent to a modem company called Racal and also to Motorola and Digital Equipment. (Bidzos Decl., 1 6). During 1987 and 1988, representatives from Stanford began to claim that RSA's MIT Patent rights could not be used by RSA or anyone else without infringing patent rights owned by Stanford (the "Stanford Patents). This dispute was resolved when Stanford licensed rights to its patents to MIT, and MIT in turn passed on those rights to RSA. In exchange for those rights, Stanford received from MIT a portion of the royalty payments that RSA had been paying to MIT for RSA's use of the MIT Patent. (Bidzos Decl., 1 7) It was at this point that plaintiff Cylink appeared on the scene. Cylink is primarily a hardware manufacturer -- it builds computer chips that are used in the data encryption process and markets them to others for incorporation in hardware products eventually sold to the end user customers. Before Stanford agreed to license rights to the Stanford Patents to MIT, Cylink and only a very few other companies had license rights to the Stanford Patents. (Bidzos Decl., 1 8). Cylink was very concerned when it discovered that RSA had acquired rights to the Stanford Patents through MIT. On or about October 17, 1989, Cylink's Chief Executive Officer, Lew Morris ("Morris"), first approached RSA by calling Bidzos on the telephone. Morris threatened to sue RSA unless a deal could be reached by which Cylink would purchase RSA. From this inauspicious beginning, the discussions eventually lead to how RSA and Cylink might work together. (Bidzos Decl., 1 9) The parties' discussions culminated in an Agreement of Intent entered into on April 6, 1990. Under that Agreement, Cylink and RSA each agreed to give up the rights to license and sublicense their respective patent rights in the MIT and Stanford Patents and vest those rights in a new partnership, PKP, exclusively. (Bidzos Decl., 1 10, Ex. A). The two partners in PKP are RSA and CKC, a wholly-owned subsidiary of Cylink. The sole assets of PKP are the licensing rights to the MIT and Stanford Patents. [3] (Bidzos Decl., 1 11). As part of the formation of PKP, the royalty payments owed to Stanford and MIT were simplified. To accomplish this, RSA and Cylink entered into amendments to their respective license agreements with MIT and Stanford. Under the terms of those amendments, first, the direct license arrangement between Stanford and MIT was essentially nullified. Second, while RSA remained obligated to pay royalties to MIT, and Cylink/CKC remained obligated to pay royalties to Stanford, the royalties owed to each university were based on PKP's unsegregated revenues from both the Stanford and MIT Patents: RSA pays MIT a percentage of PKP's distributions to RSA, and Cylink/CKC pays Stanford a percentage of PKP's distributions to Cylink/CKC.4 (Bidzos Decl., 11 12, 13, Exs. B, C). The-amendment to the MIT Patent license governs the various parties' rights to sue for patent infringement of the MIT Patent. Under Section 8 of that amendment: (a) PKP may institute an infringement action and join RSA and MIT (costs borne by PKP); (b) PKP and MIT may jointly bring such an action and join RSA (costs shared by PKP and MIT); (c) PKP and RSA may jointly bring such an action and join MIT (costs shared by PKP and RSA); (d) MIT may institute such an action with PKP's consent; and (e) RSA may institute such an action and join PKP and MIT (costs borne by RSA). (Bidzos Decl., Ex. B, pp. 13-14). Footnotes: [1] Under Rule 12(b)(7), an objection to a plaintiff's failure to join a party under Rule 19 may be made by motion before pleading. 3A Moore, Moore's Federal Practice, 119-05[2]. p. 19.78 (2d ed. 1993). [2] To explain the function of RSA's software, RSA's President, D. James Bidzos ("Bidzos"), describes unprotected computer communications as the electronic equivalent of typewritten postcards -- such communications can be read by anybody, and no one can be sure who wrote them. RSA sells the equivalent of signatures, so that the writer can be verified, and the equivalent of envelopes, so the messages cannot be read except by those to whom they are addressed. (Bidzos Decl., 1 2). [3] RSA and Cylink did not part with all of their rights to their respective patents. RSA and Cylink retained their right to continue to conduct business as they had done previously. RSA continued to market encryption software, and Cylink continued to market hardware incorporating data encryption technology. (Bidzos Decl., 1 11). [4] RSA, PKP, Cylink, CKC, MIT and Stanford are the principal parties with a vested interest in the validity of the MIT Patent because of the royalty revenue that such Patent generates for them. In addition, two other absent parties, David P. Newman, a Washington D.C. patent lawyer, and Prof. Martin E. Hellman, a Stanford professor, also receive royalties based on the MIT Patent and also have a vested interest in the validity of the MIT Patent. Because of uncertainty about the exact arrangement regarding their receipt of royalties, RSA is not seeking their joinder at this time. (Bidzos Decl., 1 14). III. ARGUMENT A. Rule 19 is Designed to Protect the Interests of Absent Parties Whose Riqhts May be Impaired If the Action were to Go Forward Without them. Federal Rule of Civil Procedure 19(a) authorizes joinder of "necessary" parties to the action. [5] Rule l9(a) states in pertinent part: (a) Persons to be Joined if Feasible. A person who is subject to service of process and whose joinder will not deprive the court of jurisdiction . . . shall be joined as a party in the action if (1) in the person's absence complete relief cannot be accorded among those already parties, or (2) the person claims an interest relating to the subject of the action and is so situated that the disposition of the action in the person's absence may (i) as a practical matter impair or impede the persons ability to protect that interest or (ii) leave any of the persons already parties subject to a substantial risk of incurring double, multiple, or otherwise inconsistent obligations . . . . Thus, Rule 19 is designed to protect the interests of absent parties, as well as those already before the court, from multiple litigation, inconsistent judicial determinations or the impairment of interests or rights. CP National Corp. v. Bonneville Power Admin., 928 F.2d 90S, 911 (9th Cir. 1991). A persons status as a necessary party is not judged by any precise formula, but depends on the context of the particular litigation. CP National, 928 F.2d at 912. However, "Under the Rules, the impulse is toward entertaining the broadest possible scope of action consistent with fairness to the parties; joinder of claims, parties and remedies is strongly encouraged." United Mine Workers of America v. Gibbs, 383 U.S. 715, 724 (1966). Necessary-parties have therefore been described as: [T]hose `[p]ersons having an interest in the controversy, and who ought to be made parties, in order that the court may act on that rule which requires it to decide on, and finally determine the entire controversy, and do complete justice, by adjusting all the rights involved in it.' CP National, 928 F.2d at 912 (quoting Shields v. Barrow, 58 U.S. 130, 139 (1855)). The context of this particular litigation requires joinder of PKP, CKC, MIT and Stanford as defendants. PKP and MIT are holders of substantial rights to the MIT Patent, including the right to bring infringement actions. CKC and Stanford receive significant revenues from the MIT Patent which would be lost if the patent were to be invalidated. Moreover, CKC and Stanford's relationship to Cylink is unique to them and cannot be adequately represented by RSA. B. MIT and PKP are Necessary Parties Because They Each Hold Substantial Riqhts to the MIT Patent. Including the Right to Bring an Infringement Action Against Cylink. MIT and PKP are necessary parties. MIT is the patent owner. MIT, PKP and RSA have substantial rights to the MIT Patent, including the significant right to bring infringement actions, subject to the other parties' right to join and share the costs of suit. "Generally, the patent owner is an indispensable party to a declaratory judgment action." Classic Golf Co. v. Karsten Manufacturing Co., 231 U.S.P.Q. 884, 886 (N.D. Ill. 1986). The issue becomes more complex, however, when the patent owner transfers some kind of interest to a third party, who is then sued to invalidate the patent. Dentsply International Inc. v. Centrex. Inc., 553 F. Supp. 289, 293-4, 220 U.S.P.Q. 948 (D. Del. 1982). At one extreme, the interest that the patent owner transferred is deemed to be a license, and the patent owner is deemed to be a necessary party to the invalidation action. Id. At the other extreme, the interest transferred is deemed to be an assignment, and the patent holder is not considered to be a necessary party. Dentsply, 553 F. Supp. at 294; see generally Waterman v. MacKenzie, 138 U.S. 252, 255 (1891). The rationale of the latter situation is that the patent owner suffers no prejudice from a judgment of invalidity in its absence, if the patent owner has entrusted the assignee with the right to protect its interests by suing for infringement. Messerschmitt-BoelRow-Blohm GmbH. v. Hughes Aircraft Co., 483 P. Supp. 49, 52, 208 U.S.P.Q. 643 (S.D.N.Y. 1979). As the Dentsply court acknowledged, many cases, such as the present one, fall between the two extremes. DentsDly, 553 F. Supp. at 294. The Dentsdlv court added, however, that the court's task is simplified if the agreement between the parties allocates the right to sue and be sued on the patent. Id. The allocation of the right to sue for infringement under the parties' agreement is the "true test" that determines the identities of the necessary parties. Channel Master Corws. v. CFD Electronics CorD., 260 F. Supp. 568, 572, 152 U.S.P.Q. 687 (E.D.N.Y.-1967)(action dismissed for lack of an indispensable party because defendant licensee could not bring suit for infringement until after the absent patent owner had declined to do so); Caldwell Manufacturing Co. v. Unique Balance Co.. Inc., 18 F.R.D. 258, 263-4, 108 U.S.P.Q. 7 (S.D.N.Y. 1955); 6 Chisum, Patents, � 21.03[4], pp. 21-300 - 21-301 (1993)("Thus, a person is a proper party defendant if but only if that person had standing to sue the plaintiff for infringement"). In this case, none of the parties had an independent, unconditional right to instigate litigation without offering the others the opportunity to join and share the expenses of litigation. PKP, RSA and MIT each retained the right to join and take part. Because of these mutual rights, each is a necessary party in this action to invalidate the MIT Patent. [6] C. CKC and Stanford are Necessary Parties Because Each has an Interest that Would be Impaired if the MIT Patent were Held Invalid. and Their Relationship; to Cylink is Such that RSA Could Not Adequately represent Their Interests. CKC and Stanford are also necessary parties. [7] CKC and Stanford admittedly lack standing to bring a patent infringement action against Cylink. Nevertheless, both have important interests that would be impaired by this action, and RSA could not adequately represent those interests. In addition, as a practical matter, the inter-relationship of the various parties in this case counsels in favor of CKC's and Stanford's joinder. The issue of whether a person is a necessary party under Rule l9(a) depends first, on whether such person has an interest that is impaired by the suit and second, on whether such impairment may be minimized if the absent party is adequately represented in the suit. Shermoen v. United States, 982 F.2d 1312, 1318 (9th Cir. 1992). In determining whether a persons interest is impaired, it is not necessary that the judgment be binding on that person in a technical sense; it is enough that as a practical matter that person's rights will be affected. 3A Moore, Moore's Federal Practice, 1 19.07[2.-- 1], p. 19.103. CKC and Stanford's rights would be impaired if this action were to go forward in their absence. Both CKC and Stanford are the beneficiaries Cylink's entry into the Agreement of Intent and transfer of the Stanford Patents to PKP. (Bidzos Decl., Ex. A). Both CKC and Stanford derive significant royalty income from PKP's rights to the MIT Patent. Both CKC and Stanford would lose those royalties if Cylink prevails and invalidates the MIT Patent. RSA cannot adequately represent the interests of CKC and Stanford. CKC and Stanford's relationship to Cylink is unique. Implicit in Cylink's formation of PKP to exploit the MIT Patent were Cylink's representations to CKC and Stanford that the MIT Patent was-valid and that Cylink would protect, not defeat, its validity. Stanford in particular relied to its detriment on Cylink's formation of PKP by waiving its independent right to royalties directly from MIT. (Bidzos Decl., 11 7, 13). Thus, Stanford and CKC may have their own unique estoppel defense to the present action.[8] Finally, as a practical matter, the inter-relationships among the parties make this more than a simple patent case. If this case is to be resolved in a reasonable length of time, then all the parties and all the issues should be before this Court. Because of this, RSA urges the Court to err in favor of joinder with respect to CKC and Stanford. Footnotes: [5] Rule 19 distinguishes between necessary" parties under subdivision (a) and "indispensable" parties under subdivision (b). The court must first determine whether an absent person is a "person to be joined if feasible" pursuant to subdivision (a). If joinder is feasible, a ruling as to the person's indispensability under subdivision (b) is not required, since subdivision (b) comes into play only where joinder is not feasible. 3A Moore, Moore's Federal Practice, 119.07-1, p. 19.90-1 (2d ed. 1993). RSA is not aware of any reason why joinder of CKC, PKP, MIT and Stanford would not be feasible. It is therefore unnecessary to analyze whether any of those parties are indispensable under Rule l9(b). [6] This express allocation of the right to sue for infringement distinguishes this case from cases such as Micro-Acoustics Corp. v. Bose CorD., 493 F. Supp. 356, 207 U.S.P.Q. 378 (S.D.N.Y. 1980), in which the patent owner retained no right, conditional or otherwise, to institute an action for infringement. [7] RSA intends through its answer and counter-claim to assert that CKC and Cylink are alter-egos of each other. RSA is not, by this motion, asserting that Cylink is under any obligation to sue itself. This motion only requires Cylink to be consistent. If Cylink believes that CKC is an independent party, then Cylink should join CKC as a party defendant. If Cylink concedes that CKC is not an independent party, then RSA is willing to accept such concession and drop its request that CKC be joined. [8] The use of estoppel as a defense to an action to invalidate a patent is complex and involves a balancing between private contractual rights and the public interest in freeing the use of ideas from the monopoly of invalid patents. Lear. Inc. v. Adkins, 395 U.S. 653 (1969)(invalidating "licensee estoppel"); Diamond Scientific Co. v. Amico, Inc., 848 F.2d 1220 (Fed. Cir. 1988)(upholding "assignor estoppel"). Stanford and CKC's potential estoppel defense does not fall neatly within the doctrines examined in either Lear or Diamond Scientific. The legitimacy of that defense cannot be properly raised and considered unless Stanford and CKC are made party defendants. IV. CONCLUSION Joinder of parties is strongly encouraged. Joinder of the absent parties in this case i9 feasible. MIT and PKP should be joined because of their substantial rights in the MIT Patent. CKC and Stanford should be joined because of the potential impairment of their rights and the inability of RSA to protect those rights adequately. For these reasons and those set forth above, RSA respectfully urges the Court to grant this motion. Dated: July 25, 1994 TOMLINSON, ZISKO, MOROSOLI & MASER Attorneys for Defendant RSA Data Security, Inc. PROOF OF SERVICE CYLINK CORPORATION V. RSA DATA SECURITY, INC. UNITED STATES DISTRICT COURT, NORTHERN DISTRICT OF CALIFORNIA CASE NO: C 94 02332 CW STATE OF CALIFORNIA, COUNTY OF SANTA CLARA I am employed in the County of Santa Clara, State of California. I am over the age of 18 and not a party to the within action. My business address is 200 Page Mill Road, Second Floor, Palo Alto, California 94306. On July 25, 1994, I served the following documents: MEMORANDUM OF POINTS AND AUTHORITIES IN SUPPORT OF MOTION TO DISMISS UNDER Rule 12(b)(7) to the following: Liza X. Toth, Esq. Jon Micha-lson, Esq. Hopkins & Carley 150 klmaden Boulevard, 15th Fl. San Jose, California 95113-2089 [X] BY MAIL [ ] I deposited such envelope in the mail at Palo Alto, California. The envelope was mailed with postage thereon fully prepaid. [X] As follows: I am readily familiar with the firm's practice of collection and processing correspondence for mailing. Under that practice it would be deposited with the U.S. postal service on that same day with postage thereon fully prepaid at Palo Alto, California in the ordinary course of business. I am aware that on motion of the party served, service is presumed invalid if postal cancellation date or postage meter date is more than one day after date of deposit for mailing in affidavit. Executed on July 25, 1994, at Palo Alto, California. [X] STATE: I declare under penalty of perjury under the laws of the State of California that the above is true and correct. [ ] FEDERAL: I declare that I am employed in the office of a member of the bar of this Court at whose direction the service was made. Sharon L. Sotelo -- End --------------------------------------------------------------------- From jdd at aiki.demon.co.uk Tue Aug 16 03:19:52 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 16 Aug 94 03:19:52 PDT Subject: Are "they" really the enemy? (fwd) Message-ID: <6149@aiki.demon.co.uk> message forwarded at John's request follows: > From jdblair at tenagra.sas.muohio.edu Mon Aug 15 20:51:15 1994 > Received: from post.demon.co.uk by aiki.demon.co.uk with SMTP > id AA6112 ; Mon, 15 Aug 94 20:51:06 BST > Received: from post.demon.co.uk via puntmail for jdd at aiki.demon.co.uk; > Tue, 16 Aug 94 03:29:21 GMT > Received: from tenagra.sas.muohio.edu by post.demon.co.uk id aa07959; > 16 Aug 94 4:10 GMT-60:00 > Received: by phoenix.aps.muohio.edu (AIX 3.2/UCB 5.64/4.03) > id AA13160; Mon, 15 Aug 1994 23:10:53 -0400 > From: Shalder Flow > Message-Id: <9408160310.AA13160 at phoenix.aps.muohio.edu> > Subject: Re: Are "they" really the enemy? > To: jdd at aiki.demon.co.uk > Date: Mon, 15 Aug 1994 23:10:52 -0400 (EDT) > In-Reply-To: <6011 at aiki.demon.co.uk> from "Jim Dixon" at Aug 15, 94 05:23:43 pm > X-Mailer: ELM [version 2.4 PL22] > Mime-Version: 1.0 > Content-Type: text/plain; charset=US-ASCII > Content-Transfer-Encoding: 7bit > Content-Length: 3835 > Status: R > > > > > In message <940815.080301.3B8.rusnews.w165w at sendai.cybrspc.mn.org> "Roy M. Silvernail" writes: > > > > I am an agnostic. I don't believe that 'they' exist. I believe that > > > > you have a system staffed by a random selection of the American > > > > population, somewhat skewed because people have some control over > > > > what area they work in. To work with a system, you need to understand > > > > it objectively, you need something more than incantations. > > > > > > You've been pressing this point for some time. I think the fundamental > > > flaw in your reasoning is that you are assuming the system to be the sum > > > of its parts. That's not the case, though. > > > > What I said was : "to work with a system, you need to understand it > > objectively". Then your reply was : "the fundamental flaw in your > > reasoning is ..." > > > > I did not 'reason', I said that it was necessary to reason rather than > > shout incantations. You then proceed to reason, and I of course have > > no objection to this: > > Incantations! Hocus-Pocus! Eye of newt and head of toad! > > I've been watching this for a bit (I lurk here a lot) and this discussion > is really interesting. I have some questions. How are we going to > understand the system objectively? By objectively do you mean logically, > mechanistically, magically? Its clear you can't seperate yourself from > "the system," even the "government system" as a member of this country. > Sure, you can not vote, not participate, and try to observe it, but we're > all part of those average americans that you point out make up the > government. > > > > > > In _Systemantics_, John Gall conducts a very interesting examination of > > > man-made systems and their behavior. He notes that all man-made systems > > > exhibit certain traits, among them growth, encroachment and promulgation > > > of intra-system goals. Your observation on the people employed by > > > government may be right on target, but it doesn't take into account the > > > entity of government itself. This entity cannot be touched, > > > communicated with or coerced. > > I'll have to check out this book-- it sounds very interesting. I'm > bothered by the statement "all man-made systems." I find it hard to > believe that such generalizations can be made. Is it all man made > systems of a certain size? Of Western philosophical culture? Does my > family exhibit these traits? My circle of friends? I must read this > book myself to fully understand you point. > > > > > I more or less agree. Now apply your arguments to this list as a > > man-made system. > > > > OK, I should have read along a bit farther. > > > > Put another way, even though every person within the system may be a > > > "good man", the system itself isn't necessarily good. > > > > I agree. But recall that I never spoke of goodness; I just said that > > the people who work for the government are pretty much a random > > assortment of Americans. On the other hand, there have been several > > heated statements to the effect that 'all lawyers are X' and 'all > > government employees are Y'. It is this that I disagree with the most. > > > > Makes sense... you dislike generalizations based on occupation. > > > > I'm sure part of this is a cultural difference, given your .uk address. > > > The US Gov't probably looks better from outside than it does from > > > within. > > > > [the rest filled with well stated personal opinions based on experience > refuting the above statement] > > So what do we do? It seems we've pretty much agreed that governments are > beasts beyond anyone's control, but so is _society_. So is the entire > human population. Where do we start? If, or based on the words of many > on this list, we tear down the government, will we understand the > resultant human-made system any better? > > yes, lots of questions and little statement... now fill my head with > enlightenment. > > -john. > > > From die at pig.jjm.com Tue Aug 16 04:12:09 1994 From: die at pig.jjm.com (Dave Emery) Date: Tue, 16 Aug 94 04:12:09 PDT Subject: RemailNet Message-ID: <9408161117.AA13017@pig.jjm.com> Forwarded message: From amck at maths.tcd.ie Tue Aug 16 04:33:48 1994 From: amck at maths.tcd.ie (Alastair McKinstry) Date: Tue, 16 Aug 94 04:33:48 PDT Subject: Tommy Tag Lines Message-ID: <9408161233.aa28796@salmon.maths.tcd.ie> A non-text attachment was scrubbed... Name: not available Type: text/x-pgp Size: 2044 bytes Desc: not available URL: From nobody at shell.portal.com Tue Aug 16 06:38:50 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 16 Aug 94 06:38:50 PDT Subject: Diogenes speaks Message-ID: <199408161338.GAA24925@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- Tim May wrote: > One of the Diogenes entities wrote: > > > So now do we need a Cypherpunks Nym Server? I notice that somebody > > else is using my alias... ah, well. > > > > For the record, the Diogenes who just got active on Cypherpunks isn't > > me, and, as you can tell by checking corresponding signatures, I'm > > Which is why name collision, or nym collision, is not a pressing > problem. Better to decentralize the process to local machines, to the > people who care, than to any kind of Cypherpunks Nym Server. When I registered my key with the PGP key server, I don't recall seeing another "Diogenes" key registered. I certainly had no intention of pseudonymously "impersonating" anyone. Oh well, for the record I'm.... -- "Diogenes 0xD1150D49" P.S. Also, most of our "real" names are far from being "unique" identifiers, either. I wonder how many Tim Mays I could find in the phone book in any large city? -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLlBCluRsd2rRFQ1JAQEzOwQAw1LCGYLFuAXbPtVAvMBUjI5cuSYFbVS8 7HSlBaPM0C+zyl7NeRsNc1krKSuEdjdOp/ujz/6YOycw3C8yudDpuWUlWuSKSKzD LtQwmBN/bNRic+4THBQCUslXbpxn4aSDirz3aaKHN3pFg7a8f+WegpzuTXClE7EC ZX/nmseF84w= =AtzK -----END PGP SIGNATURE----- From die at pig.jjm.com Tue Aug 16 04:03:18 1994 From: die at pig.jjm.com (die at pig.jjm.com) Date: Tue, 16 Aug 1994 07:03:18 -0400 (EDT) Subject: RemailNet In-Reply-To: <199408160216.TAA24250@netcom15.netcom.com> from "Timothy C. May" at Aug 15, 94 07:16:53 pm Message-ID: > > Yeah, and I got a recent report that "Long Lines" and other microwave > tower lines were deliberately routed so as to cross over Indian > Reservation lands in several places. Why? Allegedly because Indian > lands are legally treated as "sovereign nations" and the (purported) > rules against NSA listening could be ignored. A small historical note. It was not until 1986 that most unauthorized interceptions of microwave radio common carrier transmissions such as AT&T Long Lines TD-2 and TH routes were definately and clearly made illegal (in the ECPA). Before that time such interception for other than foreign government espionage purposes was a gray area in the law, quite possibly there deliberately as was a curious similar absence of any prohibition at all against interception of any kind of digital data or record communications such as telegrams, twxs, faxes etc. transmitted over any media. It might be noted that microwave radio as a medium for transmitting long distance public telephone and data traffic was already undergoing a precipitous decline in 1986 as noisy analog microwave systems were rapidly being replaced with much cleaner digital fiber optic lines. At the present time very few (at least compared to the past) microwave long distance telephone links are still in use - but interestingly I am told that some out in the Indian reservation area of the west were still active as recently as a couple of years ago. [This in the face of successful federal prosecution of Indians for TV satellite piracy, ignoring any arguments that as a sovereign nation the Indian tribes were exempt from federal communications law]. Dave Emery From jya at pipeline.com Tue Aug 16 07:39:13 1994 From: jya at pipeline.com (John Young) Date: Tue, 16 Aug 94 07:39:13 PDT Subject: (Fwd)PHONOSTENOGRAPHY Message-ID: <199408161438.KAA07432@pipe1.pipeline.com> Forwarding mail by: Sergey at vesson.msk.su ("Sergey V. Mineev") from list INGRAFIX. ------------------- Phonostenography is an ancient system of fast writins, that gives one the ability to classify, anatlize, and synthesize information for all languages. The course consist of 30 lessons. During the frist lesson, the 9 basic movements will be taught. These movements are casily memorized. Then 12 hours of instructional theory relative to sound and stress will be given. The remainder of the course will be used to fine tune the okills learned, also,computer cleboration of phonostenography gives one the opporunity to leurn this new technology at one's convenience. During the two month course, the principle of the confluence of symbols will be brought to perfection, along with a unified method of recording appliable to all languages in the world including Japanese and Chinese. Phonostenography gives one the ability to sond and receive many knids of information. Phonostenography is similar in appcarance to a cardiogram and it's advan tage to the user is that pen and paper are in continious contact throught out a sentence. The developen of phonostenography will assist firms and individuals in the utilizution of this new technology. -------------------- End Forward (misspellings in original). * * * * * Anyone know if this is legitimate or spoof? John From rah at shipwright.com Tue Aug 16 07:42:39 1994 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 16 Aug 94 07:42:39 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408161439.KAA10429@zork.tiac.net> At 11:06 PM 8/15/94 -0700, Mike Duvos wrote: >The problem with practical digital cash lies not in the >mathematics, but in the financial and legal arenas. It is very >difficult to convince a real financial institution with deep >pockets to underwrite a potentially unlimited liability for >itself. I suspect that for the forseeable future, digital cash >will take the smartcard route, and that money which can >anonymously traverse cyberspace in large denominations will not >be forthcoming. I've been thinking about this a little. First of all, I'm not sure what the big unidentifiable risks are, except for the technological risk of the cryptography. I'm willing to take it on faith that the risk is acceptable. There's too much science out there to back up the proposition that ecash is technologically sound and does everything it's supposed to do. That leaves the financial, political and business risks of underwriting ecash. A piece of ecash is basically a callable bond. This issuer is "loaning" the internet the money to be used as a medium of exchange. The issuer gets to keep the interest accrued on that money while the ecash is in circulation. The underwriter looses money if the duration, and thus the total return, of his portfolio of ecash is less than the total return of the principal he's holding in escrow (real escrow, not pseudoescrow like clipper keys). In other words, he takes principal backing up the ecash and puts it into other financial instruments which make him a return. Safer things like bank accounts, t-bills, or other bonds, and probably not stocks. When the ecash comes back, it's like a bond is called, and the issuer has pony up the principal. He then has to unwind a piece of his offsetting portfolio, incurring transaction costs and losing whatever future income those investments might yield. This is usually figured out in advance, and these tests of a portfolio manager predictive ability are what make or break his career. If you think that the duration of a piece of ecash on the net is say, 3 months, and it's 3 days, and you've invested on those assumptions, you could get hammered. You've bought longer term instruments which are more volatile but yeild more on a total return basis. If you thought that the ecash duration was 3 days and it stayed out there 3 months, you've left a lot of money on the table (relatively speaking), which means you have higher exchange fees to pay for it, and also means that a competitor that doesn't make the same mistake can beat your price. As we just saw, exchange fees are one way to hedge against the call risk. The issuer charges fees for moving the money on and off of the internet. In theory, if the fees are high, the money may never come back, and stay in circulation forever. In reality, if fees are too high, nobody will buy your ecash in a market which is the least bet competitive. None of this stuff is any riskier than what an average bond portfolio manager and his trading team does everyday. A good book to read on this is "Fixed Income Mathematics", by Frank Fabozzi, Probus Press, 1993. Fabozzi edits the handbooks that fixed income and derivatives people learn their business from. This book is built to write code from. Next, there are the legal, regulatory and political risks. Perry has said a lot about this already, but to hold up the other side of the argument, I think that if a significant financial incentive exists with the existence of an ecash market, then the political risks will be dealt with. International regulatory arbitrage, the revolving door for personnel of the regulators and the regulated, and plain old campaign "contributions" will see to that. Finally, the business risk of selling the concept of ecash to the users of the internet. I've spoken many times here about the difficulty I've had in finding things that give e-cash a market advantage over other forms of e$. These include, but are not limited to: encrypted credit card transactions, trusted third-party cash clearing, and even swiping an ATM card into the access screen of an ATM/Internet gateway. Then Tim comes up with a nifty list off the top of his head just this week. I love this place... However, as I've said before, the only real way to find this out is to put up a demo and try it out. The costs for a large money-center bank aren't really that much. It looks like DigiCash BV is working as fast as they can on a legitimate net-wide proof of concept, having demonstrated a point-to-point capability at the WWW conference a little while ago. This a good time to be interested in e$ for this alone. > >It is also unlikely that faith of financial institutions in >supposedly unbreakable mathematics has been enhanced by the >recent one-line fix announced for the DSS. I don't think this is really a problem. It's just as if somebody had figured out how to counterfeit money cheaper. Countermeasures are taken and it isn't cheap anymore. The neat thing about strong crypto is that it's strong in spite of public algorithms. People who crack those algorithms publish their results, or someone else will. The half-life of a hidden innovation in that kind of environment is pretty small. The financial markets are living proof that hiding innovation fails. The ability to exchange people and thus proprietary information between competitors makes the markets efficient, and all profitable secrets impossible in the long run. The NSA could keep its innovations secret because it couldn't share its information with its competitors. It was very illegal for *anyone* to go to work for the KGB, much less anyone from Ft. Meade. Strong crypto evolved anyway because the NSA couldn't prevent the open discussion of the ideas that lead up to it. Paradoxically, it was this unhidden innovation, the use of the public algorithm, which made the most secure crypto in history possible. > >Still, I look forward to the first person brave enough to attach >a hard currency value to anonymous cyberbucks. It may actually >make hacking a worthwhile pursuit again. Because of the way the financial markets work these days, there may or may not be a Columbus (like Mike Milken, who was just as rapacious as Columbus ever was), but it's the Columbian Exchange that we're more interested in here, and I think that's happening now, Columbus or not. Robert Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Tue Aug 16 07:42:53 1994 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 16 Aug 94 07:42:53 PDT Subject: The symbol "e$" Message-ID: <199408161440.KAA10433@zork.tiac.net> First of all, I'd like to apologise to those who find the abbreviation e$ (short for electronic money on the internet) offensive. It is not a brand name. It is the result of an "aha!" which popped into the head of one of my clients, an advertising consultant, while I was talking to her about internet commerce one day a couple of months ago. What she actually did was hold up the paper she was doodling on, and in the middle of it was the letter "e" with two dollar-sign lines through it. She'd been thinking about it as the logo for a conference on internet commerce that she thought was a cool idea (me too), but I saw it as a nice icon for electronic money in general. I even merged the verticals in "$" and an "e" in Illustrator just to see what it would look like. Looks pretty cool. Since everything is done in ASCII up here on the net, the nearest approximation of it was "e$" and so I've been using it ever since. I expect that the antipathy felt to it comes from a personal reaction to my presence on this list. I'm afraid my enthusiasm, tendency to generalize from sparse data and lack of crypto knowlege upset someone who felt that I didn't fit in with his vision of the cypherpunk culture. I can't change who I am anymore than he can change who he is. I do believe that I make a contribution to this list, however, and try to restrain myself when I don't. I also believe that internet commerce and e$ (I think the word "excrable" is more than a little rude) are valid topics of conversation for this list. I have some experience in both areas, and can make a contribution to those discussions, and since this is one of the few places on the net where the state of the art in those topics is discussed and even advanced, I would like to so in peace. But that's wishful thinking, I bet. Robert Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From lstanton at sten.lehman.com Tue Aug 16 08:05:16 1994 From: lstanton at sten.lehman.com (Linn Stanton) Date: Tue, 16 Aug 94 08:05:16 PDT Subject: request that ACM members write Message-ID: <9408161506.AA01968@sten.lehman.com> I have been informed, (by phoning the NY office) that the person to contact at the ACM regarding amicus briefs is: Lillian Israel israel at acm.org I would urge all cypherpunks who are acm members to email her, requesting that the ACM file an amicus brief in the Schlafly V. PKP case. If we want those patents invalidated, a strong position by the ACM as experts on software and software patents can only help. From nobody at shell.portal.com Tue Aug 16 08:08:50 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 16 Aug 94 08:08:50 PDT Subject: No Subject Message-ID: <199408161508.IAA29654@jobe.shell.portal.com> 23. Plaintiff is informed and believes and on that basis alleges that defendant RSADSI attempted to rescind licenses granted for use of RSAREF, one of its products, even though the license agreement clearly states that the license is perpetual. that's innnteresting.. From nobody at cyberspace.nil Tue Aug 16 08:37:09 1994 From: nobody at cyberspace.nil (nobody at cyberspace.nil) Date: Tue, 16 Aug 94 08:37:09 PDT Subject: RSA and RSAREF Message-ID: nobody at shell.portal.com says: > 23. Plaintiff is informed and believes and on that basis alleges that > defendant RSADSI attempted to rescind licenses granted for use of RSAREF, > one of its products, even though the license agreement clearly states that > the license is perpetual. > > that's innnteresting.. It is true. There is proof. From talon57 at well.sf.ca.us Tue Aug 16 08:52:31 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Tue, 16 Aug 94 08:52:31 PDT Subject: RE "Diogenes speaks" Message-ID: <199408161552.IAA14622@well.sf.ca.us> Diogenes II speaks; >When I registered my key with the PGP key server, I don't recall >seeing another "Diogenes" key registered. I certainly had no >intention of pseudonymously "impersonating" anyone. Oh well, for >the record I'm.... > -- "Diogenes 0xD1150D49" >P.S. Also, most of our "real" names are far from being "unique" >identifiers, either. I wonder how many Tim Mays I could find in >the phone book in any large city? Gee I don't know Detweiler, Er I mean Diogenes how many are there? Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced communication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth From mpj at csn.org Tue Aug 16 09:04:59 1994 From: mpj at csn.org (Michael Johnson) Date: Tue, 16 Aug 94 09:04:59 PDT Subject: PGP Time Bomb FAQ Message-ID: -----BEGIN PGP SIGNED MESSAGE----- PGP TIME BOMB FAQ There has been some confusion about the annoying "Time Bomb" in MIT PGP 2.6, as well as some other PGP version compatibility issues. This is an attempt to clear up some of that confusion. WHY IS THERE A TIME BOMB IN MIT PGP 2.6? In the process of negotiating for the right to distribute a fully legal version of PGP that the patent assignees agree doesn't infring upon their patents, MIT agreed to include an inducement for people to upgrade from the alledgedly infringing freeware PGP 2.3a to the clearly legal freeware MIT PGP 2.6 or the also clearly legal Viacrypt PGP 2.7. Folks, you may not realize it, but the RSADSI/PKP concession to allow a freeware PGP in the USA is BIG TIME GOOD NEWS! To induce a small incompatibility with a downlevel version of PGP with several bugs in it is a small annoyance by comparison. WHAT IS THE NATURE OF THE TIME BOMB? On 1 September 1994 UT, by your system clock, MIT PGP 2.6 will start generating encrypted message and signature packets with a version byte (offset 3) of 2 instead of 3. It will accept either 2 or 3 as valid. This means that messages from PGP 2.3a and old messages from MIT PGP 2.6 can be read by MIT PGP 2.6, but new messages from MIT PGP 2.6 cannot be read by PGP 2.3a. See pgformat.doc in the MIT PGP 2.6 distribution for the location and use of these bytes. This time bomb is activated by code in pgp.c that looks like this: #define VERSION_BYTE_OLD 2 /* PGP2 */ #define VERSION_BYTE_KLUDGE 3 ... boolean legal_kludge; int version_byte = VERSION_BYTE_OLD; ... /* Turn on incompatibility as of 1 September 1994 (GMT) */ legal_kludge = (get_timestamp(NULL) >= 0x2e651980); ... if (legal_kludge) version_byte = VERSION_BYTE_KLUDGE; Although a method for disarming the time bomb is obvious to the casual C programmer, disabling this feature invalidates the RSA license to use the program, and really doesn't gain you much for reasons that will become obvious below. HOW DOES THIS TIME BOMB AFFECT COMPATIBILITY WITH OTHER VERSIONS? The bottom line is that PGP 2.3a and before (as well as Viacrypt PGP 2.4) cannot read all of the latest PGP version formats, starting on 1 September 1994. Here is a summary of the version bytes generated and understood: Format generated Formats before/after understood Version 1 Sep 94 (all times) - ---------------------------- ----- ---- ----------- 2.3 2 2 2 2.3a 2 2 2 Amiga 2.3a.4 2 2 2,3 Viacrypt 2.4 2 2 2 2.6ui 2 2 2,3 MIT 2.6 2 3 2,3 Viacrypt 2.7, pkcs_compat=1 2 3 2,3 Viacrypt 2.7, pkcs_compat=2 2 2 2,3 Viacrypt 2.7, pkcs_compat=3 3 3 2,3 (Not mentioned above is MIT PGP 2.5, which was a buggy beta, nor several other versions that are outside the mainstream PGP project). If you are using one of the versions above that cannot understand version byte 3 messages, you should upgrade to one that does. The upgrade from Viacrypt PGP 2.4 to Viacrypt PGP 2.7 is only US$10, and also provides several other enhancements. As you can see, people with downlevel versions of PGP will not be able to read all PGP messages directed at them, nor will they be able to verify all of the signed messages they might wish to verify. It is also worth noting that none of the new versions have any trouble reading the old format messages. WHAT IS THE RSA KEY MODULUS LENGTH LIMIT? The RSA key modulus length limit for compatibility with all mainstream PGP versions is 1024 bits (military grade). I recommend the use of this length, at least for now. PGP 2.3a, running on some platforms (but not others), use to be able to generate and use 1264 bit keys. In addition, some people have hacked their own copies of PGP to generate and use longer keys (up to 8192 bits or some such crazy number). Distribution of these hacked versions under the "Pretty Good Privacy" trademarked name is not recommended, since it upsets the trade mark owner (Philip Zimmermann) and interferes with some of his long term plans to support longer keys in a more organized fashion. IS 1024 BITS LONG ENOUGH? Conservative estimates of increasing computing power, advancing mathematical knowledge, and the propensity of certain spy organizations to spend lots of money on these things say that 1024 bit keys are strong enough for at least 20 years or so. Less paranoid prognosticators say that such keys are good for hundreds of years. More paranoid prognosticators think that someone has already broken RSA and not told us about it, so no RSA key is safe. My opinion is that RSA keys with a modulus of about 1024 bits in length is more than adequate to protect most electronic mail and financial transactions. What do you think? HOW DOES THE STRENGTH OF RSA AND IDEA COMPARE? As implemented in PGP, the IDEA cipher used for bulk encryption appears to be stronger than the RSA cipher. In fact, to strengthen the RSA to the same level as the IDEA cipher (assuming a brute force attack), it would take an RSA modulus of about 3100 bits. WHY NOT ALLOW LONGER RSA KEYS, ANYWAY? OK, so you are more paranoid than me, and want the RSA key to be at least as strong as the IDEA cipher. Why isn't there a higher limit to the RSA key size? First, there is the minor problem that RSAREF and BSAFE (which are tied to the RSA patent license for the freeware and some commercial versions of PGP) have a key length limit of 1024 bits. Changing this involves negotiations with RSADSI/PKP, and could take some time. Second, allowing longer key sizes could create a Tower of Babel problem of incompatible PGP versions, since not all versions could handle these long keys. Third, the implementation of longer keys needs to be done in an orderly manner such that all mainstream PGP versions (Viacrypt, MIT freeware, BSAFE-based commercial, and possibly a non-USA variant) are first upgraded to accept, but not generate, the longer keys. After all PGP users can accept the longer keys, then PGP versions can start generating the longer keys with no interruption in service. It still makes sense to have a length limit for compatibility reasons. I have asked Philip Zimmermann to increase that to at least 4096 bits when he can, and I think that he will do that in an orderly manner if there isn't too much in the way of hassles with RSAREF and BSAFE licensing. If this isn't secure enough for you, shift to conventional encryption and manual (direct person-to-person) key exchange, making sure that your keys have at least 128 bits of entropy. This can be done with pgp -c or another private key encryption program called dlock that has the virtues of (1) NO patent problems, and (2) very strong encryption. (DLOCK is not nearly as user friendly as PGP, but what do you want for free?) HOW DOES PKCS BYTE ORDERING IN KEYS AFFECT COMPATIBILITY? PGP versions 2.2 and before generated key and signature block formats with a different byte order than derived from the PKCS standards. PGP 2.3 also generated this old format if you specified +pkcs_compat=0 in config.txt or on the command line. This old format is now obsolete. Unfortunately, the old format cannot be parsed by RSAREF or BSAFE, so PGP versions based on these crypto engines (like MIT PGP 2.6) cannot read those packets. Viacrypt PGP, however, can still read both formats. Although this is annoying if you have a really old key that has lots of old signatures on it, the fact is that the older the key, the more likely someone has captured both it and the passphrase used to protect it. Therefore, I strongly recommend generating a new key and getting at least one other person to sign it. ARE MY OLD KEYS COMPATIBLE WITH MIT PGP 2.6? Unless they were created with the old, non-PKCS standard (i.e., created with PGP 2.2 or earlier, or created with PGP 2.3a with pkcs_compat set to 0), and unless they were created with a modulus of more than 1024 bits, then they are compatible. If a compatible key has an incompatible signature certificate, then the incompatible signature certificate will simply be stripped off by PGP 2.6. Otherwise, you can keep using your old key. In fact, if you just copy your key ring files to your new PGP 2.6 directory, then extract your old key with ASCII armor, it will be indistinguishable from a PGP 2.6 key, but have the same value, id, and signatures (assuming they were all in the PKCS format). WHY DOESN'T THE MIT KEY SERVER ACCEPT KEYS FROM PGP VERSIONS < 2.4? They don't want to be accused of contributing to the possibly infringing use of PGP 2.3a. WHY IS MY PGP 2.3a KEY ON THE MIT KEY SERVER? Because the MIT key server synchronizes with several non-USA key servers that run PGP 2.6ui or MIT PGP 2.6, and which accept keys from PGP 2.3a. When keys are extracted from those servers to synchronize with the MIT server, they appear to be coming from PGP 2.6, so they are accepted. WHY SHOULD I UPGRADE TO MIT PGP 2.6 FROM PGP 2.3a (BESIDES THE TIME BOMB)? First of all, if you are in the USA, the patent-legal status of MIT PGP 2.6 is good for your conscience. Second of all, there are a lot of bug fixes and features: Fixed a bug with the -z option. If no passphrase was given, PGP used to crash. When using -c, the IV is generated properly now, and the randseed.bin postwash is done. (This bug could have resulted in the same ciphertext being generated for the same plaintext, if the same passphrase is used.) Memory allocated with halloc() is now freed with hfree() in ztrees.c and zdeflate.c. (MS-DOS only.) The decompression code now detects end of input reliably, fixing a bug that used to have it produce infinite amounts of output on come corrputed input. Decompression has also been sped up. PGP -m won't try to write its final output to the current directory. This makes it less efficent if you want to save the text to a file, but more secure if you don't. If the line comment= appears in the config file, the line "Comment: " appears in ASCII armor output. Of course, you can also use this from the command line, e.g. to include a filename in the ASCII armor, do "pgp -eat +comment=filename filename recipient". PGP now enables clearsig by default. If you sign and ascii-armor a text file, and do not encrypt it, it is clearsigned unless you ask for this not to be done. The now enables textmode. Textmode detects non-text files and automatically turns itself off, so it's quite safe to leave on all the time. If you haven't got these defaults yourself, you might want to enable them. All prompts and progress messages are now printed to stderr, to make them easier to find and ensure they don't get confused with data on standard output such as pgp -m output. PGP now wipes temp files (and files wiped with pgp -w) with pseudo-random data in an attempt to force disk compressors to overwrite as much data as possible. On Unix, if the directory /usr/local/lib/pgp exists, it is searched fror help files, language translations, and the PGP documentation. On VMS, the equivalent is PGP$LIBRARY:. (This is PGP_SYSTEM_DIR, defined in fileio.h, if you need to change it for your site.) Also, it is searched for a default global config.txt. This file may be overridden by a local config.txt, and it may not set pubring, secring, randseed or myname (which should be strictly personal) The normal help files (pgp -h) are pgp.hlp or .hlp, such as fr.hlp. Now, there is a separate help file for pgp -k, called pgpkey.hlp, or key.hlp. No file is provided by default; PGP will use its one-page internal help by default, but you can create such a file at your site. On Unix systems, $PGPPATH defaults to $HOME/.pgp. PGP used to get confused if you had a keyring containing signatures from you, but not your public key. (PGP can't use the signatures in this case. Only signatures from keys in the keyring are counted.) PGP still can't use the signatures, but prints better warning messages. Also, adding a key on your secret key ring to your public keyring now asks if the key should be considered ultimately-trusted. Prviously, you had to run pgp -ke to force this check, which was non-obvious. On Unix, PGP now figures out the resolution of the system clock at run time for the purpose of computing the amount of entropy in keystroke timings. This means that on many Unix machines, less typing should be required to generate keys. (SunOS and Linux especially.) The small prime table used in generating keys has been enlarged, which should speed up key generation somewhat. There was a bug in PGP 2.3a (and, in fact in 2.4 and dating back to 1.0!) when generating primes 2 bits over a multiple of the unit size (16 bits on PC's, 32 bits on most larger computers), if the processor doesn't deal with expressions like "1<<32" by producing a result of 1. In practice, that corresponds to a key size of 64*x+4 bits. At the request of Windows programmers, the PSTR() macro used to translate string has been renamed to LANG(). The random-number code has been *thoroughly* cleaned up. So has the IDEA code and the MD5 code. The MD5 code was developed from scratch and is available for public use. Versions prior to 2.6 would not permit a new signature to be added to a key if there was an already existing signature from the same signer. Starting with version 2.6 newer signatures will override older ones *as long as the newer signature verifies*. This change is important because many keys have signatures on them that were created by PGP version 2.2 or earlier. These signatures can not be verified by PGP 2.5 or higher. Owners of keys with these obsolete signatures should attempt to gather new signatures and add them to their key. WHY SHOULD I UPGRADE TO MIT PGP 2.6 FROM PGP 2.6ui? If you are in the USA, PGP 2.6ui suffers from the same alledged patent infringement problems as PGP 2.3a. PGP 2.6ui also lacks most of the bug fixes and enhancements listed above since PGP 2.3a, since PGP 2.6ui is essentially just PGP 2.3a modified to accept both new and old packet version bytes (2 and 3). On the other hand, if you are outside of the USA and Canada, you should be careful not to offend the U. S. Department of State, Office of Defense Trade Controls, by exporting MIT PGP 2.6 from the USA or Canada. I suppose that you wouldn't break U. S. law if you got a copy of MIT PGP 2.6 that someone else exported, or you could get a copy of the PGP 2.6ui (that originated in Great Britain) if you don't care about the enhancements listed above, or if you want to be able to use 1264-bit keys. Note that if you use MIT PGP 2.6 in most countries, you are still bound by the RSAREF license because of the copyright law, and you are still limited in some countries to noncommercial use of PGP by the IDEA patent (unless you get a license from ETH Zurich). IS THERE AN EVIL PLOT, BACK DOOR, OR INTENTIONAL WEAKNESS IN MIT PGP 2.6? Not that I am aware of. It ships with source code, and I didn't see any way to hide such a thing in the source code that I looked at. Besides, if you really knew Phil Zimmermann, you would know just how repugnant such an idea is to him. IS THERE A LEGAL VERSION OF PGP FOR COMMERCIAL USE IN EUROPE? Not yet. To do that, you would have to (1) arrange to license the use of IDEA from ETH Zurich or wait for the coming triple-DES option in PGP, and (2) use the original (PGP 2.3a or 2.6ui) RSA code linked in with the new PGP (to avoid restrictions on the copyrighted RSAREF code). There is also the possibility of other local laws, such as those in France, restricting use of strong cryptography. IS THERE A LEGAL VERSION OF PGP FOR COMMERCIAL USE IN THE USA & CANADA? Yes. Use Viacrypt PGP for any commercial or personal use in the USA and Canada. I understand that there are some BSAFE-based PGP versions for commercial use in the USA, too, but you need to check with Philip Zimmermann on that to make sure that all of the copyright and licensing issues are handled properly. WHAT EXACTLY IS COMMERCIAL USE? I don't have an exact definition. Use some common sense. Are you encrypting sales reports, business plans, contract bidding information, and proprietary designs? Are your money making operations aided by the use of PGP? If so, and if one is available to you, you should buy the fully licensed commercial version. SINCE VIACRYPT PGP SHIPS WITH NO SOURCE, HOW DO I KNOW IT IS OK? Philip Zimmermann wrote or examined all of the source code. He says it is OK, so I trust him. I guess you have to decide for yourself. IS IT OK TO BUY VIACRYPT PGP, THEN USE MIT PGP FOR COMMERCIAL USE? RSADSI/PKP says it is not. On the other hand, since their only recourse is to sue you for damages, and since such a plan results in exactly the same revenue they would have if you did what they wanted, there are no damages to sue for. Personally, I use Viacrypt PGP except when beta testing PGP. IS THERE AN INTERCHANGE PROBLEM WITH THE DIFFERENT RSA ENGINES IN PGP? Fortunately, there is no problem interchanging RSA encrypted packets between original PGP, Viacrypt Digi-Sig, RSAREF, and BSAFE versions. They all do the same RSA computations. They are all different implementations of the same basic algorithm with a different legal status for each of them, which changes depending on what country you are in. The only annoyance is that unmodified copies of RSAREF and BSAFE can't handle more than 1024 bit RSA keys, but that isn't much of a problem (IMHO). HOW DO I UPGRADE FROM VIACRYPT PGP 2.4 TO VIACRYPT PGP 2.7 Call 800-536-2664 with your registration number, name, address, and credit card number handy. Hey, it is only US$10. No, I don't work for Viacrypt, nor do I get a commission on sales -- I just use Viacrypt PGP. WHERE DO I GET MIT PGP 2.6? By ftp: ftp://net-dist.mit.edu/pub/PGP/mitlicen.txt ftp://ftp.csn.net/mpj/README.MPJ ftp://ftp.wimsey.bc.ca/pub/crypto/software/README ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/ Look for the files pgp26.zip, pgp26src.zip, and pgp26src.tar.gz. BBS: Colorado Catacombs BBS 303-772-1062 (free -- log in with your name) Hieroglyphics Voodoo Machine 303-443-2457 (log in as VOO DOO, password NEW) Download PGP26.ZIP, and for source, PGP26SRC.ZIP. Compuserve: Use IBMFF to look for PGP26.ZIP and PGP26S.ZIP. For a longer list, see the daily and montly postings on alt.security.pgp, or get ftp://ftp.csn.net/mpj/getpgp.asc WHAT KNOWN BUGS ARE IN MIT PGP 2.6? The function xorbytes doesn't. Replace the = with ^= to fix it. The effect of this bug is that RSA keys aren't quite as random as they should be -- probably not a practical problem, but worth fixing if you are going to compile the code yourself. DON'T SET PGPPASS when editing your keys, because if you do, and if you don't change your pass phrase, the key is lost. (If this happens, rename your backup keyring files to the primary files before you do anything else). These bugs have been fixed in the master source code, and will be corrected in the next release of MIT PGP. WHAT IS COMING IN FUTURE VERSIONS OF PGP? I won't steal the thunder from Philip Zimmermann, Jeff Schiller, Colin Plumb, and the rest of the team, but there is some neat stuff that they are working on. Transition from MIT PGP 2.6 and Viacrypt PGP 2.7 to the newer versions will be easier than transitions from other versions. If you have enhancements and suggestions for the PGP team, I suggest you coordinate with them so that your ideas can be integrated with the main PGP project. WHERE DO I REPORT BUGS IN PGP? Please send bug reports, bug fixes, ports to new platforms, and suggestions to pgp-bugs at mit.edu. WHERE DO I SEND OR FIND LANGUAGE KITS? If you have a language kit to share, you can also send it to me at mpj at csn.org for me to post on ftp.csn.net/mpj/public/pgp/, as well as sending it to some of the other PGP sites. IS PHILIP ZIMMERMANN STILL THE SUBJECT OF AN INVESTIGATION? Yes. He is still paying a lawyer lots of money to represent him, too. If you like PGP, then I would strongly suggest sending a donation to his defense fund at: Philip Zimmermann defense fund c/o Philip Dubois 2305 Broadway Boulder, Colorado 80304 USA CAN I REDISTRIBUTE THIS FILE? Permission is hereby granted to freely redistribute unmodified copies of this PGP signed file. ___________________________________________________________ | | |\ /| | | Michael Paul Johnson Colorado Catacombs BBS 303-772-1062 | | \/ |o| | PO Box 1151, Longmont CO 80502-1151 USA Jesus is alive! | | | | / _ | mpj at csn.org aka mpj at netcom.com m.p.johnson at ieee.org | | |||/ /_\ | ftp://ftp.csn.net/mpj/README.MPJ CIS: 71331,2332 | | |||\ ( | ftp://ftp.netcom.com/pub/mpj/README.MPJ -. --- ----- ....| | ||| \ \_/ | PGPprint=F2 5E A1 C1 A6 CF EF 71 12 1F 91 92 6A ED AE A9 | |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.7 iQCVAgUBLlDhNvX0zg8FAL9FAQHoZAP8C+XgqMzs1y0x1SHM45lzPzD8XK9JjjPk lHUSDlQ6uo5lRnBXxUVPpPlTmLW4E2AHvCM+mke4bsVbvNJnNK513tUELWDkGLf4 6rexV0wiZJ9VdnQW3HyN44Sug8/5W7mxmgbdIOwv4A+OOWwAqm/chOLXsFAVn1mP TLQSBl8sb3E= =Wq3r -----END PGP SIGNATURE----- From talon57 at well.sf.ca.us Tue Aug 16 09:14:45 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Tue, 16 Aug 94 09:14:45 PDT Subject: POST gaining ISDN privacy with data encryption Message-ID: <199408161614.JAA22857@well.sf.ca.us> REMEMBER: What fallows is a direct quote from the zine. | | ------------------------------------------------------------ | Communications News - August, 1994 | Gaining ISDN Privacy with data encryption | by Kevin Tanzillo | |Wunnava V. Subbarao, professor of electrical and computer |engineering Florida International University (FIU), along with |research associate Irma B. Fernandez, wrote a paper on testing and |evaluating encryption based data security in the ISDN environment. >Does anyone know where this was published, or where I might be >able to pick up a draft? >Adam I too am interested in this paper. I contacted FIU, Mr Subbarao is out of town till the end of the month, and his research assistant is off for a few days. (her husband had minor surgery) I left my number and will let the list know anything I find out. Can anyone else help? Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced communication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth From mpd at netcom.com Tue Aug 16 09:21:44 1994 From: mpd at netcom.com (Mike Duvos) Date: Tue, 16 Aug 94 09:21:44 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408161621.JAA06129@netcom5.netcom.com> Robert Hettinga (rah at shipwright.com) writes: [Nice discussion of portfolio management elided] >> It is also unlikely that faith of financial institutions in >> supposedly unbreakable mathematics has been enhanced by the >> recent one-line fix announced for the DSS. > I don't think this is really a problem. It's just as if > somebody had figured out how to counterfeit money cheaper. > Countermeasures are taken and it isn't cheap anymore. The > neat thing about strong crypto is that it's strong in spite > of public algorithms. People who crack those algorithms > publish their results, or someone else will. The half-life > of a hidden innovation in that kind of environment is pretty > small. Ordinary counterfeiting is analog. Close inspection will always reveal differences which can be used to distinguish fake money. Counterfeit anonymous DigiCash, on the other hand, is indistinguishable from the real thing. If a bank is signing blinded notes for customers and has underwritten to exchange for cash any note bearing a verifiable signature, a cracked signature algorithm is a very serious matter indeed. The half-life of such an innovation could be practically forever, as long as the discoverer does not get greedy and his siphoning off of value remains hidden in the daily float. By the time the bank realizes that there seems to be much more ecash in circulation than they have issued, the perpetrator is likely to be long gone and the bank is likely to be kaput. If I cracked such an algorithm, publishing would be just about the last thing on my mind. Worst case scenario: Chemical bank announces "ChemCash", anonymous untracable Internet currency. Within 5 years, billions are in circulation, and all good citizen-units buy everything through the Web Shopping Network. Chaum wins the Nobel Prize in Economics. Chemical Bank Auditors notice that the books are looking funny, or at the very least, statistically strange. It is estimated that there are several tens of billions of dollars more ecash around than the bank has issued. Bank is insolvent. Congressional hearings. Government bailouts. Ecash falls from grace. Chaum joins inventor of lobotomy in Nobel Prize "Hall of Shame". Billionaire hacker Emmanuel Goldstein publishes his long-awaited memoirs from his estate in Argentina. He titles the book "How I Proved NP=P and Kept My Mouth Shut". "Hey - It could happen!" -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From koontzd at lrcs.loral.com Tue Aug 16 09:59:49 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Tue, 16 Aug 94 09:59:49 PDT Subject: RemailNet Message-ID: <9408161657.AA23613@io.lrcs.loral.com> > A small historical note. It was not until 1986 that most >unauthorized interceptions of microwave radio common carrier >transmissions such as AT&T Long Lines TD-2 and TH routes were definately >and clearly made illegal (in the ECPA). Before that time such >interception for other than foreign government espionage purposes was a >gray area in the law, quite possibly there deliberately as was a curious >similar absence of any prohibition at all against interception of any kind of >digital data or record communications such as telegrams, twxs, faxes >etc. transmitted over any media. The Radio Act of 1934 makes no such distinctions, and does state that it is illegal to use information intercepted. From jya at pipeline.com Tue Aug 16 10:38:36 1994 From: jya at pipeline.com (John Young) Date: Tue, 16 Aug 94 10:38:36 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408161738.NAA20912@pipe3.pipeline.com> Responding to msg by mpd at netcom.com (Mike Duvos) on Tue, 16 Aug 9:21 AM >Ordinary counterfeiting is analog. Close inspection >will always reveal differences which can be used to >distinguish fake money. However, NY Times Monday reported in long front-page article on spread of digitized forged checks, including dupe of magnetic ID. Quotes: "The proliferation of desktop publishing has brought a new growth industry, the counterfeiting of virtually undetectable fraudulent checks, and banks and law enforcement officials say the cost to the economy could reach $1 billion this year. * * * The American Banking Association says [this] is the No. 1 crime problem facing banks. * * * It is much easier counterfeiting checks than cash." End quotes. Says center of activity is California but has spread to all parts of the US. ------------------------------- My standard pitiful offer to send this article upon email request. John From ravage at bga.com Tue Aug 16 10:58:11 1994 From: ravage at bga.com (Jim choate) Date: Tue, 16 Aug 94 10:58:11 PDT Subject: # or real Tim Mays.... Message-ID: <199408161757.MAA10911@zoom.bga.com> Hi all, I checked the Austin, TX phone book and found only 1 Tim(mothy) May. Considering that Austin is in the 350,000 range one might extrapolate the odds from there. In the Travis County area (where Austin is located) there is estimated to be 1 million cbu's ... Take it for what it is worth. Ravage (Info)Highway To Hell From sameer at c2.org Tue Aug 16 11:04:25 1994 From: sameer at c2.org (sameer) Date: Tue, 16 Aug 94 11:04:25 PDT Subject: new remailer remail@leri.edu Message-ID: <199408161802.LAA15520@infinity.c2.org> A new remailer is running on remail at leri.edu. The key is: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi5PKIUAAAEEALGSqJdXCiE2p0xq3V5pyVFx2q5m8TLas6PDNex8nKGc7Z15 GAD1KFGbIBz77BTDLY7fZkxOf0CWjlO8sQw4ofZeJosx4gfOPWsQL3Cf2PkEY2fV hO1rprZbLt2x3xsQPttEr5UsRw5tQJbQJnc1XBUQx3Wx++0EdPZ88ybouprJAAUR tCN0aGUgTEVSSSBSZW1haWxlciA8cmVtYWlsQGxlcmkuZWR1Pg== =UWc7 -----END PGP PUBLIC KEY BLOCK----- This is a "small" remailer--installed with my 1st generation installation script. (I think I sent the key to the servers..) -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-549-1383 http://www.c2.org (or login as "guest") sameer at c2.org From jim at bilbo.suite.com Tue Aug 16 11:14:43 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Tue, 16 Aug 94 11:14:43 PDT Subject: In Search of Genuine DigiCash Message-ID: <9408161813.AA00935@bilbo.suite.com> > "The proliferation of desktop publishing has brought a > new growth industry, the counterfeiting of virtually > undetectable fraudulent checks, and banks and law > enforcement officials say the cost to the economy could > reach $1 billion this year. > > * * * > > The American Banking Association says [this] is the No. 1 > crime problem facing banks. > This bring to mind the following question: Is there anything inherent in NON-anonymous digital cash schemes that make them more vulnerable to fraud, bribery or inside jobs? (I assume the schemes account for double spending and "counterfeiting" (however that applies to digicash).) Can a case be made that anonymous digicash is less risky (to a bank) than NON-anonymous digicash? Jim_Miller at suite.com From tcmay at netcom.com Tue Aug 16 11:34:48 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 16 Aug 94 11:34:48 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408161621.JAA06129@netcom5.netcom.com> Message-ID: <199408161832.LAA20549@netcom11.netcom.com> In this post I'll: * agree with Mike Duvos * respond to Bob Hettinga's comments about my comments * discuss reasons why digital cash is a tough nut to crack and * compare Cypherpunks to the British Interplanetary Society and the German and American rocketry enthusiasts of the 1930s Mike Duvos writes: > Ordinary counterfeiting is analog. Close inspection will always > reveal differences which can be used to distinguish fake money. > > Counterfeit anonymous DigiCash, on the other hand, is > indistinguishable from the real thing. If a bank is signing > blinded notes for customers and has underwritten to exchange for > cash any note bearing a verifiable signature, a cracked signature > algorithm is a very serious matter indeed. Exactly, which is why digital cash has much promise--but also many technical and regulatory pitfalls. If there was _ever_ a "don't try this at home" crypto technology, it is this one. (A "launch" of digital cash is a whole more involved, I think, than a launch of credit cards, and it took much planning and deep pockets for Bank of America to launch BankAmericard in the 60s.) I won't quote Mike's wonderful scenario about ChemCash...the type of scenario-planning we need more of. The current technical state of the art in Chaumian digital cash is murky, with new papers still coming out, resolving details or raising new issues. It may be that a stable digital cash system is ready to go, but I don't know. (The Crypto conference is coming up soon---we'll hear more from those who attend.) > The half-life of such an innovation could be practically forever, > as long as the discoverer does not get greedy and his siphoning > off of value remains hidden in the daily float. By the time the > bank realizes that there seems to be much more ecash in > circulation than they have issued, the perpetrator is likely to > be long gone and the bank is likely to be kaput. Digital cash is a lot like those "prize contests" that people game against, exploit loopholes in, find nonrandomness, etc. Contests which were _expected_ to have a payout of $1M but actually had $30M worth of claims. The courts don't look too kindly on contest runners who say "We goofed...the contest is over." A "digital run on digital money" would not be a pretty sight...computers clogging the lines trying to cash out before the bank shutters its doors. I'm not saying this'll happen, just that much work is needed. And most Cypherpunks are in a poor position to do the work. Digital cash isn't likely to come out of our enthusiastic posts. (Not to sound negative, but it just isn't. What may come is a cadre of people who gain enough knowledge to hire themselves out to Chemical Bank or Marc Rich or the Sultan of Brunei...who knows.) Which brings me to Bob Hettinga and our conflicts in enthusiasm. I'll make several points, briefly: 1. Yes, I despise cutesy terms like "e$." I didn't single out Bob for this, as I'd forgotten who introduced it. We've a string of these product names: DigiCash, CypherFranques, e-money, e-cash, NetCash, DigiMarks, etc. All of these are *way premature*, in my opinion. 2. I'm not opposed to Bob's or anyone else's enthusiasm, I just don't see the real problems to be overcome being overcome by hyping or by calling conferences of bankers. 3. We've had a couple of experiments already. "HExMarks" was a digital money scheme, with technical flaws, on the Extropians list, and there were some comments--by Jeff Garland as I recall--that he was planning to reintroduce it on a wider scale. And of course there was the "Magic Money" scheme of Pr0duct Cypher, with efforts of others to use it (recall the offer by Black Unicorn to redeem Magic Money/Tacky Tokens for cans of soda? (By the way, "Magic Money" and "Tacky Tokens" are nothing if not cutesy, so do I object to their names? No way! The frivolity suggests that the creators know that these are just early experiments, things to play around with, early prototypes.) 4. Enthusiasm is a fine thing. But the obstacles are not easy ones. Several of our leading Cypherpunks spent a year trying to put a digital bank together...reading the laws and rules on commercial paper and that sort of stuff, talking to financial people, and working the math out. They can comment here if they feel so inclined, but I won't say more now. And Chaum, the originator of many/most of the ideas, and no mean cryptologist himself, has spent the past decade putting together his system. Apparently he's spend at least several million on this. (And don't forget the patent situation. Anyone entering the digital cash arena is likely to face the usual challenges.) In closing, I think digital cash will someday be very important. I have my own ideas about where and how to first deploy it. If the enthusiastic proponents succeed, wonderful. But I've never been a believer in the idea that it's all marketing, salesmanship. Bob Hettinga and others may believe that digital cash is at the point where what is needed is to persuade some bankers to fund work, through a series of meetings, conferences, shmoozes, etc. I suspect not. However, if this is indeed the correct path, at least partly, then Bob really ought to think about becoming an employee of DigiCash, e.g., Marketing Manager. (I do not mean this tongue-in-cheek, as a put-down. I mean this seriously, and in a helpful tone. Really. The core technology, such as it is, resides in Chaum's group, with perhaps some others also having core knowledge that are not part of Chaum's group...folks like Brands, Boz, the Pfaltzmanns, etc. If the big hurdle is now _selling_ the system, and Bob wants to do it, then it's pretty clear that he should hop on a plane to Amsterdam and spend some time with Chaum and his staff. This would be much more effective than trying to get us--the folks on this list--enthusiastic enough to "do something," which ain't gonna happen, for the various good reasons I've mentioned in this post.) Deployment of digital cash is not an easy task, any more than a group of rocket enthusiasts can build non-trivial rockets. However, rocket enthusiast groups, such as existed in Germany, Britain, and the U.S. in the 1930s, can provide the staff for actual, real efforts. The analogies with Cypherpunks are close: many of our members are doing crypto full-time, others are spreading the tools within their companies, and some have formed companies to build products. The Werner von Braun of digital cash may be amongst us. Well, enough for now. The whole issue of digital cash, what it really is, why it hasn't happened, and what could allow it to happen, would take a chapter of a book. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From die at pig.jjm.com Tue Aug 16 13:04:30 1994 From: die at pig.jjm.com (Dave Emery) Date: Tue, 16 Aug 94 13:04:30 PDT Subject: RemailNet In-Reply-To: <9408161657.AA23613@io.lrcs.loral.com> Message-ID: <9408161903.AA23732@pig.jjm.com> > > > A small historical note. It was not until 1986 that most > >unauthorized interceptions of microwave radio common carrier > >transmissions such as AT&T Long Lines TD-2 and TH routes were definately > >and clearly made illegal (in the ECPA). Before that time such > >interception for other than foreign government espionage purposes was a > >gray area in the law, quite possibly there deliberately as was a curious > >similar absence of any prohibition at all against interception of any kind of > >digital data or record communications such as telegrams, twxs, faxes > >etc. transmitted over any media. > > The Radio Act of 1934 makes no such distinctions, and does state that > it is illegal to use information intercepted. > My use of the word interception was deliberate. Before 1986 it was not illegal to intercept, just to divulge or use for benefit or gain. And, in fact, this 1934 law was essentially never enforced and certainly never enforced against government interceptions for intelligence purposes. Also it only concerned radio, whereas the loophole for digital data in the Omnibus Crime Control and Safe Streets act including wiretapping. Dave Emery From tcmay at netcom.com Tue Aug 16 13:12:33 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 16 Aug 94 13:12:33 PDT Subject: Too Much Marketing Hype, Too Many Cutesy Names Message-ID: <199408162011.NAA26020@netcom6.netcom.com> I want to expand on my point about "cutesy" names. Believe me, I am not just picking on Bob Hettinga when I call "e$" a cutesy (and even execrable) name. But marketing hype is the bane of our age. People start picking company names long before they have anything to sell. Cleverness in naming is paramount. This is all fed by the thousands of mazazines, with most writers thinking that every section of an article has to to be tagged with a pun or clever phrasing. Thus we are barrraged with crap like "Toll booths on the Information Highway," Examples: * Digital Superhighway. Infobahn. I Way, etc. More coming every day. Every two-bit journalist wants to express his cleverness. Lots of bad puns, lots of stupid alliteration. * DigiCash, NetCash, EBux ("E bucks"..get it?), DigiFranques, E Bills (rhymes with "T Bills"), e$, Digidollars, etc. (About a year or so ago, someone was pushing hard to get "DigiMarks" accepted, with the abbreviation "DM." The name collision with Deutschmarks (DM) was apparently intentional. Clever, in a sophomoric way, but not useful. Similarly, "e$," with its U.S-centric resonances, is cute, but not very useful. And actually _misleading_, as it suggests a system tied to the U.S. dollar, when I presume no such linkage is intended.) Good and descriptive names are needed. In fact, the crypto community is probably lacking good names in some areas. "Digital cash" has a different flavor from "electronic money," which in turn has a different sense than a less flash description like "Chaum-style digital money." A lot of the confusion about NetCash not being "real" digital money, as one example, is over this naming confusion. So, good names are needed. Names that clearly evoke the underlying concepts, without misleading hype. But the "premature productization" that comes from naming things that don't yet exist with Madison Avenue-inspired names is where I think the problem lies. This is paralleled by the proliferation of company names...every consultant seems to have his own cutesy name. Don't get me wrong: names are important, and names don't have to be boring and banal. The issue is really about confusing the _naming_ of something with the _actual creation_ of items of value. I don't believe naming = creation, and creation is what interests me. (Yes, the term "crypto anarchy" was my naming, back in 1988. I thought it descriptive of the set of ideas, especially the political ideas. Perhaps I'm guilty, too, of too much hype. In any case, I've avoided such colonizations of name space in recent years.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jya at pipeline.com Tue Aug 16 18:33:49 1994 From: jya at pipeline.com (John Young) Date: Tue, 16 Aug 94 18:33:49 PDT Subject: # of Real Tim Mays, RTM (r) Message-ID: <199408170133.VAA12148@pipe1.pipeline.com> Responding to msg by ravage at bga.com (Jim choate) on Tue, 16 Aug 12:57 PM Zero RTM (r) in Manhattan. Maybe more encrypted; only 60% here list. From ben at Tux.Music.ASU.Edu Tue Aug 16 19:06:01 1994 From: ben at Tux.Music.ASU.Edu (Ben Goren) Date: Tue, 16 Aug 94 19:06:01 PDT Subject: # of Real Tim Mays, RTM (r) In-Reply-To: <199408170133.VAA12148@pipe1.pipeline.com> Message-ID: Um, just out of curiousity, what is supposed to be proved by telling us how many people named "Tim May" live in various cities? Some names are relatively unique. I've never met or known of another Ben Goren, though I did once meet a Benjamin Gorin. The East [Phoenix] Valley White Pages (Tempe, Mesa, Chandler, and a half-dozen others) is just about an inch thick, and includes over fifty John Smiths and thirty-five J. Smiths. Altogether, there's about five pages of Smiths; and the only other Gorens in the book are my parents. It's probably not all that surprising that we have a plethora of Diogeneseseses, considering the role "he" played in _Ender's Game._ Pr0duct C1pher (sp?), on the other hand, probably won't ever have a 'nym conflict. All this is just an elaborate way of saying, "Tim's right." Duplicate 'nyms should be dealt with the same way duplicate names are now. Mostly, we shouldn't worry about it all that much. b& PS There are no Tim or T. Mays in my phone book. So what? b& -- Ben.Goren at asu.edu, Arizona State University School of Music net.proselytizing (write for info): The battle is over; Clipper is dead. But the war against Government Access to Keys (GAK) goes on. Finger ben at tux.music.asu.edu for PGP 2.6 public key ID 0xCFF23BD5. From tcmay at netcom.com Tue Aug 16 19:54:54 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 16 Aug 94 19:54:54 PDT Subject: # of Real Tim Mays, RTM (r) In-Reply-To: Message-ID: <199408170254.TAA03907@netcom7.netcom.com> While I'm not participating in the "How many..." scavenger hunt, I do want to make a correction to Ben Goren's comment: > It's probably not all that surprising that we have a plethora of > Diogeneseseses, considering the role "he" played in _Ender's Game._ > Pr0duct C1pher (sp?), on the other hand, probably won't ever have a 'nym > conflict. I think the two kids were nymed "Locke" and "Demosthenes." My copy of of "Ender's Game" is bured somewhere, so I can't check. But I don't think Diogenes was one of them. On the scavenger hunt, my high school chemistry teacher once mentioned the "death of your father." Turned out she had assumed from an obituary entitled "Timothy May dies" that perhaps my father had died. Names are rarely unique. But, then, few of us know any of the other members of the list except by our electronic identities. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From merriman at metronet.com Tue Aug 16 20:08:08 1994 From: merriman at metronet.com (David K. Merriman) Date: Tue, 16 Aug 94 20:08:08 PDT Subject: # of Real Tim Mays, RTM (r) Message-ID: <199408170311.AA04863@metronet.com> >While I'm not participating in the "How many..." scavenger hunt, I do >want to make a correction to Ben Goren's comment: > >> It's probably not all that surprising that we have a plethora of >> Diogeneseseses, considering the role "he" played in _Ender's Game._ >> Pr0duct C1pher (sp?), on the other hand, probably won't ever have a 'nym >> conflict. > >I think the two kids were nymed "Locke" and "Demosthenes." My copy of >of "Ender's Game" is bured somewhere, so I can't check. But I don't >think Diogenes was one of them. > Er, um, wasn't Diogenes the fellow that went around with a lamp, looking for an honest man, according to Greek legend? Dave "ever helpful - sorta" Merriman /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ finger merriman at metronet.com for PGP2.6ui/RIPEM public keys and fingerprints. Unencrypted email may be ignored without notice to sender; PGP preferred. fission CIA C4 CV38 RPG plutonium President AK47 assassinate cocaine China From hayden at vorlon.mankato.msus.edu Tue Aug 16 20:39:53 1994 From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden) Date: Tue, 16 Aug 94 20:39:53 PDT Subject: Cylink v. RSA Suit: What's it mean to us? Message-ID: I finally got around to reading the text of the counrt papers filed. >From this came two things: A) The realization that lawyers get paid so much because only they are politicians are able to bullshit that much :-) B) Utter confusion about what exactly is going on here. -------------------------- Uh . . . What exactly does this mean? As near as I can gather, Cylink says that RSA has engaged in various forms of unfair business practice, but beyond that, I am not sure what issues are at stake, who the "good guys" and who the "bad guys" are, and where this will end up. Is anyone willing to kind of summarize what exactly this is about and how the outcome effect the cypherpunk community? And, to quote a great movie, explain it to me like I was a six year old :-) Thanks. ____ Robert A. Hayden <=> hayden at vorlon.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or anyone else, dammit -=-=-=-=-=-=-=- (GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++ j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++** From scmayo at rschp1.anu.edu.au Tue Aug 16 21:37:42 1994 From: scmayo at rschp1.anu.edu.au (Sherry Mayo) Date: Tue, 16 Aug 94 21:37:42 PDT Subject: C'punks digest Message-ID: <9408170437.AA29834@toad.com> Could anyone out there mail me the info about C'punks in digest format? I deleted the original message. Sherry From wb8foz at nrk.com Tue Aug 16 22:27:30 1994 From: wb8foz at nrk.com (David Lesher) Date: Tue, 16 Aug 94 22:27:30 PDT Subject: Encryption in Fiction In-Reply-To: Message-ID: I just reread Clarke's Songs of Distant Earth. Mentioned in it is "ShipNet" -- an anonymous NetNews onboard that discusses a possible mutiny. One wonders if ACC was reading Usenet from Sri Lanka when he wrote this in 1986. I've since heard that he had a private Internet feed that existed years before the rest of the country's. Wonder if it's true ;-| -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close............(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From Richard.Johnson at Colorado.EDU Wed Aug 17 01:15:42 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Wed, 17 Aug 94 01:15:42 PDT Subject: CompuTrace and the like Message-ID: <199408170815.CAA23822@spot.Colorado.EDU> -----BEGIN PGP SIGNED MESSAGE----- Yanked from today's Edupage: > ONLINE SERVICES HAVE DATA MINES, TOO > The online service you use has been compiling data on you too, > including your social security number, credit card number, demography and > interest areas. Using this and other data, CompuServe offers a service > called CompuTrace, which offers the last known address for any person in > the U.S. A similar service will tell you how long someone has had a > particular phone number or lived at a particular address and who else lives > there, and yet another service provides information on how to obtain > driving records, state by state. A bill was passed by the House last month > that would require all telecommunications companies, including online > services, to tell consumers what information is being collected, how it's > being used, and provide an opportunity to opt out. (Tampa Tribune 8/15/94 > B&F 3) ======== We need 'nyms with electronic reputations, and true electronic cash to protect the "real" us from things like CompuTrace (not to mention the USPS practice of selling to junk mailers whatever info you give them on address change cards). The alternative is yet another law... I don't know whether to applaud the House bill, or curse. Anyone have the bill number? Rich -----BEGIN PGP SIGNATURE----- Version: 2.3a-sterno-bait iQCVAgUBLlHU2fobez3wRbTBAQHQHQQAo825CO9AbC4BJgbZs5mrqr6sQh5BwzfY HmhxWX9vNF91h/ErnG+cuywMAmsmaUpUurEvHUk5IiAa+xs1tcExVr62EP+MTwKx zyllH1hX4NpUpbIAMPvR0OD7iUvvVxgKiA1SF6qYWtj1ZY0lpI9bAe47+tEI8PDJ XeoOQoWUMnw= =VMAA -----END PGP SIGNATURE----- From dance at cicero.spc.uchicago.edu Wed Aug 17 06:41:08 1994 From: dance at cicero.spc.uchicago.edu (Squeal) Date: Wed, 17 Aug 94 06:41:08 PDT Subject: Diogeneseses Message-ID: <9408171340.AA20613@cicero.spc.uchicago.edu> >It's probably not all that surprising that we have a plethora of >Diogeneseseses, considering the role "he" played in _Ender's Game._ >Pr0duct C1pher (sp?), on the other hand, probably won't ever have a 'nym >conflict. _Ender's Game_ you say? Hmm. I simply assumed that we had a plethora of Diogeneses because Diogenes was a kick-ass Cynic. This has *nothing* to do with cipher. Cynicpunks anyone? Hmm. _/_/_/ _/_/_/ _/_/_/ _/ _/ All men recognize the right of _/ _/ _/ _/ _/_/ _/ revolution; that is, the right _/_/_/ _/ _/ _/_/_/ _/ _/ _/ to refuse allegiance to, and to _/ _/ _/ _/ _/_/_/_/ _/ resist, the government, when its _/_/_/ _/_/_/ _/_/_/ _/ _/ _/_/_/ tyranny or its inefficiency are _/ great and unendurable. --Thoreau, Civil Disobedience From allan at elvis.tamu.edu Wed Aug 17 08:25:55 1994 From: allan at elvis.tamu.edu (Allan Bailey) Date: Wed, 17 Aug 94 08:25:55 PDT Subject: cfs & remailers Message-ID: <9408171522.AA27902@elvis.tamu.edu> Has anyone considered using a CFS directory (or directories) for a remailer's files, spool, etc? Any thoughts about such security measures? -- Allan Bailey, allan at elvis.tamu.edu | "Freedom is not free." Infinite Diversity in Infinite Combinations | allan.bailey at tamu.edu Esperanto: MondLingvo, lingvo internacia. From wmo at digibd.com Wed Aug 17 09:21:13 1994 From: wmo at digibd.com (Bill O'Hanlon) Date: Wed, 17 Aug 94 09:21:13 PDT Subject: cfs & remailers In-Reply-To: <9408171522.AA27902@elvis.tamu.edu> Message-ID: <9408171615.AA29053@poe.digibd.com> On Wed, 17 Aug 94 10:22:19 -0500 Allan Bailey wrote: -------- > > Has anyone considered using a CFS directory (or directories) for > a remailer's files, spool, etc? > > Any thoughts about such security measures? > I considered it, for the remailer at rebma.mn.org. I'm already running CFS for personal entertainment & education, so it's a possibility. Here's my assumptions about how I'd operate it: 1) CFS file systems are mounted sometime after boot, manually, by me. The passphrase is entered at mount time. (Obviously, supplying the passphrase via an /etc/rc script defeats any security that CFS might add.) 2) The file systems remain mounted throughout the uptime of the system, since mail can come in at any arbitrary time, primarily while I sleep. 3) If someone comes knocking loudly at my door to do the raid thing, I'll have bigger things to worry about than unmounting the CFS file systems. My wife and daughter will be formost on my mind. I thought of two problems with it. 1) I'd not only have to put the home directory of the remailer user under CFS, but also the uucp and sendmail spool directories. (Rebma has a UUCP connection for getting mail.) Otherwise, security would be pointless, since the messages would be coming in the clear to the spool directories. Maybe this wouldn't be so bad, but it seems like I'd have to do a lot of tinkering before I'd trust that sendmail wasn't gonna drop my other mail on the floor. (I get some consulting-type mail on this machine. Potentially, I can miss out on financial opportunity if my mail is not dependable. Chalk my caution up to pure greed.) 2) I'd have to come up with some kludge to spool the incoming mail files in a directory if the CFS file systems weren't mounted. (For example, if power failed on the machine, or it crashed and otherwise rebooted, and I didn't notice and wasn't around to type the passphrase in to remount the CFS system.) Those two thoughts make me question what security I'm buying for my trouble. Seems to me what I'm getting is protection from a law enforcement type or other computer thief who unplugs my machine and takes it away. (If they want to make a backup before turning the machine off, with the CFS file systems mounted, they have to spend some time at it.) The people whose security would be helped are those who do a single hop or send unencrypted mail through the remailer. People who use the remailer properly already have encrypted their mail. I guess that I thought it was too much effort to do, given that the only people who would derive added security are those who were too stupid to use the remailer properly in the first place. Anyone see a flaw in my reasoning? I actually was considering doing it anyway, just for the fun of it, when I had free time. If there is some valid security reason, it might move up on my to-do list. From mab at crypto.com Wed Aug 17 10:22:44 1994 From: mab at crypto.com (Matt Blaze) Date: Wed, 17 Aug 94 10:22:44 PDT Subject: cfs & remailers In-Reply-To: <9408171615.AA29053@poe.digibd.com> Message-ID: <199408171728.NAA13595@crypto.com> "Bill O'Hanlon" writes: >On Wed, 17 Aug 94 10:22:19 -0500 Allan Bailey wrote: >> >> Has anyone considered using a CFS directory (or directories) for >> a remailer's files, spool, etc? >> ... >I thought of two problems with it. > >1) I'd not only have to put the home directory of the remailer user under CFS, > but also the uucp and sendmail spool directories. (Rebma has a UUCP > connection for getting mail.) Otherwise, security would be pointless, sinc e > the messages would be coming in the clear to the spool directories. Maybe > this wouldn't be so bad, but it seems like I'd have to do a lot of > tinkering before I'd trust that sendmail wasn't gonna drop my other mail > on the floor. (I get some consulting-type mail on this machine. > Potentially, I can miss out on financial opportunity if my mail is not > dependable. Chalk my caution up to pure greed.) > > >2) I'd have to come up with some kludge to spool the incoming mail files in > a directory if the CFS file systems weren't mounted. (For example, if > power failed on the machine, or it crashed and otherwise rebooted, and I > didn't notice and wasn't around to type the passphrase in to remount the > CFS system.) ... I'm working (with very low priority, unfortunately) on a sendmail hack that spools mail (instead of bouncing) if the mailbox write fails. This will be intended for a secure mail system that I'm working on that uses CFS for its storage. Stay tuned... Another potential problem with sendmail->cfs interaction is that CFS doesn't implement NFS file locking. This isn't much of an issue with a single host and a single instance of CFS, but could be a problem if the mailboxes are read and written by other machines or are remotely mounted by the machine running sendmail. By the way, another mode of operation you might consider is to use a "permanent" key (that you supply at boot time) for the spool directories and a temporary key (assigned randomly by the machine at boot time) for temp files that have only local significance but that may have sensitive data. /usr/tmp points to /crypt/tmp on my machine for this service (do a cmkdir and cattach at boot time. You also have to hack cfs to make /crypt/tmp be mode 777). -matt From cactus at bb.com Wed Aug 17 10:28:29 1994 From: cactus at bb.com (L. Todd Masco) Date: Wed, 17 Aug 94 10:28:29 PDT Subject: First Virtual Message-ID: <199408171733.NAA00475@bb.com> Does anybody know anything about a new company named "First Virtual"? I know they got NSB from BellCore and a couple of other researchers. -- L. Todd Masco | "Cowboy politicians sucking up to the aristocracy, not cactus at bb.com | even sure if they like democracy..." - TR-I From jef at ee.lbl.gov Wed Aug 17 11:04:34 1994 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Wed, 17 Aug 94 11:04:34 PDT Subject: First Virtual Message-ID: <199408171803.LAA02008@hot.ee.lbl.gov> >Does anybody know anything about a new company named "First Virtual"? I > know they got NSB from BellCore and a couple of other researchers. % whois first | egrep -i virtual First Virtual Corporation (FVC-DOM) FVC.COM First Virtual Corporation (NET-FVC) FVC 199.181.72.0 First Virtual Holdings Inc. (NET-FV-NET) FV-NET 199.171.113.0 First Virtual Holdings, Inc. (FV-DOM) FV.COM First Virtual Holdings, Inc. (THECARD-DOM) THECARD.COM First Virtual Holdings, Inc. (CARD-DOM) CARD.COM % whois fvc.com First Virtual Corporation (FVC-DOM) 3393 Octavius Drive, Suite 102 Santa Clara, CA 95054 Domain Name: FVC.COM Administrative Contact, Technical Contact, Zone Contact: Gallmeister, Bill (BG43) postmaster at FVC.COM (408) 738-2220 Record last updated on 22-Apr-94. Domain servers in listed order: NS1.SVC.PORTAL.COM 156.151.6.20 UUCP-GW-1.PA.DEC.COM 16.1.0.18 UUCP-GW-2.PA.DEC.COM 16.1.0.19 % whois fv.com First Virtual Holdings, Inc. (FV-DOM) POB 3627 Rancho Santa Fe, CA 92067-3627 Domain Name: FV.COM Administrative Contact: Stein, Lee (LS48) leestein at SCRIPPS.EDU 1 619 759 9300 Technical Contact, Zone Contact: Rose, Marshall T. (MTR) mrose at DBC.MTVIEW.CA.US (415) 968-1052 Record last updated on 19-Mar-94. Domain servers in listed order: DBC.MTVIEW.CA.US 192.103.140.1 TRYSTERO.RADIO.COM 192.101.98.3 From markh at wimsey.bc.ca Wed Aug 17 11:25:02 1994 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Wed, 17 Aug 94 11:25:02 PDT Subject: cfs & remailers Message-ID: > Another potential problem with sendmail->cfs interaction is that > CFS doesn't implement NFS file locking. This isn't much of an issue with > a single host and a single instance of CFS, but could be a problem if the > mailboxes are read and written by other machines or are remotely mounted > by the machine running sendmail. Some versions of sendmail support "dot locking", which effectively does away with this problem. Mark From hart at chaos.bsu.edu Wed Aug 17 14:44:46 1994 From: hart at chaos.bsu.edu (Jim Hart) Date: Wed, 17 Aug 94 14:44:46 PDT Subject: cfs & remailers In-Reply-To: <9408171615.AA29053@poe.digibd.com> Message-ID: <199408172142.QAA19982@chaos.bsu.edu> > The people whose security would be helped are those who do a single hop or > send unencrypted mail through the remailer. People who use the remailer > properly already have encrypted their mail. But they'd still be in your logs, unless you immediately delete or encrypt your logs. If you keep logs to help debug your system snoop-proofing those logs is a good idea. Also CFSing mail spools just for regular e-mail is a good idea, to help enforce the ECPA. I hope this becomes standard policy on the Internet. (Of course, don't forget SecureDrive available for DOS). Jim Hart hart at chaos.bsu.edu From prz at acm.org Wed Aug 17 14:55:40 1994 From: prz at acm.org (Philip Zimmermann) Date: Wed, 17 Aug 94 14:55:40 PDT Subject: Zimmermann debate with NSA on 8/25 Message-ID: Subject: Zimmermann/NSA debate in California There will be a debate between Philip Zimmermann and Clinton Brooks of the National Security Agency, on Thursday, 25 August, at 5:45pm Pacific Time, in Thousand Oaks, California. The debate is organized by the World Affairs Council, and will be held at the Thousand Oaks Inn, at 75 Thousand Oaks Blvd. To get there, take Highway 101 north from LA to the Moorpark exit, turn right onto Moorpark, left at first light, one block down on right side. The debate will be on the issues of crime, terrorism, privacy and civil liberties on the information superhighway, and the role of cryptography in these issues. Philip Zimmermann is the creator of Pretty Good Privacy (PGP), the most widely used software in the world for E-mail encryption. Zimmermann is under criminal investigation for publishing free encryption software, resulting in its widespread use around the world, allegedly in violation of US export restrictions on encryption software. Clinton Brooks is assistant to the director of the NSA, and was instrumental in the creation of the controversial Clipper Chip and the Escrowed Encryption Standard. There will be cocktails and a light buffet at 5:45, and the program will start at 6:30. Admission is $15 if you preregister, or $25 at the door. Preregistration can be done by mailing a check, or by credit card via phone or fax, to: World Affairs Council 1051 Calle Yucca Thousand Oaks, CA 91360 or call 805 498-6312 or fax 805 532-1306 (include credit card number, expiration date, and event) This announcement may be widely distributed. From karn at qualcomm.com Wed Aug 17 15:07:48 1994 From: karn at qualcomm.com (Phil Karn) Date: Wed, 17 Aug 94 15:07:48 PDT Subject: Complaints: Schlafly's complaint against RSA & PKP In-Reply-To: <199408160305.UAA10417@zero.c2.org> Message-ID: <199408172206.PAA13211@servo.qualcomm.com> These three statements are *most* interesting. The Diffie-Hellman patent (4,200,770) itself references the Information Theory and AFIPS papers and their publication dates. And as stated, the patent filing date was Sept 6, 1977. Clearly anything in the AFIPS paper is fair game since it appeared more than a year before filing. But for the IT paper, I don't know whether the clock starts when the paper is submitted or when it is actually published; that would make a difference here. Anybody know? --Phil ------- 36. The idea of public key cryptography and digital signatures is disclosed in a paper titled "Multiuser cryptographic techniques" by Whitfield Diffie and Martin E Hellman, National Computer Conference, vol. 45, 1976. The paper was presented at a public conference in mid-June 1976, and published as part of the conference proceedings shortly thereafter. This was more than one year before any patents were filed, and therefore in the public domain according to 35 USC 102(b). A copy of the paper is attached as Exhibit T. 37. Another paper by Diffie and Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory, vol. IT-22, no. 6, Nov. 1976, was submitted on June 3, 1976. It discloses the public key distribution system of the DiffieHellman patent. A copy of the paper is attached as Exhibit U. 38. A survey paper, "The First Ten Years of Public-Key Cryptography", was published by Diffie in Proceedings of the IEEE, vol. 76, no. 5, May 1988. A copy of the paper is attached as Exhibit V. It states on p. 563 that Exhibit U was publicly distributed in June 1976 and publicly disclosed at the National Computer Conference, also in June 1976. The Diffie-Hellman patent was filed on Sept. 6, 1977. This was more than one year later, and hence the patent is invalid and unenforceable according to 35 USC 102(b). From wmo at digibd.com Wed Aug 17 16:16:18 1994 From: wmo at digibd.com (Bill O'Hanlon) Date: Wed, 17 Aug 94 16:16:18 PDT Subject: cfs & remailers In-Reply-To: <199408172142.QAA19982@chaos.bsu.edu> Message-ID: <9408172311.AA02156@poe.digibd.com> On Wed, 17 Aug 1994 16:42:33 -0500 (EST) Jim Hart wrote: -------- > > > The people whose security would be helped are those who do a single hop or > > send unencrypted mail through the remailer. People who use the remailer > > properly already have encrypted their mail. > > But they'd still be in your logs, unless you immediately delete > or encrypt your logs. If you keep logs to help debug your > system snoop-proofing those logs is a good idea. I skipped a step in giving my assumptions. By "people who use the remailer properly" I mean people who encrypt AND chain through multiple remailers. In that case, even if I were to keep logs, all that anyone would know from a message is that a particular user used a remailer, or that a particular cleartext message had a certain remailer as its jumpoff point. Not both. (Unless, of course, I'm in collusion with other remailer operators. But that's also a non-code issue.) I'm not interested/concerned with preserving the security of the people who don't chain and encrypt. > > Also CFSing mail spools just for regular e-mail is a good idea, > to help enforce the ECPA. I hope this becomes standard policy > on the Internet. That's an interesting and valid point. I can see some sense in an encrypted file system for mail spools, just to highlight a philosophical point or to help create a new net-wide philosophy for the handling of email. I'm not sure that security is improved, however. I half-expect Eric or Tim to jump in here to point out that this is one of those situations where you have to define who your enemy is, and to make sure that your efforts apply to the situation. My personal situation is, I run a remailer on a home Unix machine via a phone line UUCP feed. I am the only user of this machine, so I do not have to defend against users with local access. My efforts are intended to block the following foes: my service provider and any node upstream of it, thieves/misguided law enforcement types, and phone taps. Encrypting something that I receive in the clear over an insecure line isn't useful. Of course, this is very specific to my situation. I expect that there exists sites where running CFS for the spools makes sense. The fact that Matt Blaze has said he has put some effort into making that possible just reinforces that. This conversation is making me think that I should follow some other remailers and make the remailer at rebma only allow encrypted traffic, since I have such a low-opinion of unencrypted traffic. Now, when we're all running our mail traffic over something like swIPe, such that all connections are encrypted... And if I got an encrypted UUCP connection... That might change things. Then again, if you want security, encrypt it and chain remailers, regardless. Sorry. I'm rambling. I won't dignify it by calling it "brainstorming.".... -Bill From wcs at anchor.ho.att.com Wed Aug 17 18:02:20 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 17 Aug 94 18:02:20 PDT Subject: Remailer ideas (Was: Re: Latency vs. Reordering) Message-ID: <9408180100.AA02892@anchor.ho.att.com> > > What I think is a better idea was proposed here last year, and I think > > someone was doing it for a while. It is for someone to volunteer to > > be the keeper of the remailer aliveness information. He runs scripts > > every day to ping the remailers, keeps lists of which remailers are > > currently active, and so on. > > This does seem like a better idea, except for one thing: > Everybody has got to trust the Keeper of the Aliveness Info. > I'm not sure how much of a problem this is, nor am I sure that > the newsgroup method neccesitates any less trust. A major problem with having a single-point aliveness-info source is that watching traffic to that source gives you some idea who's about to send anonymous messages - multiple sources mean there are N sources to wiretap to get the same information, which may be nearly as bad. On the other hand, a broadcast method like a usenet group has the advantage that you can read the newsgroup without being very obvious, except locally. A mailing list is somewhere in between. Similar problems occur with anonymous single remailers in the absence of good reordering; many new remailer users, or users of unreliable remailers precede their real anonymous messages with a ping of some sort, such as a message through the remailer chain pointing back to themselves. If you're using a news reader without NNTP, or with NNTP only for the local non-tapped LAN, you may be ok. Another alternative are mailing lists (NOT human-readable ones like cypherpunks) which reforward the remailer newsgroup information, preferably encrypted. Newsgroups are obviously easy to inject bogus information into, but that's the way it goes; any non-trusted system is, well, non-trusted.... Bill From hfinney at shell.portal.com Wed Aug 17 21:21:16 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 17 Aug 94 21:21:16 PDT Subject: Statistics on remail message sizes Message-ID: <199408180420.VAA10365@jobe.shell.portal.com> A couple of weeks ago Eric asked for statistical information on remailer message sizes. I put in a size-counter a week ago (just piping each message into wc >> remail2/SIZE.REMAIL) or so, and here are some results. They show 645 messages logged, a sample of what the logs look like, the average size of a message in characters (counting the header) of about 15K, and a histogram of message sizes rounded to the nearest 1000. Note that the histogram is pretty irregular, possibly being affected by repeated sending of certain messages. jobe% wc remail2/SIZE.REMAIL 645 1935 16125 remail2/SIZE.REMAIL jobe% tail remail2/SIZE.REMAIL 58 189 3225 16 90 850 18 121 1016 14 90 896 23 140 1350 653 803 41937 710 860 45666 710 860 45642 20 96 901 28 146 1344 jobe% awk '{sum=sum+$3} END{print sum/NR}' < remail2/SIZE.REMAIL 14794.4 jobe% < remail2/SIZE.REMAIL awk '{print int(($3+500)/1000)*1000}' | sort -n | uniq -c 229 1000 82 2000 50 3000 21 4000 3 5000 45 6000 9 7000 1 8000 1 9000 3 10000 2 11000 1 12000 2 13000 5 14000 3 16000 3 17000 2 18000 1 19000 2 21000 3 23000 1 24000 2 25000 2 26000 2 27000 1 28000 1 30000 1 31000 1 32000 39 34000 37 35000 1 37000 2 38000 2 42000 2 46000 1 48000 1 49000 1 50000 1 51000 1 55000 9 59000 69 60000 I did one other test, which was to see which message sizes were repeated the most. The first number shows the number of lines which have messages of exactly the second number of bytes: jobe% < remail2/SIZE.REMAIL awk '{print }' | sort -n | uniq -c | sort -nr | sed 20q > times2 40 896 40 1350 20 5797 14 1344 11 33845 11 1242 10 892 9 33992 9 1248 8 1753 7 33975 5 1765 5 1757 5 1236 4 901 4 1749 4 1251 3 59725 3 59668 3 5945 It is clear that there is a lot of repetition, probably standard ping messages and the like. This should give enough info to discard the highly repeated sets from the histogram above in order to get a possibly more representative set of numbers. Hal From nobody at c2.org Wed Aug 17 22:58:57 1994 From: nobody at c2.org (Anonymous User) Date: Wed, 17 Aug 94 22:58:57 PDT Subject: cfs & remailers Message-ID: <199408180557.WAA00448@zero.c2.org> -----BEGIN PGP SIGNED MESSAGE----- Bill O'Hanlon wrote: > In that case, even if I were to keep logs, all that anyone would know from > a message is that a particular user used a remailer, or that a particular > cleartext message had a certain remailer as its jumpoff point. Not both. > (Unless, of course, I'm in collusion with other remailer operators. But > that'salso a non-code issue.) Collusion wouldn't be necessary. If an interested party, such as a "TLA" were to follow the chain backwards, seizing the logs at each successive link, they could eventually find the originator of the message. (This assumes that the logs were detailed enough to record each incoming and outgoing message, and match them up.) > My personal situation is, I run a remailer on a home Unix machine > via a phone line UUCP feed. I am the only user of this machine, > so I do not have to defend against users with local access. My > efforts are intended to block the following foes: my service > provider and any node upstream of it, thieves/misguided law > enforcement types, and phone taps. Encrypting something that I > receive in the clear over an insecure line isn't useful. It is useful against after-the-fact snooping. If they're monitoring you in advance, then no, it wouldn't be of much help. But let's say that someone were to anonymously post a portion of the classified Clipper algorithm to Usenet, with an indication that the rest was to follow in multiple installments. There would be a very strong incentive for some TLA to attempt to trace and arrest this individual before the algorithm was further compromised, even if full-time monitoring of remailers wasn't already on their agenda. If logs were not kept, or were securely destroyed often enough, then by the time the message came out in the clear, the data needed to trace through the early links in the chain would already be gone. -- "Diogenes II" -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLlLAQuRsd2rRFQ1JAQGutgQAmejmA2jS70yGUxT3dJrUnAkshdN28RHy 6pcndcbDsb7Ink4h0eAUMnGN7jxIok+1ltZQK4Lo+nFWCnerAmWd0mT5KihxkRb7 Yyl0cxYqpjD53uTHMZoIS7wyOy9SYPDX3qyNjzo4N6L5KQ1OaksZ+6kUAxVh07cO UqhmI61ZUjE= =R4sg -----END PGP SIGNATURE----- From prz at acm.org Wed Aug 17 23:44:10 1994 From: prz at acm.org (Philip Zimmermann) Date: Wed, 17 Aug 94 23:44:10 PDT Subject: Zimmermann on PGP 2.6 myths Message-ID: <9408180644.AA16037@columbine.cgd.ucar.EDU> -----BEGIN PGP SIGNED MESSAGE----- To: All Users of PGP From: Philip Zimmermann, creator of PGP Re: Misconceptions about PGP 2.6 from MIT Date: 18 Aug 94 I'd like to clear up some widely held misconceptions about PGP version 2.6 from MIT. I get a lot of email and phone calls from people who report a lot of misinformation on many Internet newsgroups about this MIT version of PGP. (For those of you who need an introduction to Pretty Good Privacy (PGP), it is a free software package that encrypts email. PGP is the worldwide defacto standard for email encryption. It's available via FTP from net-dist.mit.edu, in the pub/PGP directory. But then, if you haven't heard of PGP, you don't need to read this letter.) Here is a list of misconceptions: Myth #1: PGP 2.6 is incompatible with previous versions. Myth #2: PGP 2.6 is weaker than previous versions, with a back door. Myth #3: PGP 2.6 was released without Zimmermann's cooperation. All of these misconceptions would be cleared up if you read the PGP User's Guide that comes with PGP 2.6, but a lot of people seem to be spreading and believing these myths without looking into the matter empirically and getting the new PGP and reading the manual. Let's go over these myths in detail. - --------------------------------------------------------- Myth #1: PGP 2.6 is incompatible with previous versions. - --------------------------------------------------------- This is untrue. PGP 2.6 will ALWAYS be able to read stuff from earlier versions. PGP version 2.6 can read anything produced by versions 2.3, 2.3a, 2.4, or 2.5. However, because of a negotiated agreement between MIT and RSA Data Security, PGP 2.6 will change its behavior slightly on 1 September 1994, triggered by a built-in software timer. On that date, version 2.6 will start producing a new and slightly different data format for messages, signatures and keys. PGP 2.6 will still be able to read and process messages, signatures, and keys produced under the old format, but it will generate the new format. This change is intended to discourage people from continuing to use the older (2.3a and earlier) versions of PGP, which Public Key Partners contends infringes its RSA patent (see the section on Legal Issues). PGP 2.4, distributed by Viacrypt (see the section Where to Get a Commercial Version of PGP) avoids infringement through Viacrypt's license arrangement with Public Key Partners. PGP 2.5 and 2.6 avoid infringement by using the RSAREF(TM) Cryptographic Toolkit, under license from RSA Data Security, Inc. According to ViaCrypt, which sells a commercial version of PGP, ViaCrypt PGP will evolve to maintain interoperability with new freeware versions of PGP, beginning with ViaCrypt PGP 2.7. It appears that PGP 2.6 has spread to Europe, despite the best efforts of MIT and myself to prevent its export. Since Europeans now seem to be using version 2.6 in Europe, they will have no problems maintaining compatability with the Americans. Outside the United States, the RSA patent is not in force, so PGP users there are free to use implementations of PGP that do not rely on RSAREF and its restrictions. Canadians may use PGP without using RSAREF, and there are legal ways to export PGP to Canada. In environments where RSAREF is not required, it is possible to recompile the same PGP source code to perform the RSA calculations without using the RSAREF library, and re-release it under the identical licensing terms as the current standard freeware PGP release, but without the RSAREF-specific restrictions. The licensing restrictions imposed by my agreement with ViaCrypt apply only inside the USA and Canada. It seems likely that any versions of PGP prepared outside the US will follow the new format, whose detailed description is available from MIT. If everyone upgrades before September 1994, no one will experience any discontinuity in interoperability. Some people are attracted to PGP because it appeals to their rebellious nature, and this also makes them resent anything that smacks of "giving in" to authority. So they want to somehow circumvent this change in PGP. Even though the change doesn't hurt them at all. I'd like to urge them to think this one through, and see that there is absolutely no good reason to try to get around it. This new version is not "crippled" -- in fact, it is the old versions that are now crippled. I hope that PGP's "legalization" does not undermine its popularity. This format change beginning with 2.6 is similar to the process that naturally happens when new features are added, causing older versions of PGP to be unable to read stuff from the newer PGP, while the newer version can still read the old stuff. All software evolves this way. The only difference is that this is a "legal upgrade", instead of a technical one. It's a worthwhile change, if it can achieve peace in our time. Future versions of PGP now under development will have really cool new features, some of which can only be implemented if there are new data format changes to support them. Like 2.6, the newer versions will still read the older stuff, but will generate new stuff that the old versions can't read. Anyone who clings to the old versions, just to be rebellious, will miss out on these cool new features. There is a another change that effects interoperability with earlier versions of PGP. Unfortunately, due to data format limitations imposed by RSAREF, PGP 2.5 and 2.6 cannot interpret any messages or signatures made with PGP version 2.2 or earlier. Since we had no choice but to use the new data formats, because of the legal requirement to switch to RSAREF, we can't do anything about this problem for now. Not many people are still using version 2.2 or older, so it won't hurt much. Beginning with version 2.4 (which was ViaCrypt's first version) through at least 2.6, PGP does not allow you to generate RSA keys bigger than 1024 bits. The upper limit was always intended to be 1024 bits -- there had to be some kind of upper limit, for performance and interoperability reasons. But because of a bug in earlier versions of PGP, it was possible to generate keys larger than 1024 bits. These larger keys caused interoperability problems between different older versions of PGP that used different arithmetic algorithms with different native word sizes. On some platforms, PGP choked on the larger keys. In addition to these older key size problems, the 1024-bit limit is now enforced by RSAREF. A 1024-bit key is very likely to be well out of reach of attacks by major governments. In some future version, PGP will support bigger keys. This will require a carefully phased software release approach, with a new release that accepts larger keys, but still only generates 1024-bit keys, then a later release that generates larger keys. - --------------------------------------------------------------------- Myth #2: PGP 2.6 is weaker than previous versions, with a back door. - --------------------------------------------------------------------- This is not true. I would not allow MIT or anyone else to weaken PGP or put a back door in. Anyone who knows me will tell you that. This is not to say that PGP doesn't have any bugs. All versions have had bugs. But PGP 2.6 has no known bugs that have any net effect on security. And MIT should be releasing a bug-fixed version of PGP 2.6 Real Soon Now. - ---------------------------------------------------------------- Myth #3: PGP 2.6 was released without Zimmermann's cooperation. - ---------------------------------------------------------------- Well, that's not true, either. Or I wouldn't be telling you all this. MIT did not steal PGP from me. This was a joint venture by MIT and myself, to solve PGP's legal problems. It took a lot of manuevering by me and my lawyers and by my friends at MIT and MIT's lawyers to pull this off. It worked. We should all be glad this came off the way it did. This is a major advance in our efforts to chip away at the formidable legal and political obstacles placed in front of PGP; we will continue to chip away at the remaining obstacles. I hope this clears up the myths about PGP 2.6. I urge all PGP users to upgrade to the new version before September. And I urge you all to use the official 2.6 release, not anyone else's incompatible bastardized mutant strain of PGP. Please pass the word around, and help dispel these misguided rumors. This letter may be (and should be) quickly reposted to BBS's and all appropriate newsgroups. --Philip Zimmermann -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLlL/iWV5hLjHqWbdAQFV7AP/VBSa9BiRfTuoBonJdkwTVC8fNGW8aI7n QctOh+GrDaGl26rqtRjxtYTabAo+4B+sw6Dqz5o1OipKF/NuK7PFMzITdGMh940+ MXqOPCSLfDIwNzRzIHYQV/93jeJsixFZu/6j76mMxB6xrETXmswxIRicwm/QUxC1 0jbZEBrb/ug= =u7IY -----END PGP SIGNATURE----- From at pylon.com Thu Aug 18 00:13:14 1994 From: at pylon.com (quoting John) Date: Thu, 18 Aug 94 00:13:14 PDT Subject: Are \"they\" really the enemy? (Systems commentary) Message-ID: <199408180713.AAA28521@deepthought.pylon.com> So what do we do? It seems we've pretty much agreed that governments are beasts beyond anyone's control, but so is _society_. So is the entire human population. Where do we start? If, or based on the words of many on this list, we tear down the government, will we understand the resultant human-made system any better? ..................................................... ("human-made" system: is government some other kind? Is society made up of an entire population of beasts?) System-makers typically expect automatic processes to determine the character of the whole, and the operations themselves become the purpose for which the system exists. The humans who act within the system are reduced to accessories, becoming secondary in importance to the organizational requirements of maintaining & perpetuating the outcome - which by then becomes moot, as everyone's concentration is focused upon the details of the procedures. When a system is designed to organize human behavior (as in "governing" it) it has the inherent mistake of being based on the presumption of complete knowledge of human nature (yet who agrees on what that comprises). Anyone who is circumscribed by the system created is held within its confines, is judged by its borders and by its limits upon their decisions. If someone wants to try out an idea or method which does not fall within the allowances set up within it, they must first go outside of the system to have the freedom to act according to the new idea. They must take up the responsibility which would otherwise have been distributed and shared with others. They also take outside of the system the effects which might have affected those within it. No one is going to be agreeable to participating in a venture in which they do not have some confidence about the reward; in a ready-made system if someone has become dependent upon the security it provides, they are going to be even less willing to give up the comfort of pre-determined decisions and predictable outcomes. Then there will be seen less of reason and more of unimaginative automaticity. In a non-political system or manner of existence (not designed to rule over human nature per se), individuals have to rely upon their own abilities, upon the development of their own judgement, rather than upon the "governance" of their behavior by strangers. This doesn't mean that there could be no systems in existence at all; there are still business enterprises which call upon the coordination of efforts towards a specific goal. But this does not obligate that they take on the quality of a "perpetual picnic". The more that individuals look at systems as relative to the accomplishment of particular, specific goals, the less they will look to them as the means to accomplish the re-shaping of mankind (i.e. the morality of the neighbors). Such systems actually could accomplish a "re-shaping" of some individuals, but as an accessory contingent event, simply from the fact of those involved having discovered a means of achieving some personal command over "Nature". Trying to understand the system (whose system?) is really putting the cart before the horse (first you need a problem, to which the system is the solution). Trying to understand all of human nature is a Major Enterprise. It's much more managable to set up small systems based upon the control of those who have cause to set one up, who are interested & willing to participate, than trying to set up an all-encompassing system which includes even unrully, ungrateful beasts with an attitude. From blancw at pylon.com Thu Aug 18 00:39:04 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Thu, 18 Aug 94 00:39:04 PDT Subject: Are \"they\" really the enemy? (Systems commentary) Message-ID: <199408180739.AAA28559@deepthought.pylon.com> Was that really your commentary? For some reason, the new cool feature on the mail system I'm using showed up with your name as the sender of my reply to yourself. But it was really me all along, commenting on the systems thread. Blanc From nobody at vox.hacktic.nl Thu Aug 18 03:58:21 1994 From: nobody at vox.hacktic.nl (nobody at vox.hacktic.nl) Date: Thu, 18 Aug 94 03:58:21 PDT Subject: CIA Using Remailer System? Message-ID: <199408181058.AA15812@xs4all.hacktic.nl> I had a funny thought the other day. YES, the remailers have been set up for foiling traffic analysis and YES they are reasonably secure and YES they are oriented toward private citizens striving to protect their personal privacy....BUT: Wouldn't it be funny, if the CIA (or other agency) used the remailer system (alon with PGP) for regular communication with operatives overseas. Think about it for a second...the NSA can't be the only one monitoring Internet traffic. With that in mind, say the Company had to get a message overseas to an operative. Probably it would be a bad idea to send a message to someone overseas with the return address of spooks at langley.cia.gov.us, so why wouldn't they take advantage of the remailer system? That way the message (encrypted of course) would arrive in a person's mailbox from hacktic or wimsey or kaiwan and noone could attach any sort of importance to it. And because it could be encyrpted every step of the way, noone would also be able to snoop. Yeah, they probably have their own exotic encryption systems.....cyphers that would be a dead give away in the case of an operative getting busted. But again, PGP being nicely widely distributed, no enemy agency need attach an identity to a suspect by virtue of his using PGP. Just a thought and mybe a lame one at that, but what the hell, stranger things have happened. It would be mildly cynical to imagine the reamailer system set up to throw roadblocks at the intelligence community was actually being used by that same entity. From usura at vox.hacktic.nl Thu Aug 18 03:58:48 1994 From: usura at vox.hacktic.nl (uSuRa) Date: Thu, 18 Aug 94 03:58:48 PDT Subject: The remailers at Hack-Tic Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hello, The "Hack-Tic Network Foundation" has decided to change its name, into a more mainstream "XS4all Networking" [access for all]. This will include a change in domain name. The changes will be made during this weekend, this may cause some slight disturbances in the remailing service. One is advised to do a test messages before an actual remailing request since no garantee for proper functioning during this change can be given. The new domain name will be xs4all.nl, the hacktic.nl domain name will be operational for another 6 months till february 1995. The remailers affected are: usura at hacktic.nl -> usura at xs4all.nl The adresses for the remailers at my UUCP node: nobody at vox.hacktic.nl remail at vox.hacktic.nl remailer at vox.hacktic.nl anon at vox.hacktic.nl and the anon-ID's associated with them will be changed at a later date, more information will be supplied as it becomes available in the following newsgroups/mailinglists: -> alt.privacy.anon-server -> alt.anonymous -> alt.anonymous.messages -> the cypherpunks mailing list -----BEGIN PGP SIGNATURE----- Version: 2.6 for VoX Labz. iQCVAgUBLlM64FnfdBSNVpE9AQGX+wP/QfwaHdNm8HKKeLEqFnH4Kv72efkZx7Ta VS132dLH7wYn8bN+N43nCvh6jSKwSlwT261qXA5DDp9WASCgCdfovzkV4+hnxGkA Hdd3ncJ6TAMyAO4PYPiTNHVREoB3LpLPRRF/iGYfPR7R3+d7acuJApzpMg2pwGW9 nGehxc3tmuE= =sPNJ -----END PGP SIGNATURE----- -- Exit! Stage Left. Alex de Joode From sandfort at crl.com Thu Aug 18 06:36:52 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 18 Aug 94 06:36:52 PDT Subject: I'M BACK Message-ID: C'punks, I have completed my journey across the continent and am now ensconsed in the Greater Gotham Metropolitan Area. I can still be reached at all my old e-mail addresses (ain't technology great?). Last night, Duncan, his wife, Lois, and I enjoyed a fine dinner in "the Village" with Heroes of the Revolution, Matt Blaze and Eric Hughes. The food was good; the waitress was cute; maybe this East Coast thing will work out. Duncan and I will commence the Privacy Seminar sometime next week, or as soon as I overcome truck lag. (Hey, you try driving 3,000 miles {5,000 kilometers for our non-US list members} sometime. It's exhausting.) S a n d y From jya at pipeline.com Thu Aug 18 09:27:21 1994 From: jya at pipeline.com (John Young) Date: Thu, 18 Aug 94 09:27:21 PDT Subject: Utlimate spying machine Message-ID: <199408181626.MAA27785@pipe3.pipeline.com> Pointers: John Markoff writes in today's NYT about NSA's contract with Cray Computer Corporation for development of "ultimate spying machine", p. D3. May be related to full-page coverage today on threat of uncontrolled Russian nuclear material and another article about Energy Department's denial that the issue is being pumped for funding reasons. From jdd at aiki.demon.co.uk Thu Aug 18 10:19:43 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 18 Aug 94 10:19:43 PDT Subject: CIA Using Remailer System? Message-ID: <6549@aiki.demon.co.uk> In message <199408181058.AA15812 at xs4all.hacktic.nl> nobody at vox.hacktic.nl writes: > Wouldn't it be funny, if the CIA (or other agency) used the remailer system > (alon with PGP) for regular communication with operatives overseas. When the CIA wanted to deliver some packages during the Viet Nam war, they set up their own air line, Air America. If they wanted to send encrypted traffic through a 'civilian' system, I would suppose that they would do the same sort of thing. Did you know that Sprint has set up a Global SprintLink service, with offices opening up in London, Paris, and Tokyo, and that Sprint already handles a large chunk of the traffic to the former Soviet Union? They have a direct link from Falls Church (you know, next to Langley) VA to Moscow. ;-) -- Jim Dixon From jdd at aiki.demon.co.uk Thu Aug 18 10:20:34 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 18 Aug 94 10:20:34 PDT Subject: Are "they" really the enemy? Message-ID: <6553@aiki.demon.co.uk> In message <9408160310.AA13160 at phoenix.aps.muohio.edu> Shalder Flow writes: > > What I said was : "to work with a system, you need to understand it > > objectively". [snip snip] > > I've been watching this for a bit (I lurk here a lot) and this discussion > is really interesting. I have some questions. How are we going to > understand the system objectively? By objectively do you mean logically, > mechanistically, magically? To understand something you must become somewhat dispassionate about it. Otherwise your observations are warped and you simply do not see what does not agree with your preconceptions. > Its clear you can't seperate yourself from > "the system," even the "government system" as a member of this country. Well, in some sense this is true, and the universe is one, and so on and so forth. But actually all of us observe systems in operation every day. For example, the police force in your city is a distinct little system. If you do not believe this, go out and buy yourself a uniform, a gun, etc, and walk around the town for a while. You will find that the police will disagree with your simplistic theory and will arrest you. > Sure, you can not vote, not participate, and try to observe it, but we're > all part of those average americans that you point out make up the > government. (a) It is not necessary to withdraw from participation in order to observe; it is only necessary to be dispassionate, specifically in regard to your explanations or theories about things. In fact, participation will probably make you a better observer. (b) My comments about average Americans are somewhat more guarded than what you say I say. My point was that in trying to understand the government it is best to start from the elementary observation that it is staffed by a more or less random selection of Americans, not devils incarnate. If you look more closely, you will find that certain types tend to concentrate in certain departments, and then again experience causes some to become alienated from the population at large. > > > In _Systemantics_, John Gall conducts a very interesting examination of > > > man-made systems and their behavior. He notes that all man-made systems > > > exhibit certain traits, among them growth, encroachment and promulgation > > > of intra-system goals. Your observation on the people employed by > > > government may be right on target, but it doesn't take into account the > > > entity of government itself. This entity cannot be touched, > > > communicated with or coerced. The last sentence has a certain noble silliness about it. A mob is a man-made system. It often grows, encroaches, and promulgates its own goals. Yes. But all of us know that it can touch and be touched, it can be communicated with (ask any demagogue), and coerced (read Napoleon's remarks on the utility of grapeshot in coercing mobs). > I'll have to check out this book-- it sounds very interesting. I'm > bothered by the statement "all man-made systems." I find it hard to > believe that such generalizations can be made. Is it all man made > systems of a certain size? Of Western philosophical culture? Does my > family exhibit these traits? My circle of friends? I must read this > book myself to fully understand you point. > > > I more or less agree. Now apply your arguments to this list as a > > man-made system. > > OK, I should have read along a bit farther. > > > > Put another way, even though every person within the system may be a > > > "good man", the system itself isn't necessarily good. > > > > I agree. But recall that I never spoke of goodness; I just said that > > the people who work for the government are pretty much a random > > assortment of Americans. On the other hand, there have been several > > heated statements to the effect that 'all lawyers are X' and 'all > > government employees are Y'. It is this that I disagree with the most. > > Makes sense... you dislike generalizations based on occupation. Not really. What really bothers me is generalizations that are based on nothing and/or generalizations that the generalizer is unwilling to defend. I _like_ generalizations, whether based on occupation or anything else, that are accurate. And I was trained in the scientific method, which means first you take a good look at the real world, then you make up theories, then everyone has a good time poking holes in them, then you do it all over again. > So what do we do? It seems we've pretty much agreed that governments are > beasts beyond anyone's control, but so is _society_. So is the entire > human population. Personally, I find these statements very disturbing, because they are so empty. The 'beast beyond control' is your image in the mirror. The government that you are so concerned about controlling is staffed by people like you and me. They look in _their_ mirrors and they feel threatened too and they want to control what they see too. > Where do we start? If, or based on the words of many > on this list, we tear down the government, will we understand the > resultant human-made system any better? You won't tear down the government without replacing it. And I would argue that the more violent the means used to tear down the government, the more repressive its successor. Governments exist in part because we are such dangerous animals. -- Jim Dixon From paul at hawksbill.sprintmrn.com Thu Aug 18 10:44:14 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Thu, 18 Aug 94 10:44:14 PDT Subject: CIA Using Remailer System? In-Reply-To: <6549@aiki.demon.co.uk> Message-ID: <9408181846.AA15880@hawksbill.sprintmrn.com> Jim Dixon writes - > > Did you know that Sprint has set up a Global SprintLink service, with > offices opening up in London, Paris, and Tokyo, and that Sprint already > handles a large chunk of the traffic to the former Soviet Union? They > have a direct link from Falls Church (you know, next to Langley) VA to > Moscow. > > ;-) > That's patently false -- we're located in Herndon, Virginia, right across the street from Dulles Airport and a hop, skip & jump down the street from the new NRO office. ,-) Cheers, _______________________________________________________________________________ Paul Ferguson US Sprint Managed Network Engineering tel: 703.904.2437 Herndon, Virginia USA internet: paul at hawk.sprintmrn.com From bshantz at spry.com Thu Aug 18 10:52:15 1994 From: bshantz at spry.com (Brad Shantz) Date: Thu, 18 Aug 94 10:52:15 PDT Subject: Are "they" really the enemy? Message-ID: <9408181750.AA07082@homer.spry.com> >> Where do we start? If, or based on the words of many >> on this list, we tear down the government, will we understand the >> resultant human-made system any better? >You won't tear down the government without replacing it. And I would >argue that the more violent the means used to tear down the government, >the more repressive its successor. Governments exist in part because >we are such dangerous animals. Well said, Jim. However, I question the "more repressive its successor" part. (Note: I have nothing to back up that statement, except that it didn't hit me as being entirely true.) Brad >>>>>>>>>>>>>>>>INTERNETWORKING THE DESKTOP<<<<<<<<<<<<<<<< Brad Shantz bshantz at spry.com Software Engineer Main #: (206)-447-0300 SPRY Inc. Direct #: (206)-442-8251 316 Occidental Ave, 2nd Floor FAX #: (206)-442-9008 Seattle, WA 98104 WWW URL: http://WWW.SPRY.COM ----------------------------------------------------------- >>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<< From jdd at aiki.demon.co.uk Thu Aug 18 11:09:23 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 18 Aug 94 11:09:23 PDT Subject: Are \"they\" really the enemy? (Systems commentary) Message-ID: <6562@aiki.demon.co.uk> In message <199408180713.AAA28521 at deepthought.pylon.com> the impostor "Jim.Dixon": @pylon.com:; writes: > System-makers typically expect automatic processes to determine > the character of the whole, and the operations themselves > become the purpose for which the system exists. [etc] This whole discussion, I think, begins with a misconception: the original writer was talking about the idea that a group has an existence separate from that of its members; you are talking about systems that people have designed, or think that they have designed. > When a system is designed to organize human behavior (as in > "governing" it) it has the inherent mistake of being based on > the presumption of complete knowledge of human nature (yet who > agrees on what that comprises). Only a philosopher could make such a statement. A family is such a system, but it is based on no such presumption. Families begin in what is usually a completely mindless activity. And any honest parent of teenage children will admit that he or she is almost totally ignorant of human nature. If the parent doesn't admit it, the child will let the parent know. Most of us just bumble along. We have little theories. We recognize that we do not have complete knowledge of anything. > Anyone who is circumscribed by > the system created is held within its confines, is judged by > its borders and by its limits upon their decisions. If someone > wants to try out an idea or method which does not fall within > the allowances set up within it, they must first go outside of > the system to have the freedom to act according to the new > idea. Or they must be willing to raise hell. Once again, look at any family with children. The parents set limits. The children throw themselves into challenging those limits with great abandon. Some kids leave when they see that the system cannot challenge them any more. They go to look for stronger limits. > ... > > No one is going to be agreeable to participating in a venture > in which they do not have some confidence about the reward; in Look at real systems. Look at the family. No one is asked to join: they just get born. That's how most of us become Americans (or whatever) too. The great systems that control most of our lives are simply _there_. > a ready-made system if someone has become dependent upon the > security it provides, they are going to be even less willing to > give up the comfort of pre-determined decisions and predictable > outcomes. Then there will be seen less of reason and more of > unimaginative automaticity. Ah, there is so much to disagree with. In the Middle Ages, people like Thomas Aquinas lived in societies and institutions which controlled thought and behaviour to a high degree. But Aquinas devoted his life to reason and he was no unimaginative automaton. Poetry is the result of forcing speech into predictable patterns. Reason depends upon the existence of accepted principles. > In a non-political system or manner of existence (not designed > to rule over human nature per se), individuals have to rely > upon their own abilities, upon the development of their own > judgement, rather than upon the "governance" of their behavior > by strangers. I think that you mean to propose this as an ideal, yes? But you fail to see that many situations are zero-sum games or even negative-sum gains, where someone must lose. And often it is in no one's particular interest to do that which is for the common good of all. One of the functions of politics and government is to limit the freedom of individuals where the exercise of that freedom can lead to harm to others. It is in everyone's interest that there be white lines down the middle of roads and that cars be forced to drive on one side or the other. > This doesn't mean that there could be no systems > in existence at all; there are still business enterprises which > call upon the coordination of efforts towards a specific goal. > But this does not obligate that they take on the quality of a > "perpetual picnic". The more that individuals look at systems > as relative to the accomplishment of particular, specific > goals, the less they will look to them as the means to > accomplish the re-shaping of mankind (i.e. the morality of the > neighbors). Such systems actually could accomplish a > "re-shaping" of some individuals, but as an accessory > contingent event, simply from the fact of those involved having > discovered a means of achieving some personal command over > "Nature". We have no choice about systems. Without the system called the English language, you and I would not be communicating. Without schools, you would have no education. And so forth. It is of course true that we can design small systems for specific purposes. But you cannot look only at the overt, rational, explicit, acceptable purposes of the group. > Trying to understand the system (whose system?) is really > putting the cart before the horse (first you need a problem, to > which the system is the solution). No. Systems exist and they have attributes which are independent of those who created them and those who staff them. You walk around the corner and there is a mob. The mob is a little system, like a dust devil. What it is a solution to is irrelevant. It is there, and it has an effect on you. You need to understand it to some degree if you want that effect not to be harm. The people in the mob may be carried away by what they see as noble motives and they may not even notice the harm that they do to things and passers-by. Motives are far less important than effects. > Trying to understand all of > human nature is a Major Enterprise. It's much more managable > to set up small systems based upon the control of those who > have cause to set one up, who are interested & willing to > participate, than trying to set up an all-encompassing system > which includes even unrully, ungrateful beasts with an attitude. The author of the original comments might say that when you set up your little system, call it the overt one, you will at the same time set up another, call it the covert one. The covert one arises in part out of private, unconfessed motives. It is just as real and often far more effective than the overt one. I knew this guy in Calcutta, in India. He was a Salvation Army major. He ran a group that distributed food to the very poor. Every day they went out in a jeep and fed thousands of people from a big pot in the back. This is the overt system. A selfless relief worker, a group of kindly saints bringing food to the starving. The number of starving people around Calcutta was always a good approximation to infinity, so the Sally Ann used a system of ID cards. These ensured that only deserving people got free food and that each person got only one meal. To many of the Bengalis, the major was the devil incarnate. They actually had no food and their families would starve without the daily visit from the Sally Ann. The major had many arbitrary rules which they could not understand. He also had a bad temper. So as they saw it, every so often, the soup god would blow up and yank someone's ID card for no reason. They were extremely careful when he was around. He terrified them. They propitiated their dark god daily. This was the covert system. -- Jim Dixon (the real one) From ddhouser at freenet.columbus.oh.us Thu Aug 18 12:19:57 1994 From: ddhouser at freenet.columbus.oh.us (Daniel Houser) Date: Thu, 18 Aug 94 12:19:57 PDT Subject: Public Key Encryption/RSA/Information Security Message-ID: I understand that you run some sort of service (a "zine"?) relating to RSA and cryptography. I'm very interested in this kind of thing, and am currently doing some work on information security topics. Any information you could provide me with would be relished! Thanx Dan Houser, CSP ddhouser at freenet.columbus.oh.us From joshua at cae.retix.com Thu Aug 18 12:27:46 1994 From: joshua at cae.retix.com (joshua geller) Date: Thu, 18 Aug 94 12:27:46 PDT Subject: Are \"they\" really the enemy? (Systems commentary) In-Reply-To: <6562@aiki.demon.co.uk> Message-ID: <199408181927.MAA00813@sleepy.retix.com> > > When a system is designed to organize human behavior (as in > > "governing" it) it has the inherent mistake of being based on > > the presumption of complete knowledge of human nature (yet who > > agrees on what that comprises). > Only a philosopher could make such a statement. > A family is such a system, but it is based on no such presumption. > Families begin in what is usually a completely mindless activity. > And any honest parent of teenage children will admit that he or > she is almost totally ignorant of human nature. If the parent > doesn't admit it, the child will let the parent know. only a rhetor could make such a statement. families are not designed. I don't necessarily agree with the original statment. josh From alano at teleport.com Thu Aug 18 13:05:14 1994 From: alano at teleport.com (Alan Olsen) Date: Thu, 18 Aug 94 13:05:14 PDT Subject: Zimmermann on PGP 2.6 myths Message-ID: <199408182004.NAA15578@teleport.com> > >-----BEGIN PGP SIGNED MESSAGE----- > >To: All Users of PGP >From: Philip Zimmermann, creator of PGP >Re: Misconceptions about PGP 2.6 from MIT >Date: 18 Aug 94 > >I'd like to clear up some widely held misconceptions about PGP >version 2.6 from MIT. I get a lot of email and phone calls from >people who report a lot of misinformation on many Internet newsgroups >about this MIT version of PGP. > [Stuff Deleted] >- --------------------------------------------------------------------- >Myth #2: PGP 2.6 is weaker than previous versions, with a back door. >- --------------------------------------------------------------------- > >This is not true. I would not allow MIT or anyone else to weaken PGP >or put a back door in. Anyone who knows me will tell you that. > >This is not to say that PGP doesn't have any bugs. All versions have >had bugs. But PGP 2.6 has no known bugs that have any net effect on >security. And MIT should be releasing a bug-fixed version of PGP 2.6 >Real Soon Now. In my opinion what helped to contribute to this assumption was the downreving of RSAREF from 2.0 in PGP 2.5 to 1.0 in PGP 2.6. (That with the "expiration date" seemed to make things look pretty evil.) What is the difference between RSAREF 2.0 and 1.0 and should I be concerned? /========================================================================\ |"I would call him a Beastialic Sadomasochistic | alano at teleport.com | |Necrophile but that would be beating a dead | Disclaimer: | |horse." -- Teriyaki (What's up Tiger Lily?) | As if anyone cares! | \========================================================================/ From pcw at access.digex.net Thu Aug 18 13:35:08 1994 From: pcw at access.digex.net (Peter Wayner) Date: Thu, 18 Aug 94 13:35:08 PDT Subject: NSA Spy Machine and DES Message-ID: <199408182034.AA16457@access3.digex.net> It is a fun game to contemplate the powers of the machine that Cray Research is creating for the NSA. Early reports note that it will have 512,000 SIMD processors. The proceedings of Crypto 92 contains a paper I wrote describing a slightly strange design for a DES cracking machine that used "off-the-shelf" associative memory chips built by Coherent Research Inc in Syracuse, NY. (Incidentally, the chips still aren't "on-the-shelf" yet.) Each line in the chip had 42 bits and a really, really dumb processor. That meant you could get 1024 processors on a chip. They weren't packed very densely and I'm sure it would be possible to get 16k or maybe even 64k processors on the chip today. The processors are really dumb. They take 57126 cycles to encrypt one 64 bit block of data with a 56 bit key using standard DES. At 50 Mhz, it took 1 million chips to search the entire DES keyspace in one day. That was 1 billion processors running at once. I calculated at the time that this would cost $30 million in the 92 paper. I've revised this and I think it is eminently possible to get it for about $2 million if you bargain with the fabrication plants. This is, though, just a guess. It was also possible to estimate how long it would take to crack UNIX passwords. A 2 million processor machine could knock off all 7 character passwords composed of alphanumeric characters (A-Z, a-z, 0-9) in one day. Given that the processors I used are probably as dumb as could ever be invented, I think it is fair to say that 7 character passwords could be cracked by this new Cray in four days. Also, DES could be cracked in 2000 days using this machine and a very brute force approach. But let's give the NSA/SRC some credit. These new SIMD processors are probably smarter. Let's say that they're 64 bit wide RISC machines which can only access their own local on chip memory. If they can run 2 times faster (100 MHz) and do DES encryption in 1000 cycles, then this means that the brute force attack on DES could be done in 4 days. Bam. Is it fair to do DES in 1000 cycles? There are 16 rounds and each round consists of passing a value through an S Box and adding it in with a key and part of the result. The most time consuming part is computing the sbox result. There are 8 sboxes in play that operate on 4 bits at a time. Lets assume that they compute the sboxes by looking them up in a table. If it takes 4 cycles to go to memory and an extra cycle to add in the result, then that is 40 cycles to compute the sbox. The key computation involves several shifts and some more adds. Let's say 10 cycles. Use the other 14 cycles for book keeping and that leaves 64 cycles per round or 1024 cycles to do the encryption. That translates into 4 days per DES attack. Could it go faster? On chip memory access could be done in one cycle. You might be able to push things down to 24 cycles per round. That would get you near 1 day per attack. I don't see going any faster. Is it fair to assume that you can build 512,000 low-grade 64 bit processors for a price? The newspaper stated that the contract was worth $4.5 million. Let's allocate $512,000 for the SIMD chips. That $1 a processor. Let's say you can get 800,000 transistors for $10 in bulk quantities today. That's 80,000 transistors per processor. It seems reasonable to me that you can get a pretty okay 64 bit processor with some local memory for that amount if you strip away all of the cache management, floating point and multiplication. But this really isn't my area of expertise. I would welcome more informed analysis. The best data point, though, would be some papers about the Processor-In- Memory project run by the Supercomputing Research Center in Bowie, MD. This is a semi-public project and there have been some pre-prints circulating. They built some early machines that added a few processors to each memory chip. You could write to these chips like normal memory until you flipped a logic line. Then all writes would be routed to the processors which would treated the write as an instruction. There were something like 8 or 16 processors on a chip. I can't seem to find my copies of them. They would give great insight into the past work of the NSA. Given this, I conclude that this new machine is the first public acknowledgement that the NSA will have the ability to use a brute-force attack on DES in about 4 days. It also implies that 7 character alphanumeric UNIX passwords can be knocked off in no time of consequence. These are all back of the envelope computations about people pushing the technological envelope. I would enjoy hearing about any arguments or suggestions that people have about the details. The RISKS? Passwords _REALLY_ need to be longer. DES needs to be replaced by triple-DES or something similar. From jya at pipeline.com Thu Aug 18 14:24:01 1994 From: jya at pipeline.com (John Young) Date: Thu, 18 Aug 94 14:24:01 PDT Subject: NSA Spy Machine and DES Message-ID: <199408182123.RAA21367@pipe3.pipeline.com> Responding to msg by pcw at access.digex.net (Peter Wayner) on Thu, 18 Aug 4:41 PM Peter, Thanks for posting your thoughts on this. A small note: The NY Times article today said that NSA will contribute $4.2 million toward *development*, along with $400,000 in software-consulting services, while Cray will invest another $4.8 million. Thus the overall cost, after full development, may be more than you assumed in your calculations and thus the power may be more. But, as the story said, Cray will need more than this initial contract to survive, so the machine may never be completed. John From sdw at lig.net Thu Aug 18 14:47:56 1994 From: sdw at lig.net (Stephen D. Williams) Date: Thu, 18 Aug 94 14:47:56 PDT Subject: # of Real Tim Mays, RTM (r) In-Reply-To: <199408170254.TAA03907@netcom7.netcom.com> Message-ID: > > While I'm not participating in the "How many..." scavenger hunt, I do > want to make a correction to Ben Goren's comment: > > > It's probably not all that surprising that we have a plethora of > > On the scavenger hunt, my high school chemistry teacher once mentioned > the "death of your father." Turned out she had assumed from an > obituary entitled "Timothy May dies" that perhaps my father had died. > > Names are rarely unique. But, then, few of us know any of the other > members of the list except by our electronic identities. > > --Tim May > I am accutely aware of the name duplication problem. Even using my middle initial doesn't buy me much. There are many Stephen Williams's in most areas. Maybe Stephen Douglas Williams is fairly unique, if you don't count my father, but that doesn't help much. Now if I changed my name to Zaphod or something... I use companies I've started, my domain, etc. to try to establish a unique identity. sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From ianf at simple.sydney.sgi.com Thu Aug 18 15:12:46 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Thu, 18 Aug 94 15:12:46 PDT Subject: NSA Spy Machine and DES In-Reply-To: <199408182034.AA16457@access3.digex.net> Message-ID: <9408190809.ZM4528@simple.sydney.sgi.com> On Aug 18, 4:41pm, Peter Wayner wrote: > But let's give the NSA/SRC some credit. These new SIMD processors are probably > smarter. Let's say that they're 64 bit wide RISC machines which can only > access their own local on chip memory. If they can run 2 times faster (100 > MHz) and do DES encryption in 1000 cycles, then this means that the brute > force attack on DES could be done in 4 days. Bam. Actually, I would be surprised if the "SIMD" processors were not a huge array of reprogrammable FPGA's, quite possibly Xilinx's. The possibilities of a large array of these chips, each with local memory, is quite interesting. I have personally seen an array of 64 Xilinx chips in a DEC PeRL box doing RSA, at speeds similar or better to almost all available custom hardware implementations of the cipher. BTW, with a purchase of half a million chips, economies of scale would get the devices well within budget. Ian. From jamesd at netcom.com Thu Aug 18 15:29:53 1994 From: jamesd at netcom.com (James A. Donald) Date: Thu, 18 Aug 94 15:29:53 PDT Subject: Are "they" really the enemy? In-Reply-To: <6553@aiki.demon.co.uk> Message-ID: <199408182230.PAA15298@netcom7.netcom.com> Jim Dixon writes > You won't tear down the government without replacing it. We can certainly drastically weaken and seriously impair and obstruct government without replacing it. And after it has been made weak, impaired, and disrupted, then we should give further study as to whether it can be entirely suppressed without being suppressed by a worse government. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From rah at shipwright.com Thu Aug 18 15:30:38 1994 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 18 Aug 94 15:30:38 PDT Subject: CIA Using Remailer System? Message-ID: <199408182227.SAA13902@zork.tiac.net> At 1:46 PM 8/18/94 -0500, Paul Ferguson wrote: >That's patently false -- we're located in Herndon, Virginia, right >across the street from Dulles Airport and a hop, skip & jump down >the street from the new NRO office. ,-) Hi. I interested in talking to a marketing person at Sprint. I want "secure" ;-) high bandwidth internet access for an internet access service a client wants to start up. Can you just forward this to someone you know? Thanks! Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From perry at imsi.com Thu Aug 18 15:42:52 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 18 Aug 94 15:42:52 PDT Subject: NSA Spy Machine and DES In-Reply-To: <9408190809.ZM4528@simple.sydney.sgi.com> Message-ID: <9408182235.AA07044@snark.imsi.com> "Ian Farquhar" says: > Actually, I would be surprised if the "SIMD" processors were not a huge > array of reprogrammable FPGA's, quite possibly Xilinx's. Since SIMD implies array processing, this makes much more sense than general purpose 64 bit processors. Perry Metzger From tcmay at netcom.com Thu Aug 18 15:49:10 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 18 Aug 94 15:49:10 PDT Subject: NSA Spy Machine and DES In-Reply-To: <9408190809.ZM4528@simple.sydney.sgi.com> Message-ID: <199408182249.PAA12981@netcom4.netcom.com> > Actually, I would be surprised if the "SIMD" processors were not a huge > array of reprogrammable FPGA's, quite possibly Xilinx's. The possibilities > of a large array of these chips, each with local memory, is quite > BTW, with a purchase of half a million chips, economies of scale would get > the devices well within budget. > > Ian. The press release for the NSA/Cray Computer machine said the chips would be fabbed by National Semiconductor. Related speculations: * National is the builder (and possibly the contract operator) of the on-site wafer fab at Fort Meade. This doesn't imply the chips will be built on-site; in fact, I would doubt it. * This machine is very probably the large machine reported in Gunter Ahrendt's list of supercomputers as going into NSA, and then later shown as going to the nearby Supercomputing center in Bowie, MD. (As they are partners in this project, not much doubt.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jya at pipeline.com Thu Aug 18 15:53:18 1994 From: jya at pipeline.com (John Young) Date: Thu, 18 Aug 94 15:53:18 PDT Subject: Are \"they\" really the enemy? Message-ID: <199408182252.SAA26632@pipe3.pipeline.com> Responding to msg by jdd at aiki.demon.co.uk (Jim Dixon) on Thu, 18 Aug 4:46 PM Jim (and other respondents), These discussions are pretty invigorating and I look forward to reading them. Just want to say to Jim that the following remarks of yours made about someone's earnest thoughts: >Personally, I find these statements very disturbing, >because they are so empty. Might be applied to your own later comments: >You won't tear down the government without replacing >it. And I would argue that the more violent the means >used to tear down the government, the more repressive >its successor. Governments exist in part because we >are such dangerous animals. This rhetorical ploy comes across as an apology for the status quo and seems to offer counter-revolutionary cant instead of your best arguments for making rational, evolutional improvements to our inheritance. My preference is for hard-wrought and hard-fought prickly specifics to easy, dreamy generalizations. Even though both enrich the brew. If this topic does not get blown off this list I would like to offer some specifics responses to your good stuff. What say, c'punks, is this topic okay here? Tim? Anybody? TLAs? John From dave.hodgins at canrem.com Thu Aug 18 15:58:27 1994 From: dave.hodgins at canrem.com (Dave Hodgins) Date: Thu, 18 Aug 94 15:58:27 PDT Subject: PGP26A is out Message-ID: <60.11676.6525.0C1AAEFC@canrem.com> -----BEGIN PGP SIGNED MESSAGE----- A file has appeared here called PGP26A.ZIP. The readme file claims this version "fixes all known bugs" in the 2.6 version. I'm very suspicious. The file does not contain any viruses that I can detect, or have any obvious functionality problems. The pgp.exe file is signed by the key "Rebellious Guerrilla ". Source files are not included. The rebel key is not signed by any other keys. Does anyone here have any info on this "release"? Thanks, Dave Hodgins. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLlPetJbACHtihSGlAQHRMgP/Z5NMbx9nqJZAQoHKw36HuXgNvGluQnAF RnswlM2d4tJmSJocCFb/9b3FAjGX+eFCP+M0pLmbuJjTHclhoYtn2kgQ7YdZML7P QV+k7qOyTcvpOyuiQwB+iY4srvFlMGiVghZxQua7kuqgHxgxXqNsuBy6U6ARDPQL FLSnz438H6s= =LHY5 -----END PGP SIGNATURE----- **EZ-PGP v1.07 cc: ALL in 5207 on CRS ALL in 1139 on CRS --- * RM 1.3 00820 * Internet:Dave.Hodgins at Canrem.com Rime->118 Fido(1:229/15) From wcs at anchor.ho.att.com Thu Aug 18 16:17:46 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 18 Aug 94 16:17:46 PDT Subject: EFF on why they did it. Message-ID: <9408182314.AA22475@anchor.ho.att.com> David Lesher writes: > > Paid for "by the government"?!! And just where does the EFF think the > > government gets its money? > > One difference -- the Hill must allocate money for "paid for by the > government" as compared to "just rape the switch designer" financing. > > No money, not wiretaps. That may {or may not} limit the effect of FBI > Wiretap, depending on how [much/little] the Hill loosens the > pursestrings. It's certainly a good start, but the government *does* have other money. For instance, when Clipper was first announced, they said they wouldn't need Congressional permission, because they were paying for it out of the DoJ Super Forfeiture Fund, which had about $2B in money stolen from users of politically incorrect substances. I realize that doesn't go very far when you're talking about restructuring the Global Information Infrastructure. But it's a lever to get stuff started, then they can go demanding tax money because you *can't* shut down the Phone Companies! Bill From wcs at anchor.ho.att.com Thu Aug 18 16:19:05 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 18 Aug 94 16:19:05 PDT Subject: cfs & remailers Message-ID: <9408182256.AA22220@anchor.ho.att.com> Bill O'Hanlon writes: > I half-expect Eric or Tim to jump in here to point out that this is one > of those situations where you have to define who your enemy is, and to make > sure that your efforts apply to the situation. Well, if they won't, I will :-) You have to define your threats, or at least think about them a bit. > I run a remailer on a home Unix machine via a phone line UUCP feed. [...] > block the following foes: my service provider and any node upstream of it, > thieves/misguided law enforcement types, and phone taps. Encrypting something > that I receive in the clear over an insecure line isn't useful. It's still useful - it lets you protect yourself against attackers who seize your machine but aren't actively wiretapping. For instance, the thugs who raided Steve Jackson Games, etc. Wiretapping is a lot of work, and takes a better argument to a fancier judge than simple search warrants. Even if you are wiretapped, it lets you protect messages that got there before the wiretap started - it's not surprising to have messages stick around for a week in a uucp environment, and there are all your UUCP databases. There's also a legal problem to be addressed, since nobody's established whether remailer operators are common carriers or co-conspirators or RICO-racketeer (probably depends on the quality of lawyers you can afford.) Encrypting your disks makes it *much* harder for them to examine your system until you've had time to get a lawyer and do things in front of the judge instead of on their own in some back room. Bill Stewart From jamiel at sybase.com Thu Aug 18 16:20:17 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Thu, 18 Aug 94 16:20:17 PDT Subject: Are \"they\" really the enemy? Message-ID: <9408182318.AA07469@ralph.sybgate.sybase.com> At 6:52 PM 08/18/94 -0400, John Young wrote: >If this topic does not get blown off this list I would like to >offer some specifics responses to your good stuff. > >What say, c'punks, is this topic okay here? Tim? Anybody? >TLAs? Go for it! These are the specifics of theory that so often get ignored here. And considering a recent thread having to do with children, I would say you are close to charter, relatively speaking... >John --Jamie "Nope, not Tim or or any other three letters" Lawrence From Ben.Goren at asu.edu Thu Aug 18 16:37:13 1994 From: Ben.Goren at asu.edu (Ben.Goren at asu.edu) Date: Thu, 18 Aug 94 16:37:13 PDT Subject: PGP26A is out Message-ID: -----BEGIN PGP SIGNED MESSAGE----- At 3:20 PM 8/18/94, Dave Hodgins wrote: > A file has appeared here called PGP26A.ZIP. The readme file claims >this version "fixes all known bugs" in the 2.6 version. I'm very >suspicious[. . . .] I'd say you should be. I just took a look at what they have at MIT: >Tux.Music.ASU.Edu.ben $ ftp net-dist.mit.edu >Connected to BITSY.MIT.EDU. >220 bitsy FTP server (Version wu-2.4(1) Thu Apr 14 20:21:35 EDT 1994) ready. >Name (net-dist.mit.edu:ben): ftp >331 Guest login ok, send your complete e-mail address as password. >Password: >230-Welcome, archive user! This is an experimental FTP server. If have any >230-unusual problems, please report them via e-mail to ftp-bugs at bitsy >230-If you do have problems, please try using a dash (-) as the first character >230-of your password -- this will turn off the continuation messages that may >230-be confusing your ftp client. >230- >230-Please read the file README >230- it was last modified on Sat May 28 19:19:36 1988 - 2271 days ago >230 Guest login ok, access restrictions apply. >ftp> cd /pub/PGP/dist/U.S.-only-1213 >250 CWD command successful. >ftp> ls -alF >200 PORT command successful. >150 Opening ASCII mode data connection for /bin/ls. >total 4178 >drwxr-xr-x 2 435 512 Jul 18 16:50 ./ >drwx--x--- 4 1 512 Aug 18 19:00 ../ >-rw-rw-r-- 1 0 0 Jul 18 16:50 .usa-only >-r--r--r-- 1 435 504670 Jun 15 13:31 MacPGP2.6-68000.sea.hqx >-r--r--r-- 1 0 504508 Jun 9 17:16 MacPGP2.6.sea.hqx >-r--r--r-- 1 0 852665 Jun 9 17:08 MacPGP2.6.src.sea.hqx >-r--r--r-- 1 435 262703 May 25 14:21 pgp26.zip >-r--r--r-- 1 435 120320 May 25 14:17 pgp26doc.zip >-r--r--r-- 1 435 790917 May 25 14:06 pgp26src.tar.Z >-r--r--r-- 1 435 513689 May 25 14:06 pgp26src.tar.gz >-r--r--r-- 1 435 627590 May 25 14:14 pgp26src.zip >226 Transfer complete. >remote: -alF >666 bytes received in 0.37 seconds (1.8 Kbytes/s) >ftp> As you can see, there is no version other than 2.6 available there. Whatever it is, it is *not* an official release. > Thanks, Dave Hodgins. Thanks for alerting the 'net. b& -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: My key is not 'escrowed' with any government agency. iQCVAgUBLlPwCENl71nP8jvVAQH3MgQAkYgY9Po1NZ747nGBCY97rhVrsU2W7u4O U8KlQ7iWNouNH+pes4wj7J0bU+9mxVgz43hT0icLnizvnCsL8w3nFti7lmTNXblW ObYckJ3PDQbPep/WSIIxL7au1I7a1moPXgTBmmIsRoNhss+eSZrmcqnUxxkxYrRH UKojXYorypI= =mhqb -----END PGP SIGNATURE----- -- Ben.Goren at asu.edu, Arizona State University School of Music net.proselytizing (write for info): The battle is over; Clipper is dead. But the war against Government Access to Keys (GAK) goes on. Finger ben at tux.music.asu.edu for PGP 2.6 public key ID 0xCFF23BD5. From tcmay at netcom.com Thu Aug 18 16:41:17 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 18 Aug 94 16:41:17 PDT Subject: Are \"they\" really the enemy? In-Reply-To: <199408182252.SAA26632@pipe3.pipeline.com> Message-ID: <199408182341.QAA28590@netcom4.netcom.com> > If this topic does not get blown off this list I would like to > offer some specifics responses to your good stuff. > > What say, c'punks, is this topic okay here? Tim? Anybody? > TLAs? > > John My name invoked again? I haven't been reading the arguments here, except by skimming to see if anything new or amazing is presented, so I won't comment. As to what's appropriate for the list: - I'm not in charge of the list. - The list didn't even control Detweiler, so it's pretty unlikely to bar or ban this kind of debate. - Personally, I think this thread is drifting off into very general and often rambling debate about government. I'd be a lot more interested if there were some tie-ins to crypto policy and technology. But, again, we're not control freaks around here, are we? It's always easier to simply skip a thread than it is to try to legislate discussion topics. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jya at pipeline.com Thu Aug 18 16:41:44 1994 From: jya at pipeline.com (John Young) Date: Thu, 18 Aug 94 16:41:44 PDT Subject: NSA spy machine Message-ID: <199408182341.TAA28629@pipe3.pipeline.com> Tim posted a few days ago: I was intrigued by this disappearance, so I sent an e-mail message to Gunter Ahrendt. Through the joys of time zones, my message this evening was answered within minutes, from Australia. He told me the NSA machine remains, though it has been renamed, has been put under another site, and its performance rating has been recalculated based on a new metric. Gunter's latest report (in comp.sys.super) explains the new metric. Grepping for the name "SMPP," here's where I found it: 58) 16.46 - (APR-1994) [SRC] Supercomputing Research Center,Bowie,Maryland,US,root at super.org 1) Cray 3/4-128 [-4Q96] 11.46? 2) SRC Terasys ~ 5 3) SRC SMPP-4/2M [+4Q96] 503.33? This is also very intriguing. The machine formerly called the "NSA SMPP-2/2M" and expected to be located at NSA Central Security Service, is now to be located in nearby Bowie at the Supercomputing Research Center. End Tim ---------------------------- The NY Times says (in a business report): "The new Cray computer will be a hybrid design called the Cray 3/Super Scalable System. It will link two supercomputer processors with an array of chips containing half a million inexpensive processors that were designed by a Government laboratory connected with the NSA. * * * The Cray 3 supercomputer, two years late to market when it appeared last year, has not yet found a customer, and Cray executives said they were pinning their hopes for survival on the Cray 4, due to be completed in the first quarter of next year." End Times ---------------------------- Does Gunter's "Cray 3/4" = hybrid design as Tim suggests today? How do the numbers compare to Peter's? On another point, then, does today's contract report merely tell an out-of-date story, and if so, why? A way to keep Cray afloat? If so, why not Thinking Machines? Mr. Cray has been a loyal NSA supplier for many years, perhaps this is for his well-earned retirement. Okay by me. Maybe then he can afford to share all his supercomp secrets. John From sdw at lig.net Thu Aug 18 16:50:29 1994 From: sdw at lig.net (Stephen D. Williams) Date: Thu, 18 Aug 94 16:50:29 PDT Subject: I'M BACK In-Reply-To: Message-ID: > > C'punks, > > I have completed my journey across the continent and am now ensconsed in > the Greater Gotham Metropolitan Area. I can still be reached at all my > old e-mail addresses (ain't technology great?). > > Last night, Duncan, his wife, Lois, and I enjoyed a fine dinner in "the Funny you should mention that... I'm on my third day in the Bay area... Six month contract. Just waiting for a get together closeby. sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From jya at pipeline.com Thu Aug 18 17:07:29 1994 From: jya at pipeline.com (John Young) Date: Thu, 18 Aug 94 17:07:29 PDT Subject: NSA spy machine (correction) Message-ID: <199408190006.UAA29430@pipe3.pipeline.com> Hold on, I misquoted Tim's suggestion on the SMPP in my earlier post. This corrects it. ------------------- Tim posted a few days ago: I was intrigued by this disappearance, so I sent an e-mail message to Gunter Ahrendt. Through the joys of time zones, my message this evening was answered within minutes, from Australia. He told me the NSA machine remains, though it has been renamed, has been put under another site, and its performance rating has been recalculated based on a new metric. Gunter's latest report (in comp.sys.super) explains the new metric. Grepping for the name "SMPP," here's where I found it: 58) 16.46 - (APR-1994) [SRC] Supercomputing Research Center,Bowie,Maryland,US,root at super.org 1) Cray 3/4-128 [-4Q96] 11.46? 2) SRC Terasys ~ 5 3) SRC SMPP-4/2M [+4Q96] 503.33? This is also very intriguing. The machine formerly called the "NSA SMPP-2/2M" and expected to be located at NSA Central Security Service, is now to be located in nearby Bowie at the Supercomputing Research Center. End Tim ---------------------------- The NY Times says (in a business report): "The new Cray computer will be a hybrid design called the Cray 3/Super Scalable System. It will link two supercomputer processors with an array of chips containing half a million inexpensive processors that were designed by a Government laboratory connected with the NSA. * * * The Cray 3 supercomputer, two years late to market when it appeared last year, has not yet found a customer, and Cray executives said they were pinning their hopes for survival on the Cray 4, due to be completed in the first quarter of next year." End Times ---------------------------- Does Gunter's "SRC SMPP-4/2M" = "hybrid design" as Tim suggests today? How do the numbers compare to Peter's? On another point, then, does today's contract report merely tell an out-of-date story, and if so, why? A way to keep Cray afloat? If so, why not Thinking Machines? Mr. Cray has been a loyal NSA supplier for many years, perhaps this is for his well-earned retirement. Okay by me. Maybe then he can afford to share all his supercomp secrets. John From wcs at anchor.ho.att.com Thu Aug 18 17:17:46 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 18 Aug 94 17:17:46 PDT Subject: RemailerNet Message-ID: <9408182345.AA22955@anchor.ho.att.com> > lcottrell at popmail.ucsd.edu (Lance Cottrell) writes: > >Say I post a message through remailers to Cypherpunks giving one of these > >reply blocks. The TLA need only send a flood of known size messages to this > >address, and look to see where the pop out of the net of remailers. Even if > >all messages were quantized and only reconstructed by the final recipient, the > >TLA could send timed bursts of messages which (even with reordering) would > >allow a statistical determination of the recipient. In particular, this is rather rough on the "reorder and remail after N packets" approach to remailers - if N is 10, and the Bad Guys can inject messages into the system, they can tap and duplicate messages going into the remailers.... Bill From wcs at anchor.ho.att.com Thu Aug 18 17:22:04 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 18 Aug 94 17:22:04 PDT Subject: (fwd) Anonymous posters & Misinformation = Net pollution Message-ID: <9408190018.AA23783@anchor.ho.att.com> McDaniel posts the following to several newsgroups, and it was forwarded to cypherpunks: > The problem: Anonymous posters supplying pseudo-news reports or > otherwise wasting bandwidth in groups more concerened with fact > or at least genuine concerns (such as political talk groups and sci groups.) > > The solution: Limited anonymous posters to forums where accountability > for what one says is of little concern (such as rec groups where > applicable.) OR provide the owners of moderated groups with detailed > accounts of the true identity of any anonymous poster who post to > a serious newsgroup and make that procedure known to the would-be > anonymous user. > .... > I believe that anonymous posting is a valuable service in many forums. > However, it seems that service is being abused in political and technical > newsgroups. > > I suppose yet another solution would be to make widely known the > general untrustability of anonymous posters in groups where truth and > fact are paramount. But this letter should go a tiny ways towards that goal. The problem: there's *far* more data on the net than anyone can possibly read, and you don't want to waste your time reading news from anonymous posters because they generally post more noise and less signal than you like. (I can sympathize with that, by the way, and it's often harder to identify anonymous users than pseudonymous or true-name-using posters.) I also have different preferences than you do about what newsgroups I think are more likely to benefit from anon-users and what newsgroups are more likely to be harassed by them, and I consider your use of the term "truth" when referring to talk.politics groups to be somewhat amusing... And the next guy down the road will want something different from both of us. Some solutions: 1) censor people you don't like, so nobody can read them. (This is Evil.) 2) find ways to not read postings by anon-users, or responses to those postings - this is *much* easier - popular newsreaders, such as rn, give you KILL files or other sorts of bozo filters which let you ignore articles with specified authors, subjects, or other header lines (e.g. references to articles from machines frequented by anon-users, such as anon.penet.fi.) (Unfortunately, this is somewhat tougher when people run remailers on popular machines, e.g. netcom) 3) only read articles from people you consider to be non-bozos. The difficulty is identifying them when you don't read their articles; maybe you can do it by reading articles that non-bozos give supportive replies to. 4) have people rate articles, and only read articles with high ratings; this sort of system will probably evolve as volume increases further. Moderation is one approach to this; there are heavily-moderated groups and minimally-moderated groups, and we may need to evolve a parallel ratings mechanism somehow... Joe Bob says "Check it out!" Go for the non-coercive solutions, and find ways to ignore stuff you think is worth ignoring. I've been reading news since the days when I could real *all* of it, and technology for selective reading has been a *lot* more useful than telling people not to post when they're bozos. There are probably some appropriate newsgroups to discuss how to build better newsreaders. Bill Stewart # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 From jdwilson at gold.chem.hawaii.edu Thu Aug 18 17:24:46 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Thu, 18 Aug 94 17:24:46 PDT Subject: CIA Using Remailer System? In-Reply-To: <6549@aiki.demon.co.uk> Message-ID: On Thu, 18 Aug 1994, Jim Dixon wrote: > If they wanted to send encrypted traffic through a 'civilian' system, I > would suppose that they would do the same sort of thing. > Jim: you are closer than you think - the NSA is releasing standards on ATM encryption - judging from previous recent trends, whaddaya wanna bet they're out to "clip" us there too? -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From peace at BIX.com Thu Aug 18 17:30:51 1994 From: peace at BIX.com (peace at BIX.com) Date: Thu, 18 Aug 94 17:30:51 PDT Subject: USPS key server Message-ID: <9408182027.memo.84971@BIX.com> Post from FEDERAL computer week 8/15/94 The US Postal Service said this month it will establish a new electronic commerce service Post from FEDERAL computer week 8/15/94 The US Postal Service said this month it will establish a new electronic commerce service nsure that their electronic transmissions are authentic and tamper proof. Richard Rothwell, senior director of technology integration at USPS, said last week that the service IS BEING TESTED internally by USPS personnel and withiin the FAA. Although many potential hurdles remain, Rothwell said the service may be publically avaiable as early as next year. ...Much more... verrry interesting From jya at pipeline.com Thu Aug 18 17:34:21 1994 From: jya at pipeline.com (John Young) Date: Thu, 18 Aug 94 17:34:21 PDT Subject: Are \\"they\\" really the enemy? Message-ID: <199408190033.UAA00881@pipe3.pipeline.com> Responding to msg by tcmay at netcom.com (Timothy C. May) on Thu, 18 Aug 4:41 PM >I'd be a lot more interested if there were >some tie-ins to crypto policy and technology. Yep, this is what I want also but need participation by others so I don't stick out too much and get Dixon-ized by Perry, or, bless him, Nzook-ized by Graham. Just see what happens when I post shortly. John From cactus at bb.com Thu Aug 18 17:34:28 1994 From: cactus at bb.com (L. Todd Masco) Date: Thu, 18 Aug 94 17:34:28 PDT Subject: EFF on why they did it. In-Reply-To: <9408182314.AA22475@anchor.ho.att.com> Message-ID: <330uve$am9@ship.bb.com> In article <9408182314.AA22475 at anchor.ho.att.com>, bill.stewart at pleasantonca.ncr.com +1-510-484-6204 wrote: >David Lesher writes: >> No money, not wiretaps. That may {or may not} limit the effect of FBI >> Wiretap, depending on how [much/little] the Hill loosens the >> pursestrings. > >It's certainly a good start, but the government *does* have other money. Indeed. I'd really like to see the wording about how they actually need to be paid for: namely, will allowing tariffs to be raised by RBOCs count as "paying for it"? They could spend the money by doing two things: - Mandating the money be spent (the DT bill) - and then allowing the RBOCs to increase their tariffs. Presto! We've paid for the mechanisms, but not through the federal budgets. The RBOCs have been pushing for high bandwidth R&D increases of their general tariffs for a really long time, so I could certainly see them playing along as long as there's room for other R&D in there. Just a thought... -- L. Todd Masco | "Cowboy politicians sucking up to the aristocracy, not cactus at bb.com | even sure if they like democracy..." - TR-I From wcs at anchor.ho.att.com Thu Aug 18 17:38:19 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 18 Aug 94 17:38:19 PDT Subject: Remailer ideas Message-ID: <9408190036.AA24242@anchor.ho.att.com> > From: Hal > . . . I still think that there would be real utility in the > ability to specify that a particular piece ofmail should be > re-transmitted if it does not get delivered to the destination > machine within a certain period of time. > That's one reason I like the "enabledmail" approach. All we have to do > is persuade everyone . . . . You *can't* get everybody to agree on anything, or limit themselves to anything. It'll be a long time before everybody starts supporting all the X.400 semantics, especially since people keep introducing useful competitors like MIME or painful ones like MicroSoft Mail - I'd be happy to get people to all agree to support RFC822 and SMTP... In the context of this discussion, automatic replies are probably unacceptable for many remailer-users, and don't work very well for replying to anonymous senders. Confirmation really does have to come from the user, and can only work if the user is able to build a return path. A useful surrogate for end-to-end replies are link-based bouncegrams. I'm not sure how much security you lose if you get remailers to support even one-hop NAKs, since the delays inherent in reordering mean you need to keep a return path step around in the remailer at least until you can do address validation; perhaps you could at least bounce on invalid syntax, but even that means decrypting incoming messages a while before sending and keeping them around in cleartext, which is Bad (or doubling the decryption work.) Bill From wcs at anchor.ho.att.com Thu Aug 18 17:50:16 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 18 Aug 94 17:50:16 PDT Subject: Voluntary Governments? Message-ID: <9408190046.AA24645@anchor.ho.att.com> > From: Hal > What does it mean to speak of a government in cyberspace? It is the > government in physical space I fear. Its agents carry physical guns > which shoot real bullets. > ................................................................ Yeah. I recently reread Vinge's _True Names_; the protagonist is disturbed one day by a bunch of armed government thugs walking up to his house and letting him know they know his cyberspace alias, and that he'd better help them catch his friends or he'll lose his National Information Infrastructure Users' License. (It's not called that, but it's still a good prediction of what happens when you let government build the superhighways - he gives in because 98% of the jobs, and all of the good ones, require use of computer terminals.) Without cryptography, all you've got left is security by obscurity, the main technique used by the hackers in the book; even cryptographic systems need strong enough implementations built around the mathematically-strong parts to be truly safe. Bill From eagle at deeptht.armory.com Thu Aug 18 18:32:04 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Thu, 18 Aug 94 18:32:04 PDT Subject: Oops, Sorry Message-ID: <9408181831.aa20979@deepthought.armory.com> Sorry guys. I'll kill the message agent asap. I forgot about it. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** "When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!" JPB From dmandl at panix.com Thu Aug 18 18:56:00 1994 From: dmandl at panix.com (David Mandl) Date: Thu, 18 Aug 94 18:56:00 PDT Subject: Another crypto talk in NYC (Wed., Aug. 24) Message-ID: <199408190155.AA25298@panix.com> A friend has invited me to give a cypherpunk/crypto/clipper talk at ABC No Rio in scenic downtown Manhattan later this month. Here's the announcement: ------- Start of forwarded message ------- From: diseased at panix.com (Edward Hirsch) Newsgroups: panix.events Subject: Privacy in Cyberspace Talk Date: 15 Aug 1994 21:33:41 -0400 Organization: PANIX Public Access Internet and Unix, NYC NNTP-Posting-Host: panix.com Hi folks. On August 24, at 7pm, cypherpunk, Semiotext(e) editor, WFMU personality, and panix resident Dave Mandl will be leading an open discussion on privacy in cyberspace. The talk will be at ABC No Rio, a non-profit, collectively-run art gallery and performance space located at 156 Rivington Street, on the Lower East Side. Admission is free/donation, and all are encouraged to attend. For more info, email to diseased at panix.com. ------- End of forwarded message ------- -- Dave Mandl dmandl at panix.com From rarachel at prism.poly.edu Thu Aug 18 19:33:45 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Thu, 18 Aug 94 19:33:45 PDT Subject: medusa & xsplit Message-ID: Please forgive the delay, I've been busy restoring my files due to a nasty hard drive failure. Not to worry, I haven't lost the sources to Medusa nor Xsplit, and yes I do have a fix for xsplit.... =============================================================================== | + ^ + || ' . . . . . . . Ray (Arsen) Arachelian || | \|/ || . . . ' . ' . : . . rarachel at photon.poly.edu || |<--+-->||. . . |' '| .' . . ... ___ sunder at intercom.com || | /|\ || . . \___/ . . . : .... __[R] || | + v + || . oOOo /o.O\ oOOo :. : .. |A|"And disks to fix before I sleep" =========/---vvvv-------VVVV------------|I|----------------------------------/ / . : . ' : ' |D| This signature pannel is / / The Next Bug to kill(tm) --- now open. / /___________________________________________________________________/ From rarachel at prism.poly.edu Thu Aug 18 19:38:37 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Thu, 18 Aug 94 19:38:37 PDT Subject: Would you guys object to a posting of source code? Message-ID: Would you guys object if I posted Medusa on here in compressed/uuencoded form? (I won't include the Detweiler fuzzybase, nor the executables to save bandwidth..) Since Medusa isn't crypto software it shouldn't pinch ITAR's ass too hard... =============================================================================== | + ^ + || ' . . . . . . . Ray (Arsen) Arachelian || | \|/ || . . . ' . ' . : . . rarachel at photon.poly.edu || |<--+-->||. . . |' '| .' . . ... ___ sunder at intercom.com || | /|\ || . . \___/ . . . : .... __[R] || | + v + || . oOOo /o.O\ oOOo :. : .. |A| "And bugs to kill before I sleep"|| =========/---vvvv-------VVVV------------|I|----------------------------------/ / . : . ' : ' |D| This signature pannel is / / The Next Bug to kill(tm) --- now open. / /___________________________________________________________________/ From blancw at pylon.com Thu Aug 18 20:39:24 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Thu, 18 Aug 94 20:39:24 PDT Subject: Are \\"they\\" really the enemy? (Systems commentary) Message-ID: <199408190339.UAA15399@deepthought.pylon.com> We have met the enemy, and it is not the system. Responding to msg by jdd at aiki.demon.co.uk (the real Jim Dixon): Regardless of how this discussion began originally, the only part that I was commenting on had to do with John's remark that since governments & societies are both beastly, composed of people of that sort of character, what is it that we think we are going to do if the governing system of operations is overthrown? From this I read: what difference does it make if the present system (the best in the world) is removed, since the objections to it are not also resolved by that action, seeing as how the character of its parts (the people) remains the same; and what is thereby left, if it is successfully un-done? (anticipation: more of the same, but worse, and more difficult for the individual to deal with the consequences)? This was said in the context of a discussion of systems, with reference to what the system which we are governed by (controlled) offers, and how this compares to the feasibility & success of systems per se to accomplish desired ends. It is true that systems are of different kinds & types: from the non-conscious physical which existed prior to the presence of humans on the planet, to fully conscious, reasoned plans of action (as you said: designed). A family may be conceived (by some people) as a system of operations and sometimes it functions that way, although lately they seem to be mostly dis-functional. Families are started whether anyone is fully self-aware, or in control of, their nature; it's usually the result of other motivations unrelated to wanting to control mankind so that it can be morally improved and will function cooperatively as a harmonious whole. But a system designed for the purpose of corralling the disparate energies of a large group of diverse individuals (who are not necessarily in the family) cannot (should not) merely "bumble along" in a mindless sort of way, supposing that everyone is going to agree to and abide by every decree which is delivered to them, for the satisfaction of a purpose which they may not fully appreciate. Human beings are pretty adaptable, but if the governors blithely promulgate measures for living which grates on the sensibilties of the constituency, this is the time when surprising aspects of 'human nature' rears a heretofore invisible head. This is when they begin to 'raise hell'. This is when you realize that it would have been better for someone to know a little more about the facts & the truth & the real nature of mental beings, so that these problems could have been prevented (but nooooooooooooo, there have to be loud, angry debates and arguments and fights and wars, etc.) Apparently, SomeBody didn't know what to expect, didn't plan on it, or didn't care. I don't just propose that a person exercise, develop, and use their own judgement: I recommend it. One may be caught in a system which they were just born into and seems to be 'just there'. But exceptional people, like Thomas Aquinas, might decide to devote their life to reason and seek to know what lies beyond the immediate given. A system is useful for coordinating efforts towards a particular goal, if all of those who participate in the activities are rewarded by the results. Whether it was there when you first became conscious of being alive or whether it is a recently bright idea, if it does not bring satisfactory results & returns, what could it make sense to suffer it? You may not have a choice initially about the system within which you find yourself, but you will be led to the felt need to make alternative choices by your unhappiness with it; you will have to decide what to do about it - stay or go, improve or tear down? You will have to think about what you depend upon (or whom) for the realization of your requirements or desires (something the Bengalis realized subconsciously), and you will have to take a measure of your happiness/disatisfaction and try to determine what will work better. Covertly or otherwise. Blanc I really don't mean to prolong a discussion which lies so far away from the list topics; I do think, however, that there are reasons for the way things are & the way things work, and the better grasp that one has of these reasons, the better that one can compute regarding the right actions to take or the judgements which one will bring to bear upon the actions of others as they affect oneself. From ianf at simple.sydney.sgi.com Thu Aug 18 22:49:48 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Thu, 18 Aug 94 22:49:48 PDT Subject: NSA spy machine In-Reply-To: <199408182341.TAA28629@pipe3.pipeline.com> Message-ID: <9408191544.ZM5510@simple.sydney.sgi.com> On Aug 18, 7:41pm, John Young wrote: > The Cray 3 supercomputer, two years late to market when it > appeared last year, has not yet found a customer, and Cray > executives said they were pinning their hopes for survival on > the Cray 4, due to be completed in the first quarter of next > year." Don't confuse Cray Computer Corporation (CCC) with Cray Research Incorporated (CRI). The former was formed from the later, with a cash grant of several hundred million dollars and Seymour Cray as head designer. Prior to this, the Cray vector range had split into two different streams. One was the series which went from the Cray I through the X-MP into the Y-MP series. They were essentially variations on the same architecture, and stressed compatibility with previous models. This range is still aggressively supported by CRI, which is doing quite well for an exclusively supercomputing vendor. They're even learning that the entire world doesn't have multibillion dollar budgets (hence the EL, EL92 and Jedi models). The second range began at the Cray I as well, and then went to the Cray II (designed by SC, still part of CRI at the time). Then came the split, and Seymour headed off into CCC, taking his GaAs Cray III project with him, and CRI stayed with the highly successful [XY]-MP line. >From what I know of the Cray III, it is a flourinert cooled system about the size of a small filing cabinet. It's CPU is manufactured from GaAs, although the main memory is still silicon. Because of the signal propogation timings involved in running with a 2nS clock, they've ground the wafers down to 0.125 mm thick to pack more of them into the same space. There is a very interesting ACM talk given by Seymour Cray which details all of this, and it is widely available on video. This is not meant with any disrespect to him, but I was surprised to find that he is a very entertaining speaker. > A way to keep Cray afloat? If so, why not Thinking Machines? Why Thinking Machines over CCC, or even CRI for that matter? After all CRI have the rather interesting T3D system. > Okay by me. Maybe > then he can afford to share all his supercomp secrets. Secret: take lots and lots and lots of money, use the most exotic packaging technologies you can find, pay lots and lots of attention to your memory system and cache, don't forget the importance of a nicely balanced architecture (meaning that I/O does matter), don't forget the importance of good compilers, and implement bit counting instructions just like the NSA tells you to. Hardly a secret, don't you think? Ian. #include I am not speaking for SGI, folks. From tcmay at netcom.com Thu Aug 18 23:37:52 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 18 Aug 94 23:37:52 PDT Subject: NSA spy machine In-Reply-To: <9408191544.ZM5510@simple.sydney.sgi.com> Message-ID: <199408190637.XAA16716@netcom9.netcom.com> Ian F. writes: > Secret: take lots and lots and lots of money, use the most exotic packaging > technologies you can find, pay lots and lots of attention to your memory > system and cache, don't forget the importance of a nicely balanced > architecture (meaning that I/O does matter), don't forget the importance of > good compilers, and implement bit counting instructions just like the NSA > tells you to. > > Hardly a secret, don't you think? With no disrepect meant to Ian (indeed, this is my second reply of the day to him), I think his point is dead wrong. The "secret" to general success in this market is not "lots and lots of money," at least not when "lots and lots" is the tens of millions of dollars that Cray Computer will apparently being getting from NSA and the Supercomputer folks in Bowie for the delivery of an ostensible Cray 4 or whatever it ends up being called (SMPP, etc.). $10 million is pocket change. Anyone building a company on that chump change is already preparing Chapter 11 papers. Here's what "lots and lots of money" *really* is: - $1 billion to complete a wafer fab in Ireland, finished last February - $1.3 billion to build a wafer fab in Albuquerque, to be finished later this year (said to be the most expensive privately funded building in the world) - $1.3 billion to build essentially a duplicate of the above facilities, in Chandler, Arizona...construction to start this year - $2 billion to build yet another wafer fab, in Hillsboro, Oregon..construction to start in 1995 Intel is already the world's largest chip comany (in _all_ chips, not just one particular type). If this series of expansions works out (and the Ireland plant is churning out Pentiums on 200 mm wafers with very high yields), then Intel will be nearly twice the size of its nearest competitor. Intel Corporation, my employer from 1974 to 1986, may not have the most elegant architecture in the world, but its microprocessor fabrication facilities are clearly the best in the world. The economies of scale are amazing to comtemplate. (And I was near the group in Oregon that tried "elegance"...the iAPX 432 object-oriented processor. I only hope the new Intel-H-P alliance on VLIW is not similarly stillborn.) (And a new generation of hackers are using Linux on cheap Pentium boxes to easily outrun Suns.) Is a massively parallel system of Pentiums or 200 SPECInt P6s or 400 SPECInt P7s the "best" way to go? Given the economies of scale, the familiarity many people just like you will have with the Pentium, it probably is. I'm a fan of the Mac, and may soon be buying a PowerMac, but the PowerPC does not seem to have the same economies of scale. At least, Motorola is not expanding rapidly enough to keep up. (A hot rumor, to take with some skepticism: a friend of mine told me tonight that the rumor going around MIPS is that Motorola plans nothing beyond the 603, that they are fed up with the politics of the Somerset group (IBM, Motorola, Apple), and that they just don't have $5 billion laying around to remain competitive with Intel. The rumor is that they plan to concentrate on telecom, cellular, Iridium, etc., and not fight Intel head-on with a come-from-behind architecture.) So you see why I consider the "lots and lots of money" flowing into Cray Computer to be spitting into the ocean. I'm not worried. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hart at chaos.bsu.edu Fri Aug 19 00:58:16 1994 From: hart at chaos.bsu.edu (Jim Hart) Date: Fri, 19 Aug 94 00:58:16 PDT Subject: cfs & remailers In-Reply-To: <9408172311.AA02156@poe.digibd.com> Message-ID: <199408190757.CAA24886@chaos.bsu.edu> Bill O Hanlon: > In that case, even if I were to keep logs, all that anyone would know from > a message is that a particular user used a remailer, or that a particular > cleartext message had a certain remailer as its jumpoff point. Not both. They'd learn both if they had snooped the entire remail chain (which is the equivalent of collusion). Going back and retrieving logs for all the the links, after the snoopers have discovered an important message they want to trace, is both an easier and a more likely attack than wiretapping all the links in real time in anticipation of an important message -- unless the remailer operators snoop-proof their logs. Also keep in mind that, given the lack of a good user interface, there is currently too little properly encrypted and nested remailer traffic to create anything approaching a true digital mix. Jim Hart hart at chaos.bsu.edu From jdwilson at gold.chem.hawaii.edu Fri Aug 19 01:24:34 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Fri, 19 Aug 94 01:24:34 PDT Subject: "Agents Spy Internet Data" Message-ID: A little birdy sent this my way, and I thought you might find it of interest. And this article is "scanned, not shaken or stirred." ;-) COMPUTERWORLD AUGUST 1, 1994 Agents spy Internet data By Mitch Betts Langley, VA After decades of viewing public information as practically useless, U.S. intelligence agencies are planning to exploit the wild and ultrapublic Internet in search of cheap but useful nuggets of information. By summer's end, the Central Intelligence Agency and five other intelligence units will hook up to the Internet to collect and share "opensource," or unclassified, information, CIA official Joseph Markowitz confirmed. "The six-node Internet link will give intelligence analysts an access point to the Internet at large, including access to electronic mail by subject-matter experts across the globe,"Markowitz said in a recent interview. He is director of the CIA's Community Open Source Program Office, which opened March 1. "The Internet will be a gateway to commercial on-line information services, he added, as well as a vehicle for sharing open-source intelligence with sister agencies such as the National Security Agency and the Defense Intelligence Agency." Naturally, the spy agencies are keenly aware of the danger of security breaches from Internet hackers. Markowitz said they are installing a commercial-grade "firewall"--essentially a server with access-control software--to protect internal computer networks from Internet intrusions. In addition, a special, undisclosed hardware device will allow analysts to transfer Internet files to their high-security workstations while preventing file transfers in the opposite direction, Markowitz said. These days the Internet is getting crowded with investigators of all sorts. Many private-sector researchers already use the Internet to supplement their heavy-duty use of online vendors such as Dialog Information Services, lnc. For example, John F. Quinn, a business intelligence professional in Vienna, Va., and former CIA analyst in Japan, recently used the Internet's Gopher navigation tool to collect information on foreign reaction to the death of North Korea's leader. James Cook, a California-based business investigator, runs an Internet-based discussion group called InfoPro, where information professionals swap advice and establish far-flung contacts. But using the Internet for intelligence has a downside. For example, queries posted on public news groups or mailing lists may alert the world to the research topic unless the query is artfully phrased. "There is a danger of tipping your hand," Quinn said. "I use the lnternet to contact a colleague [directly], but I am loathe to post something publicly." Another problem is information overload and the urgent need to filter incoming Internet messages. "The information will be affordable and accessible, but electronic filtering hasn't progressed as far as we'd like," Markowitz said. Furthermore, private-sector researchers warned there are no quality-control police on the Internet. The danger of getting outdated or bad information is quite real. On-line researcher Helen Burwell in Houston put it this way: "The Internet is a great big closet full of junk and treasures, so you have to go in there judiciously." "You may get to know 100 to 500 new contacts, including ones in Italy and Russia, but the next question is how competent and reliable are they?" said Cook, a due diligence consultant for business investors. "You need to build a circle of trusted people." Markowitz agreed that it takes a lot of mining to get a few nuggets from the Internet. "With open sources, there's lots more information available, but it has a poor signal-to-noise ratio," he said. A big challenge is getting the clandestine service to accept open-source intelligence as being valuable, Quinn said, because the spy culture figures that "if it's not secret, it' s not worthwhile . " One reason for the new interest in on-line resources is they are low-risk and cheap when compared with billion-dollar spy satellites at a time of shrinking budgets. Further, the spy agencies are being asked to provide unclassified reports about more diverse topics, Markowitz said. "The reality is that open sources are now superior in many cases to existing classified sources, such as in dealing with African crises, where the intelligence community has mediocre to nonexistent capabilities," said Robert D. Steele, president of Oakton, Va.-based Open Source Solutions, Inc., a non-profit organization that promotes the broader use of open-source intelligence. "The creation of our office is a recognition that open sources are a valuable resource. As we draw back in some parts of the world, our office provides an information safety net," Markowitz said. --------------------------------------------- Watering holes in cyberspace Intelligence analysts are likely to be poking around in these Internet nooks and crannies: Open Source Intelligence Resources: Gopher: gopher oss.net Somalia News Update: Usenet newsgroup: alt.current-events.somalia China Headline News Service: E-mail: info at asiainfo.com Reports by Voice of America Correspondence: Gopher: gopher.voa.gov Slovakia Document Store: World Wide Web: http://www/eunet.sk Gopher: gopher.eunet.sk E-mail: sds at slovakia.eu.net Gateway Japan E-mail: gwjapan at hamlet.umd.edu -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From weidai at eskimo.com Fri Aug 19 01:43:06 1994 From: weidai at eskimo.com (Wei Dai) Date: Fri, 19 Aug 94 01:43:06 PDT Subject: trusted time stamping Message-ID: <199408190842.AA06184@eskimo.com> To: cypherpunks at toad.com -----BEGIN PGP SIGNED MESSAGE----- I thought my idea about having trusted entities digitally sign a document in order to establish its existence at a particular time was a new idea, but I just read about it in _Applied Cryptography_. Anyway, I wrote some C code to do automatic time stamping with PGP (source code is in the next e-mail). If you just want to try it, simply send an e-mail to weidai at eskimo.com with the subject "Time Stamp This Mail". The body of the mail will be signed with a PGP private key (public key is at the end of this message) and returned to the sender. E-mail with any other subject will be piped to my regular mailbox. What's the use of this? Well, here is an interesting application of time stamping that wasn't covered in _Applied Cryptography_. Let's say Alice would like to publish an article anonymously but retain the ability to claim authorship some time later. She can follow this protocol: 1. Alice signs her article with RSA 2. She encrypts her signed article with IDEA 3. She sends the encrypted article to several trusted time stamping servers 4. She places the signatures she gets back along with the encrypted article in a safe place 5. She waits a random length of time 6. She posts the plain article (without encryption or signature) anonymously 7. When Alice wants to claim authorship, she publishes the encrypted article, the IDEA key, and the signatures she got back from the time servers Now, people can be reasonably sure that Alice actually wrote the original article because the time server signatures prove that she signed the article before it was made public. One problem here is that at least one of the time servers she used must have remained secure until step 7. Comments? Wei Dai PGP Public Key avaliable -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLlRtiTl0sXKgdnV5AQFr+gQAsymOrN/Zd3C94NebWZOVFcl2tCkd/cSW EehvHxJMD1qO5fmmsDelhA+YKqqjLz8Dyp94pIqZXtWSu+kx/p5OUjB173PdAyN0 TSNaVMyZX266B/JIRqHI6+/5F2EWysFTXXH23v0mEH/us82Dvdb8rcqyKwQvjGZf mOvhObHf8Fo= =w0Q+ -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAi5UWcgAAAECALp+QU9dtN2N4BjVr8OSxRPXtZ6UX4bLGq8PxpXru6WpsBD/ SJUl6jK4YcnatNJmjkl9oEHC6fjTpwMbZVOWJE0ABRG0MFdlaSdzIFBHUCBUaW1l IFN0YW1wIFNlcnZpY2UgPHdlaWRhaUBlc2tpbW8uY29tPokAVQIFEC5UWpenAxtl U5YkTQEBzDQB/3+eNgnW22sRaZFpBY3Wfzj4uEVXXcYU4vrdS1fsSRixJSEKta/N uyvmkeiB4GyyahhtHTtybywrRzD1y9IlwMmJAJUCBRAuVFmZOXSxcqB2dXkBAYNZ A/4/KHOQ1gjPEkdLhdPJ/yaXyQilqWV+MWiHblrqcDOrsFu1dKizJrBdWa5+vuIX nCu5DSq9cd3/cGrMOYK3OJGQC8JkPc6LNw7siuRGuVn413JBlM3wnCEXnFsAUhpG hDLTPUC2JqmiCwQP6OpxwqlTxPmZk8wKE0Sh/iaGRwZnBg== =vpgO -----END PGP PUBLIC KEY BLOCK----- PGP Public Key available From weidai at eskimo.com Fri Aug 19 01:43:08 1994 From: weidai at eskimo.com (Wei Dai) Date: Fri, 19 Aug 94 01:43:08 PDT Subject: timestamp.c Message-ID: <199408190842.AA06174@eskimo.com> To: cypherpunks at toad.com -----BEGIN PGP SIGNED MESSAGE----- /* timestamp.c - Automatic PGP Time Stamper v0.1 * by * Wei Dai * * Put the line "|timestamp" in your .forward file, and this * program will automaticly scan all your mail for a certain subject heading * and if found, will sign the body of that mail with PGP, and send it back. * Otherwise, the mail goes to your regular mailbox. * This is probably most useful as a "trusted" time stamping service. * * Use for experimental purposes only. Feel free to modify it, but please * send me some e-mail if you do more than change the #defines. */ #include #include #include #include #include #define MAILBOX "/usr/spool/mail/weidai" #define MAILLOCK "/usr/spool/mail/weidai.lock" #define PGPPATH "/u/w/weidai/.pgp" #define LOG "/u/w/weidai/.timestamp.log" #define COMMAND "Time Stamp This Mail" #define MAXLINE 1024 #define FROM "From " #define SUBJECT "Subject: " void Remove_nl (char *); main() { char sLine[MAXLINE], sFrom[255], sFile[255], sTmp[255]; char *p; FILE *fOut, *fMail, *fLog; int bDoIt, fd; fLog = fopen(LOG, "a"); sprintf(sFile, "/tmp/pts_%d", getpid()); fOut = fopen(sFile, "w"); sFrom[0]=0; while (fgets(sLine, MAXLINE, stdin) != NULL) { fputs(sLine, fOut); if (strncmp(sLine, FROM, strlen(FROM)) == 0) { fputs(sLine, fLog); for (p = sLine + strlen(FROM); *p && *p != ' '; ++p); *p = '\0'; strcpy(sFrom, sLine+strlen(FROM)); Remove_nl(sFrom); } else if (strncmp(sLine, SUBJECT, strlen(SUBJECT)) == 0) { fputs(sLine, fLog); bDoIt = (strncasecmp(sLine+strlen(SUBJECT), COMMAND, str } else if (strlen(sLine) <= 1) break; } if (sFrom[0]==0) bDoIt=0; if (bDoIt) { fclose(fOut); fOut = fopen(sFile, "w"); while (fgets(sLine, MAXLINE, stdin) != NULL) fputs(sLine, fOut); fclose(fOut); sprisFile); system(sTmp); fputs(sTmp, fLog); fputs("\n", fLog); unlink(sFile); sprintf(sTmp, "/usr/ucb/mail -s 'Time Stamp Output' '%s' < %s.as system(sTmp); fputs(sTmp, fLog); fputs("\n", fLog); sprintf(sTmp, "%s.asc", sFile); unlink(sTmp); fputs("*** time stamped ***********\n\n", fLog); } else { while (fgets(sLine, MAXLINE, stdin) != NULL) fputs(sLine, fOut); fclose(fOut); while ( (fd=open(MAILLOCK, 0)) != -1) { close(fd); sleep(5); } fd=creat(MAILLOCK, 0600); close(fd); fOut=fopen(MAILBOX, "a"); fMail=fopen(sFile, "r"); while (fgets(sLine, MAXLINE, fMail) != NULL) fputs(sLine, fOut); fputs("\n", fOut); fclose(fMail); fclose(fOut); unlink(MAILLOCK); unlink(sFile); fputs("--- personal mail -----------\n\n", fLog); } fclose(fLog); return(0); } void Remove_nl (char *string) { int i=0; while(string[i]!='\n' && string[i]!=0) i++; string[i]=0; } -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLlRcjjl0sXKgdnV5AQEv2AQAid9urvFjtaQjPYvpqcwhWLy8CCH2OI+O 9mWNnubDZuReH97upNvFYWbDQkFew2Gjfbsj7RwrYSe85gQm+RV0F+/ud64lTCe1 eoPuFrBy2kXugbtJVtp+HB2BGSNc2GtgxIfc61Z3x3E6F4eDagZxtAn2m3ht9Vib n41IQtRk1uA= =ojFS -----END PGP SIGNATURE----- PGP Public Key available From matsb at sos.sll.se Fri Aug 19 03:23:10 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Fri, 19 Aug 94 03:23:10 PDT Subject: 15 years! Message-ID: About the EFF Wiretap Bill: ----------------- The bill makes it a crime to possess or use an altered telecommunications instrument (such as a cellular telephone or scanning receiver) to obtain unauthorized access to telecommunications services (Sec. 9). This provision is intended to prevent the illegal use of cellular and other wireless communications services. Violations under this section face imprisonment for up to 15 years and a fine of up to $50,000. ----------------- I commented on this before but feel like repeating myself: So an alt.2600 tec-addict makes some hardware hacks on his cellular - and gets 15 years in the slammer for catching some airwaves. A punishment scale suggestive of a very repressive state! And why outlawing it in the first place? What is crypto for? Mats From jdd at aiki.demon.co.uk Fri Aug 19 05:04:53 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 19 Aug 94 05:04:53 PDT Subject: Are "they" really the enemy? Message-ID: <6680@aiki.demon.co.uk> In message <199408182230.PAA15298 at netcom7.netcom.com> "James A. Donald" writes: > Jim Dixon writes > > You won't tear down the government without replacing it. > > We can certainly drastically weaken and seriously impair > and obstruct government without replacing it. Can you prove this? Or at least show some historical example? In France, the monarchy was replaced by a republic which quickly descended into the Reign of Terror. There was no gap. Orderly rule drifted into terror, which was succeeded by Napoleon's iron rule. Napoleon took over in part because people wanted order. In the American South after the Civil War, the Union smashed local government and replaced it with something acceptable to them. This did not have the consent of the white population. The Ku Klux Klan developed as a way for the whites to enforce their rules. The Ku Klux Klan was in its way an instrument of democracy. In Russia, the monarchy was replaced by a republic which was destroyed by the Bolsheviks. There was widespread civil war. But there whenever there was a governmental vacuum, people filled it. Russia was full of bands of armed men. People needed governments to protect them from the marauders. Stalin was an expression of the people's will. There have been cases where government was torn down and replaced by something else which was not called the government. The Ku Klux Klan was not part of the formal government of the South. But it functioned as part of the apparatus of government. The US government is a large and powerful organization. Let us say that somehow you contrive to successfully weaken, impair, and obstruct it. How will you do this? Not by yourself. One person cannot defeat millions. You need a group of some size, at the very least of thousands. This group must have a set of common goals and some sort of administrative structure to effect those goals... I could continue, but you must understand what I am going to say: governments can only be defeated by organizations with the attributes of governments. The alternative is to take over the government to some degree. But then in time you will find that there are people out there who regard you as part of the government, and set out to drastically weaken, seriously impair, and obstruct your government. -- Jim Dixon From jdd at aiki.demon.co.uk Fri Aug 19 05:05:23 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 19 Aug 94 05:05:23 PDT Subject: NSA Spy Machine and DES Message-ID: <6682@aiki.demon.co.uk> In message <9408190809.ZM4528 at simple.sydney.sgi.com> Ian Farquhar writes: > Actually, I would be surprised if the "SIMD" processors were not a huge > array of reprogrammable FPGA's, quite possibly Xilinx's. The possibilities > of a large array of these chips, each with local memory, is quite > interesting. I have personally seen an array of 64 Xilinx chips in a DEC PeRL > box doing RSA, at speeds similar or better to almost all available custom > hardware implementations of the cipher. The delays in getting data on and off the chip are too large and the amount of space wasted in redundant functions is too great. You might prototype it using FPGAs, but even this is unlikely. Why not just buy one of the existing SIMD processors and simulate your target system? People used to build fast processors out of separate chips (bit slices). They don't do that any more because it's too slow and too expensive if you are building in volume. -- +-----------------------------------+--------------------------------------+ | Jim Dixon | Compuserve: 100114,1027 | |AIKI Parallel Systems Ltd + parallel processing hardware & software design| | voice +44 272 291 316 | fax +44 272 272 015 | +-----------------------------------+--------------------------------------+ From jdd at aiki.demon.co.uk Fri Aug 19 05:05:58 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 19 Aug 94 05:05:58 PDT Subject: NSA Spy Machine and DES Message-ID: <6684@aiki.demon.co.uk> In message <9408182235.AA07044 at snark.imsi.com> perry at imsi.com writes: > > Actually, I would be surprised if the "SIMD" processors were not a huge > > array of reprogrammable FPGA's, quite possibly Xilinx's. > > Since SIMD implies array processing, this makes much more sense than > general purpose 64 bit processors. What would make even more sense is an array of special purpose 64 bit processors. This is how most people who build real SIMD machines do it. -- +-----------------------------------+--------------------------------------+ | Jim Dixon | Compuserve: 100114,1027 | |AIKI Parallel Systems Ltd + parallel processing hardware & software design| | voice +44 272 291 316 | fax +44 272 272 015 | +-----------------------------------+--------------------------------------+ From jdd at aiki.demon.co.uk Fri Aug 19 05:06:26 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 19 Aug 94 05:06:26 PDT Subject: Are \"they\" really the enemy? Message-ID: <6686@aiki.demon.co.uk> In message <199408182252.SAA26632 at pipe3.pipeline.com> John Young writes: > >Personally, I find these statements very disturbing, > >because they are so empty. > > Might be applied to your own later comments: > > >You won't tear down the government without replacing > >it. And I would argue that the more violent the means > >used to tear down the government, the more repressive > >its successor. Governments exist in part because we > >are such dangerous animals. I do not think that these statements are empty. Do I really need to prove that people are dangerous? One of the main functions of government is to stop us from harming one another. If you replace government with something else which has the same function (and works), you may call it something else, but it is acting in the same role as a government. Cases of violent replaces of governments from within: the French Revolution, the Bolshevik Revolution, the victory of the Chinese communists, Pol Pot -- in all of the cases that I can think of, the violence of the revolution was a good predictor of the repressiveness of the government that followed. The revolutions in Eastern Europe over the last few years have almost gone unnoticed, because they have been so peaceful. But they are genuine revolutions. I have seen no one claim that the new governments are repressive, except possibly for Rumania, where the revolution was violent. > This rhetorical ploy comes across as an apology for the status > quo and seems to offer counter-revolutionary cant instead of > your best arguments for making rational, evolutional > improvements to our inheritance. I am not justifying some status quo. My observation is pretty much equivalent to saying that accidents at high speeds tend to be fatal. If you drive a little more slowly and look where you are going, you are more likely to get to your destination in one piece. -- Jim Dixon From jdd at aiki.demon.co.uk Fri Aug 19 05:06:52 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 19 Aug 94 05:06:52 PDT Subject: Are \"they\" really the enemy? (Systems commentary) Message-ID: <6688@aiki.demon.co.uk> In message <199408181927.MAA00813 at sleepy.retix.com> joshua geller writes: > > > > When a system is designed to organize human behavior (as in > > > "governing" it) it has the inherent mistake of being based on > > > the presumption of complete knowledge of human nature (yet who > > > agrees on what that comprises). > > > Only a philosopher could make such a statement. Only a philosopher could believe that it is necessary to presume complete knowledge to design a system. > > A family is such a system, but it is based on no such presumption. > > Families begin in what is usually a completely mindless activity. > > And any honest parent of teenage children will admit that he or > > she is almost totally ignorant of human nature. If the parent > > doesn't admit it, the child will let the parent know. > > only a rhetor could make such a statement. ? I don't teach rhetoric. > families are not designed. Many people think that they are. But my point is that we all take part in the creation of systems, and we usually do not think about what we are doing when we do it. Blanc said, esssentially, that systems are designed rationally. Most aren't. -- Jim Dixon From an5877 at anon.penet.fi Fri Aug 19 06:48:56 1994 From: an5877 at anon.penet.fi (deadbeat) Date: Fri, 19 Aug 94 06:48:56 PDT Subject: Attention Shoppers: Internet Is Open (NYT, 12Aug94) Message-ID: <9408191253.AA00438@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- New York Times, 12 August 1994, Page C1. [Photograph of five young men standing around a decorated office.] A system from the Net Market Company allows credit card shopping on the Internet in total privacy. Net Market's chief executive, Daniel M. Kohn, foreground, worked at the company's office in Nashua, N.H., yesterday. Behind him, from left, were the president, Roger Lee; program developer, Mark Birmingham; senior program developer, Guy H.T. Haskin, and chief information officer, Eiji Hirai. ATTENTION SHOPPERS: INTERNET IS OPEN By PETER H. LEWIS At noon yesterday, Phil Brandenberger of Philadelphia went shopping for a compact audio disk, paid for it with his credit card and made history. Moments later, the champagne corks were popping in a small two-story frame house in Nashua, N.H. There, a team of young cyberspace entrepreneurs celebrated what was apparently the first retail transaction on the Internet using a readily available version of powerful data encryption software designed to guarantee privacy. Experts have long seen such ironclad security as a necessary first step before commercial transactions can become common on the Internet, the global computer network. - From his work station in Philadelphia, Mr. Brandenburger logged onto the computer in Nashua, and used a secret code to send his Visa credit card number to pay $12.48, plus shipping costs, for the compact disk "Ten Summoners' Tales" by the rock musician Sting. "Even if the N.S.A. was listening in, they couldn't get his credit card number," said Daniel M. Kohn, the 21-year-old chief executive of the Net Market Company of Nashua, N.H., a new venture that is the equivalent of a shopping mall in cyberspace. Mr. Kohn was referring to the National Security Agency, the arm of the Pentagon that develops and breaks the complex algorithms that are used to keep the most secret electronic secrets secret. Even bigger organizations working on rival systems yesterday called the achievement by the tiny Net Market a welcome first step. "It's really clear that most companies want the security prior to doing major commitments to significant electronic commerce on the Internet," said Cathy Medich, executive director of Commercenet, a Government and industry organization based in Menlo Park, Calif., that hopes to establish standards for commercial transactions on the Internet and other networks. The idea is to make such data communications immune to wiretaps, electronic eavesdropping and theft by scrambling the transmissions with a secret code security technique known as data encryption. While Commercenet and other organizations have been working to develop a standard for the automated data encryption of commercial transactions, the small band of recent college graduates who formed the Net Market Company in New Hampshire appear to be the first to implement such technology successfully. Tests of Commercenet's encryption system, which is based on algorithms - - mathematical formulas - developed by RSA Data Security Inc. of Redwood City, Calif., are expected to begin this fall. Commercenet hopes to create an easy-to-use industry standard for protecting Internet transactions. For now, Net Market's approach is available to the limited number of computer users who have work stations running the Unix software operating system and a sophisticated Internet navigational program called X-Mosaic. The data encryption program is called PGP, for Pretty Good Privacy, which is based on the same RSA algorithms used by Commercenet. PGP is available free, but it requires technical expertise to download it from the Internet. But within a few months commercial versions of PGP are expected to be available for personal computers using the Windows and Macintosh operating systems, which comprise the vast majority of computers in North America. Security Breaches Reported The widespread adoption of standard data encryption tools cannot come too quickly for many Internet entrepreneurs, who hope to foster new levels of commerce on the rapidly growing network. Alarmed by increasing reports of security breaches on the Internet many people and businesses are reluctant to transmit sensitive information, including credit cards numbers, sales information or private electronic mail messages, on the network. But the use of standard data encryption software, which scrambles messages so they can be read only by someone with the proper software "key," has been hindered by a combination of Government regulations and software patent disputes. Experts say the PGP encryption software used by Net Market is at least as robust as the so-called Clipper encryption technology that the Clinton Administration has been pushing as a national standard. But unlike the Clipper system, the software keys for opening and reading PGP-encrypted documents is not controlled by the Government. A version of PGP for individuals is available free through the Massachusetts Institute of Technology, but users must retrieve it from an M.I.T. computer through the Internet. Organizations wanting to use PGP for commercial purposes must obtain it on the Internet from a company in Phoenix called Viacrypt, a maker of [bold inset A system offers on-line credit card shopping in total privacy. end inset] computer security software and hardware tools. Prices for PGP begin at $100 a copy. A Browsing Feature One achievement of the young programmers at Net Market was to incorporate PGP into X-Mosaic, the software that many Internet users rely on for browsing through the global network. X-Mosaic is a software tool that allows the users of Unix computers to browse a service of the Internet called the World Wide Web, where companies can post the electronic equivalent of a glossy color brochure with supporting sales or marketing documents. In the case of Noteworthy Music the record retailer that leases a "store front" in Net Market's Internet computer, a shopper can look at color pictures of CD album covers. Mr. Kohn, a 1994 honors graduate in economics from Swarthmore College, came up with the idea for Net Market during his junior year abroad, at the London School of Economics. There, he persuaded an American classmate, Roger Lee, to join his venture. Mr. Lee, who graduated from Yale this past spring with a degree in political science, is president of the company. For technical expertise, they recruited two other partners from Swarthmore, Guy H.T. Haskin and Eiji Hirai. The four men live upstairs in the house in Nashua, commuting downstairs each morning to run the business. Because of the pressures of running the system and debugging the software, they rarely venture outside, even though they have a backyard swimming pool. "We don't get much sun," Mr. Kohn said, "but we're down to a case of Coke a day." 'An Important Step' Although Net Market has been selling various products like CD's, flowers and books for several months on behalf of various merchants, yesterday was the first time they had offered digitally secure transactions. "I think it's an important step in pioneering this work, but later on we'll probably see more exciting things in the way of digital cash," said Philip R. Zimmermann, a computer security consultant in Boulder, Colo., who created the PGP program. Digital cash, Mr. Zimmermann explained, is "a combination of cryptographic protocols that behave the way real dollars behave but are untraceable." In other words, they are packets of worth that have value in cyberspace, the same way dollars have value in the real world, except that they have the properties of anonymity, privacy and untraceability. Many details remain to be worked out, Mr. Zimmermann said. For now Mr. Brandenberger, despite his historic transaction yesterday, will be paying with plain old dollars, when he gets his credit card bill. And sometime today, the Sting CD will arrive by fairly conventional means shipped FedEx from the Noteworthy Music warehouse in Nashua. DEADBEAT -----BEGIN PGP SIGNATURE----- Version: 2.4 iQBFAgUBLkt5+/FZTpBW/B35AQGp/QF9E7xzIivWavE6oZw/OyJBKpBEMh+Ded5d btGwA62La30MMk/7JkwFt01o1DIM581u =sUm+ -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From dance at cicero.spc.uchicago.edu Fri Aug 19 06:52:07 1994 From: dance at cicero.spc.uchicago.edu (Squeal) Date: Fri, 19 Aug 94 06:52:07 PDT Subject: EFF Analysis of Leahy/Edwards Digital Telephony Bill Message-ID: <9408191351.AA03160@cicero.spc.uchicago.edu> I hope this is helpful (and not too out-of-date, 9 days ago!). It's the EFF's justification.... --------------------------Begin Message----------------------------- Date: 10 Aug 1994 16:58:23 -0500 From: mech at eff.org (Stanton McCandlish) Subject: EFF Analysis of Leahy/Edwards Digital Telephony Bill EFF SUMMARY OF THE EDWARDS/LEAHY DIGITAL TELEPHONY BILL ======================================================= OVERVIEW -------- The Edwards/Leahy Digital Telephony bill places functional requirements on telecommunications carriers in order to enable law enforcement to continue to conduct authorized electronic surveillance. It allows a court to impose fines on carriers that violate the requirements, and mandates that the processes for determining capacity requirements and technical standards be open and public. The bill also contains significant new privacy protections; including an increased standard for government access to transactional data (such as addressing information contained in electronic mail logs), a requirement that information acquired through the use of pen registers or trap and trace devices not disclose the physical location of an individual, and an expansion of current law to protect the radio portion of cordless telephone conversations from unauthorized surveillance. SCOPE OF THE BILL. WHO IS COVERED? ----------------------------------- The requirements of the bill apply to "telecommunications carriers", which are defined as any person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire (as defined by section 3 (h) of the Communications Act of 1934), including commercial mobile services (cellular, PCS, etc.). The bill also applies to those persons or entities engaged in providing wire or electronic communication switching or transmission service to the extent that the FCC finds that such service is a replacement for a substantial portion of the local telephone exchange. The bill does not apply to online communication and information services such as Internet providers, Compuserve, AOL, Prodigy, and BBS's. It also excludes private networks, PBX's, and facilities which only interconnect telecommunications carriers or private networks (such as most long distance service). REQUIREMENTS IMPOSED ON CARRIERS -------------------------------- Telecommunications carriers would be required to ensure that they possess sufficient capability and capacity to accommodate law enforcement's needs. The bill distinguishes between capability and capacity requirements, and ensures that the determination of such requirements occur in an open and public process. CAPABILITY REQUIREMENTS ----------------------- A telecommunications carrier is required to ensure that, within four years from the date of enactment, it has the capability to: 1. expeditiously isolate the content of a targeted communication within its service area; 2. isolate call-identifying information about the origin and destination of a targeted communication; 3. enable the government to access isolated communications at a point away from the carrier's premises and on facilities procured by the government, and; 4. to do so unobtrusively and in such a way that protects the privacy and security of communications not authorized to be intercepted (Sec. 2601). However, the bill does not permit law enforcement agencies or officers to require the specific design of features or services, nor does it prohibit a carrier from deploying any feature or service which does not meet the requirements outlined above. CAPACITY REQUIREMENTS --------------------- Within 1 year of enactment of the bill, the Attorney General must determine the maximum number of intercepts, pen register, and trap and trace devices that law enforcement will require four years from the date of enactment. Notices of capacity requirements must be published in the Federal Register (Sec. 2603). Carriers have 4 years to comply with capacity requirements. PROCESS FOR DETERMINING TECH. STANDARDS TO IMPLEMENT CAPABILITY REQUIREMENTS ---------------------------------------------------------------------------- Telecommunications carriers, through trade associations or standards setting bodies and in consultation with the Attorney General, must determine the technical specifications necessary to implement the capability requirements (Sec. 2606). The bill contains a 'safe harbor' provision, which allows a carrier to meet its obligations under the legislation if it is in compliance with publicly available standards set through this process. A carrier may deploy a feature or service in the absence of technical standards, although in such a case the carrier would not be covered by the safe harbor provision and may be found in violation. Furthermore, the legislation allows any one to file a motion at the FCC in the event that a standard violates the privacy and security of telecommunications networks or does not meet the requirements of the bill (Sec. 2606). If petitioned under this section, the FCC may establish technical requirements or standards that: 1) meet the capability requirements (in Sec. 2602); 2) protect the privacy and security of communications not authorized to be intercepted, and; 3) encourage the provision of new technologies and services to the public. ENFORCEMENT AND PENALTIES ------------------------- In the event that a court or the FCC deems a technical standard to be insufficient, or if law enforcement finds that it is unable to conduct authorized surveillance because a carrier has not met the requirements of this legislation, the Attorney General can request that a court issue an enforcement order (an order directing a carrier to comply), and/or a fine of up to $10,000 per day for each day in violation (Sec. 2607). However, a court can issue an enforcement order or fine a carrier only if it can be determined that no other reasonable alternatives are available to law enforcement. This provision allows carriers to deploy features and services which may not meet the requirements of the bill. Furthermore, this legislation does not permit the government to block the adoption or use of any feature or service by a telecommunications carrier which does not meet the requirements. The bill requires the government to reimburse carriers for all reasonable costs associated with complying with the capacity requirements. In other words, the government will pay for upgrades of current features or services, as well as any future upgrades which may be necessary, pursuant to published notices of capacity requirements (Sec. 2608). There is $500,000,000 authorized for appropriation to cover the costs of government reimbursements to carriers. In the event that a smaller sum is actually appropriated, the bill allows a court to determine whether a carrier must comply (Sec. 2608 (d)). This section recognizes that telecommunications carriers may not be responsible for meeting the requirements if the government does not cover reasonable costs. The government is also required to submit a report to congress within four years describing all costs paid to carriers for upgrades (Sec. 4). ENHANCED PRIVACY PROTECTIONS ---------------------------- The legislation contains enhanced privacy protections for transactional information (such as telephone toll records and electronic mail logs) generated in the course of completing a communication. Current law permits law enforcement to gain access to transactional information through a subpoena. The bill establishes a higher standard for law enforcement access to transactional data contained electronic mail logs and other online records. Telephone toll records would still be available through a subpoena. Under the new standard, law enforcement is required to obtain a court order by demonstrating specific and articulable facts that electronic mail logs and other online transactional records are relevant and material to an ongoing criminal investigation (Sec. 10). Law enforcement is also prohibited from remotely activating any surveillance capability. All intercepts must be conducted with the affirmative consent of a telecommunications carrier and activated by a designated employee of the carrier within the carrier's facilities (Sec. 2604). The bill further requires that, when using pen registers and trap and trace devices, law enforcement will use, when reasonably available, devices which only provide call set up and dialed number information (Sec. 10). This provision will ensure that as law enforcement employs new technologies in pen register and trap and trace devices, it will not gain access to additional call setup information beyond its current authority. Finally, the bill extends the Electronic Communications Privacy Act (ECPA) protections against interception of wireless communications to cordless telephones, making illegal the intentional interception of the radio portion of a cordless telephone (the transmission between the handset and the base unit). CELLULAR SCANNERS ----------------- The bill makes it a crime to possess or use an altered telecommunications instrument (such as a cellular telephone or scanning receiver) to obtain unauthorized access to telecommunications services (Sec. 9). This provision is intended to prevent the illegal use of cellular and other wireless communications services. Violations under this section face imprisonment for up to 15 years and a fine of up to $50,000. IMPROVEMENTS OF THE EDWARDS/LEAHY BILL OVER PREVIOUS FBI PROPOSALS ------------------------------------------------------------------ The Digital Telephony legislative proposal was first offered in 1992 by the Bush Administration. The 1992 version of the bill: * applied to all providers of wire or electronic communications services (no exemptions for information services, interexchange carriers or private networks); * gave the government the explicit authority to block or enjoin a feature or service that did not meet the requirements; * contained no privacy protections; * contained no public process for determining the capacity requirements; * contained no government reimbursement (carriers were responsible for meeting all costs); * would have allowed remote access to communications by law enforcement, and; * granted telecommunications carriers only 18 months to comply. The Bush Administration proposal was offered on capitol hill for almost a year, but did attract any congressional sponsors. The proposal was again offered under the Clinton Administration's FBI in March of 1993. The Clinton Administration's bill was a moderated version of the original 1992 proposal: * It required the government to pay all reasonable costs incurred by telecommunications carriers in retrofitting their facilities in order to correct existing problems; * It encouraged (but did not require), the Attorney General to consult with telecommunications industry representatives and standards bodies to facilitate compliance, * It narrowed the scope of the legislation to common carriers, rather than all providers of electronic communications services. Although the Clinton Administration version was an improvement over the Bush Administration proposal, it did not address the larger concerns of public interest organizations or the telecommunications industry. The Clinton Administration version: * did not contain any protections for access to transactional information; * did not contain any public process for determining the capability requirements or public notice of law enforcement's capacity needs; * would have allowed law enforcement to dictate system design and bar the introduction of features and services which did not meet the requirements, and; * would have allowed law enforcement to use pen registers and trap and trace devices to obtain tracking or physical location information. * * * Locating Relevant Documents =========================== ** Original 1992 Bush-era draft ** ftp.eff.org, /pub/EFF/Policy/FBI/Old/digtel92_old_bill.draft gopher.eff.org, 1/EFF/Policy/FBI/Old, digtel92_old_bill.draft http://www.eff.org/pub/EFF/Policy/FBI/Old/digtel92_old_bill.draft bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital Telephony; file: digtel92.old ** 1993/1994 Clinton-era draft ** ftp.eff.org, /pub/EFF/Policy/FBI/digtel94_bill.draft gopher.eff.org, 1/EFF/Policy/FBI, digtel94_bill.draft http://www.eff.org/pub/EFF/Policy/FBI/digtel94_bill.draft bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital Telephony; file: digtel94.dft ** 1994 final draft, as sponsored ** ftp.eff.org, /pub/EFF/Policy/FBI/digtel94.bill gopher.eff.org, 1/EFF/Policy/FBI, digtel94.bill http://www.eff.org/pub/EFF/Policy/FBI/digtel94.bill bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital Telephony; file: digtel94.bil ** EFF Statement on sponsored version ** ftp.eff.org, /pub/EFF/Policy/FBI/digtel94_statement.eff gopher.eff.org, 1/EFF/Policy/FBI, digtel94_statement.eff http://www.eff.org/pub/EFF/Policy/FBI/digtel94_statement.eff bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital Telephony; file: digtel94.eff --------------------------End of Message----------------------------- _/_/_/ _/_/_/ _/_/_/ _/ _/ The strongest reason for the _/ _/ _/ _/ _/_/ _/ people to retain their right to _/_/_/ _/ _/ _/_/_/ _/ _/ _/ keep and bear arms is, as a last _/ _/ _/ _/ _/_/_/_/ _/ resort, to protect themselves _/_/_/ _/_/_/ _/_/_/ _/ _/ _/_/_/ against tyranny in government. _/ --Thomas Jefferson From lstanton at sten.lehman.com Fri Aug 19 07:16:39 1994 From: lstanton at sten.lehman.com (Linn Stanton) Date: Fri, 19 Aug 94 07:16:39 PDT Subject: Are "they" really the enemy? In-Reply-To: <6680@aiki.demon.co.uk> Message-ID: <9408191418.AA26762@sten.lehman.com> In message <6680 at aiki.demon.co.uk>you write: > In message <199408182230.PAA15298 at netcom7.netcom.com> "James A. Donald" wri > tes: > > Jim Dixon writes > > > You won't tear down the government without replacing it. > > > > We can certainly drastically weaken and seriously impair > > and obstruct government without replacing it. > > Can you prove this? Or at least show some historical example? What about later Byzantium? The last 100 years of the Ottomans? Most of the history of the Holy Roman Empire? Capetian France? Egypt under the Mamluks? There are many examples of a government peacefully becoming incompetent and weak. Sometimes, an outside power moves in. Sometimes, anarchy results, and later a strong new government arises. Sometimes, things just muddle along for a while, with most people ignoring government entirely. That all of these periods end with the rise of, or takeover by, another government, proves nothing. Every historical period has an end. Does anybody here think that the current set of governments in the world is static for all time? Those who think that governments only get stronger is taking too short a view. The Babylonian, Roman, and Persian empires were all succeeded by far weaker, less centralized, power structures. The questions are: what comes next? And what can we do to make what comes next bearable? > In France, the monarchy was replaced by a republic which quickly > descended into the Reign of Terror. There was no gap. Orderly rule > drifted into terror, which was succeeded by Napoleon's iron rule. But you can make a good case that this was BECAUSE the monarchy had not been drastically weakened and impaired for a time before the revolution. The revolution was too sharp a jolt, and the system became unstable. Politics abhors a square wave. > In the American South after the Civil War, the Union smashed local > government and replaced it with something acceptable to them. This > did not have the consent of the white population. The Ku Klux Klan > developed as a way for the whites to enforce their rules. It also had the more-than-tacit support of the government. > The Ku Klux Klan was in its way an instrument of democracy. Instrument of oligarchy might be closer. Many poor whites were 'kept in line' by it, as well as the blacks. > In Russia, the monarchy was replaced by a republic which was destroyed > by the Bolsheviks. There was widespread civil war. But there whenever Actually, by the Minsheviks and anarchists. > there was a governmental vacuum, people filled it. Russia was full of > bands of armed men. People needed governments to protect them from > the marauders. How can you distinguish the marauders and the government? There was an anarchic transition period. Some areas/groups did well (such as the Coassaks, and parts of the Caucasus) some did very badly. Does this signify anything? > Stalin was an expression of the people's will. I think that you are confusing 'the people' and 'the government.' Trotsky was much more the choice of 'the people.' That's why he was charged with 'bonapartism.' > The US government is a large and powerful organization. Let us say > that somehow you contrive to successfully weaken, impair, and > obstruct it. How will you do this? Not by yourself. One person > cannot defeat millions. You need a group of some size, at the very > least of thousands. This group must have a set of common goals and > some sort of administrative structure to effect those goals... You seem to be hooked on organized conflict. I think you vastly underestimate the power of incompetence, corruption, and bureaucracy. > I could continue, but you must understand what I am going to say: > governments can only be defeated by organizations with the > attributes of governments. Tell that to the Afghans. The Afghan tribes have a long history of defeating governments with only a lose tribal and clan system. > The alternative is to take over the government to some degree. Or to help it degenerate into incapacity. From mogsie at VNET.IBM.COM Fri Aug 19 07:24:33 1994 From: mogsie at VNET.IBM.COM (mogsie at VNET.IBM.COM) Date: Fri, 19 Aug 94 07:24:33 PDT Subject: No Subject Message-ID: <9408191424.AA08350@toad.com> Hi, guys| I just received my T-shirt as a birthday-gift from my brother| Or is this just a fraud...? -mogsie- finger for PGP key From huntting at glarp.com Fri Aug 19 07:29:34 1994 From: huntting at glarp.com (Brad Huntting) Date: Fri, 19 Aug 94 07:29:34 PDT Subject: 15 years! In-Reply-To: Message-ID: <199408191429.IAA06996@misc.glarp.com> > The bill makes it a crime to possess or use an altered telecommunications > instrument (such as a cellular telephone or scanning receiver) to obtain > unauthorized access to telecommunications services (Sec. 9). This > provision is intended to prevent the illegal use of cellular and other > wireless communications services. Violations under this section face > imprisonment for up to 15 years and a fine of up to $50,000. Imagine if your government decided to outlaw deadbolts on font doors, so cops wouldn't have to put so much shoulder effort into executing "no knock" search warrants. But then to make you feel safer, they make "breaking and entering" a felony worthy of 15 years in prison, even if nothing is stolen and no one assaulted. In America cops often use armored battering rams to execute knock warrants. Similarly, they can use court orders to obtain keys to decode encrypted transmissions or files. If a person is ordered to turn over their password to unlock their documents, they can be held in contempt if they don't, and they can demand their right to not have any of the documents used against them if they do. In America at least, there are no new civil liberties to be found in the use of strong crypto. The legitimate, constitutional use of police power cannot be thwarted by using this new technology. Only the uncontittutional abuses of state power will be thwarted by use of strong crypto. brad From smb at research.att.com Fri Aug 19 07:33:22 1994 From: smb at research.att.com (smb at research.att.com) Date: Fri, 19 Aug 94 07:33:22 PDT Subject: cypherpunks-digest V1 #18 Message-ID: <9408191433.AA08423@toad.com> Date: Fri, 19 Aug 1994 11:54:45 +0200 (METDST) Subject: 15 years! About the EFF Wiretap Bill: The bill makes it a crime to possess or use an altered telecommunications instrument (such as a cellular telephone or scanning receiver) to obtain unauthorized access to telecommunications services (Sec. 9). This provision is intended to prevent the illegal use of cellular and other wireless communications services. Violations under this section face imprisonment for up to 15 years and a fine of up to $50,000. I commented on this before but feel like repeating myself: So an alt.2600 tec-addict makes some hardware hacks on his cellular - and gets 15 years in the slammer for catching some airwaves. A punishment scale suggestive of a very repressive state! And why outlawing it in the first place? What is crypto for? I'm not defending a 15 year sentence; it's far too harsh. But I strongly disagree with ``why outlawing it in the first place? What is crypto for?'' By analogy, why outlaw burglary? After all, what are safes and alarms for? The purpose of a civilized society is precisely to avoid this sort of ``arms race'' between bandits and those who pay for services. Even libertarians generally agree that theft is wrong, and theft of service is just as wrong as theft of tangible objects; otherwise, there is no way to recover the cost of the capital investment necessary to provide the service. That is, the marginal cost -- the electricity, wear and tear on the ICs, etc., to make a cellular phone call -- is obviously very low. But someone had to pay for all the cellular switches out there, to say nothing of the R&D that went into them, and a large part of the charges for a call go towards repaying that investment. Now, a prudent service provider may wish to invest in crypto as a way to prevent fraud, just as many homeowners invest in alarm systems. But failure to do so doesn't make either sort of theft correct. --Steve Bellovin From jya at pipeline.com Fri Aug 19 08:03:09 1994 From: jya at pipeline.com (John Young) Date: Fri, 19 Aug 94 08:03:09 PDT Subject: \"they\" and Real Bullets Message-ID: <199408191502.LAA08028@pipe1.pipeline.com> The c'punks vote on continuing the "they" topic: 1 yes 1 maybe 1 no 2^512,000 plonks The "plonks" have it, but to hell with them. ----------------------------------- Responding to msg by wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204) on Thu, 18 Aug 8:46 PM >> From: Hal >> What does it mean to speak of a government in >cyberspace? It is the >> government in physical space I fear. Its agents >carry physical guns >> which shoot real bullets. >> >........................................................ >Without cryptography, all you've got left is security >by obscurity, the main technique used by the hackers in >the book; even cryptographic systems need strong >enough implementations built around the >mathematically-strong parts to be truly safe. Bill's suggestion about obscurity through strong crypto as a defense against real bullets is a provocative version of "the pen is mightier than the sword" homily. That rephrasing of the topic seems to be a good way to mix software and hardware issues that originated the "they" topic. Is it possible for mind stuff and its gadgets to beat the tools of physical violence? It seems that is what this list is about. Jim Dixon's elegant disquisition (and that of other respondents) on the rise and fall of governments is less persuasive than his (and others') remarks, say, on the NSA spy machine where he (and they) shows nitty-gritty expertise. I vote for the nit-grit as more pertinent to Hal's "real bullets" problem. Sorry, but geo-political bullshit apologizes for real killers of all political bent, in power or out. Geo-pol is overdone by talking heads who sound numbingly alike. The distincitive sound of crypto and techno stuff is what charms here, because it's rarely heard in public venues. We got to take responsibility for our individual actions, day by day, and resist the delusionary temptation of hallucinating on great problems to mask our daily marginalization. Ahem. John From 73211.3713 at compuserve.com Fri Aug 19 08:49:19 1994 From: 73211.3713 at compuserve.com (Loren Fleckenstein) Date: Fri, 19 Aug 94 08:49:19 PDT Subject: Zimmermann/NSA debate Message-ID: <940819154701_73211.3713_DHI21-1@CompuServe.COM> For those who haven't heard, Philip Zimmermann and Dr. Clinton Brooks of the National Security Agency will debate the national encryption and privacy policies Thursday Aug. 25 at the Thousand Oaks Inn, 75 West Thousand Oaks. Blvd. in Thousand Oaks, Calif. A cocktail hour will start at 5:45 p.m. The debate will start at 6:30 p.m. If there is anyone in the Moreno Valley-to-Riverside, Calif., area who is interesting in carpooling with me to Thousand Oaks., contact me by private e-mail. We'd return that night. -- Loren From frissell at panix.com Fri Aug 19 09:20:17 1994 From: frissell at panix.com (Duncan Frissell) Date: Fri, 19 Aug 94 09:20:17 PDT Subject: 15 years! Message-ID: <199408191618.AA19897@panix.com> At 08:29 AM 8/19/94 -0600, Brad Huntting wrote: >In America cops often use armored battering rams to execute knock >warrants. Similarly, they can use court orders to obtain keys to >decode encrypted transmissions or files. If a person is ordered >to turn over their password to unlock their documents, they can be >held in contempt if they don't, and they can demand their right to >not have any of the documents used against them if they do. > >In America at least, there are no new civil liberties to be found >in the use of strong crypto. The legitimate, constitutional use >of police power cannot be thwarted by using this new technology. Brad -- perhaps you haven't grasped the full range of possibilities arising from the deployment of modern crypto technology. By the use of Stego and anonymous networking and operating system software, it will be possible to block the authorities from even identifying you as the target of an investigation. While it is true that they may be able to try and force you to reveal the contents of a "secret message", they can succeed only if: 1) They know that a secret message exists 2) They know that you exist 3) They know (and can prove) that you possess the key material necessary to decode the message. 4) You are capable of being coerced -- i.e. you are a human being and not a software agent or an institutional entity controlled by humans outside of the jurisdiction. 5) You are within their jurisdiction. 6) You have not used an encoding scheme that kicks out two alternative plaintexts (the 'real message' and the 'duress message') depending on what key material you use. 7) You decide not to take advantage of their offer of one or two years of free room and board rather than submit to their demands. Modern crypto techniques can make it very difficult in practice to extract any useful information from people's computer files or communication streams. At the least, crypto can make "fishing expeditions" impossible. When you combine crypto with the fact that on a network, people inside and outside the "jurisdiction" are equal, enforcement capabilities are reduced. DCF ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Mail Receiving, Phone Cards, Quants, Securitization, Temping, Voice Mail. From jdd at aiki.demon.co.uk Fri Aug 19 10:11:43 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 19 Aug 94 10:11:43 PDT Subject: Are "they" really the enemy? Message-ID: <6709@aiki.demon.co.uk> In message <9408191418.AA26762 at sten.lehman.com> stanton at acm.org writes: > > did not have the consent of the white population. The Ku Klux Klan > > developed as a way for the whites to enforce their rules. > > It also had the more-than-tacit support of the government. > > > The Ku Klux Klan was in its way an instrument of democracy. > > Instrument of oligarchy might be closer. Many poor whites were 'kept in > line' by it, as well as the blacks. Most of these remarks follow from a simplistic definition of government. My point was that the government may in some cases consist of some overt and recognized elements and some unofficial but nonetheless real elements. In societies in which there is a significant level of internal dissent quasi-governmental groups spring up. In Ireland the IRA is such a group in many areas. The UK government sends car thieves to prison; the IRA kneecaps them (smashes their knees with sledgehammers or a gunshot). > > In Russia, the monarchy was replaced by a republic which was destroyed > > by the Bolsheviks. There was widespread civil war. But there whenever > > there was a governmental vacuum, people filled it. Russia was full of > > bands of armed men. People needed governments to protect them from > > the marauders. > > How can you distinguish the marauders and the government? The difference is only one of degree. Either brigands smash your door down and steal everything you have, or the IRS sends in their auditors. On the whole, people prefer the lesser evil, the IRS, to the greater evil, bandits. > There was an > anarchic transition period. Some areas/groups did well (such as the Coassaks, > and parts of the Caucasus) some did very badly. Does this signify anything? Not as far as this discussion is concerned. In a chaotic situation, the fate of areas and groups will vary. In part this will reflect differing levels of chaos. > > Stalin was an expression of the people's will. > > I think that you are confusing 'the people' and 'the government.' Trotsky > was much more the choice of 'the people.' That's why he was charged with > 'bonapartism.' Even now you find many old people who regret Stalin's absence. What I was saying was that there was a widespread desire for peace and stability. [There are also differences in meaning between the English word 'people' and the Russian word usually used to translate it, 'narod'. I was thinking of the term 'narodnaya volya'. Email me if you want to discuss this further! In-depth discussions of Russian culture seem irrelevant to this list.] > > The US government is a large and powerful organization. Let us say > > that somehow you contrive to successfully weaken, impair, and > > obstruct it. How will you do this? Not by yourself. One person > > cannot defeat millions. You need a group of some size, at the very > > least of thousands. This group must have a set of common goals and > > some sort of administrative structure to effect those goals... > > You seem to be hooked on organized conflict. I am aware of organized conflict. If you want to radically change the US government in a short period of time, it will resist you. If you are to succeed, you must apply a commensurate amount of force. > I think you vastly underestimate > the power of incompetence, corruption, and bureaucracy. ? I don't think so, and in any case I don't see what you mean. > > I could continue, but you must understand what I am going to say: > > governments can only be defeated by organizations with the > > attributes of governments. > > Tell that to the Afghans. The Afghan tribes have a long history of defeating > governments with only a lose tribal and clan system. I have spent around six months in Afghanistan. Most of this was in Kabul, but I also visited Mazar-i-sharif, Herat, Kandahar, Ghazni, Jelallabad, and smaller places. The 'loose' tribal systems are in fact very tight. You are talking as though only national governments were governments. In Afghanistan the central government has normally been very weak. When I was there the king controlled the cities but the chiefs controlled the villages. The chiefs and mullahs were very powerful indeed. Afghanistan is a very conservative society. Along certain lines men are encouraged to be extreme individualists. But the group is very powerful. A friend of mine lived in a village. Families live in small compounds with high walls around them. The women cultivate the land inside the walls. A young man from the village was walking along a high hill near the village and saw an unveiled woman working her fields. Someone from her family saw him and naturally took a shot at him, because he was looking upon a woman in his family without a veil. For several weeks no one could step outside in that village without being shot at, because everyone was in or related to one of the two families involved. This is not a loose society. -- Jim Dixon From pcw at access.digex.net Fri Aug 19 10:12:58 1994 From: pcw at access.digex.net (Peter Wayner) Date: Fri, 19 Aug 94 10:12:58 PDT Subject: NSA Spy Machine and DES Message-ID: <199408191712.AA08364@access3.digex.net> It is entirely possible that the Cray SIMD machine will use Xilinxs. The folks at the Supercomputing Research Center in Bowie are also building machines with these Xilinxs. They're known under the name "Splash" and they've built at least two generations. One of the architects told me that the machine was only good for "deeply pipelined" processes. There is one preprint, for instance, that describes how to do text searching with the machine. (Surprise.) Much of this should be public because the folks from the SRC often go to conferences and present information. Two names on the Splash project that I can think of are Buell and Arnold. If anyone can dig up papers on this topic, I would be intrested to read them. That being said, I still don't really see the advantages of Xilinx. But this really could be because I've never programmed the machines nor have I used them for anything. It just seems unlikely to me that DES can be done that much faster. But like I said, what do I know? I would be intrigued if someone could run a back of the envelope calculation on building a machine with Xilinx. How many processes can you do with it? How many testing circuits can you fit on a chip? How fast will these circuits go? What is the big win from pipelining the process? Sure you can build a sixteen stage pipeline, but will you need to put copies of the SBOXes at each stage? How much space will this take? How deep will the gates be? What is the gate delay at each stage? What will be resultant speed? The fact is that for all of DES's bitwise 6-to-4 sboxes and other weird stuff, it isn't that hard to implement in a RISC processor that has XOR, AND, shifts and fast table lookup. Any answers out there? -Peter From blancw at microsoft.com Fri Aug 19 10:41:06 1994 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 19 Aug 94 10:41:06 PDT Subject: \"they\" and Real Bullets Message-ID: <9408191741.AA20789@netmail2.microsoft.com> From: John Young The c'punks vote on continuing the "they" topic: 1 yes 1 maybe 1 no 2^512,000 plonks The "plonks" have it, but to hell with them. ........................................................................... For continuing the System: 1.0 NSA 2.0 Rest of the Gvmt 0.5 various & sundry Citizens ------ 3.5 Against it: 0.5 c'punks The ayes have it, but who cares about 'them'. Or their system. Blanc From tcmay at netcom.com Fri Aug 19 11:55:18 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 19 Aug 94 11:55:18 PDT Subject: trusted time stamping In-Reply-To: <199408190842.AA06184@eskimo.com> Message-ID: <199408191851.LAA08743@netcom4.netcom.com> Wei Dai wrote: > I thought my idea about having trusted entities digitally sign a document in > order to establish its existence at a particular time was a new idea, but I > just read about it in _Applied Cryptography_. Anyway, I wrote some C code to > do automatic time stamping with PGP (source code is in the next e-mail). Stu Haber (who reads this list, sometimes) and Scott Stornetta of Bellcore developed a system which solves the more important problem of the time stamper reliability, which I don't think W.D. has addressed. I've written up a couple of summaries, the last of which got a favorable reaction from Stu on. So I'll mail it later today, when I fire up my off-line archives and retrieve it. The hard part is time stamper reliability, i.e., how does the world (and the courts) know that the time stamper(s) did not simply reset his clock and thus fake the times? Haber and Stornetta came up with two clever ideas: 1. Publish a one-way hash of the text to be stamped in a very public place, e.g., one's latest bestselling novel or the "New York Times." This is similar to the crypto methods used by scientists through the ages to prove ownership. H & S call this a "widely witnessed event," the idea being that millions of copies of archived issued of the NYT (or the novel!) would have to be retrieved and reprinted in order to change at a later date the text. Economically impractical. 2. But it may also be economically impractical for the NYT to print page after page of such hashes...they may choose not to, understandably. So H & S developed a "tree"-like way to merge customer-provided hashes with many other hashes (and earlier hashes, to, thus adding to the difficulty of faking) and so to only have to publish a comparatively small number. These two clevernesses are the crux of time-stamping. They are trying to build a company to do this; perhaps Stu can update us on the status. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hughes at ah.com Fri Aug 19 12:16:21 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 19 Aug 94 12:16:21 PDT Subject: trusted time stamping In-Reply-To: <199408191851.LAA08743@netcom4.netcom.com> Message-ID: <9408191851.AA13058@ah.com> They are trying to build a company to do this; perhaps Stu can update us on the status. I don't know if Stu's on the list right now or not, but I saw him Tuesday in Manhattan. They're in the middle of development, which includes much more than simply writing the crypto protocol that's at the core of any real business. Eric From smb at research.att.com Fri Aug 19 12:18:27 1994 From: smb at research.att.com (smb at research.att.com) Date: Fri, 19 Aug 94 12:18:27 PDT Subject: Outlawing the overhearing of conversations Message-ID: <9408191918.AA11807@toad.com> - I find a number which looks to be compressed or encrypted. I fiddle around with it and manage to decrypt it, and it turns out to be a useful to me (and possibly harmful to others). What law have I broken, plausibly? With the possible exception of this point, I suspect that we agree more than we disagree. My note included the following excerpt from the original: The bill makes it a crime to possess or use an altered telecommunications instrument (such as a cellular telephone or scanning receiver) to obtain unauthorized access to telecommunications services (Sec. 9). This provision is intended to prevent the illegal use of cellular and other wireless communications services. Violations under this section face imprisonment for up to 15 years and a fine of up to $50,000. My reply was keyed to the phrase ``unauthorized access to telecommunications services''. As I read it -- and you may differ -- the action that's being prohibited here is picking up things like ESNs, credit card numbers, etc., and using those to obtain fraudulent access to the phone network. I'm hard put to justify such behavior as ethical, and I have no problem with declaring it illegal. (Again, though, prudent folks and/or their insurance companies and/or the government may choose to use/mandate crypto. Banks started using DES authentication for EFT transfers because the Fed insisted -- they didn't see the problem.) As for decrypting numbers picked up over the air -- although I'm going to be vague, I suspect that there is a real issue here. Suppose that you run a pay TV service that you genuinely attempt to protect -- that is, you use DES or stronger. Am I *entitled* to watch for free because I happen to be smart enough and/or rich enough to crack DES? Can I legally or ethically give away or sell recovered keys? The point I'm making here is that you're making a reasonable effort to protect something, and thus implicitly declare it private and worthy of protection. This is in distiction to unencrypted transmissions (i.e., today's cellular stuff), security through obscurity (today's digital cellular), or marginally encrypted (frequency inversion). To be sure, I don't know where to draw the line here, and I don't think I want a judge (state-appointed or freely agreed upon) drawing it for me. Maybe we should take a leaf from NSA's book and say that 40 bits or less of key amounts to a welcome mat... --Steve Bellovin From hughes at ah.com Fri Aug 19 12:23:06 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 19 Aug 94 12:23:06 PDT Subject: CIA Using Remailer System? In-Reply-To: <199408181058.AA15812@xs4all.hacktic.nl> Message-ID: <9408191858.AA13096@ah.com> Wouldn't it be funny, if the CIA (or other agency) used the remailer system (alon with PGP) for regular communication with operatives overseas. Not particularly. The CIA has used existing bank secrecy jurisdictions for years for, let us say, congressionally non-appropriated funds. Eric From hughes at ah.com Fri Aug 19 12:45:34 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 19 Aug 94 12:45:34 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408161439.KAA10429@zork.tiac.net> Message-ID: <9408191920.AA13293@ah.com> A piece of ecash is basically a callable bond. A raw, non-modal "is"?? Digital cash doesn't exist yet, so saying that it "is" something, is, well, premature. The real question is "What happens if we set up a digital cash system as a callable bond?" And my answer to that is, "You really _want_ the SEC involved?" The issuer gets to keep the interest accrued on that money while the ecash is in circulation. Perhaps in some systems this is so, but not all. The unit of account must be fixed, but the unit of account may not be constant currency, but rather currency at a fixed interest rate. The underwriter looses money if the duration, and thus the total return, of his portfolio of ecash is less than the total return of the principal he's holding in escrow [...] Why do you assume that the only source of income for the "underwriter" is the return on investment from the float? Sure, that's one business model. Transaction and participation fees can also be levied. When the ecash comes back, it's like a bond is called, and the issuer has pony up the principal. The issuer has a debt mediated by an instrument, yes. There are, however, more instruments than bonds available for use. Is the debt secured or unsecured? What happens during bankruptcy of the issuer? These and similar issues determine the nature of the instrument. He then has to unwind a piece of his offsetting portfolio, incurring transaction costs and losing whatever future income those investments might yield. Any reasonable cash management system includes a segment in liquid assets for this case, since the income not taken for this segment is much less than paying for portfolio manipulations. Remember, cash is coming in as well as going out. If you thought that the ecash duration was 3 days and it stayed out there 3 months, It's unlikely that these sorts of figures are not going to be known shortly after rollout, during which phase the cash management function for income is much smaller. In theory, if the fees are high, the money may never come back, and stay in circulation forever. I think you may be getting confused here between "on-us" transactions and a first class currency, which does circulate. Digital cash cannot "circulate forever". I should note, however, that I agree with the basic point, that the portfolio management problem for digital cash is not unusual. Eric From m5 at vail.tivoli.com Fri Aug 19 12:51:00 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Fri, 19 Aug 94 12:51:00 PDT Subject: Outlawing the overhearing of conversations In-Reply-To: <9408191918.AA11807@toad.com> Message-ID: <9408191947.AA02234@vail.tivoli.com> smb at research.att.com writes: > Suppose that > you run a pay TV service that you genuinely attempt to protect -- that > is, you use DES or stronger. Am I *entitled* to watch for free > because I happen to be smart enough and/or rich enough to crack DES? I had a long e-argument with a strange young man in Canada over this point, and of course it's familiar to anyone who knows anything about satellite TV issues. My own feeling is that if somebody's going to blast radiation through my property and through my very body, then to say I have no rightit is illegal for me to interpret the radiation is absurd. It's like making it illegal to look at a newspaper shoved in front of your face by a vendor unless you pay for it. My understanding is that US law was originally written according to this philosophy, but that things changed when the cable indu$stry started to realize that they'd have to either spend money to make their signals difficult to receive and view, or else spend money buying dinners for Congressmen to legislate the problem out of existance. > Can I legally or ethically give away or sell recovered keys? This is a somewhat different question, methinks, and maybe there's a difference between "give away" and "sell". | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From nobody at kaiwan.com Fri Aug 19 12:55:40 1994 From: nobody at kaiwan.com (Anonymous) Date: Fri, 19 Aug 94 12:55:40 PDT Subject: SSS attachment - is that Splash II? Message-ID: <199408191954.MAA12767@kaiwan.kaiwan.com> ------- Forwarded Message Date: Fri, 19 Aug 1994 13:30:42 -0400 (EDT) From: Ronald G Minnich Subject: Re: SSS attachment - is that Splash II? The WSJ article on the Cray-3 deal involves a chip/system designed here called TeraSys. Maya [Minnich djf] has a forthcoming article in IEEE Computer about it. The basic idea is to embed bit-serial processors in the sram chips, one processor per bit in the memory row register. It's a simple processor with an ALU and three registers. The memory "words" can now be thought of as running vertically up the columns, rather than horizontally along the rows. Every time you fetch a row, you are in fact fetching 64 bits from 64 different words to be operated on in the ALUs.This gives you roughly a 100-fold increase in memory bandwidth, since you no longer mux the data down from 64 bits to 1 or 4 bits to bring it off-chip. The key contribution of the Cray (this idea due to Ken Iobst of SRC, who also was the architect of the chips) came from Ken's realization that the Cray vector scatter/gather hardware could push the bits around BETWEEN the chips as fast as the hardware networks on, e.g., the CM-2. Thus the Cray-3, a vector supercomputer, can function as a very high-performance SIMD system as well. You don't need to build the additional network found on so many SIMD machines, e.g. maspar or cm-2. You also can have phases of a program, wherein it runs SIMD for a while, then vector, then SMP mode, etc. The TeraSys processors built here at src cost about $80K each, and for several problems could easily outrun our $6M CM-2. The chips are National Semi SRAMS, with mods done here by Mark Norder and Jennifer Schrader. Ken Iobst is the architect of the chips. The programming environment was basically Maya Gokhale's DBC language, which also runs on Splash-2, the CM-2, and clusters. Cray has reimplemented the chips for the Cray-3. In keeping with the NSAs new plans for SRC, this project was terminated at SRC last January. The systems are gradually being turned off and the cabinets put to other uses. No further work is occurring at SRC in this area. Feel free to forward this article to people who may ask you. There was some good work done by people here. ron rminnich at super.org | Error message of the week: (301)-805-7451 or 7312 | NFS server localhost not responding still trying ------- End of Forwarded Message From weidai at eskimo.com Fri Aug 19 13:18:30 1994 From: weidai at eskimo.com (Wei Dai) Date: Fri, 19 Aug 94 13:18:30 PDT Subject: timestamp.c mangled Message-ID: <199408192018.AA07659@eskimo.com> To: cypherpunks at toad.com timestamp.c was partially mangled, so I am sending it again, this time using PGP ascii-armor. -----BEGIN PGP MESSAGE----- Version: 2.3a owHNVl1oHFUUbi1aNhjpixQR6umUdGf/N7UVNJnSND9tdNOEJsFCEsrszJ3NNbNz h7l3sl3a6pOi1kdbtUgt+KTQh6Ig9M0+iSjUB0UREakWf54LPkj13Dszm9lN0iqI OCyzM/ec853vnDn3nPvKlvP33b+1PL/jyJPianB5NWxv3frj9m1/Otc/Kr/56rlf d/3289GR2+++t3/k030zP731wK07X18aGx68vcd423u9eKkyfujMziuXPxBfXdz+ R+m7vS/cufbZ6IvW9Zdv7ZyfzD1/7bVHly+8czO4+tjjC2MDt+hDR9/44vy2Xfvf D76pnLm5Y+nzvoufzJx6RP/2h9/JhzfO2V8uvvT9g9WHf7lx4Ur/x2K7oE3Cy9YW vCp5UG/CbPplC0owEgrWNAW1YObIDMyhDGalkASwWi0P9vflAept9fcsoTBmUhhu EWqb9BDhK7TJyhZrHkS5UsnMhALEMgGXegS0Mx1fGlAP2iwMoOywoGUGNjjUJUUw PRsNKFfmfsAagdmEFnVdMBNmbhu4ZXpg4qKCaJrUBYQBEywSCBOheVh/jlgClolp U6+h0CQ0dVAx9OxihMlpw1P86sxuA3Pw2RQRXouKZZmDiBIn0lhA3bRWygptGs2C FuXIWQIomwYjHASLWAWkEbpmxK7OTkVWcxga4A8jq5t1jKTJuICQEyfECDlGoIkg 5ILYmvowoLKFESCDYJVapJykdp4TFTM5hd8GNT1huuCHgc84kmCe2y4DTBCCmQkI kayazKZOG6MoQh0/i+8SkxOFpaKTzhjeSEnFgpnCMMCWdgGRifHAwluDqHj32MTB b8oln0p/X3/fHupZbmgTGObCpqy8fLB7LcAg1i3aLq33LrZ5RbR9RO5edyxPuGoN VyPnMDUyWTs8fQK0SsiDCvcZcyuSfCWqSK1bszY9+sxmqmWXWSspffzwMyNzR6V6 pRXrVMp+w0/p1KaP9MjXtpLLGlqa6ej01NTIsTHQ1nZUVAtTyKGL54na5LFxGKzu 27+2OnF8egq0iYA1IaU7O3/46fHROdBmo2J/CpTLVUZtOE6abJWc9FzQ8aMFkM8N SRlG7Om5/r7T/X0Ztc5riLQQe10qApdOFvYdOKCecUcmz3NNXz0OJZZ5Xz5OTNbG Ie9Mh1hUeUcGI/9rrCGF1MMNM8YmUebYyn9GisDAwvWJp2MCi6CZWsQtw32sEeHo yi8KKqLpV3zBTw7YWhEaRPjU1nNSGeJL+u2gJWatDp6KpbpkVKP31jIqgO4gEtdV 4MUk3xggFq2Xg90GHJuv1TBFGZmjjOOHa8rSncTOZHBz6FjSntX0E6H8RhImcJGL fMnlwDCgKqEirB4wzEQElpHbWPcxECWCQhfKEGYa9u6VdySXhewQFAp+bJmXVtnF ajZ6RTvLb+sq8GKEVuhiFKl1iiPSjFbPyhtxsatsEFxcap344ve/H6IqA+QaAWPf 6YAXeiCLyV7pOIvfE2cJW+i50tylmULPwbABg7mIQ0DMFWl9VpaDrE+pnBSJIcPo xVS04/pJ1qSVWk/pn15v6lgudmI9qZl14ruVbq/yP6tc2OTasJbvQXu9QmeXYkdA ynGjNAZ41DNnZ40WzlDK5RCnNvPEisdaMMAr2DyhxHG8FuqmsJZxGmGpY+lb+LdK gjq6NapQsHAsBTiXDeY4aIY7P3aRelD52og9Dg9BmorbhsFFGVDMk+LcWEdb9LTN dUIPzzMreofGPbOkhk5o1dXIwSxANjUHMNXoE3f2AM/CMMZcNrmlxb04FSzu7/8m vB7yKUKbpD3JR8xrU6/5fD51qiE25NeuRa+Lk+pHcktHnbgX8P+0I2IuyMY21HZO DhtF7FaKRmkw1SJjODvujNwlxNcPbNrWENTCxiXSqE9U4zaYxlLjCkkaTocEno06 AxaFcjwb3R0niGV3zacy/Pfyma7AzkRNsqxcda108p7JxHWWZCLSu/dmjD2WSiXA szJnHp6Uo424dm1UfgmDZC0gIgw8XeU+niEbH7ai0258zpKnINp1BtEj+QJd2m1k F72sHO+ppWie0kIhPsYkEoWBfv8C =8h/W -----END PGP MESSAGE----- PGP Public Key available From weidai at eskimo.com Fri Aug 19 13:18:42 1994 From: weidai at eskimo.com (Wei Dai) Date: Fri, 19 Aug 94 13:18:42 PDT Subject: trusted time stampin Message-ID: <199408192018.AA07667@eskimo.com> To: cypherpunks at toad.com ********** Original To: TCMAY at NETCOM.COM * CARBON * was By: WEIDAI * COPY * posted: On: ESKIMO ********** Conf: 0009 - Email ----------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- tcmay at netcom.com wrote: > The hard part is time stamper reliability, i.e., how does the world > (and the courts) know that the time stamper(s) did not simply reset > his clock and thus fake the times? Another problem is security. Establishing a time stamping service can make you a good target for subversion. > 1. Publish a one-way hash of the text to be stamped in a very public > place, e.g., one's latest bestselling novel or the "New York Times." > This is similar to the crypto methods used by scientists through the > ages to prove ownership. H & S call this a "widely witnessed event," > the idea being that millions of copies of archived issued of the NYT > (or the novel!) would have to be retrieved and reprinted in order to > change at a later date the text. Economically impractical. Publishing a one-way hash of the text eliminates the role of the trusted time stamper. Alice can simply sign the text herself and then publish the hash right away (in a Usenet newsgroup for example). Trusted time stampers of course are trusted. It means they have reputations for being secure and reliable, and reputation is worth more to them than any possible benifit they can gain from abusing that trust. Of course, this may not work out in reality, but the theory sounds good to me. A way to convince the public that your time stamp is valid without publishing it at the time of the time stamp or absolute trust (on the public's part) on the time stampers is to use a large number of time stamping services. This way, they must all have colluded or been subverted in order to forge your time stamp. Therefore, the time stamp has a high probability of being valid. cc: CYPHERPUNKS MAILING LIST in 0009 on ESKIMO -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLlUSnjl0sXKgdnV5AQFrkwQAopVBwQaFB5YkpKPkWfsOwA2xsTp4vNmZ SIfJDbhdEM2T2xRbGi9QEofADeIoISgVtN6hkhgeQnk5eyvI3EFL8K+ocqc5rYAQ mQAEsTY9sEvZ2CzQr8grayuvhSnnWRmQKSTsfELctWzZciqlDpHbhI++7G1c9hI+ 1zFEE/2HPoQ= =VtUy -----END PGP SIGNATURE----- PGP Public Key available From hughes at ah.com Fri Aug 19 13:27:13 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 19 Aug 94 13:27:13 PDT Subject: ecash-info In-Reply-To: <199408160246.WAA04689@zork.tiac.net> Message-ID: <9408192002.AA13401@ah.com> Anyway, when I screwed up the guts to ask, Chaum told me that the going price for the underwriter's license/code was $275K plus a percentage of the net profits. It's no small wonder that he's not gotten anywhere. Anybody who wants an operational cut of a finance system is asking for way more money than anybody might want to pony up. A bank (or similar) wants to buy technology, not a partner. the increase in traffic about his inactivity in promotion leads me to believe that he's either working hard in getting his product market-ready, which makes sense, or he's dropping the ball, which I would charitably say is an unfair reading of the facts. A third possibility is that he's just not getting anywhere. If you want too much money for what someone else is willing to pay, you don't make a sale. There are three potential benefits from any Internet money system: 1. The ability to transact and settle to the outside banking system. 2. The ability to keep one's transactions private from one's counterparty. 3. The ability to keep one's transactions private from the bank, and hence the government. Having property 2 subsumes 1, and having 3 subsumes both 2 and 1. Here's the crux. ONLY property one has large and direct and immediate economic benefits to the issuer. Property two has a very small increase in revenue, and property three has an additional, even smaller increase. These relative revenues can be explained by the fact that privacy for your average transaction is not worth a whole lot, and so if you raise your rates to go after the lucrative market who wants property 3, you lose most of your customer who only need property one. If you were a bank, would you pick system 1, 2, or 3? System one will result in direct customer fees. System two will result in, perhaps, very slightly higher fees, and some dissatisfied retailers who want to be subsidized for the collection of transaction data. System three, again, has about the same revenue available, and in addition will get the regulators pissed off! So, with these three kinds of transaction systems in competition with each other, which do you think will win? Let me answer that for you. It's system 1. Now Chaum wants to offer system 3, and it's expensive to purchase. Surprised at lack of success? Not at all. Eric From huntting at glarp.com Fri Aug 19 13:34:00 1994 From: huntting at glarp.com (Brad Huntting) Date: Fri, 19 Aug 94 13:34:00 PDT Subject: 15 years! In-Reply-To: <199408191618.AA19897@panix.com> Message-ID: <199408192033.OAA07688@misc.glarp.com> >>In America cops often use armored battering rams to execute knock >>warrants. Similarly, they can use court orders to obtain keys to >>decode encrypted transmissions or files. If a person is ordered >>to turn over their password to unlock their documents, they can be >>held in contempt if they don't, and they can demand their right to >>not have any of the documents used against them if they do. >> >>In America at least, there are no new civil liberties to be found >>in the use of strong crypto. The legitimate, constitutional use >>of police power cannot be thwarted by using this new technology. > Brad -- perhaps you haven't grasped the full range of possibilities arising > from the deployment of modern crypto technology. > By the use of Stego and anonymous networking and operating system software, > it will be possible to block the authorities from even identifying you as > the target of an investigation. But even wide spread use of these technologies, are nothing more than the excorcise of free speech and the right to be free from self incrimination and warrentless search and seizure. > While it is true that they may be able to try and force you to reveal the > contents of a "secret message", they can succeed only if: > 1) They know that a secret message exists You have a right to hide this from them. > 2) They know that you exist You have a right to not tell them you exist. > 3) They know (and can prove) that you possess the key material necessary to > decode the message. Again, you're well within your rights in not aiding their investigations. > 4) You are capable of being coerced -- i.e. you are a human being and not a > software agent or an institutional entity controlled by humans outside of > the jurisdiction. > 5) You are within their jurisdiction. The US constitution has already been stretched to include foreign nationals under its jurisdiction. In fact foreign nationals can claim many if not all the rights accorded a citizen of the united States (though they must know exactly how to assert those rights or they will be forfeited). In short, borders don't make any difference to the USG. > 6) You have not used an encoding scheme that kicks out two alternative > plaintexts (the 'real message' and the 'duress message') depending on what > key material you use. You would arguably be purging yourself if you did this trick under a court order. But this is a valid point. > 7) You decide not to take advantage of their offer of one or two years of > free room and board rather than submit to their demands. This is the recourse of the state. And it is not merely one or two years. Prison terms for contempt of court are indefinite. Unless you can prove that you _cannot_ be coerced, they can continue to coerce you. In all fairness, contempt of court carries a more serious punishment than any crime except the death penalty (which IMHO is superfluous and unnecessary cruft anyway, your mileage may vary). > Modern crypto techniques can make it very difficult in practice to extract > any useful information from people's computer files or communication > streams. At the least, crypto can make "fishing expeditions" impossible. "Fishing expeditions" border on being unconstitutional. As for expensive law enforcement, nowhere in the united States Constitution is there any mention of a state's right to cheap and easy law enforcement. As When you combine crypto with the fact that on a network, people inside and outside the "jurisdiction" are equal, enforcement capabilities are reduced. So yes, crypto does have the potential to make the cops present job much more difficult. But that is mostly because law enforcement has, over the years, eroded nearly all our civil liberties. In short the state today is stretching and even breaking the limits of constitutionality. Crypto has the potential to allow us to swiftly and ruthlessly reclaim our civil liberties. And yes, the cops are going to have to get creative to keep up. brad From jim at bilbo.suite.com Fri Aug 19 13:38:01 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Fri, 19 Aug 94 13:38:01 PDT Subject: In Search of Genuine DigiCash Message-ID: <9408192037.AA10062@bilbo.suite.com> A few days ago I asked: > Can a case be made that anonymous digicash is less risky > (to a bank) than NON-anonymous digicash? There were no takers. Therefore, I'll ask different questions: Would a Chaum-style anonymous digital cash service be more profitable to a bank than a NON-anonymous digital cash service? Are the costs involved in offering and supporting anonymous digital cash more, or less, than the costs associated with NON-anonymous digital cash? In other words, why might a bank chose to offer/support anonymous digital cash over NON-anonymous digital cash? If a "bank-centric" case for anonymous digital case over NON-anonymous digital cash can't be made, then there's little chance we'll see anonymous digital cash any time soon. Jim_Miller at suite.com From hughes at ah.com Fri Aug 19 13:42:35 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 19 Aug 94 13:42:35 PDT Subject: e$: Cypherpunks Sell Concepts In-Reply-To: <199408072158.RAA02425@zork.tiac.net> Message-ID: <9408192017.AA13537@ah.com> FINCEN is the Financial Crimes Enforcement Network, a very scary thing indeed. A good article on it was in Wired, issue 1.5 as I recall, which should be available from their infobot. Eric From pcw at access.digex.net Fri Aug 19 14:05:47 1994 From: pcw at access.digex.net (Peter Wayner) Date: Fri, 19 Aug 94 14:05:47 PDT Subject: Some facts on the Cray-3 deal Message-ID: <199408192105.AA22741@access3.digex.net> I should note that the processors on this machine sound strikingly like the Coherent Memory Chips that I turned into DES crackers. Also, the SRC's observation that the routing network of the SIMD machines is expensive is an old one at Coherent. Their memory chips were only connected with a one dimensional network and Chuck Stormon felt that this was the only connection arrangement that scaled. This is one of the sad limitations of packaging. In SIMD machines with multiple processors per chip it is often impossible to quadruple the number of processors per chip when a new fabrication process emerges. There just aren't enough pins available. It turns out that the 12 dimensional routing network of the Connection Machine was really overkill. A three dimensional one was nice on some problems, but you paid the price in performance. I'm not surprised that the Terasys could really run rings around the CM-2 for some problems that didn't need the bandwidth. It does sound interesting if the scatter/gather hardware can do a good job with the routing. (It is interesting that this announcement came on the same timeframe as the obituaries for Thinking Machine. They all said stuff like "These guys were brilliant and the machine was great...but the market didn't see their brilliance." It would be funny if the old Cray design proved to be just as versatile.) All that being said, I don't really think that this machine will be anywhere near as powerful as the one I described. The 512,000 processors would probably take about 300-1000 days to do a brute force DES search. The main advantage is that the processors have 64 bits available in memory, not 42. That's just enough to store a complete DES (or SKIPJACK!!!) block in place. There is no need to use the communication hardware to go back and forth. I'll do a more complete calculation later. I don't know whether they'll be able to add more SIMD processors with time. 512k words of memory seems pretty small even when there are 8 bytes to a word. -Peter Wayner >Date: Fri, 19 Aug 1994 13:30:42 -0400 (EDT) >From: Ronald G Minnich >Subject: Re: SSS attachment - is that Splash II? >To: jms >Cc: f-troup at AURORA.CIS.UPENN.EDU > >The WSJ article on the Cray-3 deal involves a chip/system designed here >called TeraSys. Maya [Minnich djf] has a forthcoming article in IEEE >Computer about it. >The basic idea is to embed bit-serial processors in the sram chips, one >processor per bit in the memory row register. It's a simple processor with >an ALU and three registers. The memory "words" can now be thought of as >running vertically up the columns, rather than horizontally along the >rows. Every time you fetch a row, you are in fact fetching 64 bits from 64 >different words to be operated on in the ALUs.This gives you roughly a >100-fold increase in memory bandwidth, since you no longer mux the data >down from 64 bits to 1 or 4 bits to bring it off-chip. The key >contribution of the Cray (this idea due to Ken Iobst of SRC, who also was >the architect of the chips) came from Ken's realization that the Cray vector >scatter/gather hardware could push the bits around BETWEEN the chips as >fast as the hardware networks on, e.g., the CM-2. Thus the Cray-3, a >vector supercomputer, can function as a very high-performance SIMD system >as well. You don't need to build the additional network found on so many >SIMD machines, e.g. maspar or cm-2. You also can have phases of a >program, wherein it runs SIMD for a while, then vector, then SMP mode, >etc. > >The TeraSys processors built here at src cost about $80K each, and for >several problems could easily outrun our $6M CM-2. > >The chips are National Semi SRAMS, with mods done here by Mark Norder and >Jennifer Schrader. Ken Iobst is the architect of the chips. The >programming environment was basically Maya Gokhale's DBC language, which >also runs on Splash-2, the CM-2, and clusters. Cray has reimplemented the >chips for the Cray-3. > >In keeping with the NSAs new plans for SRC, this project was terminated >at SRC last January. The systems are gradually being turned off and the >cabinets put to other uses. No further work is occurring at SRC in this >area. > >Feel free to forward this article to people who may ask you. There was >some good work done by people here. > >ron > >rminnich at super.org | Error message of the week: >(301)-805-7451 or 7312 | NFS server localhost not responding still trying > > > From tcmay at netcom.com Fri Aug 19 14:11:28 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 19 Aug 94 14:11:28 PDT Subject: Outlawing the overhearing of conversations In-Reply-To: <9408191433.AA08423@toad.com> Message-ID: <199408191757.KAA03296@netcom16.netcom.com> Regarding the topic of a 15-year prison term for receiving broadcasts one is not supposed to, Steve Bellovin wrote: > I'm not defending a 15 year sentence; it's far too harsh. But I > strongly disagree with ``why outlawing it in the first place? What is > crypto for?'' By analogy, why outlaw burglary? After all, what are > safes and alarms for? > > The purpose of a civilized society is precisely to avoid this sort of > ``arms race'' between bandits and those who pay for services. Even > libertarians generally agree that theft is wrong, and theft of service > is just as wrong as theft of tangible objects; otherwise, there is As a libertarian, I disagree that thefts of services are the same as thefts of tangible objects. Consider some possible "thefts of services": - I'm tuning my radio, listening to what is freely available on my property, and I hear something that helps me in some way. Have I broken any law, plausibly? - I find a number which looks to be compressed or encrypted. I fiddle around with it and manage to decrypt it, and it turns out to be a useful to me (and possibly harmful to others). What law have I broken, plausibly? - I'm a 15th-century blacksmith. I use the new technology of printing to help people learn to do basic home-blacksmithing. The Blacksmith's Guild claims I have deprived them of business and have violated their rights. Etc. The "listening to the radio" and "decrypting a number" are both similar situations. (I threw in the last point to make a slightly different point, about the collapse of guilds and the parallels to what is now happening with corporations.) If I overhear someone talking in a restaurant, is this criminal? Does it matter if I learn something of commercial value or not? The common sense response is that those who don't want to be overheard should either keep their voices down or speak in a kind of code. Talking about trade secrets of business deals where conversations can be overheard, and then claiming "theft of services" is an abuse of the law. And impossible to enforce, as the current scanner laws are. The issue of "spaces" also comes up. Personal, local spaces (such as houses, offices, etc.) are protectable, and a thief who enters can be captured, shot, etc. But extending this idea of a personal space to include things spoken in public places, or broadcast for hundreds of miles with radio or television transmitters, is a terrible idea. Let those who speak in a public place--restaurants, the airwaves--but wish not be understood by outsiders choose a technology which supports this. Don't ask me, or other taxpayers, to prosecute those who happen to hear and understand what was said. (There are more interesting digressions into privately-produced law, into haow insurance companies would charge to insure against such cases, etc.) I know of very few libertarians who support the idea of criminalizing the hearing of broadcast messages, let alone who would criminalize mere possession of certain kinds of radios (scanners). --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From adam at bwh.harvard.edu Fri Aug 19 14:16:43 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Fri, 19 Aug 94 14:16:43 PDT Subject: Cray contract info Message-ID: <199408191805.OAA03282@walker.bwh.harvard.edu> | From: HPCwire article-server | Message-Id: <199408191753.AA16894 at hpcwire.ans.net> | To: adam at bwh.harvard.edu | Subject: 4493 CRAY COMPUTER AWARDED CRAY-3/SSS DEVELOPMENT CONTRACT August 17 | | CRAY COMPUTER AWARDED CRAY-3/SSS DEVELOPMENT CONTRACT August 17 | IN THE NEWS by Carol Cramer, Managing Editor HPCwire | ============================================================================= | | Colorado Springs, Colo. -- A joint development contract between Cray | Computer Corporation and the National Security Agency (NSA), valued at up | to $9.2 million, is slated to produce a CRAY-3/Super Scalable System (SSS). | | Under the terms of the contract, Cray Computer Corporation will be paid up | to $4.2 million for development costs, and the Government will provide | approximately $400 thousand in software consulting services. The company is | responsible for the balance of the development costs. In addition, it will | have rights to use certain Government technologies. | | The CRAY-3/SSS will be a hybrid high performance system that will offer | vector parallel processing, scalable parallel processing and the | combination of both. | | "NSA selected Cray Computer Corp. to develop the CRAY-3/Super Scalable | System because of its advanced technologies and the CRAY-3 architecture," | stated George Cotter, chief scientist for the NSA. "This is an important | initiative of the Federal High Performance Computing and Communications | (HPCC) program." | | Chuck Breckenridge, executive vice president for Cray Computer | Corporation, noted, "The CRAY-3/SSS will provide unparalleled performance | for many promising applications. We are pleased to participate in this | transfer of government technology and we are eager to help potential | customers explore and develop appropriate applications." | | Based on a September 1993 feasibility study, this development recommends a | hybrid supercomputer composed of a CRAY-3 and a large number of Processor-In- | Memory (PIM) chips, developed by the Supercomputing Research Center (SRC: | Institute for Defense Analyses). The SRC will provide significant technical | assistance in both the software and hardware aspects of the system. | | The Government's technology transfer program is intended to maintain the | country's technology leadership position by providing a cost sharing | arrangement for development and commercialization of advanced Government | technologies. | | The high performance system will consist of a dual processor 256 million | word CRAY-3 and a 512,000 processor 128 million byte Single Instruction- | Multiple Data (SIMD) array. This CRAY-3/Super Scalable System will provide | high-performance vector parallel processing, scalable parallel processing | and the combination of both in a hybrid mode featuring extremely high | bandwidth between the PIM processor array and the CRAY-3. SIMD arrays of 1 | million processors are expected to be available using the current version | of the PIM chip once this development project is completed. | | The scalable array will connect to the CRAY-3 memory interface and will | be addressable as standard memory to facilitate use of the SIMD array with | minimal delays for data transfer. The PIM chip, containing 64 single bit | processors and 128K bits of memory, was developed by the Supercomputing | Research Center for NSA, and tested on a Sun/SPARC workstation with a | parallel version of the C language. | | The PIM chips will be packaged by Cray utilizing its advanced multiple | chip module (MCM) packaging technology that allows the CRAY-3 to operate | with a record breaking 2.08 nanosecond clock rate. The PIM chips are | manufactured by National Semiconductor Corporation. The CRAY-3/SSS is | expected to be demonstrated in the first quarter of 1995. After this | initial demonstration, interested parties will be invited to try out other | applications. | | The CRAY-3 memory interface bandwidth will allow the application specific | SIMD array to provide dramatic performance improvements over existing | architectures for bit and image processing, pattern recognition, signal | processing, and sophisticated graphics applications. A notable strength of | the SIMD processor array is variable precision floating point for those | frequently occurring applications requiring less (and sometimes more) than | the standard 64 bit IEEE floating point arithmetic. A substantial | applications base is available for the CRAY-3, and Cray Computer Corporation | is committed to working closely with customers to develop traditional high | performance vector and scalable applications. | | For suitable applications, the SIMD processor array option offers up to | 32 Trillion Bit Operations per Second and provides price/performance | unavailable today on any other high performance platform. The CRAY-3 system | with the SSS option will be offered as an application specific product and | will be well positioned in the evolving supercomputer marketplace. | | Seymour Cray stated, "The CRAY-3/SSS development project leverages the | company's existing technologies and accelerates our program to develop | parallel architectures and software to reach the TeraFLOPS performance | level. I see a strong SIMD architectural component as crucial to a complete | parallel supercomputer capability." | | ***************************************************************************** | Copyright 1994 HPCwire. | To receive the weekly HPCwire at no charge, send e-mail without text to | "trial at hpcwire.ans.net". | From turner at telecheck.com Fri Aug 19 16:09:53 1994 From: turner at telecheck.com (Joe Turner) Date: Fri, 19 Aug 94 16:09:53 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <9408192037.AA10062@bilbo.suite.com> Message-ID: <9408192310.AA10603@TeleCheck.com> > > A few days ago I asked: > > > Can a case be made that anonymous digicash is less risky > > (to a bank) than NON-anonymous digicash? > > There were no takers. Therefore, I'll ask different questions: > > Would a Chaum-style anonymous digital cash service be more profitable to a > bank than a NON-anonymous digital cash service? I think that very few would have the initiative to lay out the money for a no-transaction cash system. With credit cards and checks there is a transaction trail that you can follow to spot and get rid of fraud. For someone in the banking community who is used to giving out paper transaction slips and taking deposit slips, I think it is a frightning idea. > Are the costs involved in offering and supporting anonymous digital cash > more, or less, than the costs associated with NON-anonymous digital cash? > It depends on what kind of hardware/software you are attempting to set up. Will it be a replacement to ATM and credit cards or would it be a concurrent working solution? (ie, is a merchant who has just spent $1000 on a spiffy POS machine that read checks, takes every credit card in existance, and ATM cards going to want to junk his equipment for a smart-card reader?) . I think at this point, it is pretty obsurd to think that everyone will be carrying around thier 486 laptop to act as a "representative" for their smart card. If it is going to work: 1. It must be convient for the customer; and/or 2. It must save money or time; and/or 3. It must provide additional benifits for customers or merchants (ie, privacy for customers, undeniable transactions for merchants). > In other words, why might a bank chose to offer/support anonymous digital > cash over NON-anonymous digital cash? > > If a "bank-centric" case for anonymous digital case over NON-anonymous > digital cash can't be made, then there's little chance we'll see anonymous > digital cash any time soon. Chaum writes (sciam.txt available via ftp at: digicash.nl): Blinded electronic bank notes protect an individual's privacy, but because each note is simply a number, it can be copied easily. To prevent double spending, each note must be checked on-line against a central list when it is spent. Such a verification procedure might be acceptable when large amounts of money are at stake, but it is far too expensive to use when someone is just buying a newspaper. This was as I said in my earlier post-- that I would include an online-verification to make sure notes are real and not double-spent. -- Joe N. Turner Telecheck International turner at telecheck.com 5251 Westheimer, PO BOX 4659, Houston, TX 77210-4659 compu$erv: 73301,1654 (800) 888-4922 * (713) 439-6597 From pcw at access.digex.net Fri Aug 19 16:22:28 1994 From: pcw at access.digex.net (Peter Wayner) Date: Fri, 19 Aug 94 16:22:28 PDT Subject: Cray contract info Message-ID: <199408192321.AA28154@access3.digex.net> ge. >| >| The PIM chips will be packaged by Cray utilizing its advanced multiple >| chip module (MCM) packaging technology that allows the CRAY-3 to operate >| with a record breaking 2.08 nanosecond clock rate. The PIM chips are >| manufactured by National Semiconductor Corporation. The CRAY-3/SSS is >| expected to be demonstrated in the first quarter of 1995. After this >| initial demonstration, interested parties will be invited to try out other >| applications. I should note that this is almost 10 times faster than the Coherent Chips. Given that there is no need for interprocessor message passing in the DES tests, I rate that this chip could be 20 times faster than the earlier design. That puts it at 100 days per DES attack. This sounds like a pretty fun machine to get. All of the old vector performance of the Cray bundled with the fun of the old CM-1/CM-2. You could get some _great_ results on specific problems. -Peter Wayner From hughes at ah.com Fri Aug 19 16:49:23 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 19 Aug 94 16:49:23 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <9408192310.AA10603@TeleCheck.com> Message-ID: <9408192324.AA13829@ah.com> I think that very few would have the initiative to lay out the money for a no-transaction cash system. With credit cards and checks there is a transaction trail that you can follow to spot and get rid of fraud. I trust that for "transaction" above you mean "audit". You still have transactions and you still have audits. It's just that this information does not allow for the derivability of the customer's transaction. Assume four accounts in the books of an issuing bank: one asset account, cash, and two liability accounts, one for a customer and one suspension account for digital banknotes issued by not yet redeemed. The withdrawal transaction posts a debit to a customers demand deposit account (decreasing it) and a credit to the suspension account (increasing it). Now suppose the customer buys something from a merchant, and the merchant redeems the digital banknote cash. The deposit transaction posts a debit to the suspension account (decreasing it) and a credit to the cash account (also decreasing it). As you can see, there are perfectly good journal entries for each of the two transactions just described. What is missing is an audit trail to determine which debit to the suspension account corresponds to which credit to the suspension account. An assurance that these match up is provided by two properties. First, for each banknote issued there is one and only feasibly computable modification of it that is acceptable for redemption. (In Chaum's scheme this is the unblinding.) Second, a database of the banknotes as redeemed is kept, which prevents multiple redemption. Will it be a replacement to ATM and credit cards or would it be a concurrent working solution? Concurrent, of course. There's very little point to scrap any existing system as a system. Individual merchants may decide not to support older systems eventually, but that is a different issue. Nonetheless, I have argued at length at other times that digital cash will not be viable as a physical retail system very soon. Where digital cash is immediately useful is online as a retail level wire transfer system. Chaum: Such a verification procedure might be acceptable when large amounts of money are at stake, but it is far too expensive to use when someone is just buying a newspaper. Maybe a physical newspaper today, but the cost of networking is dropping and the cost of computation is dropping. I personally don't expect that off-line digital cash techniques will ever actually be economically most efficient. Existing alternates (e.g. credit cards) work well enough today, and by the time PDA's work well enough and are cheap enough to be universal, the cost of an online verification will be down in the fractions of a cent. Eric From hughes at ah.com Fri Aug 19 17:08:09 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 19 Aug 94 17:08:09 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <9408192037.AA10062@bilbo.suite.com> Message-ID: <9408192343.AA13855@ah.com> Can a case be made that anonymous digicash is less risky (to a bank) than NON-anonymous digicash? In certain circumstances, it might be. Where a bank is at risk of violence when it does not reveal transaction information, not possessing such information poses less risk. On the other hand, in the USA a bank is at risk of violence when it does not possess transaction information. Would a Chaum-style anonymous digital cash service be more profitable to a bank than a NON-anonymous digital cash service? Maybe. It depends on what the demand curve for transaction services of various kinds looks like and what the relative demand for privacy is. If there were already a fully identified digital money system, then creating an anonymous digital cash system would grab you most of the market which was willing to pay a premium for privacy services. That, by the way, is not everybody. There will be at least a local maximum at some large premium, simply because certain benefits of bank secrecy are so large. On the other hand, there is likely also a local maximum where the premium is fairly small. In this case you get not only all the people above, but a large percentage of the people who are willing to pay just a little more for privacy. As to where these local maxima actually are, and which yields the larger profits, I have no idea. Are the costs involved in offering and supporting anonymous digital cash more, or less, than the costs associated with NON-anonymous digital cash? The costs associated with anonymous digital cash may well be less that for identified digital money systems. There are additional services being sold in most identified systems, including statements of transaction logs, reversibility of transactions, delay in settlement, and availability of logs to government. This last service is sold to the government with each transaction, a hidden fourth party which taxes the bank with the requirement to offer this service, in order to permit the bank to operate. These additional service take resources to operate. Reversibility, I suspect, is the most expensive to operate, since it's all human labor that can't be easily handled by computer. Digital cash, on the other hand, needs a redeemed note database, but this is one of its only unique costs. Since settlement is immediate, reversibility is not an issue, and neither is any delay in settlement. There are far fewer long term records to keep. It is likely that digital cash is more efficient economically, since it unbundles a bunch of previously linked services and allows them to be purchased separately by those who actually need them. Eric From die at pig.jjm.com Fri Aug 19 22:49:01 1994 From: die at pig.jjm.com (Dave Emery) Date: Fri, 19 Aug 94 22:49:01 PDT Subject: cypherpunks-digest V1 #18 In-Reply-To: <9408191433.AA08423@toad.com> Message-ID: <9408200556.AA09211@pig.jjm.com> Steve Bellovin writes : > > I'm not defending a 15 year sentence; it's far too harsh. But I > strongly disagree with ``why outlawing it in the first place? What is > crypto for?'' By analogy, why outlaw burglary? After all, what are > safes and alarms for? There are certainly at least two issues here. One is whether or not radio communications are in any way intrinsicly private or are by nature public. Outlawing listening to radio communications has always seemed logically absurd to many thoughtful people as the ether is intrinsicly and unavoidably an open broadcast medium with the property that anything transmitted into it can almost always be easily received by many many unauthorized others from spaces they have the legitimate access to and a basic right to operate radio receivers in. The original restriction of the right to listen to radio signals and use the information received implemented in the 1934 Communications Act was perhaps justifiable as a special artifical protection of an infant industry in 1934 because conveniant, low cost, small, low power and weight, user transparent, and reliable radio encryption technology simply did not exist. In fact it was only 8-10 years later that Bell Labs actually implemented the first really secure vocoder based HF radio digital voice crypto system - it took up some like 30 floor to ceiling racks, and was obviously not something that could ever be justified for use for the normal communications of mere mortals. But today such technology is so cheap, small, easily integrated, secure, and in a digital world so completely transparent that preserving this artificial protection for a now robust adult industry is patently absurd. To my view this policy of criminalizing radio listening has actually seriously decreased the real privacy of radio communications as it has reduced pressure to implement even rudimentary encryption, and encouraged the view that radio is just the same as the much more intrinsically private wired communications only without the wires. It is also my long held view that one very important but silent and shadowy player in this pretend radio privacy charade is the intelligence and law enforcement community that obviously benefits greatly from an open communication system that can be so easy covertly monitored for the purpose of conducting searches, including many that are very questionable or completely illegal under the constitution. But ... > libertarians generally agree that theft is wrong, and theft of service > is just as wrong as theft of tangible objects; otherwise, there is > no way to recover the cost of the capital investment necessary to > provide the service. That is, the marginal cost -- the electricity, > wear and tear on the ICs, etc., to make a cellular phone call -- is > obviously very low. But someone had to pay for all the cellular switches > out there, to say nothing of the R&D that went into them, and a large > part of the charges for a call go towards repaying that investment. The second issue here is the issue of what constitutes theft of services. Is merely passively using a service broadcast by radio a crime that should be rewarded with 5 year sentences and $250,000 fines ? It is quite easy to argue that actively using a radio based service such as a cellular system without authority is intrinsicly an act of fraud in that it involves lying about one's identity to obtain a valuable service, and criminal trespass in that it involves entering a private virtual space without authority, but isn't the best analogy with unauthorized listening or watching radio and tv signals not such active intrusions but merely reading the front page of a newspaper in a vending machine in a public place without paying for it ? I would think that anybody who spends capital to create and provide a service and then provides it to the public over a broadcast channel protected only by a silly legal charade deserves any piracy he suffers and should not be able to create the enforcable legal myth that using the service without paying is theft. Perhaps forbiding commerce in encryption keys ("wizard numbers"), and technology specificly and only intended to enable access to such a service without paying such as pirate decoder chips and modified boards is a justifiable legitimate protection for such businesses but outlawing the mere possession or use of such technology is far too broad a protection for something that is really public broadcasting and not private. On the other hand a cellular provider has only a limited amount of capacity available to serve a particular cellphone, capacity which costs capital to provide, and usually pays something for the landline part of the calls it provides - unauthorized use of such a service does cost the carrier something if only by degrading the quality of service for paying subscribers. Fred the Pirate From tcmay at netcom.com Fri Aug 19 23:09:05 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 19 Aug 94 23:09:05 PDT Subject: C.A.N. #94-09 [For Subscribers Only!] Message-ID: <199408200609.XAA23028@netcom11.netcom.com> [Guvf zrffntr vf sbe fhofpevoref bayl! Vs lbh ner abg pheeragyl fhofpevorq gb gur Pelcgb Nanepuvfg Arjfyrggre _naq_ lbh unir vyyrtnyyl qrpelcgrq guvf zrffntr, lbh ner ivbyngvba bs Srqreny Pbqr 42-666, Qvtvgny Gryrcubal Ovyy. Vyyrtny ernqvat bs guvf cbfg rkcbfrf lbh gb 15-lrne cevfba grez naq n $10,000 cre bppheerapr svar. Vafgehpgvbaf ba jurer gb fraq lbhe purpx sbyybj.] PELCGB NANEPUVFG ARJFYRGGRE, #94-09, 1994-08-19 Serrqbz Svtugref Bognvavat Arrqrq Fhccyvrf. Lncbapuvx vf bssrevat fcbg cevpr bs QZ12.500/tz, Tqnafx envyurnq. Cnlzrag ivn NzRk Zbarltenz, Nehon NRP. Cevapvcnyf bayl. Or pnershy gb nibvq erprag A.R.F.G. grnz, neevivat Onfry, 1994-08-20. Cerffherf zbhagvat va Fgngrf gb "qb fbzrguvat" nobhg erprag fuvczragf. -- From solman at MIT.EDU Fri Aug 19 23:33:56 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Fri, 19 Aug 94 23:33:56 PDT Subject: ccc [alt.suicide.holiday #18856] Message-ID: <9408200633.AA26143@e51-007-12.MIT.EDU> Does decrypting encoded messages really fall under the digital telephony bill? I thought it only applied to hardware. ------ Forwarded Article <3347uc$9l at senator-bedfellow.MIT.EDU> ------ From solman at athena.mit.edu (Jason W Solinsky) [This message is for subscribers only! If you are not currently subscribed to the Crypto Anarchist Newsletter _and_ you have illegally decrypted this message, you are violation of Federal Code 42-666, Digital Telephony Bill. Illegal reading of this post exposes you to 15-year prison term and a $10,000 per occurrence fine. Instructions on where to send your check follow.] CRYPTO ANARCHIST NEWSLETTER, #94-09, 1994-08-19 Freedom Fighters Obtaining Needed Supplies. Yaponchik is offering spot price of DM12.500/gm, Gdansk railhead. Payment via AmEx Moneygram, Aruba AEC. Principals only. Be careful to avoid recent N.E.S.T. team, arriving Basel, 1994-08-20. Pressures mounting in States to "do something" about recent shipments. ------ End of Forwarded Article From hughes at ah.com Fri Aug 19 23:42:06 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 19 Aug 94 23:42:06 PDT Subject: C.A.N. #94-09 [For Subscribers Only!] In-Reply-To: <199408200609.XAA23028@netcom11.netcom.com> Message-ID: <9408200617.AA14365@ah.com> Just say tr 'a-mn-zA-MN-Z' 'n-za-mN-ZA-M' < foo Eric From khijol!erc at apple.com Fri Aug 19 23:55:58 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Fri, 19 Aug 94 23:55:58 PDT Subject: NSA spy machine In-Reply-To: <199408190637.XAA16716@netcom9.netcom.com> Message-ID: > (And a new generation of hackers are using Linux on cheap Pentium > boxes to easily outrun Suns.) You think a Pentium/60 is fast, try running Linux on a DX4/100 - now *that's* FAST! Beats the hell out of a Sparc 2... :) From khijol!erc at apple.com Fri Aug 19 23:56:16 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Fri, 19 Aug 94 23:56:16 PDT Subject: cypherpunks-digest V1 #18 In-Reply-To: <9408191433.AA08423@toad.com> Message-ID: > Now, a prudent service provider may wish to invest in crypto as a way > to prevent fraud, just as many homeowners invest in alarm systems. > But failure to do so doesn't make either sort of theft correct. This is precisely the sort of argument that makes the least amount of sense to those who are looking for a justification of some sort to continue to rip "them" off. After all, "they" are rich, so what's it hurt? I am currently employed as an information management security consultant for a rather large telecommunications company subsidiary (no, not Bell, but you're close). A discussion arose the other day between myself and another consultant as to the ethics of theft. If one steals a pen from work, is that "really" theft? Is stealing a box, or a truckload? You might be surprised to learn how many people think stealing a pen is OK, but stealing a truckload is not OK. Just because someone doesn't say explicitely "don't steal this pen" some people think it's OK to steal it. But it's an ethics problem, and I feel a failure at the deepest levels of our society that says that stealing in any form is OK. As for "stealing" radio signals that happen to stray onto your property, my position is that it's not theft - any more than it's theft to read a paper one finds in the restroom while sitting on the throne ;) The Communications Act of 1934 spelled this out explicitly. But the fools in Washington let special interest $$$ seduce them into doing something utterly foolish. Again. If it comes within my purview, then it's mine - and if I choose to spend the time and effort it takes to decrypt it, well, tough for the satellite TV industry. I don't see them going after folks without decryption gear, which is what they'd have to do if they really wanted to make their position even marginally tenable. From blancw at pylon.com Sat Aug 20 00:50:37 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Sat, 20 Aug 94 00:50:37 PDT Subject: cypherpunks-digest V1 #18 Message-ID: <199408200751.AAA05607@deepthought.pylon.com> As for "stealing" radio signals that happen to stray onto your property, my position is that it's not theft - any more than it's theft to read a paper one finds in the restroom while sitting on the throne ;) The Communications Act of 1934 spelled this out explicitly. ................................................................ That's why I hate regulations, they get so explicitly particular. Blanc From tcmay at localhost.netcom.com Sat Aug 20 01:20:28 1994 From: tcmay at localhost.netcom.com (Timothy C. May) Date: Sat, 20 Aug 94 01:20:28 PDT Subject: coming soon: secure digital time-stamping in practice Message-ID: <199408200820.BAA21014@netcom14.netcom.com> Earlier I said I would forward to the list a posting I did on digital time-stamping, describing the Haber and Stornetta system. But I'll instead repost Stu Haber's comments, for more detail. --Tim >Date: Sun, 19 Jun 1994 21:52:29 -0700 >From: stuarth at netcom.com (Stuart Haber) >To: cypherpunks at toad.com >Cc: stuarth at netcom.com >Subject: coming soon: secure digital time-stamping in practice >Sender: owner-cypherpunks at toad.com >Precedence: bulk >Status: RO > >On Thursday, June 16 Tim May very nicely described a digital >time-stamping scheme: > >> The canonical reference for digital timestamping is the work of Stu >> Haber and Scott Stornetta, of Bellcore. Papers presented at various >> Crypto conferences. > >See below for pointers to the papers. > >> Their work involves having the user compute a hash of the document he >> wishes to be stamped and sending the hash to them, where they merge >> this hash with other hashes (and all previous hashes, via a tree >> system) and then they *publish* the resultant hash in a very public >> and hard-to-alter forum, such as in an ad in the Sunday New York >> Times. >> >> In their parlance, such an ad is a "widely witnessed event," and >> attempts to alter all or even many copies of the newspaper would be >> very difficult. (In a sense, this WWE is similar to the "beacon" term >> Eric Hughes used recently in connection with timed-release crypto.) >> >> Haber and Stornetta plan some sort of commercial operation to do this, >> and, last I heard, Stornetta was moving to the Bay Area (where else?) >> to get it started. > >We do indeed plan to do just that. Bellcore has spun off a company, >Surety Technologies, whose charter is to bring digital time-stamping >into widespread use. Resisting the charms of the Bay Area, we decided >to stay in New Jersey. > >Instead of closing off our trees once a week and publishing their roots >in the national edition of the Sunday New York Times, as we've been >doing for over two years now (including this week: look for the Public >and Commercial Notices towards the end of the main news section of >today's paper -- on p. 30 if you get the NY-area edition), we are >planning to close our trees at sub-minute intervals and make their roots >widely available. By the end of the summer, we plan to have a service >bureau (to build the trees) up and running, and client software >available to access the service -- both for time-stamping documents and >for validating (document, time-stamp certificate) pairs. > >> This service has not yet been tested in court, so far as I know. > >Nor as far as I know. But we do plan to push this issue, on several >legal and regulatory fronts, so as to enhance the legal acceptance of >appropriately authenticated digital documents. > >Here are the references: > "How to Time-Stamp a Digital Document," > S. Haber and W.S. Stornetta, > Journal of Cryptology, vol. 3, pp. 99-111 (1991). > A similar version appeared in the CRYPTO '90 Proceedings > (Springer-Verlag LNCS, Vol. 537), pp. 437-455. > > "Improving the Efficiency and Reliability of Digital Time-Stamping," > D. Bayer, S. Haber, and W.S. Stornetta, > Sequences II: Methods in Communication, Security, and Computer Science, > ed. R.M. Capocelli, A. DeSantis, U. Vaccaro, pp. 329-334, > Springer-Verlag (1993). > > >Stuart Haber | Surety Technologies provides >Chief Scientist | Digital Notary(sm) service on the Internet. >Surety Technologies, Inc. | General info: info at notary.com >stuart at notary.com | (201) 993-8178, fax -8748 > > .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From cyber1 at io.org Sat Aug 20 03:49:26 1994 From: cyber1 at io.org (Cyber City) Date: Sat, 20 Aug 94 03:49:26 PDT Subject: 15 years! Message-ID: Mats Bergstrom says: > I commented on this before but feel like repeating myself: So an alt.2600 > tec-addict makes some hardware hacks on his cellular - and gets 15 years > in the slammer for catching some airwaves. A punishment scale suggestive > of a very repressive state! Many laws passed in the last decade have penalties which are coercive rather than punitive. The real intent is to force the accused to give up his accomplices. In fact, law enforcement has had some successes employing this tactic, but at what cost! -- Alex Brock From cyber1 at io.org Sat Aug 20 04:12:53 1994 From: cyber1 at io.org (Cyber City) Date: Sat, 20 Aug 94 04:12:53 PDT Subject: Disruptive Tactics Message-ID: There was some discussion recently concerning problems which could arise if the U.S. federal government had a medical database on its citizens. One example of abuse of medical records is documented in the report of the "Krever Royal Commission on the Confidentiality of Health Records", published in 1980 in Canada. In the particular case I'm citing, a (now disbanded) RCMP (federal police) dirty-tricks squad obtained medical records of a dissident, and used them for disruptive tactics. Quoting from page 45: "The letter distributed at King Edward School attempted to use accurate health information to sow dissension, disruption and distrust among the members of the Young Socialists. The three letters were written and distributed by the RCMP. Superintendent Ian William Taylor ... expressly admitted that the letters addressed to Mr. Riddell and the letter distributed at the King Edward School were written by members of the RCMP with the authorization of senior RCMP officers." One of the letters begins as follows: "COMRADE: We have been most disturbed by indications of increasing emotional instability on your part, witnessed by psychiatric consultations, violent outbursts of temper and frequent periods of irritability. We note too from the enclosed letter that your condition has not escaped the notice of others." (etc.) Please note that I have no sympathy at all with the political objectives of this group, but I think the incident is a good example of the sort of abuse which can result when highly personal records are accessible by a government. -- Alex Brock From habs at panix.com Sat Aug 20 06:29:06 1994 From: habs at panix.com (Harry S. Hawk) Date: Sat, 20 Aug 94 06:29:06 PDT Subject: PATNEWS: PKP cryptography members suing each other - DUCK!!!! (fwd) Message-ID: <199408201328.AA14608@panix.com> a conscious being, Gregory Aharonian wrote: > From srctran at world.std.com Sat Aug 20 07:08:04 1994 > Subject: PATNEWS: PKP cryptography members suing each other - DUCK!!!! For some time, the US government's plans to come up with a standard for digital signatures for electronic documents has run into a variety of problems, one of which is the fact that some of the algorithms the government wants to use are patented and in private hands, with threats of infringement lawsuits. In fact, the government recently agreed to pay an MIT professor royalties in return for use of his patent. Other patents involved are held by the consortium Public Key Partners (PKP) of Sunnyvale, California. Well as it turns out, members of PKP are now suing each other (isn't patenting fun :-). One member, Cylink (Sunnyvale) is suing another member, RSA Data Security (Redwood City, CA) over RSA's use of some MIT technology (MIT also being a member of PKP, along with Stanford). Cylink filed suit in June, and the squabble could lead to the break up of PKP, which will either simplify or complicate the use of their technology in the government's DSS digital signature standard. Stay tuned. Greg Aharonian Internet Patent News Service (for subscription info, send 'help' to patents at world.std.com) (for prior art search services info, send 'prior' to patents at world.std.com) From jya at pipeline.com Sat Aug 20 08:09:48 1994 From: jya at pipeline.com (John Young) Date: Sat, 20 Aug 94 08:09:48 PDT Subject: ccc [alt.suicide.holiday #18856] Message-ID: <199408201509.LAA03111@pipe1.pipeline.com> Responding to C.A.N. forward by solman at MIT.EDU () on Sat, 20 Aug 2:33 AM >Pressures mounting in States to "do >something" about recent shipments. CAN aptly decrypts NY Times print this week of a slow-August thriller-filler series (100 GB +/-), a dutiful, lurid, titillating, klaxon series on need to "do something" about WGM (r). JX From rishab at dxm.ernet.in Sat Aug 20 08:19:38 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sat, 20 Aug 94 08:19:38 PDT Subject: PK Partners suing each other! Message-ID: I've been off the list for a while, I hope I'm not repeating things. The Internet patent news service has some interesting stuff on an internal battle between PK Partners. The full text of the suits filed by Cylink and RSADSI is 30k, so I'm not posting it here. Rishab --------------- .... Other patents involved are held by the consortium Public Key Partners (PKP) of Sunnyvale, California. Well as it turns out, members of PKP are now suing each other (isn't patenting fun :-). One member, Cylink (Sunnyvale) is suing another member, RSA Data Security (Redwood City, CA) over RSA's use of some MIT technology (MIT also being a member of PKP, along with Stanford). Cylink filed suit in June, and the squabble could lead to the break up of PKP, which will either simplify or complicate the use of their technology in the government's DSS digital signature standard. .... For many years, there has been an ongoing controversy in the cryptogrpahy field dealing with patents. At the heart of these matters is a patent awarded to Diffie and Hellman while at Stanford, which along with a few other patents, make up the portfolio for which PKP defends and is affecting US Government activities with digital signature standards. Someone has filed a lawsuit challenging these patents, partly on the grounds that Diffie and Hellman talked about their ideas in public before they applied for the patents, and thereby forfeited their patent rights. What follows is a copy of the complaint as filed in court. The complaint is interesting as an example of such documents, as well as being good grounds to have some or all of the patents overturned. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From wb8foz at nrk.com Sat Aug 20 08:37:09 1994 From: wb8foz at nrk.com (David Lesher) Date: Sat, 20 Aug 94 08:37:09 PDT Subject: cypherpunks-digest V1 #18 In-Reply-To: <9408191433.AA08423@toad.com> Message-ID: > The bill makes it a crime to possess or use an altered > telecommunications instrument (such as a cellular > telephone or scanning receiver) to obtain unauthorized > access to telecommunications services (Sec. 9). This > provision is intended to prevent the illegal use of > cellular and other wireless communications services. > Violations under this section face imprisonment for up > to 15 years and a fine of up to $50,000. Hmm.... Depending on how you read this, this can be a real can-o-worms. First off, does it outlaw ANY receiver covering 800 mhz? Second, consider software-only hacks to phones to monitor and collect ESN's, etc. Now you are raided by the Powers-that-Rule, but hit the scrooge-switch first so the phone forgets, & the evidence is gone. Will they then claim the fact the phone remembers nothing as evidence that it was altered? Or is erasing it "altering" too? And how about test-equipment? The kind the celldealer has. And if you modify it by replacing the power cord with a new one, or...... From hfinney at shell.portal.com Sat Aug 20 09:53:19 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 20 Aug 94 09:53:19 PDT Subject: Brands cash Message-ID: <199408201652.JAA29752@jobe.shell.portal.com> Last year, Stefan Brands announced that he had come up with improved versions of Chaumian cash and credentialling protocols which were smaller, faster, and had provable correctness. He still hasn't gone public with them, but I thought I'd write up an introduction to his earlier work so people can see what direction things are going. IMO, if he plays his cards right his technology could be the foundation for electronic commerce. OTOH if he is too greedy he'll be bypassed. It appears he is seeking patents on everything, a necessary step for commercial interest, but we'll see how he markets it. This is based on Brands' "An Efficient Off-line Electronic Cash System Based on the Representation Problem", which was available on the net for a while before he took it off. I'm not sure what its status is now. Perhaps he removed it pending release of his improved version. Brands' work is based on discrete logs rather than RSA. The discrete logarithm problem is the "other" widely-used foundation for crypto primitives, underlying Diffie-Hellman key exchange, ElGamal, Schnorr, and DSS signatures, and many others. I'll do a brief intro to using discrete logs and then get to Brands' cash. Discrete-log based cryptosystems generally work with a modulus n which is prime, along with a "generator" g < n such that the series g^0, g^1, g^2, ... , includes all values from 1 to n-1. It is pretty straightforward to find such n's and g's. It is easy to compute g^x for any x, but intractable to calculate x given just g^x. (Notation: ^ represents exponentiation, and all math is implicitly mod n). x is called the discrete log (to the base g) of g^x and the difficulty of solving this is the foundation of these protocols. Note that unlike RSA, where taking eth roots is hard for everyone except the owner of the secret key, taking discrete logs is hard for everyone, without exception. There is no trap door here. Diffie-Hellman key exchange As an introduction, consider Diffie-Hellman key exchange. In this protocol, two people, Alice and Bob, want to publicly exchange data and end up with a secret value which only they know. 1. Alice chooses a random x and sends GX = g^x to Bob. Bob chooses a random y and sends GY = g^y to Alice. 2. Alice calculates GY^x, which is g^(y*x). Bob calculates GX^y, which is g^(x*y). 3. These are equal, so they use them as their shared secret value. An observer sees only GX and GY, and without knowledge of x and y is unable to calculate g^(x*y). DH-based identification protocol An identification protocol allows someone to prove that he is really who he claims. In this context, the prover Paul will convince the verifier Vicki that he knows the secret key corresponding to Paul's established public key. In this and the following systems, Paul has a secret key x C'punks: There is another Professor Denning who is chair of a CS department in the Washington DC area. Here is a position paper that was published in a packet distributed at the 1992 Computers, Freedom, and Privacy conference (CFP-2) Washington DC. It is interesting to contrast this with the support for GAK that the other Prof. Denning supported publicly. Of course, this is dated, and the positions held may no longer be current. BTW: does anyone know the RSA keylength used in Lotus Notes? ===============begin quoted material================ From: pjd at cs.gmu.edu (Peter J. Denning) Subject: How's this? To: denning at cs.georgetown.edu, hoffman at seas.gwu.edu Date: Tue, 21 Jan 92, 10:41:46 EST PUBLIC POLICY FOR THE 21ST CENTURY A position statement Peter J. Denning DRAFT 1/22/92 To plan for the 21st century, must begin with an understanding of the current clearing in which we live and work and then anticipate the emerging clearing. Our public policy must be appropriate to the times. The clearing is a metaphor for the space of assumptions, agreements, and traditions in which a community of people live and act. The name recalls a clearing in a forest: a space among dense trees with more light and with more freedom of action than elsewhere in the forest, a space to dwell in and chart a course to other parts of the forest. The clearing is not fixed: it shifts as the inhabitants and other influences change the environmental conditions. Starting around 1850, people of many countries looked to their governments to regulate commerce, erase inequality, and build societies of better human beings. For over a hundred years, many people from peasents to intellectuals had faith that strong governments would bring them a better life. This faith was part of the clearing in which communist governments flourished. Although the United States took an anticommunist stand, the same faith fostered a strong government that promised salvation by great national programs including Social Security, Welfare, Food Stamps, the War on Poverty, and the Great Society. This faith is now shattered. People no longer trust that Powerful Government can deliver a better life. The dramatic collapse of communism in Europe and the Soviet Union illustrates this, as does the growing disillusionment of the American people with federal, state, and local governments. Disillusionment does not stop people from demanding that government provide more, but they now have serious doubts that it can or will. But the poor track record of Powerful Governments is not the only reason for the shift in the clearing. Information technology has accelerated the process. Communications that took weeks in the last century now take fractions of a second. Business success depends on what happens around the globee, not on local conditions. Radio, TV, telephone, fax, and now email are so common worldwide that not even a Powerful Government can control what information its citizens have. Because the space of opportunity for people to engage in transactions has been so enormously enlarged in the past decade, faith in marketplace democracies is on the rise worldwide. Correspondingly, faith in central management mechanisms is on the decline. The shift of the clearing brings with it a shift of the power of institutions. Government institutions tend to try to hold on to their power by regulatory coercion to enforce the old ways. This can produce big tensions which if not alleviated can produce breakage. Nowhere can this be seen more clearly than in cryptographic technology. This technology provides mechanisms for digital signatures, authentication, electronic money, certificates, and private communication -- offeringla way for standard business practices based on paper to be shifted to electronic media. The success of workldwide enterprises depends on this shift being completed rapidly and effectively. As more people realize this, the momentum for incorporating cryptographic technology into the information infrastructure is increasing. But in the United States, the National Security Agency has been given the authority to regulate cryptography. This authority was granted in another time, in a clearing when the success of the country depended on the ability of its government to gather intellegence and to communicate in secret. These premises made sense in a world where most of the power resided in governments. But the world is changing. Much economic power is now accumulating in large, apolitical, transnational corporations. These organizations place their own concerns and strategies ahead of those of the governments of the countries in which they do business. Like governments, they are interested in gathering intellegence about competitors and in conducting business in private. Unlike governments, they want open access to the technologies of authentification, electronic money, digital signatures, and certificates that will allow them to conduct business transactions accross the network. So the old notion of national power and national security are increased when government has the sole right to gather intellegence and to encipher communications no longer holds. Now the strength of the country depends not only on its government but on its corporations. The old premises have fallen away in this new reality, but the old policy remains. It is time to rethink that policy before tensions between the threatened government and corporations produce significant social tension and perhaps breakage. A new policy aligned with the new clearing would be for the National Security Agency to make its expertise available to the private sector, encabling markets to flourish in a worldwide information medium. Information technology in producing a clearing in which individuals and corporations are key players besides government. Any attempt by government to control the flow of information over networks will be ignored or met with outright hostility. There is no practical way that government can control information except information directly involved in the business of governing. It should not try. ===============end quoted material======================= Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From hart at chaos.bsu.edu Sat Aug 20 11:19:33 1994 From: hart at chaos.bsu.edu (Jim Hart) Date: Sat, 20 Aug 94 11:19:33 PDT Subject: Single DES cracking vs. idiots In-Reply-To: <199408192321.AA28154@access3.digex.net> Message-ID: <199408201820.NAA02163@chaos.bsu.edu> Along with many others, Peter Wayner discusses craching DES: > I rate that this chip could be 20 times faster than the > earlier design. That puts it at 100 days per DES attack. I really don't understand what the concern is here. We all have access to crypto that is much stronger than single DES. Anybody who is using single DES for something so important, that it is worthwhile to spend 100 supercomputer days to crack it, is really such an idiot that they deserve whatever they get. Jim Hart hart at chaos.bsu.edu From hart at chaos.bsu.edu Sat Aug 20 12:03:59 1994 From: hart at chaos.bsu.edu (Jim Hart) Date: Sat, 20 Aug 94 12:03:59 PDT Subject: Making new crimes out of thin air In-Reply-To: <9408191433.AA08423@toad.com> Message-ID: <199408201904.OAA07654@chaos.bsu.edu> Steve Bellovin writes: > I'm not defending a 15 year sentence; it's far too harsh. But I > strongly disagree with ``why outlawing it in the first place? What is > crypto for?'' By analogy, why outlaw burglary? After all, what are > safes and alarms for? I concur with Tim May's comments that a service is not the same thing as property. Nor, going further, is physical property the same as intellectual property. We have a long legal tradition of protecting physical property. It's the kind of thing people can clearly understand, morally and legally. Intellectual property is often more nebulous. Protecting new kinds of services at the whim of a business (such as, for example, defining some string of bits as an "access code" and instituting stiff penalties for "unauthorized use" of that code, which ends up meaning whatever the offended party wants it to mean) is a going way too far, putting all of us at risk of extreme legal jeoapady at the whim of bureaucrats, lawyers, and jurors who couldn't tell an access code from a mail header. For a business to lobby that some new and flawed system be protected at taxpayer expense is a gross abuse of the law. To criminalize an entire group of people, such as hackers, is morally bankrupt and turns the law into an illegitimate farce. We have quite enough crimes on the books that are hardly being enforced right now; the last thing we need is to define new crimes out of thin air because some jerks couldn't be bothered to take the precautions necessary for the success of their business. Criminalization of business intelligence is a great recipe for destroying our civil rights and bankrupting the government. Jim Hart chaos.bsu.edu From hart at chaos.bsu.edu Sat Aug 20 12:19:01 1994 From: hart at chaos.bsu.edu (Jim Hart) Date: Sat, 20 Aug 94 12:19:01 PDT Subject: Attention Shoppers: Internet Is Open (NYT, 12Aug94) In-Reply-To: <9408191253.AA00438@anon.penet.fi> Message-ID: <199408201919.OAA09597@chaos.bsu.edu> > New York Times, 12 August 1994, Page C1. All in all a good article. I have a couple problems with it, which may be due more to the people interviewed than to the reporter: * First, the credit card means that the vendor and bank can both record the details of the transaction, and sell those records on the open market. This is hardly "total privacy". The only thing PGP is doing here is protecting the credit card number. In fact, Internet commerce has the potential to greatly reduce our privacy, via collection and dissemination of transaction dossiers. This is already happening on Prodigy and Compuserve, for example. + Phil Zimmerman is correct to note that digital cash would be a more important development, but he doesn't describe digital cash very well. He says the features of untraceability, etc. aren't part of the dollars we use now, but in fact these features do exist in the physical coins and bills that have been the most commonly used form of money for millenia. The role of true digital cash protocols (beware of pretenders like "Netcash" that don't keep the privacy feature) is to bring these features of bills and coins to cyberspace, in place of the new, Orwellian system of identified credit and debit cards that has reared its ugly head during this ugly century. Jim Hart chaos.bsu.edu From tcmay at netcom.com Sat Aug 20 12:34:49 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 20 Aug 94 12:34:49 PDT Subject: Making new crimes out of thin air In-Reply-To: <199408201904.OAA07654@chaos.bsu.edu> Message-ID: <199408201934.MAA21842@netcom6.netcom.com> I agree 100% with Jim Hart's points. Let me add that I think this topic is very relevant to Cypherpunks, as it gets to the heart of the matter on what should be legal, illegal, etc. I didn't respond yesterday to Steve Bellovin's remarks because my Netcom mail was delayed for many hours at at time (Netcom has 30,000 user accounts now and is facing growing pains out the wazoo). Last night I posted my "For Subscribers Only" newsletter, to make my point by example. Anyone who "illegally decrypted" it (and of course a couple of folks did immediately--a trivial rot-13 "encryption") was, putatively, "stealing" from me. Hardly. (To be fair to Steve B., one of his later postings said something about a "difficulty test," along the lines of the NSA's 40-bit keylength allowance. I dislike laws that depend on someone's idea of computational complexity...that would be a new can of worms.) Such laws about "illegal to decrypt" are also essentially unenforceable, besides being on shaky ideological/ethical ground. Any such laws would likely be extended to require certain kinds of encryption, to place limits on crypto, etc. (I see signs in the text of the Digital Telephony Bill of application to crypto.) If a number comes my way, I don't want no steenking data cops telling me I can't look it, manipulate it, etc. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From cactus at bb.com Sat Aug 20 13:48:06 1994 From: cactus at bb.com (L. Todd Masco) Date: Sat, 20 Aug 94 13:48:06 PDT Subject: Attention Shoppers: Internet Is Open (NYT, 12Aug94) Message-ID: <199408202053.QAA00943@bb.com> hart at chaos.bsu.edu (Jim Hart): >All in all a good article. I have a couple problems with it, >which may be due more to the people interviewed than to the >reporter: The biggest problem I have (obviously) with it is that the premise is wrong: NetMarket was *not* the first company to take a credit- card order via automatic encryption software. Over a month before the sale they site, Bibliobytes made its first sale with an automatic encryption program: the only real difference is that NetMarket used hhtp, where bibliobytes used e-mail -- so their interface is much prettier (and that we used RIPEM where they used PGP). Well before us, people were taking orders via PGP -- the thing about our client was that the user didn't have to know anything about encryption programs. We've contacted the author of the article and he claims that he'll be retracting the claim... we'll see. The Voice already snickered at the NYT's fuck-up in this week's edition. My other company (and the one I have the larger interest in), HKS, is about to announce a point of sale system (called ICE, for Internet Creditcard Encryptor -- don't blame me, I didn't name it) that'll be a drop-in solution for companies, end to end from customer to delivery for soft products and delivery lists for hard products. The problem here, and the one that's of interest to Cypherpunks, is how to change this system, using credit cards and all the loss of privacy they entail, into one using anonymous digital cash. HKS certainly has a commitment (though in word only at this point, since it's vaporware) to support digital cash, but as I've noted before it a very difficult bootstrap problem. There has to be some reason people would use digital cash over credit cards and frankly, I don't see it happening in the near future except by some large power (like banks) decided to support it. The american people keep claiming in polls that they want better privacy protection, but the fact is that most aren't willing to do anything about it: it's just a preference, not a solid imperative. Until something Really Bad happens to many people as a result of privacy loss, I really don't think much will be done that requires real work and inconvenience from people, like moving to something other than credit cards for long-distance transactions... and that's a tragedy. -- L. Todd Masco | "Large prime numbers imply arrest." - Meaningless cactus at bb.com | grammatically correct sentence. Right. From rah at shipwright.com Sat Aug 20 14:53:41 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 20 Aug 94 14:53:41 PDT Subject: e$: buyinfo, internet commerce, and GMU Message-ID: <199408202150.RAA13710@zork.tiac.net> At 1:41 PM 8/20/94 -0400, Pat Farrell wrote: >C'punks: > >There is another Professor Denning who is chair of a CS department >in the Washington DC area. Here is a position paper that was >published in a packet distributed at the 1992 Computers, Freedom, and >Privacy conference (CFP-2) Washington DC. > [snip] >Department of Computer Science George Mason University, Fairfax, VA ^^^^^^^^^^^^^^^^^^^^^^^^ There are some people from GMU ("Coalition for Electronic Markets; George Mason Program on Social and Organizational Learning") talking about superdistribution schemes (one put an article in the new Wired) and internet commerce on the new (?) www-buyinfo list I just started watching. The buyinfo folks seem to be reserecting the discussions which used to take place on the imp-interest list, which has pretty much croaked. They are talking on buyinfo about secure mosaic, digital signatures, digital cash, etc. I think the list is driven by majordomo and its address is: www-buyinfo at allegra.att.com If anyone has comments on this bunch, it may be interesting to hear them here. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From jwarren at well.sf.ca.us Sat Aug 20 16:03:32 1994 From: jwarren at well.sf.ca.us (Jim Warren) Date: Sat, 20 Aug 94 16:03:32 PDT Subject: ACTION ALERT! PTO Commission Lehman's Intell. Property report Message-ID: <199408202248.PAA07363@well.sf.ca.us> Hi all -- [blind cc'ed to numerous folks] Just spotted this in Dave Farber's interesting-people msgs. Personally, I think that Lehman and the PTO is permanently-entrenched in offering nothing better than band-aids to protect the past. I think that the *only* chance we have for a more-enlightened approach to freedom versus software monopolies is massive, virulent [articulate] *torching* of our Congress-creatures. (At the least, it will force the monopolists to spend much more loot bribing friendly votes from the representatives they are buying.) Like always, freedom requires vigilence AND action. --jim Jim Warren, columnist for MicroTimes, Government Technology, BoardWatch, etc. jwarren at well.com -or- jwarren at autodesk.com 345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/415-851-2814 ===re=== From xentrac at cybele.unm.edu Sat Aug 20 17:23:22 1994 From: xentrac at cybele.unm.edu (Kragen J. Sittler) Date: Sat, 20 Aug 94 17:23:22 PDT Subject: Come On In-Reply-To: <01HEVY8UMCCK00156P@MR.STANFORD.EDU> Message-ID: <9407192238.AA20556@cybele.unm.edu> Connie Sadler: > and BERZERK responds: > >> > >> 6) Oh yeah, the women are unable to do anything except talk on the phone, > >> get into catfights, give men blowjobs, and kill people by accident. The > > >I liked that part.:-) jdblair is pointing out that the women in the movie are sexually objectified, reduced to objects without minds. > >> If anyone has a good monkeywrench, send it my way. > >Hehehhehehehehheheheheh. This is unrelated to 6). 'Monkeywrenching' is the practice of sabotaging 'the system' so that it won't damage nature, usually. In this case, it's more likely that he's talking about sabotaging the government. The term is named after the Edward Abbey novel _The Monkey Wrench Gang_, in which a group of people go around destroying heavy machinery, bridges, billboards, and so forth, because they are damaging the environment. > My first post, although I've been *listening* for some time now. I'm all for > privacy and private encryption, and am learning a lot from this list - just > installed PGP on two platforms and am learning how to use it. I agree that > there are very few women involved - is this an all boys club? I think the conspiratorial atmosphere tends to attract men more than women. That's why there are so few women, IMHO. > I assume not, > but have to say I find lines like the above very offensive/non-professional. > I won't let it stop me from continuing on, but what's the point? I really > don't get it. I think you've misinterpreted it. Kragen From weidai at eskimo.com Sat Aug 20 17:28:11 1994 From: weidai at eskimo.com (Wei Dai) Date: Sat, 20 Aug 94 17:28:11 PDT Subject: coming soon: secure digit Message-ID: <199408210027.AA00747@eskimo.com> To: cypherpunks at toad.com -----BEGIN PGP SIGNED MESSAGE----- tcmay at netcom.com wrote: > Their work involves having the user compute a hash of the document > he wishes to be stamped and sending the hash to them, where they > merge this hash with other hashes (and all previous hashes, via a > tree system) and then they *publish* the resultant hash in a very > public and hard-to-alter forum, such as in an ad in the Sunday New > York Times. Can you give a more detailed description of the system? The specific question I have is how exactly does a third party know that a time stamp is not forged? What algorithm or protocol does he use? If there is more than one time stamping service and if they use different systems, how do the courts know which ones to accept? Wei Dai cc: TCMAY at NETCOM.COM in 0009 on ESKIMO -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLlad5Tl0sXKgdnV5AQFjXQQAuIU+eb/yLxrhXWwDwOfuK/rKi7Tq+Pz8 3FFe+BD6ZB+nLrXPnb5geNQuVFQX3K4cW1JEm4dVPvo5DDXFZaM/sH5g2XySrjaz 9FeeTa4wYtEydhJXAlzpENuWxyXTn+NIQov+e5kKQybKgOW5AglwnMexd+ls7o1U juUxkbqdSZY= =FyNB -----END PGP SIGNATURE----- PGP Public Key available From rah at shipwright.com Sat Aug 20 19:21:33 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 20 Aug 94 19:21:33 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408210218.WAA15544@zork.tiac.net> At 12:20 PM 8/19/94 -0700, Eric Hughes wrote: >A raw, non-modal "is"?? Digital cash doesn't exist yet, so saying >that it "is" something, is, well, premature. The real question is >"What happens if we set up a digital cash system as a callable bond?" > >And my answer to that is, "You really _want_ the SEC involved?" > I meant "is". Like a triangle, or a limit, or an asymptote, "is". It's okay to be non-modal here. Digital cash has to be issued by someone, who *really should* back it up with real money, and should thus receive real money as collateral for the digicash on the net. Thus, there's a float. Thus it's really a loan with a security (ecash) to prove it, with the collateral in the bank of the issuer earning the issuer interest. Thus it's a bond. And since it has no maturity date, and it's not a perpetuity, then it has an implicit call provision. Thus, it's a callable bond. Example: A CMO is a callable bond, whether it's called one or not. When a tranche's principal comes in, the tranche is "called", and the investors in that tranche are paid off. By the way, most people refer to a callable bond as a series of options, and that's how modern portfolio analysis is done on them... Wittgenstein would laugh. The SEC has nothing to do with the mechanics of a security's behavior. There are some bonds which are illegal here, but not illegal outside the country. They're still bonds. The obligation is held by the issuer, and the issuer keeps the interest, which discounts their price. Also, so what if the SEC is involved, or not? I expect that there has to be a test of the technology, forced by the possibility of competition from overseas (regulatory arbitrage). If the market test is successful, then the SEC will not willfully restrain trade if the market's big enough (the revolving door), and perceived to be benign enough. Frankly, I don't see what the fuss is about, do you? It's just a low-cost settlement mechanism for retail transactions on the internet. ;-). > The issuer gets to > keep the interest accrued on that money while the ecash is in circulation. > >Perhaps in some systems this is so, but not all. The unit of account >must be fixed, but the unit of account may not be constant currency, >but rather currency at a fixed interest rate. Is "unit of account" a formal term here? Could you define it? The problem about not keeping the interest on the float is, who do you pay it to otherwise? If you have a truly anonymous digital cash system, you couldn't find the original purchaser if you tried. If you want to treat this like a settlement problem in securities operations then you have to track each owner's interest share for the time they held the instrument and pay them back. Again impossible. If you pay back the accrued interest on that specific ecash certificate to the person who "walks in the door" with it, is it fair? The solution is, keep the interest, use the money to fund the issuer's operations. If that's not enough, charge exchange fees. A competitive market will sort out who's got the most efficient operations, and thus ecash users get ecash at its most efficient price. It's just like insurance. An insurance underwriter collects premiums, some portion are direct fees for handling the transaction. The remaining premiums are put into a fund which accrues interest (for want of a better term). Some or all of that interest ends up in the insurers pocket, and the rest is held for loss reserve (which may be itself reinsured) so the insured are paid when calamity strikes. It's a living. >Why do you assume that the only source of income for the "underwriter" >is the return on investment from the float? Sure, that's one business >model. Transaction and participation fees can also be levied. It's not really like you're quoting me out of context here, but I really did say further on in the post you're talking about here that exchange fees were how an issuer made up the difference between his cost of operations and the actual return he got on the float... >The issuer has a debt mediated by an instrument, yes. There are, >however, more instruments than bonds available for use. Yes. But probably short term bonds (money markets, t-bills) are safe places to earn higher returns than a demand deposit account. It's all cash management technique, which is pretty straightforward, boring stuff. >Is the debt >secured or unsecured? It's secured by the cash which bought the ecash in the first place, which can be put into secure money instruments of some sort. See the post you're quoting from about durations, total return, etc. If you want the issuer to put it into a demand deposit at, say, Shawmut National here in Boston, and let *them* invest the money in the money market, you can do that. They'll gladly take your money. (This is a good reason for a bank to get into the market, in my opinion, because of this synergy.) But it doesn't take much to manage your own portfolio of cash instruments by yourself. >What happens during bankruptcy of the issuer? This probably won't happen except in cases of fraud. I expect this business to be pretty boring. After all, you're the one with a portfolio of (real) cash to manage. Unwinding a position in the money markets is not really a scary proposition at all. When an ecash bank "fails" if ever, it'll be just like the old days (actually, not so old, really; Continental in Chicago was the last famous big one). The ecash banking community will circle the wagons and honor the unfortunate's ecash. More probably the bank will be quietly merged, and no one will know the difference. >These and similar issues determine the nature of the instrument. The instrument is e-cash. It's backed up by dollars, probably money market instruments, or maybe government bills. There may be "brands" of ecash which may have to charge higher and lower fees, depending on their risk. A rating system could evolve. I bet that the differences between issuers could be pretty marginal after a while. It's as simple and as boring as running IBM's corporate treasury accounts. It's just not that complex. > If you thought that > the ecash duration was 3 days and it stayed out there 3 months, > >It's unlikely that these sorts of figures are not going to be known >shortly after rollout, during which phase the cash management function >for income is much smaller. Agreed. Pardon my hyperbolic example. I just put them out there for illustration. Fees will be higher at first. They might be too high to sustain a market in the long run. There's no way to find out except to try, which was the ultimate point of the post. > > In > theory, if the fees are high, the money may never come back, and stay in > circulation forever. > >I think you may be getting confused here between "on-us" transactions >and a first class currency, which does circulate. Digital cash cannot >"circulate forever". That's why I said "in theory". I thought I qualified that further in the same paragraph. Again my hyperbolic rhetorical style does me in. In the first few pages of finance text books (I read Brealy & Meyers in 1985), they like to talk about British securities called "perpetuities". They are literally perpetual bonds with no expiration date, and a few have no call provisions at all. Whoever holds them keeps getting interest until he sells them. This type of asymptotic behavior was what I meant by "forever". I forgot at the time that digicash grows every time it's exchanged, for instance, and was simply making a point about the behavior of a system at it's extremes. My apologies. By the way, what does "on-us" mean? > >I should note, however, that I agree with the basic point, that the >portfolio management problem for digital cash is not unusual. > >Eric I'll leave this here. I feel better now. Between Eric and Tim, I feel a little like the gopher in the game at Chuck E. Cheese's. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 20 19:21:53 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 20 Aug 94 19:21:53 PDT Subject: ecash-info Message-ID: <199408210218.WAA15547@zork.tiac.net> At 1:02 PM 8/19/94 -0700, Eric Hughes wrote: > Anyway, when I screwed up the guts to ask, Chaum told me that the going > price for the underwriter's license/code was $275K plus a percentage of the > net profits. > >It's no small wonder that he's not gotten anywhere. Anybody who wants >an operational cut of a finance system is asking for way more money >than anybody might want to pony up. A bank (or similar) wants to buy >technology, not a partner. Here I was thinking it was common knowlege, and that's why I never said anything about it. I have to say that I have several friends who build real good financial models for portfolio analytics, and they get a cut of the trading profits. A bank is one of his customers. Of course, they're in Switzerland. I'm sure it happens on this side of the Atlantic with people who do currency analysis. Soft dollar stuff is a pretty common way to pay for research and software. That said, I think that there are probably cleaner ways for him to make money, like leasing his software, for instance. > the increase in traffic about his inactivity in promotion leads me to > believe that he's either working hard in getting his product market-ready, > which makes sense, or he's dropping the ball, which I would charitably say > is an unfair reading of the facts. > >A third possibility is that he's just not getting anywhere. If you >want too much money for what someone else is willing to pay, you don't >make a sale. Agreed. I was trying not to tread on the sainted reputation of the master by using the word "charitable". I count your "third possibility" under "dropping the ball", by the way. In fairness, it may be true that he's really trying to bring something to market. We may never know until we read about it on the front page of the Wall Street Journal, or in the same paper's legal notices... >There are three potential benefits from any Internet money system: > >1. The ability to transact and settle to the outside banking system. [snip] >Here's the crux. ONLY property one has large and direct and immediate >economic benefits to the issuer. [snip] >If you were a bank, would you pick system 1, 2, or 3? System one will >result in direct customer fees. [snip] >So, with these three kinds of transaction systems in competition with >each other, which do you think will win? > >Let me answer that for you. It's system 1. > >Now Chaum wants to offer system 3, and it's expensive to purchase. >Surprised at lack of success? Not at all. I think you're right. It goes back to the haggle we had when I first joined this list. I learned rather quickly that privacy ain't necessarily the point here. The technology of privacy, in particular strong crypto, yields something useful in a much larger arena digicash and other e$. Privacy is a beneficial byproduct of immediate and final clearing on the internet through digicash. It is not necessary and sufficient for it's use. It's possible that Chaum is immersed in the cryptographic details that he thinks that privacy is digicash's primary selling point. It certainly is the enabling technology. However, it seems that his marketing approach to date has been more product driven ("Look, you can fly, and we'll let you do it, but you'll have to do it our way.") possibly sales driven ("C'mon, fly, and I won't bother you anymore."), but certainly not market driven ("Look what you can do if you fly!"). Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 20 19:22:59 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 20 Aug 94 19:22:59 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408210219.WAA15554@zork.tiac.net> At 4:24 PM 8/19/94 -0700, Eric Hughes wrote: >The withdrawal transaction posts a debit to a customers demand deposit >account (decreasing it) and a credit to the suspension account >(increasing it). NewJargonNotice("suspension account") Is this new nomenclature? It sounds less risque than "float", I must say... >Where digital cash is immediately useful is online as a retail level >wire transfer system. [snip] >the cost of networking is >dropping and the cost of computation is dropping. I personally don't >expect that off-line digital cash techniques will ever actually be >economically most efficient. Existing alternates (e.g. credit cards) >work well enough today, and by the time PDA's work well enough and are >cheap enough to be universal, the cost of an online verification will >be down in the fractions of a cent. Immediate and final clearing must save money, somehow, but right now, it's hard to prove whether cash is still king in cyberspace. I have a (somewhat religious, in the sense that it may not be empirically proved in my lifetime) belief that that's the case. That's why I like to agitate for a test. Yes, Tim, I know, you guys aren't bankers... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 20 19:23:08 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 20 Aug 94 19:23:08 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408210219.WAA15561@zork.tiac.net> At 4:43 PM 8/19/94 -0700, Eric Hughes wrote: >If there were already a fully identified digital money system, Is there one? >On the other hand, there is likely also a local maximum where the >premium is fairly small. In this case you get not only all the people >above, but a large percentage of the people who are willing to pay >just a little more for privacy. > >As to where these local maxima actually are, and which yields the >larger profits, I have no idea. It all boils down to Bedford Forrest's maxim "Get there first with the most men." (Sun Tsu said it first, but Forrest probably wouldn't have liked to know that, I'm sure) If in fact there is no method for making cash transactions on the internet, particularly "off-line" transactions with no trusted third party in the loop at transaction time, then digital cash is all we have. Eric has destroyed the point about the efficacy or need for off-line transactions already, but to expand on his last sentence, there needs to be empirical evidence to back up or refute his and my opposing claims. >The costs associated with anonymous digital cash may well be less that >for identified digital money systems. [reasons elided] > >Digital cash, on the other hand, needs a redeemed note database, but >this is one of its only unique costs. [snip] >It is likely that digital cash is more efficient economically, since >it unbundles a bunch of previously linked services and allows them to >be purchased separately by those who actually need them. Halleluja! Eric, for the last three months, you have said that there was no way to prove whether digital cash was more cost effective than other forms of e$, and thus potential efficiency was useless as an economic argument for its adoption. Perry and have held that it must be, and you have just now given a bunch of real good reasons. Now we need to figure how to test all this out... I love this place... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 20 19:23:12 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 20 Aug 94 19:23:12 PDT Subject: e$: e-cash underwriting Message-ID: <199408210219.WAA15566@zork.tiac.net> At 4:53 PM 8/20/94 -0400, L. Todd Masco wrote: >The problem here, and the one that's of interest to Cypherpunks, is > how to change this system, using credit cards and all the loss of > privacy they entail, into one using anonymous digital cash. HKS > certainly has a commitment (though in word only at this point, since > it's vaporware) to support digital cash, but as I've noted before > it a very difficult bootstrap problem. > >There has to be some reason people would use digital cash over credit > cards and frankly, I don't see it happening in the near future except > by some large power (like banks) decided to support it. Forgive me, I'm beginning to think that the power doesn't have to be that large at all. I'm beginning to have an attack of "I've got a barn, let's have a show". It's okay, it'll pass if I sit down... While I think the technical mechanics are simple (you all seem to, anyway), I'd like to see what regulatory and legal roadblocks have been identified. The only way to find out about the *market* for the product is to test it. By the way, I think the problem of double spending is a risk that can be managed, like the risk that a bank takes when a check is bounced... The culprit is identified, and it becomes a matter between the bouncee (however removed from the criminal transaction), the law, and the bouncer. Of course this might require some pretty vicious personal ID on the part of users of digital cash, like no nyms allowed, but you still get privacy if nobody bounces the cash. I'm also sure other administrative methods will evolve which will allow almost total privacy and no double spending in practice. Tim refers to voluminous study and many man-years of effort put into figuring how to do e-cash underwriting from a regulatory standpoint. I prefer the word "underwriting" to banking, because there are no accounts of deposit held at an e-cash exchange (where underwriting happens). There seems to be a problem with the word "bank" here, like there seems to be a problem with the word "bond". ;-) Are there any non-proprietary, public sources of information on these legal and regulatory research efforts? Are there archives of the c'punks traffic on this subject that I can look at? Thanks, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From phr at netcom.com Sat Aug 20 21:10:23 1994 From: phr at netcom.com (Paul Rubin) Date: Sat, 20 Aug 94 21:10:23 PDT Subject: ride to crypto 94 (santa barbara) available Message-ID: <199408210410.VAA05896@netcom6.netcom.com> The person who I planned to drive with made other arrangements. Anyone interested, send mail to phr at netcom.com ASAP, or phone 510-843-8236. Leaving Berkeley preferably Sunday midday, but flexible about departure time and route. Probably going to take 101 all the way down for speed, but might be willing to take highway 1 back for the view. Paul From solman at MIT.EDU Sun Aug 21 01:48:55 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sun, 21 Aug 94 01:48:55 PDT Subject: Voluntary Governments? In-Reply-To: <9408062103.AA19844@netmail2.microsoft.com> Message-ID: <9408210848.AA05354@ua.MIT.EDU> This started out as a reply to me when I last had time to go through most of the posts here, So I'll try to answer it. > From: Hal > > What does it mean to speak of a government in cyberspace? It is the > government in physical space I fear. Its agents carry physical guns > which shoot real bullets. > ................................................................ > > Good point. > What does it mean to speak of governance (or 'govenment') at all? > Questions I would seek to have the answers to, in making decisions > about government per se: > > . Who or what is to be governed? People, or more precisely entities that control private keys. > . What is inimical/destructive and to be regulated/prevented, > or what is sacred which is to be upheld? [I give two examples out of the infinitely large set of possibilities, intellectual property rights and privacy] It depends on the government. You could set up a government to monitor intellectual property rights. You give government a deposit of the maximum you can be fined under its laws. The companies that are also "citizens" of that government then give you large (if not infinite) discouts. In exchange you agree not to violate their intellectual property rights (A term I purposefully leave open to definition as different governments might make different choices). Another government might protect privacy. If my infinitely buggy software were working, corporations could examine the demographics of their customers or the participating portion of the internet as a whole (while paying the people involved a tiny fee of course). I've used random data perturbation techniques to set things up so that on searches that generate with one-dimensional results from multi-dimensional selection fields: A) It is impossible for the searcher to figure out the specific characteristics of any individual. B) The searchers results are not skewed in any way. But for multidimensional results, the technique I am using breaks down. Unless there is another way (There may well be), either A or B must be violated. It seems to me that the solution is a government to which the searchers and "data points :)" belong. B would be maintained intact but A would be violated. The "data points" would have their privacy protected by a system of fines imposed by the government. Both of these examples are similar in that they are coercive. If you want to conduct business with the governments citizens you have to obey all the laws. But no force is involved. The will of the government is effected entirely by economics. > . Who is to do all the work of preventing or upholding > (how do they qualify for the job)? They can be appointed, self appointed, or elected. The person who holds the job will atempt to enforce his laws as thoroughly as possible, thus ensuring the citizens the security that they want (and will pay for). > . What is to be done about non-conformists to the rules > (without contradicting the rules?) They are fined. If this doesn't work their communication priveliges are curtailed and if this doesn't work they are banished. As I have noted before, in an information economy this is an extreme punishment. Jason W. Solinsky From felsher at tmn.com Sun Aug 21 07:18:51 1994 From: felsher at tmn.com (Dr. Murray Felsher) Date: Sun, 21 Aug 94 07:18:51 PDT Subject: WORKING ALONE...A new book Message-ID: <9408211420.AA26330@tmn.tmn.com> List members will be interted in acquiring WORKING ALONE, by Dr. Murray Felsher (Berkle, NY) just published. Felsher, a former professor and former NASA and EPA headquarters scientist, left government employ (that's quit --- not retired) without paycheck and without pension in 1980. He formed an aerospace consulting firm and began publishing newsletters. He has been so engaged since then --- working alone! WORKING ALONE, now available at your local bookstore, is comprised of 67 short (1-5 page) pieces which detail the mindset required to undertake such a venture, and the experiences encountered along the way... From jya at pipeline.com Sun Aug 21 07:33:33 1994 From: jya at pipeline.com (John Young) Date: Sun, 21 Aug 94 07:33:33 PDT Subject: Voluntary Governments? Message-ID: <199408211433.KAA18485@pipe1.pipeline.com> Responding to msg by solman at MIT.EDU (Jason W Solinsky) on Sun, 21 Aug 4:48 AM Jason, There's a thread on the (legal) list Cyberia-L about the privacy of government information and how to legislate the rising demand for this data (and parallel 'Net info). The initial post of the thread is e-mailed your way. Behold the legal mill of a "nation of laws" finely grinding an issue. Nitty-gritty skill. The apparatus to legislate, arbitrate and enforce laws of "voluntary government" will probably require as many bureaucrats, attorneys and LEAs as the present system unless there is a reduction in our dependence upon governments of all sorts. But, as Jim Dixon says, the blame-government adrenalin high is uniformly distributed. Something like the DOD's military conversion fund might be needed to cure our addiction to government and help us get used to the pastoral bovinity of voluntary associations. John From nobody at c2.org Sun Aug 21 09:00:54 1994 From: nobody at c2.org (Anonymous User) Date: Sun, 21 Aug 94 09:00:54 PDT Subject: Cray/NSA Info Message-ID: <199408211556.IAA14147@zero.c2.org> SUBJECT: CRAY COMPUTER CORP. AWARDED DEVELOPMENT CONTRACT FOR CRAY-3/SUPER SCALABLE SYSTEM COLORADO SPRINGS, Colo., Aug. 17 /PRNewswire/ via INDIVIDUAL, Inc. -- Cray Computer Corp. (Nasdaq: CRAY) and the National Security Agency (NSA) have entered into a joint development contract, valued at up to $9.2 million, to produce a CRAY-3/Super Scalable System (SSS). The CRAY-3/SSS will be a hybrid high performance system that will offer vector parallel processing, scalable parallel processing and the combination of both. Under the terms of the contract, Cray Computer Corp. will be paid up to $4.2 million for development costs, and the Government will provide approximately $400,000 in software consulting services. The company is responsible for the balance of the development costs. In addition, the company will have rights to use certain Government technologies. George Cotter, chief scientist for the NSA stated, "NSA selected Cray Computer Corp. to develop the CRAY-3/Super Scalable System because of its advanced technologies and the CRAY-3 architecture. This is an important initiative of the Federal High Performance Computing and Communications (HPCC) program." Chuck Breckenridge, executive vice president for Cray Computer Corp., noted, "The CRAY-3/SSS will provide unparalleled performance for many promising applications. We are pleased to participate in this transfer of Government technology and we are eager to help potential customers explore and develop appropriate applications." This development project is based on a September 1993 feasibility study recommending a hybrid supercomputer composed of a CRAY-3 and a large number of Processor-In-Memory (PIM) chips, developed by the Supercomputing Research Center (SRC: Institute for Defense Analyses). The SRC will provide significant technical assistance in both the software and hardware aspects of the system. The Government's technology transfer program is intended to maintain the country's technology leadership position by providing a cost sharing arrangementfor development and commercialization of advanced Government technologies. The high performance system will consist of a dual processor 256 million word CRAY-3 and a 512,000 processor 128 million byte Single Instruction- Multiple Data (SIMD) array. This CRAY-3/Super Scalable System will provide high-performance vector parallel processing, scalable parallel processing and the combination of both in a hybrid mode featuring extremely high bandwidth between the PIM processor array and the CRAY-3. SIMD arrays of 1 million processors are expected to be available using the current version of the PIM chip once this development project is completed. The scalable array will connect to the CRAY-3 memory interface and will be addressable as standard memory to facilitate use of the SIMD array with minimal delays for data transfer. The PIM chip, containing 64 single bit processors and 128K bits of memory, was developed by the Supercomputing Research Center for NSA, and tested on a Sun/SPARC workstation with a parallel version of the C language. Cray Computer Corp. will package PIM chips utilizing its advanced multiple chip module (MCM) packaging technology that allows the CRAY-3 to operate with a record breaking 2.08 nanosecond clock rate. The PIM chips are manufactured by National Semiconductor Corp. The CRAY-3/SSS is expected to be demonstrated in the first quarter of 1995. After this initial demonstration, interested parties will be invited to try out other applications. The CRAY-3 memory interface bandwidth will allow the application specific SIMD array to provide dramatic performance improvements over existing architectures for bit and image processing, pattern recognition, signal processing, and sophisticated graphics applications. A notable strength of the SIMD processor array is variable precision floating point for those frequently occurring applications requiring less (and sometimes more) than the standard 64 bit IEEE floating point arithmetic. A substantial applications base is available for the CRAY-3 and Cray Computer Corp. is committed to working closely with customers to develop traditional high performance vector and scalable applications. For suitable applications, the SIMD processor array option offers up to 32 Trillion Bit Operations per Second and provides price/performance unavailable today on any other high performance platform. The CRAY-3 system with the SSS option will be offered as an application specific product and will be well positioned in the evolving supercomputer marketplace. Seymour Cray stated that, "The CRAY-3/SSS development project leverages the Company's existing technologies and accelerates our program to develop parallel architectures and software to reach the TeraFLOPS performance level. I see a strong SIMD architectural component as crucial to a complete parallel supercomputer capability." Cray Computer Corp. is engaged in the design, development, manufacture and marketing of CRAY-3, CRAY-3/SSS, and CRAY-4 supercomputer systems. /CONTACT: Terry Willkom, president, or William Skolout, CFO, 719-679- 6464, both of Cray Computer; or Mary Ann Phillips, director of Corporate Communications, of National Semiconductor, 408-721-2646/ (CRAY) From hfinney at shell.portal.com Sun Aug 21 10:07:06 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 21 Aug 94 10:07:06 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408210218.WAA15544@zork.tiac.net> Message-ID: <199408211706.KAA05754@jobe.shell.portal.com> rah at shipwright.com (Robert Hettinga) writes (quotes are Eric Hughes): >Digital cash has to be issued by someone, who >*really should* back it up with real money, and should thus receive real >money as collateral for the digicash on the net. Thus, there's a float. >Thus it's really a loan with a security (ecash) to prove it, with the >collateral in the bank of the issuer earning the issuer interest. Thus >it's a bond. And since it has no maturity date, and it's not a perpetuity, >then it has an implicit call provision. Thus, it's a callable bond. One difference between ecash and bonds is that bonds generally pay interest (to the bond holder, not to the lender!), while ecash may not. I also suspect that most ecash will have a fixed maximum lifetime beyond which it is no good, due to technical problems in keeping lists of spent notes. So it would not necessarily be callable in theway Bob describes. >> The issuer gets to >> keep the interest accrued on that money while the ecash is in circulation. >> >>Perhaps in some systems this is so, but not all. The unit of account >>must be fixed, but the unit of account may not be constant currency, >>but rather currency at a fixed interest rate. >Is "unit of account" a formal term here? Could you define it? I think Eric is referring to how the notes are denominated, and the possibility that they may bear interest. A note could be marked as worth $1 + 6% per year past 1994, expiring in 1998, for example. >The problem about not keeping the interest on the float is, who do you pay >it to otherwise? If you have a truly anonymous digital cash system, you >couldn't find the original purchaser if you tried. If you want to treat >this like a settlement problem in securities operations then you have to >track each owner's interest share for the time they held the instrument and >pay them back. Again impossible. If you pay back the accrued interest on >that specific ecash certificate to the person who "walks in the door" with >it, is it fair? Fair? Who cares? The question is, is it useful? Sure it is. I'd rather use cash which bore interest than that which didn't! Sure, it's a little more complicated to buy something with notes which are worth $1.05 - $1.10 than $1.00, but that's what computers are for. The value increase accrues to whomever holds the note during the time they hold it. >The solution is, keep the interest, use the money to fund the issuer's >operations. If that's not enough, charge exchange fees. A competitive >market will sort out who's got the most efficient operations, and thus >ecash users get ecash at its most efficient price. Sure; just don't say "the solution is". You issue non interest bearing notes and live on the float; I issue interest notes and live off the exchange fees. Let the market decide. Hal From hfinney at shell.portal.com Sun Aug 21 10:16:34 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 21 Aug 94 10:16:34 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408210219.WAA15554@zork.tiac.net> Message-ID: <199408211716.KAA06276@jobe.shell.portal.com> rah at shipwright.com (Robert Hettinga) writes: >At 4:24 PM 8/19/94 -0700, Eric Hughes wrote: >>The withdrawal transaction posts a debit to a customers demand deposit >>account (decreasing it) and a credit to the suspension account >>(increasing it). >NewJargonNotice("suspension account") >Is this new nomenclature? It sounds less risque than "float", I must say... I think Eric was referring to simple double-entry bookkeeping. I don't have his original post in front of me, but I believe the suspension account was a liability account which represented the digital cash in circulation. In double-entry bookkeeping, every transaction alters two accounts so that the books stay in balance. It's not unusual to make up specific accounts for the particular assets and liabilities of your business. >Immediate and final clearing must save money, somehow, but right now, it's >hard to prove whether cash is still king in cyberspace. I have a (somewhat >religious, in the sense that it may not be empirically proved in my >lifetime) belief that that's the case. That's why I like to agitate for a >test. Yes, Tim, I know, you guys aren't bankers... There's something I don't understand about this "immediate and final clearing" business. In an on-line cash system, the cash itself is not "cleared" until you send it to the bank and/or have some guarantee from the bank that it has not been spent before. It seems to me that you could get the same benefit from a checking account if you called the bank, verified the funds were available, and electronically cashed the check on-line. In an off-line system, is the cash really cleared immediately? What if it is double-spent? Is the bank going to guarantee to cover all instances of multiple spending, in the hope or expectation that it can sue the customer who did it? What if you're talking about huge sums of money, and the guy doesn't just double-spend but hundredfold-spends it, then vanishes to Rio? Are the banks going to cover that? They don't cover bad checks, and I don't see how they can afford to cover bad cash. So for both on-line and off-line ecash there appear to me to be problems with the notion that cash has a unique advantage in providing immediate clearing of transactions. Hal From hfinney at shell.portal.com Sun Aug 21 10:25:53 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 21 Aug 94 10:25:53 PDT Subject: e$: e-cash underwriting In-Reply-To: <199408210219.WAA15566@zork.tiac.net> Message-ID: <199408211725.KAA06943@jobe.shell.portal.com> rah at shipwright.com (Robert Hettinga) writes: >While I think the technical mechanics are simple (you all seem to, anyway), >I'd like to see what regulatory and legal roadblocks have been identified. Come on, Bob, we've talked about a lot of problems in the last few weeks: the prohibitions on most forms of bearer bonds; the prohibitions on banks issuing their own currency; the stringent regulations for private scrip circulation. Our people who know securities law can probably list a few more. >The only way to find out about the *market* for the product is to test it. OK, but also one way to find out whether it is legal or not is to test it. If you end up in jail, I guess it wasn't legal. Maybe that's not the best strategy, though? Send mail to netbank-info at agents.com for info on their non-anonymous (I think) cash-like system. I wonder whether they have worried about these issues or whether they are trying out the strategy above. Hal From hfinney at shell.portal.com Sun Aug 21 10:37:12 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 21 Aug 94 10:37:12 PDT Subject: Voluntary Governments? In-Reply-To: <9408210848.AA05354@ua.MIT.EDU> Message-ID: <199408211736.KAA07761@jobe.shell.portal.com> Jason W Solinsky writes: >It depends on the government. You could set up a government to monitor >intellectual property rights. You give government a deposit of the >maximum you can be fined under its laws. The companies that are also >"citizens" of that government then give you large (if not infinite) >discouts. In exchange you agree not to violate their intellectual >property rights (A term I purposefully leave open to definition as >different governments might make different choices). I like this idea of voluntarily "escrowing" some valuables in order to lend credibility to my promise to follow certain laws, and to get various privileges in return. You could have digital certificates from the enforcement agency (it does not fit closely enough to my model of a govern- ment to warrant that term in my usage) to show that you are a "paid up" member. >Both of these examples are similar in that they are coercive. If you want >to conduct business with the governments citizens you have to obey all the >laws. But no force is involved. The will of the government is effected >entirely by economics. Well, again, an organization which I voluntarily join (for a fee) in order to get some benefit (forfeiting some of my otherwise refundable fee if I break various agreements) is not coercive in my usage of the term. I suspect people will understand this idea better if you avoided applying concepts like coercion and governments to it, concepts which are usually associated with use of force. >> . What is to be done about non-conformists to the rules >> (without contradicting the rules?) >They are fined. If this doesn't work their communication priveliges are >curtailed and if this doesn't work they are banished. As I have noted >before, in an information economy this is an extreme punishment. In an on-line world it would be much easier to enforce banishment or selective ostracism than in real life. Filtering agents could look for certificates from accepted enforcement agencies before letting messages through. Each user could have a set of agencies which were compatible with his principles, and another set of "outlaws". You could even end up with the effect of multiple "logical subnets" of people who communicate with each other but not outside their subnet. Some nets might respect intellectual property, others not, and so on. Hal From jamesd at netcom.com Sun Aug 21 10:45:23 1994 From: jamesd at netcom.com (James A. Donald) Date: Sun, 21 Aug 94 10:45:23 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408211716.KAA06276@jobe.shell.portal.com> Message-ID: <199408211745.KAA14305@netcom12.netcom.com> Hal writes > So for both on-line and off-line ecash there appear to me to be problems > with the notion that cash has a unique advantage in providing immediate > clearing of transactions. Obviously anonymous E Cash can be duplicated with alarming ease. Physical cash is also becoming easier to duplicate. Is identity based cash so bad? The existing grey capitalist system works primarily on foriegn check accounts. If Joe writes a check in dollars on his Swiss bank account, sends it by snail mail in a sealed envelope to Peter, who places it in his BNZ account under his Hong Kong identity, they are both fairly secure. Although the transaction is fully traceable, it is unlikely to be traced without the consent of one of the participants. Suppose each E Cash certificate grows by adding identifying material in each transaction that makes it possible, with the consent of each participant in the chain, to trace it backwards. Or suppose each participant maintains a database that makes such tracing possible and proveable. Then double spending on amounts of moderate size would be very rare, so rare we would not have to worry in normal transactions. In big transactions you have similar problems with physical cash - there is always the worry that the guards may defect, or whatever. That is why big transactions are almost always identity based.. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jamesd at netcom.com Sun Aug 21 10:58:47 1994 From: jamesd at netcom.com (James A. Donald) Date: Sun, 21 Aug 94 10:58:47 PDT Subject: Voluntary Governments? In-Reply-To: <9408210848.AA05354@ua.MIT.EDU> Message-ID: <199408211758.KAA15344@netcom12.netcom.com> From: Hal > > > > What does it mean to speak of a government in cyberspace? It is the > > government in physical space I fear. Its agents carry physical guns > > which shoot real bullets. Jason W Solinsky writes > It depends on the government. You could set up a government to.... You could set up a "government" to make shoes. If they do not use guns they are not a government. If somebody does not make shoes he is not a shoemaker. Governments are in the business of violence. > Both of these examples are similar in that they are coercive. If you want > to conduct business with the governments citizens you have to obey all the > laws. But no force is involved. The will of the government is effected > entirely by economics. And if I wish to conduct business in a shopping mall, either as customer or shopkeeper, I have to abide by the mall rules. This does not make the mall a government. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jrochkin at cs.oberlin.edu Sun Aug 21 11:05:25 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Sun, 21 Aug 94 11:05:25 PDT Subject: e$ as "travellers check? Message-ID: <199408211805.OAA25259@cs.oberlin.edu> There has been all this talk about potential legal problems with banks issuing ecash. Lots of terms have been tossed around which I only bearly understand like "bearer bonds" and such. And some things I understand more, like the prohibition on private scrip. But someone a long time ago brought up traveller's checks, and the similarity between them and ecash. The similarity seems pretty darn close to me. You pay some money to American Express, you get a note issued by them, you give it to a merchant, he redeems in with AE for money. There's a fee charged somewhere along the line. Well, you pay some money to First Digital Bank, you basically get an electronic promissary note, you give it to a merchant for a service or product, and he redeems it with First Digital for US dollars. I dont' know much about economics, but as far as I can tell this seems a pretty solid analogy. If I'm missing something, can someone try to explain to me using small words what it is I'm missing. Otherwise, what regulation is there of people who issue traveller's checks? It's clearly not _illegal_ to issue travellers checks, so I dont' see why it would be illegal under current laws to issue ecash, despite all the interesting talk about bearer bonds and private issued scrip. But perhaps there is strict regulation or something? From rah at shipwright.com Sun Aug 21 12:22:19 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 21 Aug 94 12:22:19 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408211918.PAA21612@zork.tiac.net> At 10:06 AM 8/21/94 -0700, Hal wrote: >One difference between ecash and bonds is that bonds generally pay interest >(to the bond holder, not to the lender!), while ecash may not. I also >suspect that most ecash will have a fixed maximum lifetime beyond which it >is no good, due to technical problems in keeping lists of spent notes. So >it would not necessarily be callable in theway Bob describes. We could equivocate back and forth about who the lender is in this case. It's the behavior of the financial instrument I'm talking about. At some point, the principal goes away and has to be called from wherever it is (a bank account, the money market, etc.) to meet a cashed-out piece of digicash. In the meantime it earns interest. Thus it has principal, and interest, and it is called. It's a callable bond. If it has a fixed maturity, it's still a callable bond. If it's a perpetuity, it's a callable bond. It doesn't matter who gets the interest. It doesn't matter what the exchange fees are, it still behaves like a callable bond. The market will pay discounts or premia on them, and thus price them, just like any other fixed income instrument with a call provision. A callable bond, in other words. I'm not sure the lifetime issue is a big deal now, because the durations on these instruments are probably going to be pretty short. Like I said before, people will eventually get used to hanging on to digital cash until they need to spend it. That keeps it out of circulation longer, and the duration up. At some point in time people will spend a piece of digital cash several times before it goes back to the bank. That will keep the duration up also. >Fair? Who cares? The question is, is it useful? Sure it is. I'd rather >use cash which bore interest than that which didn't! Sure, it's a little >more complicated to buy something with notes which are worth $1.05 - $1.10 >than $1.00, but that's what computers are for. The value increase accrues >to whomever holds the note during the time they hold it. I think the complexity is probably not worth it. Suppose you get a piece of digital cash that's been out there a while, say 10 years (it's not likely, ever, but I'm using it to make a point). 1 dollar at say 10% compounded for ten years is 2.59. It's like winning the lottery, for no reason except the person you last transacted business with paid you old cash for what you sold him. It's not fair. That's what I meant by not fair. >>The solution is, keep the interest, use the money to fund the issuer's >>operations. If that's not enough, charge exchange fees. A competitive >>market will sort out who's got the most efficient operations, and thus >>ecash users get ecash at its most efficient price. > >Sure; just don't say "the solution is". You issue non interest bearing >notes and live on the float; I issue interest notes and live off the >exchange fees. Let the market decide. Agreed. "A solution is", then. There are many ways to skin a cat. I think you'll find that the overhead of my system beats yours, and lets me price my cash more competitively in an efficient market. That's why I said "the solution is". Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sun Aug 21 12:23:26 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 21 Aug 94 12:23:26 PDT Subject: e$: e-cash underwriting Message-ID: <199408211919.PAA21623@zork.tiac.net> At 10:25 AM 8/21/94 -0700, Hal wrote: >Come on, Bob, we've talked about a lot of problems in the last few weeks: the >prohibitions on most forms of bearer bonds; the prohibitions on banks >issuing their own currency; the stringent regulations for private scrip >circulation. Our people who know securities law can probably list a few >more. I have have been paying attention, I was not trolling. I would like to see a formal, concrete analysis of the legal issues if there is one out there. Or at least someone's best efforts at it. If it isn't there, then it may be time to commission one. For money. (Anyone out there want to e-mail me a quote?) Because I expect that it can be done and should be tried, and probably isn't going to send *anyone* to jail. I don't think that e-cash is a bearer bond. Its portfolio management from the underwriter's side is like that of a callable bond (more like managing the cashflows of a mutual fund while keeping the income), but to the holder it behaves just like cash (perticularly if it doesn't bear interest ;-)). If an underwriter is not a bank anymore than the underwriter of an traveller's check, or a mutual fund is not a bank, then a bank isn't issuing currency. I've heard arguments on both sides of the question of whether or not e-cash is scrip (it has an explicit value in dollars, and is redeemable in cash), and I think until the secret service bangs on someone's door, or more to the point, a real lawyer says it's expressly not legal, than it's at least possible. That which is not forbidden is permitted, the last time I looked. Legal hacking is not a bad thing to try to do at this point. No great green monster is going to shit on my head if I try, or anyone else tries, to start an ecash underwriting business. :-). The most that can happen is that the business fails, and most likely on economic, not legal, merits. >>The only way to find out about the *market* for the product is to test it. > >OK, but also one way to find out whether it is legal or not is to test it. >If you end up in jail, I guess it wasn't legal. Maybe that's not the >best strategy, though? Bill McGowan of MCI did not go to jail. He died in his bed of a massive coronary after a triple-bypass and a heart-lung transplant. Cigarettes killed him. He fought the law and the system, and he won on the economic and legal merits of his case. I don't expect the legal entry cost of a business like ecash underwriting to be nearly as complex. > >Send mail to netbank-info at agents.com for info on their non-anonymous (I >think) cash-like system. I wonder whether they have worried about these >issues or whether they are trying out the strategy above. They're asking forgiveness, not permission. They're "sooners". They're not quite the starting gun on the land rush, but they're close. I have seen their stuff. I expect that a lawyer has told them that the worst thing that can happen is that they'll get a nasty letter from the feds and have to shut down, and they might win if they decide to fight it. I expect that with a little reading, a legal mind might say the same thing about a legitimate digital cash system like Digicash(tm), for instance. Please note that I am not trying to make anyone angry here, or in the previous post, and I hope that my tone in the above doesn't appear angry, because it isn't. I just think that the concept of digital cash is farther along than most people think it is, and for the life of me, I can't see any reason for not doing it, except fear, or frustration from previous efforts, maybe. It's not FUD, because it's not deliberate, but it has the same effects. Cheers, Robert Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sun Aug 21 12:23:27 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 21 Aug 94 12:23:27 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408211918.PAA21615@zork.tiac.net> At 10:16 AM 8/21/94 -0700, Hal wrote: >I think Eric was referring to simple double-entry bookkeeping. I don't >have his original post in front of me, but I believe the suspension account >was a liability account which represented the digital cash in circulation. >In double-entry bookkeeping, every transaction alters two accounts so that >the books stay in balance. It's not unusual to make up specific accounts >for the particular assets and liabilities of your business. No. I was not referring to the process (double-entry bookkeeping), I was referring to the actual name of the account where the principal is held until it is redeemed. I liked the name, but I was wondering about where he got it from, or whether he invented it himself. If so, how did he arrive at the name "suspension account", etc. >There's something I don't understand about this "immediate and final >clearing" business. In an on-line cash system, the cash itself is not >"cleared" until you send it to the bank and/or have some guarantee from the >bank that it has not been spent before. It seems to me that you could get >the same benefit from a checking account if you called the bank, verified >the funds were available, and electronically cashed the check on-line. Right. My use of "immediate and final" comes from Eric (or maybe Perry). > >In an off-line system, is the cash really cleared immediately? Clearing in this case is when the cash passes from you to me. When I spend that cash with someone else, and they in turn spend it somewhere else, it's really clear, because neither one of us can ever trace where it went. For all intents and purposes, we might as well call the transaction clear at the time of its execution. Thus it's immediate and final. Just like any other cash transaction. >What if it >is double-spent? Is the bank going to guarantee to cover all instances of >multiple spending, in the hope or expectation that it can sue the customer >who did it? What if you're talking about huge sums of money, and the guy >doesn't just double-spend but hundredfold-spends it, then vanishes to Rio? >Are the banks going to cover that? They don't cover bad checks, and I don't >see how they can afford to cover bad cash. Exactly. Though I think it would be worthy of much more than a civil suit. I expect that criminal charges come into play here. The culprit has been identified. Out come the gendarmes, or maybe interpol, since he's gone to Rio. Catching an international criminal and extraditing him is not new technology. You don't even need new law. Just call it (wire?) fraud and leave it at that. People and businesses have insurance against fraud. I expect there will be a whole industry popping up after a while on e-cash loss control and insurance. > >So for both on-line and off-line ecash there appear to me to be problems >with the notion that cash has a unique advantage in providing immediate >clearing of transactions. Except for where the cash has been double-spent, a very special case, indeed, the cash has cleared once it's been spent by the person whom you gave the cash to. It's untraceability clears the transaction. It's immediate. It's final. > >Hal ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From prz at columbine.cgd.ucar.EDU Sun Aug 21 13:55:21 1994 From: prz at columbine.cgd.ucar.EDU (via the vacation program) Date: Sun, 21 Aug 94 13:55:21 PDT Subject: away from my mail Message-ID: <9408212012.AA19229@columbine.cgd.ucar.EDU> I will not be reading my mail for a while. I am on travel until Monday, 29 August 94. This canned message was generated automatically by the "vacation" program, but I'm not on vacation. Your mail regarding "re: your previous email" will be read sometime after I return. I have been traveling a lot lately, and my email backlog is now bigger than it's ever been, so big that I cannot get through it all after a trip before leaving on my next trip. You should assume that your email to me will take at least a week after I get back to read. Maybe longer. And now I am replying to only the most urgent email, because of the volume of email these days. If you need to speak to me sooner, call me at 303 541-0140, and I will listen to your message as soon as I return. Also, in case you are still using my old email address, please update your records to use only my current email address, which is prz at acm.org. In case you haven't heard, MIT has released PGP version 2.6, available from an FTP site at MIT, for US noncommercial users only. It is a nice version of PGP, with all the strength and integrity of PGP 2.3a, with some bug fixes and improvements. You may get it by FTPing to net-dist.mit.edu and looking in directory pub/PGP. -Philip Zimmermann From rishab at dxm.ernet.in Sun Aug 21 13:56:28 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sun, 21 Aug 94 13:56:28 PDT Subject: Governing an information society - 1/4 Message-ID: Jason W Solinsky : > > . What is to be done about non-conformists to the rules > > (without contradicting the rules?) > > They are fined. If this doesn't work their communication priveliges are > curtailed and if this doesn't work they are banished. As I have noted > before, in an information economy this is an extreme punishment. Yes, I can imagine heated debates on the moralities of such cyberspatial death penalties. I like to believe that the Internet model of society and indeed 'government' will eventually be adopted in the mainstream. What does one really need a 'government' for? A central source of power, Max Weber's monopoly of legitimate violence, is surely not the only method of ensuring a degree of fairness and order in society. Especially not in one based primarily on knowledge - or information. What do real world governments do? Broadly, two things. 'Social upliftment' - welfare and development programmes; and 'law enforcement' - ensuring that people stick to what they've agreed upon (idealized: in theory citizens have agreed to the social contract present in the constitution and laws). There is no specific evidence to show that the task of social upliftment is best performed by those with the weapons to enforce laws. Indeed, where welfare is _really_ needed (and I'm not talking about a Swede on unemployment benefits) much of it comes even today from independent organizations. Bangladesh, for instance, has what is almost a parallel government of several hundred local and international agencies that run numerous development projects, funded largely by private monies. Grameen Bank, a cooperative started on the premise that poor village women need small ($100) loans but invariably pay back, has a minute loan failure rate and makes a decent profit, unlike numerous government projects the world over. Development, the primary justification for taxation, is probably better accomplished by people outside the government, who are likely to be more efficient and dedicated. And if they manage with private donations now, they are sure to flourish when there is no compulsory taxation. Most cultures encourage generousity and most people would be willing to invest small parts of their income in organizations that do social work, where they could have far more control as investors than they do currently as taxpayers. Continued... Rishab ps. food for thought: there are seven countries on this planet that allow the death penalty for crimes committed by minors: Libya, Sudan, Iraq, Iran, Saudi Arabia, Pakistan and the United States of America. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Sun Aug 21 13:56:28 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sun, 21 Aug 94 13:56:28 PDT Subject: Governing an information society - 2/4 Message-ID: Another thing that governments do that is not quite the same 'social upliftment' as welfare - build roads, bridges and so on - is already done in many countries by private, profitable ventures with little loss to society. Law enforcement: there are instances where you break your contract, that form the basis of most crimes from non-payment to larceny to even theft, which can be seen as a violation of a social contract to 'pay for what you take'; then there are things which even the most radical would consider plain wrong, such as murder or rape. This distinction is partially acknowledged in the difference between civil and criminal cases. The former, 'civil' cases are best sorted out by an independent and trusted judiciary; a 'government' doesn't, or shouldn't, interfere. In the latter, 'criminal' cases, there may be a need for some sort of 'authorised violence' such as a police force. This is the only part of government that might necessarily require a universally accepted power. The alternative is the utopian, where people are (or are conditioned to be?) too 'good' to become murderers; or the dystopian (as in cyberpunk fiction, or the Wild West for that matter) ruled by the law of the jungle - might is right. Note that this differs from the present situation where while it is true that the power of authority rests in its right to violence, this is in theory approved of by the people - a sort of 'right is might'. Continued... Rishab ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Sun Aug 21 13:56:34 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sun, 21 Aug 94 13:56:34 PDT Subject: Governing an information society - 4/4 Message-ID: Real crime on cyberspace? The analogy to violence of action, such as murder, is violence of data, the fabric of cyberspace. This may have many forms: belief or opinions, knowledge, information and data crime. Violence of belief (thoughtcrime) - while some people feel that to discuss rape is to perform it, and discussing crimes is subject to a range of conspiracy and riot-control laws worldwide, this really can't be a crime in any free society. Then there is the knowledge crime - theft of intellectual property. This is in my view the single biggest issue in an information economy, but it can be addressed by a combination of encryption technologies, to prevent 'unauthorised' access, and the decentralized, non-governmental civil system discussed previously.Intellectual property can in any case not be treated quite as land and bonds are, and there are practical and moral issues involved in just what it is, which I may talk about in the future. Information crime - 'unauthorised' access of other information such as mail, unreleased memoirs etc, is basically an issue of privacy and can only be practically addressed through technology. Data crime - 'cracking', 'phreaking' etc usually reflect a total lack of responsibility on the part of _administrators_. "Officer, I left my wallet on the kerb 10 minutes ago, and now it's gone!" Better security and greater awareness will prevent most of it. If you do happen to catch a cracker, go through the same old _civil_ system. It is not really practical for a central Thought Police to actually find data criminals, without huge and non-specific violations of privacy. And data criminals don't need to be put in jail, they are probably the most affected by 'cyberdeath' - disconnection, digicash accounts cancelled, reputations muddied. I wouldn't want to do that to _anyone_ actually ;^) A thread I started months ago ('Cyberspace is by nature crime free' / 'Crime and punishment in cyberspace') led to similar Tim May-ist conclusion - let the police (and the minimalist government) attend to murders in brickspace, we cybercitizens will look after ourselves. Concluded. Rishab ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Sun Aug 21 13:56:36 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sun, 21 Aug 94 13:56:36 PDT Subject: Governing an information society - 3/4 Message-ID: Violence of action requires the protection and violence of action in return. Violence of belief requires the freedom to believe differently. It definitely should not require violence or protection of _action_ in return. Having dispensed with the role of traditional government in the area of social development and civil law :-} what remains is the need for a police force to tackle murders. If I'm murdered (or raped or have my arm minced or whatever), it is physically damaging. I suppose I'd say the same of my house being bombed. I need protection from such things, and the sort of socially accepted protection that won't lead to riots or the law of the jungle. Barricading myself, carrying a Kalashnikov and learning aikido is not enough, not for a civilized society. So I concede the existence of the police. (There is another reason - it is usually practical for the police to trace murderers or arsonists). In cyberspace, there is a 'social upliftment' role. Though initially paid for by various governments, there are a number of organizations that manage to distribute costs efficiently and provide huge service and infrastructure for low rates. There may also be 'civil' suits in cyberspace. Due to digitally signed, undeniable contracts, these should be reduced to only those that involve a breach of contract, rather than a suspicion of invalidity. 'Civil' cases can be sorted out by a cyberjudiciary, and punishment efficiently enforced by a society without any central control. While there have probably been no civil cases on the Net in the traditional sense, there have been situations where the power of distributed control was apparent. For instance, when Richard Depew's ARMM went out and cancelled anon posts on USENET, there was universal outrage. His punishment required no central 'law enforcer' - it was just the threat of posts from his site being cancelled that did it. And this would not have been possible without general, widespread agreement with the 'verdict' - as anyone not enforcing it would risk similar punishment from the large majority. Continued... Rishab ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From hfinney at shell.portal.com Sun Aug 21 14:24:36 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 21 Aug 94 14:24:36 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408211918.PAA21612@zork.tiac.net> Message-ID: <199408212124.OAA21988@jobe.shell.portal.com> rah at shipwright.com (Robert Hettinga) writes: >We could equivocate back and forth about who the lender is in this case. >It's the behavior of the financial instrument I'm talking about. At some >point, the principal goes away and has to be called from wherever it is (a >bank account, the money market, etc.) to meet a cashed-out piece of >digicash. In the meantime it earns interest. Thus it has principal, and >interest, and it is called. It's a callable bond. Well, I still don't follow this analogy. By this reasoning virtually every commodity that someone is willing to buy and sell is a callable bond. The local gold dealer may sell me gold coins for cash, take the cash, put it in the bank and collect interest, then buy my coins back from me later. Is the gold a bond? Am I "calling in my bond" when I sell the gold to him? I don't get it. Re interest-bearing cash: >I think the complexity is probably not worth it. Suppose you get a piece of >digital cash that's been out there a while, say 10 years (it's not likely, >ever, but I'm using it to make a point). 1 dollar at say 10% compounded >for ten years is 2.59. It's like winning the lottery, for no reason except >the person you last transacted business with paid you old cash for what you >sold him. It's not fair. That's what I meant by not fair. Let's see, I'm selling spindles for $2.59 and you come up with a piece of ecash you bought ten years ago for $1.00, which is now worth $2.59, and I sell my spindle to you for it. I deposit the cash in the bank and it's worth $2.59. Now who isn't this fair to? How is it different from you putting $1.00 into your interest-bearing checking account ten years ago and writing me a check for $2.59 today, the amount your $1.00 grew to? Sorry, I guess I'm missing a lot of your points. Hal From blancw at pylon.com Sun Aug 21 14:45:26 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Sun, 21 Aug 94 14:45:26 PDT Subject: Another Denning's view Message-ID: <199408212145.OAA18486@deepthought.pylon.com> >From Pat Farrell, quoting Peter Denning: "..... Now the strength of the country depends not only on its government but on its corporations. . . . . A new policy aligned with the new clearing would be for the National Security Agency to make its expertise available to the private sector, enabling markets to flourish in a worldwide information medium." ................................................................. ..... What an amazing difference between Dennings. What a great idea for the NSA were to become allies and start working for us, instead of for 'them'. The perception of it (NSA) would change in everyone's eyes; even pencil-toting nerds could learn to like them. Blanc From blancw at pylon.com Sun Aug 21 14:45:38 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Sun, 21 Aug 94 14:45:38 PDT Subject: Voluntary Governments? (Oh, Poleece!) Message-ID: <199408212146.OAA18518@deepthought.pylon.com> Some hidden, subliminal messages which were missed in the reply to thoughts about the concept of governance (delete if you don't find this exciting): > . Who or what is to be governed? i.e.: Is it a 'what' which needs to be governed, or is it a 'who'? Is it 'crime' which needs to be governed, or any and all of the members of that association who generally require regulation? To simply enter into an association with strangers for the purpose of being governed is a strange thing to agree to do; it's like an admission of personal deficiency ("SomeBody Stop Me!"). But of course, most people think that it will be 'others' who wil be governed, rather than themselves. > . What is inimical/destructive and to be regulated/prevented, > or what is sacred which is to be upheld? i.e.: Can the members of the association distinguish accurately between the good, the bad, and the merely ugly? In the U.S. it is life, liberty, and the pursuit of happiness which are to be upheld, but who can say that these are truly appreciated & successfully defended? The values are listed in the precious original documents, but the education and the behavior of the citizens contradicts them. > . Who is to do all the work of preventing or upholding > (how do they qualify for the job)? i.e.: What are the victims going to be doing while their values are being encroached upon, or ignored? If the job of self-defense is given up to someone else, their ability to distinguish 'criminal' behavior from otherwise innocent/ignorant mistakes, must be established - and who will be the best judge of this, besides oneself? There is a danger in that an individual could become intellectually flabby, their ability to be of practical use in their own regard atrophying from inactivity. And then who would know who is qualified to reason on the matter? They could be fooled; they could be led down to the river to leap in. > . What is to be done about non-conformists to the rules > (without contradicting the rules?) i.e.: People who ask for rules (there oughta be a law) are the ones most inclided to break them. Rules often substitute for active intelligence, for the need to think about what one is doing and the evaluation of the outcome. But it really becomes absurd to speak of non-conformism in a voluntary system. If it's voluntary, anybody who doesn't want to follow the rules can simply leave, they don't have to hang around waiting for the administration of a 'punishment' of any kind (anybody who stays doesn't have any self-esteem). The most important question was overlooked: . What makes you such an authority on government? i.e.: What makes someone think that it is alright to put any one person as an authority over the mind of another? Authority should be earned through admiration. It is Reality which should govern one's decisions, not the overshadowing or overwhelming of one's mental functions by another; it is what should be recognized as 'the' authority by which to regulate one's behavior. Blanc From cactus at bb.com Sun Aug 21 15:03:33 1994 From: cactus at bb.com (L. Todd Masco) Date: Sun, 21 Aug 94 15:03:33 PDT Subject: Governing an information society - 4/4 In-Reply-To: Message-ID: <338j90$bcb@bb.com> In article , wrote: >Data crime - 'cracking', 'phreaking' etc usually reflect a total lack of >responsibility on the part of _administrators_. "Officer, I left my wallet >on the kerb 10 minutes ago, and now it's gone!" Sorry for the tone (sort of), but... This sounds like typical kiddie-cracker garbage. It's more like, "Officer, I didn't know that master locks could be picked with the greatest of ease: arrest that man who picked it and took my wallet." (It is, in fact, trivial to pick Master locks -- far more trivial than to run crack on a passwd file -- yet many people still keep valuables behind them.) Security is a subject that takes time to learn, especially in this day of UNIX boxes on the Internet: it is not reasonable to expect that people should acquire an intimate understanding of how to implement secure methods to have an expectation of privacy. You can ignore that we live in a technically semi-literate (at best) society, but then you have no business talking about the world we live in. -- L. Todd Masco | "Large prime numbers imply arrest." - Previously meaningless cactus at bb.com | grammatically correct sentence. Now... From hart at chaos.bsu.edu Sun Aug 21 15:15:14 1994 From: hart at chaos.bsu.edu (Jim Hart) Date: Sun, 21 Aug 94 15:15:14 PDT Subject: Digital cash market Message-ID: <199408212216.RAA15216@chaos.bsu.edu> L. Todd Masco: > The american people keep claiming in polls that they want better privacy > protection, but the fact is that most aren't willing to do anything > about it: it's just a preference, not a solid imperative. Most customers want more privacy, but when you think about it, there is not a whole hell of a lot they can do about it right now. If they want to get the status and flexibility of a credit card, they need to give up their privacy. Nobody has tried to give them a private alternative. For that matter, no one has shown people at a gut level, as a good ad could do, what the consequences of loss of privacy are. At this point Duncan Frissel will regail us with some wonderful scheme, understandable only to lawyers, that can be used to get credit cards under aliases, perfectly legal if you use a doubly nested corporate structure going through Aruba and the Caymans, and the IRS and FBI don't decide to get to get you on some technicality Duncan failed to mention. I won't comment on why most consumers have neglected that option. What I'm talking about is a digital cash system that is as easy for the consumer as an identified debit card. We can do that with today's technology. The traffic level on this list is proof that there are plenty of people who care about privacy. The surprisingly large number of folks who actually do go to Frissell style lengths is proof that there are plenty of peope who care about privacy. Once we have learned what the problems and solutions are, we are willing to go to a significant amount of effort or inconvenience to get it. The real problem is, these polls are not well publicized, are geared towards political rather than business solutions, and haven't sunk through to the people in the product R&D and marketing departments. Exacerbating this, some organizations (such as American Express) make a lot of money off their free treasure trove of transaction information, and are using lots of FUD to keep privacy enhanced alternatives off the market. A dramatic, Apple-style ad portraying Visa and MasterCard as Big Brother may be what is needed to get over the apathy hurdle. There are plenty of credit card privacy horror stories we could publicize. Think of what could be accomplished these days with an infomercial. But this takes at least one excited organization with marketing clout to do it. Meanwhile, smart card based digital cash trials, supported by a large bank, are going on in Britain. There are major markets for both customers and vendors that don't have access to the credit card system, as well as customers who care about privacy. This is not a fringe technology; its possibilities just haven't sunk in yet. Jim Hart hart at chaos.bsu.edu From cactus at bb.com Sun Aug 21 16:13:01 1994 From: cactus at bb.com (L. Todd Masco) Date: Sun, 21 Aug 94 16:13:01 PDT Subject: Digital cash market In-Reply-To: <199408212216.RAA15216@chaos.bsu.edu> Message-ID: <338nb1$c49@bb.com> In article <199408212216.RAA15216 at chaos.bsu.edu>, Jim Hart wrote: > >L. Todd Masco: >> The american people keep claiming in polls that they want better privacy >> protection, but the fact is that most aren't willing to do anything >> about it: it's just a preference, not a solid imperative. > >Most customers want more privacy, but when you think about it, there >is not a whole hell of a lot they can do about it right now. Sure there is. People give out the SSNs all the time because it's too inconvenient not too. People patronize companies that buy and sell mailing lists. People patronize companies that telemarket. It's just too much of a pain not to. I think you miss my point (I'll talk a bit more about it later, in answer to your specific points): people care, but not enough to inconvenience themselves. >I won't comment on why most consumers have neglected that option. >What I'm talking about is a digital cash system that is as >easy for the consumer as an identified debit card. We can do that >with today's technology. With the technology, yes. I don't think that that is an issue (or if it is, let's pretend it isn't for this discussion). The problem is a political and socioeconomic one: it takes a large allocation of resources to create a system that is as easy to use as credit card. Our society simply does not allocate resources in a way that will get this task done without any major push from those with really power. As anyone who gives Chomsky any credibility knows, our rules in our society are largely dictated by the needs and demands of big business, with occasional concessions to mass desire. The desire for privacy in financial transactions is not large enough at this time: we're reminded of that every time we see a form with a space for your SSN. Perhaps abuses of our current information structure will change this: I hope it will, with minimum real impact. I'm not optimistic about that, though: our society only changes quickly in the face of crisis. >The traffic level on this list is proof that there are plenty >of people who care about privacy. The surprisingly large number >of folks who actually do go to Frissell style lengths is proof >that there are plenty of peope who care about privacy. I'm sorry, but I really don't think this shows anything for two reasons: (1) The net is big. Really big. A mailing list on just about anything can get this kind of traffic. I'm sure there's a NAMBLA list somewhere with decent traffic: this doesn't mean I expect child pornography (to steal a horseman) to become accepted any time soon. (2) We talk. We talk, and talk, and talk. Few people actually put real effort into implementing anything -- and even if we did, we don't control much in the way of resources: juts brains. Granted, you can do a lot with a bunch of clever brains, but without real backing by existing social and economic structures it is a difficult, up hill battle. >The real problem is, these polls are not well publicized, >are geared towards political rather than business solutions, >and haven't sunk through to the people in the product R&D and >marketing departments. Exacerbating this, some organizations >(such as American Express) make a lot of money off their free >treasure trove of transaction information, and are using lots >of FUD to keep privacy enhanced alternatives off the market. This is actually kind of interesting: it's something that really bugs me. For years, American Express made noises about how they had the consumer's best privacy interest at heart, how they never sold mailing list to other companies. They even sent out for free a document on protecting your SSN. Unfortunately, they've realized that there's a real economic incentive to compromise the information they hold. This proves two points: one, the standard point that the only way to protect information is to not create it, and two, that there's at least some real incentive to bias corporations against privacy schema. Many large corporations stand to benefit from the lack of privacy, and so their resources are likely to be deployed against creating privacy without a strong customer demand (a demand, not a preference) for privacy. >A dramatic, Apple-style ad portraying Visa and MasterCard as >Big Brother may be what is needed to get over the apathy >hurdle. There are plenty of credit card privacy horror stories >we could publicize. Think of what could be accomplished these days >with an infomercial. But this takes at least one excited >organization with marketing clout to do it. That's exactly my point: something big will have to happen in order to change the ways things are headed now. It could be a planned event or (more likely) set of events, or it could be some dramatic calamity. Otherwise, we're stuck in the old "boiling frog" trap: people will only care enough once it's too late. >Meanwhile, smart card based digital cash trials, supported >by a large bank, are going on in Britain. There are major >markets for both customers and vendors that don't have access >to the credit card system, as well as customers who care about >privacy. This is not a fringe technology; its possibilities >just haven't sunk in yet. You're right, these things are significant. I just doubt that they'll have real impact in this country: our government simply has too strong a hold on our economic transactions for something like digital cash to work against their wishes. If they spread here before the Feds wake up, great: we win. Otherwise... I don't think we really disagree on any substantive factual issues: just how to weigh them. We really are, I believe, at a pivotal point: if somehow we manage to get a system deployed before Big Business wakes up and sees the threat we pose, then wonderful. If not, it's going to be a long and bloody battle, one in which we are not by any means assured victory. Maybe I've just read too much Chomsky and Fuller and become blinded by their analyses. Chomsky talks about how our system works now and in the past to the more-or-less exclusive advantage of Big Business, while Fuller discusses the US's financial past (in Critical Path and Grunch Of Giants) and how technology spreads into common usage. Bucky Fuller's main strategy to improve living conditions of humanity was to develop technologies so that they'd be available for deployment when some crisis demanded them: I sincerely hope that this isn't the strategy that we end up having to live with, but I fear it very well may be, given the conflicting interests of companies such as AMEX and the desire for transactional privacy. -- L. Todd Masco | "Large prime numbers imply arrest." - Previously meaningless cactus at bb.com | grammatically correct sentence. Now... From cactus at bb.com Sun Aug 21 16:24:52 1994 From: cactus at bb.com (L. Todd Masco) Date: Sun, 21 Aug 94 16:24:52 PDT Subject: Creating privacy crises: Society hacking Message-ID: <338o15$c98@bb.com> In the composition of my last message, I was thinking in the back of my mind about how we could foment an information privacy crisis. This could very well be a Good Thing, a societal hack to serve as a wake- up call. At the HOPE conference, there was someone selling CD-ROMs of the DMV records for Oregon for $125. The same folks promise to add more states soon: next in line is Texas. Perhaps one could generate a privacy crisis by collecting that information and conducting a mass mailing to every person in the database: "we have this information on you. So could anybody with $125. Call your congress critter and complain." Some people don't consider their DMV records critical -- so perhaps a mailing from a company of their credit history would open their eyes (More effort than the $125 + postage, but probably a better yield). It's just a thought and it would require some amount of time & money, but it's a doable hack with finite resources. Thoughts? Is this totally off the wall, or do y'all think that somebody with a small but not tiny amount of money would be into doing this? -- L. Todd Masco | "Large prime numbers imply arrest." - Previously meaningless cactus at bb.com | grammatically correct sentence. Now... From entropy at IntNet.net Sun Aug 21 16:40:25 1994 From: entropy at IntNet.net (FLOATING OUTWARD) Date: Sun, 21 Aug 94 16:40:25 PDT Subject: Creating privacy crises: Society hacking In-Reply-To: <338o15$c98@bb.com> Message-ID: > In the composition of my last message, I was thinking in the back of > my mind about how we could foment an information privacy crisis. This > could very well be a Good Thing, a societal hack to serve as a wake- > up call. Extremely. Speaking as someone who derives particular joy from culture jamming in all of its forms, it sounds like a great thing to do if it is done appropriately. > At the HOPE conference, there was someone selling CD-ROMs of the DMV > records for Oregon for $125. The same folks promise to add more states > soon: next in line is Texas. It's a good idea; especially since the information is public record an is available from the state government on tape for a reasonable fee. Unfortunately, from what I've heard from people who actually have the database (for Florida), it works out to be several gigabytes of data, which is unfortunately too large to fit on a CD-ROM unless severely compressed. > Perhaps one could generate a privacy crisis by collecting that information > and conducting a mass mailing to every person in the database: "we have > this information on you. So could anybody with $125. Call your congress > critter and complain." Perhaps - but it is extremely likely that the local government would take a rather dim view of it. The DMV record data is probably restricted by some clause or other to non-marketing purposes. Before trying something like that I would suggest speaking to a lawyer or being willing to have large legal problems. > Some people don't consider their DMV records critical -- so perhaps a > mailing from a company of their credit history would open their eyes > (More effort than the $125 + postage, but probably a better yield). This would definately get you thrown in jail and your CBI account killed. It's a violation of CBI's use agreement and also against the fair credit reporting act. > It's just a thought and it would require some amount of time & money, > but it's a doable hack with finite resources. I think there's a happy medium where you can shake people up without going to jail in the process. :) > Thoughts? Is this totally off the wall, or do y'all think that somebody > with a small but not tiny amount of money would be into doing this? Yes. It's doable, but once again, I would seriously suggest a different approach. -jon ( THEY CAN STOP THE PARTY, BUT THEY CAN'T STOP THE FUTURE ) ( --------------------[ entropy at intnet.net ]------------- ) From ianf at simple.sydney.sgi.com Sun Aug 21 16:42:27 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Sun, 21 Aug 94 16:42:27 PDT Subject: NSA spy machine In-Reply-To: <199408190637.XAA16716@netcom9.netcom.com> Message-ID: <9408220938.ZM4720@simple.sydney.sgi.com> On Aug 18, 11:37pm, Timothy C. May wrote: > > Secret: take lots and lots and lots of money, use the most exotic packaging > > technologies you can find, pay lots and lots of attention to your memory > > system and cache, don't forget the importance of a nicely balanced > > architecture (meaning that I/O does matter), don't forget the importance of > > good compilers, and implement bit counting instructions just like the NSA > > tells you to. > > Hardly a secret, don't you think? > With no disrepect meant to Ian (indeed, this is my second reply of the > day to him), I think his point is dead wrong. No, it's not. See below. > The "secret" to general success in this market is not "lots and lots > of money," at least not when "lots and lots" is the tens of millions > of dollars that Cray Computer will apparently being getting from NSA > and the Supercomputer folks in Bowie for the delivery of an ostensible > Cray 4 or whatever it ends up being called (SMPP, etc.). > > $10 million is pocket change. Anyone building a company on that chump > change is already preparing Chapter 11 papers. I agree, but I was not talking about that amount of money. My point possibly would have been better stated as being "don't worry about the price". > Here's what "lots and lots of money" *really* is: > - $1 billion to complete a wafer fab in Ireland, finished last February > - $1.3 billion to build a wafer fab in Albuquerque, to be finished > later this year [...] You're talking about silicon fab lines here, Tim. As far as I am aware, Cray has never fab it's own chips. Indeed, most of their boards which I have seen (I, II, Y-MP/8 and Y-MP/EL) have used chips sourced from fairly well- known vendors, such as VLSI Technologies. The original series of systems (I, II and X-MP) actually used huge numbers of three types of chips. From memory, one was a couple of NAND gates, one was a register chip, and the third was a couple of K of SRAM. More recently, the full Y-MP's have been implemented in commercial ECL gate arrays (6500 gates per chip for the full Y-MP's), and the original EL used CMOS 100K arrays. I have been trying to get one of the computing industries choicest pieces of marketting junk: the Cray Y-MP Gate Array paperweight. :) Of course, given my recent career change, I don't think one will be coming my way anytime soon for some strange reason.... Comparing Cray with Intel is rather specious, because the companies are entirely different beasts. Intel's supercomputing division is a tack-on to it's high-end chip line. Cray never has had a division even vaguely like the Intel CPU divisions. > (And a new generation of hackers are using Linux on cheap Pentium > boxes to easily outrun Suns.) Not a fair comparison, really. Sun is the bottom end of the RISC system market, and is being continually trounced by almost everyone else. Comparing the Pentium to our R4400 chips, or HP's PA, or DEC's Alpha would be much more instructive, and not nearly as favorable to Pentium. No, I am not knocking Pentium. Within it's design limitations it's an interesting accomplishment. But those design limitations are crippling. > So you see why I consider the "lots and lots of money" flowing into > Cray Computer to be spitting into the ocean. I'm not worried. Agreed. But the points I was making concerned a comment from the previous posters about Seymour Cray's design "secrets", NOT the current grant of money from our good friends at the Puzzle Palace. Ok, let me explain what I wrote: > > Secret: take lots and lots and lots of money, Cray's traditional client-base is money rich, and possess problem sets which are not practical on conventional architectures. Those conventional architectures exist within a cost/afforability framework which limits the technologies that they can use. Cray is not unlimited, but it is not nearly as limited. They've also got a hidden advantage in that if they do make a _really_ bad business decision (and I'd say personally that the Cray-III had been one such), then their customers will probably support them just to maintain their current systems. It's a nice position to be in. So it's not that Cray has lots and lots of money, but that you can assume that your customer base will have. > > use the most exotic packaging > > technologies you can find, Lots of people disregard the implications of putting quarter of a million ECL chips into a column a metre round and a metre and a half high (ie. the Cray II). You have BIG heat problems, and in some configurations even flourinert immersion isn't going to work. A lot of the cost of these systems is packaging, and Cray really pushes the state of the art here. In Seymour Cray's speech to the ACM, he mentions that fluid immersion of PCB's had never been tried before, as everyone thought that the boards would bloat. But they tried it, and the boards were fine, with the added bonus that because the heat was much more evenly distributed, the machines were considerably more reliable than expected. > > pay lots and lots of attention to your memory > > system and cache, (BTW, for those people who want to lecture me that Cray's don't have caches, just consider the different terminology. Vector registers are nothing more than user directed data caches, and Crays call their instruction cache an "instruction buffer".) As many RISC system manufactures have found, you can put the fastest CPU's into machines, but without a damn good memory design they spent most of their time waiting. Cray's CPU's are not particularly complex. Cray estimates 1.5 million transistors to implement a Y-MP CPU. Most modern RISC CPU's are considerably more complex than this. It's the Cray memory system, which on most of the traditional vector machines is implemented in 10-15nS SRAM with four ports to memory from EACH CPU, that is the spectacular part of the design. What Cray uses for main memory (M90 and EL series excepted), most other vendors use for cache. (Of course, I have to say that SGI's Power Challenge memory systems are getting pretty impressive too, now. You can't avoid it if you're supporting the sorts of performance our newer supercomputer-class systems provide.) > > don't forget the importance of a nicely balanced > > architecture (meaning that I/O does matter), Lots of the Japanese supercomputing vendors forgot this. Their peak MFLOP performance was really spectacular, but with real applications they looked a lot less spectacular. The data set size of most applications which are worth running on supercomputers is HUGE, but it's useless if you cannot get the data too and from disk in less time than it takes to process it. > > don't forget the importance of > > good compilers, Cray has been known to ship systems without even an operating system, it's true, but only very early on. Unless you ship _good_ compilers, most of the applications for the machine won't get written. Sure, you can program in CAL, but most people won't. > > and implement bit counting instructions just like the NSA > > tells you to. Ok, I was being facetious here. But it masks a good point: customer service is important, and companies with tiny installed bases (eg. the Cray II sold a total of 31 systems), need to look after their customers. Lots of other supercomputer vendors who rolled nice boxes out of the door and then just went into a backroom to design the next without any customer involvement don't exist anymore. Ian. Disclaimer: I am NOT speaking for SGI. From ianf at simple.sydney.sgi.com Sun Aug 21 17:21:50 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Sun, 21 Aug 94 17:21:50 PDT Subject: NSA Spy Machine and DES In-Reply-To: <6681@aiki.demon.co.uk> Message-ID: <9408221018.ZM4791@simple.sydney.sgi.com> On Aug 18, 8:13pm, Jim Dixon wrote: >In message <9408190809.ZM4528 at simple.sydney.sgi.com> Ian Farquhar writes: >>Actually, I would be surprised if the "SIMD" processors were not a huge >>array of reprogrammable FPGA's, quite possibly Xilinx's. The possibilities >>of a large array of these chips, each with local memory, is quite >>interesting. I have personally seen an array of 64 Xilinx chips in a DEC PeRL >>box doing RSA, at speeds similar or better to almost all available custom >>hardware implementations of the cipher. >The delays in getting data on and off the chip are too large and the amount >of space wasted in redundant functions is too great. That is a rather sweeping statement. Want to back this up with some facts and figures from real FPGA implementations? Certainly the early bit-slice designs you mention later on did suffer from these problems, but FPGA's bear little relationship to those rather venerable devices. >You might prototype >it using FPGAs, but even this is unlikely. Why not just buy one of the >existing SIMD processors and simulate your target system? Because the FPGA solution is obviously less flexible, but a hell of a lot faster than software simulation of another architecture. In this application speed will win every time. > People used to build fast processors out of separate chips (bit slices). > They don't do that any more because it's too slow and too expensive if you > are building in volume. But this application is NOT building in volume. And yes, people do still built multichip CPU's: most traditional supercomputing and mainframe vendors for a start. Indeed, I would be surprised if this application didn't design it's own FPGA (for ease of interfacing with the comms network for a start), but I'd argue that a SIMD configuration of reconfigurable FPGA arrays (ie. a fixed array of reconfigurable arrays) would be an awesome system for many problems that the NSA would deal with. Ian. From ianf at simple.sydney.sgi.com Sun Aug 21 17:32:42 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Sun, 21 Aug 94 17:32:42 PDT Subject: NSA Spy Machine and DES In-Reply-To: <199408191712.AA08364@access3.digex.net> Message-ID: <9408221029.ZM4802@simple.sydney.sgi.com> On Aug 19, 1:12pm, Peter Wayner wrote: > But like I said, what do I know? I would be intrigued if someone > could run a back of the envelope calculation on building a machine > with Xilinx. How many processes can you do with it? How many testing > circuits can you fit on a chip? How fast will these circuits go? > What is the big win from pipelining the process? Sure you can > build a sixteen stage pipeline, but will you need to put copies > of the SBOXes at each stage? How much space will this take? How > deep will the gates be? What is the gate delay at each stage? > What will be resultant speed? You seem to be assuming here that DES cracking is all this machine will do, which is something I really doubt. As Phil Zimmerman pointed out some time ago, there are lots of other interesting applications which SIGINT operations perform. Signals analysis is one he mentioned, and I'd also add the computationally expensive tactical and traffic analysis operations (ie. scanning masses of data items searching for significant correlations). Examples of this might be noticing an increase in the use of enciphered military comms from one country's border, and thus deducing (without necessarily breaking the cipher) that a military buildup is occuring along this border. Sure, this sounds easy, but if your surveillance network intercepts a hundred thousand transmissions worldwide per day, correllating the lot for this sort of information is not a simple task. Amusingly, such mass analysis is now filtering down to the commercial level, and the term which is used is "data mining". You might also like to consider the automated analysis, sorting and indexing of the terrabytes of textual information which the NSA would intercept every day. There is no way they could ever employ enough people to read it all, so it is almost certain that automated sieves are being used for this application. In summary: the NSA does more than breaking codes, and their computers are not only used to run through lists of keys for DES encoded intercepts. Ian. From rah at shipwright.com Sun Aug 21 17:50:41 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 21 Aug 94 17:50:41 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408220047.UAA24562@zork.tiac.net> At 2:24 PM 8/21/94 -0700, Hal wrote: >Well, I still don't follow this analogy. By this reasoning virtually every >commodity that someone is willing to buy and sell is a callable bond. The >local gold dealer may sell me gold coins for cash, take the cash, put it in >the bank and collect interest, then buy my coins back from me later. Is the >gold a bond? Am I "calling in my bond" when I sell the gold to him? I don't >get it. OK. I'll try again. The difference between digital cash and your examples of gold and cash is that that gold really *is* a commodity. It can be melted down, and recombined with other gold into any unit of measure you want, as long as the purity of the metal is the same, and that's a scientifically verifiable process. An ounce of gold is utterly indistinguishable from another ounce of gold. In the case of cash, there's a certificate number on each one, issued by the issuer. Thus it has a set of specifically identifiable future cashflows associated with it. Since it is directly related to a "risk-free" security (the US dollar) and it is collateralized with a pool of money which accretes interest, it acts just like a bond. If it walks like a bond, and quacks like a bond, it's a bond, yes? Anyone can dig up more gold but when it's melted with other gold, who's to tell which one's the gold they dug up? Only the issuer can issue an issuer's certificates, be they cash (in the old banknote days), bonds, stock, whatever. A bond is a unique discrete entity. More to the point, it's a promise to pay a specific cash amount at some specified time, or upon redemption by the purchaser. So is digital cash. Gold, on the other hand, is a continuous commodity. Different stuff. Probably not much help, but I'm trying here. I really am. Is that any better? By the way, "calling the bond" is actually exercising an option, and yes, the finance guys will tell you that there is no difference. You can use option pricing methods to price lots of stuff, and some people do it with commodities. Remember my goofy (but true) statement that a bond is really a string of embedded call options? It's in the book I referred to (Fabozzi, Fixed Income Mathematics, Probus Press, 1993, isbn 1-55738-423-1, pp 249-315). >Let's see, I'm selling spindles for $2.59 and you come up with a piece of >ecash you bought ten years ago for $1.00, which is now worth $2.59, and I >sell my spindle to you for it. I deposit the cash in the bank and it's worth >$2.59. Now who isn't this fair to? How is it different from you putting >$1.00 into your interest-bearing checking account ten years ago and writing >me a check for $2.59 today, the amount your $1.00 grew to? The problem is, you have to price the cash before you use it to buy something, and then you and the seller has to agree that that's the value of it. To do that, you or the person you're offering the cash to need to somehow communicate with the underwriter, thus destroying the anonymity of the cash transaction, and also increasing it by the communication costs, and creating an on-line cash system when we wanted an off-line one. Of course, the issuer could publish the prices based on the compounded interest accrued *for each certificate*, for the time period it's outstanding, possibly complete with the compounding factors for each compounding period used. (a day, a month, a year, or even continuous over the life of the instrument) Lot of overhead there, but mutual funds do it all the time. You'd want to just take their word for it, I suppose, and trust their price, right? Mutual funds are priced in exactly this way. A mutual fund share has a specific value at purchase. It is specifically identified and compounded over the time it is held, in theory, anyway, because there are accounting and programming tricks to get the same result with less overhead and still maintain the audit trail. Those values are computed and accumulated as if they were on an individual share basis. Really. I swear. I've priced mutual funds and their returns and used them to compile data used in portfolio managers' performance evaluations. I didn't say that that you couldn't do it your way. I just said it costs more than just dumping the certificate numbers into a redemption database, keeping the interest, and pricing the e-cash at issuance to reflect your costs of operation and your competitive pressures from the marketplace. > >Sorry, I guess I'm missing a lot of your points. I'm also sorry. I'm doing the best I can here. I hope I took a better shot at it this time. > >Hal There's nothing awful about keeping the interest, folks. (Unless you're a moslem, of course :-) ) It's really just a type of liquidity premium paid to the underwriter to offset whatever risk (business risk, and legal risk at this point) taken to issue e$ for use in internet commerce. As more people get into internet commerce and underwriting it, then the premium goes down because the risk goes down. I think this whole discussion about where the money gets made is beside the point. The fact is that some combination of exchange fees and interest on the "suspension" account balance will offset the costs of underwriting ecash. People can make money underwriting e-cash. If the market's there, anyway... ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From remailer-admin at chaos.bsu.edu Sun Aug 21 17:56:41 1994 From: remailer-admin at chaos.bsu.edu (Anonymous) Date: Sun, 21 Aug 94 17:56:41 PDT Subject: No Subject Message-ID: <199408220058.TAA16506@chaos.bsu.edu> L. Tood Masco: > Perhaps one could generate a privacy crisis by collecting that information > and conducting a mass mailing to every person in the database: "we have > this information on you. So could anybody with $125. Call your congress > critter and complain." This is a wonderful, wonderful idea. The biggest blow to privacy in this decade was when Lotus Markeplace was withdrawn off the market. This ifnromation is already widely distributed. The only effect the withdrawal had was keeping the public in the dark about what infromation is out there in the world about them, and (by inference) how it was obtained. The sad fact is, most of the political action over 'privacy' only has the net effect of keeping people in the dark about what information they are giving out to complete strangers about themselves. Most people don't realize, at either gut level or fully at the intellectual level, just how much personal information they are giving away when they write down their Social Security or other universal ID number on a form. As long as the information is only being swapped between skyscrapers, so that most peple aren't allowed to access it, this ignorance will contininue. People will realize what they are doing when it's sitting in front of their faces on the computer screeen. I also highly recommend using anonymous remailers to post allegedly personal, but in fact widely available, information to the net such as credit card numbers, credit histories, medical data, and the like -- as long as viable alternatives for the victims are available. Timing is critical here; let's be ready to do this but not jump the gun until the alternatives are available. Let's promote real privacy, technology that gives customers real knowledge and choices about what data they give out, rather than the current bankrupt political movement which promotes information theft from ignorant consumers, and the hoarding and monopolisation of information, in the name of 'privacy'. From greg at ideath.goldenbear.com Sun Aug 21 18:32:45 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sun, 21 Aug 94 18:32:45 PDT Subject: Mail to all drivers in Oregon? In-Reply-To: <338o15$c98@bb.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > Perhaps one could generate a privacy crisis by collecting that information > and conducting a mass mailing to every person in the database: "we have > this information on you. So could anybody with $125. Call your congress > critter and complain." [...] > It's just a thought and it would require some amount of time & money, > but it's a doable hack with finite resources. Probably more than any of us want to pony up. My 1990 almanac lists a 1987 estimate of Oregon's population at 2.7 million people, 20 % of whom were below the age of 15. Let's triple that and assume that 60% of the population doesn't have a driver's license (overgenerous, I think) - and let's assume that you form a nonprofit (to get cheap postal rates), and you pre-sort your mailing, and you use cheap stationary, such that each piece costs you only $.20 - you're still talking about a $216,000 mailing. It's a good idea, though; I for one am sympathetic to the cause, if not this particular implementation. Actually, there's no reason that the Oregon Privacy Institute (which I just made up on the spot :) couldn't hold a press conference in a room with stacks & stacks of flats of envelopes, and announce that the mailing will take place soon .. :) Thanks for inspiring me (an Oregon resident) to get off my butt and write to my state representative. For what it's worth, it is possible to ask the Oregon DMV not to release your records - I've done so, but don't know if I'm on the CD or not. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLlf+P33YhjZY3fMNAQGaXgP8DVealDg09ypFtnshBq8GvtjnmpA5Bpa/ VChXJE6R2ttylGNIbYjdXdLO+0AZR62f8e8R0ab4eccddMra14jradsrSpQJHqeL lOahiZGzFYXD/0S260B6gXQMT4K0BzwjX2AUCeCfS4zbya6JoTG5jAB0B8J6iS6e U1CQl6JxHXI= =Ya0c -----END PGP SIGNATURE----- From tc at phantom.com Sun Aug 21 18:39:10 1994 From: tc at phantom.com (Dave Banisar) Date: Sun, 21 Aug 94 18:39:10 PDT Subject: Another Denning's view In-Reply-To: <49314.pfarrell@netcom.com> Message-ID: Of course times do charge. Just a few short years ago, D. Denning opposed S.266, the precursor to the digital telephony proposal. Then she moved out of her safe home in Palo Alto (the nice side) and moved to the big bad city inside the beltway and became a law enforcement control freak. d From solman at MIT.EDU Sun Aug 21 18:48:56 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sun, 21 Aug 94 18:48:56 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408211706.KAA05754@jobe.shell.portal.com> Message-ID: <9408220148.AA08705@ua.MIT.EDU> > >The problem about not keeping the interest on the float is, who do you pay > >it to otherwise? If you have a truly anonymous digital cash system, you > >couldn't find the original purchaser if you tried. If you want to treat > >this like a settlement problem in securities operations then you have to > >track each owner's interest share for the time they held the instrument and > >pay them back. Again impossible. If you pay back the accrued interest on > >that specific ecash certificate to the person who "walks in the door" with > >it, is it fair? > > Fair? Who cares? The question is, is it useful? Sure it is. I'd rather > use cash which bore interest than that which didn't! Sure, it's a little > more complicated to buy something with notes which are worth $1.05 - $1.10 > than $1.00, but that's what computers are for. The value increase accrues > to whomever holds the note during the time they hold it. I don't see where this complication arises from. Assuming that you have already created a floating rate exchange apparatus between dollars and digicash [maybe you aren't making this assumption and that is where my confusion arises from] all you have to do is invest the money that backs the digicash and make regular, frequent and public reports about how well it is doing. The exchange rate will then naturally parallel and the interest problem is solved without any extra more complication than is involved in the creation of a floating rate exchange mechanism. JWS From hart at chaos.bsu.edu Sun Aug 21 18:56:28 1994 From: hart at chaos.bsu.edu (Jim Hart) Date: Sun, 21 Aug 94 18:56:28 PDT Subject: www log stripper Message-ID: <199408220158.UAA16851@chaos.bsu.edu> First question: does anybody know the full URL for detailed information on how World Wide Web servers do logging, and the particular kinds of connection and transaction information they can log, and what information they typically do log? (I know the main Mosaic doc URLs but can't find this info). Second question: wev'e heard about installing swIPe in the kernel and using it as an anonymous packet forwarder -- stripping off the original. Has anybody done the analogous thing at the http protocol level for the World Wide Web? That is, set up an httped, the only purpose of which is to forward URL requests with all originating site and username information stripped. I would love to use such a service. I would even pay substantial amounts of "Magic Money" tokens to do so, if somebody writes a convenient user interface to that system. Also, if some folks are serious about taking the lead on either of these projects, I'd be happy to contribute my hacking skills (the typical C/Berkeley Unix & networking, etc.) and do beta testing. Jim Hart hart at chaos.bsu.edu From solman at MIT.EDU Sun Aug 21 19:04:49 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sun, 21 Aug 94 19:04:49 PDT Subject: Voluntary Governments? In-Reply-To: <199408211736.KAA07761@jobe.shell.portal.com> Message-ID: <9408220204.AA08812@ua.MIT.EDU> > In an on-line world it would be much easier to enforce banishment or > selective ostracism than in real life. Filtering agents could look for > certificates from accepted enforcement agencies before letting messages > through. Each user could have a set of agencies which were compatible > with his principles, and another set of "outlaws". You could even end up > with the effect of multiple "logical subnets" of people who communicate > with each other but not outside their subnet. Some nets might respect > intellectual property, others not, and so on. Yeah I've been thinking about this alot. It seems that my system has a high probability of increasing cultural fragmentation. I have occasionally tried to support the thesis that as the level of technology sophistication increases, the fraction of the population that is employed in "artistic" professions [jobs that create things, the purpose of which is our intellectual stimulation] will increase and further that the number of artistic jobs that can be supported by a population has a positive correlation with the population's degree of cultural fragmentation. Perhaps there are some _positive_ economic benefits to the creation of seperate "subnets", and the cryptographic walls erected by cyberspatial governments will be the mechanism by which this fragmentation occurs. JWS From solman at MIT.EDU Sun Aug 21 19:33:41 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sun, 21 Aug 94 19:33:41 PDT Subject: Voluntary Governments? In-Reply-To: <199408211758.KAA15344@netcom12.netcom.com> Message-ID: <9408220232.AA08862@ua.MIT.EDU> > From: Hal > > > > > > What does it mean to speak of a government in cyberspace? It is the > > > government in physical space I fear. Its agents carry physical guns > > > which shoot real bullets. > > Jason W Solinsky writes > > It depends on the government. You could set up a government to.... > > You could set up a "government" to make shoes. If they do not use > guns they are not a government. If somebody does not make shoes > he is not a shoemaker. Governments are in the business of violence. I'm not going to post again on this subject since it is a question of semantics, BUT: A government is something that makes laws, enforces laws and punishes offenders. I don't see why guns would determine whether or not something is a government. The control of information resources in cyberspace can be very nearly [though admitedly not quite] as coercive as the control of physical resources in real space. It all depends on the distribution of total resources between physical and intellectual. Presently the balance clearly in favors physical resources, but that is changing rapidly. > > > Both of these examples are similar in that they are coercive. If you want > > to conduct business with the governments citizens you have to obey all the > > laws. But no force is involved. The will of the government is effected > > entirely by economics. > > And if I wish to conduct business in a shopping mall, either as customer > or shopkeeper, I have to abide by the mall rules. This does not > make the mall a government. Why not? If you want to do business in Massachusetts you have to abide by Massachusetts law. If you want to do business in Cambridge you have to abide by the rules there. If you want to do business in the Cambridge-side Galleria (may my spelling RIP) you have to abide by its rules. What is the difference? There are a number of municipalities in the United States that have no laws punishable by prison, just fines (of course they are located within larger governments for which this can not be said). The entire power of the government rests in its ability to take away your property if you violate the rules. Does it really change things if your property is taken away using the tools of cryptography instead of the weapons of war? JWS From hart at chaos.bsu.edu Sun Aug 21 19:36:01 1994 From: hart at chaos.bsu.edu (Jim Hart) Date: Sun, 21 Aug 94 19:36:01 PDT Subject: Mail to all drivers in Oregon? In-Reply-To: Message-ID: <199408220237.VAA17153@chaos.bsu.edu> L. Todd Masco: > Perhaps one could generate a privacy crisis by collecting that information > and conducting a mass mailing to every person in the database: "we have > this information on you. So could anybody with $125. Call your congress > critter and complain." I love the first part of this idea, and hate the second part. As other posters have noted, putting the information that we are unconsciously giving away to strangers, back in front of our faces, is worth any million screeds about how our privacy is being eroded. The fact is, we can't see that our privacy is being eroded. It happens silently and invisibly. That feedback loop needs to be completed to our guts, for there to be enough awareness to motivate most people. But just what are we supposed to tell our Congressmen to do? We have way too much "write your Congressman to solve all our problems" bullshit in the privacy advocacy area. It's almost all hallucination. I defy you to suggest anything that has a snowball's chance in hell of passing that will _in fact_ have a major impact on improving our privacy instead of just satisfying the needs of special interests who want to keep their monopoly on consumer information and keep consumers effectively ignorant of what they are collecting. The most likely outcome of the above tactic are weak laws saying that DMVs can only sell their data to a few select federal agencies and credit reporting companies. What a blow for privacy. What we need is privacy as a _business_ movement. We need to offer services that are alternatives to to the current dossier system. People have to take action on their own, not go whining to their purported leaders and comforting themselves that that they have done something to solve the problem. Political action does have a niche in the activist ecology, but it is a much smaller niche than is reflected by the dominance of politics over more important consideraions in the privacy movemement. The proper niche of political action is as completementary supplement to personal action and business activity. Political action that purports to be the main solution to the problem is, in all likelihood, part of the problem. Political activism in favor of legal cryptography is a supplement, a support for our personal decisions to use cryptography to empower people to improve their own privacy. It is not a replacment for deploying and using cryptography, it is only a support activity. Most of the decisions will be made in the marketplace, in this case the marketplace of aliased and out of state driver's licenses, with with politcs being only one of a wide variety of considerations. Jim Hart hart at chaos.bsu.edu From cactus at bb.com Sun Aug 21 19:48:09 1994 From: cactus at bb.com (L. Todd Masco) Date: Sun, 21 Aug 94 19:48:09 PDT Subject: Mail to all drivers in Oregon? In-Reply-To: <338o15$c98@bb.com> Message-ID: <199408220253.WAA17268@bb.com> Greg Broiles writes: > Probably more than any of us want to pony up. [...] > you're still talking about a $216,000 mailing. Yup. I wasn't thinking of some individual doing this: $216K is relatively small change for a reasonably sized organization, though. On the other hand: remember, we live in an age when people like Perot live. Another consideration is that you could probably interleave: send only 1 in 5 people one of the letters, and you may very well have a similar impact for "only" $44K. With 250 million people in the US, guess that half of them have DMV records, and take a fifth of them: that's $1 million dollars at $.20/mailing. How much do lobbying organizations spend? Political parties? (Hmmm. Maybe we could get the House post office to send 'em). Another approach might be to try to find small groups of people in each county in the US to handle the mailings. Of course, the details aren't important: the level of awareness generated is. I also agree with the anonymous poster who suggests that we wait until there's a real alternative. -- L. Todd Masco | "Cowboy politicians sucking up to the aristocracy, not cactus at bb.com | even sure if they like democracy..." - TR-I From solman at MIT.EDU Sun Aug 21 19:58:25 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sun, 21 Aug 94 19:58:25 PDT Subject: Governing an information society - 3/4 In-Reply-To: Message-ID: <9408220257.AA08968@ua.MIT.EDU> > There may also be 'civil' suits in cyberspace. Due to digitally signed, > undeniable contracts, these should be reduced to only those that involve a > breach of contract, rather than a suspicion of invalidity. I think that even this will be mitigated dramatically. In an information economy there are relatively low bariers to obtaining cost information. I would therefore expect cyberspatial contracts to ALWAYS have a breach clause built in. It is always possible that something isn't going to go right and a breach will occur. With the superior cost information available in cyberspace, it should make sense to include detailed information on the costs of a breach to the various parties. This reduces the cost of adjudication and enables both parties to more precisely hedge the risks they take as they enter into the agreement. JWS From cactus at bb.com Sun Aug 21 20:17:06 1994 From: cactus at bb.com (L. Todd Masco) Date: Sun, 21 Aug 94 20:17:06 PDT Subject: Mail to all drivers in Oregon? In-Reply-To: <199408220237.VAA17153@chaos.bsu.edu> Message-ID: <3395kh$h8k@bb.com> In article <199408220237.VAA17153 at chaos.bsu.edu>, Jim Hart wrote: > >L. Todd Masco: >>"we have >> this information on you. So could anybody with $125. Call your congress >> critter and complain." >I love the first part of this idea, and hate the second part. ... >But just what are we supposed to tell our Congressmen >to do? Fair enough. ^Call your congress critter and complain^Support anonymous transactions with digital cash from (company_name). I agree with the anonymous poster who said that such a move should be put off until we have a real solution. So, whatever company wants to kick this off could use this to generate political protection. To put my comment in the right context, I was worried (when thinking about this) about anonymous digital cash being made illegal. The intent would be to kill opposition to anonymous digital cash. Eric mentioned in his talk at the SEA that companies exist that sell mailing lists of people of a particular ethnicity based upon spending patterns: the example he gave was a company marketing to jewish people bought a list of "believed jews" for the purpose of marketing (and Eric mentioned the irony). Another variation of my suggestion would be to get such lists and to mail to people a statement saying "You are registered as an (ethnicity) in mailing lists." Even a 50% hit rate would drive the issue home to people with enormous efficiency. The intent isn't to get the government to Do Something, but to make people en mass aware that privacy is a real issue that affects them. -- L. Todd Masco | "Large prime numbers imply arrest." - Previously meaningless cactus at bb.com | grammatically correct sentence. Now... From solman at MIT.EDU Sun Aug 21 20:36:57 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sun, 21 Aug 94 20:36:57 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408220047.UAA24562@zork.tiac.net> Message-ID: <9408220336.AA09238@ua.MIT.EDU> > >Let's see, I'm selling spindles for $2.59 and you come up with a piece of > >ecash you bought ten years ago for $1.00, which is now worth $2.59, and I > >sell my spindle to you for it. I deposit the cash in the bank and it's worth > >$2.59. Now who isn't this fair to? How is it different from you putting > >$1.00 into your interest-bearing checking account ten years ago and writing > >me a check for $2.59 today, the amount your $1.00 grew to? > > The problem is, you have to price the cash before you use it to buy > something, and then you and the seller has to agree that that's the value > of it. To do that, you or the person you're offering the cash to need to > somehow communicate with the underwriter, thus destroying the anonymity of > the cash transaction, and also increasing it by the communication costs, > and creating an on-line cash system when we wanted an off-line one. WHAT?!? If I want to sell some stock and I want to figure out how much it is worth, I go to the Bloomberg in the Sloan basement and get a 15 minute delayed quote. If I want to buy something in Mexico with dollars, I look at the exchange rate in the bank or in my hotel. If I want to buy something in digicash, I check the exchange rate, and then I conduct the transaction. Where is the problem here? > Of > course, the issuer could publish the prices based on the compounded > interest accrued *for each certificate*, for the time period it's > outstanding, possibly complete with the compounding factors for each > compounding period used. (a day, a month, a year, or even continuous over > the life of the instrument) Lot of overhead there, but mutual funds do it > all the time. You'd want to just take their word for it, I suppose, and > trust their price, right? OK, I see the problem. You are assuming that certificates will be issued at a consistent set of notional values. (like ten bucks, five bucks ect.) The correct way to do things [:-] is to set the notional value of new certificates based on the trading value of old certificates. Suppose the first certificate had a principal of $10 and is now worth $11, then the new certificates that I issue will have their principal adjusted so that including the effect of interest rates, my new certificate is worth as much as your old certificate. Thus, there is only ONE value that needs to be published at any given time. > There's nothing awful about keeping the interest, folks. (Unless you're a > moslem, of course :-) ) It's really just a type of liquidity premium paid > to the underwriter to offset whatever risk (business risk, and legal risk > at this point) taken to issue e$ for use in internet commerce. As more > people get into internet commerce and underwriting it, then the premium > goes down because the risk goes down. Seting prices based on convenience instead of value derived? *BLECH*. That sort of thing is anathema to free markets. JWS From jamesd at netcom.com Sun Aug 21 20:49:41 1994 From: jamesd at netcom.com (James A. Donald) Date: Sun, 21 Aug 94 20:49:41 PDT Subject: Voluntary Governments? In-Reply-To: <9408220232.AA08862@ua.MIT.EDU> Message-ID: <199408220349.UAA08513@netcom15.netcom.com> I wrote: > > Governments are in the business of violence. Jason W Solinsky writes > A government is something that makes laws, enforces laws and punishes > offenders. I don't see why guns would determine whether or not something > is a government. > > And if I wish to conduct business in a shopping mall, either as customer > > or shopkeeper, I have to abide by the mall rules. This does not > > make the mall a government. > Why not? Because if you fail to obey the mall rules you will get thrown out. (Possibly by men with guns.) If you fail to obey the government rules men with guns will come and kill you, imprison you, or take away your property at gunpoint. That is why the shopping mall is not a government and that is why your "cyberspace governments" are not governments, they are private escrow agencies. We do not call malls governments and we do not call private escrow agencies governments. So we should not call your "cyberspace governments" governments. It is not rules and enforcement that make a government a government - every organization, every group of people, have rules and enforcement, usually informal, sometimes formal. It is killing, violence, and extortion that make government organizations different from non government organizations. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From tcmay at netcom.com Sun Aug 21 20:54:17 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 21 Aug 94 20:54:17 PDT Subject: e$: buyinfo, internet commerce, and GMU In-Reply-To: <199408202150.RAA13710@zork.tiac.net> Message-ID: <199408220354.UAA03679@netcom6.netcom.com> > There are some people from GMU ("Coalition for Electronic Markets; > George Mason Program on Social and Organizational Learning") talking about > superdistribution schemes (one put an article in the new Wired) and > internet commerce on the new (?) www-buyinfo list I just started watching. ... > If anyone has comments on this bunch, it may be interesting to hear them here. > Bob Hettinga Brad Cox at GMU is one of the "superdistribution" advocates. In addition to his article in the latest "Wired," he's had pieces in "Byte" and elsewhere. The big article on Cypherpunks that Kevin Kelley wrote for "Whole Earth Review," Summer 1993, has a large section on superdistribution, the work of Peter Sprague, etc. (This Kelley article is now a chapter in his excellent "Out of Control" book, recently published.) Cox was on the Extropians list for a while, at the same time I was, and we debated crypto, digital money, resuable objects, etc. I won't try to rehash what we talked about. I believe I was the one who suggested he link up with "Center for the Study of Market Processes" people, as he had just arrived at GMU around the time we were talking on the Extropians list, in the fall of 1992. (Cox was a partner with Tom Love in Productivity Products International, and the developer of Objective C in the early to mid-1980s. Objective C is of course the rival to C++ (which has doomed it) and is what NeXT uses. Cox is also the coiner of the "software IC" term.) And the Cypherpunks list has other connections to GMU. Mark Miller worked with the GMU market folks (along with other friends of mine, including the late Phil Salin, Chip Morningstar, and Eric Drexler); Mark has attended several Cypherpunks physical meetings, but does not subscribe to this list. Dean Tribble and Norm Hardy are also involved, in a swirl of projects under various names: Agorics Project (with some links to GMU), the Joule programming language, Digital Silk Road, etc. They have actual, real contracts with various clients. So, the GMU folks are variously tied-in. Cox has his own views, and does not seem to be willing to explore the implications of Chaumian digital cash (my impression from talking to folks who know him....we haven't talked since he left the Extropians list, some months before I did). Being a skeptic, as many of you know, I am not too interested in the half-assed "IMP-Interest" or whatever talkathons. A friend of mine is now telling me that I "need to join" some "EDI"-related list, which is now talking about digital cash. And Bob tells us about Yet Another Digicash Crypto Cash (yacc) discussion group. Too much yammering. It's all I can do to read the Cypherpunks list, which at least seems to have a fair number of good folks on it. These several other lists and groups seem to form, talk up a storm for a while, and then fizzle. At least we keep on going strong. --Tim May (P.S. Last night I was at Yet Another Bay Area Party (yabap) and had a good chat with Whit Diffie, Bruce Schneier, Russell Brand, Mike Perry, and others. Some interesting rumors about the NSA pressure on RSADSI, the motivations for the Cylink lawsuit against RSADSI, etc. I'm gonna miss these parties when I move to the Caribbean!) -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From solman at MIT.EDU Sun Aug 21 20:58:47 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sun, 21 Aug 94 20:58:47 PDT Subject: www log stripper In-Reply-To: <199408220158.UAA16851@chaos.bsu.edu> Message-ID: <9408220358.AA09407@ua.MIT.EDU> > First question: does anybody know the full URL for detailed > information on how World Wide Web servers do logging, and > the particular kinds of connection and transaction information > they can log, and what information they typically do log? > (I know the main Mosaic doc URLs but can't find this info). It depends on the server. My log files include something about every single request made to the server. Since I am doing marketing, I can then search through these and based on the access times, host names and domains, document accesses, and information supplied by the users using forms determine what changes need to be made and what follow up is appropriate for each person. If you want anonymity use a proxy. > Second question: wev'e heard about installing swIPe in the > kernel and using it as an anonymous packet forwarder -- stripping > off the original. Has anybody done the analogous thing at the > http protocol level for the World Wide Web? That is, set up an > httped, the only purpose of which is to forward URL requests with all > originating site and username information stripped. I would > love to use such a service. I would even pay substantial amounts > of "Magic Money" tokens to do so, if somebody writes a convenient > user interface to that system. Also, if some folks are serious > about taking the lead on either of these projects, I'd be > happy to contribute my hacking skills (the typical C/Berkeley > Unix & networking, etc.) and do beta testing. I'm debuging a product that will do this. Despite an effort to write extremely clean code, I seem to have a number of problems and I can't say when it will be ready even for alpha testing. :( JWS From solman at MIT.EDU Sun Aug 21 21:18:36 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sun, 21 Aug 94 21:18:36 PDT Subject: Voluntary Governments? In-Reply-To: <199408220349.UAA08513@netcom15.netcom.com> Message-ID: <9408220418.AA09466@ua.MIT.EDU> > I wrote: > > > Governments are in the business of violence. > > Jason W Solinsky writes > > A government is something that makes laws, enforces laws and punishes > > offenders. I don't see why guns would determine whether or not something > > is a government. > > > > And if I wish to conduct business in a shopping mall, either as customer > > > or shopkeeper, I have to abide by the mall rules. This does not > > > make the mall a government. > > > Why not? > > Because if you fail to obey the mall rules you will get thrown out. > (Possibly by men with guns.) > > If you fail to obey the government rules men with guns will come > and kill you, imprison you, or take away your property at gunpoint. Assuming the language we are using is English, this is just plain wrong. Government has nothing to do with throwing people into prison or using guns. It is an entity that exercises authority. Or an entity that enforces laws. I understand that you feel strongly that certain types of punishment are inappropriate. Fine, but that doesn't change the language. > That is why the shopping mall is not a government and that is > why your "cyberspace governments" are not governments, they > are private escrow agencies. They can take away your personal property by force and they are not governments? Why not? > It is not rules and enforcement that make a government a > government - every organization, every group of people, have > rules and enforcement, usually informal, sometimes formal. Well I know my definition of government and I know websters definition of government, but this is the first I've heard of defining government by the force it weilds. I guess all I have to do is buy a gun if I want to start a government. > It is killing, violence, and extortion that make government > organizations different from non government organizations. I'm curious were it is you got your definition. I looked around for it, but I just couldn't find it. JWS From solman at MIT.EDU Sun Aug 21 21:22:30 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sun, 21 Aug 94 21:22:30 PDT Subject: Voluntary Governments? In-Reply-To: <199408211433.KAA18485@pipe1.pipeline.com> Message-ID: <9408220422.AA09483@ua.MIT.EDU> > Jason, > > There's a thread on the (legal) list Cyberia-L about the > privacy of government information and how to legislate the > rising demand for this data (and parallel 'Net info). > > The initial post of the thread is e-mailed your way. The post you sent me exemplifies the multi-facited nature of personal information. While my earlier post was based on the acquisition of demographics, the Cyberia post was primarilly relevant to information used for direct marketing and personal investigation. It seems to me that for these latter two needs (as with the former), cyberspace offers some solutions that would likely not be economically sensible otherwise. In the physical realm, marketing and investigative data is frequently gathered without the aid of the people from whom it is being gathered. Even more frequently, these people receive no compensation for the information which they supply... to structure a system otherwise would be economically inefficient [The most you'll see are polls that promise to enter you into a sweepstakes or give you a cupon if you fill them out.] The result is that marketing and investigative firms acquire more information than they need [if it costs nothing and it might be worth something, you get as much of it as you can] to accomplish their tasks. I'll send to this list a copy of my post on the future of advertising. It suggests a marketing (and potentially investigative) mechanism in which the consumer retains as much of his/her privacy as is theoretically possible given the needs of the marketer and is compensated for the rest. > Behold the legal mill of a "nation of laws" finely grinding an > issue. Nitty-gritty skill. > > The apparatus to legislate, arbitrate and enforce laws of > "voluntary government" will probably require as many > bureaucrats, attorneys and LEAs as the present system unless > there is a reduction in our dependence upon governments of all > sorts. I think that the competition implied by the voluntary nature of cyberspatial government can be counted on to dramatically reduce the cost of legislation and arbitration. As I envision it, the primary function of cyberspatial governments will be enforcement. This is what the citizens [read customers] are paying for. It seems to me that this is not unlike government before the "modern era". JWS From pfarrell at netcom.com Sun Aug 21 21:31:51 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Sun, 21 Aug 94 21:31:51 PDT Subject: Snore...Re: e$: buyinfo, internet commerce, and GMU Message-ID: <1702.pfarrell@netcom.com> Longtime c'punks push D now... Just in case we have a zillion newbies, which I doubt, but judging from the email I've gotten on the PJD piece, I can't tell... I'm at GMU, as are Peter J Denning, the SO of Dorothy Denning, and lots of other folks who agree or disagree with c'punks, including the department of PSOL which is a spinnoff of the Econ department (which hard-core pro-market), Brad Cox of Objective C and superdistribution fame, etc. Peter was my MS/CS advisor, and may still be my PhD commitee chair. Please at least look at the .sig. tcmay at netcom.com (Timothy C. May) writes: >> There are some people from GMU (Program on Social and Organizational >> Learning") talking [stuff elided] > Brad Cox at GMU is one of the "superdistribution" advocates. In > addition to his article in the latest "Wired," he's had pieces in > "Byte" and elsewhere. The GMU econ/PSOL folks were heavily into AMIX, which was a commercial faliure. Cox is getting a lot of press and is positioning his team to get some serious NIS&T money. There are serious privacy problems with Cox's superdistribution. There may be solutions, but so far, nothing that I've seen mitigates the 1984 aspects of Cox's ideas. I agree with Tim's comments on the snore factor of IMP-interest. Those folks couldn't get past credit, let alone get into untracable digital cash. If you take the time to read the PJD post that I sent out, even non-c'punks see digital cash, credentials without identity, and other technological ideas as both good and inevitable. Of course, six months ago, it looked like eric and sandy were starting the first intergalictic bank of e$. I was ready to sign up and deposit real money so I could join Tim in the Caribbean RSN. > I'm gonna miss these parties when I move to the Caribbean!) Gee, I thought you got 180 days in country once you are an official Ex-patriot. That is a lot of partying... Yo Tim, where is the F-ing FAQ so the newbies can have a clue? Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From wb8foz at nrk.com Sun Aug 21 22:03:47 1994 From: wb8foz at nrk.com (David Lesher) Date: Sun, 21 Aug 94 22:03:47 PDT Subject: Voluntary Governments? In-Reply-To: <199408220349.UAA08513@netcom15.netcom.com> Message-ID: > If you fail to obey the government rules men with guns will come > and kill you, imprison you, or take away your property at gunpoint. > That is why the shopping mall is not a government and that is > why your "cyberspace governments" are not governments, they > are private escrow agencies. Errr: Today's Post has a story about Blockbuster Billionare Huizenga. Not satisfied with buying himself baseball, hockey & football teams, he's just arranged his own private county. They're calling it Wayne's World. It will have powers even Reedy Creek Improvement District (aka Disneyworld) lacks. The story is lacking in one area -- nary a word about law enforcement powers. Can you say Robocop or maybe Alien? [both situations where a corporation becomes the law in & of itself] -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close............(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From solman at MIT.EDU Sun Aug 21 22:35:39 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sun, 21 Aug 94 22:35:39 PDT Subject: Achieving Privacy while Enabling Marketing Message-ID: <9408220535.AA09679@ua.MIT.EDU> [I sent a variant of this to several lists earlier this year. It was originally a response to a post on online-news asking what the future of advertising will be like. It suggests a system whereby marketers only get the information that they absolutely need and pay for what they get.] [The software is being debuged and will be ready "soon". I had thought I would be alpha testing it already, but its going to take me atleast another two weeks and quite possibly much more. I'm working on it :( ] Well here is my view of advertising, supported by a product that I will be indroducing latter this year: In the NEAR future, content in the new media will be nearly entirely divorced from advertising. Online media, be they magazines, interactive games, fiction, discussion groups, or simple news, will be paid for at full cost by the consumer. At the most, some of this content will contain hints about where advertisements should go and keywords suggesting types of advertisements which are particularly apt. [herein, when I say browser, I mean the instrument by which the user examines the content] The browsers that the reader/viewer uses to read/view/listen to the medium will pay the cost of the content from the user's electronic account almost transparently. The browser will then schedule advertisements to pay for the cost of the content. The browser has precisely one valuable resource, the attention span of its user. Periodically [the frequency is established by preferences that the user can set] the browser will conduct an auction. All the agents that are interested in taking up some of the user's time [either to deliver an advertisement or ask a question] submit a "profile" to a third party that is mutually trusted by the advertisers and the browser. The user also submits a profile. The agent's profiles contain two things: A) a routines which, given the characteristics of the user, returns a price that the advertiser is willing to pay for the user's time. B) the set of conditions which the advertiser is willing to agree to, and how much less it is willing to pay if it has to agree to those conditions. For example, suppose the user is a citizen of a cyberspatial government that prohibits fraud. If it is a popular government, the agent will have done one of two things: 1) It will have been pre-approved by the cyberspatial government's censors [who analyzed it to make sure that it wouldn't confuse the netizens who support that government] for either a one-time fee or a per use fee or both. 2) Its owner will have given the government a deposit from which to subtract fines (using a protocol that supports the use of a third party adjudicator). After doing this the agent will have received a certificate [probably one that requires a time sensitive number from the government to demonstrate its validity. There are many protocols for doing this. This allows the government to collect its "per use fees". Now acquiring this certification has cost the advertiser money, so the profile includes information on how much less the advertiser is willing to pay if the user requires agreement to the anti-fraud laws of the government in question. The user's profile will contain: A) the answers to the questions that have been asked of it. These are completelly uncertified. B) certified characteristics. These may simply be answers which have been certified by third parties as time invariant [make sure that the user doesn't change his answers all of the time] or they may be certifications by vendors that the user spends X dollars on product Y each year, or they may be certifications by a third party that the user has bought a gift certificate for a class of goods. [For example, certification that a user has bought a $100 gift certificate for any truck in class X for Y dollars, something that certainly is worth something to truck advertisers.] All users will also have several certified characteristics describing how frequently they look at advertisements. Most of these certificates also require a fee for verification. So the user will not be able to demonstrate the certificates without first paying the certificate issuers a small fee. [Presumably, in order to fight the false issuance of certificates there will be anti-fraud agencies which in turn also ceritify the parties issuing the certificates.] C) The user's preferences. Users may require more money for femenine hygene commercials than for beer advertisements. Users may also pay extra for advertisements that promise to be entertaining. This promise would be backed up by an agreement that requires less entertaining advertisements to pay a penalty while more entertaining advertisements get a discount. After these commercials the user would rate them. The algorithm used to determine who gets what would keep the amount that the user pays constant. Presumably the algorithm would be tweaked so that non-commercial entertainment could be sold through the same medium. Jokes could show up and promise to be funny [there could even be certification agencies to verify this [the comedian's guild]]. The user would then rate the jokes and sufficiently funny jokes could make money. [Presumably jokes certified by highly acclaimed comic certification agencies would only show themselves if the user were giving them a price at which they could make money]. The governments to which the users belong would also be in this part. For each law that is important to the user, there would be an additional amount of money that the user is willing to pay for advertisements that comply with that law ranging from zero to infinity. Children's restrictions also belong here. The user could be subscribed to a law which gives a near infinite credit to those advertisers that can verify that they are suitable for children. Finally, users [and advertisers but I forgot to mention this earlier] could pay extra for advertisements that are in context. If the user was reading content about X and there is an advertisement related to X, the user or advertiser could be willing to pay extra to get an advertisement that is relevant to the current content. The third party puts all this information together and for each advertiser determines how much he is willing to pay. Then, it modifies the amounts the advertisers are willing to pay by the credits that the user offers. Finally these amounts are normalized by the resources that they require. 30 second commercials need twice as high an amount as 15 second commercials and many times more than visual pop-up and streamer commercials. The highest amount wins... but the highest amount pays what it was willing to (i.e. the credits that the user offers are just for determining who wins, not how much they pay. Depending on the content they watch, the cost of their net services, and their advertising preferences, some people will make money just by reading or viewing the screen while others will have to pay. The question of guaranteeing advertising time has come up. The way this will be taken care of is by establishing attention futures markets. Agents will be able to purchase futures on somebody's attention. So if coke wants its new advertising campaign to role out to X% of the population at the same time, it can buy futures. The futures will give coke the right to show its commercial to a certain person at some point in time between two times. If the commercial can't be shown, a penalty of Y cents will be paid to coke by the issuer of the future. The futures would be traded my arbitrage agents that think they can model the user's advertisement viewing patterns and by the browser which has an advantage as an insider. Cheers, JWS From blancw at pylon.com Sun Aug 21 22:37:56 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Sun, 21 Aug 94 22:37:56 PDT Subject: Voluntary Governments? (Sort of) Message-ID: <199408220538.WAA03975@deepthought.pylon.com> >From Jason W Solinsky: Are: "They [the malls] can take away your personal property by force and they are not governments?. . . . " Is Not: ". . . . . this is the first I've heard of defining government by the force it weilds." ............................................................. Definitions, definitions. Governments are defined according to some unknown determining factor, but force is recognizable immediately upon being threatened by it. Fighting fire with fire can be confusing, trying to decide what difference it makes when it all looks the same. Blanc From solman at MIT.EDU Sun Aug 21 22:43:02 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sun, 21 Aug 94 22:43:02 PDT Subject: Snore...Re: e$: buyinfo, internet commerce, and GMU In-Reply-To: <1702.pfarrell@netcom.com> Message-ID: <9408220542.AA09717@ua.MIT.EDU> > Cox is getting a lot of press and is positioning his team to get some > serious NIS&T money. There are serious privacy problems with Cox's > superdistribution. There may be solutions, but so far, nothing that I've > seen mitigates the 1984 aspects of Cox's ideas. Can you elaborate on that? I've been pushing what I understand to be superdistribution (although never by that name) forever (as measured in 20 yr old time) and I'm afraid I'm not familiar with the aspects of which you speak. Has he proposed some sort of nightmarish enforcement system? Cheers, Jason W. Solinsky From tcmay at netcom.com Sun Aug 21 22:47:12 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 21 Aug 94 22:47:12 PDT Subject: Achieving Privacy while Enabling Marketing In-Reply-To: <9408220535.AA09679@ua.MIT.EDU> Message-ID: <199408220547.WAA01891@netcom10.netcom.com> Undelivered Message: Unauthorized Advertising Attempt. The Citizen-Unit known as Timothy C. May attempted to post an article on the subject of this thread. Permission was denied, under the Uniform Advertising Act of 1996. All messages sent over the National Information Infrastructure must comply with the relevant authorization regulations and advertising fee schedules. Anything else would be anarchy. By Order of the Advertising Czar, Klaus! von Future Prime Number From solman at MIT.EDU Sun Aug 21 22:47:41 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sun, 21 Aug 94 22:47:41 PDT Subject: Voluntary Governments? (Sort of) In-Reply-To: <199408220538.WAA03975@deepthought.pylon.com> Message-ID: <9408220547.AA09737@ua.MIT.EDU> > From Jason W Solinsky: > > Are: "They [the malls] can take away your personal > property by > force and they are not governments?. . . . " In that sentence "they" refered not to the malls but to the cyberspatial governments. From tcmay at netcom.com Sun Aug 21 23:08:56 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 21 Aug 94 23:08:56 PDT Subject: Snore...Re: e$: buyinfo, internet commerce, and GMU In-Reply-To: <9408220542.AA09717@ua.MIT.EDU> Message-ID: <199408220609.XAA03456@netcom10.netcom.com> > > > Cox is getting a lot of press and is positioning his team to get some > > serious NIS&T money. There are serious privacy problems with Cox's > > superdistribution. There may be solutions, but so far, nothing that I've > > seen mitigates the 1984 aspects of Cox's ideas. > > Can you elaborate on that? I've been pushing what I understand to be > superdistribution (although never by that name) forever (as measured > in 20 yr old time) and I'm afraid I'm not familiar with the aspects > of which you speak. Has he proposed some sort of nightmarish enforcement > system? > Jason (and others), I cited some references in my long post a few hours ago: the "Wired" article, the "Out of Control" book, "Byte," "Dr. Dobbs" (I think), etc. A search of Current Contents and Reader's Guide to Periodical Literature would reveal articles. Anyone working on these issues should dig up all of these articles and spend the time necessary to read them carefully. Failing that, to make an effort to at least know the main players. Reading Schneier, skimming the past volumes of the "Crypto" conferences, and keeping current with the mainstream magazines and journals (CACM, Sci. Am., Computer, Dr. Dobbs, and Byte) should do nicely. Pat's assessment of Brad Cox's approach--in line with my own assessment--will not be spelled out in any of these articles, naturally. How things "ought" to be done is a judgement that comes from experience, reading the literature, etc. Whatever the administrative deficiencies Chaum may have in getting DigiCash actually deployed (another subject, mentioned frequently in message by various of us), it is clear that he (Chaum) thought long and hard about "Big Brother" issues and that his method of anonymous, untraceable digital cash is much to be preferred over the many other proposals for digital payments, metered usage, etc. To tell the truth, I'm losing faith that people will take the time to educate themselves to the point where they can be taken seriously. Too many of the "proposals" here show obvious signs that people aren't "getting" the core ideas. I urge that people take a Saturday and spend it at a fairly large university technical library, hanging out in the crypto section and Xeroxing some articles. Otherwise, too much idle speculation. And yes, I'm trying to finish a FAQ. It's over 500K and will have to split into multiple pieces, for ftp access from my site. The remaining problem is that many points are in outline form, which is my preferred writing tool for things that require thinking about reasons, arguments, rebuttals, tangential points, etc. I don't think the lack of a FAQ has much to do with the stuff I'm complaining about here, as no FAQ can substitute for the deep exposure I'm talking about here. And maybe most people will skip my FAQ, just as they skip FAQs in most groups. On a positive note: Hal Finney's introduction to the work of Brands was excellent. I urge anyone interested in "digital money," beyond the level of writing rants about how "we" need to "do something," to read Hal's article, dig up the stuff Brands sent out about a year or so ago, and find his articles. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From greg at ideath.goldenbear.com Sun Aug 21 23:22:28 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sun, 21 Aug 94 23:22:28 PDT Subject: Voluntary Governments? In-Reply-To: <9408220418.AA09466@ua.MIT.EDU> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > > If you fail to obey the government rules men with guns will come > > and kill you, imprison you, or take away your property at gunpoint. > Assuming the language we are using is English, this is just plain wrong. [...] > > It is not rules and enforcement that make a government a > > government - every organization, every group of people, have > > rules and enforcement, usually informal, sometimes formal. > Well I know my definition of government and I know websters definition of > government, but this is the first I've heard of defining government by the > force it weilds. I guess all I have to do is buy a gun if I want to start a > government. This "argument by definitions" is idiotic. Different people use words in different ways. Get used to it. Work around it. State your 'local' definition clearly and then use it consistently. Let's move on to the substance of the discussion, ok? -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLlhCJ33YhjZY3fMNAQFNPwQAi8VP3YGm08ln96MdV3YW/O8J78qoUeY/ xM+tAZNWxrOgnfVKyNxyxJURO/oaIdaADpG1jqo9wJ5xsAcFfLyXWud1FrEEjb4Q RsPQ8qvrygIXEt2dY4O7pQp2LwTG0HQUhClHpssT3orYkKfnzTrgGGc0+2f+4pMT PENbIMceHQU= =9KBq -----END PGP SIGNATURE----- From iqg1550 at acf4.NYU.EDU Mon Aug 22 00:03:11 1994 From: iqg1550 at acf4.NYU.EDU (iqg1550) Date: Mon, 22 Aug 94 00:03:11 PDT Subject: Nuclear Weapons Material Message-ID: <9408220703.AA25156@acf4.NYU.EDU> Let's all rejoice at the birth of the latest member of The Horsemen of The Criminal Apocalypse -- The Nuclear Weapons Material Smuggler. I'm sure his four siblings will make plenty of room for their baby brother. From tomaz at cmir.arnes.si Mon Aug 22 03:51:59 1994 From: tomaz at cmir.arnes.si (Tomaz Borstnar) Date: Mon, 22 Aug 94 03:51:59 PDT Subject: any documents about crypto history online? Message-ID: <199408221051.MAA01976@cmir.arnes.si> Hello! Are there any sources of crypto history on Internet (reachable via mail, ftp, www, etc)? Thanks in advance. Tomaz From rah at shipwright.com Mon Aug 22 05:44:01 1994 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 22 Aug 94 05:44:01 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408221240.IAA29673@zork.tiac.net> At 11:36 PM 8/21/94 -0400, Jason W Solinsky wrote: >> Of >> course, the issuer could publish the prices based on the compounded >> interest accrued *for each certificate*, for the time period it's >> outstanding, possibly complete with the compounding factors for each >> compounding period used. (a day, a month, a year, or even continuous over >> the life of the instrument) Lot of overhead there, but mutual funds do it >> all the time. You'd want to just take their word for it, I suppose, and >> trust their price, right? > >OK, I see the problem. You are assuming that certificates will be issued >at a consistent set of notional values. (like ten bucks, five bucks ect.) >The correct way to do things [:-] is to set the notional value of new >certificates based on the trading value of old certificates. Suppose the >first certificate had a principal of $10 and is now worth $11, then the >new certificates that I issue will have their principal adjusted so that >including the effect of interest rates, my new certificate is worth as much >as your old certificate. Thus, there is only ONE value that needs to be >published at any given time. Open-end mutual funds do this now, every share is issued at a the price of a dollar. The problem comes when the value of the suspension pool (it's starting like water treatment plant) backing up that certificate increases. A digital cash operation is another open-ended mutual fund. If you don't price it in terms of something real, like a dollar, not in terms of itself, then you introduce an unnecessary level of complexity, not to mention regulatory gobbledegook, because that really is a scrip mechanism. I just think that it's easier all around to keep a constant notional value (a buck is a buck is a buck). Then to mess with a fluid pricing mechanism for something which is supposed to enhance convenience and liquidity in internet commerce. Let banks and governments worry about the relative prices between their currencies, and let that price be the price of e-cash for now. An e-cash issuer has to worry about his competition and the price of their cash. That's bad enough. Occam's razor, KISS principle, and all that. In theory, though it probably won't happen, an underwriter could issue a greater amount of digital cash than regular cash paid for it (e$1.00 for $0.95, for the sake of argument). The cash flow from the interest on the suspension account (due to long cash lifetimes on the net, for example) would be paying for operations, and profits, and a competitive market forces the underwriter to sell at a slight discount. See? This is exactly the way you price bonds. The case of zero interest digital cash is exactly like that of a zero-coupon bond. The ecash is then spent one or more times on the net at its "par" or face amount, and then the underwriter makes money or eats the difference when it is redeemed. > >Seting prices based on convenience instead of value derived? *BLECH*. That >sort of thing is anathema to free markets. There's probably the hoariest old saw in economics which says "The cost of anything is the foregone alternative." Convience *is* value derived. Market liquidity is convience (more like necessity, actually, certainly not anathema, but who's quibbling). Market liquidity is value derived. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From perry at imsi.com Mon Aug 22 05:46:54 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 22 Aug 94 05:46:54 PDT Subject: e$ as "travellers check? In-Reply-To: <199408211805.OAA25259@cs.oberlin.edu> Message-ID: <9408221245.AA00663@snark.imsi.com> Jonathan Rochkind says: > But someone a long time ago brought up traveller's checks, and the similarity > between them and ecash. The similarity seems pretty darn close to me. Travellers checks are not anonymous. What people basically don't seem to understand here is that the government is now run administratively and not legislatively. Congress ceeded huge amounts of power to regulators, who have enormous latitude. They can decide arbitrarily to accept or reject various proposals based entirely on their whim. Their whim, for the past few decades, has been to reduce as much as possible the capacity to engage in untraceable transactions. Because of that, any bank proposing to improve the capacity to produce such transactions is going to get into trouble with the regulators, who are acting to try to lessen such capacities. It really doesn't matter what the details of existing law are. Perry From perry at imsi.com Mon Aug 22 06:35:57 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 22 Aug 94 06:35:57 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408220703.AA25156@acf4.NYU.EDU> Message-ID: <9408221335.AA00765@snark.imsi.com> iqg1550 says: > Let's all rejoice at the birth of the latest member of The Horsemen of > The Criminal Apocalypse -- The Nuclear Weapons Material Smuggler. > I'm sure his four siblings will make plenty of room for their baby brother. I will point out, of course, that anyone who can afford the tens of millions to hundreds of millions the smugglers are reportedly charging for critical masses worth of Plutonium and Uranium, odds are that they can afford to buy un-escrowed secure communications equipment... .pm From solman at MIT.EDU Mon Aug 22 07:17:48 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Mon, 22 Aug 94 07:17:48 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408221240.IAA29673@zork.tiac.net> Message-ID: <9408221417.AA11245@ua.MIT.EDU> > I just think that it's easier all around to keep a constant notional value > (a buck is a buck is a buck). Then to mess with a fluid pricing mechanism > for something which is supposed to enhance convenience and liquidity in > internet commerce. Let banks and governments worry about the relative > prices between their currencies, and let that price be the price of e-cash > for now. An e-cash issuer has to worry about his competition and the price > of their cash. That's bad enough. Occam's razor, KISS principle, and all > that. A buck is NOT a buck. It keeps on going down in value. We should use the introduction of digicash to finally create a monetary instrument that never experiences positive inflation. Incorporate in a foreign land, invest the money safely, issue and buy back shares according to a fixed formula that depends only on the valuation of the company, publish your returns and register the stock as securities in as many lands as possible. You now have a perfectly legal basis for digicash. The shares will float in the range of values specified by the stock issuance formula. They will gradually go up relative to inflation and will be easily traded in multiple currencies. And it will be really difficult for most governments to attack the "payable to bearer" nature of the currency because it would encroach on the rights of all American corporations. No? > In theory, though it probably won't happen, an underwriter could issue a > greater amount of digital cash than regular cash paid for it (e$1.00 for > $0.95, for the sake of argument). The cash flow from the interest on the > suspension account (due to long cash lifetimes on the net, for example) > would be paying for operations, and profits, and a competitive market > forces the underwriter to sell at a slight discount. See? This is exactly > the way you price bonds. The case of zero interest digital cash is exactly > like that of a zero-coupon bond. The ecash is then spent one or more times > on the net at its "par" or face amount, and then the underwriter makes > money or eats the difference when it is redeemed. This will once again make the value of the digicash dependent on when it was issued. An alternative formulation of this same scheme would have the value od digi-cash be invariant with the data of issue, but have periodic redemption dates on which the value of the digi-cash would jump. I find neither to be desireable. > >Seting prices based on convenience instead of value derived? *BLECH*. That > >sort of thing is anathema to free markets. > > There's probably the hoariest old saw in economics which says "The cost of > anything is the foregone alternative." Convience *is* value derived. Market > liquidity is convience (more like necessity, actually, certainly not > anathema, but who's quibbling). Market liquidity is value derived. Market liquidity is increased by convenience to the holder of the securities, not the issuer of the securities. JWS From jya at pipeline.com Mon Aug 22 08:17:49 1994 From: jya at pipeline.com (John Young) Date: Mon, 22 Aug 94 08:17:49 PDT Subject: Future NSA spy machine Message-ID: <199408221457.KAA04805@pipe1.pipeline.com> Responding to msg by ianf at simple.sydney.sgi.com ("Ian Farquhar") on Mon, 22 Aug 9:38 AM >You're talking about silicon fab lines here, Tim. As >far as I am aware, Cray has never fab it's own chips. >Indeed, most of their boards which I have seen (I, II, >Y-MP/8 and Y-MP/EL) have used chips sourced from fairly >well- known vendors, such as VLSI Technologies. > >The original series of systems (I, II and X-MP) >actually used huge numbers of three types of chips. >From memory, one was a couple of NAND gates, one was a >register chip, and the third was a couple of K of SRAM. > More recently, the full Y-MP's have been implemented >in commercial ECL gate arrays (6500 gates per chip for >the full Y-MP's), and the original EL used CMOS 100K >arrays. I have been trying to get one of the computing >industries choicest pieces of marketting junk: the >Cray Y-MP Gate Array paperweight. :) Of course, given >my recent career change, I don't think one will be >coming my way anytime soon for some strange >reason.... Ian, Not asking for state or trade "secrets" but: 1. Is MIPS new "supercomputer" R8000 in the running as array elements for super-supercomputers? 2. Who is in the offing to succeed Cray and others as NSA's grateful suppliers? 3. Will there be more on-base hardware and software production, a "circling of the wagons" as crypto becomes more public? 4. And, thus, an even sharper (and more secret and competitive) line between governmental and commercial crypto hardware and code? 5. Who is NSA (or other TLAs) underwriting as lesser known SRCs, not-for- or for-profit? This is an update on where the jobs are for the "finest mathematicians" other than TLAs. 6. Is NSA (like CIA and NRO) bifurcating into an even more super-supersecret arm and another friendly, public one in response to wider use of crypto and ostensible pressure from the likes of Senators Moynihan and Kerrey? (And the recent RSA to-dos, murder threat, PKP lawsuit, are ploys.) FYI, zero, hopefully minus, security clearance here. Cheers, John From nelson at crynwr.com Mon Aug 22 09:02:40 1994 From: nelson at crynwr.com (Russell Nelson) Date: Mon, 22 Aug 94 09:02:40 PDT Subject: Notary signing Message-ID: Does anyone know of any legal problems with a party asserting that they have a notarized photocopy of certain id, representing that a third party is who they say they are? If I take someone's money, get a notarized copy of their id, and sign their PGP key, can I be sued? Obviously, I don't trust any non-lawyers to answer this question, but does anyone know of an encryption-aware lawyer to whom I could pay money for an opinion? -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From adam at bwh.harvard.edu Mon Aug 22 09:03:49 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 22 Aug 94 09:03:49 PDT Subject: any documents about crypto history online? In-Reply-To: <199408221051.MAA01976@cmir.arnes.si> Message-ID: <199408221603.MAA25186@bwh.harvard.edu> You wrote: | Are there any sources of crypto history on Internet (reachable | via mail, ftp, www, etc)? The best crypto histories can be found in your local library, not online. They are David Kahn's The Codebreakers and Bamfords The Puzzle Palace. Adam From jya at pipeline.com Mon Aug 22 09:07:07 1994 From: jya at pipeline.com (John Young) Date: Mon, 22 Aug 94 09:07:07 PDT Subject: Snore while they snoop Message-ID: <199408221606.MAA16775@pipe1.pipeline.com> Responding to msg by solman at MIT.EDU (Jason W Solinsky) on Mon, 22 Aug 1:42 AM Tim says: >> nothing that I've >> seen mitigates the 1984 aspects of Cox's ideas. You say: >I'm afraid I'm not familiar with the aspects of which >you speak. Has he proposed some sort of nightmarish >enforcement system? NY Times wrote yesterday on "metering" of software usage by soft and hard means. This type of monitoring could easily, Clipperly, "1984"-ishly, record and report on other activities of the user. Recall alarms here recently about covert features of operating systems. Harmless looking hard devices may hide even more monitoring features, steganographically (my bag). John From rah at shipwright.com Mon Aug 22 09:36:33 1994 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 22 Aug 94 09:36:33 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408221633.MAA04175@zork.tiac.net> At 10:17 AM 8/22/94 -0400, Jason W Solinsky wrote: >A buck is NOT a buck. It keeps on going down in value. We should use the >introduction of digicash to finally create a monetary instrument that never >experiences positive inflation. It's important not to pile on too many features, desires, agendas onto a relatively simple financial instrument. The point of digital cash is to provide liquidity for internet commerce as cheaply as possible. Anonymity is a happy benefit. Engineering it for anyother purpose reduces its efficiency. >Incorporate in a foreign land, invest the >money safely, issue and buy back shares according to a fixed formula that >depends only on the valuation of the company, publish your returns and >register the stock as securities in as many lands as possible. You now >have a perfectly legal basis for digicash. The shares will float in the >range of values specified by the stock issuance formula. They will >gradually go up relative to inflation and will be easily traded in multiple >currencies. And it will be really difficult for most governments to attack >the "payable to bearer" nature of the currency because it would encroach on >the rights of all American corporations. No? Or, you can take money in over the window and turn it into digital cash denominated on a dollar basis, priced at that point with discounts or primia as necessary. Occam's razor. >> In theory, though it probably won't happen, an underwriter could issue a >> greater amount of digital cash than regular cash paid for it ... [snip...] > >This will once again make the value of the digicash dependent on when it was >issued. An alternative formulation of this same scheme would have the value >od digi-cash be invariant with the data of issue, but have periodic >redemption dates on which the value of the digi-cash would jump. I find >neither to be desireable. That's true, but the difference in price reflects the estimated future value of that money in a suspension account plus the operating costs of the underwriter, not by some complex pricing methodology which makes the cash more difficult to use. >Market liquidity is increased by convenience to the holder of the securities, >not the issuer of the securities. I cash out my "digiDollar" today, it's a dollar. I cash out my digiDollar tomorrow, it's a dollar. I cash out my digiDollar the next day, it's a dollar. Looks pretty simple to use to me. (a digiDollar is a dollar is a dollar is a dollar) :-). [Oops. I went and concocted some more buzzy language. Occupational hazard. Don't worry, I'll try not to use it anymore, and maybe it'll die gracefully.] Cheers, Bob ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From 0x7CF5048D at nowhere Mon Aug 22 09:46:13 1994 From: 0x7CF5048D at nowhere (0x7CF5048D at nowhere) Date: Mon, 22 Aug 94 09:46:13 PDT Subject: pgp -c,no initialization vector, possible bug, pgp 26ui Message-ID: <199408221607.AA17602@xtropia> -----BEGIN PGP SIGNED MESSAGE----- In pgp 2.6 UI When pgp is called with the -c switch, the routine idea_encryptfile in crypto.c is called from main in pgp.c. > status = idea_encryptfile( workfile, tempf, attempt_compression); >int idea_encryptfile(char *infile, char *outfile, > boolean attempt_compression) >{ > FILE *f; /* input file */ > FILE *g; /* output file */ > byte ideakey[16]; > struct hashedpw *hpw; Note that idea key is a 16 bytes. Now idea_encryptfile calls squish_and_idea_file in crypto.c with this 16 byte key. > /* Now compress the plaintext and encrypt it with IDEA... */ > squish_and_idea_file( ideakey, f, g, attempt_compression ); Now squish_and_idea_file calls idea_file in the module crypto.c with the same 16 byte key. >static int squish_and_idea_file(byte *ideakey, FILE *f, FILE *g, > boolean attempt_compression) >{ From rah at shipwright.com Mon Aug 22 09:46:40 1994 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 22 Aug 94 09:46:40 PDT Subject: Snore while they snoop Message-ID: <199408221643.MAA04288@zork.tiac.net> At 12:06 PM 8/22/94 -0400, John Young wrote: >NY Times wrote yesterday on "metering" of software usage by >soft and hard means. This type of monitoring could easily, >Clipperly, "1984"-ishly, record and report on other activities >of the user. Then there's this company called, I think, "Wave" Inc. out of Colorado somewhere. The first time I heard of it was in Peter Huber's Forbes column a year or so ago. The guy who's fronting it is a former chairman of a large defense contractor (United Technologies?). It involves metering application software use down to the second, using PC boards and the internet, or some other WAN equivalent. A dongle is forever... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From cfrye at mason1.gmu.edu Mon Aug 22 09:57:43 1994 From: cfrye at mason1.gmu.edu (Curtis D Frye) Date: Mon, 22 Aug 94 09:57:43 PDT Subject: Voluntary Governments? Message-ID: <9408221657.AA23431@mason1.gmu.edu> Jim - You forget Weber's definition of government, which I remember as "the institution with a monopoly on the legitimate use of violence within a geographical area". I may have substituted "violence" for "force", but that is the gist of his meaning. Unless a government has some means of coercing its more recalcitrant subjects, it can't function as a government in the sense we mean it here. Curt From wcs at anchor.ho.att.com Mon Aug 22 09:58:00 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 22 Aug 94 09:58:00 PDT Subject: Creating privacy crises: Society hacking Message-ID: <9408221654.AA15703@anchor.ho.att.com> > At the HOPE conference, there was someone selling CD-ROMs of the DMV > records for Oregon for $125. The same folks promise to add more states > soon: next in line is Texas. > Perhaps one could generate a privacy crisis by collecting that information > and conducting a mass mailing to every person in the database: "we have > this information on you. So could anybody with $125. Call your congress > critter and complain." Mailing that information to everybody in Oregon would be expensive. On the other hand, mailing it to everyone in the Oregon legislature, the governor, the DMV honchos, and maybe a few other high honchos could be interesting, and might not cost that much..... Bill From sandfort at crl.com Mon Aug 22 10:19:04 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 22 Aug 94 10:19:04 PDT Subject: CREDIT CARD PRIVACY Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Jim Hart wrote: Most customers want more privacy, but when you think about it, there is not a whole hell of a lot they can do about it right now. If they want to get the status and flexibility of a credit card, they need to give up their privacy.... At this point Duncan Frissel will regail us with some wonderful scheme, understandable only to lawyers, that can be used to get credit cards under aliases, perfectly legal if you use a doubly nested corporate structure going through Aruba and the Caymans,...I won't comment on why most consumers have neglected that option.... Well, I imagine that is because he doesn't have a clue what he is talking about. In our upcoming Privacy Seminar, Duncan and I will discuss trivially simple ways to do just the thing Mr. Hart tells us can't be done. And, as Duncan says, "it'll be as legal as church on Sunday." Tune in to the Privacy Channel, Jim, you might actually learn something. The Privacy Seminar will start approximately 1 September. An announcement giving instructions on how to sign up will be made sometime this week. Stay tuned. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ m ka;sld fas;dlkf a;sdkflkj as;dlf jasd;lkfj From sandfort at crl.com Mon Aug 22 10:21:26 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 22 Aug 94 10:21:26 PDT Subject: THE H.E.A.T. IS ON Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, I'm so happy. I've found Acapulco H.E.A.T. in the New York area (18:00 Saturdays, channel 9). Time for another review. This week's episode, "Code Name: Archangel," had a couple of relevant privacy items, and it was a "no Fabio" zone, as well. Bikinis and gun battles were at a minimum, but those that were, were equally divided between the sexes. Anyway, a neo-Nazi (with a really baaad German accent) named "Steinholtz" planned to steal one of the da Vinci "archangel" panels which was being exhibited in Mexico. It was to be reunited in Germany with the three other panels. The idea was that this would be a symbol for the reunification of all the neo-Nazis, and would inaugurate the beginning of the Fourth Reich. A clandestine, world-wide, TV broadcast of the stolen panel would be used to unify the Nazis. There were also two subplots: one involving a Dutch Mata Hari type, and the other involving two of the H.E.A.T. members. ("Hey Tommy, I don' wan' jew dating my seester.") Anyway, since the bad guys use "antibugging devices," our heroes had to use hand-held through-the-wall mikes to listen in on their plans. Later, they were able to install a "sprinkler cam" right over the swastika covered table around which the plotters sat. (Curiously, the swastika they showed was a left-handed version of the actual Nazi one. No explanation given.) Our guys also had to scope out the church where the panel was being exhibited. There they found infrared heat/motion detectors which they foiled by wearing (heat conserving) wet suits. Hmmm. The panel was also protected by pressure sensitive mats and electronic eyes, but no guards! The last bit of technological chicanery came after the bad guys were captured. Using digital technology, the team spoofed the voice of Steinholtz and had him saying we should all live as brothers. Does was done as a voice-over to scenes from the Mexican festival of Santa Guadeloupe or some such. Gag. S a n d y PS The Stateside boss of H.E.A.T. is played by John Vernon who was "Dean Wormer" in Animal House. He only communicates with the team via encrypted videophone. It's obvious (due to some differences in dialog, pronunciation, etc.) that his scenes are not filmed at the same time or place as the rest of the show. In one episode, he kept referring to "M15" ("em fifteen") while the team talked about "MI5" ("em eye five"). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From elton at sybase.com Mon Aug 22 10:29:20 1994 From: elton at sybase.com (Elton Wildermuth) Date: Mon, 22 Aug 94 10:29:20 PDT Subject: Voluntary Governments? Message-ID: <9408221729.AA14060@fnord.sybgate.sybase.com> This is probably not really relevant to cypherpunks, but I think it needs to be addressed. Jason Solinsky said: >Government has nothing to do with throwing people into prison or using >guns. It is an entity that exercises authority. Or an entity that enforces >laws. Er. No. Government has _everything_ to do with throwing people into prisons, _and_ with using guns. Further, "exercises authority" is a code phrase that means "throws people into prisons and uses guns." If you want a working definition of government, it would have to be "a group of people who have assumed to themselves the exclusive power to regulate and use coercive force within a set of established borders." ...And, given the USA vs. Manuel Noriega, the nature of the "established borders" becomes subject to flexible interpretation. It's not the case that any use of force defines a government. It _is_ the case that only government pretends to be the sole arbiter of who may use force, and how much they may use. If you inspect the matter carefully, without the threat of force there could be no government. Otherwise, how would they collect taxes and tarriffs? Moreover, they must declare themselves to be the only authorized users of force, or their "enforcement" (look carefully at that word) power will be limited in its effectiveness by the strength of the resistive force. Government depends for its existence on being the biggest gang with guns anywhere in the area. -- Elton From rah at shipwright.com Mon Aug 22 10:34:42 1994 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 22 Aug 94 10:34:42 PDT Subject: Creating privacy crises: Society hacking Message-ID: <199408221731.NAA05249@zork.tiac.net> At 12:54 PM 8/22/94 -0400, wcs at anchor.ho.att.com (bill.stewart) said, >Mailing that information to everybody in Oregon would be expensive. >On the other hand, mailing it to everyone in the Oregon legislature, >the governor, the DMV honchos, and maybe a few other high honchos >could be interesting, and might not cost that much..... Hey! Representative Democracy! What a concept.... Cheers, Bob ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From nelson at crynwr.com Mon Aug 22 11:08:07 1994 From: nelson at crynwr.com (Russell Nelson) Date: Mon, 22 Aug 94 11:08:07 PDT Subject: Creating privacy crises: Society hacking In-Reply-To: <9408221654.AA15703@anchor.ho.att.com> Message-ID: Date: Mon, 22 Aug 94 12:54:57 EDT From: wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204) Mailing that information to everybody in Oregon would be expensive. On the other hand, mailing it to everyone in the Oregon legislature, the governor, the DMV honchos, and maybe a few other high honchos could be interesting, and might not cost that much..... You're not being sufficiently devious and nasty, Bill. Mail them *their children's* information. Most legislators are old enough to have grown children, and to be very protective of them. Dear Senator Foo Bar, I have compiled the following information on your 17-year-old daughter from open governmental sources, e.g. voting records, birth records, DMV records, etc. Perhaps the government shouldn't be keeping these records? Yours in Privacy, ... -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From warlord at MIT.EDU Mon Aug 22 11:28:39 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Mon, 22 Aug 94 11:28:39 PDT Subject: pgp -c,no initialization vector, possible bug, pgp 26ui In-Reply-To: <199408221607.AA17602@xtropia> Message-ID: <9408221827.AA29173@toxicwaste.media.mit.edu> I don't know if this will cause a problem or not, but PGP 2.6 defines ideakey[24] in idea_encryptfile(). So, it may be a problem in 2.6ui; I'm not sure. I don't know the IDEA code well enough to determine, and I don't feel like tracking this down right now -- it's not a factor in 2.6. -derek From fhalper at pilot.njin.net Mon Aug 22 12:21:24 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Mon, 22 Aug 94 12:21:24 PDT Subject: Transcript Message-ID: <9408221921.AA14492@pilot.njin.net> Is there or will there be a transcript of the recent debate that Zimmerman was part of? Thanks, Reuben Halper From blancw at microsoft.com Mon Aug 22 12:28:02 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 22 Aug 94 12:28:02 PDT Subject: Voluntary Governments? (Not) Message-ID: <9408221928.AA14279@netmail2.microsoft.com> From: Elton Wildermuth It's not the case that any use of force defines a government. It _is_ the case that only government pretends to be the sole arbiter of who may use force, and how much they may use. ...................................................................... There must exist cause which would inspire the use of force by an individual, and there should exist just cause for the use of it by a government as well. Realistically there should be a recognition of when it might be logical to resort to violence against another human, whether as an individual or as a group. Only a government pretends to be the sole arbiter of who may use force; of course, everyone is supposed to have agreed on what justifies the use of it, but this is interpreted to mean that individuals themselves are not considered wise enough to make that decision at home alone. So they're back to a defense-less state against potentially overwhelming odds. Blanc From talon57 at well.sf.ca.us Mon Aug 22 12:37:15 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Mon, 22 Aug 94 12:37:15 PDT Subject: Adam Smiths Money World Message-ID: <199408221937.MAA07168@well.sf.ca.us> 'Punksters, For those who missed it, the PBS show "Adam Smiths Money World" was on privacy in the information age. It spent alot of time demonstrating what was available on you if you knew where to look. It also profiled a company called "Kroll and Associates" that does big business doing Blacknet type dossiers on people and corporations. They apparently were able to trace more than 6 billion dollars of So-damm-Insanes secret bank accounts. This company supposedly does U.S. 50 mil a year in business. They also talked about the possibility of "reputation" companies reresenting your privacy interests. The big point was that privacy is drastically decreasing, and that privacy protection was a big growth industry. The unrestrained capitalism approach to the whole thing was very refreshing. Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced communication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth From talon57 at well.sf.ca.us Mon Aug 22 12:38:40 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Mon, 22 Aug 94 12:38:40 PDT Subject: RE; creating privacy crises Message-ID: <199408221937.MAA07550@well.sf.ca.us> Want to launch a privacy crisis? Try anonymously posting a few adoption records! I've always thought this was an interesting area, information about the real you being kept from you. I won't start a diagression flame fest by going on about "adoption horror stories" ( Hmmm, interesting book idea there!) Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced communication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth From rishab at dxm.ernet.in Mon Aug 22 12:59:12 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Mon, 22 Aug 94 12:59:12 PDT Subject: Cracking passwords and picking locks Message-ID: cactus at bibliob.slip.netcom.com (L. Todd Masco): >>Data crime - 'cracking', 'phreaking' etc usually reflect a total lack of >>responsibility on the part of _administrators_. "Officer, I left my wallet >>on the kerb 10 minutes ago, and now it's gone!" > >This sounds like typical kiddie-cracker garbage. It's more like, "Officer, > I didn't know that master locks could be picked with the greatest of ease: > arrest that man who picked it and took my wallet." >[encryption is more complex than master locks etc] I suppose it's obvious that I was not talking about the present, but future information society, a world where digital signatures and encryption are as familiar as combination locks and safes are today. I think it would be reasonable to assume a fair degree of knowledge on security on the part of system administrators - if by that time it's not widely known that plaintext or simple protection (un-shadowed passwords etc) can, like master locks, be 'picked with ease,' then all our efforts towards greater awareness of privacy and security would have failed. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From dcn at ripco.com Mon Aug 22 13:38:42 1994 From: dcn at ripco.com (DrayCoN) Date: Mon, 22 Aug 94 13:38:42 PDT Subject: stealth In-Reply-To: <199408221608.AA17613@xtropia> Message-ID: Tnx for the file. Haven't tried it tho. Btw, how do you use that anon mailer? -- I'm me, you're you. Finger for PGP key From banisar at epic.org Mon Aug 22 13:55:22 1994 From: banisar at epic.org (Dave Banisar) Date: Mon, 22 Aug 94 13:55:22 PDT Subject: EPIC Statement on FBI Wiretap Bill Message-ID: <9308221648.AA48822@Hacker2.cpsr.digex.net> *DISTRIBUTE WIDELY* EPIC Statement on Digital Telephony Wiretap Bill The digital telephony bill recently introduced in Congress is the culmination of a process that began more than two years ago, when the Federal Bureau of Investigation first sought legislation to ensure its ability to conduct electronic surveillance through mandated design changes in the nation's information infrastructure. We have monitored that process closely and have scrutinized the FBI's claims that remedial legislation is necessary. We have sponsored conferences at which the need for legislation was debated with the participation of the law enforcement community, the telecommunications industry and privacy advocates. We have sought the disclosure of all relevant information through a series of requests under the Freedom of Information Act. Having thus examined the issue, EPIC remains unconvinced of the necessity or advisability of the pending bill. As a threshold matter, we do not believe that a compelling case has been made that new communications technologies hamper the ability of law enforcement agencies to execute court orders for electronic surveillance. For more than two years, we have sought the public disclosure of any FBI records that might document such a problem. To date, no such documentation has been released. Without public scrutiny of factual information on the nature and extent of the alleged technological impediments to surveillance, the FBI's claims remain anecdotal and speculative. Indeed, the telecommunications industry has consistently maintained that it is unaware of any instances in which a communications carrier has been unable to comply with law enforcement's requirements. Under these circumstances, the nation should not embark upon a costly and potentially dangerous re-design of its telecommunications network solely to protect the viability of fewer than 1000 annual surveillances against wholly speculative impediments. We also believe that the proposed legislation would establish a dangerous precedent for the future. While the FBI claims that the legislation would not enhance its surveillance powers beyond those contained in existing law, the pending bill represents a fundamental change in the law's approach to electronic surveillance and police powers generally. The legislation would, for the first time, mandate that our means of communications must be designed to facilitate government interception. While we as a society have always recognized law enforcement's need to obtain investigative information upon presentation of a judicial warrant, we have never accepted the notion that the success of such a search must be guaranteed. By mandating the success of police searches through the re-design of the telephone network, the proposed legislation breaks troubling new ground. The principle underlying the bill could easily be applied to all emerging information technologies and be incorporated into the design of the National Information Infrastructure. It could also lead to the prohibition of encryption techniques other than government-designed "key escrow" or "Clipper" type systems. In short, EPIC believes that the proposed digital telephony bill raises substantial civil liberties and privacy concerns. The present need for the legislation has not been established and its future implications are frightening. We therefore call upon all concerned individuals and organizations to express their views on the legislation to their Congressional representatives. We also urge you to contact Rep. Jack Brooks, Chairman of the House Judiciary Committee, to share your opinions: Rep. Jack Brooks Chair, House Judiciary Committee 2138 Rayburn House Office Bldg. Washington, DC 20515 (202) 225-3951 (voice) (202) 225-1958 (fax) The bill number is H.R. 4922 in the House and S. 2375 in the Senate. It can be referred to as the "FBI Wiretap Bill" in correspondence. Electronic Privacy Information Center 666 Pennsylvania Avenue, S.E. Suite 301 Washington, DC 20003 (202) 544-9240 (voice) (202) 547-5482 (fax) EPIC is a project of the Fund for Constitutional Government and Computer Professionals for Social Responsibility. ======================================================================= From machado at newton.apple.com Mon Aug 22 14:42:44 1994 From: machado at newton.apple.com (Romana Machado) Date: Mon, 22 Aug 94 14:42:44 PDT Subject: New StegoInfo Page on WWW Message-ID: <9408222129.AA20221@newton.apple.com> Fellow C'punx, Those of you with WWW access might wish to check out my new StegoInfo Page at: http://www.nitv.net/~mech/Romana/stego.html Enjoy. Romana Machado romana at apple.com WWW: page under construction To each, according to his greed; from each, according to his gullibility. From pierre at shell.portal.com Mon Aug 22 15:20:52 1994 From: pierre at shell.portal.com (Pierre Uszynski) Date: Mon, 22 Aug 94 15:20:52 PDT Subject: Mail to all drivers in Oregon? Message-ID: <199408222219.PAA02264@jobe.shell.portal.com> > Greg Broiles writes: > > Probably more than any of us want to pony up. [...] > > you're still talking about a $216,000 mailing. Pick a smallish city (but one that's "on the map" for whatever reason, university, companies, whatever), and target everyone in the city. At the same time similarly target a number of journalists in the national media. Send to all of these all the data you can find about themselves. This way you minimize the expense, and you get the national media to amplify this and make sure everybody in the country knows about the event. Jeffrey Rothfeder did it with one such journalist (Dan Rather) if I remember around 1989 (story in Business week, Sept 1989). And reuses all this stuff for the book "Privacy for sale", 1992). But he did it on a small scale, just for a story, and a story that he could put his name on. As opposed to what we are talking about here. Pierre. pierre at shell.portal.com From blancw at microsoft.com Mon Aug 22 15:29:07 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 22 Aug 94 15:29:07 PDT Subject: Unauthorized Advertising Attempt Message-ID: <9408222229.AA23719@netmail2.microsoft.com> Explanation: The Citizen-Unit known as Timothy C. May is a well-known subversive given to the wide dissemination of disinformation and not expected to comply with Authorities, regulations, or advertising fee schedules. There is no mistaking him: in our exhaustive search through all the phone books on the National Database, there was only one. ~ Data From hfinney at shell.portal.com Mon Aug 22 16:18:16 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 22 Aug 94 16:18:16 PDT Subject: Brands cash In-Reply-To: <199408201652.JAA29752@jobe.shell.portal.com> Message-ID: <199408222317.QAA07557@jobe.shell.portal.com> In the last installment, I described a particular technique that could be used for signatures based on discrete logs. (There are many DL-based signature algorithms, but this particular one lends itself to the blinding technique.) I should point out that this signature is due to Chaum, and in fact everything I will discuss comes from Chaum's work. Brands goes on to develop some nifty cash systems based on it, but his extensions are too complicated to touch on more than briefly. Blind signatures are, IMO, the key to anonymous digital cash, and in fact to many forms of anonymity. The ability to engage in mutual information manipulation with another person, while guaranteeing that no linkage will later be possible between the data exchanged and the results of that calculation, is the foundation for interacting in a complex way without losing any privacy. The significant feature of the blind signature I will describe here is that it is a "restrictive" signature. In the original Chaum blinding technique, there were no limits on what was actually being signed. With this restrictive blinding, only a limited set of transformations are possible between what is seen by the signer and what is later exhibited as the signature. These transformations fully protect privacy, but the restrictions protect the interests of the signer and end up simplifying the protocols (which were complex just to protect his interests). Recall that there were two kinds of DL-based signatures I discussed earlier. In the interactive signature, Vicki the verifier came up with a challenge number c which she went to Paul the prover (signer). Paul produced a response r which depended on c, and using r, c, and the other numbers from the protocol Vicki is able to check and confirm the signature. In the non- interactive signature, the challenge number c is calculated as a cryptographic hash function of the other numbers, and r is again shown based on c. Vicki no longer has to interact with Paul; she (or anyone else) can confirm the signature based on r, c, and the other numbers. The hash function basically takes the place of the interactive verifier, and since it is cryptographically strong c is essentially random. The blind signature basically combines these two techniques. Vicki wants to end up with a non-interactive signature on m', which is a special trans- formation of m. To do this, she engages in an interactive signature protocol with Paul, getting him to sign m. But the c she sends to Paul is an easily- undoable blinding of c', which comes from the cryptographic hash function applied to m' and the other numbers. The r she gets back is then easily transformed into an r' that works with the cryptographic hash. The result is that she ends up with a non-interactive signature on m' because Paul was willing to participate in an interactive signature session on m, and Vicki chose the c carefully so it would work in the final signature she shows. (This shows, BTW, that it is not safe in general to have a system which uses both interactive and non-interactive signatures using the same keys. This technique allows non-interactive signatures to be produced from inter- active sessions on different numbers. In the blinding protocol, Paul knows what Vicki is up to, and he willingly goes along with the blind signature. Similar problems were pointed out long ago with RSA signatures.) Now for the mathematics. Recall the g is the "generator" of the group, the base of all of the powers. x is Paul's secret key, and GX=g^x is his public key. The relationship between m', which is what Vicki will end up with a signature on, and m, which is the number that Paul sees, is m' = (m^s)*(g^t). In other words, a signature may be blinded by being taken to any power, and multiplied by any power of the generator g. This means that if Paul puts some restrictions on the m that he is willing to sign, Vicki will not in general be able to end up with a signature on an arbitrary m' of her choice. Due to the difficulty of the discrete log problem, she cannot in general find s and t such that (m^s)*(g^t) is a desired m'. Instead, she can do little better than to choose s and t at random and just accept whatever m' comes out. As the first step of the interactive protocol, Paul chooses a random w and sends Vicki MX = m^x, GW = g^w, and MW = m^w. In the non-interactive signature, the challenge c is calculated as the hash of (m,MX,GW,MW). Vicki must transform these numbers so that Paul will not recognize them, but in such a way that the mathematical relationships are maintained. To do this, Vicki chooses two (more) random numbers, u and v (along with s and t above). These will be such that w'=u*w+v, although Vicki never knows w (or w'). Then she calculates her numbers as follows: MX' = m'^x = ((m^s)*(g^t))^x = (m^(s*x))*(g^(t*x)) = (MX^s)*(GX^t) GW' = g^w' = g^(u*w+v) = (g^(u*w))*(g^v) = (GW^u)*(g^v) MW' = m'^w' = ((m^s)*(g^t))^(u*w+v) = [...] = (GW^(u*t))*(MW^(u*s))*(m'^v) These are not that hard given the definitions above, except for that last one, where I skipped a few steps :-). Using these, Vicki calculates her hash c'= Hash(m',MX',GW',MW'). Now, the c she sends to Paul will be used to calculate r = c*x+w. She wants to end up with r' = c'*x+w' . This can be achieved by the following two transformations, based on w'=u*w+v: c = c'/u r' = u*r + v This c is sent to Paul, and the returned r is transformed to r'. The resulting signature on m' is (MX',GW',MW',r'), and it is perfectly valid just like any other non-interactive signature using this signature function. Well, the mathematics are a little complicated, I know. The main things to take away are that the restrictive blinding does require some interaction with the signer in order to end up with a non-interactive signature, and that the limitations on the blinding which can be done are to take the signed number to a power and multiply it by some power of g. There are a couple of easy applications of the simple blind signature. (I made both of these up based on Brands' hints, so if there are problems with these specific examples please don't blame him.) The blind signature by itself is perfectly suitable for on-line cash. The cash could be represented as any signed value using a particular secret key. Unlike with RSA signatures, it's not possible to conjure up a bunch of perfect 3rd powers (or whatever). The only way to come up with anything that satisifies the tests for a valid signature is by participating in the algorithms above. So by itself (MX',GW',MW',r') and m' could constitute a "piece" of digital cash. It would be anonymous and untraceable just like the simple Chaum online cash. Another nice application is to a system of pseudonyms and credentials. Chaum originated this idea but his implementation was complicated and clumsy, involving cut-and-choose, hundreds of discarded validator terms, and other messy stuff. Using Brands' technology each person could have an identity string I, and get that signed by the validator-issuer, reblinding it to be I^s which would be the pseudonym at a given organization (you don't need the g^t term for this application). Instantly we have constrained pseudonyms to be of the desired form without any mess. Now if you get a credential from some organization ("good credit risk"), and want to show it on your pseudonym at another organization, you get them to sign I^s and reblind that to be a signature on I^s'. You can do this by taking I^s to the s'-s power, an allowed transformation under the blinding rules. And you can't turn it into a signature on some other person's pseudonym because there is no way to know what power I^s would have to be taken to to get I'^s for some other I' due to the DL problem. So, pseudonym/credential systems practically fall in your lap with this signature, and Brands has been able to extend his ideas a very long way along these lines. He has all kinds of different rules which can be applied by modifying the basic idea. I hope that he will be able to publish his results soon so that we can see what the possibilities are. Hal Finney hfinney at shell.portal.com From jgostin at eternal.pha.pa.us Mon Aug 22 16:21:16 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Mon, 22 Aug 94 16:21:16 PDT Subject: Creating privacy crises: Society hacking Message-ID: <940822163025j7Gjgostin@eternal.pha.pa.us> nelson at crynwr.com (Russell Nelson) writes: > I have compiled the following information on your 17-year-old > daughter from open governmental sources, e.g. voting records, birth > records, DMV records, etc. Perhaps the government shouldn't be > keeping these records? More importantly, and in addition: Your dear Kimberly has a 2.3 gpa at Lower Central HS. She is in Aerobic Gum Twiddling until 10:30, at which time she proceeds to Some Math Class 3 until 12:00. At 12:00. . . Definately much scarier. :-) --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From tcmay at netcom.com Mon Aug 22 18:25:08 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 22 Aug 94 18:25:08 PDT Subject: Creating privacy crises: Society hacking In-Reply-To: <940822163025j7Gjgostin@eternal.pha.pa.us> Message-ID: <199408230125.SAA10152@netcom4> > Your dear Kimberly has a 2.3 gpa at Lower Central HS. She is in > Aerobic Gum Twiddling until 10:30, at which time she proceeds to Some Math > Class 3 until 12:00. At 12:00. . . > > Definately much scarier. :-) > > --Jeff And clearly a violation of the Digital Stalking provisions of the Crime Bill. Do you know that by merely saving a copy of this message and later cross-correlating it with other messages, I am in violation of the Digital Stalking laws? --Tim (Actually, so far as I know, there is not (yet) such a provision. But there could be. Scary.) -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From frissell at panix.com Mon Aug 22 18:44:11 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 22 Aug 94 18:44:11 PDT Subject: Digital cash market Message-ID: <199408230142.AA15884@panix.com> At 05:16 PM 8/21/94 -0500, Jim Hart wrote: >At this point Duncan Frissel will regail us with some wonderful >scheme, understandable only to lawyers, that can be used to >get credit cards under aliases, perfectly legal if you >use a doubly nested corporate structure going through Aruba >and the Caymans, and the IRS and FBI don't decide to get >to get you on some technicality Duncan failed to mention. I can't recall any time I've laid out a complicated structure to avoid the privacy invaders. Most of my techniques are simple and depend merely on a willingness to not do the conventional things that other people tell you are necessary if you are to prosper. In fact, hasn't Tim May actually accused me of offering solutions that are too simple and that are not based on careful and exotic Harry Margolis sort of International Tax Planning? The many people who have gotten anonymous Visa and Mastercard credit cards for example have used the simple scheme of applying for a secured credit card in a nome de guerre. Others have opened bank accounts in convenient names that come with Visa debit cards. It is actually easier than it has ever been to obtain credit cards in names other than your own. Signet Bank is promoting it's secured credit card with TV ads. >The surprisingly large number of folks who actually do go to Frissell style >lengths is proof that there are plenty of peope who care about privacy. Gee, I wish you could convince my wife that I "go to great lengths." She always accuses me of taking the easy way out. DCF "How is it that the bulk of the 'Great Unwashed' manage to stand out in the pouring rain and never get wet? Persons of all ages whine these days about how tough and boring things are even though there are more exciting and profitable things going on in the world today than ever before in human history." From jdwilson at gold.chem.hawaii.edu Mon Aug 22 18:58:37 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Mon, 22 Aug 94 18:58:37 PDT Subject: your mail In-Reply-To: <9408191424.AA08350@toad.com> Message-ID: On Fri, 19 Aug 1994 mogsie at VNET.IBM.COM wrote: > Hi, guys| > > I just received my T-shirt as a birthday-gift from my brother| > > Or is this just a fraud...? > Hey, yer lucky - my check cleared some time ago and I have yet to get the shirt. Sure wish I still had the email address of the shirt-source (mea culpa for not saving it where I could find it...) -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From j.hastings6 at genie.geis.com Mon Aug 22 19:56:54 1994 From: j.hastings6 at genie.geis.com (j.hastings6 at genie.geis.com) Date: Mon, 22 Aug 94 19:56:54 PDT Subject: Scanner Banners Message-ID: <199408230256.AA212650583@relay2.geis.com> -----BEGIN PGP SIGNED MESSAGE----- - From ham operator N8TQJ @ W8BI.#DAY.OH.USA.NA: I gained access to a memo from Tandy Inc. headquarters in Fort Worth Texas that stated that because of an "engineering defect" the Realistic Pro 23 and the Pro 46 handheld scanners were to be immediately pulled from the shelves and NOT allowed for sale. This "defect" causes these 2 radios to fail the "compliance" specs of this "law". All district supervisors for Radio Shack are to monitor sales records of all stores within their jurisdiction on a DAILY basis, and ANY sales of the Pro 23 & 46 by ANY employee will result in "...immediate termination of employment". This is because these 2 radios do "...not conform" to the FCC ban of any scanner that can be "...easily modified" to receive 800 MHz cellular phone frequencies. This "ban" went into effect April 24, 1994, yet allows the sale of scanners already in this country, none may be imported, designed or built after this date. The memo went on to say that there will be no further warehousing and store restock of the Pro 51 handheld and the Pro 2026 moblie (similar to the BEARCAT 560 & 760) scanners and that all supplies of these 2 scanners will be sold out and not replenished. However, there are stores within the Dayton- Cincinnati-Columbus triangle that have the 2026 and the 51 and are allowed to sell them. This situation defies all logic and makes no sense at all whatsoever, Let's look at some facts: 1) ALL these scanners are cell-phone modifiable, and "easily". 2) The 23(banned from sale)and the 51(not banned)are both contemporous in design and date of model introduction. Both of these radios modify by a keyboard keystroke manipulation(1994 model introduction). 3) The 46(banned from sale)and the 2026(not banned)are both contem- porous in design and date of model introduction, and are electrically similar in design. These radios are "hardware" modified, a wire cut in the 2026 and 2 chip jumpers removed and one relocated in the 46. Why this jumbled shuffling? I think that this is another boot-licking snafu by Tandy, as the incident where Tandy pulled ALL scanners from the shelves in The People's Republic Of New Jersey when this State proposed a ban of ALL scanners. I would love to know what the Feds are up to, as cellular phones will be digitally encrypted shortly. Is this cell phone "ban" a legal prec- ident to ban further frequencies from citizen's monitoring access? Are we on the road to Soviet-like Goverbment controls: * Firearms confiscation * Internal passports * Limits on communications outside of local areas Noah's flood began with one raindrop. 73 To All - From The UnHappy Club Corny N8TQJ at W8BI - ---------------- The message above taken from the ham packet network. Thought it might be of interest here. Kent - j.hastings6 at genie.geis.com Ham packet AX.25: WA6ZFY @ WB6YMH.#SOCA.CA.USA.NA -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLljVFTQYUX1dU7vxAQG4sAQA3HCTZ/SxZmbFOVRy1mIjeUorFeFWLuAN C26A4JM87O7iMvQa3sa0ZiUZd7syVBZy4+mINiert+7Uu/RRLjb4wIThyD0HAQZp 83B45XDHu2QI13dvtxwd4xC/Vqbgknraduma385gWjUSMexFW9nPtd+gcKGyO82P /4tehiEeX1s= =atNQ -----END PGP SIGNATURE----- From tcmay at netcom.com Mon Aug 22 20:13:47 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 22 Aug 94 20:13:47 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408210219.WAA15554@zork.tiac.net> Message-ID: <199408230312.UAA25302@netcom4.netcom.com> Bob Hettinga writes: > Immediate and final clearing must save money, somehow, but right now, it's > hard to prove whether cash is still king in cyberspace. I have a (somewhat > religious, in the sense that it may not be empirically proved in my > lifetime) belief that that's the case. That's why I like to agitate for a > test. Yes, Tim, I know, you guys aren't bankers... Don't let me stop you, Bob! My main objection is not to anyone going ahead and trying something (why should I object to that?), but to two themes which often seem to go together: 1. Proselytizing for some kind of group project. Exhorting others to "do something!" 2. An underestimation of the task ahead. A failure to absorb the work already done, and a failure to see the work still needed. An assumption that the task at hand is the _selling_ of digital cash as a concept. Now if Bob or anyone else can pull of digital cash, can convince some bank to do a fairly major launch, fine. He or they will be famous. I adopted this "politely skeptical" stance a year or so ago when I hear about the efforts by Hughes, Abraham, Sandfort, and Frissell to do some version of a digital bank. Ditto for the Austin group's plans to do a new type of credit union. This list has seen many proposals for many systems. Most don't go anywhere, which is hardly surprising, given the lack of funding, the serious technical, regulatory, and market resistance issues. Note to All Readers Tired of this Issue: I think this'll be my last response in a long while on this issue. Those who wish to build RemailNet (tm), First Internet Bank (tm), Digibux Depository (tm), or e$ Savings and Loan (tm) should certainly proceed. But statements of plans, or exhortations that Cypherpunks should all pull together on one of these plans, are less impressive to me--and I suspect to others--than some tangible progress such as we saw with remailers, with PGP, with message pools, and with thoughtful articles on the important protcols (such as we saw tonight with Hal's posting on the Stefan Brands scheme). I don't think any of us on this list is yet ready to present a plan to real bankers. Eric Hughes has told me he agrees. I don't know what Hal or the others think, but the issues surrounding digital cash are still sufficiently murky at this point to make a plan to deploy digital cash premature. I see several ways around this: 1. The research groups centered around Chaum, with other CWI folks like Brands having other approaches, will be likely centers of expertise. Not surprising. Of relevance because this is where the impetus will be concentrated. 2. I can imagine a financial entity (bank, brokerage, etc.) having a working group looking into this. As a research project, as a way of keeping current on something important. 3. Digital cash may come out of left field, sort of analogous to the way hypertext is arriving unexpectedly from the Mosaic/Web developments (done by a small group, fairly quickly). What I can't see is a bunch of us going to a bank and "shmoozing" with them and then having them see the light. Maybe Bob sees things differently. Maybe he's right. Who knows. What I know is that changing the world by exhortation is usually a hopeless task. Examples work much better. Cypherpunks write code. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From karn at qualcomm.com Mon Aug 22 20:17:20 1994 From: karn at qualcomm.com (Phil Karn) Date: Mon, 22 Aug 94 20:17:20 PDT Subject: cypherpunks-digest V1 #18 In-Reply-To: <9408191433.AA08423@toad.com> Message-ID: <199408230317.UAA29137@servo.qualcomm.com> >The purpose of a civilized society is precisely to avoid this sort of >``arms race'' between bandits and those who pay for services. Even This "arms race" would not have been necessary had the vendors and cellular carriers not been so short sighted as to not put meaningful cryptographic security into their system at the very beginning. All of the technology necessary to prevent the now-rampant snooping and replay of ESNs already existed in the early 1980s when AMPS was being deployed. It certainly exists now. Unfortunately, the TIA seems to be just as incompetent now as they were back then. The cellular industry is as bad as the credit card industry. Both claim that cryptographic security mechanisms are not "economically viable", but if you look more closely you'll discover this conclusion is based solely on their own direct costs. They ignore the consequences of bad security borne by others: the mail-order merchant stuck with a bad debt, the honest customer with a credit rating destroyed by a stolen card number, the taxpayers who have to pay the police, courts and prisons to investigate, prosecute and punish credit card and cellular fraud, and of course every customer who pays a higher price to subsidize fraud. As long as the credit card and cellular carriers don't have to carry these costs themselves, they don't give a damn. And I can't get too sympathetic when I see them trying to heap even more of the consequences of their laziness on the legal system. Phil From tcmay at netcom.com Mon Aug 22 21:06:14 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 22 Aug 94 21:06:14 PDT Subject: NSA spy machine In-Reply-To: <9408220938.ZM4720@simple.sydney.sgi.com> Message-ID: <199408230406.VAA01199@netcom4.netcom.com> Ian F. writes: > You're talking about silicon fab lines here, Tim. As far as I am aware, Cray > has never fab it's own chips. Indeed, most of their boards which I have > seen (I, II, Y-MP/8 and Y-MP/EL) have used chips sourced from fairly well- > known vendors, such as VLSI Technologies. Yes, of course I was. My point was that the $5-10 M that NSA will put into to Crayco to keep it on life support for another couple of years is chump change compared to the investments being made which actually _will_ alter the economics of things. (And the Pentium is neither here nor there in this point.) > > (And a new generation of hackers are using Linux on cheap Pentium > > boxes to easily outrun Suns.) > > Not a fair comparison, really. Sun is the bottom end of the RISC system > market, and is being continually trounced by almost everyone else. Comparing > the Pentium to our R4400 chips, or HP's PA, or DEC's Alpha would be much more > instructive, and not nearly as favorable to Pentium. My point was that the world is being changed by cheap processors. This is what will allow VoicePGP to be spread widely, not the fairly slight performance advantages of R4400s or Alphas. (There's an interesting thread in the PowerPC and Intel newsgroups about the performance of a dozen or so machines in running actual Mathematica code. I'm not trying to start a benchmark debate here...the point is that PowerMac 8100s were right up near the top, as were Pentium P90s. The H-P PA machines were the only machines consistently faster. Alphas often lagged, for various reasons. Indigos I don't recall the ratings of. The stunner is that machines people are buying for _home use_ are essentially as fast as the fastest workstations.) > Cray's traditional client-base is money rich, and possess problem sets which > are not practical on conventional architectures. Those conventional Crayco has not a sold a single Cray III, which means of course they've never sold a single machine. Not a single one. Hence the latest infusion of life support from NSA. (Ian and others of course know this, but for anyone who is confused: Cray Research and Cray Computer are two entirely separate companies. Different locales, different staff. Crayco is developing the Cray III and Cray IV, as we've seen here. No sales for the Cray III spells dire problems for them.) > Lots of people disregard the implications of putting quarter of a million ECL > chips into a column a metre round and a metre and a half high (ie. the Cray > II). > You have BIG heat problems, and in some configurations even flourinert > immersion isn't going to work. > > A lot of the cost of these systems is packaging, and Cray really pushes > the state of the art here. In Seymour Cray's speech to the ACM, he mentions > that fluid immersion of PCB's had never been tried before, as everyone thought I saw the first Cray 2 running during its shake-down cruise at LLL, in January 1984. As to running boards in Fluorinert, we'd been doing it at Intel since the late 1970s. We did liquid burn-in of hundreds of chip-filled boards, at just below the boiling point of the liquid (I think it was FC-76, but it could've been one of other variants). A lot of people knew about this, and there was a lot of discussion that I can recall personally about cooling computers with direct flow Fluorinert. (The guy who showed my the Cray 2, Howard Davidson, was already working on a system involving water at high speeds coursing through silicon microchannels. Flourinert was rejected as not having enough kW/cm^2 heat transfer properties.) I'm not knocking Cray's designs, nor his packaging. Just clarifying things as I understand them. I expect to see both Crays eventually go the way of Thinking Machines and other largely-captive suppliers to the national security apparatus. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Mon Aug 22 21:25:37 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 22 Aug 94 21:25:37 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408221633.MAA04175@zork.tiac.net> Message-ID: <199408230425.VAA03748@netcom4.netcom.com> Bob Hettinga wrote: > It's important not to pile on too many features, desires, agendas onto a > relatively simple financial instrument. The point of digital cash is to > provide liquidity for internet commerce as cheaply as possible. Anonymity > is a happy benefit. I disagree with this. Anonymity is what gives digital cash it's raison d'etre, it's technological advantages over conventional schemes. If anonymity, untraceability, and other "Chaumian" notions are only seen as peripheral side effects, then we already _have_ "digital cash" in the encrypted credit card systems some folks are already offering. Without the technological approach to untraceability and anonymity, all we have is the usual "trust". Granted, credit card numbers ought not to be sent over unsecured channels, but fixing that is easy (with end-to-end encryption). Trust-based systems are not the foundation for a free society most of us are seeking. > tomorrow, it's a dollar. I cash out my digiDollar the next day, it's a > dollar. Looks pretty simple to use to me. (a digiDollar is a dollar is a > dollar is a dollar) :-). > > [Oops. I went and concocted some more buzzy language. Occupational hazard. > Don't worry, I'll try not to use it anymore, and maybe it'll die > gracefully.] "Digidollar" was one of the many names coined by folks on this list, along with Cypherbucks, Digimarks, etc. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Mon Aug 22 21:45:48 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 22 Aug 94 21:45:48 PDT Subject: NSA spy machine In-Reply-To: <9408220938.ZM4720@simple.sydney.sgi.com> Message-ID: <199408230445.VAA05351@netcom4.netcom.com> Ian F. writes: > You're talking about silicon fab lines here, Tim. As far as I am aware, Cray > has never fab it's own chips. Indeed, most of their boards which I have > seen (I, II, Y-MP/8 and Y-MP/EL) have used chips sourced from fairly well- > known vendors, such as VLSI Technologies. In my last post, I forgot to mention that Cray Computer Company actually *did* and *does* fabricate its own chips! They committed to GaAs from a supplier and then bought the supplier when it faltered. My recollection is that it was Gigabit Logic, but it _might_ have been the "other" GaAs supplier, whose name escapes me this minute. I'm not claiming this as the proximate cause of Crayco's current problems. But I do think committing to GaAs *was* a factor, and this relates to the levels of integration in CMOS and BiCMOS versus the levels currently obtainable in GaAs. A huge fraction of Crayco's spending went into the advanced robotic wirebonding and packaging of thousands of GaAs chips. IBM spent vast fortunes on its advanced packaging/cooling systems, while Intel and other chip companies concentrated on CMOS VLSI, with much lower overall packaging and cooling costs for the same performance. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From solman at MIT.EDU Mon Aug 22 21:47:02 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Mon, 22 Aug 94 21:47:02 PDT Subject: Voluntary Governments? In-Reply-To: <9408221729.AA14060@fnord.sybgate.sybase.com> Message-ID: <9408230446.AA16187@ua.MIT.EDU> > Er. No. Government has _everything_ to do with throwing people into > prisons, _and_ with using guns. Further, "exercises authority" is a > code phrase that means "throws people into prisons and uses guns." Lets ignore the dictionary, which says you are wrong, and return to the issue. Can a government (in cyberspace or otherwise) wield the authority to tax and regulate behavior without guns? > If you inspect the matter carefully, without the threat of force there > could be no government. Otherwise, how would they collect taxes and > tarriffs? Easily. They could deny you access to services of greater value than the tax being imposed. MIT weilds this power quite successfully. This thread arose because I was talking about cyberspatial governments. A cyberspatial government might collect a deposit from you before you have access to its citizenry. If you don't follow the rules... if you don't pay your taxes, the government takes your property away. How much less powerful is this crypto weilding cybergovernment than a gun toting physical government? Clearly not being able to kill you puts it at a disadvantage, but if I'm under investigation for breaking the law of a cybergovernment the result of which is the loss of a large fraction of my property, I WILL be coerced. > Moreover, they must declare themselves to be the only authorized > users of force, or their "enforcement" (look carefully at that word) power > will be limited in its effectiveness by the strength of the resistive > force. That assumes that one entity with power will naturally oppose the others. They frequently do not. USA/MA/Cambridge/MIT all get along quite nicely and all weild quite a bit of authority over me. In cyberspace mutiple governments are even more likely to get along, since they can't directly attack each other. Jason W. Solinsky From lile at art.net Mon Aug 22 21:47:53 1994 From: lile at art.net (Lile Elam) Date: Mon, 22 Aug 94 21:47:53 PDT Subject: EPIC Statement on FBI Wiretap Bill Message-ID: <199408230446.VAA26346@art.net> Good show, my man! At least some group is taking a stand other than the short-changed stand that the EFF has taken. How do I join EPIC? Glad I never joined the EFF.... :) -lile From die at pig Mon Aug 22 21:47:59 1994 From: die at pig (Dave Emery) Date: Mon, 22 Aug 94 21:47:59 PDT Subject: Scanner Banners In-Reply-To: <199408230256.AA212650583@relay2.geis.com> Message-ID: <9408230446.AA13767@pig> Corny N8TQJ writes on Ham packet: > I would love to know what the Feds are up to, as cellular phones > will be digitally encrypted shortly. Is this cell phone "ban" a legal prec- > ident to ban further frequencies from citizen's monitoring access? Not the feds, but Congress under intense pressure from cellular lobbiests. Most of the working federal types such as the FCC and DOJ have admitted the whole anti-radio-listening ban is uneforceable - and as far as I am aware there have been only two prosecutions for violating it, both flagrant examples of people disclosing the contents of radio communications in very inappropriate ways. The cellular scanner ban was an attempt by the lobbiests to do something more practical than foisting unenforceable laws with draconian penalties (10 years in jail and $250,000 fine) on the rest of us. Essentially the justice department and FCC have stated that they cannot enforce the listening ban and will not except in flagrant and abusive cases with clear malicious intent. So cell listening went on to become popular and the lobbiests found a new tactic, banning the reluctant FCC from type approving any scanner that could tune cellular frequencies or be modified to do so by some simple act. Unfortunately Congress again failed to realize that one cannot legislate the laws of physics and of course modifying a radio to tune these bands by such simple strategies as downconversion or simple modifications to the synthesizer or control microprocessor or even just reception via images on an unmodified radio is still possible and just about as hard to prevent as any other private radio listening. Many of us who dabble with radios as a hobby fear that the next step in this game will be to outlaw possession of, modification or construction of, buying or selling of, and even perhaps simple non-criminal use of radios capable of receiving forbidden frequencies or non-standard modulations. This will no doubt be justified on the grounds that the present bans on listening are too hard to enforce and prosecute and therefore an easier to enforce ban such as one on simple possession is needed to rid the country of this awful scourge. This, of course, would criminalize tens of millions of radios and make millions of radio owners outlaws, but given the the fact that Congress has passed the two present absurd laws in the face of fairly widespread objections from knowlagable members of the technical community that such laws make no sense and that such radios have many legitimate uses, such a possiblity seems all too real. And given that the cell lobby has established the precedant of requiring protection of it's frequencies, what is to stop the police chief lobbies from demanding equivalent protection of police frequencies, or other groups demanding that radio gear capable of picking up their transmissions be banned ? Many of us in the radio hobby fully expect that this strategy will eventually result in the attainment of the goals of some of the rabidly anti-monitoring types who tried to have the 1986 ECPA severely criminalize listening to any radio transmission whatsoever except the public part of AM, FM and TV broadcasts (no auxiliary or subsidiary signal listening allowed) and ham radio and CB transmissions which have never been considered private. As for digital cellular, the NSA has successfully quietly pressured the standards bodies with threats of export bans and neither of the two major digital systems will incorperate hard encryption of voice traffic as a normal option. Digital cellular traffic will be significantly harder to intercept than the simple fm analog kind for a number of technical reasons however, and of course present day analog scanners won't pick it up at all. A ban on type approval of any radio capable of receiving digital cellular (other than a cellphone) is already part of the present cell scanner ban, so such radios even if not technically scanners will never be sold to the public at large (you can be sure that the law enforcement and spook community will still buy them by the truckload, however, just as they have bought many many thousands of high end (such as ICOM) scanners capable of intercepting analog cellular). > Noah's flood began with one raindrop. Sure did. Dave Emery, N1PRE From blancw at pylon.com Mon Aug 22 21:56:01 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Mon, 22 Aug 94 21:56:01 PDT Subject: Multiple Solutions Message-ID: <199408230456.VAA22021@deepthought.pylon.com> Questions for Cryptids: Considering that: Everyone wants to have access, but no one wants 'their' info to be available indiscriminately. Everyone wants ease-of-use, but no one wants to have their system made vulnerable by it. Everyone wants wide markets, but no one wants to have easily duplicatable products. Everyone wants to corner the market for their product, but no one wants a monopoly of one - or a reduction in choices. .. Would you say that ideally all electronic information should be encrypted as a matter of course; is it the best circumstance to have absolutely everything encrypted, with systems or processes for access available only to select or paying members of the chosen cabal, no exceptions? Given that personal information is shared almost automatically between & among all sorts of businesses & gov. agencies, and that in order to prevent that, laws & regulations would be called on to put the label of illegality & the force of the law behind them: .. How could (would, should?) the procurement of services, where one is requested to give out personal financial or other information in order to receive them, be accomplished in an anarcho-capitalist system of operations whereby interactions/transactions might be 'illegal' yet supremely functional & directly beneficial, while not also being intrusive & offensive? How could all of this data be 'contained' so that it would not be irreverently distributed by irresponsible parties? .. What, in such a system, would be a method for redress of violations of contract - personal vendettas? I'm imagining these elements within a context wherein all things are electronically possible, though only some are desireable, but all are individually manageable & controllable. Blanc From sw at tiac.net Mon Aug 22 22:07:25 1994 From: sw at tiac.net (Steve Witham) Date: Mon, 22 Aug 94 22:07:25 PDT Subject: Why to define "government" generously Message-ID: <199408230504.BAA23905@zork.tiac.net> I'm a libertarian, an anarchist even. I used to say that government-- properly defined--was what I was against. James A. Donald seems to think that way; he closed a recent letter like this (the signature is relevant): >...It is killing, violence, and extortion that make government >organizations different from non government organizations. > --------------------------------------------------------------------- >We have the right to defend ourselves and our >property, because of the kind of animals that we James A. Donald >are. True law derives from this right, not from >the arbitrary power of the omnipotent state. jamesd at netcom.com This is the "monopoly on force in a geographical area" definition of government. It's also pretty much government as we know it. It's a fundamentally bad idea and it's what James and I are against. But I don't think it's a good definition of "government." The reason is that what most people mean by "government" is a set of services, the main ones being what James calls "true law": police, courts, and defense--protection services for large numbers of people. Now it's true that most folks lump this in with all the features of government as we know it--they think that a monopoly on force is necessary to produce protection services--but it's bad to define "government" based on that confusion. The reason is that people like me (and James, judging from his signature) would still like protection services to be available to people. When "government" can plausibly be used to mean those good things, then it's bad to narrow the term to mean the worst aspects of government as we know it. What is the point? So that we, a minority, can have a convenient term to name what we're against? So that our position can be stated in as few words as possible, or sound as striking and radical as possible? So that we can sound like we know what we're talking about by knowing the *real* definitions of terms? So we can use the same terms consistently forever? I think it's bad to define your position in terms of what you're against because it's backward-looking. There are at least as many problems in the future as in the past. Arguing over or refining definitions is a sign you've wandered into a timesink. Make up some temporary terms for what each side is talking about and get on to content. --Steve - - - - - - - - - - why did the chicken cross the infobahn? finger for more info. From hfinney at shell.portal.com Mon Aug 22 22:10:25 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 22 Aug 94 22:10:25 PDT Subject: Brands cash In-Reply-To: <199408201652.JAA29752@jobe.shell.portal.com> Message-ID: <199408230510.WAA13076@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- OK, for those who have stuck with me so far, I will describe a slightly simplified version of Brands' off-line cash. Users' anonymity is protected unless they double spend. (At last we are departing from Chaum and getting into some of the territory blazed by Brands.) The first thing that is done is that the value which is signed by the cash issuer in the creation of the cash encodes some information which represents the identity of the user. Let's call the user Irving, and the number which encodes his identity (it might just be his bank account number in this case) we will call I. The rule is that the issuer will only sign values which are of the form d*g1^I, where d is a fixed number used in the cash system, and g1 is another fixed value which is used here similarly to the g of the signature protocol itself. (d can actually encode the denomination by having a few different d values that are used, or else denominations can be encoded by different secret-key x values of the bank as is done in Chaum's cash.) As in a simplified version of the on-line cash, the signature is blinded to m' by raising it to the power s (we don't multiply by g^t here), getting a number m' of the form (d^s)*g1^(I*s) for random s. This totally masks Irving's I so it is not revealed in normal use. Now, the next new step is that Irving divides this m' value into two parts, called A and B, such that A*B equals m'. This can only be done (due to the discrete log problem) by having A=(d^x1)*(g1^y1) and B=(d^x2)*(g1^y2) such that s=x1+x2 and I*s=y1+y2. In other words, the exponents on d and g1 are split randomly into two parts and these used to form A and B. If anyone can find out s and I*s after the cash is spent, they can learn Irving's identity. They know m', A, and B, because they get revealed when Irving spends (as shown below). But this is not enough to learn s & I*s. If you find out x1, x2, y1, and y2, though, this allows s and I*s to be deduced, and therefore also breaks the anonymity. In spending the cash, Irving must reveal the signed m', along with A and B. (B can actually be deduced as m'/A.) Then, the store comes up with a challenge c (this is a different c than in the withdrawal protocol). Irving has to reply with two numbers: x1+c*x2, and y1+c*y2. This is pretty scary! He's really putting his cojones on the line, here. s(=x1+x2) and s*I(=y1+y2) will give him away, and here he's revealing a simple linear combination of x1&x2, and y1&y2. But he's actually safe in doing so - as long as he doesn't double-spend. x1+c*x2 still perfectly blinds x1 and x2, since nothing is known about these values, and likewise for y1 and y2. Just like in the original signature protocol where Paul gave away c*x+w, x his secret key, this is safe. (Well, it does appear that he should make sure c!=1. Then he would be telling x1+c*x2 = x1+x2, which is what he doesn't want to give away!) Irving might be tempted to lie about x1+c*x2 and y1+c*y2, but if he does he will be caught. The shop calculates A*(B^c), and this should be equal to d^(x1+c*x2)*g1^(y1+c*y2). Once this is verified, the shop, having checked the signature on m', accepts the cash. Now consider what happens if Irving tries to spend the cash again. This second shop will produce a different c challenge; call it c'. Again Irving must respond with x1+c'*x2 and y1+c'*y2. But now his goose is cooked. Once the bank gets the information from both shops it knows both x1+c*x2 and x1+c'*x2, and it knows c and c', so it can deduce x1 and x2. Likewise it can calculate y1 and y2. Adding these up gives s and I*s, and dividing these gives Irving's identity I. He's caught. There is one significant complication I have skipped over here, and that is the possibility that Irving could choose different A and B values (always with A*B=m') each time he spends. Then the x's & y's would be different each time and he wouldn't get caught. This is avoided by making a small change to the signature-checking algorithm. Earlier recall that a non-interactive signature on m' was defined by (MX',GW',MW',r'), and that it was checked by setting c'=Hash(m',MX',GW',MW'), and doing the special calculation with c' and r'. For this off-line cash we make a small change, which is that the hash function is calculated as c'=Hash(m',MX',GW',MW',A,B). We include the A and B in calculating the hash function. The bank never sees A and B, just like it never sees any of the other values in the hash function, but c' depends on them. If Irving tries to change A and B, then the c' which the shop calculates (using this longer hash formula) will be different, and it won't work with the r' that Irving got back from the bank. So by including more terms in the hash input we in effect get those things signed as well in a blinded way by the bank. (I think a similar hashing trick is how Schnorr signatures work, BTW). Once again, this protocol looks complicated, but compare it with Chaum's original off-line cash: there is no cut and choose, and the amount of data exchanged at each step is not very large, a few multi-precision values. I wrote up a long description of Chaum's off-line cash at a similar level of detail to this one, and I really think Brands' cash is far superior. Hal Finney -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLllXXKgTA69YIUw3AQHdFQP7BNop9S9RihTKEyBZCEvB7JD7SkGth+uk eftNFTjjGyKsxFeeyE1wK14G5N/55I7g7ADhSO36BRPrj0Wyv8Z9lpWP0fLA02Ga mCJnaspPN8oF29Jd/uuA7Sqa62FkIUW0MolWLIcqCshmrL6fG0dOZrhh34fBi/+o cOjp8H17ziM= =CVfC -----END PGP SIGNATURE----- From werewolf at io.org Mon Aug 22 22:13:48 1994 From: werewolf at io.org (Mark Terka) Date: Mon, 22 Aug 94 22:13:48 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408221335.AA00765@snark.imsi.com> Message-ID: In article <9408221335.AA00765 at snark.imsi.com>, "Perry E. Metzger" wrote: > > iqg1550 says: > > Let's all rejoice at the birth of the latest member of The Horsemen of > > The Criminal Apocalypse -- The Nuclear Weapons Material Smuggler. > > I'm sure his four siblings will make plenty of room for their baby brother. > > I will point out, of course, that anyone who can afford the tens of > millions to hundreds of millions the smugglers are reportedly charging > for critical masses worth of Plutonium and Uranium, odds are that they > can afford to buy un-escrowed secure communications equipment... Not to mention the fact that without tritium, the "trigger" for nuclear weapons (and extremely expensive and rare at $ 100m a gram) all you have is a radioactive paperweight. From tcmay at netcom.com Mon Aug 22 23:11:12 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 22 Aug 94 23:11:12 PDT Subject: Voluntary Governments? In-Reply-To: <9408230446.AA16187@ua.MIT.EDU> Message-ID: <199408230610.XAA15960@netcom3.netcom.com> Jason Solinsky wrote: > Lets ignore the dictionary, which says you are wrong, and return to the > issue. Can a government (in cyberspace or otherwise) wield the authority > to tax and regulate behavior without guns? > > > If you inspect the matter carefully, without the threat of force there > > could be no government. Otherwise, how would they collect taxes and > > tarriffs? > > Easily. They could deny you access to services of greater value than the > tax being imposed. MIT weilds this power quite successfully. This thread Jason is confusing markets and governments. A movie theater that sells tickets is not "taxing" its patrons--it is selling access. A university that charges tuition is not "taxing" its customers. (I will grant, and always have, that various businesses and universities and whatnot have various links to government: franchises, special enabling regulations, subsidies, etc. These complicate the issue, and make for what economists used to call "mixed" markets. Libertarians and others decry these mix-ins. But I don't take this to be the point Jason was making.) To call all negotiated prices "taxes" is, bluntly, absurd. It also cheapens the language by throwing away the essential distinction between market prices and taxes. In any case, something is a "market price" if one can walk away from the transaction. I know of almost nothing the U.S. government calls a "tax" that taxpayers are free to walk away from, to not pay (and thus not receive the service). If Jason is arguing that goods and services will be bought and paid for in cyberspace, who could disagree with this? They're just not taxes. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From Rolf.Michelsen at delab.sintef.no Mon Aug 22 23:41:21 1994 From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen) Date: Mon, 22 Aug 94 23:41:21 PDT Subject: e$ as "travellers check? In-Reply-To: <9408221245.AA00663@snark.imsi.com> Message-ID: On Mon, 22 Aug 1994, Perry E. Metzger wrote: [....] > Their whim, for the past few decades, has been to reduce as much as > possible the capacity to engage in untraceable transactions. Because > of that, any bank proposing to improve the capacity to produce such > transactions is going to get into trouble with the regulators, who are > acting to try to lessen such capacities. It really doesn't matter what > the details of existing law are. It's slighly more than a whim too, I think. I think I recall something about encouraging use of *traceable* electronic funds transfer for more transactions is something like an official statement from one of the not too distant G7 meetings. Another point not directly related to Perry's post: This list seems to "know" that people *want* anonymous digital cash. Does anybody actually know *how* *much* people want this? Is Joe Common willing to pay something extra for this anonymity functionality? Does anybody have facts about this, or is it just assumptions?? "Since we think it's good, everybnody must want it!" -- Rolf ---------------------------------------------------------------------- Rolf Michelsen "Nostalgia isn't what it Email: rolf.michelsen at delab.sintef.no used to be..." Phone: +47 73 59 87 33 ---------------------------------------------------------------------- From 0x7CF5048D at nowhere Tue Aug 23 00:16:09 1994 From: 0x7CF5048D at nowhere (0x7CF5048D at nowhere) Date: Tue, 23 Aug 94 00:16:09 PDT Subject: pgp -c,no initialization vector, possible bug, pgp 26ui Message-ID: <199408230639.AA22663@xtropia> -----BEGIN PGP SIGNED MESSAGE----- In pgp 2.6 UI When pgp is called with the -c switch, the routine idea_encryptfile in crypto.c is called from main in pgp.c. > status = idea_encryptfile( workfile, tempf, attempt_compression); >int idea_encryptfile(char *infile, char *outfile, > boolean attempt_compression) >{ > FILE *f; /* input file */ > FILE *g; /* output file */ > byte ideakey[16]; > struct hashedpw *hpw; Note that idea key is a 16 bytes. Now idea_encryptfile calls squish_and_idea_file in crypto.c with this 16 byte key. > /* Now compress the plaintext and encrypt it with IDEA... */ > squish_and_idea_file( ideakey, f, g, attempt_compression ); Now squish_and_idea_file calls idea_file in the module crypto.c with the same 16 byte key. >static int squish_and_idea_file(byte *ideakey, FILE *f, FILE *g, > boolean attempt_compression) >{ From solman at MIT.EDU Tue Aug 23 01:16:25 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Tue, 23 Aug 94 01:16:25 PDT Subject: Voluntary Governments? In-Reply-To: <199408230610.XAA15960@netcom3.netcom.com> Message-ID: <9408230816.AA17115@ua.MIT.EDU> [Tim sez] [I say] [elton quoth] > > > If you inspect the matter carefully, without the threat of force there > > > could be no government. Otherwise, how would they collect taxes and > > > tarriffs? > > > > Easily. They could deny you access to services of greater value than the > > tax being imposed. MIT weilds this power quite successfully. This thread > > Jason is confusing markets and governments. I'm sorry. I did not mean to call MIT tuition a tax, I meant to call MIT a government (which you may very well may object to equally). If MIT were just some store where you walk in, wait four years and receive an education, that would be one thing. But MIT is a full community. As such, MIT imposes many rules on the way we live. It collects fines from offenders. It has a treaty with the surrounding town of Cambridge according to which each year we conduct a ceremony in which we present them with a big check representing one year's tribute, and each Fall we send the new immigrants to give the town free labor. In return the town gives us protection from fires and backs up our police department. And we have a police department. And we have mechanisms for creating rules and enforcing them. And I have seen a number of people put in situations where MIT told them "These are our rules, live by them or go some where else", just like Democrats tell me when I preach Anarchy, "move somewhere else if you don't like it here". When does this move somewhere else concept cease to be legitimate? >From the cypherpunks point of view, the interesting thing about the "MIT is a government" argument is law enforcement. Although police tend to hang around parties, I have never observed one take action against an MITer. Enforcement of the rules at MIT is accomplished by economic coercion. If you are an employee, you have a job which MIT can take away. If you are a student you have given MIT a large amount of money towards a degree and they can take that away. This is precisely how a cyberspatial government might function. Physical threat is not a necessary element of enforcement. The argument I keep on hearing seems to be that governments are the bad things, so since MIT and cybergovernments are good, they must not be governments. This "good" "bad" stuff doesn't hold water with me. A cybergovernment says "Do as we say or you can't communicate with our citizens" MIT says "Do as we say or go somewhere else" US democrats say "If you don't like US laws, move somewhere else" Where do we draw the line between government and non-government and why? > In any case, something is a "market price" if one can walk away from > the transaction. I know of almost nothing the U.S. government calls a > "tax" that taxpayers are free to walk away from, to not pay (and thus > not receive the service). True enough. Most of our rules have been bundled together. Either you accept all of them or you walk away. So Tim, if you don't like the FBI monitoring all of your communications and requiring you to give them copies of all your secret keys, why don't you just leave? [or are you planing to do that?] JWS From tcmay at netcom.com Tue Aug 23 01:26:17 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 23 Aug 94 01:26:17 PDT Subject: Creating privacy crises: Society hacking In-Reply-To: <9408221654.AA15703@anchor.ho.att.com> Message-ID: <199408230825.BAA03796@netcom2.netcom.com> (Sorry for just responding now....Netcom is grossly overloaded and is rejecting mail, causing half-day or more delays in mail getting through.) Bill Stewart writes: > > At the HOPE conference, there was someone selling CD-ROMs of the DMV > > records for Oregon for $125. The same folks promise to add more states > > soon: next in line is Texas. > > Perhaps one could generate a privacy crisis by collecting that information > > and conducting a mass mailing to every person in the database: "we have > > this information on you. So could anybody with $125. Call your congress > > critter and complain." > > Mailing that information to everybody in Oregon would be expensive. > On the other hand, mailing it to everyone in the Oregon legislature, > the governor, the DMV honchos, and maybe a few other high honchos > could be interesting, and might not cost that much..... My expectation is that, true to form, such a move would result in the outlawing of the possession of this information by "unauthorized" persons or groups. Authorized persons and groups, including all the usual suspects, would of course then have even more freedom and less scrutiny. The standard Band-Aid. In any case, it doesn't tackle the real problem, which is that transactions are not as "local" as they once were. These days, permissions have to be gotten, SS numbers provided, health records blipped back and forth over the I-way, etc. Any systems which require more and more dossiers to be kept and cross-linked will erode liberty and strengthen the power of governments. Scaring the Congressrodents into making the U.S. have the equivalent of the Data Privacy laws of the Europeans is *not* a victory. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From pcw at access.digex.net Tue Aug 23 05:27:43 1994 From: pcw at access.digex.net (Peter Wayner) Date: Tue, 23 Aug 94 05:27:43 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408231227.AA21501@access3.digex.net> > >I don't think any of us on this list is yet ready to present a plan to >real bankers. Eric Hughes has told me he agrees. Real bankers may be well ahead of everyone on this list. I'm told that Citibank has some very intriguing work pending at the patent office. It's for digital cash. -Peter Wayner From pstemari at bismark.cbis.com Tue Aug 23 05:45:44 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Tue, 23 Aug 94 05:45:44 PDT Subject: Nuclear Weapons Material In-Reply-To: Message-ID: <9408231245.AA18083@focis.sda.cbis.COM> > Not to mention the fact that without tritium, the "trigger" for nuclear > weapons (and extremely expensive and rare at $ 100m a gram) all you have > is a radioactive paperweight. The "trigger" isn't tritium. Tritium (along with lithium 6) is used in fusion bombs. A fission-only device, ala Hiroshima or Nagasaki, doesn't require any. The trigger in the center of the plutonium core is a neutron source, polonium if memory serves correctly. Tritium is a beta emitter. --Paul From jdd at aiki.demon.co.uk Tue Aug 23 06:03:28 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 23 Aug 94 06:03:28 PDT Subject: NSA Spy Machine and DES Message-ID: <7148@aiki.demon.co.uk> In message <9408221018.ZM4791 at simple.sydney.sgi.com> Ian Farquhar writes: > On Aug 18, 8:13pm, Jim Dixon wrote: > >In message <9408190809.ZM4528 at simple.sydney.sgi.com> Ian Farquhar writes: > >>Actually, I would be surprised if the "SIMD" processors were not a huge > >>array of reprogrammable FPGA's, quite possibly Xilinx's. The possibilities > >>of a large array of these chips, each with local memory, is quite > >>interesting. I have personally seen an array of 64 Xilinx chips in a DEC > PeRL > >>box doing RSA, at speeds similar or better to almost all available custom > >>hardware implementations of the cipher. > > >The delays in getting data on and off the chip are too large and the amount > >of space wasted in redundant functions is too great. > > That is a rather sweeping statement. Want to back this up with some facts > and figures from real FPGA implementations? Certainly the early bit-slice > designs you mention later on did suffer from these problems, but FPGA's > bear little relationship to those rather venerable devices. 1. I have been using various kinds of programmable logic devices in designs for years. In doing such designs, you avoid using one device to drive another, because the effect of this is usually to increase your delays by 80% or so. There are a number of reasons for this. (a) You almost invariably duplicate functions if logic is spread over more than one chip. (b) The impedance and capacitance of the device pins and PCB tracks are far greater than those on-chip. As a result, for example, the setup time on an input flip-flop on an Actel A14100A is 3ns, but the setup time on an internal flip-flop is 0.8ns, about 75% less. In general off chip delays are an order of magnitude higher than on chip delays. FPGAs use longer internal routes than would be necessary on an ASIC and as I understand it the fuse impedance is a significant problem Both of these factors increase capacitance and impedance, slowing down the circuits. 2. The redundancy should be completely obvious. An FPGA is programmable. It has circuits whose sole function is to program the device. These occupy space. They cover the entire device. Once the device is programmed they serve no purpose. An ASIC also has a fairly high level of redundancy, because logic is assembled out of elementary logic blocks. A custom circuit, such as a microprocessor, has very little redundancy. To understand the effect of this, go price a 64K bit static RAM. ($5?) Then calculate the cost of implementing the same function in FPGAs, especially with comparable speed. > >You might prototype > >it using FPGAs, but even this is unlikely. Why not just buy one of the > >existing SIMD processors and simulate your target system? > > Because the FPGA solution is obviously less flexible, but a hell of a lot > faster than software simulation of another architecture. In this application > speed will win every time. For prototyping, speed is not usually a major consideration. What you are trying to do is to get the system to work, you are debugging it. > > People used to build fast processors out of separate chips (bit slices). > > They don't do that any more because it's too slow and too expensive if you > > are building in volume. > > But this application is NOT building in volume. It was my understanding that the project involved on the order of 10^4 to 10^6 chips. If the size of the system is small and the number of chips is low, then the use of FPGAs would be justifiable (and I myself have justified this in another context). > And yes, people do still > built multichip CPU's: most traditional supercomputing and mainframe vendors > for a start. Indeed, I would be surprised if this application didn't design > it's own FPGA (for ease of interfacing with the comms network for a start), ? what do you mean by 'design [an] FPGA' ? Do you just mean "do the design using FPGAs" -- easy -- or literally, "design a new type of FPGA"? This would be very expensive and pointless. Commercial designers are almost always going to do something cheaper and better than something done under a government contract. > but I'd argue that a SIMD configuration of reconfigurable FPGA arrays (ie. > a fixed array of reconfigurable arrays) would be an awesome system for > many problems that the NSA would deal with. Why SIMD? Why not a reconfigurable architecture as well? -- +-----------------------------------+--------------------------------------+ | Jim Dixon | Compuserve: 100114,1027 | |AIKI Parallel Systems Ltd + parallel processing hardware & software design| | voice +44 272 291 316 | fax +44 272 272 015 | +-----------------------------------+--------------------------------------+ From joshua at cae.retix.com Tue Aug 23 06:11:22 1994 From: joshua at cae.retix.com (joshua geller) Date: Tue, 23 Aug 94 06:11:22 PDT Subject: Nuclear Weapons Material In-Reply-To: Message-ID: <199408231311.GAA04870@sleepy.retix.com> werewolf at io.org (Mark Terka) writes: > In article <9408221335.AA00765 at snark.imsi.com>, > "Perry E. Metzger" wrote: > > iqg1550 says: > > > Let's all rejoice at the birth of the latest member of The Horsemen of > > > The Criminal Apocalypse -- The Nuclear Weapons Material Smuggler. > > > I'm sure his four siblings will make plenty of room for their baby > > > brother. > > I will point out, of course, that anyone who can afford the tens of > > millions to hundreds of millions the smugglers are reportedly charging > > for critical masses worth of Plutonium and Uranium, odds are that they > > can afford to buy un-escrowed secure communications equipment... > Not to mention the fact that without tritium, the "trigger" for nuclear > weapons (and extremely expensive and rare at $ 100m a gram) all you have > is a radioactive paperweight. excuse me? a perfectly serviceable nuclear weapon can be made from plutonium or sufficiently enriched uranium. josh From perry at imsi.com Tue Aug 23 06:18:59 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 23 Aug 94 06:18:59 PDT Subject: Nuclear Weapons Material In-Reply-To: Message-ID: <9408231318.AA01904@snark.imsi.com> Mark Terka says: > Not to mention the fact that without tritium, the "trigger" for nuclear > weapons (and extremely expensive and rare at $ 100m a gram) all you have > is a radioactive paperweight. This is sheer ignorance. First of all, tritium is not nearly that expensive. Its quite cheap, in fact, and can be manufactured without that much trouble. Second of all, tritium is not a necessary component of non-thermonuclear (i.e. hydrogen) bombs. Third, tritium isn't a "trigger". Lastly, an ordinary A-bomb is just a way to bring together a critical mass of a fissionable material, like U-235 or Plutonium. Once a critical mass is in one place the chain reaction will handle the rest. .pm From frissell at panix.com Tue Aug 23 06:48:22 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 23 Aug 94 06:48:22 PDT Subject: MIT Fascism Message-ID: <199408231347.AA23702@panix.com> >True enough. Most of our rules have been bundled together. Either you >accept all of them or you walk away. So Tim, if you don't like the FBI >monitoring all of your communications and requiring you to give them copies >of all your secret keys, why don't you just leave? [or are you planing to >do that?] > >JWS So MIT=FBI? I knew it was just another TLA. The fire fights on the Quad must be exciting. How many "citizens" *did* MIT security kill last year? DCF ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Mail Receiving, Phone Cards, Quants, Securitization, Temping, Voice Mail. From talon57 at well.sf.ca.us Tue Aug 23 07:09:56 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Tue, 23 Aug 94 07:09:56 PDT Subject: in search of real digital cash Message-ID: <199408231409.HAA04092@well.sf.ca.us> Peter Wayner adds; >Real bankers may be well ahead of everyone on this list. I'm told >that Citibank has some very intriguing work pending at the patent >office. It's for digital cash. >-Peter Wayner Ameritech/Citibank is running a home banking system right now. You can buy a display phone that accepts a Citibank smartcard and gives you complete access to your accounts, it functions just like an ATM, except you can't currently deposit and withdraw. Digicash is rumoured to be forthcomming. Also as part of the startup, the white pages are available. The phones are made by Philips, I'm still trying to track down the exact nature of the smart cards encryption, although I was told it was "Standard bank encryption." I was in charge of installation for this project. I'll keep everyone informed. Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced communication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth From habs at panix.com Tue Aug 23 07:24:34 1994 From: habs at panix.com (Harry S. Hawk) Date: Tue, 23 Aug 94 07:24:34 PDT Subject: Forward/PATNEWS: Senate Bill 2272 - Prior use rights against infringement (fwd Message-ID: <199408231424.AA08352@panix.com> a conscious being, Gregory Aharonian wrote: > What follows is another Senate Bill, 2272, this one dealing with prior > rights and reexamination. Thanks to Keith Stephens for sending it to me. > It seems to give people who have used a device before it was patented > exemption from infringement. Why a separate bill is needed for such rights > is puzzling, since anyone sued for infringement can prove such prior use in > public can therefore undermine the validity of the patent. This could be part > of the first-to-file movement. Any thoughts? > Greg Aharonian > Internet Patent News Service > ==================== > 103RD CONGRESS; 2ND SESSION > IN THE SENATE OF THE UNITED STATES > AS INTRODUCED IN THE SENATE > S. 2272 > A BILL > To amend chapter 28 of title 35, United States Code, to provide a defense > to patent infringement based on prior use by certain persons, and for > other purposes. > DATE OF INTRODUCTION: JULY 1, 1994 > DATE OF VERSION: JULY 5, 1994 -- VERSION: 1 > SPONSOR(S): > Mr. DECONCINI (for himself and Mr. BIDEN) introduced the following bill; > which was read twice and referred to the Committee on the Judiciary > TEXT: > A BILL > To amend chapter 28 of title 35, United States Code, to provide a defense > to patent infringement based on prior use by certain persons, and for > other purposes. > * Be it enacted by the Senate and House of Representatives of the United* > *States of America in Congress assembled, > SECTION 1. SHORT TITLE. > This Act may be cited as the "Patent Prior User Rights Act of 1994". > SEC. 2. DEFENSE TO PATENT INFRINGEMENT BASED ON PRIOR USE. > (a) IN GENERAL.-CHAPTER 28 OF TITLE 35, UNITED STATES CODE, IS AMENDED > BY ADDING AT THE END THEREOF THE FOLLOWING NEW SECTION: > "273. Rights based on prior use; defense to infringement > "(a) DEFINITIONS.-FOR PURPOSES OF THIS SECTION, THE TERM- > "(1) 'COMMERCIALLY USED' MEANS THE USE IN INTERSTATE OR INTRASTATE > COMMERCE, INCLUDING THE USE OF PROCESSES, EQUIPMENT, TOOLING, AND > INTERMEDIATE MATERIALS IN THE DESIGN, TESTING OR PRODUCTION OF > COMMERCIAL PRODUCTS WHETHER OR NOT SUCH PROCESSES, EQUIPMENT, > TOOLING, AND INTERMEDIATE MATERIALS ARE NORMALLY ACCESSIBLE, > AVAILABLE, OR OTHERWISE KNOWN TO THE PUBLIC; > "(2) 'EFFECTIVE AND SERIOUS PREPARATION' MEANS THAT A PERSON, IN > THE UNITED STATES, HAS- > "(A) REDUCED TO PRACTICE THE SUBJECT MATTER FOR WHICH RIGHTS > BASED ON PRIOR USE ARE CLAIMED; AND > "(B) MADE SERIOUS PLANS, AND A SUBSTANTIAL INVESTMENT OR MUCH > OF THE INVESTMENT NECESSARY FOR THE SUBJECT MATTER TO BE > COMMERCIALLY USED; AND > "(3) 'CRITICAL DATE' MEANS THE FILING DATE OR THE PRIORITY DATE, > WHICHEVER OCCURS FIRST, OF THE APPLICATION FOR PATENT. > "(B) IN GENERAL.-A PERSON SHALL NOT BE LIABLE AS AN INFRINGER UNDER A > PATENT GRANTED TO ANOTHER WITH RESPECT TO ANY SUBJECT MATTER CLAIMED IN > THE PATENT THAT SUCH PERSON HAD, ACTING IN GOOD FAITH, COMMERCIALLY USED > IN THE UNITED STATES OR MADE EFFECTIVE AND SERIOUS PREPARATION THEREFOR > IN THE UNITED STATES, BEFORE THE CRITICAL DATE. > "(C) LIMITATION OF DEFENSE.-SUBJECT TO SUBSECTION (D), RIGHTS BASED ON > PRIOR USE UNDER THIS SECTION EXTEND ONLY TO THE CLAIMED INVENTION THAT > THE PERSON CLAIMING RIGHTS BASED ON PRIOR USE WAS IN POSSESSION OF PRIOR > TO THE CRITICAL DATE. > "(D) CERTAIN VARIATIONS AND IMPROVEMENTS NOT AN INFRINGEMENT.-THE > RIGHTS BASED ON PRIOR USE UNDER THIS SECTION SHALL INCLUDE THE RIGHT TO > MAKE AND USE VARIATIONS OR IMPROVEMENTS, INCLUDING VARIATIONS IN THE > QUANTITY OR VOLUME OF SUCH USE. SUCH VARIATIONS OR IMPROVEMENTS MAY NOT > INFRINGE ADDITIONAL CLAIMS OF THE PATENT. > "(E) QUALIFICATIONS.-(1) THE RIGHTS BASED ON PRIOR USE UNDER THIS > SECTION ARE PERSONAL AND SHALL NOT BE LICENSED OR ASSIGNED OR TRANSFERRED > TO ANOTHER EXCEPT IN CONNECTION WITH THE ASSIGNMENT OR TRANSFER OF THE > ENTIRE BUSINESS OR ENTERPRISE TO WHICH THE RIGHTS RELATE. > "(2) A PERSON MAY NOT CLAIM RIGHTS BASED ON PRIOR USE UNDER THIS > SECTION IF THE ACTIVITY UNDER WHICH SUCH PERSON CLAIMS THE RIGHTS WAS- > "(A) BASED ON INFORMATION OBTAINED OR DERIVED FROM THE PATENTEE OR > THOSE IN PRIVITY WITH THE PATENTEE; OR > "(B) ABANDONED ON OR AFTER THE CRITICAL DATE, EXCEPT THAT FOR > ABANDONMENT WHICH OCCURS AFTER THE CRITICAL DATE, RIGHTS BASED ON > PRIOR USE MAY BE USED AS A DEFENSE TO INFRINGEMENT FOR THAT PERIOD OF > ACTIVITY WHICH OCCURRED PRIOR TO ABANDONMENT IF SUCH ACTIVITY WOULD > OTHERWISE, IN THE ABSENCE OF ABANDONMENT, HAVE BEEN ALLOWED UNDER > THIS SECTION. > "(3) THE RIGHTS BASED ON PRIOR USE UNDER THIS SECTION ARE NOT A GENERAL > LICENSE UNDER ALL CLAIMS OF THE PATENT, BUT ARE RESTRICTED IN SCOPE TO > COVER ONLY THAT SUBJECT MATTER CLAIMED IN THE PATENT THAT HAS BEEN > COMMERCIALLY USED, OR FOR WHICH THERE HAS BEEN EFFECTIVE AND SERIOUS > PREPARATION, IN THE UNITED STATES, BEFORE THE CRITICAL DATE. > "(F) BURDEN OF PROOF.-In any action in which a person claims a defense > to infringement under this section the burden of proof for establishing > the defense shall be on the person claiming rights based on prior use.". > (b) TECHNICAL AND CONFORMING AMENDMENT.-THE TABLE OF SECTIONS FOR > CHAPTER 28 OF TITLE 35, UNITED STATES CODE, IS AMENDED BY ADDING AT THE > END THEREOF THE FOLLOWING: > "273. Rights based on prior use; defense to infringement.". > SEC. 3. EFFECTIVE DATE. > The provisions of this Act and the amendments made by this Act shall > take effect on the date of the enactment of this Act. -- Harry S. Hawk habs at extropy.org Electronic Communications Officer, Extropy Institute Inc. The Extropians Mailing List, Since 1991 From ravage at bga.com Tue Aug 23 07:36:05 1994 From: ravage at bga.com (Jim choate) Date: Tue, 23 Aug 94 07:36:05 PDT Subject: Voluntary Governments? In-Reply-To: <9408230816.AA17115@ua.MIT.EDU> Message-ID: <199408231435.JAA25688@zoom.bga.com> > > When does this move somewhere else concept cease to be legitimate? > I would say such attitudes cease to be legitimate about the time they are expressed. This is a democracy and every(!) citizen has a right to express their pleasure and displeasure at the society we each build. If a person were to say some thing along those lines I would tell them this is my country and if I don't like it I will change it. They are welcome to meet me somewhere in the middle if they are even remotely open minded (which rules out all standard political parties with an agenda based on obtaining a majority instead of finding a middle ground for everyone to live their own lives under). A government/society is something similar to a forest, it is silly to think of it without also considering the plight of the individual tree (the whole point of the Bill of Rights I believe). An example would be position and velocity relating to uncertainty principles in physics. You can't now both position and velocity to a arbitary precision and governments can't write laws which don't have inherent limitations to their applicability to both society and the individual. They are opposite sides of the same coin. The persons who express such monotheistic views are the ones who should move to the most convenient dictatorship... From sommerfeld at orchard.medford.ma.us Tue Aug 23 07:36:31 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Tue, 23 Aug 94 07:36:31 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408231318.AA01904@snark.imsi.com> Message-ID: <199408231425.KAA00411@orchard.medford.ma.us> [this is wandering off the subject of this list, but...] > Lastly, an ordinary A-bomb is just a way to bring together > a critical mass of a fissionable material, like U-235 or Plutonium. > Once a critical mass is in one place the chain reaction will handle > the rest. No, not exactly. See Robert Serber's "The Los Alamos Primer/The First Lectures on How To Build An Atomic Bomb" (ISBN 0-520-07576-5), published by the University of California Press. I'll quote from the beginning of Chapter 18: "To avoid predetonation, we must make sure that there is only a small probability of a neutron appearing while the pieces of the bomb are being put together. On the other hand, when the pieces reach their best position we want to be very sure that a neutron starts the reaction before the pieces have a chance to separate or break. It may be possible to make the projectile seat and stay in the desired position. Failing in this, or in any event as extra insurance, another possibility is to provide a strong neutron source which becomes active as soon as the pieces come into position. ... Note that this is especially important with the more efficient implosion-type bombs, where the critical mass just can't "seat" like on one of the simple gun-type bombs. Also note that you can't build a gun-type bomb using P239; it reacts too quickly. "Evidently a source of this strength that can be activated within about 10**-5 sec and is mechanically rugged enough to stand the shocks involved with firing presents a difficult problem." The text later states that the initiator used in the first two bomb designs was a mixture of Polonium and Beryllium. - Bill From roy at sendai.cybrspc.mn.org Tue Aug 23 08:00:25 1994 From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail) Date: Tue, 23 Aug 94 08:00:25 PDT Subject: Electronic Cash In-Reply-To: Message-ID: <940823.072303.2N3.rusnews.w165w@sendai.cybrspc.mn.org> -----BEGIN PGP SIGNED MESSAGE----- A pointer to an interesting article in comp.society.privacy. The Message-ID is . In comp.society.privacy, mckeever at cogsci.uwo.ca writes: > Anonymity is not a problem with digital cash. [...] > CONCLUSION: While the techology exists to mimick the anonymity of > physical cash, it is extremely UNWISE to ignore the ease with which > machines can be regulated by government. Consequently, it is unwise to > assume that the benefits of anonymity will continue if digital cash > replaces physical cash, and even if they did, somehow, continue, > taxation would still be quite easily done by regulating the possession > and use of the machines that transfer credits from one entity to > another. [ quote ends ] - -- Roy M. Silvernail -- roy at sendai.cybrspc.mn.org "I'm a family man, model citizen." -- Warren Zevon -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLlnqlBvikii9febJAQHbagQAjMIV50ik7jeXVO0CWIp4exdbVC3ZBVTu EFmOYU8gCOhj0EgbW47lnYynJHA9UKPx+BWFps8/XtDQr/mcfp5hvduUfRJ5cofG 5DMEaO7m3skjmUz8HWsWD+fgXuSQbsy36h6GqEOsrJxdmTeMRxdgf5hF9Zp+6acd 8EoMxhxCRn0= =M3YO -----END PGP SIGNATURE----- From pdn at msmail.dr.att.com Tue Aug 23 08:46:25 1994 From: pdn at msmail.dr.att.com (Philippe Nave) Date: Tue, 23 Aug 94 08:46:25 PDT Subject: your mail Message-ID: <2E5A27C9@mspost.dr.att.com> > > On Fri, 19 Aug 1994 mogsie at VNET.IBM.COM wrote: > > > Hi, guys| > > > > I just received my T-shirt as a birthday-gift from my brother| > > > > Or is this just a fraud...? > > > > Hey, yer lucky - my check cleared some time ago and I have yet to get the > shirt. Sure wish I still had the email address of the shirt-source (mea > culpa for not saving it where I could find it...) > > > > -NetSurfer > The e-mail address is : cvoid at netcom.com I got my shirt quite a while back; drop them a note and see what's up. [Pardon the 'reply all'; Microsloth Mail never gives the right address for cypherpunks postings..... what a piece of s*** ] From warlord at MIT.EDU Tue Aug 23 08:51:36 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Tue, 23 Aug 94 08:51:36 PDT Subject: MIT Fascism In-Reply-To: <199408231347.AA23702@panix.com> Message-ID: <9408231550.AA05217@toxicwaste.media.mit.edu> > So MIT=FBI? I knew it was just another TLA. The fire fights on the Quad > must be exciting. How many "citizens" *did* MIT security kill last year? There is no MIT Secret Service, and you're not in it! -derek To err is human. To forgive is not our policy. Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord at MIT.EDU PP-ASEL N1NWH PGP key available From jya at pipeline.com Tue Aug 23 09:23:52 1994 From: jya at pipeline.com (John Young) Date: Tue, 23 Aug 94 09:23:52 PDT Subject: Nuclear Weapons Material Message-ID: <199408231623.MAA18980@pipe3.pipeline.com> Responding to msg by perry at imsi.com ("Perry E. Metzger") on Tue, 23 Aug 9:18 AM >This is sheer ignorance. Hey, that's what commercializing the national security treasure is all about. Ignorance is essential for the market in nuclear "terrorism". The staid NY Times headlined a summary of this topic with "Call 1-800-TERROR". The unknown threat is the weapon. Intelligence is the magic shield. The National Resources Defense Council pointed out in an execellent series on nuclear weapons a few years back that it is impossible to make an accurate count of nuclear devices because every country dissembles even while leaking data to sow fear. Even now, says NRDC, the need is for a reliable way to count so the fictitious can be separated from the real. Lack of precision, ignorance, thank you Perry, helps market fake as well as real nuclear material, just like any other market-driven exotic product (supercomputers?). Recent reports describe the Russian nuclear materials managers proffering their real and Potemkin cache for buy-out to the most gullible deep-pockets, governments. And so goes pumping this lucrative market, and its concomitant market of intelligence, now commercial where once affairs of state. More national security legislation, more powerful computers, more money for salesmen (er, agents). Ignorance drives this market, always has; starting some forty years ago with George Kennan's lurid 'X' essay on containment. Jim Dixon, help out with gritty facts. John From hart at chaos.bsu.edu Tue Aug 23 09:24:48 1994 From: hart at chaos.bsu.edu (Jim Hart) Date: Tue, 23 Aug 94 09:24:48 PDT Subject: Credit cards, false names, and important details In-Reply-To: <199408230142.AA15884@panix.com> Message-ID: <199408231625.LAA10386@chaos.bsu.edu> Duncan Frissel: > The many people who have gotten anonymous Visa and Mastercard credit cards > for example have used the simple scheme of applying for a secured credit > card in a nome de guerre. How is this simple? A credit card company sure as hell wants to known who you truly are and where you truly live. It must be able to collect its debt and mark your credit rating. Applying for a credit card with false name or Social Security number is fraud, with heavy punishments. Or are there, yet again, numerous details you are neglecting to mention? Jim Hart hart at chaos.bsu.edu From ghio at chaos.bsu.edu Tue Aug 23 09:56:40 1994 From: ghio at chaos.bsu.edu (Matthew Ghio) Date: Tue, 23 Aug 94 09:56:40 PDT Subject: Nuclear Weapons Material Message-ID: <199408231658.LAA11167@chaos.bsu.edu> pstemari at bismark.cbis.com (Paul J. Ste. Marie) wrote: > Mark Terka wrote: > > Not to mention the fact that without tritium, the "trigger" for nuclear > > weapons (and extremely expensive and rare at $ 100m a gram) all you have > > is a radioactive paperweight. > > The "trigger" isn't tritium. Tritium (along with lithium 6) is used > in fusion bombs. A fission-only device, ala Hiroshima or Nagasaki, > doesn't require any. > > The trigger in the center of the plutonium core is a neutron source, > polonium if memory serves correctly. Tritium is a beta emitter. A neutron source is usually a light element with a high neutron/proton ratio, coupled with an alpha emitter. I believe the Nagasaki bomb used beryllium-9. An alpha particle impacting a beryllium nucleus will fuse with it, forming carbon-12, and the binding energy will eject a neutron. I think aluminum and a few other light elements will undergo similar reactions to release neutrons in the presence of alpha particles. Polonium is primarilly an alpha emitter. It would work as part of a neutron source, but it is not a particularily good choice because its half-life is only 138.4 days (polonium-210). This makes it expensive to obtain, and impractical to store. From jdd at aiki.demon.co.uk Tue Aug 23 10:41:07 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 23 Aug 94 10:41:07 PDT Subject: Voluntary Governments? Message-ID: <7278@aiki.demon.co.uk> In message <9408221729.AA14060 at fnord.sybgate.sybase.com> Elton Wildermuth writes: > Jason Solinsky said: > >Government has nothing to do with throwing people into prison or using > >guns. It is an entity that exercises authority. Or an entity that enforces > >laws. > > Er. No. Government has _everything_ to do with throwing people into > prisons, _and_ with using guns. Further, "exercises authority" is a > code phrase that means "throws people into prisons and uses guns." > > If you want a working definition of government, it would have to be "a > group of people who have assumed to themselves the exclusive power to > regulate and use coercive force within a set of established borders." I grew up in a small town of 5,000. It had a city government. The county government was in the same town. No one denies that California has a government, I think. And then there was the US government. And we had city police, the sheriff's office, the Highway Patrol, and the FBI paid an occasional visit. So drop the word 'exclusive'. In our high school we had a student government. We had no prisons and no guns. You can't simply take over the ownership of words in the English language. 'Government' is indeed the name used for an entity that exercises authority or enforces laws. There can be more than one government exercising control over the same geographical or political area, and that control need not be effected with guns. -- Jim Dixon From tcmay at netcom.com Tue Aug 23 10:54:39 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 23 Aug 94 10:54:39 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408231658.LAA11167@chaos.bsu.edu> Message-ID: <199408231753.KAA12786@netcom4.netcom.com> Matthew Ghio writes: (after a long absence from the list?--welcome back) > Polonium is primarilly an alpha emitter. It would work as part of a > neutron source, but it is not a particularily good choice because its > half-life is only 138.4 days (polonium-210). This makes it expensive > to obtain, and impractical to store. When we needed sources of alpha particles, we cracked open smoke detectors and took out the Americium sources. Later, we found a supplier of "anti-static" modules, for use in air guns used to clean wafers, each containing 10 milliCuries (!!) of Po-210. We called this our "Kong source." Nothing to do with crypto, except that the alphas scrambled data in our chips. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From rah at shipwright.com Tue Aug 23 11:01:47 1994 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 23 Aug 94 11:01:47 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408231722.NAA04896@zork.tiac.net> At 9:25 PM 8/22/94 -0700, Timothy C. May wrote: >Anonymity is what gives digital cash it's raison >d'etre, it's technological advantages over conventional schemes. I'll try to to come at this from another tack. Cryptography gives anonymity. Anononymity reduces the overhead. The reduced overhead should make digital cash more economically efficient than on-line systems like NetBank, or credit-cards or much of anything else, at the moment. The economic efficiency is what may make digitial cash economical as a way to provide liquidity for internet commerce. The major selling point is *not* privacy. The major selling point is economic efficiency. >If anonymity, untraceability, and other "Chaumian" notions are only >seen as peripheral side effects, then we already _have_ "digital cash" >in the encrypted credit card systems some folks are already offering. They are peripheral side effects. They also are the very things that make digital cash a more efficient medium of exchange. They are not necessary and sufficient conditions for the adoption of digital cash for the very same reasons you outlined above. Privacy is like flight. It's cool. It's literally marvelous. But flight also gives you speed, and speed is what sells flight as a usable technology to most people. Is that a better explaination? >Without the technological approach to untraceability and anonymity, >all we have is the usual "trust". Granted, credit card numbers ought >not to be sent over unsecured channels, but fixing that is easy (with >end-to-end encryption). Trust-based systems are not the foundation for >a free society most of us are seeking. Printing is a faster way to transcribe information than copying a book by hand. A secondary benefit of printing is that improves information flow through a culture. A consequence is increased education, which gives you an enlightment ethic and eventually Jeffersonian democacy. I think we're looking at the elephant from opposite ends here, Tim. You seem to be holding the trunk, I believe... >"Digidollar" was one of the many names coined by folks on this list, >along with Cypherbucks, Digimarks, etc. Ah. How grateful I am not to be burdened with its parentage... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From schirado at lab.cc.wmich.edu Tue Aug 23 11:30:15 1994 From: schirado at lab.cc.wmich.edu (No Taxes through No Government) Date: Tue, 23 Aug 94 11:30:15 PDT Subject: MIT Fascism Message-ID: <199408231829.OAA09434@grog.lab.cc.wmich.edu> >True enough. Most of our rules have been bundled together. Either you >accept all of them or you walk away. So Tim, if you don't like the FBI The above false information incorrectly assumes that all laws apply to all people. From rah at shipwright.com Tue Aug 23 11:30:56 1994 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 23 Aug 94 11:30:56 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408231722.NAA04910@zork.tiac.net> At 8:27 AM 8/23/94 -0400, Peter Wayner wrote: >tcmay at netcom.com (Timothy C. May) wrote: >> >>I don't think any of us on this list is yet ready to present a plan to >>real bankers. Eric Hughes has told me he agrees. > >Real bankers may be well ahead of everyone on this list. I'm told that >Citibank has some very intriguing work pending at the patent office. It's >for digital cash. Thank you. This is exactly the kind of stuff I've been talking about. Real bankers aren't completely necessary. This is why my thinking has changed on the subject. You need financial accumen to make sure you don't spend down your suspension account, but that (cash portfolio management) can be purchased from lots places besides real banks. The technology of digital cash is something that Citicorp thinks it has to reinvent. That's par for the course. But you don't need a real banker to run a secure www/Secure Mosaic node. You barely need real bankers to hook in to the ATM system as long as you can prove that nobody, including the underwriter, sniff the user's card swipe and PIN number. You don't need real bankers to make sure that the fraud laws cover double spending of digital cash. You don't need bankers to make sure that you comply with cash reporting requirements when money comes on and off the net. Wiring all the above together to make a digital cash underwriter is doable at a relatively small level, without bankers for the most part. This is why Citicorp, and other banks like it, are going to shoot themselves in the foot when they try. I 'm pretty sure, having worked for Citicorp myself, they spent big piles of money trying to engineer around Chaum (or anybody else). Chaum almost has a viable product, which will cost a whole lot less (even if he gets his cut of profits) to implement from the underwriter's standpoint. Citicorp has tried this "We are The Technologists" tack in Travel (CIMS), Point of Sale data collection (CPOS), Telephone Banking (they even invented their own dial up terminal!) and several other unrelated businesses. They failed because of an institutional mentality of Not Invented Here and a very centralized, top-down management style. They're not much different from most other very large banks, I'm afraid. Citicorp's early success in bank Data Processing during the late 60's and early 70's, first in ATMs (they aren't the largest any more by a long shot), and the credit cards (same here), makes them, and some readers of this list, think they are a 900lb gorilla when it comes to digital cash. They aren't. Neither is any bank, no matter how large they are. I'd be real interested to see if Citibank can beat an onslaught of smaller underwriters who can offer cash at smaller margins than they can. Folks, the costs of an operation like a digital cash underwriter aren't too difficult to imagine. The entry cost for the average underwriter (if the market is there to support one) is not nearly the amount that Citicorp is going to spend putting up theirs, and so Citicorp will loose money on this investment as well, and eventually back out. It's like people who go in to see the machine The Well runs on. Their jaw drops at how small the box really is. If Citicorp did it the machine would be 10 times bigger and cost 10 times as much, to justify their hockey-stick earnings estimate and a cast of a thousand managers and analysts. The thing that's important here is Grove's Law. Chips have an economic half-life of 18 months, which drops the cost of any computer based business accordingly, along with the costs of entry into those businesses. I've personally seen large companies go into a new high-tech service businesses and kill their entry with overengineering and bloated middle management. You see it in the Wall Street Journal all the time. At some point, if the market is there, there will probably be a consolidation in digital cash underwriting, and larger companies will emerge as economies of scale become evident. But to think that any company can come into a completely different operating paradigm and take over from the start just because they're huge somewhere else is probably not going to wash. Think about railroads and airplanes. If the railroads seriously tried to fund aircraft development, they would have gotten smeared. They would still be trying to make a steam powered plane fly the day Douglas delivered the first DC-3. The banks aren't the big bad monsters we fear them for. Their participation in the market is necessary, as is the participation of most financial instutions, but an Argumentum ad Bacculum with the Banks as the threat of force is pretty much a waste of breath. Sorry. I promise not to turn blue next time. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From jamesd at netcom.com Tue Aug 23 11:31:25 1994 From: jamesd at netcom.com (James A. Donald) Date: Tue, 23 Aug 94 11:31:25 PDT Subject: Voluntary Governments? In-Reply-To: <9408230816.AA17115@ua.MIT.EDU> Message-ID: <199408231830.LAA01197@netcom7.netcom.com> Jason W Solinsky writes > [Argues that MIT is a government.] > > Where do we draw the line between government and non-government and why? Obviously most people do not call MIT a government. And if MIT built some prison cells under the Admin building and started locking people up in the dungeons for long periods, then people would call MIT a government. Seems pretty simple to me. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From m5 at vail.tivoli.com Tue Aug 23 11:33:13 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 23 Aug 94 11:33:13 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408231658.LAA11167@chaos.bsu.edu> Message-ID: <9408231827.AA15029@vail.tivoli.com> Timothy C. May writes: > When we needed sources of alpha particles, we cracked open smoke > detectors and took out the Americium sources. How much alpha do you really need (he asked, wondering when somebody will get irate and insist this thread be terminated)? I have some mineral specimens at home that are fairly hot (uraninite, cuprousklodowskite, and something else similar) with (this non-physicist thinks) mostly alpha emissions. Such things can be had at your next gem & mineral show, if you're lucky. [ No, my wife won't let me keep them in the house. Some people! ] | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From jdd at aiki.demon.co.uk Tue Aug 23 11:42:12 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 23 Aug 94 11:42:12 PDT Subject: Nuclear Weapons Material Message-ID: <7308@aiki.demon.co.uk> In message Mark Terka writes: > Not to mention the fact that without tritium, the "trigger" for nuclear > weapons (and extremely expensive and rare at $ 100m a gram) all you have > is a radioactive paperweight. To the best of my knowledge, tritium is not used in nuclear weapons (meaning A-bombs), only in thermonuclear weapons (H-bombs). One of my teachers was involved in the Manhattan project; he never mentioned any need for tritium. -- Jim Dixon From jdd at aiki.demon.co.uk Tue Aug 23 11:42:29 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 23 Aug 94 11:42:29 PDT Subject: Voluntary Governments? Message-ID: <7310@aiki.demon.co.uk> In message <199408230610.XAA15960 at netcom3.netcom.com> "Timothy C. May" writes: > Jason Solinsky wrote: > > Easily. They could deny you access to services of greater value than the > > tax being imposed. MIT weilds this power quite successfully. This thread > > Jason is confusing markets and governments. > > A movie theater that sells tickets is not "taxing" its patrons--it is > selling access. A university that charges tuition is not "taxing" its > customers. > > [ complications deleted] > > To call all negotiated prices "taxes" is, bluntly, > absurd. It also cheapens the language by throwing away the essential > distinction between market prices and taxes. Jason's use of the term 'tax' in a special sense is no more an abuse of the language than the attempt to change the conventional meaning of the word 'government'. He says that institutions like MIT govern the behavior of their special populations, that they can impose levies on their users, and that they can enforce rules against their users without the use of physical force. > In any case, something is a "market price" if one can walk away from > the transaction. I know of almost nothing the U.S. government calls a > "tax" that taxpayers are free to walk away from, to not pay (and thus > not receive the service). You can walk away from almost all US taxes by walking away from the USA. I have. What about luxury taxes, fishing licenses, flying licenses, and so forth? If you insist on calling these 'market prices', you begin to really rip the fabric of the language. -- Jim Dixon From ravage at bga.com Tue Aug 23 11:46:55 1994 From: ravage at bga.com (Jim choate) Date: Tue, 23 Aug 94 11:46:55 PDT Subject: Voluntary Governments? In-Reply-To: <7278@aiki.demon.co.uk> Message-ID: <199408231846.NAA08977@zoom.bga.com> > > So drop the word 'exclusive'. > > In our high school we had a student government. We had no prisons > and no guns. > And the 'government' had no authority without the city and such other systems (ie government) ok. Also, if the students got out of hand they can be thrown out of school or otherwise punished. Authority in the sense of government regulation (if the word is used correctly) means that the persons assuming the authority can impose actions upon you and your property WITHOUT your permission AND use force if necessary. A police officer caries that gun on their hip because they are saying EXPLICITLY that they will shoot you dead if provoked enough. Provoking a authority figure means not doing what they want done the way they want it done. > You can't simply take over the ownership of words in the English > language. 'Government' is indeed the name used for an entity that > exercises authority or enforces laws. There can be more than one > government exercising control over the same geographical or political > area, and that control need not be effected with guns. > Yes, there can be more than one governmetn and each of them is in a heirarchy which EXPLICITLY defines what their individual jobs are. Should the states get out of hand you can bet the feds will send in big guns. You strike me as a person who trusts governments. From nelson at crynwr.com Tue Aug 23 11:48:10 1994 From: nelson at crynwr.com (Russell Nelson) Date: Tue, 23 Aug 94 11:48:10 PDT Subject: Voluntary Governments? In-Reply-To: <7278@aiki.demon.co.uk> Message-ID: Date: Tue, 23 Aug 94 18:15:12 GMT From: jdd at aiki.demon.co.uk (Jim Dixon) I grew up in a small town of 5,000. It had a city government. The county government was in the same town. No one denies that California has a government, I think. And then there was the US government. And we had city police, the sheriff's office, the Highway Patrol, and the FBI paid an occasional visit. So drop the word 'exclusive'. The government still excludes non-governmental authorities from using violence. In our high school we had a student government. We had no prisons and no guns. Then you were a club. Or, you were a government whose rules were enforced by other governments. area, and that control need not be effected with guns. -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From ravage at bga.com Tue Aug 23 11:51:36 1994 From: ravage at bga.com (Jim choate) Date: Tue, 23 Aug 94 11:51:36 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408231753.KAA12786@netcom4.netcom.com> Message-ID: <199408231848.NAA09058@zoom.bga.com> > > When we needed sources of alpha particles, we cracked open smoke > detectors and took out the Americium sources. > Don't be surprised if you get cancer later in life. Americium is a very toxic chemical and a very strong carcinogen. From jamesh at netcom.com Tue Aug 23 11:52:29 1994 From: jamesh at netcom.com (James Hightower) Date: Tue, 23 Aug 94 11:52:29 PDT Subject: Credit cards, false names, and important details In-Reply-To: <199408231625.LAA10386@chaos.bsu.edu> Message-ID: <199408231851.LAA29944@netcom17.netcom.com> > Jim Hart> > Duncan Frissel: > > The many people who have gotten anonymous Visa and Mastercard credit cards > > for example have used the simple scheme of applying for a secured credit > > card in a nome de guerre. > > How is this simple? A credit card company sure as hell wants > to known who you truly are and where you truly live. It must > be able to collect its debt and mark your credit rating. > Applying for a credit card with false name or Social Security > number is fraud, with heavy punishments. Or are there, yet > again, numerous details you are neglecting to mention? > I called Dave Lovejoy, a longtime credit manager and currently product line manager for Data Rental's line of credit retrieval terminals. He confirmed for me what I had always understood; with _secured_ credit cards, no one really cares who you are, as you have secured your card with a cash deposit (typically 110% of your limit) and collection is no problem. I have no idea as to the legalities of all this. BTW Data Rentals is one of the major suppliers of credit retrieval equipment to credit grantors, marketing towards the small-to-medium sized operations (that is, those who don't buy their reports directly from the bureaus on tape.) I wrote the software for their DRS-2000 automated credit terminal, as well as their credit cartridge for the TI 700 printing terminal. JJH -- From tcmay at netcom.com Tue Aug 23 12:00:58 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 23 Aug 94 12:00:58 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408231827.AA15029@vail.tivoli.com> Message-ID: <199408231900.MAA20382@netcom4.netcom.com> Mike McNally asks: > Timothy C. May writes: > > When we needed sources of alpha particles, we cracked open smoke > > detectors and took out the Americium sources. > > How much alpha do you really need (he asked, wondering when somebody > will get irate and insist this thread be terminated)? I have some > mineral specimens at home that are fairly hot (uraninite, > cuprousklodowskite, and something else similar) with (this > non-physicist thinks) mostly alpha emissions. Such things can be had > at your next gem & mineral show, if you're lucky. I don't "need" any these days. My reference to "when we needed" was to the 1977-1982 period, at Intel. And, yes, we had cut and polishes "hot rocks," including uraninite, thorianite, and various pure U-238 sheets. But the "Kong source" (10 mCi of Po-210) sprayed out vastly more alphas per square centimeter at the target than the "natural" sources here. We used sources at a wide range of activities to measure device sensitivitie3s to alpha particles. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From frissell at panix.com Tue Aug 23 12:13:27 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 23 Aug 94 12:13:27 PDT Subject: Death & Taxes Message-ID: <199408231912.AA19337@panix.com> Steve Witham & Jason W Solinsky seem to be sowing a bit of confusion about government and taxes. Steve says: >This is the "monopoly on force in a geographical area" definition of >government. It's also pretty much government as we know it. It's a >fundamentally bad idea and it's what James and I are against. But I don't >think it's a good definition of "government." It *is*, however, the definition that my very commie-liberal poly sci department taught me when I was studying with them. Also "That institution charged with the authoritative allocation of values in society." >The reason is that what most people mean by "government" is a set of >services, the main ones being what James calls "true law": police, courts, >and defense--protection services for large numbers of people. Experts in taxonomy always try to define a species by the characteristics that *distinguish* it from other species. Not those characteristics that are the same. Governments are distinguished by their claim of monopoly on judging the appropriateness of uses of force within a given geographic area. Thus the symbol of a king's office is often a mace (club) and a sword. The American Eagle has arrows clutched in one claw. And in most times and places only the sovereign and his cronies are allowed to carry weapons. The peasants are prohibited from doing so. Jason says: A cybergovernment says "Do as we say or you can't communicate with our citizens" MIT says "Do as we say or go somewhere else" US democrats say "If you don't like US laws, move somewhere else" Actually, if you are a citizen you are bound by US tax laws even if you move to Alpha Centauri. Or if you are a narco terrorist you need not even be a citizen. MIT remains largely consensual. Governments do not. If they become mere market actors as I expect that they will, then they will no longer be the sorts of monopoly institutions that we refer to with the word -- "government." Actually "Self-Government vs. Others-Government" is the real split (with thanks to the Advocates for Self Government. DCF "You speak Treason!" - The Lady Marion Fitzwalter "Fluently!" - Sir Robin of Loxley Not from the politically correct version. From perry at imsi.com Tue Aug 23 12:14:17 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 23 Aug 94 12:14:17 PDT Subject: Voluntary Governments? In-Reply-To: Message-ID: <9408231914.AA02302@snark.imsi.com> Russell Nelson says: > In our high school we had a student government. We had no prisons > and no guns. > > Then you were a club. Indeed. Why do you think most university students are as apathetic as they are about their student "government"? Largely, I'd say, because student "government" bodies possess no real power and do nothing -- they are "governments" in the same sense that white styrofoam carved into an appropriate shape is whipped cream. (I once was part of a debate held by Columbia University's Philolexian Society on the topic "Resolved: Student Government is Amazingly Lame", in which I noted that the low probability of a student government coup d'etat complete with tanks rolling about the campus, and of the following student government dictatorship run by a student military junta, demonstrated that the student "government" wasn't a government but a weak way to keep students placated, devoid even of the mild entertainment the occassional revolt could bring.) Perry From ravage at bga.com Tue Aug 23 12:44:45 1994 From: ravage at bga.com (Jim choate) Date: Tue, 23 Aug 94 12:44:45 PDT Subject: Voluntary Governments? In-Reply-To: <199408231830.LAA01197@netcom7.netcom.com> Message-ID: <199408231937.OAA11982@zoom.bga.com> > > And if MIT built some prison cells under the Admin building and started > locking people up in the dungeons for long periods, then people would > call MIT a government. Can't speak for MIT but I can speak for UT Austin, they do have cells to hold prisoners. The security forces at that school attend the Tx Dept. of Public Safety training school and hold state law enforcement positions. The last thing you want to do is really piss one of these guys, you would end up in one of the state prisons for several years, Huntsville probably. Schools can use physical force against their students. I have personaly seen assaults on the presidents office when a group of students took it over in the late 80's because of UT Austin holdings in S. Africa. I have seen them knock the holy shit out of students for nothing more than simply refusing to move fast enough. The officers stormed the office in full riot gear with M16 automatic rifles and smoke grenades. I suspect that MIT's security forces, even though it is a private school, hold 'peace officer' ratings and this implies that they can carry weapons at any time (though they don't usually). This holds for the small community college that I work at now as well. The officers don't carry guns as a regular part of their uniform except during registration when there are large amounts of cash on campus or when important officials visit the campus(es). Contact the head of security at MIT and ask for a tour of their facilities. they usually grant such requests. From perry at imsi.com Tue Aug 23 12:53:22 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 23 Aug 94 12:53:22 PDT Subject: Voluntary Governments? In-Reply-To: <199408231937.OAA11982@zoom.bga.com> Message-ID: <9408231953.AA02413@snark.imsi.com> Jim choate says: > > And if MIT built some prison cells under the Admin building and started > > locking people up in the dungeons for long periods, then people would > > call MIT a government. > > Can't speak for MIT but I can speak for UT Austin, they do have cells to hold > prisoners. The security forces at that school attend the Tx Dept. of Public > Safety training school and hold state law enforcement positions. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Need we say more? Perry From bal at martigny.ai.mit.edu Tue Aug 23 13:24:26 1994 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Tue, 23 Aug 94 13:24:26 PDT Subject: Voluntary Governments? In-Reply-To: <199408231937.OAA11982@zoom.bga.com> Message-ID: <9408232024.AA21735@toad.com> From: Jim choate Date: Tue, 23 Aug 1994 14:37:07 -0500 (CDT) X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1527 Sender: owner-cypherpunks at toad.com Precedence: bulk I suspect that MIT's security forces, even though it is a private school, hold 'peace officer' ratings and this implies that they can carry weapons at any time (though they don't usually). They're armed police; I've never seen a one without a gun. MIT's CPs (Campus Police) were kind enough to put their pamphlet "About the MIT Campus Police" on the net. Here are some relevant portions: BACKGROUND: In order to be considered for employment as an MIT campus police officer, the Department normally requires three years of prior police experience as a campus, municipal or state police officer. Finalists for all police positions undergo background checks (including criminal record checks) prior to hiring. AUTHORITY: All MIT Campus Police officers are qualified under Chapter 22C Section 63 of the Massachusetts General Laws and have full powers as police with regard to crimes occurring on MIT property. In addition, all officers hired on or after December 1, 1987 are sworn as Deputy Sheriffs in Middlesex County. MIT police officers do not exercise police authority in the City of Boston and therefore do not patrol MIT fraternities, sororities or independent living groups located in Boston. However, the MIT Police do provide emergency medical services. WEAPONS: MIT police officers and supervisors are armed and must undergo annual firearms qualifications based on Massachusetts Criminal Justice Training Council standards. The Department has written deadly force and non-lethal force policies which are reviewed with officers on an annual basis. In addition, they have some control over what gets reported to Cambridge and state law enforecement authorities. --bal From karn at qualcomm.com Tue Aug 23 13:25:19 1994 From: karn at qualcomm.com (Phil Karn) Date: Tue, 23 Aug 94 13:25:19 PDT Subject: Nuclear Weapons Material In-Reply-To: <7308@aiki.demon.co.uk> Message-ID: <199408232023.NAA26560@servo.qualcomm.com> At the risk of pushing this even further from cryptography, I should say that tritium is used in the "boosting" of *fission* weapons. A mixture of tritium and deuterium is injected into the exploding fission core to increase the "alpha" (neutron multiplication "gain") of the system. The D-T thermonuclear reactions themselves contribute relatively little energy, but the increase in fission efficiency can be dramatic. Thermonuclear boosting was the second major improvement made to US fission weapons after WWII. The first was the "levitated pit", a gap between the conventional explosive/tamper assembly and the fissile pit to allow the former to gain significant momentum before slamming into the latter. Both techniques result in considerably more efficient use of fissile material, but are not absolutely necessary to make a usable weapon (as shown at Hiroshima and Nagasaki). I believe the simple uranium gun used at Hiroshima only fissioned a few percent of its U-235. Fat Man did better, but not that much. Phil From sdw at lig.net Tue Aug 23 13:57:15 1994 From: sdw at lig.net (Stephen D. Williams) Date: Tue, 23 Aug 94 13:57:15 PDT Subject: Nuclear Weapons Material In-Reply-To: <7308@aiki.demon.co.uk> Message-ID: > > In message Mark Terka writes: > > Not to mention the fact that without tritium, the "trigger" for nuclear > > weapons (and extremely expensive and rare at $ 100m a gram) all you have > > is a radioactive paperweight. > > To the best of my knowledge, tritium is not used in nuclear weapons > (meaning A-bombs), only in thermonuclear weapons (H-bombs). One of > my teachers was involved in the Manhattan project; he never mentioned > any need for tritium. > -- > Jim Dixon I agree. Fission bombs I thought just needed shaped metal with a conventional charge to force compression and make it go critical. Fusion bombs I thought used tritium as fuel and needed a Plutonium trigger or something. They are supposedly set off with some kind of inner mirrored ball with high powered lasers. Fission then fusion I believe. sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From warlord at MIT.EDU Tue Aug 23 13:59:04 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Tue, 23 Aug 94 13:59:04 PDT Subject: Voluntary Governments? In-Reply-To: <199408231937.OAA11982@zoom.bga.com> Message-ID: <9408232050.AA07973@toxicwaste.media.mit.edu> > I suspect that MIT's security forces, even though it is a private > school, hold 'peace officer' ratings and this implies that they can > carry weapons at any time (though they don't usually). This holds for > the small community college that I work at now as well. The officers > don't carry guns as a regular part of their uniform except during > registration when there are large amounts of cash on campus or when > important officials visit the campus(es). MIT Campus Police are full police officers as far as the Commonwealth of Massachusetts is concerned. They have all gone through the state police academy, and they are all cops. They have complete jurisdiction over the MIT property. And yes, they _do_ carry guns at all times (at least while in uniform). I've seen some of the MIT CP HQ, although I've not received a full tour of the facilities (maybe I will some day). Also, it is considered bad form for an MIT CP to arrest an MIT student. However I have seen them arrest people (although I've never seen a firefight ;-) -derek From perry at imsi.com Tue Aug 23 14:11:30 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 23 Aug 94 14:11:30 PDT Subject: Nuclear Weapons Material In-Reply-To: Message-ID: <9408232110.AA02563@snark.imsi.com> Stephen D. Williams says: > Fusion bombs I thought used tritium as fuel and needed a Plutonium > trigger or something. Sort of. > They are supposedly set off with some kind of > inner mirrored ball with high powered lasers. No. A reality check would tell you that H bombs preceeded the development of the laser by many years. H Bombs use a fission reaction to compress and heat the hydrogen or other fuel until it begins to undergo fusion. Perry From PatHuff at world.std.com Tue Aug 23 14:12:28 1994 From: PatHuff at world.std.com (Pat L. Huff) Date: Tue, 23 Aug 94 14:12:28 PDT Subject: archives for cypherpunks? Message-ID: Do any archives exist for this group? I would be intereted in scaning them. Pat. PatHuff at world.std.com From entropy at IntNet.net Tue Aug 23 14:34:51 1994 From: entropy at IntNet.net (Jonathan Cooper) Date: Tue, 23 Aug 94 14:34:51 PDT Subject: Nuclear Weapons Material In-Reply-To: Message-ID: > Not to mention the fact that without tritium, the "trigger" for nuclear > weapons (and extremely expensive and rare at $ 100m a gram) all you have > is a radioactive paperweight. But tritium is (relatively) easy to obtain if you have the money. A federal permit is required to purchase it in large quantities in the US, but it is still _MUCH_ more easily obtained than plutonium. -jon From rah at shipwright.com Tue Aug 23 14:47:08 1994 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 23 Aug 94 14:47:08 PDT Subject: Voluntary Governments? Message-ID: <199408232143.RAA10515@zork.tiac.net> At 3:14 PM 8/23/94 -0400, Perry E. Metzger wrote: >Russell Nelson says: >> In our high school we had a student government. We had no prisons >> and no guns. >> >> Then you were a club. > >Indeed. [snip] >(I once was part of a >debate held by Columbia University's Philolexian Society on the topic >"Resolved: Student Government is Amazingly Lame", in which I noted >that the low probability of a student government coup d'etat complete >with tanks rolling about the campus, and of the following student >government dictatorship run by a student military junta, demonstrated >that the student "government" wasn't a government but a weak way to >keep students placated, devoid even of the mild entertainment the >occassional revolt could bring.) Alas. How true. One of my friends got elected student government president at the University of Missouri by standing outside polling places in a clown suit bribing people to vote for him with play money. Later that year, I authored a student senate declaration of war against the University of Wisconsin. They had originated the concept of snickerocracy, or rule by clowns, and as potential competition for scarce laughs had to be destroyed. The declaration passed unanimously. We passed the hat in the bars for our defense budget (to be spent by the sacred Council of War, COW for short), and sent four determined and somewhat inebriated agriculture majors to Wisconsin's dairy barns to collect one ton of bullshit and deposit it on their student union steps at 3 am. In their defense, I must say that the administration generously let us (the senate) vote on the allocation of about $1.3 million of the university's money (somewhat less than 1% of the total, I believe), which made for a lot of sand in the old sandbox. And, I got to meet both Timothy Leary and Ralph Nader out of the deal. I have trouble telling them apart to this day... Ah, Yout'! Adulthood is terminal, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Tue Aug 23 14:47:36 1994 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 23 Aug 94 14:47:36 PDT Subject: Voluntary Governments? Message-ID: <199408232143.RAA10522@zork.tiac.net> At 2:37 PM 8/23/94 -0500, Jim choate wrote: >Can't speak for MIT but I can speak for UT Austin, they do have cells to hold >prisoners. The security forces at that school attend the Tx Dept. of Public >Safety training school and hold state law enforcement positions. The last >thing you want to do is really piss one of these guys, you would end up >in one of the state prisons for several years, Huntsville probably. The University of Chicago, where I went for awhile, has the third largest police force in Illinois, after the Chicago PD and the State troopers. They have guns and cells. During the Cambodian days of rage, the administration had an interesting tactic. The acquiesced to the students' demands and took their pictures as they left. Then they expelled them all. Not violent, really, but harmful, maybe. "Hyde Park, where Black and White stand shoulder to shoulder against the Poor." (Nichols and May[not Tim]), Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From elton at sybase.com Tue Aug 23 14:53:47 1994 From: elton at sybase.com (Elton Wildermuth) Date: Tue, 23 Aug 94 14:53:47 PDT Subject: Voluntary Governments? Message-ID: <9408232042.AA18345@fnord.sybgate.sybase.com> Right ... I had taken this offline, but it looks as though it ain't quite dead yet. Kindly stop reading now if you wish this subject would go away. Consolidating two messages from Jim Dixon: >Jason's use of the term 'tax' in a special sense is no more an abuse >of the language than the attempt to change the conventional meaning >of the word 'government'. and >You can't simply take over the ownership of words in the English >language. 'Government' is indeed the name used for an entity that >exercises authority or enforces laws. Of course we can -- it happens all the time. However, this time I haven't usurped the meaning of anything. Force -- the threat or actual use of violence -- is the essence of government. You just said so yourself: "enforces laws". Here's the closest applicable dictionary definition of "government", taken from the Random House Dictionary of the English Language: "1. the political direction and control exercised over the actions of the members, citizens, or inhabitants of communities, societies, and states; direction of the affairs of a state, community, etc.; political administration." This is amplified by looking at "govern" in the same dictionary: "1. to rule by right of authority, as a sovereign does." "Rule", or "political ... control" are only ever exercised through force. People keep using that word, "enforce", without looking carefully at it. >From the same dictionary: "to put or keep in force; compel obedience to." "Enforcement", regardless of the dry dictionary definition, is the essence of government. Without the power to enforce arbitrary rules, there can be no government. There are several methods of achieving compliance with a set of rules: social pressure (shunning, as some religious sects do); withholding of goods or services (the degree that Jason spoke about being denied); and topical application of violence ("enforcement"). Of these, the first two are related, and are commonly practiced by social units that don't recognize the right to use force on one another. The last named is the only one that results in physical damage to the person being "ruled", and is also the only one that can physically prevent that person from engaging in the proscribed behavior. The others can make life bloody unpleasant, but they won't terminate it. One other thing: >I grew up in a small town of 5,000. It had a city government. The >county government was in the same town. No one denies that California >has a government, I think. And then there was the US government. And >we had city police, the sheriff's office, the Highway Patrol, and the >FBI paid an occasional visit. Uh ... you _do_ understand that that's a specious argument, yes? What do you suppose the outcome would be if your home town were to legalize marijuana, and then attempted to prevent the DEA from enforcing the overriding federal law? Yes, we have a distributed government, with each layer operating under the authority of the next layer up; but each layer can only add restrictions, never remove them, and each enforces its restrictions by the same method as the layers above it: main force. Further, each attempts to prevent other agencies from enforcing sets of rules counter to the ones they themselves enforce. That's what makes them true "governments", rather than some other social institution. Here, someone will surely object that by this definition, the Mafia can be considered a government. Well, if they can successfully kick the existing thugs off of some plot of ground, and then defend it against all comers, then yes: that's exactly what they'll be. How else do you suppose that governments become established? -- Elton From prz at acm.org Tue Aug 23 15:07:50 1994 From: prz at acm.org (Philip Zimmermann) Date: Tue, 23 Aug 94 15:07:50 PDT Subject: Zimmermann/NSA debate postponed Message-ID: <9408232205.AA21976@columbine.cgd.ucar.EDU> The debate between Philip Zimmermann and Clinton Brooks from NSA has been postponed. The debate organizers, the World Affairs Council decided today (Tuesday) that there were not enough attendees preregistered to proceed with the debate at this time. The debate had been scheduled for Thursday, 25 August, in Thousand Oaks, California. A major conference organized by the World Affairs Council, scheduled for 27 October, will have the debate included in the conference. When those plans firm up, there will be detailed announcements with more lead time. I'm sorry if this change in plans inconveniences anyone who planned to attend the debate, but I had nothing to do with their decision. --Philip Zimmermann From ianf at simple.sydney.sgi.com Tue Aug 23 15:50:43 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Tue, 23 Aug 94 15:50:43 PDT Subject: NSA Spy Machine and DES In-Reply-To: <199408230448.VAA29322@servo.qualcomm.com> Message-ID: <9408240846.ZM3057@simple.sydney.sgi.com> On Aug 22, 9:48pm, Phil Karn wrote: > >do, which is something I really doubt. As Phil Zimmerman pointed out some > >time ago, there are lots of other interesting applications which SIGINT > Actually, I believe it was me who said that. At least I also did. I stand corrected. It was indeed Phil Karn, and not Phil Zimmerman. Ian. From rfb at lehman.com Tue Aug 23 16:42:52 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Tue, 23 Aug 94 16:42:52 PDT Subject: Zimmermann/NSA debate postponed In-Reply-To: <9408232205.AA21976@columbine.cgd.ucar.EDU> Message-ID: <9408232342.AA08509@fnord.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- Alright, well I'll go ahead and be the weanie that points out that this is the first non-signed message from PRZ to appear here, at least in a long time. Conspiracy theory anyone? :-) Rick -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLlqJQ5NR+/jb2ZlNAQGLEwP7B8yE0n/C1wBtsUj1gYjgh+2IBFzcFy1S DUBDuIPpMgmkPHPQSuo8Mmc8QgO0YcrbuOvUCPkNJUryF0f2+zPmoBaRinPFnS4q O362fieCF+KZ7LdZD0kzmD6GPy0wmo/VLBDn3r/fr8J/6LvwPLzpUT9kdupz/LpN bW0ChQp92jk= =yDBA -----END PGP SIGNATURE----- From strick at versant.com Tue Aug 23 17:03:56 1994 From: strick at versant.com (strick -- henry strickland) Date: Tue, 23 Aug 94 17:03:56 PDT Subject: Zimmermann/NSA debate postponed In-Reply-To: <9408232342.AA08509@fnord.lehman.com> Message-ID: <9408240006.AA03660@versant.com> THUS SPAKE Rick Busdiecker : # Alright, well I'll go ahead and be the weanie that points out that # this is the first non-signed message from PRZ to appear here, at least # in a long time. # # Conspiracy theory anyone? :-) Could also be that we're at CRYPTO94 at UCSB, and there are no phones in the dorm rooms, and we have to use other peoples' computers .... right now I'm in the library on a stupid ibm terminal ... if I used PGP right now, I'd have to type my password thru a plaintext telnet session :( so i won't. unsigned, strick From raph at kiwi.CS.Berkeley.EDU Tue Aug 23 17:21:44 1994 From: raph at kiwi.CS.Berkeley.EDU (Raph Levien) Date: Tue, 23 Aug 94 17:21:44 PDT Subject: List of reliable remailers Message-ID: <199408240022.RAA13723@kiwi.CS.Berkeley.EDU> Hi all, I have written and installed a remailer pinging script which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, at http://http.cs.berkeley.edu/~raph/remailer-list.html Please let me know about any other remailers which I missed. I've only included remailers which can mail to arbitrary addresses, so I already know chop and twwells are missing. If you've got a Web page, please feel free to include a link to this page. If you think your Web page is relevant to the subject of remailers, let me know and I'll link it in. Comments and suggestions welcome! Note to remailer operators: this script generates hourly ping messages. If you don't want that, let me know and I will take your mailer off the list, or increase the interval between pings. Raph Levien From wessorh at ar.com Tue Aug 23 17:23:08 1994 From: wessorh at ar.com (Rick H. Wesson) Date: Tue, 23 Aug 94 17:23:08 PDT Subject: Brands cash Message-ID: <199408240022.RAA09107@ar.com> Hal, I liked your description of Brans Cash. I'd like to turn your description into psudo-code or Perl whichever comes first and you are more comfortable with reviewing. Anyone lese interested in developing a bit of perl as an example of Brands cash in action? -Rick From raph at kiwi.CS.Berkeley.EDU Tue Aug 23 17:24:38 1994 From: raph at kiwi.CS.Berkeley.EDU (Raph Levien) Date: Tue, 23 Aug 94 17:24:38 PDT Subject: List of reliable remailers Message-ID: <199408240023.RAA13726@kiwi.CS.Berkeley.EDU> Hi all, I have written and installed a remailer pinging script which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, at http://www.cs.berkeley.edu/~raph/remailer-list.html Please let me know about any other remailers which I missed. I've only included remailers which can mail to arbitrary addresses, so I already know chop and twwells are missing. If you've got a Web page, please feel free to include a link to this page. If you think your Web page is relevant to the subject of remailers, let me know and I'll link it in. Comments and suggestions welcome! Note to remailer operators: this script generates hourly ping messages. If you don't want that, let me know and I will take your mailer off the list, or increase the interval between pings. Raph Levien From tcmay at netcom.com Tue Aug 23 17:48:32 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 23 Aug 94 17:48:32 PDT Subject: Zimmermann/NSA debate postponed In-Reply-To: <9408232342.AA08509@fnord.lehman.com> Message-ID: <199408240048.RAA19300@netcom16.netcom.com> > Alright, well I'll go ahead and be the weanie that points out that > this is the first non-signed message from PRZ to appear here, at least > in a long time. > > Conspiracy theory anyone? :-) > > Rick Huh? Phil almost _never_ signs his messages, and has talked about how difficult it is to go through the rigamarole of signing, authenticating, etc. (I sympathize with him, and I intensely dislike getting PGP-encrypted messages, decrypting them, only to find a banal message that wasn't worth the effort.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From CCGARY at MIZZOU1.missouri.edu Tue Aug 23 18:34:50 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Tue, 23 Aug 94 18:34:50 PDT Subject: CEB 8 - I GUESS I'LL JUST HAVE TO DO IT MYSELF! Message-ID: <9408240134.AA26527@toad.com> CYPHER_REBELS" ELECTRONIC BOOK (CEB) 8 - I GUESS I'LL JUST HAVE TO DO IT MYSELF! Fellow Cyphers - rebel/punks, I have decided to do the CEB myself. I am going to post it on Cypherpunks about once a month & on other lists as well. The CEB will exist as an often updated & posted file. I now need contributions of text. I need the WNSTROM steganography program internet source location & a concise write up of it. I also need the same for PG shell program. I also need a concise write up of how to use remailers, how to chain them, etc.. The CEB will be an up to date source to show locations of best privacy software, essential information, & electronic privacy concerns. PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCK! BBBEEEAAAATTTT STATE! From 0x7CF5048D at nowhere Tue Aug 23 18:47:19 1994 From: 0x7CF5048D at nowhere (0x7CF5048D at nowhere) Date: Tue, 23 Aug 94 18:47:19 PDT Subject: pgp -c,no initialization vector, possible bug, pgp 26ui Message-ID: <199408240108.AA29190@xtropia> Darn, the remailers keep truncating this! In pgp 2.6 UI When pgp is called with the -c switch, the routine idea_encryptfile in crypto.c is called from main in pgp.c. > status = idea_encryptfile( workfile, tempf, attempt_compression); >int idea_encryptfile(char *infile, char *outfile, > boolean attempt_compression) >{ > FILE *f; /* input file */ > FILE *g; /* output file */ > byte ideakey[16]; > struct hashedpw *hpw; Note that idea key is a 16 bytes. Now idea_encryptfile calls squish_and_idea_file in crypto.c with this 16 byte key. > /* Now compress the plaintext and encrypt it with IDEA... */ > squish_and_idea_file( ideakey, f, g, attempt_compression ); Now squish_and_idea_file calls idea_file in the module crypto.c with the same 16 byte key. >static int squish_and_idea_file(byte *ideakey, FILE *f, FILE *g, > boolean attempt_compression) >{ From dfloyd at runner.utsa.edu Tue Aug 23 19:07:37 1994 From: dfloyd at runner.utsa.edu (Douglas R. Floyd) Date: Tue, 23 Aug 94 19:07:37 PDT Subject: No Subject Message-ID: <9408240204.AA21095@runner.utsa.edu> I most likely will get toasted for this, but here goes: I notice tons of fear and loathing, and this feeling of 1984 is upon us, etc. I seriously wonder who is trying to create a repressive government. Clinton cannot pass a simple crime bill, much less become Big Brother. Congress has to do tons of head butting to vote for a pay raise, much less turn the US into a totaliarian society. I DO agree on one thing. If there is something st00pid proposed, like Clipper, etc., then people have all rights to toast the puppy, but I don't think we have an Outer Circle/Inner Circle just yet. (From a lowly prole,) From solman at MIT.EDU Tue Aug 23 19:09:02 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Tue, 23 Aug 94 19:09:02 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408231722.NAA04896@zork.tiac.net> Message-ID: <9408240208.AA01039@ua.MIT.EDU> Bob sez: > At 9:25 PM 8/22/94 -0700, Timothy C. May wrote: > >Anonymity is what gives digital cash it's raison > >d'etre, it's technological advantages over conventional schemes. Well I don't buy the idea that people will shell out cash for this (i.e. I think the only way we'll wind up with annonymous digicash is if the people who put together the best system insist on anonymity) but I can't claim to have data to refute this. > I'll try to to come at this from another tack. Cryptography gives > anonymity. Anononymity reduces the overhead. The reduced overhead should > make digital cash more economically efficient than on-line systems like > NetBank, or credit-cards or much of anything else, at the moment. The > economic efficiency is what may make digitial cash economical as a way to > provide liquidity for internet commerce. The major selling point is *not* > privacy. The major selling point is economic efficiency. Well we agree that the selling point is economic efficiency. But "anonymity reduces overhead" ? All that you save is the space required for the recording of names. Since whichever digicash system wins will almost certainly include software automating double entry accounting, I have real trouble buying this. How much overhead do you really save? Is it enough to offset the costs of implementing the double spender identification system? I don't think it is. [Although it seems to me that the costs of both are absolutely trivial and not worth considering when speaking of the overhead in a digicash system. Far more important are the investment of capital and the pragmatics of the exchange mechanism] > >If anonymity, untraceability, and other "Chaumian" notions are only > >seen as peripheral side effects, then we already _have_ "digital cash" > >in the encrypted credit card systems some folks are already offering. > > They are peripheral side effects. They also are the very things that make > digital cash a more efficient medium of exchange. How? There are alot of reasons why I think anonymity is important, but I fail to see any significant economic advantage that anonymity confers to a person who otherwise couldn't care less about it. Jason W. Solinsky From solman at MIT.EDU Tue Aug 23 19:11:09 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Tue, 23 Aug 94 19:11:09 PDT Subject: MIT Fascism In-Reply-To: <199408231829.OAA09434@grog.lab.cc.wmich.edu> Message-ID: <9408240210.AA01057@ua.MIT.EDU> > >True enough. Most of our rules have been bundled together. Either you > >accept all of them or you walk away. So Tim, if you don't like the FBI > > The above false information incorrectly assumes that all laws apply > to all people. I used the word most, implying that SOME laws apply to all people. Or do you take issue with the all people part? JWS From dichro at tartarus.uwa.edu.au Tue Aug 23 19:17:57 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Tue, 23 Aug 94 19:17:57 PDT Subject: Nuclear Weapons Material In-Reply-To: Message-ID: <199408240215.KAA22862@lethe.uwa.edu.au> > > Fusion bombs I thought used tritium as fuel and needed a Plutonium > trigger or something. They are supposedly set off with some kind of > inner mirrored ball with high powered lasers. Fission then fusion I > believe. > The plutonium trigger is set off using conventional explosives to implode a hollow sphere of the material. While this technique is superficially similar to the gun-type triggering used by U-235 fuelled bombs, the geometry prevents the Pu-239 from fissioning prematurely. The tritium is used as a neutron source - it releases neutrons when sufficiently motivated to do so. -- * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "I'm just another sniper on the information super-highway." PGP Public key available by finger * #include From khijol!erc at apple.com Tue Aug 23 19:18:26 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Tue, 23 Aug 94 19:18:26 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408231658.LAA11167@chaos.bsu.edu> Message-ID: > Polonium is primarilly an alpha emitter. It would work as part of a > neutron source, but it is not a particularily good choice because its > half-life is only 138.4 days (polonium-210). This makes it expensive > to obtain, and impractical to store. They used to use polonium in static eliminators in darkrooms - don't know if they use them anymore, though. -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From khijol!erc at apple.com Tue Aug 23 19:20:47 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Tue, 23 Aug 94 19:20:47 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408231318.AA01904@snark.imsi.com> Message-ID: > Mark Terka says: > > Not to mention the fact that without tritium, the "trigger" for nuclear > > weapons (and extremely expensive and rare at $ 100m a gram) all you have > > is a radioactive paperweight. > > This is sheer ignorance. First of all, tritium is not nearly that > expensive. Its quite cheap, in fact, and can be manufactured without > that much trouble. Second of all, tritium is not a necessary component > of non-thermonuclear (i.e. hydrogen) bombs. Third, tritium isn't a > "trigger". Lastly, an ordinary A-bomb is just a way to bring together > a critical mass of a fissionable material, like U-235 or Plutonium. > Once a critical mass is in one place the chain reaction will handle > the rest. Quite true. All you really need for a fission bomb is a casing to hold everything together, 2.2 kilos (or so) of U-235 (or a sufficient quantity of critical mass other stuff ), and something that will hold it together long enough for it to fission. And no, Taylor, holding them together in your hands won't work (unfortunately)... hehehe :) "Hey, Bill? Hold these two shiny pieces of metal in your hands and clap! Oh, wait about an hour while I get a safe distance away..." :) Exotic way to commit suicide, methinks. Kiddies, don't try this at home - leave this to the professional idiots... ;) Kinda reminds me of Congress... ;) -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From pkm at maths.uq.oz.au Tue Aug 23 19:27:27 1994 From: pkm at maths.uq.oz.au (Peter Murphy) Date: Tue, 23 Aug 94 19:27:27 PDT Subject: THE H.E.A.T. IS ON Message-ID: <9408240225.AA19294@axiom.maths.uq.oz.au> Since I don't get Acapulco H.E.A.T where I am, I wonder if you could answer me this question - Is the show another Aaron Spelling production? Peter Murphy. From khijol!erc at apple.com Tue Aug 23 19:47:57 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Tue, 23 Aug 94 19:47:57 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408232023.NAA26560@servo.qualcomm.com> Message-ID: > At the risk of pushing this even further from cryptography, I should > say that tritium is used in the "boosting" of *fission* weapons. A > mixture of tritium and deuterium is injected into the exploding > fission core to increase the "alpha" (neutron multiplication "gain") > of the system. The D-T thermonuclear reactions themselves contribute > relatively little energy, but the increase in fission efficiency can > be dramatic. Been reading our Tom Clancey, have we? -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From khijol!erc at apple.com Tue Aug 23 20:14:16 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Tue, 23 Aug 94 20:14:16 PDT Subject: Zimmermann/NSA debate postponed In-Reply-To: <199408240048.RAA19300@netcom16.netcom.com> Message-ID: > Huh? Phil almost _never_ signs his messages, and has talked about how > difficult it is to go through the rigamarole of signing, > authenticating, etc. > > (I sympathize with him, and I intensely dislike getting PGP-encrypted > messages, decrypting them, only to find a banal message that wasn't > worth the effort.) Huh? Nonsense? vie: - use PGP to sign & encrypt vis: - use PGP to sign Both of these sign or sign/encrypt outgoing messages automatically if you're using "elm" - just use them in place of your favorite editor. pgpview does the same thing for incoming email. Use it in place of your mail viewer in elm. #! /bin/sh # # Created by shar, version 0.5 - 04/10/91 # # This is a shell archive, meaning: # 1. Remove everything about the #! /bin/sh line. # 2. Save the resulting text in a file. # 3. Execute the file with /bin/sh to create: # # length name # ------ ------------------------------------- # 28 pgpview # 282 vie # 102 vis # # # Archive number 1 # This archive created Tue Aug 23 21:59:07 1994 # echo "shar: extracting pgpview - (28 characters)" if test -f 'pgpview' ; then echo shar: will not over-write existing file pgpview else sed 's/^X//' << \SHAR_EOF > 'pgpview' Xpgp +batchmode -m | less -c SHAR_EOF if test 28 -ne "`wc -c < 'pgpview'`" ; then echo "shar: ***** error transmitting file pgpview (should have been 28 characters, but was "`wc -c < 'pgpview'`" characters) *****" fi fi touch 0823215894 pgpview chmod 0777 pgpview echo "shar: extracting vie - (282 characters)" if test -f 'vie' ; then echo shar: will not over-write existing file vie else sed 's/^X//' << \SHAR_EOF > 'vie' X# X# vie - like vi, but sign & encrypt with pgp X# Xsed -e 's/^> //g' $1 > $1.clr X# why doesn't pgp $1 $1.clr work? It should produce $1.clr... Xpgp +force $1.clr $1 Xsed -e 's/^/> /g' $1.clr > $1 X/bin/rm -f $1.clr Xvi $1 Xclear Xpgp -seta +clearsig=on -u `logname` $1 Xmv $1.asc $1 SHAR_EOF if test 282 -ne "`wc -c < 'vie'`" ; then echo "shar: ***** error transmitting file vie (should have been 282 characters, but was "`wc -c < 'vie'`" characters) *****" fi fi touch 0823215894 vie chmod 0777 vie echo "shar: extracting vis - (102 characters)" if test -f 'vis' ; then echo shar: will not over-write existing file vis else sed 's/^X//' << \SHAR_EOF > 'vis' X# X# vie - like vi, but sign with pgp X# Xvi $1 Xclear Xpgp -sta +clearsig=on -u `logname` $1 Xmv $1.asc $1 SHAR_EOF if test 102 -ne "`wc -c < 'vis'`" ; then echo "shar: ***** error transmitting file vis (should have been 102 characters, but was "`wc -c < 'vis'`" characters) *****" fi fi touch 0823215894 vis chmod 0777 vis echo End of all shell archives exit 0 -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From dwomack at runner.utsa.edu Tue Aug 23 20:30:22 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Tue, 23 Aug 94 20:30:22 PDT Subject: 1984 In-Reply-To: <9408240204.AA21095@runner.utsa.edu> Message-ID: <9408240308.AA22231@runner.utsa.edu> > > > I most likely will get toasted for this, but here goes: > [Not at all!] > I notice tons of fear and loathing, and this feeling of 1984 is upon us, etc. > [Indeed yes!] > I seriously wonder who is trying to create a repressive government. Clinton > cannot pass a simple crime bill, much less become Big Brother. Congress > has to do tons of head butting to vote for a pay raise, much less turn > the US into a totaliarian society. > [Does 'the death of a thousand cuts' come to mind?] > I DO agree on one thing. If there is something st00pid proposed, like > Clipper, etc., then people have all rights to toast the puppy, but > I don't think we have an Outer Circle/Inner Circle just yet. > > (From a lowly prole,) > > > Certainly NOT a flame, but I guess I see it differently... the 'simple' crime bill is not simple..quite the contrary, it is a complex piece of legislation! Quite aside from the AW provision, there are big reasons to question it. For example, I just learned that the bill only pays for 25,000 police officers; the other 75,000 officers are *_mandated_* expenditures for local governments. However, if the funding is NOT used for police officers, then the funds don't impose a mandate! Going to guns; originally, they wanted to limit magazine capacity to 5 rounds; they compromised to 10. It is a slow grinding away of rights. May I quote Lenin? "Probe as with a knife. Press forward when you feel flesh, withdraw when you touch bone." Apologies to Lenin, since I don't happen to have his books at hand! :-) I suspect part of the problem is a steady increase in regulations. Not so long ago, you could buy a firearm through the mail..not any more. Waitresses weren't targeted by the IRS for failure to report tip income... they are now. Scanners weren't at risk of being banned; clipper wasn't even imagined; warrants were required for searches (they aren't in public housing, now)...I think I perceive a trend! As for inner & outer circles...well, I suspect that the folks who donate $10,000 per year get a *_tad_* more respect than I do!! Regards, Dave From rfb at lehman.com Tue Aug 23 21:01:06 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Tue, 23 Aug 94 21:01:06 PDT Subject: Zimmermann/NSA debate postponed In-Reply-To: <199408240048.RAA19300@netcom16.netcom.com> Message-ID: <9408240400.AA18251@fnord.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- From: "Timothy C. May" Date: Tue, 23 Aug 1994 17:48:30 -0700 (PDT) Huh? Phil almost _never_ signs his messages . . . It may very well be that he only signs messages to `public' forums or that he only signs things when he considers the message to be more important than normal, however, the majority of the messages that he has sent out to cypherpunks, alt.security.pgp, etc. in, say, the last half a year or so, have been signed. On the other hand, the one other message that I could come up with that wasn't signed was also about the debate. . . . and has talked about how difficult it is to go through the rigamarole of signing, authenticating, etc. Hmmmm. FWIW, it typically requires two keystrokes for me to do any of the half dozen PGP operations that I do most often. I've heard of at least three other emacs-based interfaces for simplifying PGP interaction and there seem to be quite a few other `helper' packages around for other email environments. (I sympathize with him, and I intensely dislike getting PGP-encrypted messages, decrypting them, only to find a banal message that wasn't worth the effort.) Perhaps you think your E-mail is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? You must be a subversive or a drug dealer if you hide your mail inside envelopes. Or maybe a paranoid nut. Do law-abiding citizens have any need to encrypt their E-mail? Ok, ok, so the above paragraph is blatant plagiarism (it's from pgpdoc1 for anyone who didn't recognize it). I encrypt most point-to-point communications with other PGP users on principle, regardless of the content. In any case, I find it quite disappointing to hear that one of the cypherpunks founders frowns on people actually using strong crypto on a routine basis. Sigh... Rick -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLlrF4JNR+/jb2ZlNAQFMVgQAlZORu9O6NOpm71/Jh5gw7bhg+9+X+KY8 CNFs43OIQ9t4SYkyjln4e/5aBmGd1fZrEqSDFdvTZ1+GlC9xYsEy8Io0CsGiJ5F0 xiBTZtcq5QG5AYoJBCFmWzzM/U9/o4BRnMQUPyrMgT7lPClDxt4lSVXurLE3/Wzq UQM3hPm/d6c= =0lmk -----END PGP SIGNATURE----- From 73211.3713 at compuserve.com Tue Aug 23 21:07:41 1994 From: 73211.3713 at compuserve.com (Loren Fleckenstein) Date: Tue, 23 Aug 94 21:07:41 PDT Subject: Zimmermann/NSA Message-ID: <940824040503_73211.3713_DHI40-1@CompuServe.COM> The World Affairs Council has cancelled the Aug. 25 crypto policy debate between PGP author Philip Zimmermann and NSA official Clinton Brook because of low interest and rescheduled it for Oct. 27 at the Thousand Oaks Civic Arts Plaza. I will post more details as they become available. Although I'm disappointed for selfish reasons by the delay, the rescheduling may work to everyone's advantage. The later date gives the World Affairs Council more time to line up news media coverage. One network news magazine has expressed interest in taping the event for repackaging in some type of feature on encryption and civil liberties. Also, National Public Radio has expressed an interest as well. I've rearranged my schedule to attend the event and will prepare a transcript of the debate to upload to any BBS, forum or news group that will carry it. Stay tuned. From remailer at rebma.rebma.mn.org Tue Aug 23 21:14:28 1994 From: remailer at rebma.rebma.mn.org (Mr. Nobody) Date: Tue, 23 Aug 94 21:14:28 PDT Subject: Remailer pings. Message-ID: <199408240414.XAA13841@rebma.rebma.mn.org> I regret sending this to the list, but other attempts to contact the people involved haven't been successful. I won't send more than this one message. The remailer at rebma.mn.org is connected via a UUCP link. Rebma picks up its mail in the middle of the night, Central Standard Time. There are a half dozen people who are pinging the remailer on an hourly or half-hourly basis. You can do the math, I'm sure. There is no point in pinging this particular remailer in this way. You won't get up-to-the-hour reports on its availability, since it doesn't pick up the mail until late in the evening. You aren't adding to the traffic mix in any useful way, because your messages aren't chained and are only encrypted once, to the remailer. If you think it's a problem for the enemy to do traffic analysis on identical messages from the same person over the same mailpath that are sent every hour on the hour, you're an idiot. And there's an even better reason. People who do this for any length of time are added to the Detweiler list, and the remailer becomes useless to them in any form. I recognize that people are trying to provide a remailer service. I realize they are trying to do a good thing. It just doesn't apply, here, in this case, for this remailer. Once a day would be sufficient, because that's all the more often the mail is retrieved from my service provider. From wessorh at ar.com Tue Aug 23 21:21:30 1994 From: wessorh at ar.com (Rick H. Wesson) Date: Tue, 23 Aug 94 21:21:30 PDT Subject: Brands cash in perl Message-ID: <199408240421.VAA09565@ar.com> Below are two Perl psudo-Functions as I see Brands Cash as described by Hal (hfinney at shell.portal.com) Am I comming close or am I way off, Personally I understand code better than the written word and I can loose lots in the translation. If this is on the "right track" then where does $g come from, can I take it from the modulo of a PGP key? # mPrime(m') is passed as $CASH with the two submitter generated # Check values $A and $B. &GetChallenge returns the random challenge # we requested as $c0, the two additional ones ($c1 and $c2) were # supplied by the depositor. sub Deposit{ local($CASH, $A, $B) = @_; if(($A*$B) == $CASH){ ($c0, $c1, $c2) = &GetChalenge; $Catch = $A*($B ^ $c0); $Check = $Amt^$c1*$g^$c2; if($Catch == $Check){ sql("insert into account Balacne=Balance+$CASH"); print "ALL OK; CASH Accepted\n"; }else{ print "Double Spender!!\n" &CatchCriminal($CASH); }else{ print "You Lie!!!\nStop making up stuff\n"; &CatchCriminal($CASH); } } # Supplied with a users account number, however this happens via a form # or E-Mail, we generate m' and sign and deliver it... sub mPrime{ local($Acct, $Amt, $g) = @_; $RandomNumber = &GetHugeRandomNumber; $Acct = sql("Lookup $Person's Account"); sql("update Balance=Balance-$Amt where AccountID=$Acct"); $CASH = $Amt**$RandomNumber * $g**($Acct*$RandomNumber); sql("Intert $CASH into outstanding insterments"); return(&Signed($CASH)); } From nobody at shell.portal.comEzekialPalmer Tue Aug 23 21:35:38 1994 From: nobody at shell.portal.comEzekialPalmer (nobody at shell.portal.comEzekialPalmer) Date: Tue, 23 Aug 94 21:35:38 PDT Subject: [Howard Winter: PGP 2.6 available on magazine cover] Message-ID: <199408240435.VAA21161@jobe.shell.portal.com> -------- -----BEGIN PGP SIGNED MESSAGE----- An interesting comentary on the effectiveness of ITAR... Zeke - ------- Forwarded Message Newsgroups: alt.security.pgp,connect.audit From: hdrw at ibmpcug.co.uk (Howard Winter) Subject: PGP 2.6 available on magazine cover X-Disclaimer: The views expressed in this article are those of the author alone and may not represent the views of the IBM PC User Group. Date: Sun, 21 Aug 1994 23:22:23 GMT Message-ID: In case anyone's interested, the magazine PC Answers (issue 7, Sept 94) here in England has a copy of PGP 2.6 on a cover disk, along with the Windows front end: PGP WinFront from Ross Barclay. This appears to be the 'plain' version, no suffix. If it wasn't supposed to be exported from the USA, it's leaked in a big way! According to the RSA and MIT licences included, it's available for any non-commercial use. Looks like I'll start using PGP in earnest. Has anyone any advice on how to get my public key 'trusted', since I don't know anyone else who already has a trusted key? Similarly, how do I know when to trust keys I receive, given that I have no keys yet that I 'trust'? Cheers, - -- Howard Winter hdrw at ibmpcug.Co.UK CIS: 100111,1420 0W21' 51N43' - ------- End of Forwarded Message -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLlrM2xVg/9j67wWxAQGA9AP/fEruPVpNMdjP0SV54o7uD5YqJXplXsjE JZpCBQ/2EJn3ZQfvf0Ow3aSfSX1QyoDKCIeKj6Tj55pz96wFOUXa4REByNLimN/V Ob7MIql9fGcM8vC2iG0PZhtbii8iNr+Wk9QBSIMx26EDUrqR36gz/e5nqrf3tlxw 9FRwNj7PgSw= =EKt9 -----END PGP SIGNATURE----- From wmo at rebma.rebma.mn.org Tue Aug 23 21:41:12 1994 From: wmo at rebma.rebma.mn.org (Bill O'Hanlon) Date: Tue, 23 Aug 94 21:41:12 PDT Subject: Zimmerman's use of PGP Message-ID: <199408240442.XAA13920@rebma.rebma.mn.org> As anyone who has ever sent an encrypted "Really neat program, Phil!" message to Phillip Zimmerman knows, he doesn't run PGP where he reads his mail. He has to download messages to decrypt on a local machine. All of the cute elm/vi/emacs/mh/pine scripts you wanna post won't help him. -Bill (P.S. Back when he didn't get so much mail, if you'd done the above, you'd get a response in a couple weeks, telling you this. He mentioned that he saw the irony of the situation -- that the inventor of PGP couldn't make convenient use of it.) From tcmay at netcom.com Tue Aug 23 21:41:28 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 23 Aug 94 21:41:28 PDT Subject: Zimmermann/NSA debate postponed In-Reply-To: <9408240400.AA18251@fnord.lehman.com> Message-ID: <199408240440.VAA06740@netcom4.netcom.com> > It may very well be that he only signs messages to `public' forums or > that he only signs things when he considers the message to be more > important than normal, however, the majority of the messages that he > has sent out to cypherpunks, alt.security.pgp, etc. in, say, the last I don't think this is the case. Most PRZ messages I've seen have been unsigned; only the recent ones on the PGP 2.6 business have been signed. I use MacPGP on my home Mac...I don't trust Netcom or any other system outside my direct control for this. I figure if it's worth signing, it's worth signing with a secure key, not just a "casual grade" key (this is the term used by Jay P.P. and others for crypto on unsecured machines...this involves having more than one public key, etc.). (This is the main answer to Ed Carp's suggestion about PGP in elm.) > Hmmmm. FWIW, it typically requires two keystrokes for me to do any of > the half dozen PGP operations that I do most often. I've heard of at > least three other emacs-based interfaces for simplifying PGP > interaction and there seem to be quite a few other `helper' packages > around for other email environments. See above. I'm not interested in the various elm and emacs PGP packages. Any sysop can not only obtain your secret key, stored on his system, but he can also capture your passphrase as you feed it to the PGP program (assuming you do...many people automate this part as well). Since this sysop or one of his cronies can then compromise your mail, sign messages and contract as "you," I consider this totally unacceptable. Others apparently don't. > regardless of the content. In any case, I find it quite disappointing > to hear that one of the cypherpunks founders frowns on people actually > using strong crypto on a routine basis. Sigh... "Sigh." --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From cactus at bb.com Tue Aug 23 22:04:47 1994 From: cactus at bb.com (L. Todd Masco) Date: Tue, 23 Aug 94 22:04:47 PDT Subject: Untitled In-Reply-To: <9408240204.AA21095@runner.utsa.edu> Message-ID: <33ekm6$5lr@bb.com> In article <9408240204.AA21095 at runner.utsa.edu>, Douglas R. Floyd wrote: > >I most likely will get toasted for this, but here goes: Naw... >I seriously wonder who is trying to create a repressive government. Clinton >cannot pass a simple crime bill, much less become Big Brother. Oh? Just wait and see... Now it just has to get past a Republican point of order (it breaks the Budget Act) that requires 60%. Once past that, it's home-free. Even if he can't pass the Crime Bill (which I think is one of the most frightening pieces of legislation in a long time: 2nd Amendment right to violent revolution aside, it includes a measure which requires anybody *accused* of a "sex crime" to be tested for HIV, at the alleged victim's demand), think of it as a sort of "Pascal's Wager." I'd far rather be wrong about this country getting dangerously oppresive than be wrong about it being just fine, business as usual. YM, of course, MV. -- L. Todd Masco | "Large prime numbers imply arrest." - Previously meaningless cactus at bb.com | grammatically correct sentence. Now... From cactus at bb.com Tue Aug 23 22:11:13 1994 From: cactus at bb.com (L. Todd Masco) Date: Tue, 23 Aug 94 22:11:13 PDT Subject: Zimmermann/NSA debate postponed In-Reply-To: <199408240440.VAA06740@netcom4.netcom.com> Message-ID: <33el1o$5q5@bb.com> In article <199408240440.VAA06740 at netcom4.netcom.com>, Timothy C. May wrote: >Since this sysop or one of his cronies can then compromise your mail, >sign messages and contract as "you," I consider this totally >unacceptable. Others apparently don't. Well... Either that, or they have their own UNIX boxes (an increasing trend in this world of Linux boxes...) or other personal machines that run an MTA and emacs. -- L. Todd Masco | "Large prime numbers imply arrest." - Previously meaningless cactus at bb.com | grammatically correct sentence. Now... From ben at Tux.Music.ASU.Edu Tue Aug 23 22:12:53 1994 From: ben at Tux.Music.ASU.Edu (Ben Goren) Date: Tue, 23 Aug 94 22:12:53 PDT Subject: Electronic Postcards Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Dear Editor, Most everybody I know puts almost all mail in an envelope before dropping it in the mailbox. The only time we do otherwise is when sending a postcard that says, "I'm here, wish you were fine." So why does everybody send all email in a way that's just as easy to read as a postcard? Why, then, all the fuss over ASU officials reading electronic postcards? If you don't trust the various system operators through whose computer your message might pass, put your email in an envelope--by encrypting it. If you use the most popular email encryption software on the Internet, PGP--Pretty Good Privacy, written by Philip Zimmerman and now maintained and distributed by MIT--then even the National Security Agency, the super-secret government agency entrusted with electronic surveillance, would resort to a beating with a rubber hose before expending the computer power necessary to decrypt your messages. And that's making the rather doubtful assumption that such power even exists. In other words, only my friend John could tell you that - -----BEGIN PGP MESSAGE----- Version: 2.6 hIwCHxG346w4ZyEBBACo5V85syKa2oJ+TpgR5/NFqiSlFLXxSTFQghLb0owAHHqN 9cAmaJB7kvMWq3vKIP/p9s+DCFtuPLe2FF3UFYc9iOibd4LrxWPZpHzHN0DvqiCm 1M8HxJ+DgUpWHZ2jwTTZL/2XR3sfbqw6NyGgDrMspNLXsPu4WN9jctumUfyS/KYA AADRbSMnDQQZFC040LykyL783+ezN8EnLlBRZeXxqSs1fjULqybj0t9x9Sb4EGKG S3KvFUuGfvSBmrx/IKsDyAZ/5LZuFk0KhdGI/a3zP8/Bt4umQQOtIlwh3Kl/qV7I 42sh8Cx1tgXnDrfDav3pXOjlCwcjp8ChvHy79YUcUMuCGnm80fs+I7YjMKeHHlm0 qPcYE3AZRkfu8dRqisD+raXn8bpgzvyvEaFs5IMJjIhb9n3i5UaU3C3HmsvNrAps 3MTgfhDTN+XkrsaJygTvva67/5Q= =FQw9 - -----END PGP MESSAGE----- Really means, "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances." Since I've deleted the original, even I couldn't tell you what it says except from my own fading memory. Because of an obscure code of laws known as the International Trafficking in Arms Regulations, strong cryptography, including PGP, is classified right up there with anti-tank missiles. Never mind that any program that is readily available in the States is also readily available abroad, there are stiff fines and prison sentences for those who export cryptography from the US or Canada. Thus, if you wish to get a copy of PGP for yourself--absolutely free--you must get it directly from MIT. Use anonymous FTP--which you can do from any computing site on campus--to connect to net-dist.mit.edu, and get the file /pub/PGP/README. It contains instructions on how to get the software. While a technical description of how PGP works is beyond a letter to the Editor, I would be more than happy to provide such via email to those who ask. Just write to me at Ben.Goren at asu.edu And, of course, PGP-encrypted messages are most welcome. Yours truly, Ben Goren Faculty Associate School of Music 5-0429 -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: My key is not 'escrowed' with any government agency. iQCVAgUBLlrPMkNl71nP8jvVAQGyVAP9HyYZcmhssvvtFMrZ6kISvs4jXsgvx5ZT UHJYzcmtMXoQOP+xYZeLh31ILiX8glJXUeq1n49HNIRh10YPxAeAj3zVQCWlBIbX SjMEQpYDdNpE8sTULL0nmKlGq5P9q89KEfHlT8C8CZyS0+0ZaY2dFs4uYGaFdDq4 zyCVVTrEyUk= =lbBs -----END PGP SIGNATURE----- Note to those receiving this message as a Cc: This letter is in response to a front-page article and an editorial in Arizona State University's student newspaper, the _State Press._ The one described and the other decried a draft resolution which would formalize the current policy of allowing administrators to examine any account on any university computer for no cause other than "reasonable suspicion." b& -- Ben.Goren at asu.edu, Arizona State University School of Music net.proselytizing (write for info): The battle is over; Clipper is dead. But the war against Government Access to Keys (GAK) goes on. Finger ben at tux.music.asu.edu for PGP 2.6 public key ID 0xCFF23BD5. From bdolan at well.sf.ca.us Tue Aug 23 22:48:37 1994 From: bdolan at well.sf.ca.us (Brad Dolan) Date: Tue, 23 Aug 94 22:48:37 PDT Subject: Neutron sources, alpha sources, pulling dragon's tail Message-ID: <199408240548.WAA05357@well.sf.ca.us> Various comments on this thread, all lumped into an easy-to-ignore wad: ------------------------------------------------------------------------ From: IN%"werewolf at io.org" To: IN%"cypherpunks at toad.com" CC: Subj: RE: Nuclear Weapons Material > > iqg1550 says: > > Let's all rejoice at the birth of the latest member of The Horsemen of > > The Criminal Apocalypse -- The Nuclear Weapons Material Smuggler. > > I'm sure his four siblings will make plenty of room for their baby brother. > > I will point out, of course, that anyone who can afford the tens of > millions to hundreds of millions the smugglers are reportedly charging > for critical masses worth of Plutonium and Uranium, odds are that they > can afford to buy un-escrowed secure communications equipment... Not to mention the fact that without tritium, the "trigger" for nuclear weapons (and extremely expensive and rare at $ 100m a gram) all you have is a radioactive paperweight. --------------------------------------------------------------------------- This misconception was put to rest by a number of postings such as the following: --------------------------------------------------------------------------- From: IN%"psmarie at cbis.com" To: IN%"werewolf at io.org" CC: IN%"cypherpunks at toad.com" Subj: Nuclear Weapons Material > Not to mention the fact that without tritium, the "trigger" for nuclear > weapons (and extremely expensive and rare at $ 100m a gram) all you have > is a radioactive paperweight. The "trigger" isn't tritium. Tritium (along with lithium 6) is used in fusion bombs. A fission-only device, ala Hiroshima or Nagasaki, doesn't require any. The trigger in the center of the plutonium core is a neutron source, polonium if memory serves correctly. Tritium is a beta emitter. --Paul ------------------------------------------------------------------------- From: IN%"ghio at chaos.bsu.edu" "Matthew Ghio" To: IN%"cypherpunks at toad.com" CC: Subj: RE: Nuclear Weapons Material pstemari at bismark.cbis.com (Paul J. Ste. Marie) wrote: > Mark Terka wrote: > > Not to mention the fact that without tritium, the "trigger" for nuclear > > weapons (and extremely expensive and rare at $ 100m a gram) all you have > > is a radioactive paperweight. > > The "trigger" isn't tritium. Tritium (along with lithium 6) is used > in fusion bombs. A fission-only device, ala Hiroshima or Nagasaki, > doesn't require any. > > The trigger in the center of the plutonium core is a neutron source, > polonium if memory serves correctly. Tritium is a beta emitter. A neutron source is usually a light element with a high neutron/proton ratio, coupled with an alpha emitter. I believe the Nagasaki bomb used beryllium-9. An alpha particle impacting a beryllium nucleus will fuse with it, forming carbon-12, and the binding energy will eject a neutron. I think aluminum and a few other light elements will undergo similar reactions to release neutrons in the presence of alpha particles. Polonium is primarilly an alpha emitter. It would work as part of a neutron source, but it is not a particularily good choice because its half-life is only 138.4 days (polonium-210). This makes it expensive to obtain, and impractical to store. --------------------------------------------------------------------- Plutonium itself is a decent alpha emitter. Seems like I've been around a Pu-Be neutron source somewhere ( but not too close!) ---------------------------------------------------------------------- From: IN%"ecarp at netcom.com" To: IN%"ghio at chaos.bsu.edu" CC: IN%"cypherpunks at toad.com" Subj: RE: Nuclear Weapons Material > Polonium is primarilly an alpha emitter. It would work as part of a > neutron source, but it is not a particularily good choice because its > half-life is only 138.4 days (polonium-210). This makes it expensive > to obtain, and impractical to store. They used to use polonium in static eliminators in darkrooms - don't know if they use them anymore, though. -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" --------------------------------------------------------------------------- You can still buy those neat little brushes intended to remove dust from negatives. Each comes with a polonium source to help kill the static charge holding the dust. I've got one right next to my Sunshine Health Mine radon-emitting pillow. -------------------------------------------------------------------------- From: IN%"ecarp at netcom.com" To: IN%"perry at imsi.com" CC: IN%"werewolf at io.org", IN%"cypherpunks at toad.com" Subj: RE: Nuclear Weapons Material > Mark Terka says: > > Not to mention the fact that without tritium, the "trigger" for nuclear > > weapons (and extremely expensive and rare at $ 100m a gram) all you have > > is a radioactive paperweight. > > This is sheer ignorance. First of all, tritium is not nearly that > expensive. Its quite cheap, in fact, and can be manufactured without > that much trouble. Second of all, tritium is not a necessary component > of non-thermonuclear (i.e. hydrogen) bombs. Third, tritium isn't a > "trigger". Lastly, an ordinary A-bomb is just a way to bring together > a critical mass of a fissionable material, like U-235 or Plutonium. > Once a critical mass is in one place the chain reaction will handle > the rest. Quite true. All you really need for a fission bomb is a casing to hold everything together, 2.2 kilos (or so) of U-235 (or a sufficient quantity of critical mass other stuff ), and something that will hold it together long enough for it to fission. And no, Taylor, holding them together in your hands won't work (unfortunately)... hehehe :) [...] ------------------------------------------------------------------------ Well, you can do it - only you just get a pffutt instead of a bang. A couple of folks at Los Alamos have tried it. Regrettably, they're no longer with us. I think the practice was called, "pulling the dragon's tail." ------------------------------------------------------------------------ bdolan at well.sf.ca.us  From jdwilson at gold.chem.hawaii.edu Tue Aug 23 23:42:06 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Tue, 23 Aug 94 23:42:06 PDT Subject: Electronic Postcards In-Reply-To: Message-ID: On Tue, 23 Aug 1994, Ben Goren wrote: > This letter is in response to a front-page article and an editorial in > Arizona State University's student newspaper, the _State Press._ The one > described and the other decried a draft resolution which would formalize > the current policy of allowing administrators to examine any account on > any university computer for no cause other than "reasonable suspicion." > > b& I sure hope the encrypted and free text wasn't really done using your secret key - kinda vulnerable for a free text<->encrypted text crack, no? -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From tcmay at netcom.com Tue Aug 23 23:46:28 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 23 Aug 94 23:46:28 PDT Subject: Using PGP on Insecure Machines In-Reply-To: <33el1o$5q5@bb.com> Message-ID: <199408240630.XAA26030@netcom4.netcom.com> L. Todd Masco writes: > In article <199408240440.VAA06740 at netcom4.netcom.com>, > Timothy C. May wrote: > >Since this sysop or one of his cronies can then compromise your mail, > >sign messages and contract as "you," I consider this totally > >unacceptable. Others apparently don't. > > Well... Either that, or they have their own UNIX boxes (an increasing > trend in this world of Linux boxes...) or other personal machines > that run an MTA and emacs. Precisely! In fact, I think I cited the Linux phenomenon just a day or so ago...(in a mention of cheap Pentium boxes). When many more locally-controlled boxes are on the Net, conveniently, then things should start to really get going. Until the "Internet-in-a-box" or TIA-type products are more widespread, many people will be connecting home or office machines to other systems they don't control. (To put this in sharper focus: do you want your electronic money being run out of an account that your sysop and his friends can monitor? Not hardly. "Electronic purses," which may be smart cards, Newton-like PDAs, or dongle-like rings or pendants, are clearly needed. Another entire discussion.) Too many people are kidding themselves that their messages are secure. That their electronic identities cannot be spoofed. Debate about whether PGP needs 4096-bit keylengths is absurdly moot if PGP is being run on a university or corporate computer outside the direct control of the user! Some folks who use PGP on such machines at least take steps to better secure things....Perry Metzger, for example, once described the multi-stage process he went through each day to reload his key material in a way he felt was quasi-safe. Yes, some of you PGP fans may say "Sigh!" when you hear that I don't particularly like downloading-and-then-decrypting a message only to find it saying, "Gee, Tim, isn't this PGP stuff really neat?" Too bad. Not only do many of us not do all this stuff (have you seen Eric Hughes signing his messages? How about John Gilmore?), but some people have decided to stop reading e-mail altogether. Donald Knuth, for example. A wise man. I'm happy that you PGP fans are thoroughly infatuated with using PGP for everything. Just knock off the clucking and sighing about those who don't see it as the end-all and be-all of today's communications. It reeks of fanaticism. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Wed Aug 24 01:01:37 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 24 Aug 94 01:01:37 PDT Subject: An asshole using PGP Message-ID: <199408240801.BAA23785@netcom14.netcom.com> I just received a PGP-encryptd message from Douglas Floyd, just after explaining carefully the work that's needed to decrypt PGP messages. I dutifully clipped the article, moved the text into my text editor, fired up MacPGP, entered my key, etc. The message was banal, and is included below: ---begin his message--- What's wrong with putting your private key on a UNIX box? (Obviously, I AM root on the boxes I have the key on, and the boxes are firewalled to boot.) ---end his message--- There was no need for this to be PGPed, no need even to ask it, period, as I had already made the point about the dangers being for boxes one is *not* root on, etc. I conclude from this that Douglas Floyd is just an asshole. One I don't plan to ever respond to again. Only a prick would make a point to send me a PGP message, encrypted to my published key, only to make such a point. For some reason the number of fools and lightweights around here has jumped dramatically in recent months. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From dave at esi.COM.AU Wed Aug 24 01:05:28 1994 From: dave at esi.COM.AU (Dave Horsfall) Date: Wed, 24 Aug 94 01:05:28 PDT Subject: Zimmermann/NSA debate postponed In-Reply-To: <199408240048.RAA19300@netcom16.netcom.com> Message-ID: > (I sympathize with him, and I intensely dislike getting PGP-encrypted > messages, decrypting them, only to find a banal message that wasn't > worth the effort.) Perhaps the readers of this list may be interested in a thing called PGPsendmail, which automatically encrypts/decrypts mail. Are you on this list, Richard? -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD From karn at qualcomm.com Wed Aug 24 01:12:39 1994 From: karn at qualcomm.com (Phil Karn) Date: Wed, 24 Aug 94 01:12:39 PDT Subject: Nuclear Weapons Material In-Reply-To: Message-ID: <199408240810.BAA27546@servo.qualcomm.com> >Been reading our Tom Clancey, have we? No, actually I have yet to read my first Clancey novel, though I did see Hunt for Red October. My information comes from "US Nuclear Weapons" by Chuck Hansen, Orion Books, 1988. ISBN 0-517-56740-7. I wouldn't be surprised if Clancey used the same source -- Hansen is the guy who wrote the open letter that sabotaged the government's case in US vs. Progressive back in 1979. Now can we return to cryptography? How about a discussion of fast modular exponentiation algorithms, something we (or at least I) can put to more immediate and constructive use than nuclear bomb designs? Phil From tcmay at netcom.com Wed Aug 24 01:37:38 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 24 Aug 94 01:37:38 PDT Subject: PGP use In-Reply-To: Message-ID: <199408240837.BAA25937@netcom14.netcom.com> > Perhaps the readers of this list may be interested in a thing called > PGPsendmail, which automatically encrypts/decrypts mail. > > Are you on this list, Richard? > > -- > Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 There are several such tools. Tools for editors, for mailers, tools etc. What is being missed here is the issue of where the PGP operations are being done. If done on a machine outside the direct control of the user, obvious security holes exist. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From dfloyd at runner.utsa.edu Wed Aug 24 01:39:43 1994 From: dfloyd at runner.utsa.edu (Douglas R. Floyd) Date: Wed, 24 Aug 94 01:39:43 PDT Subject: No Subject Message-ID: <9408240841.AA27819@runner.utsa.edu> -----BEGIN PGP SIGNED MESSAGE----- To whom it may concern: In a previous mailing called "An Asshole using PGP" which does have a valid message and my signature, he basically killfiles me in the worst manner possible. Before sentence is passed, and the sound of a thousand plonks is sent in my direction, I would like to speak my part. In an earlier mailing, Mr. May was mentioning how annoying it is to obtain a PGP encrypted message, download it to their home machine, and then find a message like "wow... pgp's kwl man.". I composed the reply that Tcmay so generously posted for everyone to marvel at. I signed it, but re-read it, and DID found it to be as one would put it "nitrogenous cow waste." I composed another reply in the same directory as the original, which is irrelevent now because of this ad hominum attack. To make a long story short, I mailed the wrong file. If tcmay feels that I am such a low life that I am worthy of the plonk sound, so be it. I refuse to have judgement passed on me by the whole of this list without speaking my part. Tim May definitely has more clout than I do, and the people on the list respect him, while I am less anarchistic, more conservative about the way the government is. (I do NOT like the pressure of GAK and the Klinton Klown stuff though, let me make this clear.) Again, I am not asking for anything, but you not to killfile me for a mistake, though stupid it may be. I apologize to you, Mr. May, but I find it rude for you to take something out of private mail, and onto this list. Unless there is some major change in circumstances, consider this the last mailing from me on this as I will NOT trouble this list, and go on personal flamewars. My mailing address is dfloyd at runner.jpl.utsa.edu, and if you have any problems, please take this to me. I will not have this mailing list, the only mailing list I've really participated on polluted by petty ad hominum attacks. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLlsHoXDkimqwdwa5AQFZSAP8CPzDk8g8HZcQ0KH1O33k2mNgABTGslPG q2YSmuQqn6SKoNRt5VNVSlZJNrLcVbx4umo+1tw0xTSWJBQlHr57B8/+innhop3m ErNK1Pais/xnkRU3Mw0D9ya+Oy+CLM7nwEhE/IYSxYAU9l7Nd3fKqLD13nZJij8w diyNr7WVzI4= =F2jA -----END PGP SIGNATURE----- From cactus at bb.com Wed Aug 24 02:29:54 1994 From: cactus at bb.com (L. Todd Masco) Date: Wed, 24 Aug 94 02:29:54 PDT Subject: Using PGP on Insecure Machines In-Reply-To: <199408240630.XAA26030@netcom4.netcom.com> Message-ID: <33f44u$8av@bb.com> In article <199408240630.XAA26030 at netcom4.netcom.com>, Timothy C. May wrote: >L. Todd Masco writes: >> Well... Either that, or they have their own UNIX boxes (an increasing >> trend in this world of Linux boxes...) or other personal machines >> that run an MTA and emacs. > >Precisely! In fact, I think I cited the Linux phenomenon just a day or >so ago...(in a mention of cheap Pentium boxes). When many more >locally-controlled boxes are on the Net, conveniently, then things >should start to really get going. > >Until the "Internet-in-a-box" or TIA-type products are more >widespread, many people will be connecting home or office machines to >other systems they don't control. Actually, I expected to get jumped on in a major way for saying that. Linux boxes run X11, with all its security problems. Add to that the increasing frequency of popularity of UNIX and UNIX-alikes, with all their security problems, and you get a picture that's terrifyingly cyberpunk. I can just picture in three years: Job Bob Public sitting at his Linux box, connected by TC/IPng over the local cable IP provider -- scared by a mailing he's recently gotten from the Oregon Driver's Privacy Initiative with information of where his daughter had his lojack-ng equipped car was three days ago when she was supposed to be at football practice -- decides to set up Microsoft PGP 5.7us on his machine (and to wire up the optional personal lojack-ng tracking feature, of course -- brought to you by AT&T). He writes a message that he believes secure -- Of course, he's got his X11R8 server xhost +'d, so that his friend Suzy EveryCheese can send windows to him (she's much too smart to allows other clients to attach to *her* server). He types his passphrase in and his son, Bubba Public, snarfs it from his PC-SeptiumJr. It never hurts to be able to see what the Old Man might be writing. Of course, the entire thing falls apart when the Morris Worm Mk 3 chomps down through the least-secure encryption methods specified in IPng's security specs (they salvaged the old AFS "xor 'flamingo'" "optimization"), but that's another matter. The point? I'm actually not very sure... but it has something to do with there never being an easy way to be secure, especially for the plug-n- players. It also has to do with the way things are going to be extremely unstable when everybody is networked on machines with an OS and windowing environment that evolved to play XTrek efficiently and to support Xeyes with motif. Knowledge and/or effort -- not to mention a good dose of paranoia -- are de riguer, and I doubt that we'll see anything different in the near future (even if technically possible: the rise of MS Windows and UNIX/X11 have me pretty down on the economics of quality these days). >It reeks of fanaticism. Fanaticism's fine. It's clueless, dogmatic fanaticism that's a problem. -- L. Todd Masco | "Large prime numbers imply arrest." - Previously meaningless cactus at bb.com | grammatically correct sentence. Now... From jkreznar at ininx.com Wed Aug 24 04:30:28 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Wed, 24 Aug 94 04:30:28 PDT Subject: Actually using strong crypto on a routine basis. In-Reply-To: <199408240440.VAA06740@netcom4.netcom.com> Message-ID: <9408241130.AA03863@ininx> -----BEGIN PGP SIGNED MESSAGE----- In <9408240400.AA18251 at fnord.lehman.com>, "Rick Busdiecker" wrote: > > regardless of the content. In any case, I find it quite disappointing > > to hear that one of the cypherpunks founders frowns on people actually > > using strong crypto on a routine basis. Sigh... To which Tim provides the enlightening reply: > "Sigh." Stick to your guns, Rick. Even cypherpunks founders can become corrupted. Here is how Tim's perspective was publically reported a mere year ago: > The Village Voice > August 3, 1993 > Vol. 38, No. 31 > pages 33 through 37 > Code Warriors > Battling for the Keys to Privacy in the Info Age > by Julian Dibbell > And Cypherpunks are hackers to the bone. ``Encryption always > wins,'' Tim May insists with the serene confidence of one > convinced he's a mere conduit for historical tendencies built > into information technology itself --- and yet by definition no > Cypherpunk takes the ultimate achievement of the group's goal for > granted. A pragmatic activism hardwires the group's collective > identity, their very motto (``Cypherpunks write code'') signals a > commitment to making the proliferation of cryptographic tools > happen now rather than waiting on big business, big science, or > Big Brother to determine its fate. Nor is this commitment limited > to the creation of tools; indeed, an even better motto might be > ``Cypherpunks use code,'' since the essence of the revolution the > 'punks seek to effect lies in making encryption a cultural habit, > as common and acceptable as hiding letters inside envelopes. Thus > the Cypherpunks' almost religious use of PGP and of their use of > their own primitive remailer systems isn't just a grown-ups' game > of cloak and dagger, as it sometimes seems, or a matter of > testing out the crypto hackers' experimental creations. It's an > attempt to nudge ciphertech toward that pivotal accumulation of > users that finally makes the forward rush of the technology's > far-reaching social implications irresistible. Sigh! John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLlsuBcDhz44ugybJAQFX2wP/TLEWdSAQRjsR6mB9vPXan9enxA0NtVE6 bkE1CTxPLOFkfLJ2QCwXVmR2HkwPzh63UKw9p1jwln4tMYV1AtlyxBg9aCNk/P7K Ff7ZVrGDtbhOi0Tt2f4II1lAW7fj7R/3TsQ+ajKuHz6nnI5v/6X1vrx7Mo5G4CRY 0OJFT99TDz0= =5ToI -----END PGP SIGNATURE----- From jya at pipeline.com Wed Aug 24 05:29:13 1994 From: jya at pipeline.com (John Young) Date: Wed, 24 Aug 94 05:29:13 PDT Subject: Actually using strong crypto on a routine basis. Message-ID: <199408241223.IAA02685@pipe1.pipeline.com> Responding to msg by jkreznar at ininx.com (John E. Kreznar) on Wed, 24 Aug 4:30 AM >Stick to your guns, Rick. Even cypherpunks founders >can become corrupted. No. Tim says: Don't do what I do, do what I say. Do your homework. Clean your room. You embarass me. Get a job. Get a haircut. Get a life. Don't talk back. When I was your age . . . Listen to me . . . Shut the fuck up. I'm sorry, I love you. Every parent of rambunctious kids talks like this. Sigh. John From rah at shipwright.com Wed Aug 24 05:30:46 1994 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 24 Aug 94 05:30:46 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408241227.IAA22728@zork.tiac.net> At 10:08 PM 8/23/94 -0400, Jason W Solinsky wrote: >Well we agree that the selling point is economic efficiency. But "anonymity >reduces overhead" ? I keep getting tangled up in that. I'll try again. Anonymity is not the issue. Strong Cryptography is the issue. Anonymity comes from strong crypto. Like I said before, anonymity is the byproduct of using strong crypto to build a digital cash system. It's like what I said about flight in this same thread. It turns out the best way to go really fast is to fly (at least until someone builds an evacuated tunnel with a magnetic levitation train in it, anyway). In inventing aviation, we discovered how to go really fast. It turns out that going really fast is a cheaper way to do things if time is valuable. Being able to fly, while an end in itself, is also a byproduct of wanting to get somewhere fast, at least in economic terms. It turns out that in creating an anonymous digital cash system, you can do very cheap, irrefutable transactions offline in an internetworked environment. That's cheaper for a whole lot of reasons, a relatively minor one being the ability to pool the cash without a lot of transaction recordkeeping. You don't have to know who gave you each piece of money in order to find who stiffed you, if it happens. The reduced overhead increases economic efficiency. There are other reasons for not doing on-line transactions. Including credit checks, interest calculations on outstanding balances, vendor reserve requirements, transaction threading, on-line wait states and bandwidth, etc. It's considerable. In addition, I'll forward to you off-line the Eric Hughes postings that got me started on this. They were put here on 8/19 at 12:20, 1:02, and 4:24 and 4:43. Cheez, looks like I'm citing scripture here. I feel like one of those fundamnmentalists you see in football endzones on TV. You know, the guys with the sign that says "John 6:66". ;-). > There are alot of reasons why I think anonymity is important, but I fail >to see any significant economic advantage that anonymity confers to a person >who otherwise couldn't care less about it. I think like stellar formation, evolution and economic progress, the privacy of digital cash may be a happy accident resulting from the activities of a random process (internet commerce) looking for a way to make itself more efficient. It happens. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From perry at imsi.com Wed Aug 24 06:10:51 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 24 Aug 94 06:10:51 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408240215.KAA22862@lethe.uwa.edu.au> Message-ID: <9408241310.AA03276@snark.imsi.com> Mikolaj Habryn says: > > > > Fusion bombs I thought used tritium as fuel and needed a Plutonium > > trigger or something. They are supposedly set off with some kind of > > inner mirrored ball with high powered lasers. Fission then fusion I > > believe. > > The plutonium trigger is set off using conventional explosives > to implode a hollow sphere of the material. While this technique is > superficially similar to the gun-type triggering used by U-235 fuelled > bombs, the geometry prevents the Pu-239 from fissioning prematurely. > The tritium is used as a neutron source - it releases neutrons > when sufficiently motivated to do so. In a fusion, or H Bomb, the tritium (which is just hydrogen with an extra two neutrons) is that which produces the boom -- the main fuel, as it were. Its a "neutron source" only in the weakest possible sense -- the same way dynamite might be considered to need nitroglycerine as a "neutron source". (I'm not sure that people outside of the bomb building industry really know *for sure* what the geometries used in the atomic weapon that sets off the fusion reaction.) Perry From jya at pipeline.com Wed Aug 24 06:22:29 1994 From: jya at pipeline.com (John Young) Date: Wed, 24 Aug 94 06:22:29 PDT Subject: Pentium pitch Message-ID: <199408241322.JAA12029@pipe1.pipeline.com> NY Times sez: Intel will pitch the Pentium chip on comedy shows like "Saturday Night Live" and "Frasier." The challenge of the new campaign will be to talk about technology without having viewers laugh it off as so much technobabble. Stuart Elliott: Advertising. [D16]. Email copies available. John From frissell at panix.com Wed Aug 24 06:25:29 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 24 Aug 94 06:25:29 PDT Subject: Credit cards, false names, and important details Message-ID: <199408241324.AA07121@panix.com> At 11:25 AM 8/23/94 -0500, Jim Hart wrote: > >How is this simple? A credit card company sure as hell wants >to known who you truly are and where you truly live. It must >be able to collect its debt and mark your credit rating. >Applying for a credit card with false name or Social Security >number is fraud, with heavy punishments. Or are there, yet >again, numerous details you are neglecting to mention? > >Jim Hart >hart at chaos.bsu.edu There is no such thing as a false name. You can still call yourself anything you like (and spell it any way). If you are trying to pretend to be another actual person, there may be fraud involved. No one's busted the Chairman of the Congressional Black Caucus -- Kawize(sp?) Infume -- for using a name other than his birth name. The issuers of secured credit cards vary in the amount of info they want about you. Citibank's secured credit card app asks for almost as much info as their normal app. Some secure card issuers just want to know your name address and SS #. The overseas issuers of bank debit Visa cards don't want your SS# but usually these days want a bank reference. Using a nome de guerre and an accomodation address is not fraud. They asked for your name and address and you supplied it. It is an interesting question as to whether or not using a phoney SS# would be fraud. This is particularly uncertain if the bank would have issued you a secured credit card even if you gave your "real" SS#. If you are just trying to protect your privacy, and not trying to induce the bank to do anything that it would not have done anyway, is there fraud since the "lie" is not material to the granting of credit in the case of secured credit cards? It will not come up in any case. Note too that the SS# requirement is there not because the bank wants it but because the *government* requires it. (A credit card account is actually a bank account.) You are not lying to the credit card issuer but to the State that is forcing them to invade your privacy. Lying to the government is not fraud because you (or I at least) am not attempting to get anything of value from them. The "Necessity Defense" can always be used to justify lying to the government. DCF "You speak Treason!" - The Lady Marion Fitzwalter "Fluently!" - Sir Robin of Loxley Not from the politically correct version. From perry at imsi.com Wed Aug 24 06:36:05 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 24 Aug 94 06:36:05 PDT Subject: Using PGP on Insecure Machines In-Reply-To: <199408240630.XAA26030@netcom4.netcom.com> Message-ID: <9408241335.AA03303@snark.imsi.com> Timothy C. May says: > Some folks who use PGP on such machines at least take steps to better > secure things....Perry Metzger, for example, once described the > multi-stage process he went through each day to reload his key > material in a way he felt was quasi-safe. Quasi. I'm pretty sure that anyone who cared enough could have gotten hold of my ancient pmetzger at shearson.com key, which I keep around only for nostalgia reasons at this point -- I believe its one of the oldest keys still on the rings. On the few occassions when I've truly cared, I've generated new keys to use and only used them for a brief period -- PGP provides very poor forward secrecy. (By the way, I've become convinced with time that the forward secrecy characteristics of systems like this are far more important than people believe, especially since keys are likely to be so poorly managed by most non-paranoid users. Diffie-Hellman provides perfect forward secrecy.) Tim's point is, however, correct -- using PGP on Joe Random University's central computing facility is not the way to go if you are really concerned about security. You have to run it only on hardware you personally control, and which others do not have much if any physical or network access to. Also importantly, the user interfaces for PGP simply suck as it stands, making people like Tim uninterested in going through the rigamarole needed to use it on a day to day basis. The real revolution isn't going to come until people are able to use PGP and the rest both reasonably securely without it being especially noticable that they are doing so -- and that is a while off. Perry From perry at imsi.com Wed Aug 24 06:37:35 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 24 Aug 94 06:37:35 PDT Subject: Zimmermann/NSA debate postponed In-Reply-To: Message-ID: <9408241337.AA03311@snark.imsi.com> Dave Horsfall says: > Perhaps the readers of this list may be interested in a thing called > PGPsendmail, which automatically encrypts/decrypts mail. > > Are you on this list, Richard? Again, this is only of use on a machine that is totally within your control and both physically and network secure. .pm From perry at imsi.com Wed Aug 24 06:40:55 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 24 Aug 94 06:40:55 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408240810.BAA27546@servo.qualcomm.com> Message-ID: <9408241340.AA03320@snark.imsi.com> Phil Karn says: > Now can we return to cryptography? How about a discussion of fast > modular exponentiation algorithms, something we (or at least I) can > put to more immediate and constructive use than nuclear bomb designs? Indeed. I've been wondering recently, by the way, about what advantages doing some of this stuff on DSPs might have. DSPs are not magical chips, but they are optimized for a few tasks, including, typically, fast integer multiplies. IDEA and modular exponentiation both require lots of fast integer multiplies. Would it make sense to use DSPs as co-processors to things like Pentiums to speed up these processes? Phil? You are the resident expert on DSPs, I believe... Perry From khijol!erc at apple.com Wed Aug 24 06:45:21 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Wed, 24 Aug 94 06:45:21 PDT Subject: An asshole using PGP In-Reply-To: <199408240801.BAA23785@netcom14.netcom.com> Message-ID: > I just received a PGP-encryptd message from Douglas Floyd, just after > explaining carefully the work that's needed to decrypt PGP messages. > > I dutifully clipped the article, moved the text into my text editor, > fired up MacPGP, entered my key, etc. I don't mind so much Tim calling someone a prick in public (shit happens), but I *do* find it ethically objectionable that Tim chose to post what was essentially private email to the list. The "instant reply" feature of the net tends to sometimes breed poor ethical choices based on anger, rather than good sense. No, Tim, this isn't a flame - just pointing out that to post private email without permission is rather rude. -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From jdd at aiki.demon.co.uk Wed Aug 24 06:59:11 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 24 Aug 94 06:59:11 PDT Subject: Voluntary Governments? Message-ID: <7385@aiki.demon.co.uk> In message Russell Nelson writes: > Date: Tue, 23 Aug 94 18:15:12 GMT > From: jdd at aiki.demon.co.uk (Jim Dixon) > > I grew up in a small town of 5,000. It had a city government. The > [etc] > So drop the word 'exclusive'. > > The government still excludes non-governmental authorities from using > violence. > > In our high school we had a student government. We had no prisons > and no guns. > > Then you were a club. Or, you were a government whose rules were > enforced by other governments. The discussion here is about the use of common words in the English language. You are decreeing that Jason and I and most of the rest of the English-speaking world follow one restricted usage, yours. This is a form of linguistic imperialism. Sorry, I will keep on using the word in the ways permitted by most dictionaries. There is also an odd form of cultural imperialism here. The USA has a form of government that is unique to it. Like the people of most large continental nations, Americans think that the rest of the world is just their own country with a few changes in details. It isn't. There are many cultures where individuals are expected to use violence. In the Afghan countryside (at least in the Pathan area), all males over the age of 13 or so are expected to carry guns and to use them. When I was there there was no central government in the American sense. Government was local. There was nothing resembling a constitution, in fact there was no written law, as far as I know. The elders met and came to decisions. Those decisions, which were of course informed by Islamic tradition, had the effect of law. There was a competitive government in Kabul, but its influence was limited to the roads. In remote areas, the Kabul government could frighten people with the jet fighters donated to it by the Russians, but it had little day-to-day control. At least theoretically all Kshatriya caste Hindus and all Sikhs are warriors. I have never been in the Arab countries, but I believe that in many of them people are expected to use violence under certain circumstances. This is sanctioned by their reading of the Koran. Women are really stoned to death by their neighbors for adultery. No intervention by "the government" is necessary. What you are saying is that, effectively, these are not 'real' countries and their peculiar forms of government are not real, because they do not follow the American model. Turn the clock back 100 years and America was not so different. It is true that in the West people carried guns and were expected to use them under certain circumstances. Jason's point is that if you turn the clock forward 50 years, you are likely to find entities exercising governmental powers in cyberspace. They will use sanctions to coerce uncooperative people to follow norms. These sanctions need not be backed by the use of physical weapons. They will also collect something like taxes. It may be that the terms used will not be 'government' and 'taxes', but that is what they will be. -- Jim Dixon From dance at cicero.spc.uchicago.edu Wed Aug 24 06:59:40 1994 From: dance at cicero.spc.uchicago.edu (Squeal) Date: Wed, 24 Aug 94 06:59:40 PDT Subject: Voluntary Governments? Message-ID: <9408241359.AA05594@cicero.spc.uchicago.edu> Jim Choate says: >Can't speak for MIT but I can speak for UT Austin, they do have cells to hold >prisoners. The security forces at that school attend the Tx Dept. of Public >Safety training school and hold state law enforcement positions. The last >thing you want to do is really piss one of these guys, you would end up >in one of the state prisons for several years, Huntsville probably. > >Schools can use physical force against their students. I have personaly seen >assaults on the presidents office when a group of students took it over in >the late 80's because of UT Austin holdings in S. Africa. I have seen them >knock the holy shit out of students for nothing more than simply refusing to >move fast enough. The officers stormed the office in full riot gear with >M16 automatic rifles and smoke grenades. > >I suspect that MIT's security forces, even though it is a private school, >hold 'peace officer' ratings and this implies that they can carry weapons >at any time (though they don't usually). This holds for the small community >college that I work at now as well. The officers don't carry guns as a regular >part of their uniform except during registration when there are large amounts >of cash on campus or when important officials visit the campus(es). The University of Chicago's Security officers are sworn Chicago police; they are given full police powers, if only limited jurisdiction. Lucky for everyone here they choose not to exercise *any* authority. Trying to neither be foolish nor a lightweight.... _/_/_/ _/_/_/ _/_/_/ _/ _/ It's dangerous to be right _/ _/ _/ _/ _/_/ _/ when the government is wrong. _/_/_/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ --Voltaire _/_/_/ _/_/_/ _/_/_/ _/ _/ _/_/_/ _/ From doug at OpenMind.com Wed Aug 24 07:27:00 1994 From: doug at OpenMind.com (Doug Cutrell) Date: Wed, 24 Aug 94 07:27:00 PDT Subject: Easy PGP use from the Mac Message-ID: For all those who have been complaining about the inconvenience of using PGP to sign their messages, decrypt received messages, etc., and who primarily use a Macintosh for their private mail reading... I use a set-up which is as simple as: 1) Type a message into a Eudora window 2) Double click on a desktop icon 3) Wait about 15 seconds, and the message in the window is replaced with a signed and/or encrypted version of the original message. (Plus typing in a recipient into dialog box for encryption, and entering a passphrase for signing -- or the passphrase can be "saved"). Decrypting and signature verification is almost as easy... but the decrypted text appears in a text editor window instead of a new Eudora window. No big deal. All disk based plaintext files can be automatically wiped during this process. All you need is: 1) Commercial Eudora for the Mac (costs about $50) 2) Applescript 1.1 (buy it now, or provided with System 7.5, due out soon) 3) MacPGP 2.6ui 4) Some carefully written scripts for combining the above three components. I found it necessary to tweak the scripts that someone else had written to do all of the above, but now it's all working great. The main disadvantage that I can see is that MacPGP 2.6ui is required to make this work (the "USA-domestic" MacPGP 2.6 does not have the required scripting support). But since you can configure 2.6ui to pretend to the outside world that it is regular 2.6, this doesn't seem like much of a problem for most people. By the way, Eudora comes with Unix-mail program interface scripts that enable many people to use it in combination with a terminal Unix account (such as a standard Netcom account). I'll be happy to provide more details/help on request, or to send a copy of my slightly modifed scripts. The desktop icons I alluded to in the beginning are just aliases to the scripts. Doug ___________________________________________________________________ Doug Cutrell General Partner doug at OpenMind.com Open Mind, Santa Cruz =================================================================== From jya at pipeline.com Wed Aug 24 07:51:40 1994 From: jya at pipeline.com (John Young) Date: Wed, 24 Aug 94 07:51:40 PDT Subject: Nuclear Weapons Material, Truly? Message-ID: <199408241451.KAA25401@pipe1.pipeline.com> Responding to msg by perry at imsi.com ("Perry E. Metzger") on Wed, 24 Aug 9:10 AM >(I'm not sure >that people outside of the bomb building industry >really know *for sure* what the geometries used in the >atomic weapon that sets off the fusion reaction.) Perhaps. However, there is much detailed design and production info in the "Nuclear Weapons Databook" series: U. S. Nuclear Warhead Production, Volume II, 1987. U. S. Nuclear Warhead Facility Profiles, Volume III, 1987. Soviet Nuclear Weapons, Volume IV, 1989. And others. The series provides pretty detailed textual and graphic descriptions of the entire history of design, production, testing and deployment of nuclear weapons. These are written by the folks at Natural Resources Defense Council and are available there and from Ballinger Division, Harper and Row, New York. The beloved McGeorge Bundy is quoted on the covers: "A powerful antidote to the simplistic deceptions peddled with such zeal from high places . . . contains more facts about the past, present and future of [U. S. nuclear] forces than have ever been put in one place before . . . meticulous and responsible . . . the effect is overwhelming." They are mesmerizing. But then maybe they were written only for the ignorant. John From hfinney at shell.portal.com Wed Aug 24 07:53:17 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 24 Aug 94 07:53:17 PDT Subject: Brands cash In-Reply-To: <199408240022.RAA09107@ar.com> Message-ID: <199408241453.HAA14852@jobe.shell.portal.com> "Rick H. Wesson" writes: >I liked your description of Brans Cash. I'd like to turn your description >into psudo-code or Perl whichever comes first and you are more comfortable >with reviewing. Anyone lese interested in developing a bit of perl as an >example of Brands cash in action? Unfortunately, I don't think perl is suitable, as it has no facilities for multiprecision arithmetic. I was talking to Henry Strickland at Crypto and he is working on a package that would use the scripting language tcl (which is a little similar to perl) and could do this stuff. Alternatively you could use a public-domain package like gmp or perhaps the pgptools library created by Pr0duct Cypher. That last one has MD5 hash built in so it would have everything you need. For that you would have to program in C or perhaps C++ though. Hal From hfinney at shell.portal.com Wed Aug 24 08:08:06 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 24 Aug 94 08:08:06 PDT Subject: Fast modular exponentiation In-Reply-To: <199408240810.BAA27546@servo.qualcomm.com> Message-ID: <199408241507.IAA15669@jobe.shell.portal.com> Phil Karn writes: >Now can we return to cryptography? How about a discussion of fast >modular exponentiation algorithms, something we (or at least I) can >put to more immediate and constructive use than nuclear bomb designs? In the Crypto 93 proceedings, there is an article by Bosselaers, Govaerts, and Vandewalle comparing the speed of three algorithms for modular reduction which is the main time-consuming step in modular exponentiation. They compared the classical algorithm from Knuth, a modification to it by Barrett which speeds up the estimate of the first digit of the quotient, and Montgomery multiplication (which is inherently modular). Montgomery was the fastest for taking 1024 bit numbers modulo 512 bit numbers, but not by a lot. For exponentiation, though, where the reduction happens a lot, Montgomery was fastest for all but the very smallest exponents. 512 bit exponents took about 2.93 seconds for the classical algorithm, 2.85 seconds for the Barrett improvement, and 2.55 seconds for Montgomery. The crossover point (below which Barrett is best) is exponents of about 32 bits. So, Montgomery multiplication was best, but the percentage improvement is not that large. Sometimes, as I mentioned yesterday, you can restrict the size of the exponents without losing security (as in DSS), but it depends on the algorithm. Hal From barrett at daisy.ee.und.ac.za Wed Aug 24 08:08:47 1994 From: barrett at daisy.ee.und.ac.za (Alan Barrett) Date: Wed, 24 Aug 94 08:08:47 PDT Subject: Brands cash In-Reply-To: <199408241453.HAA14852@jobe.shell.portal.com> Message-ID: > Unfortunately, I don't think perl is suitable, as it has no facilities for > multiprecision arithmetic. There is some multiprecision arithmetic in perl, but it's implemented as user-level functions, not as a builtin feature. Look at the bigint.pl, bigrat.pl and bigfloat.pl packages supplied with perl4. --apb (Alan Barrett) From matthewn at uiuc.edu Wed Aug 24 08:10:55 1994 From: matthewn at uiuc.edu (TheElusiveMatthew) Date: Wed, 24 Aug 94 08:10:55 PDT Subject: Voluntary Governments? In-Reply-To: <9408241359.AA05594@cicero.spc.uchicago.edu> Message-ID: On Wed, 24 Aug 1994, Squeal wrote: > The University of Chicago's Security officers are sworn Chicago police; > they are given full police powers, if only limited jurisdiction. Lucky for > everyone here they choose not to exercise *any* authority. The Unicop's here at the University of Illinois (Champaign-Urbana) are actually state troopers. This way they have no jurisdiction problems between the two seperate local (C-U) jurisdictions. Matt Hewn -- Information is not knowledge; knowledge is not wisdom; wisdom is not truth. Truth is absolute. From raph at kiwi.CS.Berkeley.EDU Wed Aug 24 08:14:16 1994 From: raph at kiwi.CS.Berkeley.EDU (Raph Levien) Date: Wed, 24 Aug 94 08:14:16 PDT Subject: Remailer-list pinging frequency Message-ID: <199408241514.IAA17362@kiwi.CS.Berkeley.EDU> Hi all, I believe that I am providing a useful service with my remailer list, but I have received one complaint about the frequency of pinging. I send hourly pings. This is helpful for quickly identifying remailers which have gone off the net. If you don't want me to do this, let me know. I apologize for not having brought this up before I started with the hourly pings. My pinging script can be configured to adjust ping frequency on a per-remailer basis. If you would like a greater interval between pings, I would be happy to do this. I already do this for penet. An anonymous poster from rebma criticized ping traffic as a way to improve remailer mix. It might be that the two goals (improving mix and collecting good statistics) are at odds, but I would be willing to modify my ping script to make the pings more like mix-improving traffic. Ideas include: 1. Encrypt the ping, so it looks like so much PGP traffic. 2. Pad it with a random amount of junk (but not _too_ much :-), so traffic analysis based on size will fail. 3. Chain it through other remailers. A good approach might be to choose two random remailers out of the "top five," and sandwich rebma between them. The drawback is that it penalizes rebma for their latency and failure rate, but this might be acceptable. 4. Randomize the time that the ping is sent. If the operator of the rebma remailer would be so kind, please let me know if and when I have been de-Detweilered, and whether you would like me to implement any of these suggestions. Also, I plan to autopost the remailer list every Monday, to both cypherpunks and alt.privacy.anon-server. This is my first experience with spamming the net, so if anybody has any objections or cautions, I would like to hear them. Raph Levien From shamrock at netcom.com Wed Aug 24 08:24:39 1994 From: shamrock at netcom.com (Lucky Green) Date: Wed, 24 Aug 94 08:24:39 PDT Subject: Anonymous questionnaires Message-ID: <199408241524.IAA26120@netcom7.netcom.com> My partner is a participant in a long term psychological study. I have been asked to fill out a questionnaire to aid in this study. Some of the questions address issues that I would never answer non-anonymously. After speaking with the research director, I ended up with the following problem: is there a way that would allow the institute to 1. Correlate my answers to the answers of my partner. 2. Verify that I have indeed sent in a filled out questionnaire (and send me a check for participating). 3. Allow a supervisory agency, such as the U.S. Department of Health and Human Services, to verify that the researchers did not just make up all the data - that is to allow an audit. 4. Protect my privacy by making it impossible to correlate my name to the answers given. I would very much like to help to advance medical knowledge, but am concerned what might happen once the institute is forced to hand over all accumulated data to the Kommunal Kare Kontrol Kommittee under the Health Care and Crime Prevention Act of 1998. The researchers seem to think that there is no way to satisfy all the above criteria. I, after following discussions on this list for a long time, am not so sure. I intend to forward any workable suggestions (if the problem even has a solution) to the researchers. I am sure that better privacy protection would not only increase the number of participants, but also the quality of the data. Thank you all in advance, -- Lucky Green PGP public key by finger From wessorh at ar.com Wed Aug 24 09:02:19 1994 From: wessorh at ar.com (Rick H. Wesson) Date: Wed, 24 Aug 94 09:02:19 PDT Subject: Brands cash Message-ID: <199408241601.JAA10624@ar.com> > From owner-cypherpunks at toad.com Wed Aug 24 08:20 PDT 1994 > Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by ar.com (8.6.9/8.6.5) with ESMTP id IAA10560 for ; Wed, 24 Aug 1994 08:20:58 -0700 > Received: from toad.com by relay2.UU.NET with SMTP > id QQxeiv09436; Wed, 24 Aug 1994 11:15:13 -0400 > Received: by toad.com id AA11441; Wed, 24 Aug 94 08:08:47 PDT > Received: from newdaisy.ee.und.ac.za by toad.com id AA11434; Wed, 24 Aug 94 08:08:28 PDT > Received: by newdaisy.ee.und.ac.za (Smail3.1.28.1 #12) > id m0qdJvP-0007VlC; Wed, 24 Aug 94 17:07 GMT+0200 > Date: Wed, 24 Aug 1994 17:07:36 +0200 (GMT+0200) > From: Alan Barrett > Subject: Re: Brands cash > To: Hal > Cc: cypherpunks at toad.com > Mime-Version: 1.0 > Sender: owner-cypherpunks at toad.com > Content-Type: TEXT/PLAIN; charset="US-ASCII" > Content-Length: 332 > > > Unfortunately, I don't think perl is suitable, as it has no facilities for > > multiprecision arithmetic. > > There is some multiprecision arithmetic in perl, but it's implemented as > user-level functions, not as a builtin feature. Look at the bigint.pl, > bigrat.pl and bigfloat.pl packages supplied with perl4. > > --apb (Alan Barrett) > > I'm in the process of adding the mpi library that comes with PGP in perl, Perl is fairly extensible... I just figured that it would be a good common ground for codeing... -Rick From pdn at msmail.dr.att.com Wed Aug 24 09:03:53 1994 From: pdn at msmail.dr.att.com (Philippe Nave) Date: Wed, 24 Aug 94 09:03:53 PDT Subject: dfloyd's faux pas :) :) Message-ID: <2E5B7D70@mspost.dr.att.com> > I composed the reply > that Tcmay so generously posted for everyone to marvel at. I signed it, > but re-read it, and DID found it to be as one would put it "nitrogenous > cow waste." Amazing how that happens sometimes, hmmm? The half-life of an e-mail message is about 10 seconds; after a few minutes have passed, the bogon flux density goes clear out of sight. > > To make a long story short, I mailed the wrong file. > My God! A member of the glorious CryptoReich made a MISTAKE ?!? By now, it should be obvious that Real Cypherpunks(TM) **never** make mistakes... [wheee, ha, ha! ROTFL] > I apologize to you, Mr. May, but I find it rude for you to take something > out of private mail, and onto this list. I agree; reposting personal mail without prior consent is terribly rude. > > Unless there is some major change in circumstances, consider this > the last mailing from me on this as I will NOT trouble this list, > and go on personal flamewars. What the hell - if you walk erect and sleep indoors, you're as qualified to 'trouble the list' as the rest of us. Philippe "Anarchy means never having to put up with shit from your 'leaders'" From khijol!erc at apple.com Wed Aug 24 09:44:10 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Wed, 24 Aug 94 09:44:10 PDT Subject: Using PGP on Insecure Machines In-Reply-To: <9408241335.AA03303@snark.imsi.com> Message-ID: > Also importantly, the user interfaces for PGP simply suck as it > stands, making people like Tim uninterested in going through the > rigamarole needed to use it on a day to day basis. The real revolution > isn't going to come until people are able to use PGP and the rest both > reasonably securely without it being especially noticable that they > are doing so -- and that is a while off. At the risk of repeating myself, what's the problem with wrapping PGP in a shell script? Works for me - see a previous mailing, complete with wrapper scripts. I can send either encrypted or just signed email without especially noticing it. -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From khijol!erc at apple.com Wed Aug 24 09:45:45 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Wed, 24 Aug 94 09:45:45 PDT Subject: Using PGP on Insecure Machines In-Reply-To: <199408240630.XAA26030@netcom4.netcom.com> Message-ID: > Yes, some of you PGP fans may say "Sigh!" when you hear that I don't > particularly like downloading-and-then-decrypting a message only to > find it saying, "Gee, Tim, isn't this PGP stuff really neat?" Too bad. > > Not only do many of us not do all this stuff (have you seen Eric > Hughes signing his messages? How about John Gilmore?), but some people > have decided to stop reading e-mail altogether. Donald Knuth, for > example. A wise man. I think that's because Knuth is rather famous. I imagine that his mailbox stays rather full ;) > I'm happy that you PGP fans are thoroughly infatuated with using PGP > for everything. Just knock off the clucking and sighing about those > who don't see it as the end-all and be-all of today's communications. > > It reeks of fanaticism. I don't quite see it that way - it's just easier for me to automatically sign my messages than not if I choose to set my mailer up that way. If I want to encrypt, it's just a couple of keystrokes in elm to change my editor to the appropriate script. I guess I really don't understand your objections, Tim. True, not every UA is as easy as elm to change operating parameters, but it works for me. PGP is easy and not-too-slow to use, and it integrates fairly well into scripts. I've been using these little scripts for months and while they're not quite as flexible as I'd like, they do the job - easily, transparently, and automatically. -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From khijol!erc at apple.com Wed Aug 24 09:45:47 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Wed, 24 Aug 94 09:45:47 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408241310.AA03276@snark.imsi.com> Message-ID: > In a fusion, or H Bomb, the tritium (which is just hydrogen with an > extra two neutrons) is that which produces the boom -- the main fuel, > as it were. Its a "neutron source" only in the weakest possible sense > -- the same way dynamite might be considered to need nitroglycerine as > a "neutron source". (I'm not sure that people outside of the bomb > building industry really know *for sure* what the geometries used in > the atomic weapon that sets off the fusion reaction.) I don't understand your point. The earliest devices used a pie shape with a wedge cut out. The actual geometry is rather unimportant to getting a fission reaction - but it *is* important if you want to maximize your yield. -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From perry at imsi.com Wed Aug 24 10:06:43 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 24 Aug 94 10:06:43 PDT Subject: Nuclear Weapons Material In-Reply-To: Message-ID: <9408241706.AA03674@snark.imsi.com> Ed Carp [Sysadmin] says: > > In a fusion, or H Bomb, the tritium (which is just hydrogen with an > > extra two neutrons) is that which produces the boom -- the main fuel, > > as it were. Its a "neutron source" only in the weakest possible sense > > -- the same way dynamite might be considered to need nitroglycerine as > > a "neutron source". (I'm not sure that people outside of the bomb > > building industry really know *for sure* what the geometries used in > > the atomic weapon that sets off the fusion reaction.) > > I don't understand your point. The earliest devices used a pie shape > with a wedge cut out. The actual geometry is rather unimportant to > getting a fission reaction - but it *is* important if you want to > maximize your yield. We aren't discussing fission bombs. Please reread. .pm From jamesh at netcom.com Wed Aug 24 10:17:25 1994 From: jamesh at netcom.com (James Hightower) Date: Wed, 24 Aug 94 10:17:25 PDT Subject: Credit cards, false names, and important details In-Reply-To: <199408231625.LAA10386@chaos.bsu.edu> Message-ID: <199408241717.KAA14059@netcom17.netcom.com> App. this didn't make it out to the list the first time. Sorry if you get this twice! Jim Hart> > Duncan Frissel: > > The many people who have gotten anonymous Visa and Mastercard credit cards > > for example have used the simple scheme of applying for a secured credit > > card in a nome de guerre. > > How is this simple? A credit card company sure as hell wants > to known who you truly are and where you truly live. It must > be able to collect its debt and mark your credit rating. > Applying for a credit card with false name or Social Security > number is fraud, with heavy punishments. Or are there, yet > again, numerous details you are neglecting to mention? > I called Dave Lovejoy, a longtime credit manager and currently product line manager for Data Rental's line of credit retrieval terminals. He confirmed for me what I had always understood; with _secured_ credit cards, no one really cares who you are, as you have secured your card with a cash deposit (typically 110% of your limit) and collection is no problem. I have no idea as to the legalities of all this. BTW Data Rentals is one of the major suppliers of credit retrieval equipment to credit grantors, marketing towards the small-to-medium sized operations (that is, those who don't buy their reports directly from the bureaus on tape.) I wrote the software for their DRS-2000 automated credit terminal, as well as their credit cartridge for the TI 700 printing terminal. JJH -- From kkirksey at world.std.com Wed Aug 24 10:39:30 1994 From: kkirksey at world.std.com (Ken Kirksey) Date: Wed, 24 Aug 94 10:39:30 PDT Subject: Nuclear Weapons Material Message-ID: <199408241739.AA29066@world.std.com> -----BEGIN PGP SIGNED MESSAGE----- >Mark Terka says: >> Not to mention the fact that without tritium, the "trigger" for nuclear >> weapons (and extremely expensive and rare at $ 100m a gram) all you have >> is a radioactive paperweight. > >This is sheer ignorance. First of all, tritium is not nearly that >expensive. Its quite cheap, in fact, and can be manufactured without >that much trouble. Second of all, tritium is not a necessary component >of non-thermonuclear (i.e. hydrogen) bombs. Third, tritium isn't a >"trigger". I remember reading an article recently (though I can't remember where) about making a pure fusion bomb without the need for a fission trigger. It involved using tritium and a class a VERY high velocity high explosives known as ballotechnics. According to this article, these bombs could be made as small or smaller than a simple fission bomb and would be much harder to detect, the upshot being that this kind of device was more of a concern than a fission bomb vis a vis terrorist useage. Does anyone have any more technical details on this type of fusion device? I'll have to see if I can dig out that article sometime. Ken = Ken Kirksey And the Clinton administration launched an attack on = = kkirksey at world.std.com people in Texas because those people were religious = = Mac Guru & Developer nuts with guns. Hell, this country was founded by = = religious nuts with guns. - P.J. O'Rourke = -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLlsSZesZNYlu+zuBAQHbxAP9HEFBKAyEgCGFdazub6WlGoqa9Kn/dX+1 LiwwNFA5i+ripKd9MaQbDBCqJOSNyy5Pj/4O7H8K0SBasWVkwzWNrmQ2tShnrFkm tDk9rsyhzbWKVNcJUxbpz/zlmuxtIAx8MYMW3LueqWCNDESUKQA46DWZ0owe8P1g JLHNADQgVHs= =eUAH -----END PGP SIGNATURE----- From jamesh at netcom.com Wed Aug 24 10:42:16 1994 From: jamesh at netcom.com (James Hightower) Date: Wed, 24 Aug 94 10:42:16 PDT Subject: Using PGP on Insecure Machines In-Reply-To: <9408241335.AA03303@snark.imsi.com> Message-ID: <199408241742.KAA17319@netcom17.netcom.com> Tim sez: > What is being missed here is the issue of where the PGP operations are > being done. If done on a machine outside the direct control of the > user, obvious security holes exist. Perry sez: > Also importantly, the user interfaces for PGP simply suck as it > stands, making people like Tim uninterested in going through the > rigamarole needed to use it on a day to day basis. The real revolution > isn't going to come until people are able to use PGP and the rest both > reasonably securely without it being especially noticable that they > are doing so -- and that is a while off. Which brings me to the question; "What ARE people using, and what are they GOING to use?" Can anyone point me to a survey of the most used ways for e-mail to get on the net, and what will be most used in the future? The problem of insecure machines can be dealt with, but right now I have only knowledge of the insecure machine I use for email, and how I deal with it. If no such surveys exist (which I find hard to believe) than I'll do one myself. Also, with this NII/SuperDuperHighway/Infobahn thing happening in the U.S., and the impending market war between Microsoft, Sega, Nintendo and Scientific Atlanta to supply the Set Top Box that will give John Q. Consumer his movies-on-demand and access to the SuperMall(TM) and, incidentally, his E-mail capability, it might be a good thing to know in advance what J. Q. Consumer will be using so that we can be there with strong, usable crypto when he gets there. JJH -- From sw at smds.com Wed Aug 24 10:42:23 1994 From: sw at smds.com (Steve E. Witham) Date: Wed, 24 Aug 94 10:42:23 PDT Subject: College Email Monitoring Refs? Message-ID: <9408241715.AA07272@smds.com> A friend relates how their college computer administrators "reserve the right" to keep all email messages and read them at will. Would someone send me some references to groups who are dealing with this sort of situation? Please mail to my home address: sw at tiac.net Thanks, --Steve From 0045642 at CCMAIL.EMIS.HAC.COM Wed Aug 24 11:04:37 1994 From: 0045642 at CCMAIL.EMIS.HAC.COM (John L Tocher) Date: Wed, 24 Aug 94 11:04:37 PDT Subject: Windows Front End PGP 2.6 Message-ID: Does anybody know where I can find a windows front end that works with PGP 2.6? Any feedback on this would be appreciated! Thanks, John Tocher ????Windows front end: PGP WinFront from Ross Barclay???? From adam at bwh.harvard.edu Wed Aug 24 11:15:27 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 24 Aug 94 11:15:27 PDT Subject: Anonymous questionnaires In-Reply-To: <199408241524.IAA26120@netcom7.netcom.com> Message-ID: <199408241814.OAA02922@walker.bwh.harvard.edu> Lucky Green: | My partner is a participant in a long term psychological study. I have been | asked to fill out a questionnaire to aid in this study. Some of the | questions address issues that I would never answer non-anonymously. After | speaking with the research director, I ended up with the following problem: | is there a way that would allow the institute to | | 1. Correlate my answers to the answers of my partner. | 2. Verify that I have indeed sent in a filled out questionnaire (and send | me a check for participating). | 3. Allow a supervisory agency, such as the U.S. Department of Health and | Human Services, to verify that the researchers did not just make up all the | data - that is to allow an audit. | 4. Protect my privacy by making it impossible to correlate my name to the | answers given. | | I would very much like to help to advance medical knowledge, but am | concerned what might happen once the institute is forced to hand over all | accumulated data to the Kommunal Kare Kontrol Kommittee under the Health | Care and Crime Prevention Act of 1998. Correlation is easy; assign people consecutive numbers or somesuch. If both participants are anonymous, no problem. Could you bring by the questionnaire by hand, in exchange for cash? If not, how about a money order and a PO box? The audit part of this is the tough part. Would the HHS care to agree to a broadcast means of verification? Would participants 44, 71 and 94 please come into the re-testing center to verify their participation? There could be a zero knowledge proof of some type to demonstrate that you are really patient 94. I doubt that the HHS would be agreeable to that. Might want to phone your local ACT-UP chapter, if you have one. AIDS activists tend to be privacy nuts, and they may have protocols for anonymous testing/surveys. Adam From tcmay at netcom.com Wed Aug 24 11:29:35 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 24 Aug 94 11:29:35 PDT Subject: Using PGP on Insecure Machines In-Reply-To: <199408241742.KAA17319@netcom17.netcom.com> Message-ID: <199408241829.LAA11899@netcom14.netcom.com> James Hightower writes: > Which brings me to the question; "What ARE people using, and what are > they GOING to use?" Can anyone point me to a survey of the most used > ways for e-mail to get on the net, and what will be most used in the > future? The problem of insecure machines can be dealt with, but right > now I have only knowledge of the insecure machine I use for email, and > how I deal with it. We did a survey of this nearly 2 years ago, at the second Cypherpunks meeting. Got about 10 main mail programs being used, about the same number of editors, and about as many platforms. > If no such surveys exist (which I find hard to believe) than I'll do > one myself. I think this is a great idea. I suggest we toss around a few questions, to make the poll as useful as possible (and so it doesn't have to be done a second time to fill in missing gaps). Here are a few questions I'd like to see (with *my* answers included to help show context): * Internet service provider: Netcom, SunOS Release 4.1.3 * Accessed via: Macintosh IIci, running VT100 emulator, White Knight 11.14 * Online mail program used (if any): elm * Online text editor used: emacs * Offline mail program used (if any): Eudora 2.0.2 * Offline text editor used: Eudora, Microsoft Word, etc. (any Mac program) * PGP version used: MacPGP 2.3 In the poll of two years ago, this was abbreviated into a message like: "Netcom/elm-Eudora/emacs/MacPGP 2.3" for easier processing. And the poll taker could simply list all the one-line responses so as to give developers/readers a better feel for the environments being used, a la: "Netcom/elm/emacs/PGP 2.6ui" "CRL/emacs/emacs/PGP 2.7" "Linux/xmail/pine/PGP 2.3" "AOL/??/??/not allowed" etc. > his movies-on-demand and access to the SuperMall(TM) and, incidentally, his > E-mail capability, it might be a good thing to know in advance what J. Q. > Consumer will be using so that we can be there with strong, usable > crypto when he gets there. Here I differ, as I don't think we can plausibly do a poll of what "J.Q. Consumer" is using, or plans to use. That's a huge job, fraught with polling problems. And J.Q. Consumer himself has no idea of what he "will be using," so why bother? I had assumed the poll was of *us*, which is both a manageable poll to take, and a useful one. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From paul at poboy.b17c.ingr.com Wed Aug 24 11:37:19 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Wed, 24 Aug 94 11:37:19 PDT Subject: Using PGP on Insecure Machines In-Reply-To: Message-ID: <199408241837.AA14936@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > At the risk of repeating myself, what's the problem with wrapping PGP in > a shell script? Works for me - see a previous mailing, complete with > wrapper scripts. I can send either encrypted or just signed email > without especially noticing it. At the risk of repeating what Tim's said in the past, shellscript wrappers are useless to people who use Macs, Windows/WinNT, and so on. At the risk of repeating what Tim, Perry, and several others have said, using PGP- with or without shell scripts- on a machine which you do not physically control is also risky. - -Paul - -- Paul Robichaux, KD4JZG | Demand that your elected reps support the perobich at ingr.com | Constitution, the whole Constitution, and Not speaking for Intergraph. | nothing but the Constitution. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLluTZqfb4pLe9tolAQEUUAP9F3gnvVC3HXvx2lB8RZzJaS/xdSkbldqp sH2WN0WdqZ/R+SJstCC1KL/Z4gd0fQAShIlyxG41pWkFVtQpCYXY4lR7ScX4/4/b F78BcBHtz+2wIWq1CO0DnCxjOcgAZNvzhCzJUMr8l4AS2kfiMLh8r0uSUsq7jq93 vGNiBJu0+Ys= =OQO0 -----END PGP SIGNATURE----- From jamesd at netcom.com Wed Aug 24 11:55:55 1994 From: jamesd at netcom.com (James A. Donald) Date: Wed, 24 Aug 94 11:55:55 PDT Subject: Surveying consumer demand for the info highway In-Reply-To: <199408241742.KAA17319@netcom17.netcom.com> Message-ID: <199408241855.LAA17349@netcom7.netcom.com> James Hightower writes > it might be a good thing to know in advance what J. Q. > Consumer will be using so that we can be there with strong, usable > crypto when he gets there. High Tech industry has considerable experience with surveys of consumers for nonexistent products. Such surveys are useless at best, and dangerous at worst. The survey invariably shows one of two things: 1. Whatever the Science fiction writer who rigged the questions wishes it to show. 2. The consumer wants what he has already and does not want anything different. Back in the dim early days of computing they took a survey to have consumers (secretaries) design a word processor. Numerous marketing experts took part in this study. They concluded that consumers wanted a word processor that worked just like a typewriter, and the UI specs were drawn up accordingly. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jdd at aiki.demon.co.uk Wed Aug 24 12:06:38 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 24 Aug 94 12:06:38 PDT Subject: Voluntary Governments? Message-ID: <7605@aiki.demon.co.uk> In message <199408231846.NAA08977 at zoom.bga.com> Jim choate writes: > You strike me as a person who trusts governments. Thank you. I am an American who has spent has most of his adult life outside the USA because (a) bureaucratic errors ruined my career prospects, (b) my involvement in the Indochina wars left me sickened by American stupidity and convinced for life of the futility of large-scale government enterprises, (c) [later] certain elements in the Federal Gov't had it in for me (they had me up in front of a grand jury at one point), (d) certain political bureaucrats at other levels of government felt the same way and sued me for millions, and (e) American blindness to the outside world is sometimes very hard to take. I trust the government to extort every penny they can from me and then to waste it on idle bureacrats and in the pursuit of votes. I trust government to be arbitrary and stupid. Need I go on? However, I also understand that government performs certain essential functions. Where I grew up in California, there were still people living who could remember Mexican bandits raiding across the border. And I teach my children that if they are in trouble they should look for a policeman. And they go to school to learn things that they can't or won't at home. But the discussion was about the use of certain words, including "government". There are people on the list who insist on using the word in an abnormal way and then attack those who use it in a normal way. My preference for clean and simple English does not make me a lackey of "the government". -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 24 12:06:47 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 24 Aug 94 12:06:47 PDT Subject: Voluntary Governments? Message-ID: <7607@aiki.demon.co.uk> In message <9408232042.AA18345 at fnord.sybgate.sybase.com> Elton Wildermuth writes: > Here's the closest applicable dictionary definition of "government", The closest "applicable" definition is not the SOLE definition, it is only definition 1 in your dictionary, and even then [I won't go into boring detail] the dictionary meaning is wider than the narrow reading you are trying to apply to it. > "Rule", or "political ... control" are only ever exercised through force. > People keep using that word, "enforce", without looking carefully at it. > >From the same dictionary: "to put or keep in force; compel obedience to." Have you never admired someone so much that that person's displeasure was a compelling force? > >I grew up in a small town of 5,000. It had a city government. The > >county government was in the same town. No one denies that California > >has a government, I think. And then there was the US government. And > >we had city police, the sheriff's office, the Highway Patrol, and the > >FBI paid an occasional visit. > > Uh ... you _do_ understand that that's a specious argument, yes? Uh ... you _do_ understand that that is a silly comment, yes? I was illustrating some of the common uses of the word. Linguistic arguments are best met with linguistic replies, not political bullshit. Your insistence that there is only one 'true' government in the United States, and that all other governments are in some sense derivative, does not agree with my reading of the US Constitution, but this is not a matter that I, for one, will pursue. > Here, someone will surely object that by this definition, the Mafia can > be considered a government. Well, yes, of course. It has quasi-governmental functions in southern Italy. > Well, if they can successfully kick the > existing thugs off of some plot of ground, and then defend it against > all comers, then yes: that's exactly what they'll be. How else do you > suppose that governments become established? This is supposed to be a revelation? -- Jim Dixon From jdd at aiki.demon.co.uk Wed Aug 24 12:09:19 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Wed, 24 Aug 94 12:09:19 PDT Subject: DSPs (was: Nuclear Weapons Materials) Message-ID: <7609@aiki.demon.co.uk> In message <9408241340.AA03320 at snark.imsi.com> perry at imsi.com writes: > > I've been wondering recently, by the way, about what advantages doing > some of this stuff on DSPs might have. DSPs are not magical chips, but > they are optimized for a few tasks, including, typically, fast integer > multiplies. More precisely, fast integer inner products. > IDEA and modular exponentiation both require lots of fast > integer multiplies. Would it make sense to use DSPs as co-processors > to things like Pentiums to speed up these processes? -- Jim Dixon From usura at vox.hacktic.nl Wed Aug 24 12:13:46 1994 From: usura at vox.hacktic.nl (uSuRa) Date: Wed, 24 Aug 94 12:13:46 PDT Subject: Nuclear Weapons Material Message-ID: khijol!erc at apple.com (Ed Carp [Sysadmin]) writes: :> In a fusion, or H Bomb, the tritium (which is just hydrogen with an :> extra two neutrons) is that which produces the boom -- the main fuel, :> as it were. Its a "neutron source" only in the weakest possible sense :> -- the same way dynamite might be considered to need nitroglycerine as :> a "neutron source". (I'm not sure that people outside of the bomb :> building industry really know *for sure* what the geometries used in :> the atomic weapon that sets off the fusion reaction.) : : I don't understand your point. The earliest devices used a pie shape : with a wedge cut out. The actual geometry is rather unimportant to : getting a fission reaction - but it *is* important if you want to : maximize your yield. One doesnot need to detonate the Uranium/Plutonium one can poison the watersuplies and make havoc with The Simple Bear Necessities of life. -- Exit! Stage Left. Alex de Joode From usura at vox.hacktic.nl Wed Aug 24 12:14:10 1994 From: usura at vox.hacktic.nl (uSuRa) Date: Wed, 24 Aug 94 12:14:10 PDT Subject: Remailer-list pinging frequency Message-ID: raph at kiwi.CS.Berkeley.EDU (Raph Levien) writes: : 1. Encrypt the ping, so it looks like so much PGP traffic. A good idea, if a c'punk remailer cannot decrypt a message it should be considerd "down". : 2. Pad it with a random amount of junk (but not _too_ much :-), so : traffic analysis based on size will fail. That would be the start of RemailerNet. :) : 3. Chain it through other remailers. A good approach might be to : choose two random remailers out of the "top five," and sandwich rebma : between them. The drawback is that it penalizes rebma for their : latency and failure rate, but this might be acceptable. One question about your "suggested path", it looks like you thake the tree fastes remailers [if using kiwi.cs.berkeley.edu]. If the two remailers from Hal Finney are consecutive [ie. 1 and 2 fastes] a suggestion to mail from alumi to portal would IMHO be wrong, because for security reasons both remailers should be regarded the same, since they are operated by the same person. [same goes ofcourse for the usura at hacktic.nl and the vox.hacktic.nl remailers wich are operated by me] -- Exit! Stage Left. Alex de Joode From pierre at shell.portal.com Wed Aug 24 13:18:20 1994 From: pierre at shell.portal.com (Pierre Uszynski) Date: Wed, 24 Aug 94 13:18:20 PDT Subject: Remailer-list pinging frequency Message-ID: <199408242017.NAA04677@jobe.shell.portal.com> Raph Levien (raph at kiwi.cs.berkeley.edu) says: > I believe that I am providing a useful service with my remailer > list, but I have received one complaint about the frequency of > pinging. If I may suggest without implementing :-) use adaptive pinging. There is little point in sending one ping per hour while getting no answer, then getting 24 answers all at once, and then doing the same thing all over again the next day... A more general way to put this is that pinging much more frequently than necessary does not give any more info. If you measure up time and latency both in days, there is no need to ping more than once a day. If you measure up time and latency respectively in days and minutes, there is still no need for very frequent pinging. The only case where you need frequent pinging is when a site keeps going up and down and you want to distinguish latency due to down periods from operating latency.... But from a practical standpoint, these need not really be distinguished. Most mailers are configured correctly to retry failing connections, so that connections that are down only for a few hours are seen only as long latency. In conclusion: Start with pings at random phase, and 180 minute period. If for the last 16 pings of average period n minutes (random phase), the average latency is more than 4xn minutes, triple the period. Use a maximum period of once a day. If the average latency is less than n minutes, divide by three the period. Use a minimum period of one hour. You could do the same thing for very stable sites (stable latency): they require less pinging. Short latency stable sites need not be pinged every hour. The rule may have to be fixed a bit one way or the other, but it would help both your pinging script and slow remote sites (personal remailers) by cutting traffic for both. Pierre. pierre at shell.portal.com Still, there is no harm in making pinging traffic look more like real traffic. Like you said chaining is questionable for pinging (and if it comes from a remailer site, and goes back to a remailer site, it would not be obvious if it still met 1, 2 and 4): > 1. Encrypt the ping, so it looks like so much PGP traffic. > > 2. Pad it with a random amount of junk (but not _too_ much :-), so > traffic analysis based on size will fail. > > 3. Chain it through other remailers. A good approach might be to > choose two random remailers out of the "top five," and sandwich rebma > between them. The drawback is that it penalizes rebma for their > latency and failure rate, but this might be acceptable. > > 4. Randomize the time that the ping is sent. From jim at bilbo.suite.com Wed Aug 24 13:43:17 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Wed, 24 Aug 94 13:43:17 PDT Subject: Anonymous questionnaires Message-ID: <9408242034.AA29793@bilbo.suite.com> Lucky Green asks how to: 1. Correlate my answers to the answers of my partner. 2. Verify that I have indeed sent in a filled out questionnaire (and send me a check for participating). 3. Allow a supervisory agency, such as the U.S. Department of Health and Human Services, to verify that the researchers did not just make up all the data - that is to allow an audit. 4. Protect my privacy by making it impossible to correlate my name to the answers given. The following a complicated and impractical solution (but it was a fun exercise): First, assume everybody participating in the study is on the Net and is crypto savvy. :-) Each participant generates a new public-key pair for the study. The supervisory agency generates a new public-key pair and gives a copy of the public key to each participant. They do not give a copy to the researchers. The researchers generate a new public-key pair and give a copy of the public key to the supervisory agency and each participant. Finally, each participant generates a symmetric key, blinds it, and has the supervisory agency sign the blinded symmetric key. Ok, assume Bob and Alice are a couple participating in the study. Bob and Alice each get a copy of the questionaire, the researcher's public key, and the supervisory agencies' public key. They each generate and blind a symmetric key and have it signed by the supervisory agency. Bob fills in his copy of the questionaire and then signs an MD5 hash of his completed questionaire. Alice does the same. Bob gives his signed hash value to Alice and Alice gives her signed hash value to Bob. Bob appends Alice's signed hash value to the end of his completed questionaire. Alice appends Bob's signed hash value to the end of her completed questionaire. Neither sees the other's completed questionaire. Bob now signs his questionaire with his private key. Alice signs her questionaire with her private key. Bob encrypts his (now signed) questionaire and his public key with his symmetric key. He next encrypts the signed (and now unblinded) symmetric key with the supervisory agencies' public key. Finally, he encrypts those items, along with a cleartext copy of the completed and signed questionaire, with the researcher's public key and e-mails the result to the researchers using a chain of anonymous remailers. :-) Alice does the same. Ok, the researches receive an anonymous e-mail message from somebody (call him Ted) that is encrypted with their public key generated specifically for this study. They decrypt the message and get four items: Ted's completed and signed questionaire, Ted's encrypted and signed questionaire, Ted's encrypted public key, and Ted's encrypted and signed symmetric key. Since Ted's public key is encrypted with his symmetric key and the symmetric key is encrypted with the agencies' public key, the researchers cannot read these items. Also they cannot verify the signature on the cleartext copy of the questionaire. However, they check that everything appears to conform to the requirements of the test, so they credit Ted with completing the questionaire and e-mail him (via the encrypted reply block) an IOU signed by the researcher's private key. More on the IOU later. The researchers collect all the anonymous replies and send them as a group to the supervisory agency. The supervisory agency decrypts all the encrypted symmetric keys using its private key, validates the signatures on those keys, then uses the symmetric keys to decrypt the participants' public keys and encrypted questionaires. Since the symmetric keys were blinded when the supervisory agency signed them, the agency does not have enough information to be able to determine which participant completed which questionaire. All the agency can do is verify that the questionaires were completed by people who had symmetric keys signed by the agency. Since the questionaires where e-mailed to the researchers via anonymous remailers, the researchers can't collude with the supervisory agency to determine who complete which questionaire. The agency sends the decrypted public keys and questionaires back to the researchers. The purpose of the signed symmetric keys was to help prove to the agency that the researchers did not fabricate the study results. This is not perfect, the researchers could have pretended to be all of the participants and could have filled out all of the questionaires. However, if they did that, they would be unable to produce any real participants, if they were ever challenged. The researchers use the decrypted public keys and the signed MD5 hashes to group the questionaires into related pairs. The researches can compare the decrypted questionaires sent back from the agency with the plaintext copies received from the participants to verify that the supervisory agency did not substitute any of the real questionaires with bogus ones. The researchers can now analyze the questionaire data, but they don't know which participant filled out which questionaire. However, the researchers do know which questionaire is paired with which other questionaire. More on the IUO: How does a participant redeem the IUO without revealing information which could allow the researchers or the supervisory agency to pair them up with their completed questionaire? Well, the IUO is really a blinded message sent to the researchers in the anonymous message along with the other stuff. If the researches are satisfied with the plaintext questionaire, they will sign the blinded IUO and send it back via the encrypted reply block. The participant unblinds the signed IUO. The participant can now redeem the IOU offline without giving anyone any information other than the fact the person was a participant in the study. Of course, if there was real anonymous digital cash, there would be no need to use an IOU. How to prevent a totally fabricated study: As mentioned above, the researchers could fabricate the entire study by pretending to be all of the participants, getting known symmetric keys signed and so forth. How can the supervisory agency determine the difference between a real anonymous participant and a bogus anonymous participant? It is at this point that we have to step out of cyberspace and back into the real world. Ideally, the supervisory agency needs to determine two things: 1) All of the participants were real people. 2) None of the participants colluded with the researchers. Requirement 1 can be satisfied by having the supervisory agency redeem the IOUs using money they escrowed on behalf of the researchers. When the participant comes in to redeem the IOU (or snail mails it in), the supervisory agency can check the ID (driver's license, SS#, whatever) of the participant, verify the signature on the IOU, and hand over (or mail) the check. The signed IOU will not give the agency the ability to determine which questionaire the participant filled out. I know of no way to enforce requirement 2 without violating the anonymity of the participants. The researchers could hire a bunch of people to redeem bogus (but correctly signed) IOUs, fooling the supervisory agency. The only way I can think of to prevent participant/researcher collusion is to have independent auditors standing over the participants while they fill out the questionaires. Not what Lucky Green had in mind, I'm sure. So anyways, there it is, a complex and impractical solution that still doesn't solve all the problems. Oh well. Time to go back and work at my real job. Jim_Miller at suite.com From bdolan at well.sf.ca.us Wed Aug 24 13:58:31 1994 From: bdolan at well.sf.ca.us (Brad Dolan) Date: Wed, 24 Aug 94 13:58:31 PDT Subject: U & Pu "poisoning of the environment" Message-ID: <199408242058.NAA16914@well.sf.ca.us> >From: IN%"usura at vox.hacktic.nl" >To: IN%"cypherpunks at toad.com" >CC: >Subj: RE: Nuclear Weapons Material [discussion about basement bomb building deleted] >One doesnot need to detonate the Uranium/Plutonium one can poison the >watersuplies and make havoc with The Simple Bear Necessities of life. >-- >Exit! Stage Left. >Alex de Joode Well, I wouldn't want to snort the stuff daily, but its toxicity has been overrated in the popular press. Epidemiologic studies of workers [even wartime workers with impressive body burdens/ exposures] in a number of uranium bomb-making centers have found ~ no health effects. I haven't heard much about Pu-workers. Groeten, bdolan at well.sf.ca.us  From cactus at bb.com Wed Aug 24 14:42:38 1994 From: cactus at bb.com (L. Todd Masco) Date: Wed, 24 Aug 94 14:42:38 PDT Subject: Using PGP on Insecure Machines In-Reply-To: Message-ID: <33gf5d$fi3@bb.com> In article , Ed Carp [Sysadmin] wrote: >At the risk of repeating myself, what's the problem with wrapping PGP in >a shell script? Works for me - see a previous mailing, complete with >wrapper scripts. I can send either encrypted or just signed email >without especially noticing it. Okay, I'm the Evil NSA Sysadmin from hell. I want to collect all the info available on my users. The NSA gives me $50 per keypair, snitch money. Or I just like to be able to read all your mail, and would like to have the option of, at some point, forging something from you. So, I replace the shells on machines under my control with programs that invoke something like tee(1) to split stdin and stdout to files and then execs the intended shell. For good measure, I overwrite the process entry in the running kernel. So I now have a files of every keystroke you type, and if I'm clever about how I do it (I will be), I can correlate them with the stdout. I just search for "pgp" and bingo: I've got your passphrase. Since I'm root, getting your keyfiles is trivial. Your keys are toast, and you don't even know it. There are a gazillion other ways the ENSFH could have done this: monitoring your /dev/tty vector in the kernel would be far more subtle, for example. The key thing to remember is that the computer isn't your tool: it's the tool of the people with root. Not only that, but I don't even have to steal your keys: the plaintext will exist at some time, and I can trap that -- by only twinning your stdio. The network security is almost as important, since there are probably many more malicious people outside your machine than inside. So, if you're running UNIX, you'd damn well trust everyone with root, run a logging /bin/login, be behind a firewall, replace the crypt that passwd uses with some transformation, put shadow passwd files in place, make crypt log usage and place appropriate monitoring software to watch the logs, monitor the machine from another machine behind your firewall, and a host of other things. Security is not easy -- Tim's point is that you can't get it by just running some package; If you think you can, you're fooling yourself and everytime someone puts on a securer-than-thou-because I run PGP air, they're showing themselves to be totally clueless. This is all very rudimentary -- come on, you've got to be paranoid where security is concerned. There are many vectors of attack and you've only got to miss the one that someone tries to lose big. -- L. Todd Masco | "Large prime numbers imply arrest." - Previously meaningless cactus at bb.com | grammatically correct sentence. Now... From sq0nk at alt.anonymous.messages Wed Aug 24 14:46:24 1994 From: sq0nk at alt.anonymous.messages (Random Factor) Date: Wed, 24 Aug 94 14:46:24 PDT Subject: Message for 0x7CF5048D Message-ID: <199408242108.AA06498@xtropia> sorry to inflict this on everyone. i've redirected followup elsewhere. randy -----BEGIN PGP MESSAGE----- Version: 2.6 hIwCDYaeGXz1BI0BBACzJWMo49PMXrCnV5SLci/MqoUmldyAPY3WCyhOC/PYB++X Bpb+zOqs3kTJpaT0f9hwpiLHpB96lPkxjFHAP9k+lgekjGpMcICB/6xBjp8S1D0q L7wmiwZ933HUEorPrPOIlVJ/7Ufv8Y1uJbTZR7CTDoYlU4IP3Y/IE8/tWoIghKYA AAQw9t6doZJceiZVYBkY3TwgH1pTZdfvDTTssyucqkp6A09ClKpEgzzfKZnAXYZ8 c/QXd8thWqcLBERx4aPXfcW09w8knO6DUZgkk3pFHmdGshp3/gcTaO/ko8ecbI7V OnzPn5hjONWRYGuYB9praK5Fe/j//UVjTlaY3Tb5QY1lK+GSLFU7ktiuMXqagQYK 72mN8wpCZZlh1eGThu89UwsGjfiqFzvpmJTWa9+U1VtX+DNXlOYkcC5K5gqmDb97 XuDNakLX79O4wjeBJVx5xOglqEHS+wnt09EwG+IuwLxgPPVKpnm0qhAJNyt8Syhj XLiAaqlShOQIaXNp/qWKGrrIMcDvzBBI/2LlXHJZ/h5Ykl/c4/+FeqYOx26uMbCk SiI4LRsvwFE9cR/jlgPyzGRVsLB6WagUN8uhLXkxQKwMNlDSU5ZFOQSOZ2HuYwZc EgDQwtSXEgFBNgCKGhogQ2SyEj0GnH2bDLPxiGgM1svL1VzwogvgV6mS0wLed56V qT8pXdCSzY7LJCvVJ2kmnsqMl5y9E1wmqujeBQdIhr/SqJ2W4PXTgHiyYxKUvOWK 6SJdxMxCWdO8Vhr9oqpERSn0RuC2wsroNiposGaIvtzha5P975QmNZJDzupcCtmQ T8bXvK9loVfuKxtxgH2rc8IFjHPWhqrIkvUaq6mOUajIiY+DKzT1X6+Pus7RKnl+ EMdavCLY8tynKzkiHobPK5eUSo9XrwYMfaMCibAS+2DXFD83CDK7AoUfRnLA73ID xHb6TRw3ocHfKRyk8n+mwj6VEGN4RQIy1rgAtildynQCJC3H7qW6CAJQ/kfojBLf Cu+Au8GiPyGR8u3m2tgZgI4sqibOn5Xd5q5Ju4OiTYWZiXuQFjHiDUfTCQLojjf0 F8x33jl+c3jjyNM+L4xBs8mqXOFyvGaeQY1IyrAMYddVWHXU/NwJk/S73UBCXAaz i3r16GH7QsQ2GQiNvjqitkZOnP7rRgn2DExXnN2WrMbQID8kCV5WU8kGlKkdhPUK KxrpL6dJ49gPVOSxvRwWXujXaWvpKGtwBQ9sk6fVvhqilmA3TtSJ0u+vpPIWzSJ7 idML1PW5UG+E4j5lJpvZAwUEB9DRs54b1zlZ2kThDlic4R9N5akHvih8dimT/iFK qXxHt7nsExCW5kX0HFJVxj+4iEw77w7W9evo+M7JJW9ZWcNxk8P1SoYpD8I57b0c OUv+znOMbYcZqex2UuO0BworlIf+hEjS1spgUU8YlWvJaqRt7vQ0iXkGvebhYmTT BPM8AiPrJpQzoBEwBdDZ6ytWkbBTjb9UpDH/KFHPB+T1hRzB1DYuwI6nodIwh4aW zsWBahfhVtxZwRAHoC+ii70wedl28nwz+mAdBFvNl4Lh9WjYtE8x9pue2iCmWTuY X5Ts8zreyBD9a87/NbPcqucuhQ== =R4uo -----END PGP MESSAGE----- From merriman at metronet.com Wed Aug 24 14:49:38 1994 From: merriman at metronet.com (merriman at metronet.com) Date: Wed, 24 Aug 94 14:49:38 PDT Subject: U & Pu "poisoning of the environment" Message-ID: >Well, I wouldn't want to snort the stuff daily, but its toxicity >has been overrated in the popular press. > >Epidemiologic studies of workers [even wartime workers with impressive >body burdens/ exposures] in a number of uranium bomb-making centers have >found ~ no health effects. > >I haven't heard much about Pu-workers. Well, there you go - that's your answer. :-| - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From shamrock at netcom.com Wed Aug 24 15:01:04 1994 From: shamrock at netcom.com (Lucky Green) Date: Wed, 24 Aug 94 15:01:04 PDT Subject: Anonymous questionnaires Message-ID: <199408242201.PAA05831@netcom7.netcom.com> You wrote to my question regarding anonymous questionnaires: >I don't know if the researchers are willing to change their methodology just >for you, but it's easy to meet all the requirements you listed: Put your >questionnaire answers in a blank envelope and seal it. Enclose the blank >envelope in another envelope. The outer envelope has your name and various >other information, i.e., everything needed to create the audit trail. When >it arrives, the researchers (whom you must trust) open the outer envelope, >remove the blank inner envelope, and toss it irretrievably into a pile with >all the other blank inner envelopes. There would be no record of which >questionnaire went with which respondent, but there would be a clear record >of who's responded and who hasn't. This system would not provide > 1. Correlate my answers to the answers of my partner. -- Lucky Green PGP public key by finger From shamrock at netcom.com Wed Aug 24 15:01:11 1994 From: shamrock at netcom.com (Lucky Green) Date: Wed, 24 Aug 94 15:01:11 PDT Subject: Anonymous questionnaires Message-ID: <199408242201.PAA05838@netcom7.netcom.com> You wrote to my question about anonymous questionnarires: > Correlation is easy; assign people consecutive numbers or >somesuch. If both participants are anonymous, no problem. Could you >bring by the questionnaire by hand, in exchange for cash? No, they are too far away. >If not, how >about a money order and a PO box? > They would still need my name. > The audit part of this is the tough part. Would the HHS care >to agree to a broadcast means of verification? Would participants 44, >71 and 94 please come into the re-testing center to verify their >participation? There could be a zero knowledge proof of some type to >demonstrate that you are really patient 94. > Can someone suggest a way to accomplish all this? TIA, -- Lucky Green PGP public key by finger From sdw at lig.net Wed Aug 24 15:35:16 1994 From: sdw at lig.net (Stephen D. Williams) Date: Wed, 24 Aug 94 15:35:16 PDT Subject: Anonymous questionnaires In-Reply-To: <199408242201.PAA05831@netcom7.netcom.com> Message-ID: > > You wrote to my question regarding anonymous questionnaires: > > >I don't know if the researchers are willing to change their methodology just > >for you, but it's easy to meet all the requirements you listed: Put your ... > This system would not provide > > > 1. Correlate my answers to the answers of my partner. > > > -- Lucky Green PGP public key by finger Easy: you and your partner each write the same large random number on the inner envelopes... Even if there were collisions, it wouldn't affect statistical results. Multiple partners could be handled this way. An auditing agency could be hired to do the envelope opening. An electronic version of this should be easy, but the envelope scenario is a good description of the idea. (To the non-cryps.) (Funny recycling of crypts gang name... Who are the Bloods? Gov?) sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From blane at squeaky.free.org Wed Aug 24 15:36:10 1994 From: blane at squeaky.free.org (Brian Lane) Date: Wed, 24 Aug 94 15:36:10 PDT Subject: Nuclear Weapons Material In-Reply-To: Message-ID: On Tue, 23 Aug 1994 khijol!erc at apple.com wrote: > > At the risk of pushing this even further from cryptography, I should > > say that tritium is used in the "boosting" of *fission* weapons. A > > mixture of tritium and deuterium is injected into the exploding > > fission core to increase the "alpha" (neutron multiplication "gain") > > of the system. The D-T thermonuclear reactions themselves contribute > > relatively little energy, but the increase in fission efficiency can > > be dramatic. > > Been reading our Tom Clancey, have we? I would recommend 'The Secret that Exploded' by Howard Morland Describes H-Bombs in a language that we can all understand. Brian ---------------------------------------------------------------------------- Linux - the choice of a GNU generation | finger blane at free.org "A little rebellion now and then is a good | for PGP key thing" - Thomas Jefferson | ---------------------------------------------------------------------------- From claborne at microcosm.sandiegoca.NCR.COM Wed Aug 24 16:16:57 1994 From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris) Date: Wed, 24 Aug 94 16:16:57 PDT Subject: Computer Security Conference & Exibit Message-ID: <2E5B978B@microcosm.SanDiegoCA.NCR.COM> Has anyone been to the Computer Security Conference & Exhibition? If so, what did you think of it. I am thinking of goin to the 21st annual on Nov 14-16 in Washington D.C. PGP key signing party??? 2 -- C -- From rfb at lehman.com Wed Aug 24 16:36:21 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 24 Aug 94 16:36:21 PDT Subject: Using PGP on Insecure Machines In-Reply-To: <199408240630.XAA26030@netcom4.netcom.com> Message-ID: <9408242328.AA12758@fnord.lehman.com> From: "Timothy C. May" Date: Tue, 23 Aug 1994 23:30:18 -0700 (PDT) Yes, some of you PGP fans may say "Sigh!" when you hear that I don't particularly like downloading-and-then-decrypting a message only to find it saying, "Gee, Tim, isn't this PGP stuff really neat?" Too bad. Actually, my sigh included a bit of ``Gee, I thought this guy was supposed to be one of the mega-rich, so why's he so low-tech that he can't run PGP, etc at home.'' As to the security, using PGP in the way that I do routinely is more secure than not using it -- the number of people who have the special access that would ease the cracking effort is limited. Also, the key that I advertise is not my only key. To the best of my knowledge, my secure key pair has never had either the public or private part touch a hard disk, much less a network. I'm happy that you PGP fans are thoroughly infatuated with using PGP for everything. Just knock off the clucking and sighing about those who don't see it as the end-all and be-all of today's communications. It reeks of fanaticism. Oh puhleeeze . . . . Trying to get strong crypto to be commonplace is hardly the most fanatical thing that gets discussed on this list. Rick From solman at MIT.EDU Wed Aug 24 16:47:28 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Wed, 24 Aug 94 16:47:28 PDT Subject: Voluntary Governments? In-Reply-To: <9408232042.AA18345@fnord.sybgate.sybase.com> Message-ID: <9408242346.AA18374@ua.MIT.EDU> > Of course we can -- it happens all the time. However, this time I > haven't usurped the meaning of anything. Force -- the threat or actual > use of violence -- is the essence of government. You just said so > yourself: "enforces laws". This is how we got into this in the first place. You CAN enforce laws in cyberspace without the use of physical realm force. You can form a fairly potent government using economic coercion. [monetary deposits, denial of communication, and out right banishment]. This rather unfortunate thread started because people objected to my use of the term government when refering to a cyberspatial entity that makes and enforces laws... without force. > Here's the closest applicable dictionary definition of "government", > taken from the Random House Dictionary of the English Language: "1. the > political direction and control exercised over the actions of the members, > citizens, or inhabitants of communities, societies, and states; direction > of the affairs of a state, community, etc.; political administration." > This is amplified by looking at "govern" in the same dictionary: "1. to > rule by right of authority, as a sovereign does." Yup. > "Rule", or "political ... control" are only ever exercised through force. Nope. Because of the nonlinear nature of an information economy [the total value of information is greater when shared in a communty], the power of a cybergovernment to banish citizens gives it the abilility to enforce its regulations. This power is enhanced substantially by the availability of cryptographic protocols to escrow e-cash and withdraw fines from it. And despite my anarchic tendencies, I think it is important that relatively powerful cybergovernments come into existence. If they don't, if the average Joe is not able to enter cyberspace and feel secure, then physical realm governments will absolutely insist (more than they do now) on extending their authority into cyberspace and it will take a fair part of my lifetime before they realize its futility. JWS From rfb at lehman.com Wed Aug 24 16:58:40 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 24 Aug 94 16:58:40 PDT Subject: PGP use In-Reply-To: <199408240837.BAA25937@netcom14.netcom.com> Message-ID: <9408242350.AA12962@fnord.lehman.com> From: "Timothy C. May" Date: Wed, 24 Aug 1994 01:37:39 -0700 (PDT) What is being missed here is the issue of where the PGP operations are being done. If done on a machine outside the direct control of the user, obvious security holes exist. I don't suppose that you'd care to describe a situation with absolutely no security holes, would you? If not, can we conclude that any attempt to do anything related to security is, in your opinion, silly? What's wrong with the following approach: - Try to control what you can control. - Try to recognize what you cannot control. - Try to reduce the second set in favor of the first. Using PGP on Unix systems where you are not root *does* have a place in this framework. Rick From cjl at welchlink.welch.jhu.edu Wed Aug 24 17:25:36 1994 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Wed, 24 Aug 94 17:25:36 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408241310.AA03276@snark.imsi.com> Message-ID: On Wed, 24 Aug 1994, Perry E. Metzger wrote: > > In a fusion, or H Bomb, the tritium (which is just hydrogen with an > extra two neutrons) is that which produces the boom -- the main fuel, > as it were. Its a "neutron source" only in the weakest possible sense > -- the same way dynamite might be considered to need nitroglycerine as > a "neutron source". (I'm not sure that people outside of the bomb > building industry really know *for sure* what the geometries used in > the atomic weapon that sets off the fusion reaction.) > > Perry > Since the bomb thread won't die a seemly death I thought I'd throw in my .00000002 megabucks. Modern H bombs are actually fission-fusion-fission devices. The traditional U-235 (or Pu-239) atomic bomb sets off a fusion reaction burning the tritium, producing alot of fast neutrons that in turn sets off another fission explosion in the otherwise non-fissile U-238 that is wrapped around the outside of the bomb. More bang for the buck, and it gives you something to do with all that U-238 you got while purifying the U-235. C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From dave at esi.COM.AU Wed Aug 24 17:46:10 1994 From: dave at esi.COM.AU (Dave Horsfall) Date: Wed, 24 Aug 94 17:46:10 PDT Subject: Using PGP on Insecure Machines In-Reply-To: Message-ID: On Wed, 24 Aug 1994 khijol!erc at apple.com wrote: > I think that's because Knuth is rather famous. I imagine that his > mailbox stays rather full ;) He's also trying to complete his "Art of Computer Programming" series... -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD From tcmay at netcom.com Wed Aug 24 18:55:56 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 24 Aug 94 18:55:56 PDT Subject: Actually using strong crypto on a routine basis. In-Reply-To: <9408241130.AA03863@ininx> Message-ID: <199408242017.NAA27225@netcom11.netcom.com> John Kreznar writes: > Stick to your guns, Rick. Even cypherpunks founders can become corrupted. > Here is how Tim's perspective was publically reported a mere year ago: "Corrupted"? A mere "PLONK* is not sufficient for this sort of crap. Disgusted, --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Wed Aug 24 18:56:03 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 24 Aug 94 18:56:03 PDT Subject: Actually using strong crypto on a routine basis. In-Reply-To: <199408241223.IAA02685@pipe1.pipeline.com> Message-ID: <199408242014.NAA26771@netcom11.netcom.com> John Young writes: > No. Tim says: > > Don't do what I do, do what I say. > > Do your homework. > > Clean your room. > > You embarass me. > > Get a job. > > Get a haircut. > > Get a life. > > Don't talk back. > > When I was your age . . . > > Listen to me . . . > > Shut the fuck up. > > I'm sorry, I love you. > > Every parent of rambunctious kids talks like this. > > Sigh. *PLONK* This latest round of insults from you cretins is having the benefit of cutting down the messages I read. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From adam at bwh.harvard.edu Wed Aug 24 19:40:55 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 24 Aug 94 19:40:55 PDT Subject: Anonymous questionnaires In-Reply-To: <199408242201.PAA05838@netcom7.netcom.com> Message-ID: <199408250230.WAA14274@bwh.harvard.edu> Lucky: | You wrote to my question about anonymous questionnarires: | | > Correlation is easy; assign people consecutive numbers or | >somesuch. If both participants are anonymous, no problem. Could you | >bring by the questionnaire by hand, in exchange for cash? | | No, they are too far away. | | >If not, how | >about a money order and a PO box? | | They would still need my name. I think its Duncan who's been talking about secured credit cards. As long as the intent is not to defraud, you can call yourself whatever you want and its legal. So create a temporary psuedonym. | > The audit part of this is the tough part. Would the HHS care | >to agree to a broadcast means of verification? Would participants 44, | >71 and 94 please come into the re-testing center to verify their | >participation? There could be a zero knowledge proof of some type to | >demonstrate that you are really patient 94. | | Can someone suggest a way to accomplish all this? With tools that exist no less. Each participant gets a penet account, and agrees to maintain it for (some time period). Part of their payment is withheld as assurance that the account will be maintained. Each participant chooses a passphrase, and feeds that to S/key, providing the 100th md4 hash of their secret passphrase. They enclose this number in their encrypted response form. They also enclose their participant ID #, and an address. When HHS asks for verification that the participants were real, they select a random set of penet IDs, and mails each of them, asking that they show up, bringing a lawyer to protect them from HHS intimidation and the 99th md4 hash of their secret passphrase. They have thus demonstrated who they are, and can answer questions as they feel relate to them not being in colusion with the researchers. I think that deciding whether or not this is useful would require reading the regulations imposed on the researchers by the agency administering the grant. Adam From solman at MIT.EDU Wed Aug 24 19:47:50 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Wed, 24 Aug 94 19:47:50 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408241227.IAA22728@zork.tiac.net> Message-ID: <9408250247.AA19389@ua.MIT.EDU> > At 10:08 PM 8/23/94 -0400, Jason W Solinsky wrote: > >Well we agree that the selling point is economic efficiency. But "anonymity > >reduces overhead" ? > > I keep getting tangled up in that. I'll try again. Anonymity is not the > issue. Strong Cryptography is the issue. Anonymity comes from strong > crypto. Like I said before, anonymity is the byproduct of using strong > crypto to build a digital cash system. No it isn't. Making a digital cash system secure, scalable and distributed is a non-trivial task, making it anonymous is still more difficult. Guaranteeing anonymity creates alot of problems as was brought out in a previous discussion on license based cash in which it was pointed out that by colluding with consumers a bank can still "mark" bills. > It turns out that in creating an anonymous digital cash system, you can do > very cheap, irrefutable transactions offline in an internetworked > environment. That's cheaper for a whole lot of reasons, a relatively minor > one being the ability to pool the cash without a lot of transaction > recordkeeping. You don't have to know who gave you each piece of money in > order to find who stiffed you, if it happens. I am yet to see a single anonymous digital cash system which could not be implemented more simply if the requirement on anonymity were not made. I would be pleased to be proven wrong. > The reduced overhead increases economic efficiency. What I'm really asking is for an example of this overhead that is being reduced. > There are other reasons > for not doing on-line transactions. Including credit checks, interest > calculations on outstanding balances, vendor reserve requirements, > transaction threading, on-line wait states and bandwidth, etc. It's > considerable. And its going to get more considerable when we have communities of agents arguing with each other. I think we want to solve the problems created by these requirements, not shy away from them. JWS From jya at pipeline.com Wed Aug 24 19:55:33 1994 From: jya at pipeline.com (John Young) Date: Wed, 24 Aug 94 19:55:33 PDT Subject: Actually berating on a routine basis. Message-ID: <199408250254.WAA23615@pipe1.pipeline.com> Responding to msg by tcmay at netcom.com (Timothy C. May) on Wed, 24 Aug 1:14 PM >This latest round of insults from you cretins is having >the benefit of cutting down the messages I read. No insult intended. Meant to compliment your hectoring and cajolery and levity. Berating folks now and then makes interesting reading; keep it up. John From shabbir at panix.com Wed Aug 24 20:06:35 1994 From: shabbir at panix.com (Shabbir J. Safdar) Date: Wed, 24 Aug 94 20:06:35 PDT Subject: 1994 Digital Telephony Bill campaign Message-ID: <199408250306.AA27437@panix2.panix.com> The Voters Telecomm Watch has officially taken a position against the 1994 Digital Telephony Bill. It's not that we're slow, but it's taken time to reach a consensus (and even reach the board members), to compose all our materials, and gear up for the fight. In opposing this bill, I hope to exceed our efforts of "watching" with the Cantwell bill. If you followed that bill, you'll remember that we attemtped to notify the Net community before every vote with accurate information including sample letters, phone numbers, bill histories, and legislator positions. We had a few problems (legislators with changing addresses and phone numbers, voice votes that leave no record that we could tie to the legislator) but we also had many successes. We'll be doing the same thing (even better, I hope) this time with the Digital Telephony bill. We're going to try something new though. This message will be sent to all the mailing lists we usually use on our announce list. If you have access to news, check the following newsgroups: alt.activism alt.conspiracy alt.mag2600 alt.politics.datahighway alt.politics.libertarian alt.privacy.clipper alt.wired comp.org.cpsr.talk comp.org.eff.talk comp.risks comp.society.cu-digest comp.society.privacy misc.activism.progressive talk.politics.crypto (Crossposting will be done carefully, so people with decent newsreaders only see these alerts once) I'll be forwarding this to the following mailing lists, who will be removed from the vtw-announce at vtw.org mailing list: cypherpunks at toad.com eff-activists at eff.org eff-crypto at eff.org thesegroups at tic.com nii_agenda at civicnet.org com-priv at psi.com risks at csl.sri.com rre-maintainers at weber.ucsd.edu cpsr-berkeley at cpsr.org Please do not forward this announcement to the above lists, they have already seen it. A number of people complained that the political announcements we were sending were off topic for the lists during the Cantwell campaign, so I hope this is a reasonable compromise. If you do not have access to Usenet news, please feel free to subscribe to the announce or the working lists at vtw-list-request at vtw.org. -Shabbir From khijol!erc at apple.com Wed Aug 24 20:21:14 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Wed, 24 Aug 94 20:21:14 PDT Subject: Windows Front End PGP 2.6 In-Reply-To: Message-ID: > Does anybody know where I can find a windows front end that works with PGP > 2.6? Any feedback on this would be appreciated! > > ????Windows front end: PGP WinFront from Ross Barclay???? Anyone know where this is? Haven't been able to find it... :( -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From khijol!erc at apple.com Wed Aug 24 20:38:02 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Wed, 24 Aug 94 20:38:02 PDT Subject: Using PGP on Insecure Machines In-Reply-To: <199408241837.AA14936@poboy.b17c.ingr.com> Message-ID: > At the risk of repeating what Tim's said in the past, shellscript > wrappers are useless to people who use Macs, Windows/WinNT, and so on. > > At the risk of repeating what Tim, Perry, and several others have > said, using PGP- with or without shell scripts- on a machine which you > do not physically control is also risky. I understand the first objection. The second is moot if you're running something other than a dumb tube at home. I run Linux on a 486/25 at home, DOS/Windows on a 386SuX laptop on the road. Works for me. -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From merriman at metronet.com Wed Aug 24 21:00:15 1994 From: merriman at metronet.com (David K. Merriman) Date: Wed, 24 Aug 94 21:00:15 PDT Subject: Windows Front End PGP 2.6 Message-ID: >> Does anybody know where I can find a windows front end that works with PGP >> 2.6? Any feedback on this would be appreciated! >> >> ????Windows front end: PGP WinFront from Ross Barclay???? > >Anyone know where this is? Haven't been able to find it... :( >-- You can probably archie on PWF, and it should show up. Personally, I'm kinda partial to WinPGP 2.6 - nice front end, easy to use, all that stuff. Shareware, I even registered it :-) Dave Merriman From dichro at tartarus.uwa.edu.au Wed Aug 24 21:10:13 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Wed, 24 Aug 94 21:10:13 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408241310.AA03276@snark.imsi.com> Message-ID: <199408250405.MAA02369@lethe.uwa.edu.au> > In a fusion, or H Bomb, the tritium (which is just hydrogen with an > extra two neutrons) is that which produces the boom -- the main fuel, > as it were. Its a "neutron source" only in the weakest possible sense > -- the same way dynamite might be considered to need nitroglycerine as > a "neutron source". (I'm not sure that people outside of the bomb > building industry really know *for sure* what the geometries used in > the atomic weapon that sets off the fusion reaction.) > This also depends on the type of bomb. In a two-stage fusion bomb, you are quite correct - the tritium-deuterium/tritium fusion reaction gives the boom. However, in a three-stage bomb, there is an additional fission reaction, this due to the fact that the neutrons produced by the fusion reaction have the precise energy required to fission U-238. Since U-238 is vastly easier to obtain than enriched U-235, there is no great problem with sticking in half a tonne of it. Around that you can add cobalt jackets, etc, for more interesting effects. -- * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "I'm just another sniper on the information super-highway." PGP Public key available by finger * #include From dichro at tartarus.uwa.edu.au Wed Aug 24 21:17:08 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Wed, 24 Aug 94 21:17:08 PDT Subject: Nuclear Weapons Material In-Reply-To: Message-ID: <199408250414.MAA02764@lethe.uwa.edu.au> > > > the atomic weapon that sets off the fusion reaction.) > > I don't understand your point. The earliest devices used a pie shape > with a wedge cut out. The actual geometry is rather unimportant to > getting a fission reaction - but it *is* important if you want to > maximize your yield. > -- Wrong. If you are using a uranium fuelled bomb, then you are right. As long as you thump together two barely sub-critical masses, it will go boom. However, if you try this with plutonium, it will fizzle. In the time that it takes for a standard gun type triggering mechanism to operate, the plutonium will become critical, and then release most of it's energy harmlessly, instead of going super-critical. This is the reason for using fast-triggering bomb geometries. -- * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "I'm just another sniper on the information super-highway." PGP Public key available by finger * #include From pfarrell at netcom.com Wed Aug 24 21:42:45 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Wed, 24 Aug 94 21:42:45 PDT Subject: Computer Security Conference & Exibit Message-ID: <2353.pfarrell@netcom.com> "Claborne, Chris" writes: > Has anyone been to the Computer Security Conference & Exhibition? If so, > what did you think of it. > > I am thinking of goin to the 21st annual on Nov 14-16 in Washington D.C. > PGP key signing party??? I gave a presentation at the one last year, hung arround checking out the others. Bill Murray gave a nice pitch about PGP, how bad Clipper/skipjack was, DERD gave her usual technical discussion of Clipper. I'm up for a keyswap, or beer drinking, or anti-GAK session. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From dave at esi.COM.AU Wed Aug 24 21:45:52 1994 From: dave at esi.COM.AU (Dave Horsfall) Date: Wed, 24 Aug 94 21:45:52 PDT Subject: Windows Front End PGP 2.6 In-Reply-To: Message-ID: On Wed, 24 Aug 1994 khijol!erc at apple.com wrote: > > Does anybody know where I can find a windows front end that works with PGP > > 2.6? Any feedback on this would be appreciated! > > Anyone know where this is? Haven't been able to find it... :( Dunno about working with PGP 2.6 (I since I neither run Windows nor have any desire to) but an "archie" reveals "pgpwin11.zip" and "winpgp10.zip". -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD From merriman at metronet.com Wed Aug 24 22:21:28 1994 From: merriman at metronet.com (David K. Merriman) Date: Wed, 24 Aug 94 22:21:28 PDT Subject: Windows PGP shell Message-ID: I've just finished making an ftp deposit to soda in the cypherpunks/incoming directory of WinPGP26.ZIP; it's the latest version of the Windows PGP shell. Shareware, and understands 2.6/2.6ui/2.7. Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From khijol!erc at apple.com Wed Aug 24 22:32:24 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Wed, 24 Aug 94 22:32:24 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408250414.MAA02764@lethe.uwa.edu.au> Message-ID: > > > the atomic weapon that sets off the fusion reaction.) > > > > I don't understand your point. The earliest devices used a pie shape > > with a wedge cut out. The actual geometry is rather unimportant to > > getting a fission reaction - but it *is* important if you want to > > maximize your yield. > > -- > > Wrong. If you are using a uranium fuelled bomb, then you are > right. As long as you thump together two barely sub-critical masses, it > will go boom. However, if you try this with plutonium, it will fizzle. > In the time that it takes for a standard gun type triggering mechanism > to operate, the plutonium will become critical, and then release most of > it's energy harmlessly, instead of going super-critical. This is the > reason for using fast-triggering bomb geometries. Wrong. If you will notice, I said "the earliest devices". They didn't use plutonium for nuclear devices until much later. -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From dichro at tartarus.uwa.edu.au Wed Aug 24 22:37:59 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Wed, 24 Aug 94 22:37:59 PDT Subject: Nuclear Weapons Material In-Reply-To: Message-ID: <199408250535.NAA05783@lethe.uwa.edu.au> > > > > > > I don't understand your point. The earliest devices used a pie shape > > > with a wedge cut out. The actual geometry is rather unimportant to > > > getting a fission reaction - but it *is* important if you want to > > > maximize your yield. > > > -- > > Wrong. If you will notice, I said "the earliest devices". They didn't > use plutonium for nuclear devices until much later. That may be what you had in mind - what you wrote was that geometry is irrelevant in fusion reactions, which is incorrect. -- * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "I'm just another sniper on the information super-highway." PGP Public key available by finger * #include From jdwilson at gold.chem.hawaii.edu Thu Aug 25 00:03:12 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Thu, 25 Aug 94 00:03:12 PDT Subject: Using PGP on Insecure Machines In-Reply-To: Message-ID: On Thu, 25 Aug 1994, Dave Horsfall wrote: > He's also trying to complete his "Art of Computer Programming" series... Is Volume IV out yet? My I-III still await the promise of the Intro... -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From jdwilson at gold.chem.hawaii.edu Thu Aug 25 00:11:19 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Thu, 25 Aug 94 00:11:19 PDT Subject: Windows Front End PGP 2.6 In-Reply-To: Message-ID: On Wed, 24 Aug 1994 khijol!erc at apple.com wrote: > > ????Windows front end: PGP WinFront from Ross Barclay???? > 1. Doesn't the PGP-WIN front end still work with 2.6+ 2. Isn't it still at Oakland? -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From blancw at pylon.com Thu Aug 25 00:40:37 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Thu, 25 Aug 94 00:40:37 PDT Subject: Voluntary Governments?(Coercive Persuasion) Message-ID: <199408250741.AAA07331@deepthought.pylon.com> >From Jason W Solinsky: . . .You can form a fairly potent government using economic coercion. . . . . . the power of a cybergovernment to banish citizens gives it the abilility to enforce its regulations. ......................................................... (assuming I have nowhere to go besides the astral plane) I wasn't going to add to this discussion anymore, but I couldn't believe it. I didn't use to think that it was so difficult to distinguish between "real" government and any other kind of controlling influence. Reflecting upon the difference between kinds of control and the difference it makes, I made a list of important elements which help me identify what kind of a yoke is over my neck: . governance by force = control . the direction of the intended influence: a withholding of services & benefits, or an imposition over the individual . the duration of that controlling influence: related to a specific event, or maintained ever-presently as a matter of course . the scope of the influence: specific to a particular function, or encompassing a geographic area; limited to family, friends, or inclusive of all mankind, or perhaps encompassing every living thing on the planet as well all the mineral rights and all the forests and the seas . the kind of control being exerted: dependent upon an individual's self-committment, or having overriding precedence . expected complicity from the recipients: their apparent willingness to knowingly subject themselves to another's ministrations, or their protests against obligatory participation . recognition of Authority: passive recipience, or active participation; acknowledging the other party's sovereignty; or not considering themselves subjects of it . how those in control "achieve" or ascend to their position of authority over all others within that system, and . how the relationship to that authority is managed: by the individual's own attraction/desires for the possession or reception of things which s/he does not have; by threats against the capacity for self-determination & self-command . what it is that "they" are aiming for: what do they want from those upon whom they exert influence or control: - their business - attention - their material property - their soul - support for their delusions of grandeur Otherwise, I can usually tell because they give themselves names like "United", "National", "World", or because all of the individuals within that jurisdiction presumably belong to it and assume the identity of the organized entity; they are known outside of it by its name (Americans, Greeks). Blanc From shamrock at netcom.com Thu Aug 25 01:14:17 1994 From: shamrock at netcom.com (Lucky Green) Date: Thu, 25 Aug 94 01:14:17 PDT Subject: Nuclear Weapons Material Message-ID: <199408250814.BAA29343@netcom6.netcom.com> This thread is just too interesting... Mikolaj wrote: > > This also depends on the type of bomb. In a two-stage fusion >bomb, you are quite correct - the tritium-deuterium/tritium fusion >reaction gives the boom. However, in a three-stage bomb, there is an >additional fission reaction, this due to the fact that the neutrons >produced by the fusion reaction have the precise energy required to >fission U-238. Since U-238 is vastly easier to obtain than enriched >U-235, there is no great problem with sticking in half a tonne of it. >Around that you can add cobalt jackets, etc, for more interesting >effects. > What does the cobalt jacket do? -- Lucky Green PGP public key by finger From Rolf.Michelsen at delab.sintef.no Thu Aug 25 01:14:39 1994 From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen) Date: Thu, 25 Aug 94 01:14:39 PDT Subject: Anonymous questionnaires In-Reply-To: <199408241524.IAA26120@netcom7.netcom.com> Message-ID: On Wed, 24 Aug 1994, Lucky Green wrote: > My partner is a participant in a long term psychological study. I have been > asked to fill out a questionnaire to aid in this study. Some of the > questions address issues that I would never answer non-anonymously. After > speaking with the research director, I ended up with the following problem: > is there a way that would allow the institute to Interesting problem. The suggestion (by whom?) to use two envelopes is useable as long as there is a trusted party involved. This is very similar to the way such surveys are performed in Norway: Each questinare has a random number on top and a trusted party is able to link numbers to participants' names and check who has answered and so on. Researchers only see numbers and not names. The problem is that the trusted party is often very close to the researchers using the survey... Here is a suggestion for an electronic solution based on anonymous electronic coins: You fill in your form and submit it electronically to the survey organizer. The organizer acknowledges your form by giving you a blind signature much in the same way as a withdrawal in a Chaumian electronic cash system. Later you unblind the signature and send it to the organizer together with name and adress to be registered as a participant. The blind signature prevents linking of your name to the returned form but still proves that you have returned a form. > 1. Correlate my answers to the answers of my partner. Not directly provided by this simple solution, but the suggestion made by Stephen D. Williams to link you and your partner by writing down the same random number on the returned forms can be used. There are other ways to link anonymous transfers too, but I won't come into that now... > 2. Verify that I have indeed sent in a filled out questionnaire (and send > me a check for participating). OK. They get your name together with the unblinded "coin" to prove your participation. > 3. Allow a supervisory agency, such as the U.S. Department of Health and > Human Services, to verify that the researchers did not just make up all the > data - that is to allow an audit. Same as above. > 4. Protect my privacy by making it impossible to correlate my name to the > answers given. OK due to properties in the anonymous cash schemes. The problem with this seemingly simple approach is that it requires an anonymous online connection between you and the survey organizer. Confidential and/or anonymous channels does not seem to be "in" among network providers today... :-( -- Rolf ---------------------------------------------------------------------- Rolf Michelsen "Nostalgia isn't what it Email: rolf.michelsen at delab.sintef.no used to be..." Phone: +47 73 59 87 33 ---------------------------------------------------------------------- From dichro at tartarus.uwa.edu.au Thu Aug 25 02:51:58 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Thu, 25 Aug 94 02:51:58 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408250814.BAA29343@netcom6.netcom.com> Message-ID: <199408250951.RAA13371@lethe.uwa.edu.au> > > What does the cobalt jacket do? > Um. To tell you the truth, i can't precisely remember but i can narrow it down to one of two things. It's either the 'neutron bomb', in that it just starts throwing very energetic neutrons that will wipe out anything living, but not do property damage, or it's the polloution variant, which lets your boring old low-yield device poson the countryside for the next billion-odd years. I think it's the latter - but I'm not really certain. *shrug* sorry. Read some books on it - the amount of literature which should be classified but is freely available is mind-boggling. -- * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "I'm just another sniper on the information super-highway." PGP Public key available by finger * #include From sommerfeld at orchard.medford.ma.us Thu Aug 25 05:53:11 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Thu, 25 Aug 94 05:53:11 PDT Subject: Nuclear Weapons Material In-Reply-To: Message-ID: <199408251233.IAA00508@orchard.medford.ma.us> > Wrong. If you will notice, I said "the earliest devices". They didn't > use plutonium for nuclear devices until much later. Much as I hate continuing to inject facts into an off-topic discussion... I wouldn't call it "much later". The first bomb *design* was the uranium gun-type bomb. They thought that they could use the same design with Pu239, but discovered when their first significant samples of Pu showed up that it just wouldn't work. The first bomb ever *detonated* (at Alamogordo, NM, on 16 July 1945) was an implosion bomb using plutonium. You see, the implosion design was sufficiently hairy that they needed to test it before using it for real. The "Los Alamos Primer" I cited yesterday contains a photo captioned: "Sgt. Herbert Lehr delivering plutonium core of first test bomb in its shock mounted case to the assembly room at McDonald Ranch, on the Trinity test site in the desert northwest of Alamogordo, NM, July 12 1945." (The "shock mounted case" in question is a rectangular box, roughly 6"x6"x8") - Bill From ravage at bga.com Thu Aug 25 06:17:56 1994 From: ravage at bga.com (Jim choate) Date: Thu, 25 Aug 94 06:17:56 PDT Subject: Open invitation to attend... Message-ID: <199408251317.IAA15072@zoom.bga.com> Hi all, RoboFest 6 will be held in Austin, TX this fall (the exact date is not final at this time) and I have been advised that my request for TWS to participate has been granted. I would like to extend an invitation to any C-punks out there who will be in the area at that time (exact date will be posted when I get it) are invited to attend. It should be possible to have at least a couple of opportunities for giving speeches or demos if so desired. If this sounds like something you are interested in doing please let me know between now and Jan 1. Hope to see some of you here... Plunk! Ravage (Info)Highway To Hell From lstanton at sten.lehman.com Thu Aug 25 06:34:38 1994 From: lstanton at sten.lehman.com (Linn Stanton) Date: Thu, 25 Aug 94 06:34:38 PDT Subject: Using PGP on Insecure Machines In-Reply-To: <9408242328.AA12758@fnord.lehman.com> Message-ID: <9408251336.AA15671@sten.lehman.com> In message <9408242328.AA12758 at fnord.lehman.com>Rick B. writes: > Trying to get strong crypto to be commonplace is hardly the most > fanatical thing that gets discussed on this list. This is not a point to be minimized. Even when the security of each message is not all that high, the more encrypted traffic there is, the better off we all are. 'The nail that sticks up gets hammered down' From pstemari at bismark.cbis.com Thu Aug 25 06:49:46 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Thu, 25 Aug 94 06:49:46 PDT Subject: Knuth (was Using PGP on Insecure Machines) In-Reply-To: Message-ID: <9408251348.AA10578@focis.sda.cbis.COM> > He's also trying to complete his "Art of Computer Programming" series... Has anyone heard what the status of the 4th volume is? I thought that I had heard that Addison-Wesley was taking preorders for it about 2 years ago, but I haven't heard anything since. Paul From pstemari at bismark.cbis.com Thu Aug 25 06:59:38 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Thu, 25 Aug 94 06:59:38 PDT Subject: Nuclear Weapons Material In-Reply-To: Message-ID: <9408251358.AA10595@focis.sda.cbis.COM> > Wrong. If you will notice, I said "the earliest devices". They didn't > use plutonium for nuclear devices until much later. Actually, to pick a nit, the first a-bomb exploded (Alamogordo) was a plutonium device. The U235 design was dropped on Hiroshima untested. Paul From mpd at netcom.com Thu Aug 25 07:41:17 1994 From: mpd at netcom.com (Mike Duvos) Date: Thu, 25 Aug 94 07:41:17 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408251358.AA10595@focis.sda.cbis.COM> Message-ID: <199408251440.HAA06649@netcom7.netcom.com> > Actually, to pick a nit, the first a-bomb exploded (Alamogordo) was a > plutonium device. The U235 design was dropped on Hiroshima untested. The media was making a big deal last night about the seizure of twenty pounds of U-238. This, of course, is the non-radioactive isotope of uranium in which trade is relatively unrestricted. It does make excellent shell casings and has a few other mundane industrial uses. I wonder why the issue of bomb parts is now being given such a huge push in the press? -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From paul at poboy.b17c.ingr.com Thu Aug 25 07:44:14 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Thu, 25 Aug 94 07:44:14 PDT Subject: Are RSA licenses fungible? Message-ID: <199408251446.AA17656@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- I'm developing some software for use in psychiatric research; basically, about 20 field sites will run the software, collect data, and modem it back to a mothership central site. The encryption & security needs are evident, and one of the main reasons to meet these needs is that the doctors involved perceive that they might be liable for leaks. Code based on Pr0duct Cypher's PGP Tools would do exactly what I want done The good doctors' general fear of liability means that I can't expose them to the risk of unlicensed use of RSA's patents (even though I think those patents are questionable, my job is to not get my clients involved with that question.) So.. if I buy 20 licenses of ViaCrypt PGP, then proceed to use PGP 2.6-based code in my applications, does that constitute a legitimate solution? - -Paul - -- Paul Robichaux, KD4JZG | Demand that your elected reps support the perobich at ingr.com | Constitution, the whole Constitution, and Not speaking for Intergraph. | nothing but the Constitution. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLlyusKfb4pLe9tolAQHH6gP/cA/UwqpKqIDXv4ztBkUzyvLPypOUWRYB OoYGcE/AZF7vO1fgvkObZgwP59QC1Z0fsVU+lNUVgW8qIfadcwb0awBHcooQZ3OL 4d4cX9oD0ARxOrFoA4lFBU97k3lBXa+szyBD+hN2qyIxXUvHPPn5SZcZGYb7swMf zHfDONdqnq8= =FwPl -----END PGP SIGNATURE----- From jdd at aiki.demon.co.uk Thu Aug 25 07:45:16 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 25 Aug 94 07:45:16 PDT Subject: U & Pu "poisoning of the environment" Message-ID: <7795@aiki.demon.co.uk> > >One doesnot need to detonate the Uranium/Plutonium one can poison the > >watersuplies and make havoc with The Simple Bear Necessities of life. > > Well, I wouldn't want to snort the stuff daily, but its toxicity > has been overrated in the popular press. > > Epidemiologic studies of workers [even wartime workers with impressive > body burdens/ exposures] in a number of uranium bomb-making centers have > found ~ no health effects. This is quite similar to saying that nerve gas is harmless because scarcely anyone working in storage areas has been killed by it. Or that bullets won't harm you because people handle crates of them and they don't get shot. -- Jim Dixon From perry at imsi.com Thu Aug 25 07:52:38 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 25 Aug 94 07:52:38 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408251440.HAA06649@netcom7.netcom.com> Message-ID: <9408251452.AA04745@snark.imsi.com> Mike Duvos says: > The media was making a big deal last night about the seizure of > twenty pounds of U-238. This, of course, is the non-radioactive > isotope of uranium in which trade is relatively unrestricted. Its plenty radioactive. It just isn't fissionable. Not all isotopes are fissionable. > It does make excellent shell casings Actually, depleted uranium tends to be used in place of lead in rounds used for things like Phalanx (sp?) anti-missile gattling guns. Its also used in some sorts of armor. I don't think anyone in their right mind would make a shell CASING from it. > I wonder why the issue of bomb parts is now being given such a > huge push in the press? Because its a real issue. Lots of nuclear material is floating around, and some of it is going to end up in the hands of terrorists at some point. However, as I said in the second message in this thread, this will not be a reasonable excuse to stop strong cryptography, as anyone with the resouces to build a bomb can also buy or build a good cryptosystem. Perry From pstemari at bismark.cbis.com Thu Aug 25 08:12:50 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Thu, 25 Aug 94 08:12:50 PDT Subject: U & Pu "poisoning of the environment" In-Reply-To: <7795@aiki.demon.co.uk> Message-ID: <9408251512.AA11369@focis.sda.cbis.COM> > > Epidemiologic studies of workers [even wartime workers with impressive ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > body burdens/ exposures] in a number of uranium bomb-making centers have ^^^^^^^^^^^^^^^^^^^^^^^^ > > found ~ no health effects. > > This is quite similar to saying that nerve gas is harmless because > scarcely anyone working in storage areas has been killed by it. Or > that bullets won't harm you because people handle crates of them and > they don't get shot. No, it is not. If you had read the message more carefully, you would have had to phrase your example as, "This is quite similar to saying that nerve gas is harmless because scarcely anyone who has inhaled substantial amounts of it has been killed by it." From tomaz at cmir.arnes.si Thu Aug 25 08:24:42 1994 From: tomaz at cmir.arnes.si (Tomaz Borstnar) Date: Thu, 25 Aug 94 08:24:42 PDT Subject: any documents about crypto history online? In-Reply-To: <199408221603.MAA25186@bwh.harvard.edu> Message-ID: <199408251524.RAA29000@cmir.arnes.si> In-reply-to: Your message dated: Mon, 22 Aug 1994 12:03:01 EDT > You wrote: > > | Are there any sources of crypto history on Internet (reachable > | via mail, ftp, www, etc)? > > The best crypto histories can be found in your local library, not > online. They are David Kahn's The Codebreakers and Bamfords The > Puzzle Palace. Nope, we don't have this here, but I would like to buy it, but I don't know where could one get such books. Thanks in advance. Tomaz From solman at MIT.EDU Thu Aug 25 08:45:55 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Thu, 25 Aug 94 08:45:55 PDT Subject: Is pay-per authentication possible absent trust? Message-ID: <9408251545.AA22928@ua.MIT.EDU> I'm having a problem patching up a serious hole in one of my protocols and I was wondering if anybody here had a solution. [Actually I suspect that the hole is impossible to patch, but I haven't been able to convince myself of that yet so intuitive "proofs" would also be appreciated] Here is the situation. Charles runs a certification agency. He might be certifying that you have some basic competency so that people will hire you. Or he might be certifying that you buy lots of computers with big brother inside microprocessors, thus making advertisers who want to sell software for big brother inside computers [i.e. Microsquish] willing to pay extra money for your time. Either way, Charles's certification is worth money to you. But the value to you isn't a constant amount. Each time you use the certification, you derive additional value from it. So Charles figures that it makes much more sense to sell his certifications on a per use basis... People who only occasionally need the certification will be able to afford it and Charles can gouge people who need the certification frequently for all they are worth. To do this Charles adopts a protocol in which his signatures are time dependent. Everybody can verify that his signatures a valid for the time at which a signature is required, but only Charles can figure out what the correct signature is for time T in polynomial time. [Note: There are many alternative methods of accomplishing this, but they all seemed to have the same hole... If you can find a way to patch the hole that requires changing this protocol it would still solve my problem]. So Charles sells you one-time certifications, and Microsquish pays you extra for those certifications and everybody is happy. Then, one day, Microsquish decides that Charle's certifications aren't worth as much as they used to be, so it lowers its price (for your time) to slightly greater than what Charles is charging you. Well this makes you unhappy so you complain to Charles, but he refuses to change his price. This makes you angry at Charles and causes you to wonder if there isn't a way to lower your certification costs. Enter Ingve the insurance salesman. Ingve will guarantee to others that you are certified by Charles by offering them bets. So suppose that Microsquish sends you its advertising agent and the agent is offering a 10 nano-slinkys [a cyberspatial monetary unit] bonus if you can produce one of Charles's certifications. Charles is charging 8 nano-slinkys. In steps Ingve. You've told Ingve that you are certified by Charles as a frequent purchaser of big brother inside computers. So Ingve says: "I'll convince Microsquish to accept my word that you have Charles's certification in exchange for just four nanoslinkys. But if at my request you ask for the certification and Charles's says you aren't certified then you owe me 64 nano-slinkys." Since you are sure that you are certified you accept the deal. Then Ingve goes to Microsquish and offers to insure your certification. Each time Microsquish accepts a certification from Ingve for you, Ingve will pay Microsquish 2 nano-slinkys but will be able to get your business (and thus offset that with the four nano-slinkys). But, if it turns whenever Microsquish wants to it can check up on your certification from Charles at cost (8 nano-slinkys). If Charles certifies you all is well. Otherwise, you owe Ingve 64 nano-slinkys and Ingve has to pay up Microsquish's insurance claim (which could be quite large depending on the policy. The result of all this is that Charles is cheated out of his revenue. Ingve, You and Microsquish profit, but Charles fails to reap the benefits of his certification. The question is: Is there a secure method that charles can use to prevent the "Ingve the insurance salesman attack"? Cheers, Jason W. Solinsky From merriman at metronet.com Thu Aug 25 08:46:38 1994 From: merriman at metronet.com (David K. Merriman) Date: Thu, 25 Aug 94 08:46:38 PDT Subject: Nuclear Weapons Material Message-ID: > > >I wonder why the issue of bomb parts is now being given such a >huge push in the press? > Because the last Crisis of the Week is running out of steam (viewer interest) - not that I'm cynical or anything. :-( Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From hfinney at shell.portal.com Thu Aug 25 09:23:46 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 25 Aug 94 09:23:46 PDT Subject: Brands cash In-Reply-To: <199408201652.JAA29752@jobe.shell.portal.com> Message-ID: <199408251623.JAA22878@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- A few closing notes on Brands' technology: There is a trick which is used in a lot of the discrete-log algorithms which reduces the storage space needed and speeds up the calculations by a factor of up to 4. Originally I described the generator g as being one whose order is equal to n-1; that is, the series g^0, g^1, ...g^(n-1) encompasses all the numbers from 1 to n-1 before looping. However, it turns out to be advantageous in many cases to choose a generator which has a smaller period. The period of the generator must be a divisor of p-1, as it turns out. Choosing a generator with period q, a prime which divides p-1, allows all of the results to continue to work as long as a couple of small changes are made. Exponent arithmetic must be done mod q, since that is the "wrap around" point. For example, where the signature algorithm does r=c*x+w, this would be done mod q. (It actually needs to be done mod n-1 in the full-cycle-generator case, but I didn't get into that detail.) The other thing that has to be done is that when random numbers are chosen, they should be from 1 to q if they are exponents (as in the case of w from the signature algorithm), and they should be in the group generated by g (that is, the set of values g^0, g^1, g^2, ...) if they are bases (like g1 and d in the off-line cash algorithm). A typical set of values for q and n are 140 bits and 512 bits. This is what is used in the government DSS (at least in the first version; I'm not sure what other options they came up with). This means that exponentiation only has to be done to 140-bit powers rather than 512-bit powers, which only takes about 1/4 as long. It also means that everywhere in the protocol that an exponent is stored or transmitted only about 1/4 as many bits have to be sent. Yet even with these smaller exponent values solving the discrete-log problem is believed to be as difficult as with full-sized exponents. Sometimes people ask how the difficulty of discrete-log compares with factoring. I haven't been able to really get a clear answer on this. One quote on sci.crypt last year said that discrete-log for 1024 bits is harder than factoring for 512 bits, and likewise factoring for 1024 bits is harder than discrete-log for 512 bits. But this isn't saying much considering the 1024 bit problems are probably a million times harder than the 512 bit problems. I've sent email to Brands every few months gently hinting about when he might be willing to publish his results. Originally he was going to publish earlier this year, but then he decided to hold off for a few months while he looked for investors. I don't know what luck he has had with that, but recently he said that he'd be publishing before the end of 1994. I sent him my ideas for a pseudonym/credentialing system, and he very kindly said that he used similar concepts for some of his technology. However, a limitation of my idea was that a credential can be transferred only to one specific other pseudonym, although the credential issuer does not know what pseudonym it is. Brands said this is one of the types of credentials he can do, but that he also uses "a different mechanism" to provide for credentials which can be shown at any shop where one has a pseudonym. I haven't been able to figure out how to do that. One nice thing about this credentialling system, BTW, is that the credentials can be issued by the shops/companies themselves. In Chaum's system only one agency can give credentials. That is because RSA sig- natures are used, and you can't have two different RSA signers both share the same modulus n. (They would both have to know the factors.) But with the discrete-log signatures, many people can share the same n, have their own secret keys x, and issue signatures. So, at least with the simplified credentials I described, shops can issue their own cre- dentials in the form of signatures on pseudonyms which were validated by the validating agency using its own signatures. Everyone would share the same modulus and therefore be able to make their own signatures. Hal Finney -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLlnlIagTA69YIUw3AQGGYgQAl2ZW5Wsg/+RNbPn9g83jQKA3BwZqdKJc pOf22GlED8/DUCcNDd6Sh3aXg5puWsVudNgMFlRQ8IzNUMAxsabjLZ0BU1xFgojG AH9zo98Yvb+QJ5Nc1EpbvCJmkcJiv4q2rdPrSE/CiOCWbZju2re548E6SrRzo/Ce usGYHLWtU5E= =F9is -----END PGP SIGNATURE----- From mpd at netcom.com Thu Aug 25 09:33:55 1994 From: mpd at netcom.com (Mike Duvos) Date: Thu, 25 Aug 94 09:33:55 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408251452.AA04745@snark.imsi.com> Message-ID: <199408251633.JAA16087@netcom4.netcom.com> Perry E. Metzger writes:] >> The media was making a big deal last night about the >> seizure of twenty pounds of U-238. This, of course, is the >> non-radioactive isotope of uranium in which trade is >> relatively unrestricted. > Its plenty radioactive. It just isn't fissionable. Not all > isotopes are fissionable. Uranium is not particularly radioactive, being a long lived alpha emitter. This is true of plutonium and some other fissionable materials as well. I can handle clad uranium or plutonium reactor or bomb components in complete safety with no protective clothing needed. The only hazard is from ingestion of the material, or from accumulation of decay products such as radon in a badly ventilated area. Workers in nuclear fuel fabrication facilities have been known to use small disks of plutonium sintered into a ceramic base as poker chips. Although U-238 can decay both by spontaneous fission and alpha emission, its astronomically long half-life of many billions of years results in a very low level of radioactivity for both these modes of decay. For all practical purposes, we may consider it a stable isotope. >> It does make excellent shell casings > Actually, depleted uranium tends to be used in place of > lead in rounds used for things like Phalanx (sp?) > anti-missile gattling guns. Its also used in some sorts of > armor. I don't think anyone in their right mind would make a > shell CASING from it. Uranium is used in munitions because of its mass, which allows it to go through less massive materials like steel or concrete like a hot knife through butter. It is used both for bullets and shell casings. Especially anti-tank rounds and shells designed to penetrate hardened military facilities. The idea is that the uranium penetrates the armor and the charge then explodes once the round is inside. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From hfinney at shell.portal.com Thu Aug 25 09:48:03 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 25 Aug 94 09:48:03 PDT Subject: Is pay-per authentication possible absent trust? In-Reply-To: <9408251545.AA22928@ua.MIT.EDU> Message-ID: <199408251647.JAA24365@jobe.shell.portal.com> Jason W Solinsky writes: >Enter Ingve the insurance salesman. Ingve will guarantee to others that you >are certified by Charles by offering them bets. So suppose that Microsquish >sends you its advertising agent and the agent is offering a 10 nano-slinkys >[a cyberspatial monetary unit] bonus if you can produce one of Charles's >certifications. Charles is charging 8 nano-slinkys. In steps Ingve. You've >told Ingve that you are certified by Charles as a frequent purchaser of big >brother inside computers. So Ingve says: "I'll convince Microsquish to accept >my word that you have Charles's certification in exchange for just four >nanoslinkys. But if at my request you ask for the certification and Charles's >says you aren't certified then you owe me 64 nano-slinkys." Since you are sure >that you are certified you accept the deal. Then Ingve goes to Microsquish >and offers to insure your certification. Each time Microsquish accepts a >certification from Ingve for you, Ingve will pay Microsquish 2 nano-slinkys >but will be able to get your business (and thus offset that with the four >nano-slinkys). But, if it turns whenever Microsquish wants to it can check >up on your certification from Charles at cost (8 nano-slinkys). If Charles >certifies you all is well. Otherwise, you owe Ingve 64 nano-slinkys and >Ingve has to pay up Microsquish's insurance claim (which could be quite large >depending on the policy. One thing I don't follow here is under what circumstances a "challenge" will occur. Presumably Microsquish will not blindly accept all of Ingve's assurances since they are backed only by promises. Can Microsquish force Ingve to go to his clients and make them produce certificates? Who pays for that? Maybe if you factor in that cost it won't look so bad for Charles. Also, just because Charles can't get what he wants for his certifications doesn't mean he is being cheated. It's a market, after all. You could just as well say that somebody else opens up a certification shop that sells certifications just like Charles' for less. It's not the fault of the protocol that Charles' business dries up. If the value of his certifications drops (as in your scenario) then his business should decrease. Last, I'd say your problem exists just as clearly without Ingve. You could make a deal with Microsquish promising that you would be able to get certifications if asked, with some agreed-upon procedure by which Microsquish could demand that you produce one, with appropriate penalties. In that case probably Microsquish would believe some percentage of people and Charles' business would again fall off. In practice Ingve might be useful to help even up fluctuations but the problem arises just as clearly without him. You might look at it in terms of a priori vs a posteriori probabilities that you do in fact have the ability to gain a certification. If Microsquish was inclined to believe you before (say, because you had demonstrated good faith in the past), then the exhibition of an actual certificate is less valuable to Microsquish because it adds less information. So it makes sense that certificate challenges, with their associated costs to you and Microsquish, would occur less frequently in that case. Again, it appears that the situation is simply reflecting market values of information. Hal From cfrye at mason1.gmu.edu Thu Aug 25 10:01:57 1994 From: cfrye at mason1.gmu.edu (Curtis D Frye) Date: Thu, 25 Aug 94 10:01:57 PDT Subject: Nuclear Weapons Material Message-ID: <9408251701.AA09466@mason1.gmu.edu> One of the secrets the government didn't want out was the nature of the gamma ray trigger, as the concept of explosively compressing U235 was *relatively* widely known (this is pre-1980). Curt From m5 at vail.tivoli.com Thu Aug 25 10:14:10 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 25 Aug 94 10:14:10 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408251452.AA04745@snark.imsi.com> Message-ID: <9408251708.AA04970@vail.tivoli.com> [ Still waiting to be slapped down by someone who's pissed off about this crypto-free thread, or else for the NSA to have the FBI arrest all us mad bombers :-) ] Mike Duvos writes: > The idea is that the > uranium penetrates the armor and the charge then explodes once > the round is inside. I don't know much about modern munitions, but I do know that armor piercing rounds may have no charge in them at all. Generally, when a round pierces one side of a vehicle, it loses enough energy and is suitably deformed to prevent exit from the opposite wall. It does, however, bounce around quite a bit, which can be plenty of fun in a tank loaded with equipment, munitions, and soldiers. It was discovered in the second world war that (with then-current metallurgical techniques) introduction of a high-explosive charge into the armor piercing round tended to reduce its effectiveness by weakening the structure. | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From perry at imsi.com Thu Aug 25 10:22:21 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 25 Aug 94 10:22:21 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408251708.AA04970@vail.tivoli.com> Message-ID: <9408251722.AA05058@snark.imsi.com> Mike McNally says: > Mike Duvos writes: > > The idea is that the > > uranium penetrates the armor and the charge then explodes once > > the round is inside. > > I don't know much about modern munitions, but I do know that armor > piercing rounds may have no charge in them at all. The Illustrated Encyclopedia of Ammunition, a book that I actually possess, makes this claim. According to it, there are two basic kinds of armor piercing rounds -- one that involves having a potent thin metal projectile usually made of a material like tungsten, that penetrates the armor, and one involving having a shaped charge that squirts a jet of hot metal through the armor. No one seems to have attempted to get explosives through the armor in many many decades. None of the forms of modern shells described in this book involve the use of depleted uranium in shell casings. Perry From p.v.mcmahon.rea0803 at oasis.icl.co.uk Thu Aug 25 10:29:45 1994 From: p.v.mcmahon.rea0803 at oasis.icl.co.uk (p.v.mcmahon.rea0803 at oasis.icl.co.uk) Date: Thu, 25 Aug 94 10:29:45 PDT Subject: Using PGP on Insecure Machines Message-ID: <9408251730.AA13571@getafix.oasis.icl.co.uk> James Hightower writes: > Which brings me to the question; "What ARE people using, and what are > they GOING to use?" Can anyone point me to a survey of the most used > Consumer will be using so that we can be there with strong, usable ^^^^^^^^ Who? > crypto when he gets there. ^^^^^ Where? Or less tersely, which users of messaging are you interested in providing crypto for? Apart from the Defence sector, there seem to be three main communities: 1 "Formal" inter-business electronic messaging using commercial value-added networks (VANs) - which are perceived as secure - and associated user agent software (which varies greatly). About fifty thousand North American companies are "there" already (for EDI, and at a cost). Leakage (due to high VAN costs) of formal messaging business from VANs onto the insecure Internet is not yet significant - although CommerceNet will doubtless fix that. 2 Intra-organisation nessaging based on LAN or corporate workflow and email systems. This has built both bottom-up and downwards (e.g. from PROFS or equivalent). The prevalent software is diverse, proprietary and volume. I don't have total market figures to hand, but as an example, the 11JUL94 Government Computer News ranks MS Mail (Windows 3), cc:Mail (Windows), cc:Mail(DOS), MS Mail (PC Networks), and WordPerfect Office as the most preferred e-mail packages amongst Federal users. I would expect a similar list in most commercial email-enabled organisations (with the addition of Lotus Notes). Varying security facilities are bundled within these packages already. 3 The "informal messaging" sector (including most Internet traffic). The associated software is more diverse and "open", but its users have a marginal and/or occasional need for end-to-end / message-transfer security. Note: for both 1 and 2, an "insecure machine" (i.e.: with administrative intrusion potential into an individual's messaging security) is more likely a requirement than a problem for medium/large corporations - as management supervision and control over information assets need to be possible. -- Tim May writes: > I had assumed the poll was of *us*, which is both a manageable poll to > take, and a useful one. What would be done with the results? --- James A. Donald says: > High Tech industry has considerable experience with surveys of > consumers for nonexistent products. > > Such surveys are useless at best, and dangerous at worst. On the other hand, how else do you find out whether a sufficiently serious market exists to warrant investment in developing / productising a technology ? - pvm From solman at MIT.EDU Thu Aug 25 11:00:08 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Thu, 25 Aug 94 11:00:08 PDT Subject: Is pay-per authentication possible absent trust? In-Reply-To: <199408251647.JAA24365@jobe.shell.portal.com> Message-ID: <9408251759.AA23689@ua.MIT.EDU> > Jason W Solinsky writes: > > >Enter Ingve the insurance salesman. Ingve will guarantee to others that you > >are certified by Charles by offering them bets. So suppose that Microsquish > >sends you its advertising agent and the agent is offering a 10 nano-slinkys > >[a cyberspatial monetary unit] bonus if you can produce one of Charles's > >certifications. Charles is charging 8 nano-slinkys. In steps Ingve. You've > >told Ingve that you are certified by Charles as a frequent purchaser of big > >brother inside computers. So Ingve says: "I'll convince Microsquish to accept > >my word that you have Charles's certification in exchange for just four > >nanoslinkys. But if at my request you ask for the certification and Charles's > >says you aren't certified then you owe me 64 nano-slinkys." Since you are sure > >that you are certified you accept the deal. Then Ingve goes to Microsquish > >and offers to insure your certification. Each time Microsquish accepts a > >certification from Ingve for you, Ingve will pay Microsquish 2 nano-slinkys > >but will be able to get your business (and thus offset that with the four > >nano-slinkys). But, if it turns whenever Microsquish wants to it can check > >up on your certification from Charles at cost (8 nano-slinkys). If Charles > >certifies you all is well. Otherwise, you owe Ingve 64 nano-slinkys and > >Ingve has to pay up Microsquish's insurance claim (which could be quite large > >depending on the policy. > > One thing I don't follow here is under what circumstances a "challenge" > will occur. Presumably Microsquish will not blindly accept all of > Ingve's assurances since they are backed only by promises. Can > Microsquish force Ingve to go to his clients and make them produce > certificates? Who pays for that? Maybe if you factor in that cost it > won't look so bad for Charles. First, just let me note that there are a thousand ways to structure it. In my example, Microsquish gets to hold a challenge whenever they want to. If everybody is being honest Microsquish will lose eight nano-slinkys each time they challenge so they won't do it frequently. If everybody is not being honest, Microsquish will collect substantial damages. > Also, just because Charles can't get what he wants for his certifications > doesn't mean he is being cheated. I refuse to get into another vocabulary fight :) Lets just say that Charles isn't geting as much as he would like. Pay per use is good for the consumer... note the resentment that high software prices have created. Although everybody wins by adopting a system that better approximates reality, ala superdistribution (but we are dealing with authentication here, not information and after thinking about it alot I have decided that authentication is NOT necessarily a form of information in that you can easily demonstrate to somebody that you have been authenticated without giving them the ability to prove it to somebody else [again lets not get into a terminology debate, my point is that the intangible asset here has a different set of properties from the kind we usually deal with in information economy scenarios]), the consumer with his smaller buying power wins the most. So it would really suck for Charles to lose big at the hands of the consumer because he tried to do something that dramatically improved the consumer's position. Now that I think about it, its possible that I'm in error approaching this problem from a cryptographic standpoint. Maybe the correct course of action is to establish a cybergovernment which prohibits "Ingve the insurance salesman" attacks and then set up the fine structure such that the conspirators will have an enormous incentive to turn each other in. > It's a market, after all. You could > just as well say that somebody else opens up a certification shop that > sells certifications just like Charles' for less. It's not the fault of > the protocol that Charles' business dries up. If the value of his > certifications drops (as in your scenario) then his business should decrease. Agreed, but it is highly desirable for charles NOT to be forced into selling certifications for a one time fee from the standpoint of all involved. Assuming Charles is intelligent, unless we can demonstrate to him a system that prevents these kinds of attacks, he's going to be stuck with the one time fee payment scheme. > Last, I'd say your problem exists just as clearly without Ingve. You > could make a deal with Microsquish promising that you would be able to > get certifications if asked, with some agreed-upon procedure by which > Microsquish could demand that you produce one, with appropriate > penalties. In that case probably Microsquish would believe some > percentage of people and Charles' business would again fall off. In > practice Ingve might be useful to help even up fluctuations but the > problem arises just as clearly without him. Yeah. I hadn't been looking at it that way because in my model Ingve gets played by an agent. There IS, however, an argument for giving control of Ingve to a third party. As I note above, every time Microsquish checks on the consumer it loses money. An Ingve could act as an intermediary between Microsquish and a far larger number of consumers. The relationship thus built (combined with statistical reality) allow Microsquish to use far fewer test cases and place a significant (but of course not total) amount of trust in Ingve's methods for guaranteeing valid licenses [whatever they may be. It is quite conceivable that there are other things which can alter the probabilities besides actually challenging the consumer to get a certification from Charles]. This saves Microsquish, and infact the whole system, money. Cheers, Jason W. Solinsky BTW, perhaps there is an easier solution: only permit Cherles's certifications to exist in an environment that he controls. Smart cards and remote computers can easily do this, although remote computers are undesirable due to their communications overhead. From ravage at bga.com Thu Aug 25 11:01:02 1994 From: ravage at bga.com (Jim choate) Date: Thu, 25 Aug 94 11:01:02 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408251722.AA05058@snark.imsi.com> Message-ID: <199408251800.NAA29704@zoom.bga.com> > > None of the forms of modern shells described in this book involve the > use of depleted uranium in shell casings. > > Perry > The ammo used by the A-10 chain gun uses a depleted uranium core that is designed to defeat Chobam and other types of reactive armor. It is also used in F-14, F-15, F-16, and F-18's that are tasked with ground attack missions where active armor tanks are expected to be encountered. The ammo was specificaly developed for use in the late 70's for use against Soviet T-72's in a Fulda Gap scenario. I know of no ammo that uses anything other than brass or steel (in the case of mini-guns and other motor driven guns) for the case. The reason that the Uranium is used is because of its high density. From joshua at cae.retix.com Thu Aug 25 11:09:14 1994 From: joshua at cae.retix.com (joshua geller) Date: Thu, 25 Aug 94 11:09:14 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408251722.AA05058@snark.imsi.com> Message-ID: <199408251809.LAA08365@sleepy.retix.com> > Mike McNally says: > > Mike Duvos writes: > > > The idea is that the > > > uranium penetrates the armor and the charge then explodes once > > > the round is inside. > > I don't know much about modern munitions, but I do know that armor > > piercing rounds may have no charge in them at all. > The Illustrated Encyclopedia of Ammunition, a book that I actually > possess, makes this claim. According to it, there are two basic kinds > of armor piercing rounds -- one that involves having a potent thin > metal projectile usually made of a material like tungsten, that > penetrates the armor, and one involving having a shaped charge that > squirts a jet of hot metal through the armor. No one seems to have > attempted to get explosives through the armor in many many decades. > None of the forms of modern shells described in this book involve the > use of depleted uranium in shell casings. out of curiousity, what does it say under 'sabot'? josh From ravage at bga.com Thu Aug 25 11:13:26 1994 From: ravage at bga.com (Jim choate) Date: Thu, 25 Aug 94 11:13:26 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408251633.JAA16087@netcom4.netcom.com> Message-ID: <199408251812.NAA00474@zoom.bga.com> > > Uranium is used in munitions because of its mass, which allows it > to go through less massive materials like steel or concrete like > a hot knife through butter. It is used both for bullets and > shell casings. Especially anti-tank rounds and shells designed > to penetrate hardened military facilities. The idea is that the > uranium penetrates the armor and the charge then explodes once > the round is inside. > I would like to request some reference on the use of Uranium in the casing of a shell or round. The casing gets thrown out on the ground (by both aircraft and tanks) when the round goes off. There is no reason to use anything other than brass or steel for this. As to the use in a round, the idea is like a sabot. When the ke of the shell is conserved on impact the more massive core goes right on into the target. I can find no reference any U-core round being HE or otherwise carrying a charge. In all cases that I am aware of and can find reference to it is simply a KE attack on the target where the by products of the impact bounce around inside the target grinding up whatever is in there. Take care. From perry at imsi.com Thu Aug 25 11:27:04 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 25 Aug 94 11:27:04 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408251800.NAA29704@zoom.bga.com> Message-ID: <9408251826.AA05135@snark.imsi.com> Jim choate says: > > None of the forms of modern shells described in this book involve the > > use of depleted uranium in shell casings. > > > The ammo used by the A-10 chain gun uses a depleted uranium core that is > designed to defeat Chobam and other types of reactive armor. Thats a core, not a casing. Plenty of things use such cores -- phalanx guns, for instance. > I know of no ammo that uses anything other than brass or steel (in the > case of mini-guns and other motor driven guns) for the case. The reason > that the Uranium is used is because of its high density. Excactly. Perry From paul at poboy.b17c.ingr.com Thu Aug 25 11:29:25 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Thu, 25 Aug 94 11:29:25 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408251800.NAA29704@zoom.bga.com> Message-ID: <199408251830.AA20255@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > The ammo used by the A-10 chain gun uses a depleted uranium core that is > designed to defeat Chobam and other types of reactive armor. It is also > used in F-14, F-15, F-16, and F-18's that are tasked with ground attack > missions where active armor tanks are expected to be encountered. The ammo > was specificaly developed for use in the late 70's for use against Soviet > T-72's in a Fulda Gap scenario. 1. The DU tank & 25mm ammo used by the US military is sabot ammo, meaning that the "bullet" is of significantly smaller diameter than the shell itself; an adaptor, or sabot (from the French for "shoe"), mates the projectile & the shell and falls off after the projectile leaves its barrel. 2. Chobham, not Chobam. Chobham armor refers to a specific type of layered armor, the precise composition and fabrication of which is classified. It's named for the British works which first built it. Reactive armor, such as is presently used by the Israelis and some xUSSR units, is different; it consists of many small charges which explode outward when hit by an incoming round. 2. Of the aircraft listed above, none can carry the 30mm round used by the A-10. There is a 25mm round for the Bradley AFV chain gun; presumably it can also be fired from the Apache. I don't know of a 20mm DU round. (Of course, there's also a 120mm APDS round for the M-1 tank.) > I know of no ammo that uses anything other than brass or steel (in the > case of mini-guns and other motor driven guns) for the case. The reason > that the Uranium is used is because of its high density. 3. It is interesting to note that US Army tanks are now being equipped with depleted uranium _armor_ precisely because its density makes a great backstop. DU armor can pretty much shrug off most medium AT weapons; it is quite heavy, but that's not a problem for vehicles which already weigh as much as tanks. - -Paul - -- Paul Robichaux, KD4JZG | Demand that your elected reps support the perobich at ingr.com | Constitution, the whole Constitution, and Not speaking for Intergraph. | nothing but the Constitution. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLlzjH6fb4pLe9tolAQF7SAP/VaCO6Ul6euSOjyT9ZPB/7n/5cVocKK1w 3l49Kva//Jqt3hHG+jGmouKSHmh3BZ3wpyZCX3SCVq8OEIgkK1/oQOTTnYct0Qfa gvmj47IIouwW3hKMlgomFb+qpZToXl3CHpxub/aWC8Zjntgi0C25FPBiHJn0ZNIu zKXSqLtaC2s= =5NX/ -----END PGP SIGNATURE----- From hayden at krypton.mankato.msus.edu Thu Aug 25 11:31:07 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Thu, 25 Aug 94 11:31:07 PDT Subject: Digested Version no longer available Message-ID: It is with deep regret that I inform you all that the digested version of the list is no longer available. The machine that the digested version was running from was removed from the network due to a power-ploy by faculty and administration in computer services and the computer science department. It is my hope that in about two weeks when school officially resumes, I will be able to get the machine restored. At that point, I will attempt to recoordinate with Eric to get the digested list set back up. I apologize. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or anyone else From koontzd at lrcs.loral.com Thu Aug 25 11:37:35 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Thu, 25 Aug 94 11:37:35 PDT Subject: Nuclear Weapons Material Message-ID: <9408251835.AA05487@io.lrcs.loral.com> >The ammo used by the A-10 chain gun uses a depleted uranium core that is >designed to defeat Chobam and other types of reactive armor. It is also >used in F-14, F-15, F-16, and F-18's that are tasked with ground attack >missions where active armor tanks are expected to be encountered. A clarification. The A-10 is equipped with a 30mm weapon, the fighters are equipped with 20 mm. Its the size (30mm) along with the density (depleted uranium) that makes the kinetic weapon so effective against armored targets. From jdd at aiki.demon.co.uk Thu Aug 25 11:39:01 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 25 Aug 94 11:39:01 PDT Subject: Nuclear Weapons Material Message-ID: <7840@aiki.demon.co.uk> In message <199408251440.HAA06649 at netcom7.netcom.com> Mike Duvos writes: > > I wonder why the issue of bomb parts is now being given such a > huge push in the press? Maybe because several people have been arrested in Germany and Russia over the last week or two. According to the UK press a group at a Russian nuclear weapons facility were stealing tens of kilos of the stuff, and one guy supposedly was willing to trade a kilo of plutonium for 70 bottles of vodka. Occasionally coverage in the press does reflect events in the real world. -- Jim Dixon From jdd at aiki.demon.co.uk Thu Aug 25 11:39:27 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 25 Aug 94 11:39:27 PDT Subject: U & Pu "poisoning of the environment" Message-ID: <7842@aiki.demon.co.uk> In message <9408251512.AA11369 at focis.sda.cbis.COM> "Paul J. Ste. Marie" writes: > > > Epidemiologic studies of workers [even wartime workers with impressive > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > body burdens/ exposures] in a number of uranium bomb-making centers have > ^^^^^^^^^^^^^^^^^^^^^^^^ > > > found ~ no health effects. > > > > This is quite similar to saying that nerve gas is harmless because > > scarcely anyone working in storage areas has been killed by it. Or > > that bullets won't harm you because people handle crates of them and > > they don't get shot. > > No, it is not. If you had read the message more carefully, you would > have had to phrase your example as, "This is quite similar to saying > that nerve gas is harmless because scarcely anyone who has inhaled > substantial amounts of it has been killed by it." In all of these cases there is a serious attempt to make sure that the workers are not harmed by the dangerous substances involved. I must say that the phrase "impressive body burdens" is fairly incomprehensible. But nevertheless, my point stands: workers are carefully protected from the plutonium and U235 in nuclear weapons plants. When their radiation badges show what is considered a high level dose, this does not mean that they have been exposed to anything like, say, the radiation from a kilo of unshielded plutonium. If radioactive substances are used as weapons, the intention will be to do the maximum possible damage. I don't think that anyone would survive for long after exposure to, say, a suspension of plutonium in air designed to be breathed in, perhaps as an aerosol. To repeat my point: you say that statistical studies of workers in nuclear weapons plants which are specifically designed to minimize the effects of radiation show that radiation has done little harm. Well, I should hope so. On the other hand I say that such studies are poor criteria for judging the effects of radiation intended to do the maximum possible harm. I think that this is really indisputable. -- Jim Dixon From jdd at aiki.demon.co.uk Thu Aug 25 11:39:40 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 25 Aug 94 11:39:40 PDT Subject: Nuclear Weapons Material Message-ID: <7846@aiki.demon.co.uk> In message <199408251633.JAA16087 at netcom4.netcom.com> Mike Duvos writes: > Uranium is not particularly radioactive, being a long lived alpha > emitter. This is true of plutonium and some other fissionable > materials as well. I can handle clad uranium or plutonium > reactor or bomb components in complete safety with no protective > clothing needed. The only hazard is from ingestion of the > material, or from accumulation of decay products such as radon in > a badly ventilated area. > > Workers in nuclear fuel fabrication facilities have been known to > use small disks of plutonium sintered into a ceramic base as > poker chips. Is this true? I mean, do you know it from personal experience? I was told by what I considered to be reliable sources that plutonium was extremely toxic. Upon reflection, I am sure that this is the word that was used: toxic, not radioactive. By "clad", do you mean coated in lead? -- Jim Dixon From cp at omaha.com Thu Aug 25 11:49:18 1994 From: cp at omaha.com (alex) Date: Thu, 25 Aug 94 11:49:18 PDT Subject: swIPe Message-ID: <199408251849.NAA00253@omaha.omaha.com> The other day, while I was poking around the C'Punk FTP site, I ran across swIPe, the low-level network security protocol by Matt Blaze and John Ioannidis. I'm not as knowledgeble as many of the people here, but swIPe strikes me as "The Right Way" to apply crypto to net-communications. Instead of having secure email, secure mosaic, secure telnet, etc., you have secure IP traffic. It's comparatively simple, it's very flexible, and it's transparent. I haven't heard much about swIPe, and I was wondering if someone could bring me up to speed on it, let me know the status of the project, the conventional wisdom, etc. In particular, I'd like to know if anyone uses swIPe with Linux. Also, I'm curious about the practicality of using swIPe as a component in a larger secure mail (or secure anything) system. If I understand the situation properly, swIPe would only be one piece of a total security system. You'd still need to protect against unauthorized break-ins on your machine, and you'd still have to trust root, you'd still depend on the OS's built-in security, you'd still need a CFS type of program to store your swIPe keys, etc. Finally (I know I'm asking a lot of questions here), does anyone have any pointers to anything about the key-exchange system (apart from what was at soda)? Thanks, Alex From jdd at aiki.demon.co.uk Thu Aug 25 11:52:17 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 25 Aug 94 11:52:17 PDT Subject: Nuclear Weapons Material Message-ID: <7857@aiki.demon.co.uk> In message <9408251708.AA04970 at vail.tivoli.com> Mike McNally writes: > Mike Duvos writes: > > The idea is that the > > uranium penetrates the armor and the charge then explodes once > > the round is inside. > > I don't know much about modern munitions, but I do know that armor > piercing rounds may have no charge in them at all. Most do. RPGs, for example, definitely do. As I recall, a shaped charge punches a tiny hole through the armor and then injects a blob or jet of liquified metal into the vehicle. It's much worse than a ricochet. The explosion occurs outside the tank, driving the jet of metal in. Armor piercing artillery rounds are called HEAT (High Explosive Anti- Tank). The name says it all. -- Jim Dixon From ravage at bga.com Thu Aug 25 11:56:18 1994 From: ravage at bga.com (Jim choate) Date: Thu, 25 Aug 94 11:56:18 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408251830.AA20255@poboy.b17c.ingr.com> Message-ID: <199408251856.NAA03099@zoom.bga.com> > 2. Chobham, not Chobam. Chobham armor refers to a specific type of > layered armor, the precise composition and fabrication of which is > classified. It's named for the British works which first built it. > Reactive armor, such as is presently used by the Israelis and some > xUSSR units, is different; it consists of many small charges which > explode outward when hit by an incoming round. > If your spelling is correct then several of my books have mis-spellings. As to Chob(h)am bing classified, this was true till the late 80's. It is a ceramic based layered with cintered metallics that dissipate the KE of the incoming round. The Russians also developed this method for the T-72's at about the same time. It was discovered that the 'applique' armor on the T-72 was really this type of armor that could be bolted on. The reason that I lump the two together is that they both require a dual warhead to defeat. > 2. Of the aircraft listed above, none can carry the 30mm round used by > the A-10. There is a 25mm round for the Bradley AFV chain gun; > presumably it can also be fired from the Apache. I don't know of a > 20mm DU round. (Of course, there's also a 120mm APDS round for the M-1 > tank.) > I have seen the exact same chain-gun mounted on F-16's and A-10's here at Bergstron AFB in Austin at at least two different air shows. I am going on this alone. I do not know if this was ever an active use of the gun. > > I know of no ammo that uses anything other than brass or steel (in the > > case of mini-guns and other motor driven guns) for the case. The reason > > that the Uranium is used is because of its high density. > > 3. It is interesting to note that US Army tanks are now being equipped > with depleted uranium _armor_ precisely because its density makes a > great backstop. DU armor can pretty much shrug off most medium AT > weapons; it is quite heavy, but that's not a problem for vehicles > which already weigh as much as tanks. > Could you provide references for this application? I did technical support for Desert Storm and know of no use of such depleted armor in that campaign. Has Chrysler started putting applique style blocks on the M1 Abhrams? Take care. From perry at imsi.com Thu Aug 25 12:07:55 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 25 Aug 94 12:07:55 PDT Subject: swIPe In-Reply-To: <199408251849.NAA00253@omaha.omaha.com> Message-ID: <9408251905.AA05236@snark.imsi.com> alex says: > The other day, while I was poking around the C'Punk FTP site, I ran > across swIPe, the low-level network security protocol by Matt Blaze and > John Ioannidis. The code is just by JI, actually. Phil Karn has done a seperate experimental implementation > I'm not as knowledgeble as many of the people here, but swIPe strikes me > as "The Right Way" to apply crypto to net-communications. Instead of > having secure email, secure mosaic, secure telnet, etc., you have secure IP > traffic. It's comparatively simple, it's very flexible, and it's > transparent. Its sufficient for all protocols on which authentication and encryption have to be done on the link -- things like Telnet, for example. For things like Email, its not adequite, because the store and forward nature of the data means that you need authentication over the data and not over the link. > I haven't heard much about swIPe, and I was wondering if someone could > bring me up to speed on it, let me know the status of the project, the > conventional wisdom, etc. In particular, I'd like to know if anyone uses > swIPe with Linux. There is a (moribund) mailing list, swipe-request at cs.columbia.edu will get you on to it. There is also a successor protocol that has been developed by the IETF's IPSEC working group, called IPSP, which is essentially a simplification of swIPe; I'm editing the draft RFCs. Perry From jdd at aiki.demon.co.uk Thu Aug 25 12:10:20 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Thu, 25 Aug 94 12:10:20 PDT Subject: Nuclear Weapons Material Message-ID: <7866@aiki.demon.co.uk> In message <199408251812.NAA00474 at zoom.bga.com> Jim choate writes: > I would like to request some reference on the use of Uranium in the casing > of a shell or round. The casing gets thrown out on the ground (by both > aircraft and tanks) when the round goes off. There is no reason to use > anything other than brass or steel for this. There is some confusion in terminology here. The brass case is indeed discarded when the round is fired. Byt 'casing' he means the exterior of the warhead. The word 'round' is used for both the warhead+gunpowder+brass and then for the warhead itself. Larger artillery pieces do not use a brass shell case at all. The round is loaded, and then the powder is rammed in after it. > I can find no reference any U-core round being HE or otherwise carrying a > charge. In all cases that I am aware of and can find reference to it is simply > a KE attack on the target where the by products of the impact bounce around > inside the target grinding up whatever is in there. I believe that this is true, except that the 'products of the impact' are drops of metal and what they do is worse than grinding something up. -- Jim Dixon From pstemari at bismark.cbis.com Thu Aug 25 12:12:30 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Thu, 25 Aug 94 12:12:30 PDT Subject: U & Pu "poisoning of the environment" In-Reply-To: <7841@aiki.demon.co.uk> Message-ID: <9408251911.AA13480@focis.sda.cbis.COM> > In all of these cases there is a serious attempt to make sure that the > workers are not harmed by the dangerous substances involved. I must > say that the phrase "impressive body burdens" is fairly incomprehensible. "Body burden" refers to the amount of Pu that has been ingested and remains in the body. The entire point of safeguards is to minimize body burden and exposure. If someone has a "impressive body burden", it means the safeguards didn't work. From dance at cicero.spc.uchicago.edu Thu Aug 25 12:17:56 1994 From: dance at cicero.spc.uchicago.edu (Squeal) Date: Thu, 25 Aug 94 12:17:56 PDT Subject: Nuclear Weapons Material Message-ID: <9408251917.AA16342@cicero.spc.uchicago.edu> >I wonder why the issue of bomb parts is now being given such a >huge push in the press? For one thing, Germany has been going ballistic because of the sheer number of people trying to smuggle Uranium/Plutonium from the ex-Soviet Union across its borders for sale on the world market. The Christian Science Monitor had a good article on this last week sometime. _/_/_/ _/_/_/ _/ _/ _/_/_/ _/ _/ Disobedience is the true _/ _/ _/ _/ _/ _/ _/_/ _/ foundation of liberty. _/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ The obedient must be slaves. _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ _/_/_/ _/_/_/ _/_/_/ _/_/_/ _/ _/ _/_/_/ "Civil Disobedience" _/ (Thoreau) From ajteel at andronix.org Thu Aug 25 12:25:14 1994 From: ajteel at andronix.org (A. J. Teel, Sui Juris) Date: Thu, 25 Aug 94 12:25:14 PDT Subject: 'What A Long Strange Trip It's Been' by Lewis Sanders Message-ID: ================================================= === "What A Long Strange Trip Its Been: === === A Hippy's History Of The 60's & Beyond" === === By Lewis Sanders, 2nd. Edition, 1994 === ================================================= Dear Friend I am sending this special announcement to all of the addresses of net.friends that I found in my mailbox. I have come across a book that I am sure that many of you may be interested in. This is a one-time, special announcement and is _not_ the start of new mailing list. The book is, in my opinion, important enough to tell all of you about. "What A Long Strange Trip It's Been" is now available in an autographed, limited edition printing. This new and updated version of Sanders' 1989 underground classic has the reviewers raving. Readers can't put it down. Colleges are using it with great success in American History and Sociology classes. With unique first-hand knowledge of the subject, Sanders writes a detailed account of the people and events of the era. Users of my InfoBot might be especially interested in the appendix regarding 'world domination'. To obtain a brief flyer containing excerpts, a synopsis, and reviews about this riveting account of major trends of the last three decades, simply send a message to walstib-info at andronix.org. The author may also be reached at walstib at andronix.org . If you are not interested, _please_ _disregard_this_message_. Regards, -A. J.- =*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-= Without Prejudice UCC 1-207, A. J. Teel, Sui Juris, SLE USPS: A.C.T., A. Freeman, c/o 637 So. Broadway #B-212, Boulder, NON-DOMESTIC Colorado Republic, (u).S.A., P.Z.: 80303/TDC (303) 687-4935 24 Hours NIC: AJT =*=-=*=-=*=-= Random Liberty/Freedom Quote for this message =-=*=-=*=-=*=-=*= TREATY. "... Treaties usually provide for their own termination, but independently of that it has been held that when a treaty becomes dangerous to the life or incompatible with the independence of a state or a permanent obstacle to the development of its constitution or the rights of its people, it can be abdicated, and also when the condition of affairs which formed the basis of the treaty has become so modified by time that its execution has become contrary to the nature of things and the original intent of the parties: 22 Ct. Cls. 408." --Bouvier's Law Dictionary, 1897 edition. (Is NAFTA a "treaty" or an "agreement"?!) =*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-=*=-= No posts from .andronix.org may be commercially quoted without permission. Email frink-info at andronix.org for important 'Freedom, Ink.' Archives Data. Email walstib-info at andronix.org for What_A_Long_Strange_Trip_It's_Been Info. From merriman at metronet.com Thu Aug 25 12:53:52 1994 From: merriman at metronet.com (David K. Merriman) Date: Thu, 25 Aug 94 12:53:52 PDT Subject: Nuclear Weapons Material Message-ID: > >Occasionally coverage in the press does reflect events in the real >world. >-- >Jim Dixon > Christ, don't let the press find out they screwed up like that - otherwise, we'll *never* hear another bit of Real News (tm) again! Dave "I wish I wasn't joking so much" Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From remailer-admin at chaos.bsu.edu Thu Aug 25 13:12:16 1994 From: remailer-admin at chaos.bsu.edu (Anonymous) Date: Thu, 25 Aug 94 13:12:16 PDT Subject: No Subject Message-ID: <199408252005.PAA03671@chaos.bsu.edu> A couple comments: (1) They are not offering any form of encryption -- seem to feel that the intervening Internet mail spools are secure from would-be blackmailers. (2) Are suicide hotline communications, like psychiatric counseling, privileged communications? In what jurisdictions? ------------------------------ Subject: Support for the Suicidal - Full Launch - jo at samaritans.org Press Release August 17, 1994 The Samaritans are a non-religious charity offering emotional support to the suicidal and despairing. A test of "Help By E-mail" launched on July 14, 1994 proved so successful that an Internet domain is now open and is reached by mailing jo at samaritans.org. The E-mail service is run from Cheltenham, England, and is reached from anywhere with Internet access. At the launch, Mike Haines, the Director said: "During the test month we received over 200 messages. Many were from well wishers, journalists and academics but there were around 15 very desperate people as well. The need for a full launch of our service with an easier address was amply demonstrated." The Samaritans have been offering support to the suicidal and despairing for over 40 years by phone, visit and letter. Callers are guaranteed absolute confidentiality and retain the right to make their own decisions including the decision to end their life. Samaritans are carefully selected and prepared for this work (for which they are not paid). Those working with E-mail have additional training. Volunteers read and reply to mail every day of the year. A nominal end date of December 31, 1994 has been set but initial results have been so encouraging that it is likely to run indefinitely. The idea of an Internet service was born when a volunteer was exploring the UK based CIX conferencing service. Here, he discovered the "suicidehelp" self help group and Newsnet groups such as "alt.support.depression". After discussions with The Samaritans General Office it was decided to try offering a service from Cheltenham. The kind donation of a modem by US Robotics was a great help as was the assistance of staff at Compulink Information Exchange (CIX). The Samaritans of Cheltenham and District 3 Clarence Road CHELTENHAM Glos England Emergency phone: +44 242 515777 Press enquiries: +44 452 854017 E-mail: jo at samaritans.org (samaritans at cix.compulink.co.uk retained) Anonymous E-mail: samaritans at anon.penet.fi (Extremely Slow!) From wcs at anchor.ho.att.com Thu Aug 25 13:43:08 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 25 Aug 94 13:43:08 PDT Subject: Voluntary Governments? Message-ID: <9408252041.AA06828@anchor.ho.att.com> > > Here, someone will surely object that by this definition, the Mafia can > > be considered a government. > > Well, yes, of course. It has quasi-governmental functions in southern > Italy. ... and in Central New Jersey and parts of upstate New York as well :-) From hfinney at shell.portal.com Thu Aug 25 13:47:10 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 25 Aug 94 13:47:10 PDT Subject: Is pay-per authentication possible absent trust? In-Reply-To: <9408251759.AA23689@ua.MIT.EDU> Message-ID: <199408252046.NAA11580@jobe.shell.portal.com> Jason W Solinsky writes, quoting me: >> One thing I don't follow here is under what circumstances a "challenge" >> will occur. Presumably Microsquish will not blindly accept all of >> Ingve's assurances since they are backed only by promises. Can >> Microsquish force Ingve to go to his clients and make them produce >> certificates? Who pays for that? Maybe if you factor in that cost it >> won't look so bad for Charles. >First, just let me note that there are a thousand ways to structure it. >In my example, Microsquish gets to hold a challenge whenever they want >to. If everybody is being honest Microsquish will lose eight nano-slinkys >each time they challenge so they won't do it frequently. If everybody >is not being honest, Microsquish will collect substantial damages. One thing I'd add is that Charles still makes money whenever there is a challenge. If there were no challenges then there would be nothing to keep people honest. So it's not a matter of eliminating pay per use of certifications, it's just a matter of the frequency with which they are used vs other kinds. Also, as the challenges become less frequent, Charles can actually raise his rates and still let everyone else make money. He can even charge more than the 10 that Micro is paying for challenges, which he could probably not have done in the non-probabilistic (pre-Ingve) system. It sounds like Micro is paying the challenge fees (in at least one version) and if the penalties against cheaters are great enough it won't challenge very frequently, in which case a larger fee by Charles can be absorbed. >Lets just say that Charles isn't geting as much as he would like. Pay per >use is good for the consumer... note the resentment that high software >prices have created. Although everybody wins by adopting a system that >better approximates reality, ala superdistribution (but we are dealing with >authentication here, not information and after thinking about it alot I have >decided that authentication is NOT necessarily a form of information in that >you can easily demonstrate to somebody that you have been authenticated >without giving them the ability to prove it to somebody else [again lets not >get into a terminology debate, my point is that the intangible asset here >has a different set of properties from the kind we usually deal with in >information economy scenarios]), the consumer with his smaller buying power >wins the most. Another approach, BTW, is the "undeniable" signature, which allows an authorization which can only be checked with the cooperation of the issuer. (One of the ones Chaum came up with was described in a posting I made last weekend.) But again, the same "problem" arises where people could check only a fraction of signatures with voluntary penalty clauses. There is also the reseller who checks a signature interactively, paying Charles' fee, then sells his own certifications that you have a valid Charles certification, only these are use-many. The thing is, the amount of information being provided in a certification like this is so small (in effect, one bit) that the "information copying" problem hits pretty hard! If you can't stop people from copying a 1 MB game you're going to have a tough time keeping that single bit corralled. >Now that I think about it, its possible that I'm in error approaching this >problem from a cryptographic standpoint. Maybe the correct course of action >is to establish a cybergovernment which prohibits "Ingve the insurance >salesman" attacks and then set up the fine structure such that the >conspirators will have an enormous incentive to turn each other in. These tend to be non-local solutions, with a lot of overhead and extra mechanisms. Maybe you can make it work with your "government" but I'm afraid you may come to lean on it as the solution to all of your problems. Why bother with cryptography for anything; just have a "government" where everybody has posted a ruinous bond which they forfeit if they break a "law", then legislate communications privacy, non- duplication of electronic cash, bit commitments, etc., with heavy incentives for people to report cheaters? >BTW, perhaps there is an easier solution: only permit Cherles's >certifications to exist in an environment that he controls. Smart >cards and remote computers can easily do this, although remote >computers are undesirable due to their communications overhead. Again, though, people could just swear they've seen a Charles certificate and these witnesses will undercut Charles. As I said, I think there will still be a place for per-use certifications, but the market will decide how much they are used vs other kinds. I don't think you should worry so much about trying to fine tune the system so this one technology wins. There are a lot of possibilities that people may come up with. Hal From mpd at netcom.com Thu Aug 25 13:50:39 1994 From: mpd at netcom.com (Mike Duvos) Date: Thu, 25 Aug 94 13:50:39 PDT Subject: Nuclear Weapons Material In-Reply-To: <7845@aiki.demon.co.uk> Message-ID: <199408252050.NAA15791@netcom13.netcom.com> Jim Dixon writes: > I was told by what I considered to be reliable sources that > plutonium was extremely toxic. Upon reflection, I am sure > that this is the word that was used: toxic, not radioactive. Plutonium-239 emits alpha particles, which are helium nuclei, at an energy of approximately 5 MeV. Such particles are bulky and can be stopped by a few centimeters of air, or a thin piece of paper or metal foil. In order to cause damage, alpha emitters like plutonium must come in intimate contact with a material, such as the tissues of your lungs or bones or the inside of your favorite memory chip. A billionth of a gram of plutonium inhaled or swallowed is something to seriously worry about, but you can hold a lump of the stuff in your hand as long as it is covered with a leakproof cladding or vitrified into a ceramic. It is in this sense that plutonium is extremely toxic and hazardous to the environment, while at the same time not being particularly radioactive. Heavy shielding is not required between you and it. Of course once fissionable fuels are irradiated, they become extremely radioactive due to a wide spectrum of short-lived fission byproducts and then require precautions when they are handled. > By "clad", do you mean coated in lead? No - the desired properties of cladding are resistance to corrosion and heat, as well as a low absorption cross section for thermal neutrons. We're talking about materials like zirconium and iridium here, as well as specialized alloys of stainless steel. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From hfinney at shell.portal.com Thu Aug 25 13:58:33 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 25 Aug 94 13:58:33 PDT Subject: $10M breaks MD5 in 24 days Message-ID: <199408252058.NAA12488@jobe.shell.portal.com> I am not attending the Crypto conference, but I sat in on the evening "rump session" the other day. One of the more interesting papers had a claim (with little detail, unfortunately) that for ten million dollars you could build a machine that would "break" MD5, in the sense of finding another message which would hash to the same as a chosen one, in 24 days. This result did not depend on any internal structure in MD5, but was purely a result of the hash size (128 bits) and the time it takes to calculate a hash. The main new result which allowed this was a more efficient way of handling a parallel search for collisions (two messages which hash to the same thing). In some earlier methods, n machines provide only a sqrt(n) speedup. The new method improves this, although my notes don't show exactly how close they come to an n-fold speedup. The Secure Hash Standard (SHS, aka SHA) is, they said, 64K times slower, hence this technique would take 64K times longer (or cost ~64K times more?) to break that hash. I don't think this is probably anything to really worry about, but maybe it points out a need for a longer hash in the next few years. Hal P.S. The paper was by Paul C. van Oorschot & Michael J. Wiener. From remailer-admin at chaos.bsu.edu Thu Aug 25 14:15:04 1994 From: remailer-admin at chaos.bsu.edu (Anonymous) Date: Thu, 25 Aug 94 14:15:04 PDT Subject: No Subject Message-ID: <199408252107.QAA04756@chaos.bsu.edu> Kudos to Hal Finney for his descriptions of Stefan Brand's offline cash. As with other offline cash protocols it contains the following assumption: > Let's call the user Irving, and > the number which encodes his identity (it might just be his bank account > number in this case) we will call I. What happens when we've caught Irving double spending (or million spending?) Is it guaranteed that Irving will have enough in his bank account to cover the fraud? I don't see any way to guarantee that except for absurdly large security deposits. Also, are bank accounts required to be in True Names so that multi spenders can be caught and punished? If so, how do we prevent the use of numbered accounts, Duncan Frissel's nom de guerre accounts, etc. and do we really want to set up that kind of True Name infrastructure? Also, what about stolen coins? If Irving can succeed in stealing a coin from Jane without her knowledge, Irving can spend it untraceably as many times as he can get away with (perhaps thousands or even millions, depending on what security precautions we layer above the offline cash), and Jane gets fingered. On the other hand, Jane might simply give Irving some coins, plausibly claim they were stolen, and split the proceeds from Irving's spending spree. In general, multi spending might occur because of accident, malice, or a combination of those two factors. How do we distinguish between accident and malice to determine liability, reputation loss and/or punishment? From bdolan at well.sf.ca.us Thu Aug 25 14:38:43 1994 From: bdolan at well.sf.ca.us (Brad Dolan) Date: Thu, 25 Aug 94 14:38:43 PDT Subject: U & Pu is good for U Message-ID: <199408252138.OAA15395@well.sf.ca.us> >From: IN%"jdd at aiki.demon.co.uk" >To: IN%"psmarie at cbis.com" >CC: IN%"cypherpunks at toad.com" >Subj: RE: U & Pu "poisoning of the environment" > >In message <9408251512.AA11369 at focis.sda.cbis.COM> "Paul J. Ste. Marie" writes: >> > > Epidemiologic studies of workers [even wartime workers with impressive >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> > > body burdens/ exposures] in a number of uranium bomb-making centers have >> ^^^^^^^^^^^^^^^^^^^^^^^^ >> > > found ~ no health effects. >> > >> > This is quite similar to saying that nerve gas is harmless because >> > scarcely anyone working in storage areas has been killed by it. Or >> > that bullets won't harm you because people handle crates of them and >> > they don't get shot. >> > >> No, it is not. If you had read the message more carefully, you would >> have had to phrase your example as, "This is quite similar to saying >> that nerve gas is harmless because scarcely anyone who has inhaled >> substantial amounts of it has been killed by it." > >In all of these cases there is a serious attempt to make sure that the >workers are not harmed by the dangerous substances involved. I must >say that the phrase "impressive body burdens" is fairly incomprehensible. I grant you that "impressive" is not too specific but "body burden" is a common way of referring to the material which is taken into the body and retained. Typically, most material inhaled or ingested is quickly exhaled or excreted out of the body. Some exposure (and dose) accrues during this time. If some material remains deposited in the body, exposure continues. >But nevertheless, my point stands: workers are carefully protected from >the plutonium and U235 in nuclear weapons plants. By the standards of the time, workers during WWII were pretty well protected. By our standards, which may be overly conservative, some WWII-era workers received large doses and/or body burdens. Because these workers (1) had exposures and (2) were monitored, they are the group of choice for epidemiological studies. > When their radiation >badges show what is considered a high level dose, this does not mean >that they have been exposed to anything like, say, the radiation from >a kilo of unshielded plutonium. I would be happy to hold a kilo of unshielded plutonium in my hand. I would probably think it wise to wash it later. Pu is an alpha emitter. Its radiation will not penetrate the dead layer of the skin. I have held pieces of uranium in my hand. I'm still here. >If radioactive substances are used as weapons, the intention will be >to do the maximum possible damage. I don't think that anyone would >survive for long after exposure to, say, a suspension of plutonium >in air designed to be breathed in, perhaps as an aerosol. I would bet that you could get a lot more effect for your terrorist dollar with aerosols of any number of other, more commonly available substances (like gasoline). I don't have ready access to a good library right now to go pull references but if you follow up on the references to these three papers, you should find more than you will ever care to read on the topic: Wilkinson, G.S.; Tietjen, G.L.; Wiggs, L.D.; Galke, W.A; Acquavella, J.F.; Reyes M.; Voelz, G.L.; Waxweiler, R.J. Mortality among plutonium and other radiation workers at a plutonium weapons facility. Am. J. Epidemiol. 125:231-250; 1987. Checkoway, H.; Mathew, R.M. Shy, C.M.; Watson, J.E. Jr.; Tankersley, W.G.; Wolf, S.H.; Smith, J.C.; Fry, S.A. Radiation, work experience, and cause specific mortality among workers at an energy research laboratory. Br. J. Indust. Med. 42:525-533; 1985. Peterson, G.R.; Gilbert, E.S.; Buchanan, J.A., Stevens, R.G. A Case- Cohort Study of Lung Cancer, Ionizing Radiation, and Tobacco Smoking Among Males at the Hanford Site. Health Physics, 58:3-11; 1990. >To repeat my point: you say that statistical studies of workers in >nuclear weapons plants which are specifically designed to minimize >the effects of radiation show that radiation has done little harm. Loosely put, the studies say, "Workers at facility X whose exposures varied from {small} to {large} showed/did not show increased death rates from {long lists of diseases}." >Well, I should hope so. >On the other hand I say that such studies are poor criteria for >judging the effects of radiation intended to do the maximum possible >harm. Well, these studies are about all we have to go on right now. The wartime residents of Hiroshima and Nagasaki do provide a large set of folks exposed to "radiation intended to do the maximum possible harm" but, darn it, none of them were wearing dosimeters. People do study these groups, making educated guesses about doses, but it's hard to draw precise conclusions on that basis. To draw this off-topic topic to a close, I recommend the following to help bring the various risks into perspective: Cohen, B.L.; Catalog of Risks Extended and Updated. Health Physics, 61:317-335, 1991. >I think that this is really indisputable. >-- >Jim Dixon Sorry for disputing. Brad bdolan at well.sf.ca.us  From wcs at anchor.ho.att.com Thu Aug 25 15:05:53 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 25 Aug 94 15:05:53 PDT Subject: Using PGP on Insecure Machines Message-ID: <9408252204.AA08034@anchor.ho.att.com> > > Also importantly, the user interfaces for PGP simply suck as it > > stands, making people like Tim uninterested in going through the .... > At the risk of repeating myself, what's the problem with wrapping PGP in > a shell script? Works for me - see a previous mailing, complete with > wrapper scripts. I can send either encrypted or just signed email > without especially noticing it. Wrapping PGP in shell scripts is only useful for people who use shells, and a lot of people either use GUIs instead (often non-extensible ones), or keep their PGP on PCs at home rather than their networked Unixen at work where they get their mail. This means that to use PGP, they need to do things like kermit from home to work, read their mail, save it in files, kermit the files to their PC, PGP-decrypt and read them on the PC, etc. It's a bit easier if people have remote-scriptable terminal emulators on their PCs, which let the Unix end run a script to save the file and download it and maybe fire up PGP on the PC, but it still feels annoyingly like work, and if your Unix box can download files to your PC and run them, it can run pgp-steal-keys just about as well as real PGP. Similarly, if you've got TCP/IP running on your PC, whether through SLIP or directly, you've still got a security risk to worry about. You can reduce these problems by running a _real_ operating system on your PC, but it's tougher to run your favorite applications that way, and you still need to either run all your mail down to the PC, which isn't practical for lots of people, or explicitly forward the stuff down there from your main mail system. There's another transparency problem, at least for reading encrypted mail - you either need to type in your passphrase each time, which is annoying and increases exposure somewhat, or you need to leave it aorund in environment variables, etc., which also increase exposure. On the other hand, a shell script approach can be just fine for signature checking, as long as your mailreader has a painless interface, since there isn't much security risk from having PGP on a machine without your real secret key and passphrase there. There's still some risk - if the machine is shared with other people, someone may be able to replace PGP with pgp-cc:-kgbvax or pgp-nsa-sig-verify - but it's a start. Bill # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 From juola at suod.cs.colorado.edu Thu Aug 25 16:15:11 1994 From: juola at suod.cs.colorado.edu (Patrick Juola) Date: Thu, 25 Aug 94 16:15:11 PDT Subject: Nuclear Weapons Material Message-ID: <199408252314.RAA25313@suod.cs.colorado.edu> In order to cause damage, alpha emitters like plutonium must come in intimate contact with a material, such as the tissues of your lungs or bones or the inside of your favorite memory chip. A billionth of a gram of plutonium inhaled or swallowed is something to seriously worry about, but you can hold a lump of the stuff in your hand as long as it is covered with a leakproof cladding or vitrified into a ceramic. It is in this sense that plutonium is extremely toxic and hazardous to the environment, while at the same time not being particularly radioactive. Heavy shielding is not required between you and it. My understanding is that the heavy metal toxicity of Pu exceeds the radioactive toxicity by several (10?) orders of magnitude. In other words, the fact that Pu is an alpha emitter is irrelevant to the risk -- it's simply like lead poisoning only several billion times worse. Simple arithmetic yields that the amount of alpha exposure from a billionth of a gram of an alpha emitter with a half-life measured in thousands of years is infinitismal. - kitten From roy at sendai.cybrspc.mn.org Thu Aug 25 16:22:23 1994 From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail) Date: Thu, 25 Aug 94 16:22:23 PDT Subject: Nuclear Weapons Material In-Reply-To: <7846@aiki.demon.co.uk> Message-ID: <940825.173900.1n4.rusnews.w165w@sendai.cybrspc.mn.org> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, Jim Dixon spake: > In message <199408251633.JAA16087 at netcom4.netcom.com> Mike Duvos writes: >> Workers in nuclear fuel fabrication facilities have been known to >> use small disks of plutonium sintered into a ceramic base as >> poker chips. > > Is this true? I mean, do you know it from personal experience? > I was told by what I considered to be reliable sources that plutonium > was extremely toxic. Upon reflection, I am sure that this is the > word that was used: toxic, not radioactive. Plutonium oxide has a reputation for causing eventual lung cancer when inhaled in microgram quantities. But if the plutonium metal is sintered into a ceramic, it's not loose and breathable. I can't say how otherwise toxic it might be, but I'd expect it to be similar to other heavy metals. So the poker chips sound pretty safe. - -- Roy M. Silvernail [ ] roy at sendai.cybrspc.mn.org PGP public key available by mail echo /get /pub/pubkey.asc | mail file-request at cybrspc.mn.org These are, of course, my opinions (and my machines) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLl0ekRvikii9febJAQFjmQP+NZQNtjp4D/nLDv9iF613FjvMi+IufqqL Km5zh6dU8G55/MzhyDqhVi3uN+xyzUdMXti1QbYNA7iiuIWlb2igR+VF9lqBC0Te v+OsgT8NFAcRLwAKtCWv2dylo0aAI6q2gJXlhHNqzCsjJk2wpSZwxVWPA4HoUfh5 OI0UZvAx7rc= =/ASB -----END PGP SIGNATURE----- From dave at esi.COM.AU Thu Aug 25 16:29:03 1994 From: dave at esi.COM.AU (Dave Horsfall) Date: Thu, 25 Aug 94 16:29:03 PDT Subject: Using PGP on Insecure Machines In-Reply-To: Message-ID: On Wed, 24 Aug 1994, NetSurfer wrote: [ On Knuth no longer reading his mail ] > > He's also trying to complete his "Art of Computer Programming" series... > > Is Volume IV out yet? My I-III still await the promise of the Intro... Not that I know of. -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD From khijol!erc at apple.com Thu Aug 25 16:35:11 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Thu, 25 Aug 94 16:35:11 PDT Subject: Using PGP on Insecure Machines In-Reply-To: <9408252204.AA08034@anchor.ho.att.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > You can reduce these problems by running a _real_ operating system on your PC, > but it's tougher to run your favorite applications that way, > and you still need to either run all your mail down to the PC, > which isn't practical for lots of people, or explicitly forward > the stuff down there from your main mail system. > > There's another transparency problem, at least for reading encrypted mail - > you either need to type in your passphrase each time, which is annoying and > increases exposure somewhat, or you need to leave it aorund in environment > variables, etc., which also increase exposure. I use Linux at home, and uucp my email down at regular intervals to the box at home. When I want to run windoze, I just say "reboot". The Linux uucp runs just fine, and talks to everyone else, as far as I know. I keep my PGP pass phrase in $PGPPASS, although I have to type it in every time I log in - small price to pay. The machine at home is pretty secure - - I hope! :) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLl0efyS9AwzY9LDxAQGtygP9GjJtTV+0O+RNzC2+4ypQ0i18gY36kZh5 1KekzPYZQtQdNxUwsziRENhr1UC4GT/BI0m83Bf74jHl/fFJXOzeoGJQLLJwnufD XT/HnRlOHa6DR3ZxrEH3BomnWHqCzUhGk5khnf9VdU6qi6kNJyLCf40R2BdtAxRf YzDt2q7Bw1k= =9Zxg -----END PGP SIGNATURE----- From thad at pdi.com Thu Aug 25 16:54:17 1994 From: thad at pdi.com (Thaddeus Beier) Date: Thu, 25 Aug 94 16:54:17 PDT Subject: Nuclear Weapons Material Message-ID: <9408252351.AA12670@fulcrum.pdi.com> To: cypherpunks at toad.com Subject: Re: Nuclear Weapons Material >> Roy M. Silvernail says: >> Plutonium oxide has a reputation for causing eventual lung cancer when >> inhaled in microgram quantities. But if the plutonium metal is sintered >> into a ceramic, it's not loose and breathable. I can't say how >> otherwise toxic it might be, but I'd expect it to be similar to other >> heavy metals. So the poker chips sound pretty safe. They'd be safe unless the pot got really big. I recall hearing a radio show in which some nuclear engineer was saying that such-and-such and incident couldn't have really gone critical, because when that happens, it starts to glow sort of bluish color, and you feel heat as if you were standing in front of a really big oven. The way it sounded, I got the impression that unintended criticalities did happen now and then. Thad Beier Pacific Data Images 408)745-6755 thad at pdi.com From cp at omaha.com Thu Aug 25 17:01:47 1994 From: cp at omaha.com (alex) Date: Thu, 25 Aug 94 17:01:47 PDT Subject: $10M breaks MD5 in 24 days In-Reply-To: <199408252058.NAA12488@jobe.shell.portal.com> Message-ID: <199408260001.TAA00715@omaha.omaha.com> > One of the more interesting papers had a claim (with little detail, > unfortunately) that for ten million dollars you could build a machine that > would "break" MD5, in the sense of finding another message which would > hash to the same as a chosen one, in 24 days. This in itself wouldn't give an attacker much of anything would it? I mean, once they discovered a message which hashed to a given value, the new message wouldn't be in the proper format, would it? Wouldn't it just be noise, instead of text in english, crypto keys, etc.? From dave at esi.COM.AU Thu Aug 25 17:07:15 1994 From: dave at esi.COM.AU (Dave Horsfall) Date: Thu, 25 Aug 94 17:07:15 PDT Subject: Nuclear Weapons Material In-Reply-To: <7866@aiki.demon.co.uk> Message-ID: On Thu, 25 Aug 1994, Jim Dixon wrote: > I believe that this is true, except that the 'products of the impact' are > drops of metal and what they do is worse than grinding something up. Don't be coy -- what do they do? -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD From jya at pipeline.com Thu Aug 25 17:08:41 1994 From: jya at pipeline.com (John Young) Date: Thu, 25 Aug 94 17:08:41 PDT Subject: Spoofing Nuclear Weapons and PGP Message-ID: <199408260007.UAA09301@pipe1.pipeline.com> Responding to msg by dichro at tartarus.uwa.edu.au (Mikolaj Habryn) on Thu, 25 Aug 5:51 PM >not really certain. *shrug* sorry. Read some books on >it - the amount of literature which should be >classified but is freely available is mind-boggling. To tie this back to crypto and technology: Under a sub-sub-sub-contract I once worked on some phony CAD drawings for the nuclear weapons production process, plotting false info that still appears in popular books, some of which has been posted here. The docs were then encrypted and stegonagraphied for authenticity. We were told that they were turned loose on the market for this product in other countries. I don't know if the USG was involved, there no security clearances. It may have been a commercial scam. Also, growing up not to far from LANL, I was told that kids of staff were encouraged to chat about B-this and W-that by the security people there as part of the fog around that outfit. This supports the suggestion for profligate use of PGP as a stratagem, to make it harder to tell the trivial from the other. Or is public encryption a stratagem to focus on software rather than hardware? Anybody hear anything about covert ID in new-generation CPUs, like done with supercomps? John From chen at intuit.com Thu Aug 25 17:15:50 1994 From: chen at intuit.com (Mark Chen) Date: Thu, 25 Aug 94 17:15:50 PDT Subject: Using PGP on Insecure Machines (fwd) Message-ID: <9408260014.AA14201@doom.intuit.com> > [ On Knuth no longer reading his mail ] > > > He's also trying to complete his "Art of Computer Programming" series... > > > > Is Volume IV out yet? My I-III still await the promise of the Intro... > > Not that I know of. A recent Computer Literacy newsletter has an interview with Knuth in which he says (if I recall correctly) that he plans to complete vols. IV and V by 1998, whereupon he will begin work on a revised edition of vol. I. He's now emeritus at Stanford so that he can write full-time. -- Mark Chen chen at netcom.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From perry at imsi.com Thu Aug 25 17:28:36 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 25 Aug 94 17:28:36 PDT Subject: $10M breaks MD5 in 24 days In-Reply-To: <199408252058.NAA12488@jobe.shell.portal.com> Message-ID: <9408260027.AA05595@snark.imsi.com> Hal says: > The Secure Hash Standard (SHS, aka SHA) is, they said, 64K times slower, > hence this technique would take 64K times longer (or cost ~64K times > more?) to break that hash. Well, I suppose this demonstrates that the NSA knew what they were doing when they set the SHA's length to 160 bits. Let it never be said that they aren't right on top of everything... Perry From perry at imsi.com Thu Aug 25 17:37:35 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 25 Aug 94 17:37:35 PDT Subject: $10M breaks MD5 in 24 days In-Reply-To: <199408260001.TAA00715@omaha.omaha.com> Message-ID: <9408260037.AA05604@snark.imsi.com> alex says: > > One of the more interesting papers had a claim (with little detail, > > unfortunately) that for ten million dollars you could build a machine that > > would "break" MD5, in the sense of finding another message which would > > hash to the same as a chosen one, in 24 days. > > This in itself wouldn't give an attacker much of anything would it? I > mean, once they discovered a message which hashed to a given value, the > new message wouldn't be in the proper format, would it? Wouldn't it just > be noise, instead of text in english, crypto keys, etc.? Schneier has a good discussion of this. Suffice it to say, if I have a magic collision search box, I might very well be able to produce an interesting result very easily. Imagine the existance or nonexistance of a space at some number of locations in a document as being a bit. Then, imagine that I have a hash signed by you. If I can search very fast, I could compose a contract that you never signed, and search through the trivial variations of that contract with spaces present or absent at some number of points. I can thus trivially generate the number of variations on the contract needed to find a collision -- if I can only search those variations fast enough you lose. Given that ten million dollars isn't real money, if this is true MD5 isn't worth that much any longer -- it certainly isn't safe for use in signing digital drafts, for example. Perry From perry at imsi.com Thu Aug 25 17:40:41 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 25 Aug 94 17:40:41 PDT Subject: Spoofing Nuclear Weapons and PGP In-Reply-To: <199408260007.UAA09301@pipe1.pipeline.com> Message-ID: <9408260040.AA05622@snark.imsi.com> John Young says: > Under a sub-sub-sub-contract I once worked on some phony CAD > drawings for the nuclear weapons production process, plotting > false info that still appears in popular books, some of which > has been posted here. > > The docs were then encrypted and stegonagraphied for > authenticity. We were told that they were turned loose on the > market for this product in other countries. Its been a long time coming. *Plonk*. Perry From ravage at bga.com Thu Aug 25 17:47:44 1994 From: ravage at bga.com (Jim choate) Date: Thu, 25 Aug 94 17:47:44 PDT Subject: Nuclear Weapons Material In-Reply-To: <7865@aiki.demon.co.uk> Message-ID: <199408260047.TAA20303@zoom.bga.com> > > There is some confusion in terminology here. The brass case is indeed > discarded when the round is fired. Byt 'casing' he means the exterior of > the warhead. The word 'round' is used for both the warhead+gunpowder+brass > and then for the warhead itself. Larger artillery pieces do not use a > brass shell case at all. The round is loaded, and then the powder is > rammed in after it. > That is called the 'jacket' in all the years I have handled weapons that is the only correct term for it. The casing is where the powder goes. We were not talking about artillery pieces in relation to the comment by me on this issue. I know little about artillery, I do know about tanks and aircraft because they are a life long interest for me. > > I can find no reference any U-core round being HE or otherwise carrying a > > charge. In all cases that I am aware of and can find reference to it is simply > > a KE attack on the target where the by products of the impact bounce around > > inside the target grinding up whatever is in there. > > I believe that this is true, except that the 'products of the impact' are > drops of metal and what they do is worse than grinding something up. > -- > Jim Dixon > The pieces in most cases are simply slivers of metal that breaks off the inside of the tank because of hyper-sonic shockwaves. They are not molten and do not in general cause a fire. Other than a lucky hit on a live round with the ammo door open there is little chance of starting a fire. From rah at shipwright.com Thu Aug 25 17:51:56 1994 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 25 Aug 94 17:51:56 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408260050.UAA04812@zork.tiac.net> > Making a digital cash system secure, scalable and distributed >is a non-trivial task, making it anonymous is still more difficult. But it's done already, right? At least as far as scoping out the problems and having reasonable solutions which now need to be tried out, I mean. If we're talking about problems of marketing, access to and from the rest of the financial infrastructure, enforcement for fraud (double spending), I think the problems are manageable enough for a market test, and I've done my best to talk about that here and elsewhere. If you're talking about algorithms, they're done already. They're to the point where people are writing better ones that do the same thing more efficiently. If you're talking about the operations stuff (handling cash, keeping track of unspent cash, identifying offenders, etc) I contend that the code is being written now or has been written already. >Guaranteeing anonymity creates alot of problems as was brought out in a >previous discussion on license based cash in which it was pointed out >that by colluding with consumers a bank can still "mark" bills. I am under the impression that technology exists that allows anonymous offline digital cash transactions where double spenders are identified. Is that not the case? >I am yet to see a single anonymous digital cash system which could not be >implemented more simply if the requirement on anonymity were not made. I >would be pleased to be proven wrong. How simply? Are the computational requirements for generating a piece of anonymous offline digital cash, for discovering double spenders, for holding and spending cash Chaum's digital cash, or, say, Brand's version, excessive when compared to non-secure methods, especially on-line methods? Why do you suppose these guys are spending money developing the stuff? Are they wasting their time? I've heard sums in the range of at least $10 million that Chaum has spent already... >What I'm really asking is for an example of this overhead that is being >reduced. First of all, I'd like you to talk a little about offline digital cash systems which are non-anonymous, and have all the other features of Chaum or Brands. Pointers to the information is fine, unless others want to see it here. If you're talking about *any* online system, I've got you hammered. I just won that fight on another list (or at least I think I did ;-)), and I'll dump it all to you through e-mail, if you want. I'll give you hint: my jumping off point was Eric's observation that offline methods don't involve the banking system to effect every transaction. >> There are other reasons >> for not doing on-line transactions. Including credit checks, interest >> calculations on outstanding balances, vendor reserve requirements, >> transaction threading, on-line wait states and bandwidth, etc. It's >> considerable. > >And its going to get more considerable when we have communities of agents >arguing with each other. I think we want to solve the problems created by >these requirements, not shy away from them. Agreed, but I don't think avoiding them all together by doing transactions offline is shy, I think it's economically necessary. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From sw at tiac.net Thu Aug 25 17:53:17 1994 From: sw at tiac.net (Steve Witham) Date: Thu, 25 Aug 94 17:53:17 PDT Subject: Arizona State Email Non-Privacy Policy Message-ID: <199408260051.UAA04839@zork.tiac.net> Dear Cypherpunks- A friend mailed the following questions, which I have edited. Please Cc: any replies to me for now as I'm getting back on cypherpunks after the digest was shut down. Note: A.S.U. is Arizona State University, in Tempe (next to Phoenix). >I want to ask you something. What sorts of illegal things could a person do >with an email account? What's happening is that A.S.U. has just adopted a >policy which allows them to...well, this is way it says: "The routine >management and administration communication systems or computers may include >the monitoring of any or all activity on these systems on a regular basis" >blah blah blah "Any message is permanent and may be read by persons other than >the intended reader." I'm sure this has always been the case, and that they >are just coming out with it. They also say that "We no longer take requests >for the Public Records Act." Do you know what that means? > ... >You know, some landlord out here just got arrested for installing video >cameras in his tennant's apartments... it seems like a similar situation to >this - what the University does. The reasons they give are, you know, they >just want to make sure no one is running a business, doing anything illegal >(A.S.U.P.D....heh!), or "inapproporate" like sending nasty messages to people, >or mail bombs or something. But it doesn't seem like they would need to sneak >into your mail to find out if your bugging people. The other thing, is that >they say that they can go into your mail without telling you first, and that >we should trust that they wont abuse this... > ... >Something else, I just found out that it's "inappropriate" to use the A.S.U. >system for social correspondence! It's listed uner abuses along with >computer fraud and pirating. (!) Quite a few people answered (thank you all) my earlier question by saying that doing your own encryption is the best solution. True in a way, but I know there are "student rights" groups that specifically work to intimidate college computer administrations into modifying these sorts of policies, also setting up standard privacy policies, etc. Is there some other mailing list or newsgroup where I would find them? -- forwarded by Steve - - - - - - - - - - why did the chicken cross the infobahn? finger for more info. From mpd at netcom.com Thu Aug 25 18:23:06 1994 From: mpd at netcom.com (Mike Duvos) Date: Thu, 25 Aug 94 18:23:06 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408252314.RAA25313@suod.cs.colorado.edu> Message-ID: <199408260034.RAA19466@netcom2.netcom.com> Patrick Juola writes: > My understanding is that the heavy metal toxicity of Pu > exceeds the radioactive toxicity by several (10?) orders of > magnitude. In other words, the fact that Pu is an alpha > emitter is irrelevant to the risk -- it's simply like lead > poisoning only several billion times worse. > Simple arithmetic yields that the amount of alpha exposure > from a billionth of a gram of an alpha emitter with a > half-life measured in thousands of years is infinitismal. The danger stems not from the radiation effects of the alpha exposure, which are not significant, but from the fact that continuous long term internal exposure will eventually cause your cells to undergo malignant transformation. This may take several decades, but it will kill you just as surely in the end. With regard to this risk, internal contamination with even a billionth of a gram of plutonium is something to worry about. Some believe, for instance, that a good part of the risk of lung cancer from smoking comes from inhaling alpha-emitting isotopes of polonium and other elements that are concentrated by the tobacco plant. I don't know enough about this theory to agree or disagree with it, but it has been around for a number of years. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From perry at imsi.com Thu Aug 25 19:00:32 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 25 Aug 94 19:00:32 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408260047.TAA20303@zoom.bga.com> Message-ID: <9408260200.AA05702@snark.imsi.com> Jim choate says: > > There is some confusion in terminology here. The brass case is indeed > > discarded when the round is fired. Byt 'casing' he means the exterior of > > the warhead. The word 'round' is used for both the warhead+gunpowder+brass > > and then for the warhead itself. Larger artillery pieces do not use a > > brass shell case at all. The round is loaded, and then the powder is > > rammed in after it. > > > That is called the 'jacket' in all the years I have handled weapons that is > the only correct term for it. The casing is where the powder goes. Correct -- the Illustrated Encyclopedia of Ammunition fully agrees with you on this point. > > > I can find no reference any U-core round being HE or otherwise > > > carrying a charge. In all cases that I am aware of and can find > > > reference to it is simply a KE attack on the target where the by > > > products of the impact bounce around inside the target grinding > > > up whatever is in there. > > > > I believe that this is true, except that the 'products of the impact' are > > drops of metal and what they do is worse than grinding something up. > > > The pieces in most cases are simply slivers of metal that breaks off the > inside of the tank because of hyper-sonic shockwaves. They are not molten > and do not in general cause a fire. Other than a lucky hit on a live > round with the ammo door open there is little chance of starting a fire. Correct, in the case of kinetic energy weapons -- shaped charge weapons end up squirting a jet of molten metal through the armor. There may be a misunderstanding about what is being discussed here. However, might I suggest that this has gotten VERY far afield of cryptography? .pm From perry at imsi.com Thu Aug 25 19:06:33 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 25 Aug 94 19:06:33 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408260047.TAA20303@zoom.bga.com> Message-ID: <9408260206.AA05720@snark.imsi.com> Jim choate says: > The pieces in most cases are simply slivers of metal that breaks off the > inside of the tank because of hyper-sonic shockwaves. They are not molten > and do not in general cause a fire. Other than a lucky hit on a live > round with the ammo door open there is little chance of starting a fire. Actually, my last comment was premature -- I hadn't read what you said carefully. If you meant to say that such things as discarding sabot shots don't penetrate the armor directly, according to the Illustrated Encyclopedia of Ammunition, non-shaped charge armor piercing projectiles do indeed pierce the armor. Incidently, I was wrong on one point -- there is a kind of shell called a "piercing shell" designed to explode after penetration -- but these are apparently not very successful with modern armor and are rarely used. Perry PS again, this really should be terminated -- it doesn't belong in cypherpunks. From hfinney at shell.portal.com Thu Aug 25 20:21:26 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 25 Aug 94 20:21:26 PDT Subject: Cash, cheaters, and anonymity Message-ID: <199408260321.UAA11210@jobe.shell.portal.com> This is a response to an untitled anonymous post which raised some good issues. My answers may be a little controversial; feel free to disagree. One question is the ease of theft in a digital cash environment, and the consequences of claiming that secrets have been stolen. This problem was recognized very early on in discussions of digital signatures. The whole point of a signature is so that someone can be held to a commitment. But an easy "out" would be to "accidentally on purpose" let the secret keys be stolen, then to claim that the signature was actually forged. Contrariwise, a business might be vicitimized by actually having its secrets stolen and a forged signature created that committed it to an unfavorable action. I don't know what the best solution of these kinds of problems will be. Probably in the next couple of years we will see some test uses of digital signatures, and then we can see how these conflicts will be handled by the courts. Obviously, traditional methods like handwriting analysis which rely on physical imperfections will not be useful. Instead the issues to be examined would include the security methods used to guard the secrets, who might have had access to them, what the reputations are of the parties involved, and so on. It seems like these cases will not be easy to resolve cleanly. On the other hand, I would hope that people actually can learn to use care in safeguarding their secrets. The pass words and PINs we use today may be complemented by physical checks for voice patterns, thumb prints, perhaps (ironically) handwriting. Another approach would be to raise people's IQ to about 1000, so they could do an unbreakable authentication protocol in their heads :o. Failing that, there have been suggestions (one here a couple of days ago) to use various kinds of information exchange between the authenticating device and the human user in order to prove authorization in such a way that even a thief who has snooped on past exchanges will not be able to use the device. This approach is sometimes called the use of "pass algorithms". Applying this to the double-spending case, I suspect that Bob Hettinga is more on the right track in seeing the solution in the legal system rather than a simple "shucks, you caught me" forfeiting of a bond worth triple damages. There really should be no excuse for double spending, even of a penny, and the penalties could be made strong enough to deter most people. If a bank does not think they will be able to find and prosecute a person who is withdrawing off-line digital cash, they will probably not give any to him. Then if the money is double-spent, the person who withdrew it would be prima facie responsible, with a reasonable presumption that they did it unless there is significant evidence otherwise. I don't know that this is how it will work out but it is one possibility (unless the uncertainty just scares everybody away - but I think the digital signature experience will get people used to the concepts and problems). The other point I wanted to discuss was this issue of the bank authenticating the people who receive the cash. This does raise the spectre of a big brother system where there is some way to identify people with 100% certainty. Obviously this could be abused. My feeling is that there is a rather fine line we could walk in which this potentially-oppressive technology exists, but in which it is wielded in a way which enhances privacy and gives people the maximum degree of control over information about themselves. By analogy, think of a surgeon using a scalpel. This is a tool which is capable of terrible damage, and it is only by using it with the utmost skill that it brings about great benefits. Shunning knives altogether would be as bad as allowing everyone to hack and slash indiscriminantly. In a similar way, authentication technology is IMO a necessary enabling step for uses of cryptography which will enhance privacy. Off-line cash is one example. We have to protect the interests of all parties involved in a transaction or else it will not occur (voluntarily). A bank will not want to give out ecash tokens for which it is liable unless it is confident that it has some recourse in the case of fraud (such as double-spending). If users have to identify themselves to the bank in an utterly non-private way, that is only so that they can then spend the money in perfect privacy. The authentication that exists at the withdrawal step is wiped out by the blinding of the cash that is done before it is spent. It is a matter of balance. Without the authentication, you're not going to have off-line cash, IMO. You will be stuck with on-line systems in which everyone has to verify everything before accepting it. This means you pay a cost in communications overhead and possibly other foregone opportunities. Another example would be digital credentials. These can be thought of as digital tokens, somewhat like cash tokens, which have specific, published meanings. One might mean, "salary > $40K". Another, "age > 18 years". Like ecash, they can be issued and then re-blinded so they are not recognizable. Here we do not have the double-spending problem, but there is still a need for authentication. In order for these credentials to be trusted, the organizations which issue them will have to validate your eligibility. You'll have to show birth certificates, pay stubs, and all of the other kinds of paraphernalia you do today. The thought of this may grate in the minds of those seeking the freedom of digital anonymity. But, again, once this authenticating step is completed, you gain the advantages of a system where you could potentially borrow money, rent cars, and do other things which all involve authentication today, in complete privacy. You authenticate yourself once, and from then on the system works for you. So, my vision of the ideal future is neither a database society, where everything is recorded and tracked and privacy is protected only by a flimsy shield of laws that are widely flouted, nor a digital anarchy where identity is meaningless and trust among transitory pseudonyms is virtually impossible. Rather, I see a foundation of careful, nit-picking authentication upon which is built an elaborate structure of information flows fully under the control of the individuals involved. By adding the option for authentication to the mix, you actually expand the opportunities offered by digital privacy technology. Hal Finney From jya at pipeline.com Thu Aug 25 20:37:31 1994 From: jya at pipeline.com (John Young) Date: Thu, 25 Aug 94 20:37:31 PDT Subject: Actually plonking on a routine basis Message-ID: <199408260337.XAA14835@pipe1.pipeline.com> > >Responding to msg by tcmay at netcom.com (Timothy C. May) >on Thu, 18 Aug 4:41 PM > >>I'd be a lot more interested if there were >>some tie-ins to crypto policy and technology. > >Yep, this is what I want also but need participation by >others so I don't stick out too much and get Dixon-ized >by Perry, or, bless him, Nzook-ized by Graham. > >Just see what happens when I post shortly. > >John Goodness Perry, Why waste talent aping yourself? Tim wisely says above: use your smarts on crypto and techno. John From blancw at microsoft.com Thu Aug 25 20:52:31 1994 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 25 Aug 94 20:52:31 PDT Subject: Alt.Cryptids.Plonk.Plonk.Plonk. Message-ID: <9408260353.AA13096@netmail2.microsoft.com> I was just counting them, and realized: If you knew that you were in someone's kill file, and that only those who were also members of that illustrious group were the kind who would reply in reference to those who had put them there, those banished ones could talk about their censors in front of everybody and the censors ones would never know, although everybody else would. Secret expressions unconcealed. Blanc [cryptid: from cryptozoology - creatures whose existence has not been substantiated.] From koontzd at lrcs.loral.com Thu Aug 25 20:55:53 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Thu, 25 Aug 94 20:55:53 PDT Subject: You can hide from the Chip, but not from the Man. Message-ID: <9408260355.AA06500@io.lrcs.loral.com> After reviewing the NIST rebuttal to Matt Blaze's Paper, 'Protocol Failure in the Escrowed Encryption Standard', referring to how the Unit ID (UID) was expanded from 24 bits to 32 bits, I e-mailed the following question to Dorthy Denning, informing her that I wanted to share the answer. The question arises, does the unit ID indeed contain a field registered to the equipment manufacturer? Professor Denning replied: "Yes, the UID contains bits that identify the manufacturer." (I didn't think to ask how many) The implication is that a counterfeit LEAF is detectible. As per FIPS Pub 185, The Escrowed Encryption Standard, a transmission or stream of data is preceded by the Cryptographic Protocol Field (CPF) which is registered to a particular application (Clipper phone - AT&T, for example). The CPF is used to determine where to find the LEAF, the LEAF Creation Method (LCM) and the Family Key (KF). Thus the CPF also identifies the manufacturer, or group of manufacturers for a theoretically second sourced product, by identifying the data protocols of the encrypted data (RCELP in the case of AT&T). A Bogus LEAF tested against the Escrow Authenticator (EA) must still match the manufacturer information found in the Unit ID. I would expect that there is between 10 and 12 bits of the UID specifying manufacturer. The bad news is that to escape detection by the Law Enforcement/National Security monitoring activity, you need to produce a LEAF that not only produces an acceptable Escrow Authenticator used by the recipient EES chip, but also produces a UID falling with some number of bits that matches LE expectations as a result of examing the CPF. The problem is that without knowledge of the Family Key and the LEAF creation method, there is no possiblity of checking for a match in the UID's manufacturers identifier. From dichro at tartarus.uwa.edu.au Thu Aug 25 20:59:58 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Thu, 25 Aug 94 20:59:58 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408251708.AA04970@vail.tivoli.com> Message-ID: <199408260358.LAA02907@lethe.uwa.edu.au> > I don't know much about modern munitions, but I do know that armor > piercing rounds may have no charge in them at all. Generally, when a > round pierces one side of a vehicle, it loses enough energy and is > suitably deformed to prevent exit from the opposite wall. It does, > however, bounce around quite a bit, which can be plenty of fun in a > tank loaded with equipment, munitions, and soldiers. I was under the impression that the most common techniquoe for creating armour-piercing munitions was to use shaped-charges. While depleted uranium has it's uses (being, as someone said, rather dense), mass alone will not get through everything. A shaped charge will get through more things more violently :) -- * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "I'm just another sniper on the information super-highway." PGP Public key available by finger * #include From dichro at tartarus.uwa.edu.au Thu Aug 25 21:13:06 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Thu, 25 Aug 94 21:13:06 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408251856.NAA03099@zoom.bga.com> Message-ID: <199408260408.MAA03171@lethe.uwa.edu.au> > I have seen the exact same chain-gun mounted on F-16's and A-10's here at > Bergstron AFB in Austin at at least two different air shows. I am going on > this alone. I do not know if this was ever an active use of the gun. > Are we thinking of the same A-10? Tank-killer? The one that houses a multi-barrel gun the size of a small car, and fires shells which could pass for milk bottles in a dark room? I've seen an F-16, and i don't think it could carry the chain gun off an A-10 - or have i missed the point somewhere? -- * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "I'm just another sniper on the information super-highway." PGP Public key available by finger * #include From karn at unix.ka9q.ampr.org Thu Aug 25 21:18:04 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Thu, 25 Aug 94 21:18:04 PDT Subject: DSPs In-Reply-To: <9408241340.AA03320@snark.imsi.com> Message-ID: <199408260422.VAA16628@unix.ka9q.ampr.org> I'm not really an expert on DSPs, but it does seem like they should be good for modular exponentiation given the number of multiplies required. But I don't think I'm the first to point that out. I think I already said that it looks like fast multiply performance is going to be crucial for secure communications. Modular exponentiation for public key algorithms, modulo-65537 multiplies in IDEA, and the many DSP multiplies in CELP speech coding, just to name three. I recently heard of a FED-STD-1016 CELP implementation that runs in better than real time on the PowerPC. It runs in much worse than real time on just about everything else. The PowerPC's multiply performance is clearly the reason. Phil From merriman at metronet.com Thu Aug 25 22:01:06 1994 From: merriman at metronet.com (David K. Merriman) Date: Thu, 25 Aug 94 22:01:06 PDT Subject: Nuclear Weapons Material Message-ID: >> I don't know much about modern munitions, but I do know that armor >> piercing rounds may have no charge in them at all. Generally, when a >> round pierces one side of a vehicle, it loses enough energy and is >> suitably deformed to prevent exit from the opposite wall. It does, >> however, bounce around quite a bit, which can be plenty of fun in a >> tank loaded with equipment, munitions, and soldiers. > > I was under the impression that the most common techniquoe for >creating armour-piercing munitions was to use shaped-charges. While >depleted uranium has it's uses (being, as someone said, rather dense), >mass alone will not get through everything. A shaped charge will get >through more things more violently :) > And in the process, vaporize a signifcant amount of metal - effectively depositing a few microns (at minimum) of metal plating on everything inside the AFV (including passenger's lungs, skin, etc). My first choice would be not to be present for *either* event; far distant second choice would be taking my chances with riccochets. Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From merriman at metronet.com Thu Aug 25 22:12:53 1994 From: merriman at metronet.com (David K. Merriman) Date: Thu, 25 Aug 94 22:12:53 PDT Subject: Nuclear Weapons Material Message-ID: >> I have seen the exact same chain-gun mounted on F-16's and A-10's here at >> Bergstron AFB in Austin at at least two different air shows. I am going on >> this alone. I do not know if this was ever an active use of the gun. >> > > Are we thinking of the same A-10? Tank-killer? The one that >houses a multi-barrel gun the size of a small car, and fires shells >which could pass for milk bottles in a dark room? I've seen an F-16, and >i don't think it could carry the chain gun off an A-10 - or have i >missed the point somewhere? > I worked a few months in the GE plant where they make these wonderful little toys ("GE - We Bring Good Things To Life" - hah!). The A-10 does indeed use the 30mm cannon, while the fighter aircraft use 20mm. Externally, the guns look *very* similar - you've got to get close enough to count the barrels (which is too damn close, if it _really_ matters :-) to be sure: 20mm uses 6 barrels, 30mm uses 4 (at least, at the time I was there - mid-80's). Either shoots 4,000 rounds/minute. Then you've got everyone's favorite, the 40mm, firing 3,000 rounds/minute through 3 barrels. If you had to compare a 40mm and a milk bottle in a dark room, the milk bottle is probably the small one :-) Not something I'd want to be on the receiving end of, in any case. Of course, we all realize that the size of the ammo refers to the projectile, not the casing, which is typically about half again the projectile diameter, for 'cased' ammo. I got to watch them light off all their little toys, with different types of rounds in them, while there - even after watching Navy guns fire, I was impressed. Dave (ex swab-jockey) Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From ltw at netcom.com Thu Aug 25 23:39:32 1994 From: ltw at netcom.com (Lawrence Weinman) Date: Thu, 25 Aug 94 23:39:32 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408251809.LAA08365@sleepy.retix.com> Message-ID: > > > Mike Duvos writes: > > > > The idea is that the > > > > uranium penetrates the armor and the charge then explodes once > > > > the round is inside. > > > > I don't know much about modern munitions, but I do know that armor > > > piercing rounds may have no charge in them at all. > > None of the forms of modern shells described in this book involve the > > use of depleted uranium in shell casings. > The U after is goes through the armor is pyrophoric, and there is quite a fireball as a result - lots of hot burning particles flying around. quite spectacular from the downstream side (I've seen it - the back side of a target plate) L From tcmay at localhost.netcom.com Thu Aug 25 23:41:54 1994 From: tcmay at localhost.netcom.com (Timothy C. May) Date: Thu, 25 Aug 94 23:41:54 PDT Subject: Cash, cheaters, and anonymity Message-ID: <199408260641.XAA11326@netcom15.netcom.com> Here's a long response. But it's my only post of today, as the list was going on and on about atom bombs, uranium sabots, and alpha particles, and with debate about why some of us are ignoring these posts and the posts of ranters and baiters. This topic is more in line with my reasons for being on this list. Sorry for the length. Hal Finney writes: >One question is the ease of theft in a digital cash environment, and >the consequences of claiming that secrets have been stolen. This >problem was recognized very early on in discussions of digital >signatures. The whole point of a signature is so that someone can be >held to a commitment. But an easy "out" would be to "accidentally on >purpose" let the secret keys be stolen, then to claim that the >signature was actually forged. Contrariwise, a business might >be vicitimized by actually having its secrets stolen and a forged >signature created that committed it to an unfavorable action. Hal is right the problem of *repudiation* or *disavowal* was recognized early on. Alice is confronted with a digital signature, or whatever. She says; "But I didn't sign that" or "Oh, that's my old key--it's obsolete" or "My sysadmin must have snooped through my files," or "I guess those key escrow guys are at it again." APPROACHES TO REPUDIATION **The purist approach: you *are* your key. If another biological unit obtains your key, he or she is effectively you. Guard your key carefully. **The modern American "excuse" approach: Hey, if you want to disavow a contract, like, just claim your key was stolen or, like, you lost it. I understand the reasoning behind adopting a more intermediate stance, but I think that only the purist stance will hold water in the long run.(A hint of this: untraceable cash means, for most transactions of interest with digital cash, that once the crypto stuff has been handled, whether the sig was stolen or not is moot, because the money is gone...no court can rule that the sig was invalid and then retrieve the cash!) [It is true that Chaum went to great lengths to develop system which preserve anonymity for single-spending instances, but which break anonymity and thus reveal identity for double-spending instances. I'm not sure what market forces caused him to think about this as being so important, but it creates many headaches. Besides being clumsy, it require physical ID, it invokes a legal system to try to collect from "double spenders," and it admits the extremely serious breach of privacy by enabling stings. For example, Alice pays Bob a unit of money, then quickly Alice spends that money before Bob can...Bob is then revealed as a "double spender," and his identity revealed to whomver wanted it...Alice, IRS, Gestapo, etc. A very broken idea. Acceptable mainly for small transactions. More on this later.] NEGOTIATED PROTOCOLS TO REDUCE RISKS However, just as most folks make arrangements with their bank/ATM machines (semantic meaning #2 of "ATM") to limit cash withdrawals to, say, $200 a day (it varies), so too can digital cash arrangements make similar contractual deals to limit losses. Some possible plans: * Plan A: The protocol insists on retinal scan or other biometric authentication between the "smartcard" used as the cryptographic keying device and the putative owner. The "Thunderball" plan. (issues: preserving anonymity with biometric authentication, spoofing of the channel between card and physical apparatus, theft of smartcard, etc.) * Plan B: The protocol only allows, say, $1000 per transaction. And no more than 3 transactions per day. Each transaction that is cleared sends a demon message to the account owner through a separate communications channel. (This sounds complex...the idea is to provide a signal that an account is being accessed, allowing the account owner to put a hold on the account. Even if he can't stop the transactions underway, or recently completed, because of the lags that may exist in this feedback, he can limit losses. Kind of a mix between off-line and on-line transactions....such mixes are to be expected, with the choice up to parties, depending on costs, risks, speed of communications, etc.) * Plan C: Use off-line cash only for "small" transactions, such as those now handled with physical coins and small bills. Use on-line clearing for larger amounts, with various forms of biometric security. This echoes how things are done today: off-line cash is what you can carry, in bill, coin specie, etc. Larger amounts (hundreds of dollars and up) is almost always handled on-line, via either credit cards (on-line clearing, albeit not anonymous/untraceable) or checks, cashier's checks, etc. (Coins and cash bills are really "on-line clearing" though, in that their existential properties make them acceptable immediately; they are not replicable, at least not easily, and hence can be conserved in transations. All the usual stuff about the nature of cash money.) Which will be used? (and there are many variants...) As usual, markets will allow choice. Many people will choose to limit exposure with Plan B-type transactions. Others will contract with insurance agents who cover risks by insisting on their own protocols for added security. (I don't mean conventional insurance agents, naturally.) MISCELLANEOUS STUFF >On the other hand, I would hope that people actually can learn to use >care in safeguarding their secrets. The pass words and PINs we use >today may be complemented by physical checks for voice patterns, thumb >prints, perhaps (ironically) handwriting. Another approach would be Most smartcards in use today support some form of local PIN entering, some way to provide a truly memorizable extra piece of identiy. Other biometric measures remain a hot area of research. Stroke recognition, thumbprints, etc. In about 5 years, when I think digital cash will be ready for prime time (pun intended), these additional mechanisms should be deployable, for a price. (Market-driven again: those who want to pay less in insurance will take better steps. Companies may adopt standards. Banks may enforce them.) ... >suggestions (one here a couple of days ago) to use various kinds of >information exchange between the authenticating device and the human >user in order to prove authorization in such a way that even a thief >who has snooped on past exchanges will not be able to use the device. >This approach is sometimes called the use of "pass algorithms". "Zero knowledge interactive proof systems" have been used for password systems; no amount of past snooping or eavesdropping helps. (Of course, the user still has to have physical security over his local computer, or PDA, dongle, or secret decoder ring.) This seems like a readily-solvable problem (and one we already accept with existing ATM machines). THE INCREDIBLE IMPORTANCE AND ELEGANCE OF ON-LINE CLEARING ... >Applying this to the double-spending case, I suspect that Bob Hettinga >is more on the right track in seeing the solution in the legal system >rather than a simple "shucks, you caught me" forfeiting of a bond >worth triple damages. There really should be no excuse for double *On-line clearing* for larger amounts is, in my opinion, the Right Thing. Networks are getting deployed widely and are speedy. ATM, SONET, ISDN, and all the rest. I want to elaborate on this, even though I think most of Hal's points are made with off-line clearing in mind. I want to make the case for why on-line clearing is the One True Digital Cash. Conceptually, the guiding principle idea is simple: he who gets to the train locker where the cash is stored *first* gets the cash. There can never be "double spending," only people who get to the locker and find no cash inside. Chaumian blinding allows the "train locker" (e.g., Credit Suisse) to give the money to the entity making the claim without knowing how the number correlates to previous numbers they "sold" to other entities. Anonymity is preserved, absolutely. (Ignoring for this discussion issues of cameras watching the cash pickup, if it ever actually gets picked up.) Once the "handshaking" of on-line clearing is accepted, based on the "first to the money gets it" principle, then networks of such clearinghouses can thrive, as each is confident about clearing. (There are some important things needed to provide what I'll dub "closure" to the circuit. People need to ping the system, depositing and withdrawing, to establish both confidence and cover. A lot like remailer networks. In fact, very much like them.) In on-line clearing, only a number is needed to make a transfer. Conceptually, that is. Just a number. It is up to the holder of the number to protect it carefully, which is as it should be (for reasons of locality, for self-responsibility, and because any other option introduces repudiation, disavowall, and the "Twinkies made me do it" sorts of nonsense). Once the number is transferred and reblinded, the old number no longer has a claim on the money stored at Credit Suisse, for example. That money is now out of the train locker and into a new one. (People always ask, "But where is the money, really?" I see digital cash as *claims* on accounts in existing money-holding places, typically banks. There are all kinds of "claims"--Eric Hughes has regaled us with tales of his explorations of the world of commericial paper. My use of the term "claim" here is of the "You present the right number, you get access" kind. Like the combination to a safe. The train locker idea makes this clearer, and gets around the confusion about "digimarks" of "e$" actually _being_ any kind of money it and of itself.) Off-line systems may be useful for paying for movies, toll roads, etc., but there the protocols can be set up to limit exposure to fraud. (Ontological constraints, such as number of movie theater attendees, etc., will limit the losses. Scams will likely still exist, but the problem seems manageable with some work.) And as networks get much faster, expect even off-line cash to fade. Depends on costs, insurance rates, benefits, and of course on regulations. >spending, even of a penny, and the penalties could be made strong >enough to deter most people. If a bank does not think they will be >able to find and prosecute a person who is withdrawing off-line >digital cash, they will probably not give any to him. Then if the The "first to the locker" approach causes the bank not to particularly care about this, just as a Swiss bank will allow access to a numbered account (or used to...please let's not have a dozen posts arguing about this, as is so often the case on this list!) by presentation of the number, and perhaps a key. Identity proof *may* be needed, depending on the "protocol" they and the customer established, but it need not be. And the last thing the bank is worried about is being able to "find and prosecute" anyone, as there is no way they can be liable for a double spending incident. The beauties of local clearing! (Which is what gold coins do, and paper money if we really think we can pass it on to others.) IS PROOF OF PHYSICAL IDENTITY NEEDED? ... >money is double-spent, the person who withdrew it would be prima facie >responsible, with a reasonable presumption that they did it unless >there is significant evidence otherwise. I don't know that this is >how it will work out but it is one possibility (unless the uncertainty >just scares everybody away - but I think the digital signature >experience will get people used to the concepts and problems). I recall some analyses of these situations a while back. I looked in my "Crypto" Proceedings but didn't find it. The danger of making the "person who withdrew it" a culprit if the money has already been "spent" is clear: he is just as likely to be an innocent victim of a setup as the guilty party. With off-line clearing, and not the "handshaked" beauty of immediate clearing, one has to rely on "trust"--tough with an anonymous person. On-line clearing has the possible danger implicit in all trades that Alice will hand over the money, Bob will verify that it has cleared into his account (in older terms, Bob would await word that his Swiss bank account has just been credited), and then Bob will fail to complete his end of the bargain. If the transaction is truly anonymous, over computer lines, then of course Bob just hangs up his modem and the connection is broken. This situation is as old as time, and has always involved protcols in which trust, repeat business, etc., are factors. Or escrow agents. REAL ESCROW AND TRUE NYMS Long before the "key escrow" of Clipper, true escrow was planned. Escrow as in escrow agents. Or bonding agents. Alice and Bob want to conduct a transaction. Neither trusts the other; indeed, they are unknown to each other. In steps "Esther's Escrow Service." She is _also utraceable_, but has established a digitally-signed presence and a good reputation for fairness. Her business is in being an escrow agent, like a bonding agency, not in "burning" either party. (The math of this is interesting: as long as the profits to be gained from any small set of transactions is less than her "reputation capital," it is in her interest to forego the profits from burning and be honest. It is also possible to arrange that Esther cannot profit from burning either Alice or Bob or both of them, e.g., by suitably encrypting the escrowed stuff.) Alice can put her part of the transaction into escrow with Esther, Bob can do the same, and then Esther can release the items to the parties when conditions are met, when both parties agree, when adjudication of some sort occurs, etc. (There a dozen issues here, of course, about how disputes are settled, about how parties satisfy themselves that Esther has the items she says she has, etc.) UNTRACEABLE MARKETS FOR ASSASSINATIONS To make this brutally concrete, here's how escrow makes murder contracts much safer than they are today to negotiate. Instead of one party being caught in an FBI sting, as is so often the case when amateurs try to arrange hits, they can use an escrow service to insulate themselves from: 1. From being traced, because the exchanges are handled via pseudonyms 2. From the killer taking the money and then not performing the hit, because the escrow agent holds the money until the murder is verified (according to some prototocol, such a newspaper report...again, an area for more work, thankfully). 3. From being arrested when the money is picked up, as this is all done via digital cash. There are some ways to reduce the popularity of this Murder, Incorporated system. (Things I've been thinking about for about 6 years, and which we discussed on the list and on the Extropians list. I'll save this for another time.) My point here is to show how on-line clearing works in conjunction with an escrow agent function.(Esther clears the cash, and can issue new cash to Bob, who "trusts" her that if he does the job, the cash will clear, as she's the escrow agent he's dealt with many times before.) THE DANGER OF EVER USING PHYSICAL IDENITY VERIFICATION >The other point I wanted to discuss was this issue of the bank >authenticating the people who receive the cash. This does raise the >spectre of a big brother system where there is some way to identify >people with 100% certainty. Obviously this could be abused. Danger! Danger! Danger! Any such system, that relies on physical IDs is substantially less private that banks today in many countries, and is not at all what I would call "digital cash." On-line clearing makes this unnecessary. >Without the authentication, you're not going to have off-line cash, >IMO. You will be stuck with on-line systems in which everyone has to >verify everything before accepting it. This means you pay a cost in >communications overhead and possibly other foregone opportunities. Agreed. But acceptable with a two-tiered system: - off-line cash for small transactions, with smartcards, "observer" protocols, and with built-in limits - on-line , immediately-cleared cash for larger transactions, also with various agreed-upon limits or requirements RISKS Is there a danger that people will lose the numbers that they need to redeem money? That someone could steal the number and thus steal their money? Sure. There's the danger that I'll lose my bearer bonds, or forget my Swiss bank account number, or lose my treasure map to where I buried my money (as Alan Turing supposedly did in WW II). People can take steps to limit risk. More secure computers. Dongles worn around their necks. Protocols that involve biometric authentication to their local computer or key storage PDA, etc. Limits on withdrawals per day, etc. People can store key numbers with people they trust, perhaps encrypted with other keys, can leave them with their lawyers, etc. All sorts of arrangements can be made. Where I'm not sure I agree with what Hal is saying is that _personal identification_ is but one of these arrangements. Often used, but not essential to the underlyng protocol. Again, the Swiss banks (maybe now the Liechtenstein anstalts are a better example) don't require physical ID for all accounts. (More generally, if Charles wants to create a bank in which deposits are made and then given out to the first person who sings the right tune, why should we care? This extreme example is useful in pointing out that _contractual arrangements_ need not involve governmental or societal norms about what constitutes proof of identity.) PAPIEREN, BITTE Hal goes on to talk about blinded credentials. A very important idea in our permission slip-happy society, and an idea that is not getting nearly enough attention. (Chaum's seminal "Transaction Systems to Make Big Brother Obsolete," from Oct or Nov of 1985, in "Communications of the ACM," remains required reading here.) But I also take a more radical view. Ask yourself why credentials are _ever_ needed. Maybe for driving a car, and the like, but in those cases anonymity is not needed, as the person is in the car, etc. Credentials for drinking age? Why? Let the parents enforce this, as the argument goes about watching sex and violence on t.v. (If one accepts the logic of requiring bars to enforce children's behavior, then one is on a slippery slope toward requiring television set makers to check smartcards of viewers, or of requiring a license to access the Internet, etc.) In almost no cases do I see the need to carry "papers" with me. Maybe a driver's license, like I said. In other areas, why? This gets to a core issue: the incredible benefits of locally clearing a transaction. Caveat emptor, buyer beware, etc. Cash on the barrelhead. In transactions where "future performance" is needed, as in a contract to have a house built, or to do some similar job, then of course the idea of on-line or immediate clearing is bogus...like paying a stranger a sum of money on his promise that he'll be back the next day to start building you a house. Parties to such long-term, non-locally-cleared cases may contract with an escrow agent, as I described above. This is like the "privately-produced law" we've discussed so many times. The essence: voluntary arrangements. Maybe proofs of identity will be needed, or asked for, maybe not. But these are not the essence of the deal. An interesting area. I apologize if this essay, while long, is not quite long enough to capture the ideas I wanted to express. To me, these are core ideas. Maybe not as core to those of you who favor talking about depleted uranium sabots (but what about Chobham armor and explosive armor?) or about "PGP rulz, d00d!," but core isseus to me. Your smileage may vary. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tomj at wps.com Thu Aug 25 23:52:53 1994 From: tomj at wps.com (Tom Jennings) Date: Thu, 25 Aug 94 23:52:53 PDT Subject: Program to circumvent the Sep 1 Legal Kludge part 1/5 In-Reply-To: <199408240409.AA00377@xtropia> Message-ID: On Tue, 23 Aug 1994 0x7CF5048D at nowhere wrote: > This is a 5 part binary=noklg.zip > Please make publicly available. put on BBS's, public ftp sites. > part 1/5. Can you please stop mailing me these unidentifyable, undecodable files from a person I cannot identify, nor detect the reason for the anonymity? Maybe if there was an explanation as to why I should bother to play with all this, I would understand. As my telepathy seems to not be working right now, you'll have to write it in plain english (lame monolanguage american). Thanks. PS: You misspelled 'cypherpunks' in the Reply-to field, which is where this seems to be going, and I'm sure my reply to the list will annoy everyone. Take it out on the anonymous bulk-mailer person. Tom Jennings -- tomj at wps.com -- World Power Systems -- San Francisco, Calif. From jkbacon at pacifier.com Thu Aug 25 23:54:57 1994 From: jkbacon at pacifier.com (Kirk Bacon) Date: Thu, 25 Aug 94 23:54:57 PDT Subject: Nuclear Weapons Material Message-ID: > I was under the impression that the most common techniquoe for >creating armour-piercing munitions was to use shaped-charges. While >depleted uranium has it's uses (being, as someone said, rather dense), >mass alone will not get through everything. A shaped charge will get >through more things more violently :) > Depleted uranium is used in armor piercing rounds for three reasons: 1. High density 2. High hardness - not quite that of tungsten, but its up there. 3. Upon impact it ignites (like magnesium) and burns. The burning uranium melts steel and also produces uranium oxide in the process. If this isn't "violent" enough, try fission. Kirk From karn at unix.ka9q.ampr.org Fri Aug 26 00:03:49 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Fri, 26 Aug 94 00:03:49 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408241706.AA03674@snark.imsi.com> Message-ID: <199408260643.XAA16713@unix.ka9q.ampr.org> >We aren't discussing fission bombs. Please reread. Sigh. At the risk of furthering a way-off-topic discussion, I should elaborate on what I said earlier. My understanding is that the tritium produced for nuclear weapons is used only to "boost" the *fission* reactions in the "primary" that is in turn used to trigger the main fusion reaction in the "secondary". Although the main fusion reaction in a thermonuclear device *is* between tritium and deuterium, the much larger quantities of tritium needed for this stage are produced during the actual detonation by neutron irradiation of lithium-6. That's why lithium-6 deuteride is used as the fusion fuel. Once again, these materials are distinct from the small amounts of gaseous tritium and deuterium used in the fission boosting stage. To summarize the steps (page 22, "US Nuclear Weapons" by Hansen): 1. High explosives detonate and compress the fission fuel in the primary. 2. At the right moment, neutrons are injected from an external generator to start the chain reaction. 3. Small amounts of gaseous tritium and deuterium are injected into the exploding fission core to boost the fission reaction, resulting in much more rapid and complete fission. 4. X-rays from the exploding primary, traveling at the speed of light, are focused onto a physically separated "secondary", the fusion fuel assembly, rapidly compressing and heating it by radiation pressure. Physical separation is essential to give the secondary time to react before the exploding primary physically blows it apart. *This* is the "breakthrough" that Ulam came up with that made the H-bomb practical; before then, Teller had wanted to simply pile deuterium closely around an A-bomb, which clearly wouldn't work. 5. At the center of the rapidly imploding *secondary* is a "sparkplug" of fissionable material. Neutrons from the primary cause this material to fission, producing even more neutrons that breed large amounts of tritium from the lithium-6 in the fusion fuel. 6. The newly produced tritium fuses with the deuterium in the main fusion reaction. 7. Fast neutrons from the fusion reaction may then fission a jacket of U-238 (yes, U-238) surrounding the secondary, producing an even greater yield using material that would otherwise be useless. 8. Additional fusion stages may then react (if present). As you can see, the fission and fusion reactions in a modern thermonuclear weapon are very closely interwined. Just to bring this back somewhat to cryptography, an interesting topic for speculation is the operation of the "permissive action links" (PALs) that control these weapons. The complexity of the procedure suggests that the precise timing of many events is crucial if a high-yield nuclear explosion is to result. This is particularly true for the timing of the many HE detonators, the neutron generator and the fusion boost injector. Perhaps these parameters are stored in encrypted form in the weapon and can be decrypted for use only with the proper externally-provided key? Considering that a brute force key search would consume one weapon per trial key, perhaps this technique isn't too bad against dictionary attacks? :-) Phil From karn at unix.ka9q.ampr.org Fri Aug 26 00:05:05 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Fri, 26 Aug 94 00:05:05 PDT Subject: Fast modular exponentiation In-Reply-To: <199408241507.IAA15669@jobe.shell.portal.com> Message-ID: <199408260554.WAA16670@unix.ka9q.ampr.org> An interesting discussion. Thanks. How about a basic tutorial on these various modexp algorithms, with particular attention to how many of each arithmetic operation (add/subtract/multiply/divide) are needed as a function of the modexp input parameter sizes? I don't really understand all the details yet, especially how they relate to which algorithm is best for a given machine. I.e., if I come up with a list of clock counts for each basic arithmetic instruction, how can I tell which algorithm is probably best for my machine? Phil From tcmay at netcom.com Fri Aug 26 00:26:33 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 26 Aug 94 00:26:33 PDT Subject: Fast modular exponentiation In-Reply-To: <199408260554.WAA16670@unix.ka9q.ampr.org> Message-ID: <199408260726.AAA17588@netcom2.netcom.com> > An interesting discussion. Thanks. > > How about a basic tutorial on these various modexp algorithms, with > particular attention to how many of each arithmetic operation I want to tie this in to that other hot Cypherpunks topic: Pretty Good Nukes. Even though the topic is nearly depleted, and the sabots have jammed the list machine pretty thoroughly, how much faster would a fast modular exponentiation go if the inner loops were encased in a layer of deleted unobtainium? --Klaus! von Future Prime From remailer-admin at chaos.bsu.edu Fri Aug 26 02:38:14 1994 From: remailer-admin at chaos.bsu.edu (Anonymous) Date: Fri, 26 Aug 94 02:38:14 PDT Subject: No Subject Message-ID: <199408260931.EAA17205@chaos.bsu.edu> I thank Hal Finney for his thoughtful reply, and Tim May for his excellent essay. It looks like we can start to draw a stronger conclusion: there are serious holes in the assumptions made by offline digital cash protocols when applied to computer networks rather than manually operated smart cards. Hal's comparison of coin theft to digital signature protection and repudiation is apt, but usually Irving only has one or a few keys to protect, while he might have thousands of coins, issued by various banks. I doubt digital signatures will ever be used alone much for signing expensive contracts. A digital signature on an expensive contract, in addition to being repudiable, will be suspicious, since if few people accept such signatures as strongly binding (the initial state), they will not be widely used on expensive contracts, and thus their existance on an expensive contract will be suspicous. I predict it will become common practice, or even law, that digitally signed contracts over a certain amount are automatically invalid unless further precuations have been taken (signatures of notary witnesses, or perhaps some better crypto protocol designed for this purpose). The trouble with offline cash in a network environment is that the upper limit for fraud liability can be incredibly high. If there are hundreds of thousands of vendors on the net, a situation CommerceNet predicts before the end of the decade, and they are using this offline protocol, then even with small transactions the fraud could run into the millions of dollars. There's plenty of incentive for Irving to steal Jane's coins, run off to some place on the net that has no extradition treaty, and pump good change out of the vendors and into his Lichtenstein account to his heart's content. We may yet find protocols to mitigate or limit this kind of fraud -- make change traceable if linked to double spending, do random online checks as a cypherpunks poster suggested last year, or similar precautions layered on top of the basic protocol. But so far these problems haven't been put on the front burner of digital cash design, and already we have people out there selling offline cash on the network as a superior solution! Reliance on law enforcement flies in the face of cypherpunk goals, and indeed against the goals of good cops as well -- one of their most vocal complaints is about people setting up systems that are vulnerable to crime, putting them in unecessary danger. It also goes against political reality to think that a startup operation can lobby governments all across the globe to protect a system that is ideal for money laundering and tax evasion. Ain't gonna happen -- they'll let those "dirty money banks and money laundering net sites" rot; they may even give Irving a helping hand. I disagree that "there is no excuse" for double spending. If the software is implemented badly (no fault of the user), it might get mixed up with systems programs in such a way as to cause double spending. For example, if the system crashes and one must recover from a month old backup, one has to go through that old purse and determine which coins have been spent. If the software and/or user makes a mistake in this process, we get double spending. If a network burps and sends a vendor two coins where there should have been one, we get double spending. The possibilities for accident are legion and cannot all be foreseen. "Shit happens". A protocol that treats common accident the same as criminal fraud, when the stakes are so high, is pathological. In the online system the consequences of double spending (or million spending) are far more benign. At worst one customer is out stolen coins. In a networked offline system those same few coins are a potential loss for every vendor on the net. As Tim May noted, we may not even need to recongize fraud in online cash -- just treat all online double spending as accident. No bonding, secured accounts, investigators, ID badges or cops with guns busting down Janes's door after Iriving has million-spent her coins. Here we both have a simple liability system and much less chance of fraud. Tim May also suggested that most offline protocols are intended for manually used smart cards. This makes sense -- unlike an network environment with automated spending agents, the scope of multi spending for manually used pruchases in small amounts is quite limited. On the network even fraud of a few cents per transaction can quickly add up to big $$$ across thousands of vendors. What are the communications costs of online clearing, anyway? Don't credit card clearings cost about two cents per transaction these days? If clearing costs are less than plausible offline cash fraud and fraud prevention costs, online cash is a winner, both now and increasingly in the future as bandwidth becomes even cheaper. sincerely, -- An Unauthenticated Agent with no credentials: WYSIWYG From jkreznar at ininx.com Fri Aug 26 03:44:24 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Fri, 26 Aug 94 03:44:24 PDT Subject: Alt.Cryptids.Plonk.Plonk.Plonk. In-Reply-To: <9408260353.AA13096@netmail2.microsoft.com> Message-ID: <9408261043.AA04947@ininx> -----BEGIN PGP SIGNED MESSAGE----- Blanc writes: > If you knew that you were in someone's kill file, and that only those > who were also members of that illustrious group were the kind who would > reply in reference to those who had put them there, those banished ones > could talk about their censors in front of everybody and the censors > ones would never know, although everybody else would. Secret > expressions unconcealed. It certainly diminishes prospects for reconciliation or even expression of regret. One or both parties may acknowledge using language that failed to convey intended meaning, but if the other isn't listening, it doesn't do much good. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLl3GkcDhz44ugybJAQFPHgP/VVq+D6Io0QaQYniiiDxVoYz+leINa3TD MVzzLuBC5ylUAWH0Gwr1PwUKbVN/ZLdPVhdSnt07vMZ+1N21AnUwSuwz4nqAF8sD Og2XZuuM7yaOpIXZuNCh5xkokgcC4pN1KMJw4h29u/M1nuj9QAB7aNw9e5bvBl4I P3KpMmmMWOE= =CZoh -----END PGP SIGNATURE----- From jdd at aiki.demon.co.uk Fri Aug 26 04:06:31 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 26 Aug 94 04:06:31 PDT Subject: U & Pu is good for U Message-ID: <8042@aiki.demon.co.uk> In message <199408252138.OAA15395 at well.sf.ca.us> Brad Dolan writes: > >On the other hand I say that such studies are poor criteria for > >judging the effects of radiation intended to do the maximum possible > >harm. > > Well, these studies are about all we have to go on right now. The > wartime residents of Hiroshima and Nagasaki do provide a large set of > folks exposed to "radiation intended to do the maximum possible harm" > but, darn it, none of them were wearing dosimeters. People do study > these groups, making educated guesses about doses, but it's hard to > draw precise conclusions on that basis. There is a Sufi parable about a guy who loses something on a dark street. His friend finds him searching the ground carefully at the corner under a street light. He asks him what he is doing, and he explains that he dropped something. "Where?" "Down the street." "Then why are you looking here?" "Because there is a light down here." -- Jim Dixon From solman at MIT.EDU Fri Aug 26 04:41:58 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Fri, 26 Aug 94 04:41:58 PDT Subject: Is pay-per authentication possible absent trust? In-Reply-To: <199408252046.NAA11580@jobe.shell.portal.com> Message-ID: <9408261141.AA13815@ua.MIT.EDU> > Jason W Solinsky writes, quoting me: > >First, just let me note that there are a thousand ways to structure it. > >In my example, Microsquish gets to hold a challenge whenever they want > >to. If everybody is being honest Microsquish will lose eight nano-slinkys > >each time they challenge so they won't do it frequently. If everybody > >is not being honest, Microsquish will collect substantial damages. > > One thing I'd add is that Charles still makes money whenever there is a > challenge. If there were no challenges then there would be nothing to > keep people honest. So it's not a matter of eliminating pay per use of > certifications, it's just a matter of the frequency with which they are > used vs other kinds. True, but we desire something that scales linearly with use. > Also, as the challenges become less frequent, Charles can actually raise > his rates and still let everyone else make money. He can even charge > more than the 10 that Micro is paying for challenges, which he could > probably not have done in the non-probabilistic (pre-Ingve) system. It > sounds like Micro is paying the challenge fees (in at least one version) > and if the penalties against cheaters are great enough it won't challenge > very frequently, in which case a larger fee by Charles can be absorbed. So you are pointing out that Charles has the ability to move the system towards a one-time fee system. This is true, but the logic in the above paragraph is tainted by the fact that the insurance company can shift the payouts so that the frequency of challenges becomes arbitraily small. Charles becomes unable to properly charge some customers without overcharging others. > >Now that I think about it, its possible that I'm in error approaching this > >problem from a cryptographic standpoint. Maybe the correct course of action > >is to establish a cybergovernment which prohibits "Ingve the insurance > >salesman" attacks and then set up the fine structure such that the > >conspirators will have an enormous incentive to turn each other in. > > These tend to be non-local solutions, with a lot of overhead and extra > mechanisms. Maybe you can make it work with your "government" but I'm > afraid you may come to lean on it as the solution to all of your > problems. Why bother with cryptography for anything; just have a > "government" where everybody has posted a ruinous bond which they forfeit > if they break a "law", then legislate communications privacy, non- > duplication of electronic cash, bit commitments, etc., with heavy > incentives for people to report cheaters? I agree, I only suggested it because it doesn't look likr cryptography can help me out here. > Again, though, people could just swear they've seen a Charles certificate > and these witnesses will undercut Charles. > > As I said, I think there will still be a place for per-use > certifications, but the market will decide how much they are used vs > other kinds. I don't think you should worry so much about trying to fine > tune the system so this one technology wins. There are a lot of > possibilities that people may come up with. Maybe I'm looking at it wrong. The challenge is to pay the certifier based on the value he provides. Perhaps in situations like these YOU are providing the per use value and the service of the certification agency is of the one-time nature. Suppose you have created a piece of software which is compatible with system X. You need somebody to certify that compatibility. Each time you sell a copy of that software you receive a certain amount extra because its compatibility has been certified, but I could argue that the extra value is due to the carefulness of the programer and that the value created by the certifier really is one time. But what about systems in which selling signatures on a one time basis is truly critical to operation. Consider the example of a user who is going to buy a car. This characteristic is worth a lot of money to companies who sell cars, but they need a way to verify it. I have envisioned (and even written some code for) agents that would come along and offer gift certificates good for any car in class X. The gift certificates would sell below face value. The agent who sells these certificates can then use the information that it has sold you the certificate to attract advertisers at a high price. You save the amount by which the gift certificate was discounted, the agent keeps any money made beyond the discount, and the advertisers get the attention of a hot prospect. But how could this system work if pay-per use authentication is not possible? [now that I think about it, I guess it is possible to contact the advertisers ahead of time and be promised a bounty for each prospect found.] Cheers, JWS From dfloyd at runner.utsa.edu Fri Aug 26 05:12:33 1994 From: dfloyd at runner.utsa.edu (Douglas R. Floyd) Date: Fri, 26 Aug 94 05:12:33 PDT Subject: PGP, digicash, and tanks Message-ID: <9408261214.AA21021@runner.utsa.edu> -----BEGIN PGP SIGNED MESSAGE----- The idea of DigiCash is a good one, and there have been many good ideas on it, but it will be hard to implement it in the US. The IRS will want to stop it cold as it gets around them, some people will fear it "The cash for PEDOPHILES", and Joe Blow will probably have a tough time getting used to it as it is very new to him. Another problem is being able to trust the bank who holds the notes. It will have to be a stable institution which does this, one that the IRS most likely has a grip on, or can get one. The SEC will probably want their way also. As to having PGP on a unix box, and the risks of this, I have a solution to this. What I do is keep my key on my Linux box at home, and have my mail forwarded there. It then is simple to reply and decode messages. pgpdaemon and pgpsendmail also help a lot with the quick encodes and decodes. As to tank rounds, aren't we getting a bit off track here? -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLl3cdHDkimqwdwa5AQEO4wP/ZBX5ecquikmxVHVGDz7Hutg8ryX1taJK l4aVy10uHAv5wE4KptFq3k5enqKsdot3nJsG33GLCfsrcpm2qz1snwAvh+5WmK6y f7AnSJlx671dM9334qoKAuVpLahWFpmmWuoROSXx4rx3zSVIXKjkrWaSJLAHP0Ay cAY0quBcfhw= =r48u -----END PGP SIGNATURE----- From ravage at bga.com Fri Aug 26 06:03:30 1994 From: ravage at bga.com (Jim choate) Date: Fri, 26 Aug 94 06:03:30 PDT Subject: Nuclear Weapons Material In-Reply-To: Message-ID: <199408261303.IAA09949@zoom.bga.com> > 3. Upon impact it ignites (like magnesium) and burns. The burning uranium > melts steel and also produces uranium oxide in the process. If this isn't > "violent" enough, try fission. > Would you be so kind as to provide a reference to this effect? This is new to me. I was aware of 'scaling' but was unaware that there was a thermal effect. Thanks. From pstemari at bismark.cbis.com Fri Aug 26 06:03:48 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Fri, 26 Aug 94 06:03:48 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408260200.AA05702@snark.imsi.com> Message-ID: <9408261302.AA23508@focis.sda.cbis.COM> > However, might I suggest that this has gotten VERY far afield of > cryptography? I don't know about that--hasn't the State Department been claiming for years that cryptography is a form of munitions? :) :) :) From pfarrell at netcom.com Fri Aug 26 06:06:11 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Fri, 26 Aug 94 06:06:11 PDT Subject: Fast modular exponentiation Message-ID: <32551.pfarrell@netcom.com> Phil Karn writes: > I.e., if I come up with a list of clock counts for each basic > arithmetic instruction, how can I tell which algorithm is probably > best for my machine? Back in the days of Mix, Knuth worked out the model. But with modern pipelined chips with significant on-chip cache, the model becomes too complex to solve arithmetically. The usual solution is to use Berkeley's Architect's Work Bench (AWB) which allows you to model the chip's instruction set, cache structure, pipeline stall characterists, etc. while using a compiler to generate actual code to execute. You can then execute your algorithm against the chip, and declare a winner. Of course, you have to validate the chip model, and you have to know how the compiler optimizations work, how it interacts with branch prediction logic, etc. While awb is readily available for the usual Unix systems, using it for anything less trivial than a grad school compiler optimization course is a ton of work. It makes sense when you are inventing a new chip architecture, or even a significant revision to an existing chip. I believe that it is far too much work to use awb (or anything of similar capabilities) to evaluate algorithms for real world chips. For algorithm optimization, it makes more sense to study the chip's characteristics, and use a heuristic approach, testing real implementations. I've already measured nearly a four to one difference in execution times using Phil's DES code using different compilers and operating systems on the same hardware (my 486). But it is pretty unsatisfying to say that the best algorithm "depends" on half a dozen variables, and that we can't reliably predict (engineer) a solution. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From jdd at aiki.demon.co.uk Fri Aug 26 06:30:48 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 26 Aug 94 06:30:48 PDT Subject: DSPs Message-ID: <8051@aiki.demon.co.uk> In message <199408260422.VAA16628 at unix.ka9q.ampr.org> Phil Karn writes: > I'm not really an expert on DSPs, but it does seem like they should be > good for modular exponentiation given the number of multiplies required. > But I don't think I'm the first to point that out. DSPs are actually optimized for the operation required in the FFT: integer inner products. A DSP will have hardware for extremely fast summations of expressions like c[i]*x[i] where the c[i] are constants, and new x vectors are introduced at a high rate. This is somewhat different than the kind of fast multiplication you are looking for. -- Jim Dixon From lstanton at sten.lehman.com Fri Aug 26 07:20:44 1994 From: lstanton at sten.lehman.com (Linn Stanton) Date: Fri, 26 Aug 94 07:20:44 PDT Subject: Cash, cheaters, and anonymity In-Reply-To: <199408260641.XAA11326@netcom15.netcom.com> Message-ID: <9408261422.AA24054@sten.lehman.com> tcmay at localhost.netcom.com (Timothy C. May) writes: > **The purist approach: you *are* your key. If another biological unit > obtains your key, he or she is effectively you. Guard your key carefully. > > **The modern American "excuse" approach: Hey, if you want to disavow a > contract, like, just claim your key was stolen or, like, you lost it. > > I understand the reasoning behind adopting a more intermediate stance, but > I think that only the purist stance will hold water in the long run.(A hint > of this: untraceable cash means, for most transactions of interest with > digital cash, that once the crypto stuff has been handled, whether the sig > was stolen or not is moot, because the money is gone...no court can rule > that the sig was invalid and then retrieve the cash!) I would love the purist stance, except that it is untenable. Every security system is breakable, if enough effort, money, and professionalism are involved. We should never kid ourselves about this. One time pads are provably secure, but someone can still break in and physically steal your plaintext, or steal you and bring out the rubber hoses... If crypto does become widespread, then it will be used in situations where the value of the key justifies considerable effort and expense to steal it, and it will happen. There must always be a mechanism to deal with repudiation. As to your later point about mootness, I would not be comfortable saying that there are limits to what a court will attempt to coerce cooperation. > * Plan A: The protocol insists on retinal scan or other biometric > authentication between the "smartcard" used as the cryptographic keying This is just a second private key, and no more immune to forgery or theft by a professional. From hfinney at shell.portal.com Fri Aug 26 07:49:55 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 26 Aug 94 07:49:55 PDT Subject: You can hide from the Chip, but not from the Man. In-Reply-To: <9408260355.AA06500@io.lrcs.loral.com> Message-ID: <199408261449.HAA24065@jobe.shell.portal.com> koontzd at lrcs.loral.com (David Koontz ) writes: >The implication is that a counterfeit LEAF is detectible. As per FIPS Pub >185, The Escrowed Encryption Standard, a transmission or stream of data is >preceded by the Cryptographic Protocol Field (CPF) which is registered to a >particular application (Clipper phone - AT&T, for example). The CPF is used >to determine where to find the LEAF, the LEAF Creation Method (LCM) and the >Family Key (KF). Thus the CPF also identifies the manufacturer, or group of -------------------^^^^ >manufacturers for a theoretically second sourced product, by identifying the >data protocols of the encrypted data (RCELP in the case of AT&T). I am confused by the word "thus". None of the three things in the CPF mentioned in the previous sentence (where to find the LEAF, the LCM, the KF (BTW, I thought the family key was a big secret?)) include the manufacturer or the data protocols in any apparent way. Are there more things in the CPF than the three you listed? Also, isn't it likely that RCELP will be widely used by all manufacturers to be compatible with AT&T, so in practice all will use the same protocol, and so this does not really identify the manufacturer? As for recognizing bogus LEAF's, this would be only after decrypting with the family key, right? This is not supposed to be done routinely, although it doesn't require access to the escrow database. It's true that if a family-key-decrypted LEAF using Blaze's rogue technique "stands out", that certainly could call unwelcome attention to the users of his ideas. Hal From hfinney at shell.portal.com Fri Aug 26 07:55:48 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 26 Aug 94 07:55:48 PDT Subject: Program to circumvent the Sep 1 Legal Kludge part 1/5 In-Reply-To: Message-ID: <199408261455.HAA24433@jobe.shell.portal.com> Tom Jennings writes: >On Tue, 23 Aug 1994 0x7CF5048D at nowhere wrote: >> This is a 5 part binary=noklg.zip >> Please make publicly available. put on BBS's, public ftp sites. >> part 1/5. >Can you please stop mailing me these unidentifyable, undecodable >files from a person I cannot identify, nor detect the reason for >the anonymity? I've been receiving these, too. It seems to be a program which has the same effect as a one-line shell script to add the "+legal_kludge" option to the command line for PGP2.6, so that it generates backwards-compatible messages without violating anyone's license agreements. It's easy to do such a shell script in Unix. Is there a good way in DOS to add a few command-line arguments in front of the ones the user has supplied? If so that would seem easier (and smaller) to distribute. Hal From markh at wimsey.bc.ca Fri Aug 26 09:01:58 1994 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Fri, 26 Aug 94 09:01:58 PDT Subject: Fast modular exponentiation Message-ID: > But it is pretty unsatisfying to say that the best algorithm "depends" on > half a dozen variables, and that we can't reliably predict (engineer) a > solution. It does seem to come down to that though. I've spent a bit of time playing with a couple of versions of Montgomery Mult code plus other optimisations for modular exponentiation. What works best depends upon the processor (I was doing C with some inline assembler for the multiply and divide ops). I remember that one particular approach worked very well on an HP 9000/730 and was miserable on anything else I tried (Sparc, 80486, MIPS R3000, 68030). There's a really nice survey paper by Cetin Kaya Koc (then of RSADSI) called _High Speed RSA Implementation_ which describes various optimisations. The references in this are also pretty useful. Mark -- Mark Henderson markh at wimsey.bc.ca - RIPEM MD5: F1F5F0C3984CBEAF3889ADAFA2437433 ViaCrypt PGP key fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 low security key fingerprint: EC E7 C3 A9 2C 30 25 C6 F9 E1 25 F3 F5 AF 92 E3 cryptography archive maintainer -- anon ftp to ftp.wimsey.bc.ca:/pub/crypto From jamesd at netcom.com Fri Aug 26 09:46:17 1994 From: jamesd at netcom.com (James A. Donald) Date: Fri, 26 Aug 94 09:46:17 PDT Subject: Fast modular exponentiation In-Reply-To: Message-ID: <199408261646.JAA18633@netcom8.netcom.com> Mark C. Henderson writes > There's a really nice survey paper by Cetin Kaya Koc (then of RSADSI) > called _High Speed RSA Implementation_ which describes various > optimisations. The references in this are also pretty useful. So where do we find this survey paper? -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jdwilson at gold.chem.hawaii.edu Fri Aug 26 10:24:22 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Fri, 26 Aug 94 10:24:22 PDT Subject: Arizona State Email Non-Privacy Policy In-Reply-To: <199408260051.UAA04839@zork.tiac.net> Message-ID: On Thu, 25 Aug 1994, Steve Witham wrote: > >I want to ask you something. What sorts of illegal things could a person do > >with an email account? What's happening is that A.S.U. has just adopted a > >policy which allows them to...well, this is way it says: "The routine > >management and administration communication systems or computers may include > >the monitoring of any or all activity on these systems on a regular basis" > >blah blah blah "Any message is permanent and may be read by persons other than > >the intended reader." I'm sure this has always been the case, and that they > >are just coming out with it. They also say that "We no longer take requests > >for the Public Records Act." Do you know what that means? This is like those recordings while you are on hold that say "your call may be monitored for quality assurance" etc. - they have to warn you up front to do so legally. You then have a choice to use or not use their system for any communications you want kept private from their perusing probiscus. > >You know, some landlord out here just got arrested for installing video > >cameras in his tennant's apartments... it seems like a similar situation to Big difference here - in Hawaii you must put up signs if you have any video monitoring equipment in or around the common areas, perimeter of the building etc. informing people that the areas are monitored using video surveillance etc. Inside your apartment is another story - over here you are protected by the Landlord-Tenant code not to mention a variety of other ordinance. > >Something else, I just found out that it's "inappropriate" to use the A.S.U. > >system for social correspondence! It's listed uner abuses along with > >computer fraud and pirating. (!) Surprise. It is their equipment to do with as they please and if you don't want to follow along with their conditions of access... In the gov't it is literally against the law and considered theft of government resources (cpu time, equipment (pc, terminal etc.), electricity...) to use government equipment for private purposes. > Quite a few people answered (thank you all) my earlier question by saying that > doing your own encryption is the best solution. True in a way, but I know > there are "student rights" groups that specifically work to intimidate > college computer administrations into modifying these sorts of policies, > also setting up standard privacy policies, etc. Is there some other mailing > list or newsgroup where I would find them? This is where PGP on your local machine fits in. As long as they don't have your private key and can't capture keystrokes or access your local machine you can keep your communications private. Try EPIC, CPSR, EFF for info. -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From jamesd at netcom.com Fri Aug 26 10:26:17 1994 From: jamesd at netcom.com (James A. Donald) Date: Fri, 26 Aug 94 10:26:17 PDT Subject: Offline cash vs online cash. In-Reply-To: <199408260931.EAA17205@chaos.bsu.edu> Message-ID: <199408261726.KAA22802@netcom8.netcom.com> Anonymous writes > there are serious holes in the > assumptions made by offline digital cash protocols when applied > to computer networks rather than manually operated smart cards. > > ... > I disagree that "there is no excuse" for double spending. If > the software is implemented badly (no fault of the user), So implement it right - the fact that a poorly programmed bank computer might credit someone with a million dollars does not prevent banks from using computers. > ... if the system crashes > and one must recover from a month old backup, one has to > go through that old purse and determine which coins have been > spent. Return suspect coins to vendor and ask for new coins. Vendor will detect most of the already spent coins. If some coins are double spent they will eventually show up as double spent by the person who had the system crash, who will simply make them good. > If a network burps and > sends a vendor two coins where there should have been one, > we get double spending. Actually we do not, because the recipient will detect the coins are non unique, assuming the protocol is implemented correctly, and will treat the duplicated message as a single message. Indeed since coin transport will probably be by datagrams duplicated and lost coins will happen continuously, and will be automatically fixed by the protocol. > The possibilities for accident are legion and cannot all be > foreseen. "Shit happens". That is what debugging and beta testing is for. > A protocol that treats common > accident the same as criminal fraud, when the stakes are > so high, is pathological. If you make good on the accident, no problem. It is only a problem if the accident causes substantial money transfer, which can be prevented by adequate protocols. It is possible to construct the protocols so that any "accident" resulting in substantial money transfer must be old fashioned fraud or robbery. If someone breaks into your computer, that is no more an argument against offline digicash than if someone breaks into your safe. If Joe million spends one of Janes coins he must interact with a million separate vendors in a rather short time. This will inevitably make waves. Offline digicash is not so much anonymous as offering controlled nomity. Again I point out that the existing grey capitalist system involving foreign bank accounts in the names of bermuda and Hong Kong companies, is quite adequately anonymous even though checks are purely identity based money. Offline digital cash cannot be "real" digital cash, whatever that is. It has to be identity based cash with controlled limits on identification. It will resemble those Bermuda check accounts with Visa debit cards more than it resembles cash in your pocket. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From cactus at bb.com Fri Aug 26 10:27:31 1994 From: cactus at bb.com (L. Todd Masco) Date: Fri, 26 Aug 94 10:27:31 PDT Subject: Nuclear Weapons Material Message-ID: <199408261732.NAA20761@bb.com> I'd like to point out that some of the people who are most vocal about topics when threads wander off what they consider "cypherpunks topics" are contributing to this "Nuclear Weapons Material" thread in a way that had nothing to do "cypherpunks topics." I'm not saying "cut it out" -- I know where my 'd' key is. I am, however, amused. -- L. Todd Masco | "Large prime numbers imply arrest." - Previously meaningless cactus at bb.com | grammatically correct sentence. Now... From tcmay at netcom.com Fri Aug 26 10:33:29 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 26 Aug 94 10:33:29 PDT Subject: Cash, cheaters, and anonymity In-Reply-To: <9408261422.AA24054@sten.lehman.com> Message-ID: <199408261733.KAA23541@netcom8.netcom.com> > > **The purist approach: you *are* your key. If another biological unit > > obtains your key, he or she is effectively you. Guard your key carefully. > I would love the purist stance, except that it is untenable. Every security > system is breakable, if enough effort, money, and professionalism are involved. So the purist stance is untenable? Less than 2 years ago I was a homeless person, living on the banks of the San Lorenzo River. Then I met a person named "Timothy C. May." He wasn't interested in being on the Net anymore--he said it took too much of his time--so he game me his account, his password (which I've since changed, of course), and said "Have fun." The purist stance is much more common than many might think. > We should never kid ourselves about this. One time pads are provably secure, > but someone can still break in and physically steal your plaintext, or steal > you and bring out the rubber hoses... > If crypto does become widespread, then it will be used in situations where > the value of the key justifies considerable effort and expense to steal it, > and it will happen. There must always be a mechanism to deal with repudiation. There are plenty of items of property that can be stolen, and are stolen. And yet these items continue to exist, be sold, traded, etc. If someone is really, really worried about havin their codes stolen, they can arrange to use codes only usable in their banker's office (not altogether a bad idea, by the way), or with a duress code built-in, etc. Or none at all. Choice, and costs. In any case, the free markets will have a major effect. With strong crypto, the communications transparently cross borders, making legal moves problematic. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From ny000832 at mail.nyser.net Fri Aug 26 10:56:15 1994 From: ny000832 at mail.nyser.net (Dr. Charles Rubenstein) Date: Fri, 26 Aug 94 10:56:15 PDT Subject: Robot Wars! Message-ID: <2987000426.6.ny000832@mail.nyser.net> Dear punkers With all the latest government and crime bill and clipper bandwidth being spent I thought you might find this message, posted to PACS-L interesting. -CR Short sig: The Internet does not belong to us. We belong to the Internet. - from Chief Seattle's "Earth" quote ------- Forwarded Message Message-Id: <9408232357.AB16213 at mail-in.worldlink.com> Date: Tue, 23 Aug 1994 18:42:47 CDT To: Multiple recipients of list PACS-L From: Jack Kessler Reply-To: Public-Access Computer Systems Forum Sender: Public-Access Computer Systems Forum Subject: Robot Wars! ("robot wars"?) ----------------------------Original message---------------------------- re: Robot Wars! ("robot wars"?) August 20, 1994 -- San Francisco Where else in the world could you assemble 1000 paying members of the general public for a day to watch little mostly - metal machines rip, tear, shred, ram, saw, and blow each other apart? In California, of course -- the land of the crazies -- and in San Francisco, where all the truly crazy ones are. (I am San Franciscan.) Nearly every combination computer - nerd - machine - geek - homicidal - maniac in the electronic world -- one hopes that there are no more than 1000 of them -- is assembled here in San Francisco's Fort Mason today to watch "The First Annual Robot Wars", a full day of competitive events in which these little creations, 1) "Escort" each other around a trap - filled arena, then, 2) "Face - off", duel with each other one on one, and, finally, 3) "melee", engage in free - for - all group destruction. And they -- all of them including the robots -- are communicating back and forth using the same electronic technologies which I've been using for looking up books in libraries. This is a very live show, featuring home - made robots built by high school students, Industrial Light & Magic wizards (ILM's Marc Thorpe is the event's" Creator and President), and even some elderly (in their 40s) engineers. The crowd is on bleachers, surrounding an arena equipped with great pinball - style paddles, net - like traps which descend upon the unwary contestants, and a great swinging cannon - ball which arcs high over nervous spectators' heads, occasionally slamming into an unwary little competitor. There is a "Madonna Bra" entry: "Zomo" -- made from a suspended stainless steel mixing bowl mounted on something like a little remote control racing car, emblazoned with slogans like "Kiss Me", and "Revenge", scrawled in pink lipstick. There is an entry by the guy who invented SimCity: "Julie - bot", complete with war - painted Barbie Doll head -- "The Barbie from Hell!", the crowd cried. "AndyRoid", a Charlie McCarthy - style ventriloquist's doll mounted on a kid's plastic BigWheel trike -- trailing a lethal Coke can on a string which it/he uses to ensnare and destroy opponents -- screams "child abuse! child abuse!" when it/he is hit, and, after the swinging cannonball strikes it directly in the head, "tylenol! tylenol!". There are contestants with names like "Spiny Norman", "SlowMo", "PainMower", "The Beetle", and "The Master": sort of a cybernetic TV wrestling list. There are some bright people at this thing. A few of them are the folks who brought us films like Star Wars, Indiana Jones, Cobra, Ghost, Terminator 2, Forrest Gump, and Mask. There are some international folks, camcorders and flipphones are everywhere, I see some press luminaries and at least one tv station, and there are plenty of mysteriously - important - looking people. Talk about a 1990s event. Technology, brutality, war, metal. Fitting, I guess, that it takes place on the piers from which the US made war on Japan a half century ago. Somebody should tell me whether this is cruelty or catharsis -- there were plenty of "thumbs down" signals being given, received, and acted upon -- and how far a robot has to be taken before it becomes anthropomorphic? I was interested because there are a lot of Entertainment Industry types involved in this, and I am curious about current predictions that the Entertainment Industry is about to take over information networking. Anyone who thinks this technology is tame either, a) hasn't read William F. Gibson, or, b) has read him but doesn't believe it, or, c) wasn't at "Robot Wars". More can be found out about present and future Robot Wars, I'm told, via e - mail to: robotwars at aol.com. Jack Kessler kessler at well.sf.ca.us ------- End of Forwarded Message From jamesd at netcom.com Fri Aug 26 11:01:46 1994 From: jamesd at netcom.com (James A. Donald) Date: Fri, 26 Aug 94 11:01:46 PDT Subject: Cash, cheaters, and anonymity In-Reply-To: <199408260641.XAA11326@netcom15.netcom.com> Message-ID: <199408261801.LAA26874@netcom8.netcom.com> Timothy C. May writes > Alice pays Bob a unit of money, then quickly Alice spends that > money before Bob can...Bob is then revealed as a "double spender," and his > identity revealed to whomver wanted it...Alice, IRS, Gestapo, etc. A very > broken idea. Correctly implemented, with offline cash that grows in each transaction until cleared online, this should reveal Alice's identity, not Bob's If we fear double spending we insist on the spender presenting an expensive identity, an identity that would be tedious or costly to replace. The larger the amount, the stronger our concerns of identity. But the identity is known only to the parties to the transaction. (Who may be different tentacles of the same biological person.) The tentacle trick is what makes the existing identity based checks on Bermudan and Hong Kong banks effectively anonymous. If we do not like the identity, we ask for online clearance. > I want to elaborate on this, even though I think most of Hal's points are > made with off-line clearing in mind. I want to make the case for why > on-line clearing is the One True Digital Cash. Quite so. And with a smooth interface between the truly anonymous online cash and the controlled nomity offline cash - an interface sufficiently smooth that the spender rarely notices which his software is using, we can have the best of both worlds. It is all in the software interface, something notoriously lacking from existing implementations. > Off-line systems may be useful for paying for movies, toll roads, etc., but > there the protocols can be set up to limit exposure to fraud. (Ontological > constraints, such as number of movie theater attendees, etc., will limit > the losses. Scams will likely still exist, but the problem seems manageable > with some work.) Exactly so. Like the use of slugs in vending machines. > > > IS PROOF OF PHYSICAL IDENTITY NEEDED? No, but for offline cash proof of an identity that would be expensive or tedious to replace is needed. > This > situation is as old as time, and has always involved protcols in which > trust, repeat business, etc., are factors. Or escrow agents. Exactly so. We need varied kinds of digicash, for varied situations, and a smooth interface between them. > REAL ESCROW AND TRUE NYMS > > > Long before the "key escrow" of Clipper, true escrow was planned. Escrow as > in escrow agents. Or bonding agents. > > Alice and Bob want to conduct a transaction. Neither trusts the other; > indeed, they are unknown to each other. In steps "Esther's Escrow Service." > She is _also untraceable_, but has established a digitally-signed presence > and a good reputation for fairness. Exactly so: > I apologize if this essay, while long, is not quite long enough to capture > the ideas I wanted to express. To me, these are core ideas. Keep going, you mentioned, rather than explained, the problem of local and extended clearing. It seems to me, that rather than the one true protocol, we need a collection of standardized protocol tools and anybody and his dog can issue his own protocol for his own purpose, and the other guys computer can understand it and can give its master a list of options of what how the deal can go sour and who to finger if the deal goes sour in a particular way -- tell its master who the the master is trusting to pay and when. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From lstanton at sten.lehman.com Fri Aug 26 11:06:10 1994 From: lstanton at sten.lehman.com (Linn Stanton) Date: Fri, 26 Aug 94 11:06:10 PDT Subject: Cash, cheaters, and anonymity In-Reply-To: <199408261733.KAA23541@netcom8.netcom.com> Message-ID: <9408261807.AA24706@sten.lehman.com> tcmay at netcom.com (Timothy C. May) writes: > So the purist stance is untenable? Less than 2 years ago I was a > homeless person, living on the banks of the San Lorenzo River. Then I > met a person named "Timothy C. May." He wasn't interested in being on > the Net anymore--he said it took too much of his time--so he game me > his account, his password (which I've since changed, of course), and > said "Have fun." > > The purist stance is much more common than many might think. I don't think this is really the purist stance. You defined it as 'you are your key', and my view is that revocation will have to be possible. All that your argument above is saying is 'email address and claimed name are insufficient to prove identity' -- surely no one disputes that? > There are plenty of items of property that can be stolen, and are > stolen. And yet these items continue to exist, be sold, traded, etc. Yes. And physical possession of them is not generally considered to be unquestionable legal proof that you are the person who originally owned them. > If someone is really, really worried about havin their codes stolen, > they can arrange to use codes only usable in their banker's office > (not altogether a bad idea, by the way), or with a duress code > built-in, etc. Or none at all. Choice, and costs. In all honesty, I don't see physical key theft to be a major problem for individuals, since it can generally be made unprofitable. Where I see legal key revocation as essential, is for corporate situations. That is where a multi million dollar cost of stealing a key could still be quite profitable. We need to figure a way to extend web of trust to revocations and corporate identity. > In any case, the free markets will have a major effect. With strong > crypto, the communications transparently cross borders, making legal > moves problematic. Unfortunately, I think that the courts will expand too. The courts may not be able to freeze and confiscate your foreign assets, but they may be able to block you from doing a great deal of business without very frequent changes of 'name' and reestablishment of reputation. Also, there is always the possibility of being hampered in the physical world. We all have to buy groceries, and the physical means of communication will always be vulnerable to pressure. This is not to say that I don't think crypto will weaken government. It will. Making court rulings effective will be far more expensive than it currently is. From sandfort at crl.com Fri Aug 26 11:20:24 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 26 Aug 94 11:20:24 PDT Subject: PRIVACY 101 Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Duncan and I are now accepting registrations for our on-line Privacy Seminar. If you would like to participate, you can subscribe by sending a message to: majordomo at c2.org In the body of your message, you should have the command: subscribe privacy101 [

] Where [
] is the e-mail address you wish to use for the Seminar. (If you do not specify an address, the address from which you subscribed will be used.) Send a message to majordomo at c2.org with the word "help" in the body of the message to get majordomo help info. Here is some more list info: Majordomo address: Majordomo at c2.org Majordomo-Owner address: Majordomo-Owner at c2.org List Name: privacy101 List posting address: privacy101 at c2.org List request address: privacy101-request at c2.org The Seminar will be archived. To participate from the beginning, however, you should sign up immediately. The Seminar will begin September 1st. The Seminar will be a series of lectures that alternate with a moderated list for questions and comments. As the Seminar progresses, we may alter or add lectures, but the tentative list of lectures is as follows: Privacy 101 Lectures: 1. Introduction to Privacy Theory and Philosophy 2. Threat Level Management--The Calculus of Risk 3. Identity Information Risks 4. Locational Information Risks 5. Financial Information Risks 6. Health Information Risks 7. Lifestyle Information Risks 8. Political/Philosophical Information Risks 9. Misc. Information Risks 10. Identity Privacy Techniques 11. Locational Privacy Techniques 12. Financial Privacy Techniques 13. Health Privacy Techniques 14. Lifestyle Privacy Techniques 15. Political/Philosophical Privacy Techniques 15. Misc. Privacy Techniques If you have any specific questions or areas of interest which you would like to have addressed during the Seminar, please let us know as soon as possible. We will try to work them into our presentation. Regards, S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From karn at unix.ka9q.ampr.org Fri Aug 26 13:05:06 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Fri, 26 Aug 94 13:05:06 PDT Subject: DSPs In-Reply-To: <8050@aiki.demon.co.uk> Message-ID: <199408262009.NAA17046@unix.ka9q.ampr.org> >This is somewhat different than the kind of fast multiplication you are >looking for. Yes, but even scalar multiplication is so much faster on a DSP than on most general purpose CPUs that it seems like a definite win. The 486 takes from 13-42 clock cycles to perform a multiply, depending on the operand sizes and number of significant bits in the multiplier. Even if you couldn't keep the pipeline full on a chip like the PowerPC, you'd still be well ahead. But then I hear people say that it's not the multiplication that slows down modular exponentiation, it's the modular reduction. Phil From hfinney at shell.portal.com Fri Aug 26 13:26:46 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 26 Aug 94 13:26:46 PDT Subject: Cash, cheaters, and anonymity In-Reply-To: <199408260641.XAA11326@netcom15.netcom.com> Message-ID: <199408262026.NAA16252@jobe.shell.portal.com> I don't have time to write much now, but lots of good points have been made. I'll just toss out the other main idea for handling offline cash, which is Chaum's "Observer". The Observer is a tamper-proof device that sits inside (or plugs into) your computer, smart card, or PDA, and makes sure that you don't double spend. In fact, it is impossible to double spend because the Observer has to participate in every transaction. Yet Chaum has designed the protocols such that the Observer learns nothing about who you are or where you are spending. The technical requirements of the Observer in Brands' scheme are that it store 146 bytes plus 18 bytes per coin, and be able to do the discrete log signature, which basically requires 512-bit multi-precision arithmetic. And it has to be tamper-proof. At one time I was skeptical about that but we see with Clipper that the NSA appears to be confident that data can be protected in tamper-proof modules. With Observers you can have off-line cash that is as secure as on-line but without the costs of on-line validation. As a vendor, which would you rather accept: off-line cash where you rely on legal sanctions to track down cheaters; on-line cash where you call the bank and verify it for every transaction; or off-line cash where you can validate it right there locally without checking with any bank? Depending on the costs which the Observer adds to the digital wallet, that latter choice might be the most attractive. Hal From klbarrus at owlnet.rice.edu Fri Aug 26 15:37:09 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Fri, 26 Aug 94 15:37:09 PDT Subject: MATH: Brands cash, Hal's posts Message-ID: <9408262236.AA17736@snowy.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- Cypherpunks, or maybe that's Atompunks, Earlier, Hal posted several excellent messages concerning Brands' cash, and some introductory material. I always find it useful to work through various protocols by hand (well, with Mathematica), working with real numbers to help understand the protocol and how it works. So like I did a long time ago when Hal posted a description of Chaumian cash, I will give an example of the protocols described. I intend to follow along Hal's posts and work math as it comes up (and try to keep the notation consistent!). I'll not be using numbers large enough to give actual security. For folks with Mathematica, the functions of interest are PowerMod[a,b,c] to calculate a^b mod c, and Mod[a,b] to calculate a mod b. Hal's first post was introductory material on discrete logs: * Generators > Discrete-log based cryptosystems generally work with a modulus n which is > prime, along with a "generator" g < n such that the series g^0, g^1, g^2, > ... , includes all values from 1 to n-1. It is pretty straightforward to > find such n's and g's. It is easy to compute g^x for any x, but > intractable to calculate x given just g^x. Finding a generator g is easy if you know the factorization of n-1. You just need to calculate g^((n-1)/q) mod n for all values of q, the prime factors of n. If any of the results are 1, then g is not a generator. So say you want to see if 5 is a generator mod 2047. The prime factors of n - 1 = 2046 are { 2, 3, 11, 31 }, so you calculate: 5 ^ (2046/2) mod 2047 = 1034 5 ^ (2046/3) mod 2047 = 622 5 ^ (2046/11) mod 2047 = 1435 5 ^ (2046/31) mod 2047 = 622 None of these turned out to equal 1, so 5 is a generator mod 2047. * Diffie-Hellman key exchange > 1. Alice chooses a random x and sends GX = g^x to Bob. Bob chooses a > random y and sends GY = g^y to Alice. Let's use g = 10, and pick p = 17389. 10 is indeed a generator mod 17389. Alice chooses x = 53, and calculates g^x mod p = 10^53 mod 17389 = 9059 Bob chooses y = 4321 and calculates g^y mod p = 10^4321 mod 17389 = 16077 They exchange, so Alice receives GY = 16077 and Bob receives GX = 9059 > 2. Alice calculates GY^x, which is g^(y*x). Bob calculates GX^y, which > is g^(x*y). Alice calculates 16077^53 mod 17389 = 11643 Bob calculates 9059^4321 mod 17389 = 11643 > 3. These are equal, so they use them as their shared secret value. Alice and Bob agree to the shared secret 11643. > An observer sees only GX and GY, and without knowledge of x and y is > unable to calculate g^(x*y). * DH-based identification protocol For this example, suppose we use g = 10, p = 17389 as above. Also, Paul chooses x = 555 to be his private key, therefore 10^555 mod 17389 = 11106 is his public key. > 1. Vicki chooses a random y and sends GY = g^y to Paul. Vicki randomly chooses y = 1994, so she sends 10^1994 mod 17389 = 13848. > 2. Paul calculates GYX = GY^x = g^(y*x) and sends that back to Vicki. Paul calculates 13848^555 mod 17389 = 8324, and sends it back. > 3. Vicki confirms that GYX = GX^y; both should be g^(x*y). Vicki checks 11106^1994 mod 17389 = 8324. This matches what Paul sent back. * Schnorr identification protocol > 1. Paul chooses a random w and sends GW = g^w to Vicki. Paul chooses w = 200, and sends 10^200 mod 17389 = 14097 to Vicki. > 2. Vicki chooses a random c and sends it to Paul. Vicki chooses c = 561 and sends this to Paul. > 3. Paul calculates r = cx+w and sends that to Vicki. Paul calculates r = 561 * 555 + 200 = 311555. > 4. Vicki confirms that g^r = (GX^c)*GW. Both should be g^(cx+w). Vicki checks: 10^315555 mod 17389 = 4594 (11106^561) 14097 mod 17389 = ((11106^561 mod 17389) * 14097) mod 17389 = 4594 * Chaum discrete log interactive signature protocol Here, we'll pick m = 1040. Thus, Paul can calculate MX = 1040^555 mod 17389 = 8608 > 1. Paul chooses a random w and sends GW = g^w and MW = m^w to Vicki. As above, Paul chooses w = 200, so he sends GW = 14097 and MW = m^w mod p = 1040^200 mod 17389 = 472 to Vicki. > 2. Vicki chooses a random c and sends it to Paul. She chooses 561 again. > 3. Paul calculates r = cx+w and sends that to Vicki. He calculates 311555 again. > 4. Vicki confirms that g^r = (GX^c)*GW. Both should be g^(cx+w). She > also confirms that m^r = (MX^c)*MW. Both should be m^(cx+w). Vicki checks g^r as above. Now she also checks: m^r mod p = 1040^311555 mod 17389 = 13723 (MX^c)*MW = (8608^561)*472 mod 17389 = 13723 * Chaum discrete log signature protocol Well, this is similar to the above protocol except a hash function is used. I'll do something similar for Hal's other posts as time permits. Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLl5uPsSF/V8IjI8hAQE4/AP/VNauuo2nIWvF7xukbh6zNXK/pTnD7vGM 7jQeD9Hk7z9a/GXD2OTjlKUf1HAtFRkPB95X3HS/u5TzO1RdUIoxuiUok38At8vX UUBaRXaF6JJUI8xkvgOt9qCrSnZNKhjh4wZ2JxxOUY/0rB/1TBRzPe/MIIzyy0Ee bKaCRv+gJLA= =esaf -----END PGP SIGNATURE----- From jya at pipeline.com Fri Aug 26 15:47:03 1994 From: jya at pipeline.com (John Young) Date: Fri, 26 Aug 94 15:47:03 PDT Subject: Spoofing Weapons 2 Message-ID: <199408262246.SAA24800@pipe1.pipeline.com> Forwarding mail by: misra at gardener.lanl.gov ("Raymond H. Misra") on Fri, 26 Aug 10:28 AM ------------------- On Aug 26, 2:11am, MEINKING at delphi.com wrote: > Subject: > > Each message pounds another nail into my silent coffin. Inside it is dirty, > dank and pathetic. I have received every post. I have read every post, and > each time, I have had what seems like everything to say. But I don't say > it. > > Yet I do know where I want to go, where I want to reach. I want to reach > those that have pounded the nails into my coffin, that have participated in > luring me into the apeiron, trapping me in the coffin, and discarding me > forever. > > To them I can only say this: > > "The fire is burning me. It is erupting from the inside, from the > pit of my gut and bursting forth. The flames it releases want > victims to claim for their own giddy disgust and restoration is no > longer possible." > > >From the depths of the apeiron, at a distance deeper than hell itself a > bright light expands devouring each bit of darkness in its wake. If you > listen, you can hear it speak the sound - the sound of creation. >-- End of excerpt from MEINKING at delphi.com You wouldn't be desribing the weapons discussion on "cypherpunks" list for the past few days, would you? -- Raymond H. Misra From yusuf921 at raven.csrv.uidaho.edu Fri Aug 26 17:13:44 1994 From: yusuf921 at raven.csrv.uidaho.edu (Sharazad) Date: Fri, 26 Aug 94 17:13:44 PDT Subject: Spoofing Weapons 2 In-Reply-To: <199408262246.SAA24800@pipe1.pipeline.com> Message-ID: On Fri, 26 Aug 1994, John Young wrote: > You wouldn't be desribing the weapons discussion on > "cypherpunks" list for the past few days, would you? > > > -- > Raymond H. Misra You guys are straying from CypherPunk, can we take this discission to private E-mail so the rest of us don't get spammed? I get ~115 messages per day, and deleteing the babble is becoming very time consuming. Thankyou -- Finger yusuf921 at raven.csrv.uidaho.edu for PGP public key 2.6ui GJ/GP -d+ H+ g? au0 a- w+++ v+(?)(*) C++++ U++1/2 N++++ M-- -po+ Y+++ - t++ 5-- j++ R b+++ D+ B--- e+(*) u** h* r+++ y? From jdd at aiki.demon.co.uk Fri Aug 26 17:19:16 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Fri, 26 Aug 94 17:19:16 PDT Subject: DSPs Message-ID: <8145@aiki.demon.co.uk> In message <199408262009.NAA17046 at unix.ka9q.ampr.org> Phil Karn writes: > > Yes, but even scalar multiplication is so much faster on a DSP than on > most general purpose CPUs that it seems like a definite win. The 486 > takes from 13-42 clock cycles to perform a multiply, depending on the > operand sizes and number of significant bits in the multiplier. The Motorola DSP96002 does an integer multiply in 2 or 3 clocks, so a 33 MHz device does 11 million multiplies (and moves) a second. The chip costs about $50. The newer TI C40 does a 32-bit integer multipy in 1 clock, so a 50 MHz device can output 200 MB/s of results. It can read in a single clock cycle but writes take two cycles (sometimes more). So although it can theoretically read 200 MB/s, it can only write 100 MB/s. However, it has six serial links, each one of which has a 20 MB/s bandwidth, so in theory it can pump out 100+120 = 220 MB/s. However, in practice you would expect the chip to be I/O bound. It costs something like $200 a chip. The real advantage of the C40 is that C40s can be connected together using their serial links. This allows them to be arranged in interesting 3D topologies. In this respect the C40 is intended to be an upgrade on the transputer, which has only four links, and tends to die when connected into large 2D meshes, because the transputers spend too much of their time passing messages. If C40s are connected in pipelines, with three links used as input from the preceding stage and three links used to drive the next stage, you can run them comfortably at 60MB/s. You might choose to do three multiplies on each 32-bit operand at this rate, giving you effectively multiplications at 45 MHz at each stage of the pipeline. > Even > if you couldn't keep the pipeline full on a chip like the PowerPC, you'd > still be well ahead. Ahead of the 486 maybe, but the C40 makes the PowerPC a dog. > But then I hear people say that it's not the multiplication that slows > down modular exponentiation, it's the modular reduction. Can you elaborate? -- Jim Dixon From ravage at bga.com Fri Aug 26 18:19:53 1994 From: ravage at bga.com (Jim choate) Date: Fri, 26 Aug 94 18:19:53 PDT Subject: Online cash, Internet, Pizza Hut Message-ID: <199408270119.UAA13479@zoom.bga.com> Hi all, Has anyone got any idea how Pizza Hut is handling their new real-time online pizza ordering service? As I understand it you can now order pizza over the internet if you are in the right locations. Any info? Thanks. From mimir at io.com Fri Aug 26 18:20:00 1994 From: mimir at io.com (Al Billings) Date: Fri, 26 Aug 94 18:20:00 PDT Subject: FCC Regulation (fwd) Message-ID: ---------- Forwarded message ---------- Date: Thu, 25 Aug 94 18:20:01 CDT From: Dave Hurst To: nexus-gaia at netcom.com, fringeware at illuminati.io.com, leri at pyramid.com Subject: FCC Regulation (fwd) Forwarded from the com-priv mailing list: (UPI) WASHINGTON, DC. The White House confirmed today that the FCC will become the Federal agency to assume responsibility for regulating the so-called "Information Super Highway." Today this consists of an autonomous network of computers known collectively as the Internet. Usually reliable sources revealed that the government is becoming increasingly apprehensive about the Internet's uncontrolled growth and the potential for damage to national security. A highly placed government source was quoted as saying "...now anyone with a thousand dollars can obtain the computer hardware and software necessary to communicate on the Internet. Irresponsible individuals can easily transmit messages worldwide. Clearly, there is a need for government regulation." In response to these concerns the FCC is rumored to be preparing restrictive regulations to assure "responsible use" of the Internet. The FCC is reportedly cooperating with other national and international agencies to coordinate these regulations. Several former eastern bloc countries and Italy are reportedly coordinating their internal regulation planning with the FCC. Although details are sketchy at this time, these new regulations are likely to take the form of some sort of license examination for Internet users. Despite the fact that a costly new government bureaucracy will be established, it will likely save money in the long run, according to government sources. "A single USENET posting may cost hundreds if not thousands of dollars, therefore, if licensing reduces such postings by only 10% the savings will more than recover these additional costs", said a highly placed government source. Expert government watchers have been able to piece together a fairly comprehensive picture of the soon-to-be-proposed license requirements. Based upon the past history of the FCC, the test will likely consist of three parts: theory, jurisprudence and practice. The theory portion of the examination will include written examination of the principles of digital logic, elements of generic machine language programming, and comprehensive knowledge of TCP/IP and network interfacing hardware. The jurisprudence portion will assess the candidate's basic knowledge of the regulations governing use of the Internet and will cover ethical as well as legal issues. Licensing will likely include an "Internet oath" requirement in which the candidate will swear to uphold certain basic standards of conduct. Users of the Internet will be required to broadcast their license numbers at logon and intermittently after connection to the Internet. The practice portion of the examination is likely to be the most controversial. Reportedly, all candidates must pass a typing skills examination and achieve no less than 40 words per minute to obtain a (temporary) novice license. This must be raised to 80 words per minute before a regular-status license will be issued. Novices will restricted to operating networked computers having speeds of less than 5 Mhz or operation of SLIP or dial-up connections of no greater than 2400 baud. (It is rumored that the FCC will make 5 Mhz replacement crystals available at a nominal charge to temporarily slow computers of novice operators). The FCC also recognizes that there are conditions when terminal emulators are not available. Therefore, an expert class will be established for communication using only numeric keypads and bi-digit numeric displays. Although needing a minimum of equipment, this mode will require sending, receiving and manual translation of raw ASCII codes. Guidelines for minimum communication rates for this mode have yet to be established while the FCC awaits public input. Although felt to be a desirable goal for all users, this class of license will only be required by individuals operating wireless (RF) LANS. Asked what the effect of proposed regulations would have on the Internet, a highly placed official noted that these rules "should not be considered prohibitive, as they simply bring regulation of the Internet in line with other communication modes under FCC governance." However, the source did feel that such regulations should be very helpful in restraining the rapid growth of the Internet. From dcwill at ee.unr.edu Fri Aug 26 18:38:12 1994 From: dcwill at ee.unr.edu (Dr. D.C. Williams) Date: Fri, 26 Aug 94 18:38:12 PDT Subject: Online cash, Internet, Pizza Hut In-Reply-To: <199408270119.UAA13479@zoom.bga.com> Message-ID: <9408270135.AA11547@solstice> > > Has anyone got any idea how Pizza Hut is handling their new real-time online > pizza ordering service? As I understand it you can now order pizza over the > internet if you are in the right locations. I heard that they take orders at a central location, then a human phones the PH closest to the customer and relays the order verbally. From my experiences with PH, "real-time" to them is sometime that week. It's just a high-tech way to have some low-paid drone screw up your pizza order for you. More road kill on the ISH . . . thin crust, please. =D.C. Williams From tcmay at netcom.com Fri Aug 26 18:38:21 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 26 Aug 94 18:38:21 PDT Subject: Online cash, Internet, Pizza Hut In-Reply-To: <199408270119.UAA13479@zoom.bga.com> Message-ID: <199408270138.SAA02401@netcom5.netcom.com> Jim Choate writes: > Has anyone got any idea how Pizza Hut is handling their new real-time online > pizza ordering service? As I understand it you can now order pizza over the > internet if you are in the right locations. I happen to be in exactly the right location, the Santa Cruz area, from whence this idea originates, but I have no interest in such gimmickry. I say gimmickry because it is just using Mosaic ("home pizza pages," I guess) to place the order, just as with a cellphone, a fax machine, whatever. Payment is *not* made over the Net. Ho hum. Sadly, it is already being dubbed "the first case of true Internet commerce." Yeah, like the Coke machines on the Net so many years ago were examples of Internet commerce. Pure hype. Madison Avenue nonsense. Good for our tabloid generation. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From dwomack at runner.utsa.edu Fri Aug 26 19:22:31 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Fri, 26 Aug 94 19:22:31 PDT Subject: Anon Remailers Message-ID: <9408270224.AA14472@runner.utsa.edu> Some time back, Xenon maintained a list of anonymous remailers, along with what records were kept, i.e., simple counter, to & from addresses, full text for some time period, etc. I know the list is available via finger (Many compliments to those involved in that!!!), but was wondering if the record- keeping aspect was reported anywhere? And no, I've never written to whitehouse.gov, don't intend to, and wouldn't on a bet!!! Regards, Dave From mpd at netcom.com Fri Aug 26 20:24:20 1994 From: mpd at netcom.com (Mike Duvos) Date: Fri, 26 Aug 94 20:24:20 PDT Subject: Online cash, Internet, Pizza Hut In-Reply-To: <199408270119.UAA13479@zoom.bga.com> Message-ID: <199408270300.UAA25987@netcom12.netcom.com> > Has anyone got any idea how Pizza Hut is handling their new real-time online > pizza ordering service? As I understand it you can now order pizza over the > internet if you are in the right locations. Yes. This embarrassing little programming exercise may be enjoyed by connecting to http://www.pizzahut.com. You first enter your name, address, and phone number into a form. If it is within their delivery area, you can enter pizza information on a subsequent form. If not, you have the option of pretending to order a pizza on a demo form. The whole thing is pretty lame. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From ravage at bga.com Fri Aug 26 20:40:02 1994 From: ravage at bga.com (Jim choate) Date: Fri, 26 Aug 94 20:40:02 PDT Subject: Online cash, Internet, Pizza Hut In-Reply-To: <199408270300.UAA25987@netcom12.netcom.com> Message-ID: <199408270339.WAA18034@zoom.bga.com> > > Yes. This embarrassing little programming exercise may be enjoyed > by connecting to http://www.pizzahut.com. You first enter your name, > address, and phone number into a form. If it is within their > delivery area, you can enter pizza information on a subsequent form. > > If not, you have the option of pretending to order a pizza on > a demo form. The whole thing is pretty lame. > Thanks for the info Mike. Is there any indication they will move to some kind of online pay system? Seems to me a gift certificate sort of methodology would work quite well. Give them the certificate number and the computer matches it to their records. The only thing keeping it from being anonymous is that they must have a address in order to deliver. As a matter of fact this is probably my biggest objection to all the supposedly anonymous scredit systems for online shopping. At some point they have to know where to send the stuff... From ravage at bga.com Fri Aug 26 20:44:27 1994 From: ravage at bga.com (Jim choate) Date: Fri, 26 Aug 94 20:44:27 PDT Subject: Online cash, Internet, Pizza Hut In-Reply-To: <199408270138.SAA02401@netcom5.netcom.com> Message-ID: <199408270344.WAA18218@zoom.bga.com> > > I happen to be in exactly the right location, the Santa Cruz area, > from whence this idea originates, but I have no interest in such > gimmickry. > > I say gimmickry because it is just using Mosaic ("home pizza pages," I > guess) to place the order, just as with a cellphone, a fax machine, > whatever. Payment is *not* made over the Net. > > Ho hum. Sadly, it is already being dubbed "the first case of true > Internet commerce." Yeah, like the Coke machines on the Net so many > years ago were examples of Internet commerce. > > Pure hype. Madison Avenue nonsense. Good for our tabloid generation. > You sound jaded to me Tim. As I have alluded in another post, seems the perfect oportunity for doing some building if one considers it a base system. I have worked on some POS apps for Sears, Pennies, and McDonalds (if you knew how they make the fries you would never eat there again!). At the present time they use the systems for record keeping only. But knowing the big boys as I do (take that one as you want) I suspect they will want to crawl before they walk. First get folks used to using it for order only, then later on add some form of 'shell' where a limited form of credit (purchased off-line) can be used (minimizes if not eliminates spoofing of credit). As the folks get more used to it then add even more features. Sounds a lot like fishing...:) Take care. From ravage at bga.com Fri Aug 26 20:47:38 1994 From: ravage at bga.com (Jim choate) Date: Fri, 26 Aug 94 20:47:38 PDT Subject: FCC Regulation (fwd) In-Reply-To: Message-ID: <199408270347.WAA18339@zoom.bga.com> Ha Ha Ha... From tcmay at netcom.com Fri Aug 26 20:56:59 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 26 Aug 94 20:56:59 PDT Subject: Online cash, Internet, Pizza Hut In-Reply-To: <199408270344.WAA18218@zoom.bga.com> Message-ID: <199408270356.UAA08887@netcom9.netcom.com> Jim Choate writes: > You sound jaded to me Tim. > > As I have alluded in another post, seems the perfect oportunity for doing > some building if one considers it a base system. I have worked on some Go to it, then. I'm not jaded, just well-aware that most of what is now floating around the suddenly-trendy idea of the Digital Superduperway is little more than hype. Misplaced zeal, confusing tangential developments with real progress. Much like libertarians assuming the space program is something they should somehow be working on. Pizza Hut is merely taking orders a slightly different way. Nothing more, and nothing to build on. In fact, working with them would of course slow down real efforts, as one got stuck in the cheesy workings of an encrusted bureaucracy. But don't let me discourage any others from putting on a chef's hat, slicing up some pepperoni, and helping them get "on-line." --Tim May > fries you would never eat there again!). At the present time they use the > systems for record keeping only. But knowing the big boys as I do (take that > one as you want) I suspect they will want to crawl before they walk. > > First get folks used to using it for order only, then later on add some > form of 'shell' where a limited form of credit (purchased off-line) can > be used (minimizes if not eliminates spoofing of credit). As the folks > get more used to it then add even more features. Sounds a lot like fishing...:) > > Take care. > > > -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hfinney at shell.portal.com Fri Aug 26 22:07:54 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 26 Aug 94 22:07:54 PDT Subject: MATH: Brands cash, Hal's posts In-Reply-To: <9408262236.AA17736@snowy.owlnet.rice.edu> Message-ID: <199408270507.WAA25137@jobe.shell.portal.com> Karl Barrus writes a very nice set of examples of some of the discrete-log protocols using actual numbers. I did leave one thing out: >* Schnorr identification protocol >[...] >> 3. Paul calculates r = cx+w and sends that to Vicki. >Paul calculates r = 561 * 555 + 200 = 311555. This works, but it will be more efficient to take r mod the order of g, which would be n-1 in this case. The same thing applies to all of the other places where we multiply and add exponents. >> 4. Vicki confirms that g^r = (GX^c)*GW. Both should be g^(cx+w). This should still be true with r = cx+w mod (n-1). I departed from the nice step-by-step description for the actual cash protocols because they are so complicated and I wanted to explain it as I went. If Karl gets far enough to try doing that it would probably be worthwhile to rewrite that portion first. Hal From ravage at bga.com Fri Aug 26 22:20:57 1994 From: ravage at bga.com (Jim choate) Date: Fri, 26 Aug 94 22:20:57 PDT Subject: Crime Bill Message-ID: <199408270520.AAA20779@zoom.bga.com> Does anyone know if the death penalty has been extended to weapons or arms trafficking? If so this means that simply sending a disk w/ pgp on it now rates a lethal injection.... Anywhere I can get the full text? It does not appear to be up on the white house or other gov. sources yet. Thanks. From nobody at ds1.wu-wien.ac.at Fri Aug 26 23:19:01 1994 From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at) Date: Fri, 26 Aug 94 23:19:01 PDT Subject: PGP fanatacism Message-ID: <9408270618.AA03767@ds1.wu-wien.ac.at> Earlier, Tim May wrote: > Not only do many of us not do all this stuff (have you seen Eric > Hughes signing his messages? How about John Gilmore?), but some people > have decided to stop reading e-mail altogether. Donald Knuth, for > example. A wise man. > I'm happy that you PGP fans are thoroughly infatuated with using PGP > for everything. Just knock off the clucking and sighing about those > who don't see it as the end-all and be-all of today's communications. > It reeks of fanaticism. Interesting. I wonder what this says though... cypherpunks promote encryption, digital cash, dc nets, data havens... but wouldn't ever be caught actually using any of the above. Hell, that stuff is way too plebian. I'd rather advocate it that actually be in the uncomfortable position of following my own advice. From blancw at pylon.com Fri Aug 26 23:48:50 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Fri, 26 Aug 94 23:48:50 PDT Subject: PGP fanatacism (Cost-benefit analysis) Message-ID: <199408270649.XAA05520@deepthought.pylon.com> Responding to msg by nobody at ds1.wu-wien.ac.at Interesting. I wonder what this says though... cypherpunks promote encryption, digital cash, dc nets, data havens... but wouldn't ever be caught actually using any of the above. .................................................. I think this says is that it is important to apply the appropriate tools when it is apropos and the situation calls for it, but not when there isn't sufficient cause to warrant the time & trouble. Blanc From Richard.Johnson at Colorado.EDU Sat Aug 27 01:18:06 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Sat, 27 Aug 94 01:18:06 PDT Subject: Crypto Panel at Rocky Mtn. Inet User's Group Message-ID: <199408270817.CAA04484@spot.Colorado.EDU> -----BEGIN PGP SIGNED MESSAGE----- Just a short announcement culled from the minutes of the last RMIUG meeting. It's of greatest interest to those of us in CO. I suppose the panelists on the list already know about it (but one can never be completely sure). || The next RMIUG meeting is scheduled for Tuesday, September 13th. || We will have a "Crypto-Fest" panel discussion organized by RMIUG || member Duane Thompson (ak351 at freenet.hsc.colorado.edu), || including Phil DuBois, lawyer for Phil Zimmerman, author of the || encryption program Pretty Good Privacy (PGP), Mike Johnson, || encryption expert, engineer, software programmer, inventor of || the Diamond encryption algorith, and Phil Zimmerman himself, || speaking to us about encryption technology, the benefits and || uses of recent versions of PGP, and issues surrounding || encryption technology. The RMIUG meetings are held at the NCAR mesa facility in Boulder, CO at 7pm on the 2nd Tuesday of the month. To get there, find Table Mesa (yeah, stupid name) or South Boulder Road, and head West on it 'till you reach the end and find the building Woody Allen rapelled out of in Sleeper. The auditorium is just inside the main entrance. Show up at 6:30 for schmoozing. Rich -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLl8EMfobez3wRbTBAQE26gP9GAjrnb/dxCP3XBKtZipjWtFE18AM7C0V t/e45SwqDXRBsn4r/5O4MEuEJUbQ0dmgBK1VvXHgwP+suPf+KbKYHi6ASFG02Ecw Mo9ZiFSUE1KHwwoiK28GrLMRBAYP5lOAKV2jyLckDfeSRmb+4fTgQB7baHH4qa7k emyKs+hlH+I= =8Rk8 -----END PGP SIGNATURE----- From solman at MIT.EDU Sat Aug 27 06:09:22 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sat, 27 Aug 94 06:09:22 PDT Subject: FCC Regulation (fwd) In-Reply-To: Message-ID: <9408271309.AA05907@ua.MIT.EDU> Are y'all sure this wasn't a joke? Didn't they at least LOOK in the the practicality of enforcing something like this? I think this illustrates the need for self regulation in cyberspace. If we had only created smart netnews and email filtering software quickly enough, this never would have happened. JWS From mimir at io.com Sat Aug 27 06:16:00 1994 From: mimir at io.com (Al Billings) Date: Sat, 27 Aug 94 06:16:00 PDT Subject: FCC Regulation (fwd) In-Reply-To: <9408271309.AA05907@ua.MIT.EDU> Message-ID: On Sat, 27 Aug 1994, Jason W Solinsky wrote: > Are y'all sure this wasn't a joke? Didn't they at least LOOK in the the > practicality of enforcing something like this? Of course it is a joke. Read it. From rfb at lehman.com Sat Aug 27 07:22:00 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Sat, 27 Aug 94 07:22:00 PDT Subject: Online cash, Internet, Pizza Hut In-Reply-To: <199408270356.UAA08887@netcom9.netcom.com> Message-ID: <9408271419.AA13991@fnord.lehman.com> From: "Timothy C. May" Date: Fri, 26 Aug 1994 20:56:53 -0700 (PDT) Pizza Hut is merely taking orders a slightly different way. Yup. In fact, extremely similar systems existed before the pizza places even realized it. There's been some kind of Xpizza program around for quite a while. All it requires is that you can send a fax from a program and that your pizza place accepts faxed orders. You run the program, click in your toppings, etc. and click OK to send the order. Rick From sq0nk at alt.anonymous.messages Sat Aug 27 08:15:17 1994 From: sq0nk at alt.anonymous.messages (Random Factor) Date: Sat, 27 Aug 94 08:15:17 PDT Subject: PGP fanatacism (Cost-benefit analysis) In-Reply-To: <199408270649.XAA05520@deepthought.pylon.com> Message-ID: <199408271436.AA27895@xtropia> -----BEGIN PGP SIGNED MESSAGE----- > Date: Fri, 26 Aug 1994 23:49:19 -0700 > From: blancw at pylon.com > To: cypherpunks at TOAD.COM > Subject: Re: PGP fanatacism (Cost-benefit analysis) > > Responding to msg by nobody at ds1.wu-wien.ac.at > > .................................................. > > I think this says is that it is important to apply the > appropriate tools when it is apropos and the situation calls > for it, but not when there isn't sufficient cause to warrant > the time & trouble. > > Blanc thus ensuring that anyone looking knows that you're doing something bad, eh :-) randy -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLl9Ogs1Uod4Abd1NAQHkHQP/TEo6Z/lpmFnKLRLZSMRdmOkoYx0Ec36K E58xF/dvv3YYgtmrzfkuzaneGR0Ub8vZK3rYiktZEHIhgu3e/G37y2ddGm5yCGwW qLKXDvHp70i4XYfi6OT+7FNX6tL3nIb9esFD1Y3I0E1MoXZ+aQXoA0/XnC/nWAwv 2XhkesGLxUc= =79GX -----END PGP SIGNATURE----- From solman at MIT.EDU Sat Aug 27 08:23:15 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sat, 27 Aug 94 08:23:15 PDT Subject: FCC Regulation (fwd) In-Reply-To: Message-ID: <9408271523.AA06379@ua.MIT.EDU> > On Sat, 27 Aug 1994, Jason W Solinsky wrote: > > > Are y'all sure this wasn't a joke? Didn't they at least LOOK in the the > > practicality of enforcing something like this? > > Of course it is a joke. Read it. Of course I'm an idiot. I think I'll go to sleep now. Its scary, that having read just the first half of it, I could believe it to be true. Or maybe it merely proves that my mind is mush. Yours Foolishly, JWS From jya at pipeline.com Sat Aug 27 08:41:02 1994 From: jya at pipeline.com (John Young) Date: Sat, 27 Aug 94 08:41:02 PDT Subject: Anon fanatacism (Cost-benefit analysis) Message-ID: <199408271540.LAA20552@pipe1.pipeline.com> Responding to msg by sq0nk at alt.anonymous.messages (Random Factor) on Sat Aug 27 >> Responding to msg by nobody at ds1.wu-wien.ac.at ?ohW nhoJ From hfinney at shell.portal.com Sat Aug 27 09:09:53 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 27 Aug 94 09:09:53 PDT Subject: FCC Regulation (fwd) In-Reply-To: <9408271523.AA06379@ua.MIT.EDU> Message-ID: <199408271609.JAA25075@jobe.shell.portal.com> Jason W Solinsky writes: >Its scary, that having read just the first half of it, I could believe >it to be true. Or maybe it merely proves that my mind is mush. It fooled me for the first few paragraphs, too. It's traditional in these spoofs to have some "tipoff", a strange date or name, at the top, but I didn't notice anything like that. I think it's a bit unethical to send this kind of thing out; someone who just skimmed the first part may come away with entirely the wrong impression. (It was an entertaining spoof, no question, I just wish they had taken a little more care to avoid misleading people.) Hal From blane at squeaky.free.org Sat Aug 27 09:26:24 1994 From: blane at squeaky.free.org (Brian Lane) Date: Sat, 27 Aug 94 09:26:24 PDT Subject: FCC Regulation (fwd) In-Reply-To: <199408271609.JAA25075@jobe.shell.portal.com> Message-ID: On Sat, 27 Aug 1994, Hal wrote: > Jason W Solinsky writes: > >Its scary, that having read just the first half of it, I could believe > >it to be true. Or maybe it merely proves that my mind is mush. > > It fooled me for the first few paragraphs, too. It's traditional in these > spoofs to have some "tipoff", a strange date or name, at the top, but I > didn't notice anything like that. I think it's a bit unethical to send > this kind of thing out; someone who just skimmed the first part may come > away with entirely the wrong impression. It sure was well written. Sounded just like a press release/story. I was starting to get a little pissed until I hit the paragrpah about licenses. > > (It was an entertaining spoof, no question, I just wish they had taken a > little more care to avoid misleading people.) I suppose that for the next five years the net is going to be overflowing with reposts and requests to call your congressman. Brian ---------------------------------------------------------------------------- Linux - the choice of a GNU generation | finger blane at free.org "A little rebellion now and then is a good | for PGP key thing" - Thomas Jefferson | ---------------------------------------------------------------------------- From karn at qualcomm.com Sat Aug 27 10:01:42 1994 From: karn at qualcomm.com (Phil Karn) Date: Sat, 27 Aug 94 10:01:42 PDT Subject: FCC Regulation (fwd) Message-ID: <199408271701.KAA13117@servo.qualcomm.com> This particular spoof is best appreciated by a radio ham -- it was clearly a parody of the FCC licensing system for ham radio. It also points out the substantial cultural similarities between the Internet and (traditional) ham radio. Unfortunately, one year's joke often has a nasty habit of turning into next year's reality. >From personal experience, I can say that the current staff at the FCC Private Radio Bureau (which regulates ham radio) is surprisingly enlightened. In recent years they've worked hard to remove obsolete licensing requirements like morse code for VHF/UHF and many (but not all, unfortunately) of the more onerous restrictions on "acceptable use" of the ham bands. In these proceedings it became clear that the hams themselves are the real problem. Some hams still want a big benevolent FCC to protect them from people who personally offend them, and many of these people have a following. Although this phenomenon is by no means qualitatively unique to ham radio, it does seem to have grown quantitatively beyond anything seen elsewhere. It really gives one pause. Is government really the enemy of personal freedoms, or does it merely reflect an intolerant and unenlightened general population? It's easy to make a government that responds to the will and whim of the majority, but how can one create a government that rises above the petty illiberalism of the people it governs to protect the rights of the individual? Phil From hfinney at shell.portal.com Sat Aug 27 10:07:16 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 27 Aug 94 10:07:16 PDT Subject: Cash, cheaters, and anonymity In-Reply-To: <199408260641.XAA11326@netcom15.netcom.com> Message-ID: <199408271707.KAA26833@jobe.shell.portal.com> Tim has made a lot of good points, and I'll only try to respond to a few: >NEGOTIATED PROTOCOLS TO REDUCE RISKS >However, just as most folks make arrangements with their bank/ATM machines >(semantic meaning #2 of "ATM") to limit cash withdrawals to, say, $200 a >day (it varies), so too can digital cash arrangements make similar >contractual deals to limit losses. Some possible plans: >* Plan A: The protocol insists on retinal scan or other biometric >authentication between the "smartcard" used as the cryptographic keying >device and the putative owner. The "Thunderball" plan. (issues: preserving >anonymity with biometric authentication, spoofing of the channel between >card and physical apparatus, theft of smartcard, etc.) In Demolition Man, Wesley Snipes plucks the eyeball out of the victim to hold it up to the retinal scanner and escape. Hacked-off thumbs may provide similar workarounds for fingerprint protection. Maybe what we want is a system where some pass code is an alternative to physical ID. Giving up a secret pass phrase is a superior alternative to giving up your life, and worth it for a few hundred dollars. (I'll point out that this doesn't work if duress codes are widely used which give away the bad guys.) >[...] >(Coins and cash bills are really "on-line clearing" though, in that their >existential properties make them acceptable immediately; they are not >replicable, at least not easily, and hence can be conserved in transations. >All the usual stuff about the nature of cash money.) I think this is where the tamper-proof wallet idea comes from; it is the closest anyone has come to providing truly conserved digital cash. With such a system you can get the benefits of on-line clearing even in the off- line environment, just as people will accept cash today without taking it to the bank first. >Which will be used? (and there are many variants...) As usual, markets will >allow choice. Many people will choose to limit exposure with Plan B-type >transactions. Others will contract with insurance agents who cover risks by >insisting on their own protocols for added security. (I don't mean >conventional insurance agents, naturally.) I think this is the key point. All of our speculation about the relative advantages of the various forms of cash is largely irrelevant, as long as some form of privacy-protecting payments comes into existance. Then the details of the implementations will determine the relative costs and the market advantages of each approach. The hard part will be getting that first cash system in place. Oops, I've got to go. I'll just make a quick couple of points. >[...] >([...] My use of the term "claim" >here is of the "You present the right number, you get access" kind. Like >the combination to a safe. The train locker idea makes this clearer, and >gets around the confusion about "digimarks" of "e$" actually _being_ any >kind of money it and of itself.) Dollar bills got their start this way. At one time they were just "claims" on the real dollars in the bank vaults. Yet most people find it more con- venient to think of them as money, even back when you could still turn them in for gold. I think it's useful to think of ecash as being money as well, although granted it is money with its own characteristics different in some ways from banknotes, checks, or coins. >Off-line systems may be useful for paying for movies, toll roads, etc., but >there the protocols can be set up to limit exposure to fraud. (Ontological >constraints, such as number of movie theater attendees, etc., will limit >the losses. Scams will likely still exist, but the problem seems manageable >with some work.) One thing I think is clear is that off-line cash will not be issued to anonymous recipients. Imagine a magic quarter which would reappear in your pocket after you put it into the coke machine. How many people would be willing to resist using it? That's what you'll have with an off-line coin issued to a pseudonym. >And as networks get much faster, expect even off-line cash to fade. Depends >on costs, insurance rates, benefits, and of course on regulations. This is probably right, although ironically the infrastructure for off-line cash might be simpler. On-line cash needs 24-hour availability, quick (nearly instantaneous) response, a fully automated cash validation system. We have this now, with the Visa cards, but it didn't appear overnight. And I doubt that the Internet is a suitable communications medium for it (due to reasons of availability, reliability, and security). Off-line cash could be handled with longer turnaraounds in a machine which is not on the net, using manual intervention so pass words and such are not stored on-line. Of course the disadvantage is that the off-line cash requires identity authorization during issuing. Tim's ideas about escrow agents and a credential-less society are very interesting as well and I'll try to make some comments on them later. Hal From cactus at bb.com Sat Aug 27 11:06:45 1994 From: cactus at bb.com (L. Todd Masco) Date: Sat, 27 Aug 94 11:06:45 PDT Subject: This month's High Times Message-ID: <199408271812.OAA06828@bb.com> This month's High Times includes a bunch o' articles on the Internet, mailing lists, alt.drugs, John Perry Barlow, etc. There's an article that's pretty reasonable called "Cyber-Hydroponics" [by "Bucky Dave and Garbled Uplink"], discussing anonymous remailers (PGP is discussed in another article) and schemes that remind me of the "Little Brother Inside" idea. Included in the article is a list of anonymous remailers: it's very interesting to note that the list includes the cypherpunks remailers but *not* the penet.fi one. Somebody has a clue. The article is primarily about controlling systems through anonymous remailers: setting up a space to grow pot in and controlling and monitoring it remotely entirely untracably through remailers. A very interesting application. If there's sufficient interest, the article could be send to cypherpunks. I'd recommend picking up the issue, even if you have no interest in psychoactives. It's also got an article on erosion of constitutional rights, something that the readership of High Times is in a particularly good position to appreciate. This should be interesting: this is reaching a wide audience of folks who have a very real need for secure communications, who have good reason to be paranoid. I can easily envision a mailing list based upon the PGP-majordomo mechanisms discussed earlier dedicated to growing pot (Did anybody do any coding on that?), the subscribers being totally anonymous. Open the floodgates wide... -- L. Todd Masco | "Large prime numbers imply arrest." - Previously meaningless cactus at bb.com | grammatically correct sentence. Now... From wessorh at ar.com Sat Aug 27 11:13:08 1994 From: wessorh at ar.com (Rick H. Wesson) Date: Sat, 27 Aug 94 11:13:08 PDT Subject: Perl interface to GNU MultiPrecision lib Message-ID: <199408271812.LAA22287@ar.com> I'm putting the finishing touches on the perl <--> gnu (gmp) multi precision package. If any are interested in the source drop me a note and I'll fire off the source to you... I'm not going to implement the lowlevel functions or the Berkeley compatability routines, this is just the integer functions... While playing with this stuff I was wondering if transfering binaries in base 36 would offer any compression/mime enableing features, It was the first time I'd seen something in base 36. Allong these lines would base(ASCII) do me a bit of good? guess I've just had too much coffee... It's not too bad on the preformance thing and looks great for prototypeing some of these protocols that call for big int's. At anyrate I should expect my first version ready for public consumption on monday or tuesday if any are interested.... -Rick From hughes at ah.com Sat Aug 27 11:22:07 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 27 Aug 94 11:22:07 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408210218.WAA15544@zork.tiac.net> Message-ID: <9408271800.AA26422@ah.com> I just got back from CRYPTO '94 travels yesterday, and it's time to continue some conversations. Robert Hettinga and I were discussing some properties of potential digital cash systems. At least, _I_ call them potential. I meant "is". Like a triangle, or a limit, or an asymptote, "is". It's okay to be non-modal here. It's OK to be non-modal if you are asserting that your claims hold in all possible such systems. I do not agree with the assertion, however, that all possible digital cash systems will be callable bond systems. Digital cash has to be issued by someone, who *really should* back it up with real money, and should thus receive real money as collateral for the digicash on the net. The basic distinction that is missing in your analysis is that between legal structure and financial structure. Here is my very short clarification of the difference. -- The financial structure matters when things go right. -- The legal structure matters when things go wrong. Your financial analysis is fine, but also mostly irrelevant for determining legalities. I've never worried too much at all about the financial structure for digital cash issuance, because I've always thought it a straightforward problem to manage the backing portfolio. By the way, most people refer to a callable bond as a series of options, and that's how modern portfolio analysis is done on them. This equation, callable bond = series of options, is relevant _only_ to the financial analysis. The legal situation does not flow straight forth, however, from the financial situation. Is "unit of account" a formal term here? Could you define it? Unit of account is the currency that some deal is denominated in. The term implies that the units are fungible (interchangeable), and the typical example is central bank based currencies. But some deals are denominated in terms of commodities, for example. >The issuer has a debt mediated by an instrument, yes. There are, >however, more instruments than bonds available for use. Yes. But probably short term bonds (money markets, t-bills) are safe places to earn higher returns than a demand deposit account. I was not speaking above about where the float goes, but what instrument is the means of transfer to implement digital cash. >Is the debt >secured or unsecured? It's secured by the cash which bought the ecash in the first place, which can be put into secure money instruments of some sort. I think you misunderstand me. Secured and unsecured are legal concepts, not financial ones. Merely saying that the money sits somewhere while it's in transit (which it clearly does) does not make the instruments secured. >What happens during bankruptcy of the issuer? This probably won't happen except in cases of fraud. [...] Unwinding a position in the money markets is not really a scary proposition at all. I would strongly suggest that you go look up some references to systemic failure in payment systems, which is a big concern these days. And unwinding a position in the case of bankruptcy can create real negative value in the system, and cause other banks to collapse. Unwinding can be _very_ expensive. Herstadt Bank (German) failed in 1974 and caused a huge crisis in foreign exchange liquidity. It had a substantial amount of foreign exchange trades which had cleared in one jurisdiction but not in another because of time zone differences. So one set of trades was finished and the other half was left holding the bag. This sudden shift almost caused several more bank failures. The differential time lag is being addressed. Bankruptcy, however, remains a large issue. Glossing over it as easy is not a good thing. By the way, what does "on-us" mean? "On-us" means that the transaction took place between two accounts at the same bank. Eric From hughes at ah.com Sat Aug 27 11:25:00 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 27 Aug 94 11:25:00 PDT Subject: ecash-info In-Reply-To: <199408210218.WAA15547@zork.tiac.net> Message-ID: <9408271803.AA26433@ah.com> Agreed. I was trying not to tread on the sainted reputation of the master by using the word "charitable". Chaum's reputation in the crypto community is anything but sainted. It's possible that Chaum is immersed in the cryptographic details that he thinks that privacy is digicash's primary selling point. I wholeheartedly occur. Eric From hughes at ah.com Sat Aug 27 11:31:12 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 27 Aug 94 11:31:12 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408210219.WAA15554@zork.tiac.net> Message-ID: <9408271809.AA26447@ah.com> NewJargonNotice("suspension account") Is this new nomenclature? It sounds less risque than "float", I must say... As Hal pointed out, this term refers to the double-entry book notation used to keep track of how much digital cash has been withdrawn but not yet deposited. I don't think I invented this use of the word "suspension", but I also can't find where I might have picked it up. One can consider that a digital cash exchange creates a delay between the two legs of the transaction. In between the beginning and end, the transaction is suspended. That's the sense of the word. "Float" is a financial concept, not an accounting one or a legal one. The issues are greater than financial ones only, and the terminology needed is correspondingly greater. Eric From hughes at ah.com Sat Aug 27 11:38:01 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 27 Aug 94 11:38:01 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408210219.WAA15561@zork.tiac.net> Message-ID: <9408271816.AA26464@ah.com> >If there were already a fully identified digital money system, Is there one? I don't think there is any digital money system at all, neither anonymous nor fuly identified. There certainly are digital funds transfer systems, almost all fully identified. These are not digital money systems, although they may be precursors. Eric, for the last three months, you have said that there was no way to prove whether digital cash was more cost effective than other forms of e$, and thus potential efficiency was useless as an economic argument for its adoption. I still agree that you cannot really _prove_ that it will be more efficiently, at least not from armchair business planning. Given a few million for a good study though, I'm sure answers might be forthcoming. What is apparent, however, is that it is certainly reasonable to examine the possibility that digital cash might be cheaper to implement. Eric From hughes at ah.com Sat Aug 27 12:03:33 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 27 Aug 94 12:03:33 PDT Subject: e$: e-cash underwriting In-Reply-To: <199408210219.WAA15566@zork.tiac.net> Message-ID: <9408271841.AA26491@ah.com> By the way, I think the problem of double spending is a risk that can be managed, like the risk that a bank takes when a check is bounced. Exactly. There is some cost incurred by attempts to double-spend, no matter what the outcome. The costs are either direct, e.g. redemption of duplicated notes, or indirect. Indirect costs include the implementation of systems to get rid of double spending and the cost of dealing with rejected transactions when challenged. In any case, double spending creates costs. The culprit is identified, and it becomes a matter between the bouncee (however removed from the criminal transaction), the law, and the bouncer. Why does everyone think that the law must immediately be invoked when double spending is detected? Double spending is an informational property of digital cash systems. Need we find malicious intent in a formal property? The obvious moralism about the law and double spenders is inappropriate. It evokes images of revenge and retribution, which are stupid, not to mention of negative economic value. What is needed are techniques to prevent the possibility of double spending from taking down the system. These might include law, and hence also identity, but need not. What is the point of an anonymous system if identity is needed to make it stable? The contradiction here is enormous. The offline cash protocols suffer from this fatal design flaw, namely, anonymity for "good people" and identity for "bad people". Why invoke identity at all if you can do without it? Having a database of "spent money" is the primary technique for prevent direct costs from being a problem. So what is left are attempts to redeem multiple times the same note. They won't actually get redeemed, but if there's a negligible marginal cost for trying, well, then, some folks will try. One solution is clear and direct: charge for each redemption attempt. In that situation, multiple attempts get rejected, and the issuer is recompensed for the attempt. No morality need be invoked. There remains an issue as to the size of this redemption fee, which would have to be small. In order to optimize the transaction costs of charging this fee, a bank might be willing to accept identity in escrow for the transaction and to remove the fee for good transactions. Identity might be a pseudonym revealed after 10 bad attempts, say. This system removes the requirement for identity and substitutes it for an economic optimization based on identity. An anonymous depositor, however, can still use the system with zero risk to identity. Are there any non-proprietary, public sources of information on these legal and regulatory research efforts? Are there archives of the c'punks traffic on this subject that I can look at? The research efforts are basically my own, Hal's, and Perry's. There is no reference other than back traffic, which others can provide. Eric From rah at shipwright.com Sat Aug 27 13:08:21 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 27 Aug 94 13:08:21 PDT Subject: Cash, cheaters, and anonymity Message-ID: <199408272007.QAA10171@zork.tiac.net> At 1:26 PM 8/26/94 -0700, Hal wrote: >With Observers you can have off-line cash that is as secure as on-line >but without the costs of on-line validation. As a vendor, which would >you rather accept: off-line cash where you rely on legal sanctions to >track down cheaters; on-line cash where you call the bank and verify it >for every transaction; or off-line cash where you can validate it right >there locally without checking with any bank? Depending on the costs >which the Observer adds to the digital wallet, that latter choice might >be the most attractive. It might be said that you haven't a digital wallet without an Observer, if it's not horribly computation-intensive... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From dmandl at panix.com Sat Aug 27 13:42:13 1994 From: dmandl at panix.com (David Mandl) Date: Sat, 27 Aug 94 13:42:13 PDT Subject: This month's High Times Message-ID: <199408272041.AA28790@panix.com> The lead article in the news section is an anti-Clipper piece by me. The news editor of High Times (Bill Weinberg) is a good friend of mine and an anarchist. He invited me to write the article. He definitely appreciates this stuff (though he's not a techie himself). --Dave. P.S.: Wednesday, I gave the first-ever Lower East Side schoolyard teach-in on crypto. The place where the talk was supposed to be held (ABC No Rio) got padlocked by the cops at the last minute (the city's been trying to evict them for years), so we just went across the street and held the event in a schoolyard. Basketball games and baby carriages all around us. It was a lot of fun. Sort of felt like I was in the TV show "Room 222." At 2:12 PM 8/27/94 -0400, L. Todd Masco wrote: >This month's High Times includes a bunch o' articles on the Internet, > mailing lists, alt.drugs, John Perry Barlow, etc. > >There's an article that's pretty reasonable called "Cyber-Hydroponics" > [by "Bucky Dave and Garbled Uplink"], discussing anonymous > remailers (PGP is discussed in another article) and schemes that > remind me of the "Little Brother Inside" idea. Included in the > article is a list of anonymous remailers: it's very interesting > to note that the list includes the cypherpunks remailers but *not* > the penet.fi one. Somebody has a clue. > >The article is primarily about controlling systems through anonymous > remailers: setting up a space to grow pot in and controlling and > monitoring it remotely entirely untracably through remailers. A very > interesting application. > >If there's sufficient interest, the article could be send to > cypherpunks. I'd recommend picking up the issue, even if you have > no interest in psychoactives. It's also got an article on erosion > of constitutional rights, something that the readership of High > Times is in a particularly good position to appreciate. > >This should be interesting: this is reaching a wide audience of folks > who have a very real need for secure communications, who have good > reason to be paranoid. I can easily envision a mailing list based > upon the PGP-majordomo mechanisms discussed earlier dedicated to > growing pot (Did anybody do any coding on that?), the subscribers > being totally anonymous. > >Open the floodgates wide... >-- >L. Todd Masco | "Large prime numbers imply arrest." - Previously meaningless >cactus at bb.com | grammatically correct sentence. Now... -- Dave Mandl dmandl at panix.com From p.v.mcmahon.rea0803 at oasis.icl.co.uk Sat Aug 27 13:54:13 1994 From: p.v.mcmahon.rea0803 at oasis.icl.co.uk (p.v.mcmahon.rea0803 at oasis.icl.co.uk) Date: Sat, 27 Aug 94 13:54:13 PDT Subject: In Search of Genuine DigiCash Message-ID: <9408272055.AA25221@getafix.oasis.icl.co.uk> > >If there were already a fully identified digital money system, > Is there one? > > I don't think there is any digital money system at all, neither > anonymous nor fuly identified. > > There certainly are digital funds transfer systems, almost all fully > identified. These are not digital money systems, although they may be > precursors. Clearly there is existing practice in vendor-supplier EDI - but most financial service organisations have not yet even been able to cost-justify electronic processing of remittance information (for which the manually-shipped lockbox is deemed adequate ...) > Eric, for the last three months, you have said that there was no way to > prove whether digital cash was more cost effective than other forms of e$, > and thus potential efficiency was useless as an economic argument for its > adoption. > > I still agree that you cannot really _prove_ that it will be more > efficiently, at least not from armchair business planning. Given a > few million for a good study though, I'm sure answers might be > forthcoming. There has to be a business reason for change to any existing practice; a general infrastructure for electronic payments is not going to be adopted by banks just because there are available or emerging technologies. One agent for change *may* be threat to the banks through extension of existing EDI arrangements to include transmission of remittance data on a bilateral or hub-spoke basis. The attractions of a fast growing (albeit currently 500m USD) servide provider market, and real concerns about loss of business, have spurred the establishment by partnerships of banks of a number of check and remittance data clearing houses. With the increase in the number of trading partners, and the opportunity for the banks' commoditization of the electronic financial transaction, there may be benefit in marketing an electronic "cash" product - even if it's not transferable. But technology underlying this may be little more than an extension of existing solutions unless there are compelling countervailing business reasons to change. [Consider: who bears the cost burdens of the status quo with increasing use of EDI by business + (mostly) manual remittance mechanisms? What will drive this status quo to alter ...?] - pvm From jya at pipeline.com Sat Aug 27 14:11:51 1994 From: jya at pipeline.com (John Young) Date: Sat, 27 Aug 94 14:11:51 PDT Subject: Rising Above Petty Illiberalism Message-ID: <199408272111.RAA02962@pipe1.pipeline.com> Responding to msg by karn at qualcomm.com (Phil Karn) on Sat, 27 Aug 10:1 AM >It really gives one pause. Is government really the >enemy of personal freedoms, or does it merely reflect >an intolerant and unenlightened general population? >It's easy to make a government that responds to the >will and whim of the majority, but how can one create a >government that rises above the petty illiberalism of >the people it governs to protect the rights of the >individual? Phil, I really liked this. Perhaps you can find a way to stitch into other topics like you did here. Don't know what the list reception will be since the recent thread on government got thumped for disobeying the sirens of crypto and technology. Hope yours will catch fire. Fan the embers. John From wessorh at ar.com Sat Aug 27 15:08:26 1994 From: wessorh at ar.com (Rick H. Wesson) Date: Sat, 27 Aug 94 15:08:26 PDT Subject: Cash, cheaters, and anonymity Message-ID: <199408272207.PAA23390@ar.com> I've finished implementing the GNU mp library in perl of which I've already extended to work with an Object Relational Database. All this together gives me very fast access to numbers in the order of 8192 digets in base 36, geesh I have no clue as to how many base 10 digits that is but I feel that its proabably enough to play with some digital cash prototypes... So those that want to start formulating some REAL implementations of protocols of digital cash I'm offering to run the "virtual bank" and implement the server side protocols. I'd like to see how some of these theries realy work in practice, yes I'd encourage double spending as soon as we can get some apps up to accept whatever we decide upon for the cash protocol. I'd like to see if all the discussions about digital cash can realy work!!! would anyone else like to put their (virtual) money where their mouth (or keyboard) is ? -Rick From werner at mc.ab.com Sat Aug 27 16:37:57 1994 From: werner at mc.ab.com (tim werner) Date: Sat, 27 Aug 94 16:37:57 PDT Subject: filtering this list Message-ID: <199408272337.TAA06504@sparcserver.mc.ab.com> Hi, Well, I've had procmail running for some time now, and it helps a lot, but I still need to do some kind of post-procmail processing. So I'm asking anyone who feels helpful today to give me a short howto or some pointers. I don't use gnus, but I tried starting it up with my crypto folder as input, and it didn't work. I'm not sure yet where I made my mistake. Before I spend a couple of hours re-inventing the wheel, can someone tell me the preferred method for reading a mail folder that allows one to do things like marking a subject as read? Right now, I'm using rmail (in emacs) to read my crypto folder, and it's just not that easy to kill off a thread once I've had my fill. For instance, I enjoyed the nuclear thread for awhile, but I would have liked to be able to just 'k' it at one point. thanks in advance, tw From nobody at c2.org Sat Aug 27 16:45:31 1994 From: nobody at c2.org (Anonymous User) Date: Sat, 27 Aug 94 16:45:31 PDT Subject: Cash, cheaters, and anonymity Message-ID: <199408272343.QAA00880@zero.c2.org> (my apologies if you've seen this twice -- whizzywig) I thank Hal Finney for his thoughtful reply, and Tim May for his excellent essay. It looks like we can start to draw a stronger conclusion: there are serious holes in the assumptions made by offline digital cash protocols when applied to computer networks rather than manually operated smart cards. Hal's comparison of coin theft to digital signature protection and repudiation is apt, but usually Irving only has one or a few keys to protect, while he might have thousands of coins, issued by various banks. I doubt digital signatures will ever be used alone much for signing expensive contracts. A digital signature on an expensive contract, in addition to being repudiable, will be suspicious, since if few people accept such signatures as strongly binding (the initial state), they will not be widely used on expensive contracts, and thus their existance on an expensive contract will be suspicous. I predict it will become common practice, or even law, that digitally signed contracts over a certain amount are automatically invalid unless further precuations have been taken (signatures of notary witnesses, or perhaps some better crypto protocol designed for this purpose). The trouble with offline cash in a network environment is that the upper limit for fraud liability can be incredibly high. If there are hundreds of thousands of vendors on the net, a situation CommerceNet predicts before the end of the decade, and they are using this offline protocol, then even with small transactions the fraud could run into the millions of dollars. There's plenty of incentive for Irving to steal Jane's coins, run off to some place on the net that has no extradition treaty, and pump good change out of the vendors and into his Lichtenstein account to his heart's content. We may yet find protocols to mitigate or limit this kind of fraud -- make change traceable if linked to double spending, do random online checks as a cypherpunks poster suggested last year, or similar precautions layered on top of the basic protocol. But so far these problems haven't been put on the front burner of digital cash design, and already we have people out there selling offline cash on the network as a superior solution! Reliance on law enforcement flies in the face of cypherpunk goals, and indeed against the goals of good cops as well -- one of their most vocal complaints is about people setting up systems that are vulnerable to crime, putting them in unecessary danger. It also goes against political reality to think that a startup operation can lobby governments all across the globe to protect a system that is ideal for money laundering and tax evasion. Ain't gonna happen -- they'll let those "dirty money banks and money laundering net sites" rot; they may even give Irving a helping hand. I disagree that "there is no excuse" for double spending. If the software is implemented badly (no fault of the user), it might get mixed up with systems programs in such a way as to cause double spending. For example, if the system crashes and one must recover from a month old backup, one has to go through that old purse and determine which coins have been spent. If the software and/or user makes a mistake in this process, we get double spending. If a network burps and sends a vendor two coins where there should have been one, we get double spending. The possibilities for accident are legion and cannot all be foreseen. "Shit happens". A protocol that treats common accident the same as criminal fraud, when the stakes are so high, is pathological. In the online system the consequences of double spending (or million spending) are far more benign. At worst one customer is out stolen coins. In a networked offline system those same few coins are a potential loss for every vendor on the net. As Tim May noted, we may not even need to recongize fraud in online cash -- just treat all online double spending as accident. No bonding, secured accounts, investigators, ID badges or cops with guns busting down Janes's door after Iriving has million-spent her coins. Here we both have a simple liability system and much less chance of fraud. Tim May also suggested that most offline protocols are intended for manually used smart cards. This makes sense -- unlike an network environment with automated spending agents, the scope of multi spending for manually used pruchases in small amounts is quite limited. On the network even fraud of a few cents per transaction can quickly add up to big $$$ across thousands of vendors. What are the communications costs of online clearing anyway? Don't credit card clearings cost about two cents per transaction these days? If clearing costs are less than plausible offline cash fraud and fraud prevention costs, online cash is a winner, both now and increasingly in the future as bandwidth becomes even cheaper. sincerely, -- An Unauthenticated Agent with no credentials: whizzywig From perry at imsi.com Sat Aug 27 16:49:07 1994 From: perry at imsi.com (Perry E. Metzger) Date: Sat, 27 Aug 94 16:49:07 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <9408271816.AA26464@ah.com> Message-ID: <9408272345.AA08631@snark.imsi.com> Eric Hughes says: > >If there were already a fully identified digital money system, > > Is there one? > > I don't think there is any digital money system at all, neither > anonymous nor fuly identified. > > There certainly are digital funds transfer systems, almost all fully > identified. These are not digital money systems, although they may be > precursors. The U.S. banking system is largely a "digital money system" in the sense that the bulk of the money in the system is represented in book entry form in computer systems and has no other existance. Perry From nobody at ds1.wu-wien.ac.at Sat Aug 27 17:33:01 1994 From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at) Date: Sat, 27 Aug 94 17:33:01 PDT Subject: anonymous mail Message-ID: <9408280032.AA07867@ds1.wu-wien.ac.at> > I think this says is that it is important to apply the appropriate > tools when it is apropos and the situation calls for it, but not when > there isn't sufficient cause to warrant the time & trouble. Interesting. I beleive this attitude will probably be what the future holds for crypto, just using it when it is necessary, like for carrying out commercial transactions via email. Which is to say crypto will not be in main stream "cypherpunks" usage, but just something extra to use once in a while. And if it only needs to be used once in a while, there will be no good reason to implement some of the more interesting protocols, or implement the "maximum strength" possible. See, the problem with the above attitude (not attacking who wrote it, just the attitude itself!) is that when there is sufficient cause to warrant the time and trouble, there will be an even more appealing alternative, which asks you to trade a bit of the advantages of the former. Months ago, Tim May posted about outlawing cash, and how it may be disguised as an effort to stamp out crime, check on welfare recipients, etc. For the overwhelming majority of people, the benefits of "digital cash" will not be worth the time and trouble over "digital cash with anonimity removed", which is probably what kind of digital cash the future will bring. As for encrypting all email, much like people use envelopes? Be honest, there isn't sufficient cause to warrant the time and trouble. It's easy and convenient for people to use envelopes. But encryption needs to be integrated into mailers and communications software before it will even start to be convenient for everybody to use, and even then the security is an illusion on multi-user systems. I guess crypto suffers from the problem computers had several years ago: they were solutions searching for problems. Time needs to go by, and by then, it will be too late. Nor is there sufficient cause to warrant the time and trouble of signing messages sent to mailing lists or usenet. Nobody cares or will even check the signature of posts; most see signature info as irritating extra lines and wasted bandwidth. Nor is there sufficient cause to warrant the time and trouble of communicating via anonymous remailers, except for say folks like Pr0duct Cypher. Which is one person out of how many people using the internet? Nor is there sufficient cause to warrant the time and trouble for banks and stores to offer digital cash. Where is the advantage for them? The advantages for individuals is clear: keep dossiers and info from being tabulated about them. Jim Choate asked this question a few days ago, and got no responses (or maybe it was drowned out among the atomic bomb posts). I agree with what he said, unless there is some good advantage for the bank or store, it isn't going to happen. As for dc-nets, give me a solid example why you ever need to communicate with one. A good enough example to explain why the man-months or man-years need to be put into developing one. Of course, on a multi-user system, the security is again illusory since the system operator can tap you anyway. A while ago somebody (I think I remember but don't want to put words in their mouth since I'm not 100% positive) doubted the future impact of crypto. Me too, I see a limited deployment, and almost no fundamental restructuring of society. So basically the protocols are interesting in an academic way, and we could sit here and discuss the possibilities, but then I suppose a discussion about atomic bombs will likely be of greater impact on our future than crypto anarchy will. Cypherpunks write code, but if there is sufficient cause to warrant the time and trouble! From huntting at glarp.com Sat Aug 27 18:58:10 1994 From: huntting at glarp.com (Brad Huntting) Date: Sat, 27 Aug 94 18:58:10 PDT Subject: DSPs In-Reply-To: <199408262009.NAA17046@unix.ka9q.ampr.org> Message-ID: <199408280157.TAA17552@misc.glarp.com> > But then I hear people say that it's not the multiplication that slows > down modular exponentiation, it's the modular reduction. A once saw a short paper on "modular multiplication without trial division" or some such. The down side was that (at least for the 486 doing RSA) you didnt seem to get any extra speed over using a straight forward test-subtract-n-shift method. Unfortunatly, I dont have a reference. Sorry. brad From wessorh at ar.com Sat Aug 27 19:04:43 1994 From: wessorh at ar.com (Rick H. Wesson) Date: Sat, 27 Aug 94 19:04:43 PDT Subject: ?-line cash Message-ID: <199408280204.TAA23729@ar.com> It seems that off-line cash is dead or so the latest posts assure me, is there a way to incorporate some of the anonymity with off-line cash into on-line cash? I've stoped tring to code up an off-line experenemt unless anyone thinks it worthwhile. The last on-line cash system I tried to work up didn't have a drop of anonymity to it, and I don't know how to blind the bank to the transactions but keep the thing reliable and secure... I liked brands cash untill some of the holes were poked into it, so any suggested on-line systems to model? As far as crypto not being promoted you may want to check out the RFC on Secure HTTP which uses PGP or RIPEM. CommerceNet is codeing the stuff up and is supposed to give a finished implementation to NCSA late in sept. CERN has come out with a nother spec thich uses the SecureDE implementation of Public-Key crypto... As far as the WWW goes it's full steam ahead on using crypto for business transactions. See the electronic check writing demo at commerce net (http://www.commerce.net) -Rick From nobody at kaiwan.com Sat Aug 27 19:57:57 1994 From: nobody at kaiwan.com (Anonymous) Date: Sat, 27 Aug 94 19:57:57 PDT Subject: PGP availiable on magazine cover Message-ID: <199408280257.TAA10532@kaiwan.kaiwan.com> This is a good thing. By being published in that fashion, PGP thus meets the requirements under ITAR to be classified public domain, and can thus now be legally exported from the US. From jkreznar at ininx.com Sat Aug 27 21:59:17 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Sat, 27 Aug 94 21:59:17 PDT Subject: Are RSA licenses fungible? In-Reply-To: <199408251446.AA17656@poboy.b17c.ingr.com> Message-ID: <9408280342.AA05474@ininx> -----BEGIN PGP SIGNED MESSAGE----- Paul Robichaux writes > So.. if I buy 20 licenses of ViaCrypt PGP, then proceed to use PGP > 2.6-based code in my applications, does that constitute a legitimate > solution? I had a similar question while trying to decide what version of PGP I'll be switching to, and had the following dialogue with Paul E. Uhlhorn, Director of Marketing, ViaCrypt, on the subject. JEK: The lack of source code for ViaCrypt PGP is an issue. If ViaCrypt PGP 2.7 were legitimately acquired, but the buyer, wary of black-box (sourceless) software, instead used a variant of PGP 2.6ui patched to identify itself as 2.7, would the substitution be detectable by any observer? Would either you or RSADSI object to this? Uhlhorn: If a person were to make 2.6ui look like 2.7, ViaCrypt would strongly object and would most likely pursue legal remedies. Our concerns would include copyright and patent (both IDEA and RSA) infringement. I cannot speak for PKP, Public Key Partners, but I would expect PKP would also consider this patent infringement. I understand 2.6ui to be a "patched" version of 2.3a which was not licensed by RSA or PKP. Once again, I believe it would be best to get a legal opinion on this entire subject. Please let me know if you find out other information on this subject. JEK: Is this true even if the person is a registered buyer of 2.7? Public availability of a program's source code is a powerful means to be sure that it is correct. How can one gain such assurance for PGP 2.7? How could confidence in the correctness of a secret program, even by its author, ever match that of a program open to public scrutiny by any interested person? Uhlhorn: ViaCrypt has exactly the same position if a person were to make 2.6ui look like ViaCrypt PGP V2.7 regardless of whether or not they are a registered user of ViaCrypt PGP V2.7. It is plain dishonest and illegal! [End of Uhlhorn dialogue] Granted, the issue here is different from yours, but it does give an idea of how ViaCrypt might react to an attempt to use their license to legitimize your use of another PGP. Hope this helps. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLmAGZ8Dhz44ugybJAQGSKAQAjlOFHarkVhF7Cjcy3xX3v7A4XyAH5B7H C61efV7poiJXcYCV8H6t2w6RGrk1ux/ynwoseVOjTdDraK5crqxxITCplLqY13Vv rzaY0BFOWOLBIgty9Gjh4Oz4v89lRKxn2MhsflrS/TxMBZSeaYec7K4ufDZwCvWN JQ94CgrJM/g= =1O6L -----END PGP SIGNATURE----- From rah at shipwright.com Sat Aug 27 22:15:33 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 27 Aug 94 22:15:33 PDT Subject: e$: e-cash underwriting Message-ID: <199408280514.BAA15326@zork.tiac.net> At 11:41 AM 8/27/94 -0700, Eric Hughes wrote: >Why does everyone think that the law must immediately be invoked when >double spending is detected? It's obvious I gave that impression. I regret the error. Anybody who bounces digital cash accidentally (in most accidental cases that I can imagine) isn't to blame, especially if software is at fault. That's equivalent (economically) to the bank thinking that a person's checking account has less money in it than the depositor put there. It's safe to see that an underwriter could make up losses if they're made in this fashion on software they certify, for instance. However, there is a special case in checking where someone thinks that they've the money, and they don't really. There is probably an analog to this in a digital cash transaction and I can't think of it at the moment. The spender should be held liable for something like that, at any rate. If someone deliberately double (or million) spends, then they should get busted for fraud. Period. As protocols and software gets "burned in", multiple spending should happen less and less, except when people do it in purpose. When that happens, put 'em in the airlock. ;-). >One solution is clear and direct: charge for each redemption attempt. >In that situation, multiple attempts get rejected, and the issuer is >recompensed for the attempt. No morality need be invoked. I agree. This solution is hard to remember in the heat of argument, but it's quite simple. I have argued elsewhere that there are all sorts of ways to catch multiple spenders who do it on purpose, but if there's a way to prevent it in the first place, in a financial manner, that's even better. I got sat on about this early on over on www-buyinfo, and my response there was, catch them using plain old police work, and book them for fraud. There has been significant discussion here and there about the use of governmental entities to enforce fraud laws when people get ripped off in a double spending scam, but for the time being I still think that this is the way to go. > Are there any non-proprietary, public sources of information on these legal > and regulatory research efforts? Are there archives of the c'punks traffic > on this subject that I can look at? > >The research efforts are basically my own, Hal's, and Perry's. There >is no reference other than back traffic, which others can provide. Cool. Is there anyone out there who has these "back issues"? Thanks! Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 27 22:16:15 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 27 Aug 94 22:16:15 PDT Subject: e$: A prima facie business model for a digital cash underwriter. Message-ID: <199408280514.BAA15329@zork.tiac.net> At 3:07 PM 8/27/94 -0700, Rick H. Wesson wrote: >I've finished implementing the GNU mp library in perl of which I've >already extended to work with an Object Relational Database. All this >together gives me very fast access to numbers in the order of 8192 >digets in base 36, geesh I have no clue as to how many base 10 digits that >is but I feel that its proabably enough to play with some digital cash >prototypes... Rick, I've been thinking a little about what we all may see as business models for e-cash use. The least complex model I see, and the one I like the most, is that people simply buy digital cash from an underwriter through a link to some off-net financial entity. NetBank uses a 900 number phone call which generates so-many netbux. My favorite one, and the one which may be most apprehendable to the public, is an ATM-card gate in which the purchaser swipes his card into a secure mosaic screen using a card reader at home (they're pretty cheap these days, and could get cheaper if this became prevalent). If the underwriter could assure the bank in some fashion (maybe it's the bank's gate?) that they can't "sniff" the card key/pin number, then the bank could simply authorize the generation of digital cash from the underwriter to the purchaser on a "pay ya later" basis . That is, the money would be forwarded by the bank from the purchaser's account to the underwriter's suspension account by wire or whatever, trade settled in same-day funds, of course. This is somewhat analogous to the way traveller's checks are generated now, in the sense that the bank functions as an intermediary (buying the checks on a discount, and selling them for a premium) to an underwriter (the issuer of the check). In our case, the bank is just referring a customer and collects a fee for each customer sent to the underwriter. Pricing of the cash at purchase will probably be based on a combination of discounting the costs of the operation of the underwriter, the commission paid to the "sponsoring" bank, and the returns from holding on to the cash in a suspension account (however small that may be). As is the case in traveller's checks, there isn't a fee for using them with a seller, and there are hardly any ID requirements, because the signature's on the check. I believe that a traveller's check is as good as cash at a bank, so the check is "loaded" like a mutual fund at the front of the transaction. In keeping with Eric's point for charging a fee to exit the net, we could also put an additional exchange fee (which would be figured into the same equation which generated the front end fee). The beauty of this method is that the underwriter need not keep any "account" data per se. It has a database of outstanding cash, and it simply honors outstanding cash coming in. When a double-spent digital bank note comes, then the protocol for identifying the double spender is followed, and it's up to the redeemer to settle up with that person. Having said all that, my question is, will your machine handle all the routine activities of an underwriter in the above scenario? We'll ignore interacting with banks for the time being, because that's done in the financial markets already, and interbank operations methods will be different for different underwriters anyway. That means anything put up on your spiffy Sparc machine and it's attendant code should be able to: 1. Generate to purchasers and take in digital cash from sellers. 2. Identify double spenders. That's it. That's obviously a tall order, as lots of people have said here more than once. 1.) It implies an interface to the customer who buys the digital cash which ensures privacy between a bank and a customer, even though an ATM swipe and a PIN goes through it. 2.) It implies a wallet and a register with which to transact business offline, with the assurance that cash is not accidentally double spent. 3.) It implies the managment of what may be a large database of unspent cash that's out there representing contingent claims on a suspension account. It probably also means the need to keep at least sample statistics on spent certificates so that they can be used to determine the longevity of a piece of cash on the net, so that proper management of the suspension account can occur. Obviously, you don't have all that stuff. More to the point, I think 1.) and 2.) above are already out there somewhere. But from talking to you, I'd also think that you have most of the foundation for 3.) taken care of. Obviously, the problems are in legal and regulatory issues, folks. Whoever's algorithm is used to gen up digital cash will want their piece from whoever underwrites digital cash. That's pretty straightforward. Pay them royalties. The banks are going to want to make sure that they get a piece of this, so that they don't disappear (fat chance!). Pay them comissions. Regulators are going to want make sure, well, I don't know what they're going to want, but it'll probably be silly. Given them what they want within reason. Then pay them taxes. If they ask for a total audit trail on off-line transactions, tell them it's impossible. If they forbid off-line transactions because of decreased tax revenue, show them the potential for increased taxes on your operation to make up for it, and show them that you'll follow IRS cash handling protocols just like banks do. Like I've said before, it's a rare parasite which kills its host. If somebody tries to send out a million-quarter attack, it's known how to detect it and to stop it. If someone gets away with it, it's known how to hunt them down and send them to jail. No matter where they are. The point is, we're closer to digital cash than we think. I think that estimates for the delivery of working code for all of the above are way overestimated. I think that the cost of regulatory compliance is way overrated, especially if banks can see a way to make a moderately risk-free living from it. I think the cost of catching a thief and proving he stole money is the same it has always been. I'll sit down now. ;-). Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 27 22:16:40 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 27 Aug 94 22:16:40 PDT Subject: Cash, cheaters, and anonymity Message-ID: <199408280516.BAA15343@zork.tiac.net> At 4:43 PM 8/27/94 -0700, Anonymous User wrote: >If there are hundreds of thousands of vendors on the net, a situation >CommerceNet predicts before the end of the decade, and they are using >this offline protocol, then even with small transactions the fraud >could run into the millions of dollars. Fallacy of Composition. If every vendor pays a few hundredth of a cent to that million it's a cost of doing business. The number I had thrown at me for credit card fraud is 3%. That's a monstrous amount of money if you saw it one place. You don't see the credit card companies the banks getting out of the business, do you? You don't see sellers who accept AMEX or Visa refusing to accept those cards? The userous fees and reserve requirements against the vendor's own fraud cause some vendors to pull out, but the cost of outright credit card fraud to vendors and banks is, while noticible, not a deal-killer as far as they're concerned. > There's plenty of incentive >for Irving to steal Jane's coins, run off to some place on the net >that has no extradition treaty, and pump good change out of the >vendors and into his Lichtenstein account to his heart's content. And then Irving's spouse-equivalent Sam catches Irving in bed with another guy and rats on him to the police in a fit of jealous rage. Or Irving spends too much money in the wrong place and gets ratted on, or a competitor rats on him, as criminals are wont to do upon each other, or Lichtenstein, who does so much business with tax evaders that they don't Really Want to Besmirch their Name with Mere Criminals, decides to finger Irving. Or, maybe, just maybe, Irving has to make a living and, in order to keep his spouse-equivalent in the style to which he's become accustomed, repeats himself one too many times. Thus Dick, a detective, sends him to jail the old fashioned way. With police work. > >We may yet find protocols to mitigate or limit this kind of fraud -- >make change traceable if linked to double spending, do random >online checks as a cypherpunks poster suggested last year, or >similar precautions layered on top of the basic protocol. >But so far these problems haven't been put on the front burner >of digital cash design, and already we have people out there selling >offline cash on the network as a superior solution! God knows (she told me last night she knows :-)) that no system by itself is superior. As Hal(?) said here recently, expect a mix of systems. However, please note that any offline system where the receiver of cash runs right to the underwriter and cashes out is a defacto online system, without the cost of a live link. And, yes Virginia, offline cash is a superior network solution because it's just plain cheaper. You don't need to keep a bank wired in, you don't need all the other costs (I should just bind the list to a key and paste them in) you get with online systems. > >Reliance on law enforcement flies in the face of >cypherpunk goals, and indeed against the goals of good cops >as well -- one of their most vocal complaints is about >people setting up systems that are vulnerable to crime, putting >them in unecessary danger. One should rely on law enforcement to the extent that it creates privacy. If you can call a cop and he throws a mugger in jail, and you can go about your business otherwise, that's cool. If you can shoot the mugger when he tries to shoot you, it's messy but it's cool. If there's a way to deal with preventing accidental double spending, or indemnifying those victims of accidental double spending, that's cool. If it takes a cop to slap a few frauds in jail for deliberate double spending, that, too, is also cool. > >It also goes against political reality to think that a startup >operation can lobby governments all across the globe to protect >a system that is ideal for money laundering and tax evasion. >Ain't gonna happen -- they'll let those "dirty money banks >and money laundering net sites" rot; they may even give >Irving a helping hand. You don't have to lobby governments all over the globe. You just get them to enforce their own laws about theft. Let's see, in Tehran, it's your left hand for the first offense... Uh, I hate to break this to you, but startups do this all the time. With enough success that a business will do it the next time if the crime happens twice, I might add. As far as Binky, the Third Horse of the Apacolypse (otherwise known as as the Illegal Drug Trade), that's a tough one....Hey, I got it! Let's charge them with money laundering! Wow, I'm surprised I thought of *that* one... > >I disagree that "there is no excuse" for double spending. If >the software is implemented badly (no fault of the user), >it might get mixed up with systems programs in such a way as >to cause double spending. Cool. Should be caught before it gets out of hand, probably in prototyping, seing as how "double spending" is the semantic bug highest on the wanted list once the app comes up without barfing, I bet. If not in beta testing. Maybe even once it's gone out there; not much by then. The point is, look at bug occurance distributions in any development process and tell me what the chances of this particular kind of bug poping up once a piece of code has gone into production. Homeopathy doesn't even play with percentages that small... >For example, if the system crashes >and one must recover from a month old backup, one has to >go through that old purse and determine which coins have been >spent. If the software and/or user makes a mistake in this >process, we get double spending. If a network burps and >sends a vendor two coins where there should have been one, >we get double spending. Then, the purchaser is probably legally bound to run those notes through the underwriter to find out if they've been spent. If the network burps, you say "excuse you" and if the money bounces and nobody's tried to spend it twice on purpose, the "trade" will just "DK" (don't know) until it settles on it's own. Typically, this means sending a notice to the person who spent the money twice so he knows to expect a call from a redeemer who got burned. If that doesn't happen, Burp Over, Man... >In the online system the consequences of double spending >(or million spending) are far more benign. At worst >one customer is out stolen coins. In a networked offline >system those same few coins are a potential loss for >every vendor on the net. As Tim May >noted, we may not even need to recongize fraud in online >cash -- just treat all online double spending as accident. >No bonding, secured accounts, investigators, ID badges >or cops with guns busting down Janes's door after >Iriving has million-spent her coins. Here we both have >a simple liability system and much less chance of fraud. The reason that you want an offline system is that you can point to point clearing of transactions without the involvement of a third party like a bank. A third party you have to pay at the very least, a party you have to develop a sophisticated and costly relationship with at most, and at the very most a party you have to invent outright down to the protocols for working with them. With an offline system, you have an underwriter, a means to convert money on and off the net into real money somewhere, the buyer, and the seller. Only two of whom are necessary at any one time to effect a transaction. In other words, it can happen now and it doesn't presuppose a clusterfuck infrastructure (no anger intended there, I'm going to propose "clusterfuck" as an official jargon word here real soon now) which is too contingent to be compilable, much less economical, right now. > >Tim May also suggested that most offline protocols are >intended for manually used smart cards. This makes sense -- >unlike an network environment with automated spending agents, >the scope of multi spending for manually used pruchases >in small amounts is quite limited. On the network even >fraud of a few cents per transaction can quickly add >up to big $$$ across thousands of vendors. The point in the entire above section is "thousands of vendors". Again, the fallacy of composition. Bob, a Buffalo, ;-) is becoming extinct, in other words. Becoming extinct is not something one buffalo can do. A few cents per transaction doesn't show up as a big deal to one vendor, to the underwriter, it's at the very least a pain in the ass, and worth calling the cops about, even if the people bringing in that double spent cash don't really care much. You forget also that the point of concentration of all this fraud is the underwriter. Since you have the miscreant identified, nym or not, they you can sick our friend Dick, noted above, onto the case. > >What are the communications costs of online clearing anyway? >Don't credit card clearings cost about two cents per transaction >these days? If clearing costs are less than plausible offline cash >fraud and fraud prevention costs, online cash is a winner, >both now and increasingly in the future as bandwidth becomes >even cheaper. Yes, when we all have Dark Fiber, and all is valhalla, online transactions will be Virtually Frictionless. (Sounds sexual, doesn't it? I bet it is, at that...) In the meantime, offline digital cash works now. Or at least it's claimed to work now, by most people on this list. All we need to do is try it out. > >sincerely, >-- An Unauthenticated Agent with no credentials: whizzywig My, that was fun. Sorry for attacking you so vociferously, but I don't know who you are... ;-). Somehow, I feel I can get away with it. Not fair at all, I'm sure. ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 27 22:17:18 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 27 Aug 94 22:17:18 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408280515.BAA15339@zork.tiac.net> At 7:45 PM 8/27/94 -0400, Perry E. Metzger wrote: >Eric Hughes says: >> >If there were already a fully identified digital money system, >> >> Is there one? >> >> I don't think there is any digital money system at all, neither >> anonymous nor fuly identified. >> >> There certainly are digital funds transfer systems, almost all fully >> identified. These are not digital money systems, although they may be >> precursors. > >The U.S. banking system is largely a "digital money system" in the >sense that the bulk of the money in the system is represented in book >entry form in computer systems and has no other existance. I suppose what I meant was is there any fully identified offline digital cash system in the literature. I haven't heard of any from secondary sources, like around here, or from my cursory reading of Schneier, for instance. The penalty for imprecision on a mail-list of scientists is blown bandwidth. My apologies. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 27 22:17:24 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 27 Aug 94 22:17:24 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408280516.BAA15349@zork.tiac.net> At 11:16 AM 8/27/94 -0700, Eric Hughes wrote: >I still agree that you cannot really _prove_ that it will be more >efficiently, at least not from armchair business planning. Given a >few million for a good study though, I'm sure answers might be >forthcoming. Eric, what would that "few million for a good study" buy? Might it not be wiser spent on a full-blown market test, using software prototypes? Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 27 22:17:28 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 27 Aug 94 22:17:28 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408280516.BAA15346@zork.tiac.net> At 9:55 PM 8/27/94 +0100, p.v.mcmahon.rea0803 at oasis.icl.co.uk wrote: >There has to be a business reason for change to any existing practice; >a general infrastructure for electronic payments is not going to be >adopted by banks just because there are available or emerging technologies. True enough, but if there was a way for a bank to benefit (underwriting referral fees) from an off-line cash settlement mechanism, they might want to jump into that market with both feet. What this means the possibility of "institutional" digital cash. OK. So, you just up the denominations and let corporations settle their cash business on a point to point basis. The banks take a fee at the gate each time a digital cash certificate is issued. In this case, you can really call these "digital banknotes" as Eric preferrs, because such a euphamism will keep the IRS at bay for a few minutes. These won't be done offline, because corporate treasurers will scream for the interest. However, they will be useful for international trade because of their transmission efficiency, and and probably their security. Everyone's happy. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 27 22:17:37 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 27 Aug 94 22:17:37 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408280516.BAA15352@zork.tiac.net> At 11:09 AM 8/27/94 -0700, Eric Hughes wrote: >One can consider that a digital cash exchange creates a delay between >the two legs of the transaction. In between the beginning and end, >the transaction is suspended. That's the sense of the word. If you mean the transaction that occurs between the net as a whole and underwriter. I agree. There may be lots of non-trivial transactions on the net in the meantime, however. Nevertheless I'll keep using "suspension account" until I'm disabused of it, for lack of a more descriptive word, than for anything else. > >"Float" is a financial concept, not an accounting one or a legal one. >The issues are greater than financial ones only, and the terminology >needed is correspondingly greater. As an aside, most finance professors consider accounting to be applied finance. I expect that accountants don't take to that kindly, however. "Float" reminds me of "kiting checks", for some reason, so I'm glad not to use it now. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 27 22:17:41 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 27 Aug 94 22:17:41 PDT Subject: Cash, cheaters, and anonymity Message-ID: <199408280517.BAA15363@zork.tiac.net> Just getting caught up here. Started backwards, and cut out most of what is addressed already. I swore I wouldn't touch Tim's posts, for all the trouble I seem to get into when I do, but, well, here goes, anyway... At 11:46 PM 8/25/94 -0800, Timothy C. May wrote: >(Coins and cash bills are really "on-line clearing" though, in that their >existential properties make them acceptable immediately; they are not >replicable, at least not easily, and hence can be conserved in transations. >All the usual stuff about the nature of cash money.) I thought that was the definition of off-line, Tim. If you can be reasonably certain, without running to the issuer on every transaction, that a piece of digital cash will be worth a dollar when you cash it out to get it off the net, then you have something whose existential properties make it acceptable, right? If you have to run a piece of paper money to a bank in order to cash it into something more stable wouldn't you consider that more of an "on-line" transaction? >"Zero knowledge interactive proof systems" have been used for password >systems; no amount of past snooping or eavesdropping helps. (Of course, the >user still has to have physical security over his local computer, or PDA, >dongle, or secret decoder ring.) This seems like a readily-solvable problem >(and one we already accept with existing ATM machines). I really like this concept in a bunch of different applications, most importantly, the ability to keep my personal history out a gajillion databases someday. >THE INCREDIBLE IMPORTANCE AND ELEGANCE OF ON-LINE CLEARING Tim put a whole lot of stuff here, all of which I agree with, including the concept of whoever gets to the train locker first, gets the loot. Except I'm confused about why he doesn't think that if confidence is maintained in the very same online scenario he just described (chaumian blinding, etc), that extending it to off-line use is not too difficult, and that for a very large percentage of transactions may be more useful, *if* the veracity of the digital cash is still there. I think that people *will* do predominately on-line transactions early on, in a scheme which uses the ability to pass cash through several transactions before getting cashed out. I believe that if I were an underwriter, I would get more business if off-line transactions were pretty much as safe as on-line ones. That implies exposing double spenders, and that may or may not imply positive identification. In schemes where I have an ATM gate, I let the referring bank vouch for the identity of the person buying digital cash with real money. It's also easy to see that only a bank customer (and thus identified) could bring cash off the net to be deposited either. It's easy to see how there may be holes in this scenario over time. And, if a "self-credentialed" nym out there touches a piece of cash in the daisy chain, who cares? If that same nym double-spends money I underwrote, then the person who shows up at my "train locker" is shit out of luck, but they have the identity of whoever dunnit (however useful that may be). As underwriter, however, I reserve the right to go after the offending double-spender with a pair of dull spoons (or with the law, whichever is easier) if he did it on purpose, because he's messing with the efficacy of my business. >IS PROOF OF PHYSICAL IDENTITY NEEDED? [snip] >The danger of making the "person who withdrew it" a culprit if the money >has already been "spent" is clear: he is just as likely to be an innocent >victim of a setup as the guilty party. I agree. This is why cash which unmasks double-spenders is important. >UNTRACEABLE MARKETS FOR ASSASSINATIONS This, and other "perfect crime" argments make me a little bit uncomfortable. But not because they're right. It's because there's a forest and trees mentality at work here that's readily apparent to people outside the argument. It's like Alexander and the Gordian Knot. Just cut the damn thing in half. In this case, even though there's a perfect double blind, there are still two crimes being committed, (buying a hit, killing someone, three really, acting as agent for a hit). All unknown, all untraceable. The person who ordered the hit knows he did it. The person who arranged the hit knows she did it. The person who made the hit knows he did it. At some point one or all links in that chain of silence will break. In normal criminal procedure that's it. All is known. In this case it isn't. But, on a separate, independent basis, one of those people *ever* tells anyone, that person knows, and maybe snitches someday. Depending on how perfect the criminal is, evidence will be left, confessions will be made, and, who knows, maybe the guilty party goes to jail. Actually, that's how most cases are solved. Someone rats on somebody, and gives the cop an excuse to snoop around and find something else which incriminates the culprit. The upshot is, the independence of the events doesn't make a crime less amenable to most criminal procedure. It's like our friend Binky, the third (International Drug Trafficking) horse of the apocolypse. There isn't a direct chain of evidence linking him to each and every crime he directly committed, much less the second and third order effects of his actions. But he was there in Columbia with a monsterous pile of cash and no visable means of support. Hung with other drug types. If it walks like Binky, and quacks like Binky, hey, it's Binky, right? Find a few times when he was messy, find a few snitches, presto, changeo, Binky's in jail. You can assume all the perfect crimes you want, but, just like the argument about the evil guy in Plato's Symposium, who did only right deeds but was an evil man nonetheless, you come to silly conclusions. People aren't perfect. They screw up more often than not. They get caught. When they don't get caught, that's tough, but I wouldn't bet the rent on the possibility of it consistently happening. >THE DANGER OF EVER USING PHYSICAL IDENITY VERIFICATION >Danger! Danger! Danger! Any such system, that relies on physical IDs is >substantially less private that banks today in many countries, and is not >at all what I would call "digital cash." > >On-line clearing makes this unnecessary. So do offline systems, I thought. I thought it was easier to do an offline trade with a nym, than an online one. I bet that you would have a huge problem putting up an anonymous on-line system. Without fiating your own country into the argument, I mean. >Hal says: >>Without the authentication, you're not going to have off-line cash, >>IMO. You will be stuck with on-line systems in which everyone has to >>verify everything before accepting it. This means you pay a cost in >>communications overhead and possibly other foregone opportunities. > >Agreed. But acceptable with a two-tiered system: > >- off-line cash for small transactions, with smartcards, "observer" >protocols, and with built-in limits > >- on-line , immediately-cleared cash for larger transactions, also with >various agreed-upon limits or requirements How about a single system that covers both. Isn't it the case that when a seller in an otherwise offline system deposits cash directly upon receipt (possibly while the receipt of cash is happening) you have something equivalent to an on-line system? Isn't it also the case that if the last person to the train locker loses, then trust of nyms will be sort of forced to happen eventually? It seems to me that people won't waste their time instantly depositing their digital cash revenue the second they get it if the currency doesn't get bounced. ___________________________ There. Let me say here that Tim May is one of the major reasons I read this list. This posting that I'm replying to is easily the best one he's made, probably anyone's made, since I got here a few months ago. Having said that, fully expect him to piss on my shoes, for any of a number of reasons. I've put on my sea boots as precaution. Fire away, Tim. :-). Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sat Aug 27 22:17:57 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 27 Aug 94 22:17:57 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408280516.BAA15355@zork.tiac.net> At 11:00 AM 8/27/94 -0700, Eric Hughes wrote: > Digital cash has to be issued by someone, who > *really should* back it up with real money, and should thus receive real > money as collateral for the digicash on the net. > >The basic distinction that is missing in your analysis is that between >legal structure and financial structure. Here is my very short >clarification of the difference. > >-- The financial structure matters when things go right. >-- The legal structure matters when things go wrong. > >Your financial analysis is fine, but also mostly irrelevant for >determining legalities. I've never worried too much at all about the >financial structure for digital cash issuance, because I've always >thought it a straightforward problem to manage the backing portfolio. Unfortunately, Eric, I think you'll agree in hindsight that financial structure and legal structure is a little more tightly coupled than that. The law and the enforcebility of agreements is what makes financial instruments exist. Their behavior is a direct result of their legal underpinnings. Thus, the financial structure is the legal structure. The financial behavior of a security can thus be predicted just by assuming the efficacy of the legal system they're written in. If you break the law or agreements creating a market, say if people didn't make their margin calls and got away with it, there wouldn't be a market on margin for very long. Thus, by collateralizing what you would call a digital banknote, you are agreeing with the person you issued it to that at the very least, that dollar-for-dollar, there's money to back the note up. By the way, I figured out just now why this can't be called a digital bank note, though I can't figure out what to call it except digital cash for the time being. Digital cash isn't issued by a bank in the scenario I outlined, at least a bank of deposit. The issuing underwriter isn't anymore a bank than an institution offering any other piece of collateralized paper, like GNMA, a railroad offering an equipment mortgage bond, whatever. >I think you misunderstand me. Secured and unsecured are legal >concepts, not financial ones. Merely saying that the money sits >somewhere while it's in transit (which it clearly does) does not make >the instruments secured. But it does, Eric. Especially if the underwriter says at the outset that the money's secured (collateralized). If money isn't secured dollar for dollar, especially in the early stages, you get a whole mess of legal, not to mention financial problems. It should be possible to keep an issue of digital cash fully collateralized (secured) and still make money. > >What happens during bankruptcy of the issuer? > > This probably won't happen except in cases of fraud. [...] > Unwinding a position in the money markets is not really a scary > proposition at all. > >I would strongly suggest that you go look up some references to >systemic failure in payment systems, which is a big concern these >days. And unwinding a position in the case of bankruptcy can create >real negative value in the system, and cause other banks to collapse. >Unwinding can be _very_ expensive. Again, Eric, if one digital cash underwriter has to unwind a fully collateralized bunch of digital cash, what's the problem? If the underwriter isn't fully collateralized, he's in violation of his issuance covenants and is likely to be sued by the trustee for the instruments, at the very least, long before a run on the cash started. Thus, the shareholders of the company doing the underwriting take the hit for a bankruptcy, while the suspension account and the portfolio backing it may not even have to be unwound at all. They may simply be transferred to another underwriter for safer keeping. It's not at all like banks, where they get to make money by creating a little, and thus should have insurance to keep the their liabilities and their reserve requirements. Having a fully collateralized digital cash (for lack of a better term) system is pretty simple to do from a financial, and legal standpoint. Thanks! Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From wessorh at ar.com Sat Aug 27 22:39:58 1994 From: wessorh at ar.com (Rick H. Wesson) Date: Sat, 27 Aug 94 22:39:58 PDT Subject: In the year 2525 Message-ID: <199408280539.WAA01515@ar.com> If I stole all the digital cash in the world, and held it for 30 seconds in a numbered account, how much interest would I have? -kcir From wessorh at ar.com Sat Aug 27 22:40:03 1994 From: wessorh at ar.com (Rick H. Wesson) Date: Sat, 27 Aug 94 22:40:03 PDT Subject: Are RSA licenses fungible? Message-ID: <199408280534.WAA01508@ar.com> > From owner-cypherpunks at toad.com Sat Aug 27 22:08 PDT 1994 > Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by ar.com (8.6.9/8.6.5) with ESMTP id WAA01459 for ; Sat, 27 Aug 1994 22:08:22 -0700 > Received: from toad.com by relay2.UU.NET with SMTP > id QQxewa21172; Sun, 28 Aug 1994 01:07:36 -0400 > Received: by toad.com id AA01260; Sat, 27 Aug 94 21:59:17 PDT > Received: from nic.cerf.net by toad.com id AA01254; Sat, 27 Aug 94 21:59:07 PDT > Received: from ininx (ininx.com [134.24.4.70]) by nic.cerf.net (8.6.8/8.6.6) with SMTP id VAA26020; Sat, 27 Aug 1994 21:59:00 -0700 > Received: by ininx (4.0/SMI-4.0) > id AA05474; Sat, 27 Aug 94 20:42:04 PDT > Date: Sat, 27 Aug 94 20:42:04 PDT > From: jkreznar at ininx.com (John E. Kreznar) > To: perobich at ingr.com > Cc: cypherpunks at toad.com > Subject: Re: Are RSA licenses fungible? > Sender: owner-cypherpunks at toad.com > Content-Type: text > Content-Length: 2530 > > -----BEGIN PGP SIGNED MESSAGE----- [snip] > > JEK: > Is this true even if the person is a registered buyer of 2.7? > > Public availability of a program's source code is a powerful means to be > sure that it is correct. How can one gain such assurance for PGP 2.7? > > How could confidence in the correctness of a secret program, even by its > author, ever match that of a program open to public scrutiny by any > interested person? > > Uhlhorn: > ViaCrypt has exactly the same position if a person were to > make 2.6ui look like ViaCrypt PGP V2.7 regardless of whether or > not they are a registered user of ViaCrypt PGP V2.7. It is plain > dishonest and illegal! > > [End of Uhlhorn dialogue] > > Granted, the issue here is different from yours, but it does give an > idea of how ViaCrypt might react to an attempt to use their license to > legitimize your use of another PGP. Hope this helps. > > John E. Kreznar | Relations among people to be by > jkreznar at ininx.com | mutual consent, or not at all. > > -----BEGIN PGP SIGNATURE----- > Version: 2.3a > > iQCVAgUBLmAGZ8Dhz44ugybJAQGSKAQAjlOFHarkVhF7Cjcy3xX3v7A4XyAH5B7H > C61efV7poiJXcYCV8H6t2w6RGrk1ux/ynwoseVOjTdDraK5crqxxITCplLqY13Vv > rzaY0BFOWOLBIgty9Gjh4Oz4v89lRKxn2MhsflrS/TxMBZSeaYec7K4ufDZwCvWN > JQ94CgrJM/g= > =1O6L > -----END PGP SIGNATURE----- > why don't you just buy an RSA toolkit licence and patch it inro whatever you want, just don't redestribute code... -Rick From blancw at pylon.com Sat Aug 27 23:50:29 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Sat, 27 Aug 94 23:50:29 PDT Subject: FCC Regulation (Challenging Majority Whim) Message-ID: <199408280645.XAA22595@deepthought.pylon.com> [more excruciatingly enlightening grandiloquence] Responding to msg by Phil Karn: . . . . how can one create a government that rises above the petty illiberalism of the people it governs to protect the rights of the individual? ................................................... It appears that being given a position in charge of upholding abstract ideals makes some people forget whose interest or which ideal it is that they are supporting, and they take too seriously the opportunity to lord over others. When someone has been given responsibility over others, they seem to suddenly lose their perspective and propose all sorts of things contrary to what they claimed to think prior to assuming that office. I think there will come a time when business enterprises will completely replace 'government' functions. Most people see both society and political systems as means to practical ends. These two organizations have pragmatic functions which individuals see as advantageous to their own comfort and advancement. When neither of these deliver on the promise of the desired benefits, all of those who were depending upon them complain that their expectations were betrayed. It remains to 'overthrow' these organizations or raise hell at least, but still conditions remain largely unsatisfactory. A business enterprise is more precisely a tool for the realization of the kind of benefits which people are looking for from each other. It also has the advantage of flexibility - it can be modified to suit or disbanded altogether without affecting uninvolved parties in the same way as must happen when attempting to "improve" a society or a government. A company does not recognize an individual in the same way that a society or a government does in terms of a comprehensive ideal, but it can better provide the means to achieve personal goals & ambitions, and I think is thus better suited as a tool for providing (read 'creating') what individuals could want from the world while living in co-existence with strangers. Blanc From karn at qualcomm.com Sat Aug 27 23:52:57 1994 From: karn at qualcomm.com (Phil Karn) Date: Sat, 27 Aug 94 23:52:57 PDT Subject: $10M breaks MD5 in 24 days In-Reply-To: <9408260027.AA05595@snark.imsi.com> Message-ID: <199408280651.XAA13677@servo.qualcomm.com> >Well, I suppose this demonstrates that the NSA knew what they were >doing when they set the SHA's length to 160 bits. Let it never be said >that they aren't right on top of everything... On the other hand, I can't imagine that NSA is unaware that strong cryptographic hash functions designed for authentication are also useful building blocks for a confidentiality cipher. Which might make them less than wholly enthusiastic about doing their best on a public standard like SHA. Caveat emptor NSA. (John Cleese, if you're out there, feel free to correct my Latin). Phil From karn at qualcomm.com Sun Aug 28 00:01:00 1994 From: karn at qualcomm.com (Phil Karn) Date: Sun, 28 Aug 94 00:01:00 PDT Subject: PGP availiable on magazine cover In-Reply-To: <199408280257.TAA10532@kaiwan.kaiwan.com> Message-ID: <199408280701.AAA13684@servo.qualcomm.com> >This is a good thing. By being published in that fashion, PGP thus meets >the requirements under ITAR to be classified public domain, and can thus >now be legally exported from the US. Uh, my experience so far with the book "Applied Cryptography" shows that the government discriminates on the basis of recording medium -- inked Roman characters on paper are okay, but magnetic ASCII bytes on mylar aren't, even if the information is exactly the same. And yes, I've explained to them in great detail, in a formal administrative appeal, why this distinction is silly, stupid, absurd and most likely unconstitutional. Stay tuned. The latest word is that a response to my appeal (filed in early June and still pending despite a rule that calls for a 30-day response) is supposed to arrive in mid-September. For background, see the files ftp:/ftp.cygnus.com/pub/export/applied*. Phil From blancw at pylon.com Sun Aug 28 00:07:25 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Sun, 28 Aug 94 00:07:25 PDT Subject: The Trouble With Crypto Message-ID: <199408280645.XAA22599@deepthought.pylon.com> Responding to msg by nobody at ds1.wu-wien.ac.at: 1 >if [crypto] only >needs to be used once in a while, there will be no >good reason to implement some of the more interesting >protocols, or implement the "maximum strength" >possible. 2 >For the overwhelming majority of >people, the benefits of "digital cash" will not be >worth the time and trouble over "digital cash with >anonimity removed". . . 3 >As for encrypting all email, much like people use >envelopes? Be honest, there isn't sufficient cause to >warrant the time and trouble. 4 >Nor is there sufficient cause to warrant the time and >trouble of signing messages sent to mailing lists or >usenet. . . . 5 >Nor is there sufficient cause to warrant the time and >trouble of communicating via anonymous remailers, >except for say folks like Pr0duct Cypher. 6 >Nor is there sufficient cause to warrant the time and >trouble for banks and stores to offer digital cash. 7 >As for dc-nets, give me a solid example why you ever >need to communicate with one. 8 I see a limited deployment, and almost no >fundamental restructuring of society. 9 >. . . I suppose a discussion about >atomic bombs will likely be of greater impact on our >future than crypto anarchy will. 10 >Cypherpunks write code, but if there is sufficient >cause to warrant the time and trouble! ............................................................... You might be right, having accrued at least 10 reasons why the list discussions do not altogether convince of the importance of using encryption as a matter of course or for the re-structuring of society. The choice to use crypto is a little different from the sense of wanting to use it from desperation; I think it is the difference between determining factors: when it is the individual themselves who decide to employ the tool for whatever reason they have to either use it or not at their discretion, or when the circumstance seems to dictate for the person what they must do - that they must go to desperate means to ensure privacy, from a perceived threat which demands that they hide their communication. One of the important issues regarding the use of encryption is not necessarily whether it is used or not as a matter of course, but rather the controversy over the source of the permission to use it as well as the imposed obligation to participate in self-incriminating applications of it. i.e. do individuals have the sovereign right to use tools which result in a division between public & private existence, or are they obligated to keeping their lives accessible to intervening governing agencies? To me a cumbersome tool would require sufficient cause to use it. However, I would appreciate its existence in case of emergency, if there was no better one available, and I would protest the idea that it was anyone else's prerogative to decide for me when it was an appropriate occasion to do so. Is crypto only a toy with destructive implications for governments & societies, or a tool of subjugation with destructive implications for individuals? If only cypherpunks or only government officionados made the decisions about it the answers would be easier to predict. But they are not the only ones involved, and it is my understanding that not all future developments will be determined on this list. Blanc From cme at tis.com Sun Aug 28 01:01:28 1994 From: cme at tis.com (Carl Ellison) Date: Sun, 28 Aug 94 01:01:28 PDT Subject: Another Denning's view In-Reply-To: <199408212145.OAA18486@deepthought.pylon.com> Message-ID: <9408280711.AA03660@tis.com> Date: Sun, 21 Aug 1994 14:45:54 -0700 From: blancw at pylon.com What an amazing difference between Dennings. What a great idea for the NSA were to become allies and start working for us, instead of for 'them'. The perception of it (NSA) would change in everyone's eyes; even pencil-toting nerds could learn to like them. I ran into an NSA policy office person at CRYPTO'94 and suggested to him that the NSA should set up a WWW page from the crypto museum -- and also post occasionally to sci.crypt from some nsa.gov host. He was very open to the first idea but not to the second. (problem apparently with the standard disclaimer not being good enough for them. :-) - Carl From cme at tis.com Sun Aug 28 01:15:45 1994 From: cme at tis.com (Carl Ellison) Date: Sun, 28 Aug 94 01:15:45 PDT Subject: Zimmermann/NSA debate postponed In-Reply-To: <199408240048.RAA19300@netcom16.netcom.com> Message-ID: <9408280813.AA04248@tis.com> >From: tcmay at netcom.com (Timothy C. May) >Subject: Re: Zimmermann/NSA debate postponed >Date: Tue, 23 Aug 1994 17:48:30 -0700 (PDT) >Huh? Phil almost _never_ signs his messages, and has talked about how >difficult it is to go through the rigamarole of signing, >authenticating, etc. > > >(I sympathize with him, and I intensely dislike getting PGP-encrypted >messages, decrypting them, only to find a banal message that wasn't >worth the effort.) There is a lesson here. Getting the BBEDIT extensions which do PGP and the emacs mailcrypt functions made PGP almost convenient enough for me to use it without grumbling about the trivial message enclosed. Isn't it time for cypherpunks-who-write-code to respond to this obvious customer need? I have no mailer myself but I do have a friend who produces one and I'm helping him to incorporate PGP seamlessly. It's taking a long time but it should be worth it. Anyone else out there with their own mailer? - Carl From sdw at lig.net Sun Aug 28 02:13:32 1994 From: sdw at lig.net (Stephen D. Williams) Date: Sun, 28 Aug 94 02:13:32 PDT Subject: Are RSA licenses fungible? In-Reply-To: <9408280342.AA05474@ininx> Message-ID: > Paul Robichaux writes > > > So.. if I buy 20 licenses of ViaCrypt PGP, then proceed to use PGP > > 2.6-based code in my applications, does that constitute a legitimate > > solution? > > I had a similar question while trying to decide what version of PGP I'll > be switching to, and had the following dialogue with Paul E. Uhlhorn, > Director of Marketing, ViaCrypt, on the subject. > > JEK: > The lack of source code for ViaCrypt PGP is an issue. If ViaCrypt PGP > 2.7 were legitimately acquired, but the buyer, wary of black-box > (sourceless) software, instead used a variant of PGP 2.6ui patched to > identify itself as 2.7, would the substitution be detectable by any > observer? Would either you or RSADSI object to this? > > Uhlhorn: > If a person were to make 2.6ui look like 2.7, ViaCrypt would > strongly object and would most likely pursue legal remedies. Our > concerns would include copyright and patent (both IDEA and RSA) > infringement. I cannot speak for PKP, Public Key Partners, but I > would expect PKP would also consider this patent infringement. I > understand 2.6ui to be a "patched" version of 2.3a which was not > licensed by RSA or PKP. I disagree with this. I can't find the line of reasoning here. The only guaruntee of patent and (and to some extent) copyright to the holder is right to collect fees. Once you have collected those fees and if future fees are not in jepeordy, you don't have 'standing' to complain, as I see it. ... > Uhlhorn: > ViaCrypt has exactly the same position if a person were to > make 2.6ui look like ViaCrypt PGP V2.7 regardless of whether or > not they are a registered user of ViaCrypt PGP V2.7. It is plain > dishonest and illegal! > [End of Uhlhorn dialogue] Makes no sense, unless they are talking about you giving out the modified version. sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From sdw at lig.net Sun Aug 28 02:13:46 1994 From: sdw at lig.net (Stephen D. Williams) Date: Sun, 28 Aug 94 02:13:46 PDT Subject: In the year 2525 In-Reply-To: <199408280539.WAA01515@ar.com> Message-ID: > > If I stole all the digital cash in the world, and held it for 30 > seconds in a numbered account, how much interest would I have? None... Numbered accounts (if you mean Swiss 'numbered' secret accounts) don't earn interest. > -kcir > -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From nobody at vox.hacktic.nl Sun Aug 28 02:14:24 1994 From: nobody at vox.hacktic.nl (nobody at vox.hacktic.nl) Date: Sun, 28 Aug 94 02:14:24 PDT Subject: Magic Money / NexusBucks Message-ID: <199408280914.AA14351@xs1.xs4all.nl> -----BEGIN PGP SIGNED MESSAGE----- To those at the Nexus who are using Magic Money: thank you and good luck. So far you are planning to accept Magic Money as payment, and to pay out Magic Money to a few people who write some code or otherwise help you out. This will not get it into widespread use. Instead, everyone who signs up for one of your services (Internet access, etc.) should get a rebate back in Magic Money. This rebate can be used toward the next month's bill or any other service you provide - but only if the person learns how to use Magic Money and sets up a client. Now there is a real economic motive for quite a few people to use it. Direct exchanges between the users will follow naturally. In your description of Magic Money and the Nexus system, you said that a bug in the Magic Money client would cause loss of coins if you enter a bad coin value while entering coins to be paid out. This is not true, at least not on the systems I've tried it on. You get an error message and a rather ominous-looking blank line, but entering a correct coin value will continue the process. Also, for automation and Perl scripts, you might want to take a look at the v1.1 auto-client. The auto-client is designed especially for control from another program or script. Control from a perl script would be very easy - much easier than controlling the manual client. I also encourage you to standardize on v1.1 now because it adds the bank's keyid to the end of each coins.dat file. The auto-client can retrieve the keyid, and its presence will be very important if you ever start using multiple banks. Pr0duct Cypher Cypherpunks build Bombs? -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLmAfDMGoFIWXVYodAQFmfQQAj79YF9oYtzakrhBgEcLDB8SezWc89o5f TE1jnjKLNnLQGRlzcLuqv0PSRP02ABhAT7VcPkqnOYH28ctvD+SR8MiB65IZI0Ul NHnD6mvSqY7kF0RQVjdVTXPBmGdAq5GZIaLEDl8n1wkh/cf/4XY30J3R13Ac0+Ds ZqrHviE1mQc= =2Dj6 -----END PGP SIGNATURE----- From p00140 at psilink.com Sun Aug 28 07:02:05 1994 From: p00140 at psilink.com (Gary Woodward) Date: Sun, 28 Aug 94 07:02:05 PDT Subject: software wants to be sold. Message-ID: <2987153170.0.p00140@psilink.com> Anyone want to be part of a list to discuss sales and marketing issues of data security software? I will run the list. Regards Gary ............................................................................. Gary A. Woodward internet:p00140 at psilink.com SECURITY FEATURES Compuserve:71564,247 P.O. Box 5549 phone: 202.928.1231 McLean, VA 22103 infosec & docsec From ravage at bga.com Sun Aug 28 07:36:47 1994 From: ravage at bga.com (Jim choate) Date: Sun, 28 Aug 94 07:36:47 PDT Subject: DigiCash ??? Message-ID: <199408281436.JAA26470@zoom.bga.com> Hi all, I would like somebody to explain how I would go about using an anonymous digicash system to buy a automobile? Just for arguments sake lets say I want to buy a new Ford Mustang GT from the local dealer and desire that nobody at the dealer has any idea who I am or where I come from. From pfarrell at netcom.com Sun Aug 28 07:41:04 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Sun, 28 Aug 94 07:41:04 PDT Subject: someHost@nsa.gov Message-ID: <38251.pfarrell@netcom.com> In message Sun, 28 Aug 94 03:11:00 EDT, Carl Ellison writes: > I ran into an NSA policy office person at CRYPTO'94 and suggested to him > that the NSA should set up a WWW page from the crypto museum -- and also > post occasionally to sci.crypt from some nsa.gov host. He was very open > to the first idea but not to the second. (problem apparently with the > standard disclaimer not being good enough for them. :-) This is strange. I see no difference between somehost.nsa.gov and docmaster.ncsc.mil ncsc is nothing but a public front for NSA. It is located at Ft Meade, etc. This is not news. Why wouldn't they be willing to post from dockmaster? Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From solman at MIT.EDU Sun Aug 28 08:22:01 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sun, 28 Aug 94 08:22:01 PDT Subject: DigiCash ??? In-Reply-To: <199408281436.JAA26470@zoom.bga.com> Message-ID: <9408281521.AA13945@ua.MIT.EDU> > Hi all, > > I would like somebody to explain how I would go about using an anonymous > digicash system to buy a automobile? > > Just for arguments sake lets say I want to buy a new Ford Mustang GT from > the local dealer and desire that nobody at the dealer has any idea who I > am or where I come from. You hire an anonymous reshiper... no different from an anonymous remailer only you can't use an automated program (yet :) and its damn difficult to avoid traffic analysis. Assuming that nobody has decided to follow the car or put a locater in it, your anonymity is ultimatelly ensured by the fact that the last reshiper in your chain doesn't know whether or not you are also a reshipper or the new owner. I actually think that given the impossibility of avoiding traffic analysis, the most sensible solution is to find somebody that you absolutely trust to buy the car and give it to you without adding additional stages. JWS From sdw at lig.net Sun Aug 28 08:59:41 1994 From: sdw at lig.net (Stephen D. Williams) Date: Sun, 28 Aug 94 08:59:41 PDT Subject: cypherpunks-digest V1 #18 In-Reply-To: <199408230317.UAA29137@servo.qualcomm.com> Message-ID: Could be an interesting basis for a class action negligence lawsuit. Even if it was lost, it would become a factor in future business plans. > > >The purpose of a civilized society is precisely to avoid this sort of > >``arms race'' between bandits and those who pay for services. Even > > This "arms race" would not have been necessary had the vendors and > cellular carriers not been so short sighted as to not put meaningful > cryptographic security into their system at the very beginning. All of > the technology necessary to prevent the now-rampant snooping and > replay of ESNs already existed in the early 1980s when AMPS was being > deployed. It certainly exists now. > sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From jdd at aiki.demon.co.uk Sun Aug 28 09:35:09 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sun, 28 Aug 94 09:35:09 PDT Subject: DigiCash ??? Message-ID: <8358@aiki.demon.co.uk> In message <9408281521.AA13945 at ua.MIT.EDU> Jason W Solinsky writes: > > I would like somebody to explain how I would go about using an anonymous > > digicash system to buy a automobile? > > > > Just for arguments sake lets say I want to buy a new Ford Mustang GT from > > the local dealer and desire that nobody at the dealer has any idea who I > > am or where I come from. > > You hire an anonymous reshiper... no different from an anonymous remailer > only you can't use an automated program (yet :) and its damn difficult to > avoid traffic analysis. Do we care that you can't get it on the road without insurance in most states, and that the registration must be in someone's name? -- Jim Dixon From jya at pipeline.com Sun Aug 28 09:54:51 1994 From: jya at pipeline.com (John Young) Date: Sun, 28 Aug 94 09:54:51 PDT Subject: FCC and Crypto Message-ID: <199408281647.MAA19982@pipe1.pipeline.com> Keep it up. Literate writing is ur-code. Crypto-tech entrepreneurs will smell the coffee. John From norm at netcom.com Sun Aug 28 09:56:04 1994 From: norm at netcom.com (Norman Hardy) Date: Sun, 28 Aug 94 09:56:04 PDT Subject: DSPs Message-ID: <199408281656.JAA14318@netcom.netcom.com> At 13:09 1994/08/26 -0700, Phil Karn wrote: .... >But then I hear people say that it's not the multiplication that slows >down modular exponentiation, it's the modular reduction. .... Modular reduction is scarcely worse than the multiplication. If I have a 60 word multi precision number N to be reduced by a 30 word number M, I compute a guess by dividing the 32 bit most significant bits N by the most significant 32 bits of M. I then multiply this quotient by M and subtract that from N. That reduces N by some multiple of M leaving N mod M unchanged. The error in the guess might mean that N is less than 32 bits shorter than it was before the operation but this method gets nearly 32 bits per pass. The inner loop of the is the same as in multiplication. For all of this using the floating point unit wins on most modern CPUs. From cme at tis.com Sun Aug 28 09:59:38 1994 From: cme at tis.com (Carl Ellison) Date: Sun, 28 Aug 94 09:59:38 PDT Subject: someHost@nsa.gov In-Reply-To: <38251.pfarrell@netcom.com> Message-ID: <9408281657.AA07669@tis.com> >Date: Sun, 28 Aug 1994 10:37:28 -0400 (EDT) >From: "Pat Farrell" >This is strange. I see no difference between somehost.nsa.gov >and docmaster.ncsc.mil >ncsc is nothing but a public front for NSA. It is located at Ft Meade, etc. >This is not news. There's a difference. docmaster.ncsc.mil gives guest accounts to all sorts of private security consultants -- perhaps to dilute/mask any NSA presence. Everyone I've talked to from dockmaster has been non-NSA. >Why wouldn't they be willing to post [...] The answer I was given was that anything coming from a host named "nsa" would be taken as an official statement from the NSA (remember the alleged loose cannon who tried to tell the IEEE not to have an international meeting on crypto?). - Carl From solman at MIT.EDU Sun Aug 28 10:11:39 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sun, 28 Aug 94 10:11:39 PDT Subject: In the year 2525 In-Reply-To: <199408280539.WAA01515@ar.com> Message-ID: <9408281711.AA14222@ua.MIT.EDU> Rick queried: > If I stole all the digital cash in the world, and held it for 30 > seconds in a numbered account, how much interest would I have? Reminds one of the novela Press Enter, no? JWS From cp at omaha.com Sun Aug 28 10:24:43 1994 From: cp at omaha.com (alex) Date: Sun, 28 Aug 94 10:24:43 PDT Subject: Zimmermann/NSA debate postponed In-Reply-To: <9408280813.AA04248@tis.com> Message-ID: <199408281725.MAA00218@omaha.omaha.com> Carl said: > Isn't it time for cypherpunks-who-write-code to respond to this obvious > customer need? > > I have no mailer myself but I do have a friend who produces one and I'm > helping him to incorporate PGP seamlessly. It's taking a long time but it > should be worth it. > > Anyone else out there with their own mailer? I've fooled around with writing a mailer, and I ran up against a few walls. The biggest one was my not being the world's greatest programmer, and not knowing much about email systems. But there are other problems as well, that I think would plague anyone who tries to write a mailer. The goal that I was working for was pretty straight forward: some sort of a secure system that would be as transparent as possible. Ideally, it would work just like elm or pine or eudora: you'd just say "I want to send mail to so-and-so", and all the rest would happen automatically. The mail would be encrypted, your signature would be affixed, the recipient wouldn't have to worry about decrypting the mail, and there'd be some small little indicator on his status bar that said the signature was good. The first thing I realized when I started fooling around with this is that my basic design, which was modeled on a QWK packet offline reader, wasn't practical. Why? First of all, all of the crypto work has to be done on a machine controlled by the user. This is obvious, and it's the reason I wanted to go QWK style in the first place. But think about what happens if you dl a packet of incoming mail. Inside, you've got a letter from someone you've never met before, and it's signed. How can you verify the signature? Right now, people don't use secure mail for day to day traffic because it's too much of a hassle. You can write a mailer to automate encryption and decryption, affixing and verifying signatures. But you're still going to have to require users to hunt down keys, decide if they want to trust them, and load them onto their key rings. That's enough hassle for most people to stick with elm. It seems to me that a prerequisite for a transparent, secure mail system is an efficient, interactive, IP based key distribution system. It would have to be distributed, at least if we were serious, because it would have to be able to handle several million people's keys. And the web of trust would have to be such that keys could be accepted (or rejected) automatically, without human intervention. If such a system of keyservers existed, it's not hard to imagine really useful secure mail systems, although implementing them would still be an awful lot of work. Sendmail could be configured to feed mail through programs to handle the crypto work on single user unix machines (or even on multi-user machines, if the users trusted the sysadmin), and some sort of a secure pop system could be developed for other people. But this would be a very big project, and would necessitate agreements on standards, etc. From wessorh at ar.com Sun Aug 28 10:27:50 1994 From: wessorh at ar.com (Rick H. Wesson) Date: Sun, 28 Aug 94 10:27:50 PDT Subject: Golbal Econ. Message-ID: <199408281727.KAA02075@ar.com> With topics like buying a car with digital cash make me think some may be missing my point. I don't want to replace all currencies world wide with some implementation of digital cash, be it an on or off-line system. I would like to help get an internet economny going! For the internet to become a source of greater revenue I'd like to see a system that can securely make business transactions that we are all happy with. The amounts should be small transactions compaired with selling a car, I'd like to know how I can pay for some online information without having to have an account based with the information supplier. For starters how can I pay for some HTML page or purchase a physical product via CURRENT technologies on the internet. Lets first start an internet cash system before you go off and let our ego's make all other forms of hard currency obsolette. -Rick From solman at MIT.EDU Sun Aug 28 10:34:00 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Sun, 28 Aug 94 10:34:00 PDT Subject: DigiCash ??? In-Reply-To: <8358@aiki.demon.co.uk> Message-ID: <9408281733.AA14292@ua.MIT.EDU> > Do we care that you can't get it on the road without insurance in most > states, and that the registration must be in someone's name? > > Jim Dixon No, because there are many solutions around this. A) You can use a vahicle that transports cars, so the automobile in question never needs to be driven. B) You can set up a dummy corporation and buy insurance for a couple of days at the exorbinant rate you'll have to pay by not specifying who will be driving it. C) have each person in the reshipper chain do everything legally and then legally hand the car off to the next person. and so on. JWS From jdd at aiki.demon.co.uk Sun Aug 28 10:55:22 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Sun, 28 Aug 94 10:55:22 PDT Subject: DSPs Message-ID: <8362@aiki.demon.co.uk> In message <199408281656.JAA14318 at netcom.netcom.com> Norman Hardy writes: > Modular reduction is scarcely worse than the multiplication. If I have a 60 word > multi precision number N to be reduced by a 30 word number M, I compute a guess > by dividing the 32 bit most significant bits N by the most significant 32 > bits of M. On a DSP chip like the Texas C40, 32-bit multiplication takes one clock cycle. Modular reduction will take something on the order of one hundred clocks. Modular reduction is much more expensive than multiplication. > I then multiply this quotient by M and subtract that from N. That reduces N by > some multiple of M leaving N mod M unchanged. The error in the guess might > mean that N is less than 32 bits shorter than it was before the operation but > this method gets nearly 32 bits per pass. The inner loop of the is the same as > in multiplication. > > For all of this using the floating point unit wins on most modern CPUs. Not on DSP chips. On the C40, reals are only 32 bits long, so there is no benefit to using them. They are less precise than integers. -- Jim Dixon From nobody at c2.org Sun Aug 28 11:06:54 1994 From: nobody at c2.org (Anonymous User) Date: Sun, 28 Aug 94 11:06:54 PDT Subject: Bootstrapping a free banking economy Message-ID: <199408281805.LAA01701@zero.c2.org> Pr0duct Cypher writes: > To those at the Nexus who are using Magic Money: thank you and good luck. Is the Nexus Bank still up? Reference to it seems to have been removed from the c2.org web page. Also, what are the current money supply figures for the various banks? I, for one, would like to develop for digital cash (perl, C, Unix, sockets, etc.) but I'm looking for a bank that is commited to turning their barter tokens into an active economy over the long term, so that I will have some choices about how to spend those wages. > So far you are planning to accept Magic Money as payment, and to pay out > Magic Money to a few people who write some code or otherwise help you out. > This will not get it into widespread use. Instead, [rebate in NexusBucks] I think both service fees and the rebate are a good idea. Two more good ideas might be : - Loans, in NexusBucks, to independent developers of online services who expect a future digital cash flow stream from their service - Consumer loans to developers who expect a future wage stream in NexusBucks What is the best way to bootstrap the information services economic cycle? What is the minimal size of economy needed -- how many online services, how many developers, how many skilled believers willing to invest sweat equity to bring us to that pint? "Cypherpunks write code -- for digital cash" From nobody at ds1.wu-wien.ac.at Sun Aug 28 11:17:53 1994 From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at) Date: Sun, 28 Aug 94 11:17:53 PDT Subject: crypto anarchy thoughts Message-ID: <9408281817.AA16082@ds1.wu-wien.ac.at> -----BEGIN PGP SIGNED MESSAGE----- Blanc wrote: > list discussions do not altogether convince of the importance of > using encryption as a matter of course or for the re-structuring of > society. True! Encryption and athentication, which is probably all the crypto that CommerceNet and further commercial transactions will use, is just the tip of the crypto-anarchy iceberg. And like an iceberg, most will not see the light of day. > The choice to use crypto is a little different from the sense > of wanting to use it from desperation; I think it is the True again, but then as another pointed out, you draw attention to yourself if you reserve crypto usage for "important" times only. Envelopes don't raise suspicion because nearly everybody uses them. > One of the important issues regarding the use of encryption is not > necessarily whether it is used or not as a matter of course, but > rather the controversy over the source of the permission to use it as > well as the imposed obligation to participate in self-incriminating > applications of it. i.e. do individuals have the sovereign right to I don't understand exactly... for many of the various protocols, full participation is necessary to avoid self-incrimination. For example, digital cash. If you wind up using a credit card or writing checks for everything, you lose any benefits. > But they are not the only ones involved, and it is my understanding > that not all future developments will be determined on this list. Definitely! This list is a clearinghouse of ideas only. People can write in and describe various theoretical concepts which are interesting and fascinating to think about, but whose impact on society will be left for science fiction to describe. I'm not saying this is bad or undesirable. Just that I beleive the future will hold a fairly limited version of crypto anarchy. Here's a scenario: 10 years in the future, PGP is a fully GUI based program at last. It supports drag-n-drop, all sorts of OLE type protocols, and is used just once in a great while by most people, who don't really need the security but once in a great while. Authentication, on the other hand, is pretty big. Companies regularly handle business via networks and thus most have an email address where they take orders, encrypted and signed of course. There are more remailers, a few hundred, but most run in unsecure environments by mostly students who think they're cool. A few commercial remailers were launched, but failed due to lack of interest. The few pay remailers operating are owned by rich hobbyists who can spare a machine and an internet connection and don't care about actually turning a profit. But these don't get much traffic since there are so many free remailers. Digital cash never made it off the ground because credit card companies are now held to stricter laws about disclosing account information, and banks provide competitive debit cards and live under the same disclosure laws (i.e. credit/debit cards good enough for 99.99999% of the people). Furthermore, merchants are restricted from culling purchase records to build dossiers on spending habits (or face legal action), so manufacturers now rely on voluntarily supplied info, usually by enticing customers with various benefits of "registering", such as rebates, discounts, sweepstakes entries, etc. Nobody cares that digial cash preserves anonimity, because bank and stores aren't interested, and customers want the extra benefits that stores offer to add their name to their database. For this reason, offshore banks don't fare too well since the digital cash they issue generally isn't spendible. It is convenient however, if you need to transfer money from one account to another. But you have to go to a "money broker" who will exchange your digital cash for spendible cash, and pay a transaction fee. DC-nets are mostly theoretical, as simple versions are too easy to disrupt, and disruption resistant versions are too complex. Still, a few exist, but don't run continuously - you have to post to alt.dc.net and announce a time you would like to use one, and usually a few people announce willingness to participate. (As it turns out, messages to alt.dc.net account for most of the anonymous mail traffic generated.) Data havens are another failed experiment. Storage costs have plummeted, making it cheap for people to just purchase their own terabyte floptical and encrypt all the data they want to keep. They keep it nearby, making it more convenient to retrieve the data than keeping it at a data haven. A hacked version of PGP which accepts a second plaintext is used to encrypt the data. You specify two passphrases, the real one which decrypts your data, and a second one which decrypts your data to the plaintext you specify. Thus you don't care if you are caught with your data floptical, you can always decrypt the contents to scanned in versions of "War and Peace" and "Alice in Wonderland", etc. How's that sound? -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLmDUBfFYvlqvuKtBAQHpJwP/ZW++0uQezy4SJvUU0c1idNjnAqTdVaAI nHa1juO0IWwsvNGemspRZRS1UTwYrMBefdnWIF1JP0vZYb1tyGeDEPf2Se9+RGTH aqGsTcbzjRKUJhwQWr61gFGk9TBOsdNbX05eTYNf/DHOdqI+bOmMGM4WO2D/YAt3 TFVTIPDxQd8= =Si8r -----END PGP SIGNATURE----- From p.v.mcmahon.rea0803 at oasis.icl.co.uk Sun Aug 28 11:34:18 1994 From: p.v.mcmahon.rea0803 at oasis.icl.co.uk (p.v.mcmahon.rea0803 at oasis.icl.co.uk) Date: Sun, 28 Aug 94 11:34:18 PDT Subject: Golbal Econ. Message-ID: <9408281835.AA11165@getafix.oasis.icl.co.uk> > I would like to help get an internet economny going! For the internet > to become a source of greater revenue I'd like to see a system that > can securely make business transactions that we are all happy with. > The amounts should be small transactions compaired with selling a car, All payment mechanisms require a basis of trust - so that the seller knows s/he will get paid - and hence rely on trusted third parties (governments, banks, charge card company etc), and/or need to be supported by specific explicit seller-buyer contracts. Current (commercial) electronic business transactions are underpinned by contracts, and security mechanisms appropriate to the risks associated with the carrier of the transaction. An "internet economy" needs a basis of trust, as well as security mechanisms appropriate for the current level of IP security. What basis of trust do you envisage? - pvm From jkreznar at ininx.com Sun Aug 28 11:50:26 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Sun, 28 Aug 94 11:50:26 PDT Subject: FCC Regulation (fwd) In-Reply-To: <199408271701.KAA13117@servo.qualcomm.com> Message-ID: <9408280840.AA05683@ininx> -----BEGIN PGP SIGNED MESSAGE----- Phil Karn writes > In these proceedings it became clear that the hams themselves are the > real problem. Some hams still want a big benevolent FCC to protect > them from people who personally offend them, and many of these people > have a following. Although this phenomenon is by no means > qualitatively unique to ham radio, it does seem to have grown > quantitatively beyond anything seen elsewhere. There are plenty of other examples, though, whether quantitatively beyond or not. Consider calls for government censorship, for instance. The entire War On Drugs is mostly just an effort by one segment of the general population to impose their idea of virtue upon others who personally offend them with their drug use, and to use big benevolent government for the purpose. Much of the current battle against tobacco smoking is another case. Who's behind the current US FDA drive against purveyors of nutritional supplements? I believe that they're being driven in large measure by forces outside of government who, for one reason or another, are offended by such supplements. Substantial stuff, by any reasonable quantitative measure. > It really gives one pause. Is government really the enemy of personal > freedoms, or does it merely reflect an intolerant and unenlightened > general population? Excellent question. Answering it the wrong way leads to tremendous energy misdirected to trying to influence politicians and bureaucrats, even when they are effectively representing their constituencies in the general population. It's like shooting the messenger because he bears bad news. Protesting intrusive government instead of popular gratuitous acceptance of government benefits is like putting the cart before the horse. The pessimism about the prospects for ``legal hacking'' that has been expressed on this list ultimately results from a general population too ready to wield government against those they find offensive, folks who are not going let mere legal formality stand between them and their objective. > It's easy to make a government that responds to > the will and whim of the majority, but how can one create a government > that rises above the petty illiberalism of the people it governs to > protect the rights of the individual? Democratic political government is like a cancer, and it has now become well entrenched. It used to be that you could point to the tyrant, and if he got too obnoxious, shoot him. Now that the tyrant is the majority, the option for the rest of us is solar exodus, with strong crypto to help in the rear-guard action. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLmBMGsDhz44ugybJAQEbJAQA0/ju2njqmJtFsBlo+wCcoJ2Aw1dtpvwm pEi4m1RpRkU/7pVopw9xk/cTzAiM1IxzVMIIItbVv5RXVBCv24VZ7+XExWM9N1HK tU8OyGk8mUOFNgazHxPRyyGqFOqDZa9ors9gyVNK/JMdj5hWjIPsrd8XuQ+iGO9m OBUhHSsyi1Q= =obEz -----END PGP SIGNATURE----- From rah at shipwright.com Sun Aug 28 12:01:45 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 28 Aug 94 12:01:45 PDT Subject: Golbal Econ. Message-ID: <199408281901.PAA21893@zork.tiac.net> At 10:27 AM 8/28/94 -0700, Rick H. Wesson wrote: >With topics like buying a car with digital cash make me think some >may be missing my point. I don't want to replace all currencies world >wide with some implementation of digital cash, be it an on or off-line >system. > >I would like to help get an internet economny going! For the internet >to become a source of greater revenue I'd like to see a system that >can securely make business transactions that we are all happy with. >The amounts should be small transactions compaired with selling a car, >I'd like to know how I can pay for some online information without >having to have an account based with the information supplier. For >starters how can I pay for some HTML page or purchase a physical product >via CURRENT technologies on the internet. > >Lets first start an internet cash system before you go off and let our >ego's make all other forms of hard currency obsolette. Damn straight. The major reason I got interested in digital cash and this list in the first place, and why I'm interested in building the capability to underwrite digital cash now, is to sell and buy code, information and maybe professional services, someday *very* soon, quickly, easily, *and* cheaply. The best way to do that is to make something happen, right now, with whatever's available. As long as 1.) there's the necessary functionality in the code, and that includes 2.) the user interface, and it's possible to 3.) bash the existing financial/legal structure to make it fit (paint to hide!), then we, myself included, have no excuses anymore. Seeing that 1 has been agreed to by acclamation on this list many times, and most people believe that secure WWW/Mosaic handles 2. That leaves 3. Making changes in the way business is done is almost the whole point of going into business. Change is what makes money . (Aside: see Joel Mokyr's _The Lever of Riches: Technological Creativity and Economic Progress_ about this, one of my favorite books on economic history.) Fear of modifying the existing business order is what's limiting what may be a very real market in providing liquidity for interenet commerce. That fear is a bugbear. It's a monster in the closet. It ain't real, folks. The laws are there to support digital cash, from very tightassed hypersecure online internet versions of the ATM box at your supermarket checkout stand, to offline digital cash schemes like my current pet business model. The banking/finance structure is there as long as they see a way to make money, the only thing left to do is find out if the market is there. The way to do that is to pick the cheapest, most secure technology to implement, and go for it. Yeah, what he said. It's time to implement something. Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rarachel at prism.poly.edu Sun Aug 28 12:22:58 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 28 Aug 94 12:22:58 PDT Subject: CEB 8 - WNSTORM Info In-Reply-To: <9408240134.AA26527@toad.com> Message-ID: <9408281909.AA00358@prism.poly.edu> WNSTORM is available from: ftp.wimsey.bc.ca:/pub/crypto/software/dist/US_or_Canada_only_XXXXXXX/Steg Usual routine to get it. i.e. cd /pub/crypto/software, get the README file, and if you agree to the terms then follow the instructions. Short description off the top of my head (I wrote the beastie) Another info scrap should be in the same directory as WNSTORM. WNSTORM is a data encryption/steganography utility which is pretty secure for most uses. Unlike some stego systems WNSTORM is expandible, all you have to do is write your own LSB injector/extractor for whatever data format you wish to hide information into. WNSTORM doesn't require the recipient of the host picture, sound, movie, etc. to have the original un-stormed picture. Unlike primitive stego programs, WNSTORM doesn't compare an stormed picture with an unstormed picture. WNSTORM will cover its tracks statistically. If it changes a 0 bit in the LSB data stream to a zero, or a 1 bit to a 1, it does nothing. If it changes a 1 bit to a zero, it will balance itself by changing an unused adjacent 0 bit to a 1. Ditto for a 0->1 transform. WNSTORM will NOT change every bit of the LSB in order to prevent detection. It will use a passkey along with a probabilistic algorithm to decide which bits it will change. The algorithm for picking bits depends on the previous succesfully encoded/decoded cyphertext AND the passkey. Internally WNSTORM works by picking "windows" or "packets" of bytes out of either a random number stream or an LSB stream extracted from a picture, sound, movie, etc. It then injects eight bits of cyphertext into this window. Each window is of variable size. The bit locations where the bits are inserted are randomly exchanged for each pass. The bit values are also randomly exchanged for each pass. WNSTORM includes an injector/extractor for PCX images, however I will write more injecotr/extractor programs for it in the future, and OTHERS can do so as well. From hfinney at shell.portal.com Sun Aug 28 12:27:26 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 28 Aug 94 12:27:26 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408280515.BAA15339@zork.tiac.net> Message-ID: <199408281927.MAA28701@jobe.shell.portal.com> rah at shipwright.com (Robert Hettinga) writes: >I suppose what I meant was is there any fully identified offline digital >cash system in the literature. I haven't heard of any from secondary >sources, like around here, or from my cursory reading of Schneier, for >instance. "Fully identified cash" is not widely discussed in the literature because it is (relatively) trivial, and here because it is not privacy protecting. "Fully identified cash" is equivalent to a check made out to "cash". All you need is a signed directive to your bank to transfer money from your account number such-and-such to the bearer. Such "cash" can be used on-line if the receiver sends it to the bank right away and gets confirmation that the money has been transferred from your account (that there were sufficient funds to cover the check, etc.). It can be used off-line if the receiver checks your ID so that he knows if the check bounces he can sue you or press charges. See? You already have all the technical requirements for your fully identified cash by firing up PGP or RIPEM. Just find a bank which will honor your signed messages. The CommerceNet people implied that such payment options might be forthcoming. Hal From nobody at c2.org Sun Aug 28 12:27:46 1994 From: nobody at c2.org (Anonymous User) Date: Sun, 28 Aug 94 12:27:46 PDT Subject: Making crypto use widespread Message-ID: <199408281925.MAA00416@zero.c2.org> One thing that's become apparent is that *convenience* is all important. If we made PGP much more convenient to use, by integrating it seamlessly into our common offline mailers, then folks would stop complaining about receiving encrypted messages of a trivial nature, they would be much more likely to sign their message, etc. Getting the basic functionality is only half the battle -- the other half is making it so that the effort put into using it is less costly than the value of most uses, which for most single messages is slim. Furthermore, we won't find the most valuable uses until we've climed the learning curve by massive experimentation with this software. Small user learning curves and low usage cost means convenience, convenience, convenience. Convenience is utterly necessary to make crypto traffic mushroom. Compare Nate Sammon's web page interface to the remailers to the shell script interface (much less try to do the encryption & nesting by hand) -- it makes all the difference in the world! Only one easily fixed problem there -- Nate's remailer doesn't say whether it's doing the nested encryption or mailing plaintext! That one flaw, perhaps just a tiny oversight, makes a system with almost nearly perfect convenience much less user freindly. (If it's really not encrypting that's a much bigger flaw, but also correctable). If folks fixed that flaw and widely deployed Nate's server, remailer usage would mushroom, and we would have enough traffic to mix it up without long delays. Why has Magic Money failed to take off? It's very incovenient. Far too much of the protocol is left to the users to perform manually, and the command line options as an interface are far too arcane, with few affordances or strong clues as to the current state of the protocol, or what action to take next. This isn't a flaw in way Magic Money has implemented digital cash protocols, it simply means that the software from the point of view of users is incomplete -- soembody needs to write a friendly client on top of the autoclient, and a seamless anonymous messaging system between customer, vendor, and bank. This would make a huge difference in how many people are willing to play with, and eventually use, the system. Incidentally, Eudora developers told me at Internet World that they plan to provide GUI hooks for PGP and PEM in a release due out in late '94 or early '95. This is easy for them to do, they just haven't considered it a high priority. It is just not that hard for vendors to integrate encryption if they have customers telling them that's what they want. We as customers need to speak out to our software vendors and let them know what we want. This is at least as important as political activism, probably moreso. From jkreznar at ininx.com Sun Aug 28 12:52:18 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Sun, 28 Aug 94 12:52:18 PDT Subject: Are RSA licenses fungible? In-Reply-To: <199408280534.WAA01508@ar.com> Message-ID: <9408281948.AA00880@ininx> -----BEGIN PGP SIGNED MESSAGE----- "Rick H. Wesson" writes > why don't you just buy an RSA toolkit licence and patch it inro whatever > you want, just don't redestribute code... The obstacle there has been that this is for a person who refuses on principle to affirm that he is a national person of any nation. I think that such a person could not obtain an RSA toolkit license. Right? The interest in the ViaCrypt option arose on the hope that their national requirements (merely being ``in the US'') might be satisfied, even if those for MIT's PGP 2.6 (affirmation that one is a US citizen or national) could not be. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLmDpF8Dhz44ugybJAQEtJQP/VsvgQ2AjvwLB6IDETveF49Ll2MPjtqQq 33/eWlWcqLxYKwDE3GAM/2ug4yAQtLlRg6IciNnzj7nS/4dZgeHxEB+bmMt3kTra JvTKLiJcEWAS1Y50mE5Dqnv6eTLlEy9TUcViTPkOWtWhZHcKi/GyuwPxvW4ZU17d 3aAHXaFi39M= =MU/N -----END PGP SIGNATURE----- From tcmay at netcom.com Sun Aug 28 12:53:07 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 28 Aug 94 12:53:07 PDT Subject: PGP fanatacism Message-ID: <199408281953.MAA07926@netcom14.netcom.com> An anonymous (why?--afraid to use your own name?) person wrote: >Earlier, Tim May wrote: > >> Not only do many of us not do all this stuff (have you seen Eric >> Hughes signing his messages? How about John Gilmore?), but some people >> have decided to stop reading e-mail altogether. Donald Knuth, for >> example. A wise man. >> I'm happy that you PGP fans are thoroughly infatuated with using PGP >> for everything. Just knock off the clucking and sighing about those >> who don't see it as the end-all and be-all of today's communications. >> It reeks of fanaticism. > >Interesting. I wonder what this says though... cypherpunks promote >encryption, digital cash, dc nets, data havens... > >but wouldn't ever be caught actually using any of the above. > >Hell, that stuff is way too plebian. I'd rather advocate it that >actually be in the uncomfortable position of following my own advice. Anonymous flames are one thing, but incorrectly characterizing points of view is another. I and other Cypherpunks clearly use PGP at times. I just don't like having to jump throught the hoops of downloading my mail to my home machine and then decrypting it....I do most of my casual mail reading in "elm," on Netcom, as I am online for several hours a day, and downloading is an interruption. (There's also the issue of "on-line" or immediate clearing vs. "off-line" or delayed clearing....I see an encrypted message to me while I'm reading my mail in elm....I have two main choices: log-off, fire up Eudora, download my mail, decrypt the PGP message, or, defer the reading until the next time I download my accumulated mail. I often forget about PGP-encrypted mail until I happen to see it again, which may be never.) "All crypto is economics." And too often the effort of reading encrypted messages turns out to be not warranted. My ire at John Young came from his apparently malicious "tweak" at me in which he sent me PGP-encrypted mail immediately after my post explaining why PGP-encrypted mail takes me longer to read. That his message was utterly banal and was not worth decrypting was the proximate cause of my anger. (He claims it was an "accident." Maybe. But seeing that it was the first PGP message to me ever, and it came shortly after my comments, and was banal, I have to conclude he thought he was jabbing me in some way, making some meta-point.) Many Cypherpunks are running shell scripts and the like to make running PGP easier. Mostly on machines outside their control, where the secret key and the passphrase can be captured any number of ways (as others have also explained). This is illusory security. OK for playing around, but to lecture people like me that we should not be bothering with using PGP only on our secure machines is folly. PGP and mail both have a long way to go. In the meantime, I prefer to concentrate on the things I do pretty well, like writing and thinking. I'm not a Unix jock like many of you college students or C programmers, and I like it that way. To each their own. I don't have a Unix box at home, only a Unix account on Netcom's machines (and this is a 14.4 dial-up account, not a SLIP or PPP connection). That's life. Anonymity is OK, but I encourage critics to come out from behind their wall of anonymity and give their actual names, or at least use a digitally-signed pseudonym, so we can know we're talking to the same person. (I suppose Mr. Nobody will use this to claim that "Cypherpunks are against anonymity.") --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Sun Aug 28 12:53:12 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 28 Aug 94 12:53:12 PDT Subject: Is Off-Line Digital Cash Dead? Message-ID: <199408281952.MAA07916@netcom14.netcom.com> Rick Wesson wrote: >It seems that off-line cash is dead or so the latest posts assure me, >is there a way to incorporate some of the anonymity with off-line cash >into on-line cash? > Off-line cash is not dead. I just expressed several reasons why on-line cash has market advantages (immediate clearing, no repudiation, and thus greater value in a Gresham's Law sense) and some disadvantages (connection to clearinghouse). Which systems will win out, and how, is unclear. As in most economic/ecologic matters, expect multiple solutions. But I do think the arguments strongly favor "immediate" clearing, which means either on-line clearing (Alice confirms that money has moved, albeit distantly) or pure cash (conventional). Off-line clearing that relies on trusted observer protocols, and that may allow later repudiation ("that wasn't me--give me my money back"), seems at a disadvantage. (If off-line cash has a cost in terms of not clearing immediately, and even allowing ways to break anonymity--perhaps via repudiation, in some proposals--then it will be 'devalued" relative to "hard currencies" that clear immediately, untraceably, and irrevocably.) That you, Rick, are having coding problems is no great surprise. Despite what some folks are saying here, this is still a research issue. Lots of stuff yet to explore. (Yes, I may be proved wrong when these enthusiasts open their doors at First Digital, but such is life. Having invested in companies before, and knowing something about what to look for in terms of cash flow, burn rates, expectations of actually starting to sell (as opposed to burning money doing research), I wouldn't put a *dime* into a startup to do digital cash *at this time*. This is not to say enthusiasts and researchers should not pursue this. After all, what better way to be prepared to get jobs or start companies in this area when the time *is* ripe? But don't expect many investors to fund a blue sky research startup.) I expect I'll have more to say on these various points. My Netcom account, as about 50 of you Netcommies certainly also know, is delaying mail by up to a day. (They have 30,000+ account names in the file that has to be opened, searched, appended to, etc., each and every time a piece of mail arrives....things fell apart suddenly and now they are revamping the account strucure, which may take several more weeks to fix.) So expect some delays and/or completely missing responses from me. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Sun Aug 28 12:53:17 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 28 Aug 94 12:53:17 PDT Subject: We Get the Government We Deserve Message-ID: <199408281953.MAA07938@netcom14.netcom.com> Phil Karn writes: >It really gives one pause. Is government really the enemy of personal >freedoms, or does it merely reflect an intolerant and unenlightened >general population? It's easy to make a government that responds to >the will and whim of the majority, but how can one create a government >that rises above the petty illiberalism of the people it governs to >protect the rights of the individual? Americans are simultaneously of two minds about privacy: * "What have you got to hide?" * "None of your damned business." (I don't know other national cultures very well, hence the focus on the culture I do know.) These views come out at different times in different ways, but most people express them and fail to see the dichotomy. My crusade happens to be against the basic idea of democracy itself. Yes, I am opposed to democracy and seek to use crypto as a way to bypass democracy, to hide transactions from the tax collectors and hence from "society," and to find ways to bypass national borders and the democratic or authoritarian (whichever, or both) institutions that they encompass. We get the government we deserve. The Drug War is happening because Americans shrilly say "Do something!" and would rather have the D.A.R.E. commandoes educating their kids than do it themselves. Ditto for most of the laws passed by the tens of thousands every year. (Ever wonder why we need thousands of new laws? I do.) De Tocqueville (sp?) said that the American experiment in democracy would last only until the voters realized they could pick the pockets of others at the ballot box. That point arrived at least 50 years ago. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From rah at shipwright.com Sun Aug 28 12:53:41 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 28 Aug 94 12:53:41 PDT Subject: crypto anarchy thoughts Message-ID: <199408281953.PAA22346@zork.tiac.net> At 8:17 PM 8/28/94 +0200, nobody at ds1.wu-wien.ac.at wrote: >Digital cash never made it off the ground because credit card >companies are now held to stricter laws about disclosing account >information, and banks provide competitive debit cards and live under >the same disclosure laws (i.e. credit/debit cards good enough for >99.99999% of the people). Furthermore, merchants are restricted from >culling purchase records to build dossiers on spending habits (or face >legal action), so manufacturers now rely on voluntarily supplied info, >usually by enticing customers with various benefits of "registering", >such as rebates, discounts, sweepstakes entries, etc. Nobody cares >that digial cash preserves anonimity, because bank and stores aren't >interested, and customers want the extra benefits that stores offer to >add their name to their database. Any argument which uses anonymity as the first cause for implementing a digital cash system deserves to lose. Like sophisticated engraving, intaglio printing, and a zealous anti-counterfeiting effort, strong crypto and zealous anti-double spending efforts are the technologies which enable trust in a digital cash certificate for it's own sake. The trust of that certificate is what lowers costs a transaction using it to the point where vendors don't need security deposits to back up their credit card float, and where direct connection to a trusted third-party aren't necessary for that or a debit card transaction. It also obviates the need of identifying who you get it from. It's money that's the issue here. Same as it ever was. Privacy, and maybe even crypto-anarchy or anarcho-capitalism, is the icing on the cake. > >For this reason, offshore banks don't fare too well since the digital >cash they issue generally isn't spendible. It is convenient however, >if you need to transfer money from one account to another. But you >have to go to a "money broker" who will exchange your digital cash for >spendible cash, and pay a transaction fee. A digital cash issuer (an underwriter) doesn't have to be domiciled in an imaginary foriegn country in order to survive. It can sit in New York, or Boston (I hope...), or (horrors) Washington DC. I expect that maybe someday banks may eventually hold portfolios of outstanding digital cash, and it's easy to see an eventual secondary (derivative) markets for bundles of digital cash, in the same way mortgages are handled. It's also easy to see how it will be easier to leave it the underwriters to handle the stuff in the beginning, and for a bank to get commissions for referring customers to a specific underwriter. In this model, the "money broker" is actually the issuer and the bank simply is an agent, like in traveller's checks. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sun Aug 28 12:53:46 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 28 Aug 94 12:53:46 PDT Subject: Golbal Econ. Message-ID: <199408281952.PAA22343@zork.tiac.net> At 7:35 PM 8/28/94 +0100, p.v.mcmahon.rea0803 at oasis.icl.co.uk wrote: >An "internet economy" needs a basis of trust, as well as security >mechanisms appropriate for the current level of IP security. What basis >of trust do you envisage? Most of this can be done in civil law. It's done all the time in the securities markets. If you have certificate which is collateralized, by an agreement between the issuer and the purchaser, and thus the entire transaction chain until the certificate is redeemed, monitored by an independent trustee, then you have a stable exchange mechanism for internet commerce. International trades of securities like this are made in amounts in the trillions of dollars every day. All collateralized bonds have this feature. The extension of this to an offline digital cash issuance agreement is trivial. Secure transactions are here already. They're obtained by using public key crypto to pass transaction information, including the digital certificates and any information or software, or purchase order/invoice, between buyer and seller. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From tcmay at netcom.com Sun Aug 28 12:54:08 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 28 Aug 94 12:54:08 PDT Subject: Cash, cheaters, and anonymity Message-ID: <199408281953.MAA07945@netcom14.netcom.com> (As I said in another post, Netcom has a seriously broken mail system. Sorry for the delays.) I'll try to only respond to a few of Hal's good points, so as not to have too long a post here. His points are elided unless included. >Tim has made a lot of good points, and I'll only try to respond to a few: > >>NEGOTIATED PROTOCOLS TO REDUCE RISKS > >>However, just as most folks make arrangements with their bank/ATM machines >>(semantic meaning #2 of "ATM") to limit cash withdrawals to, say, $200 a >>day (it varies), so too can digital cash arrangements make similar >>contractual deals to limit losses. Some possible plans: > >>* Plan A: The protocol insists on retinal scan or other biometric >>authentication between the "smartcard" used as the cryptographic keying >>device and the putative owner. The "Thunderball" plan. (issues: preserving >>anonymity with biometric authentication, spoofing of the channel between >>card and physical apparatus, theft of smartcard, etc.) > >In Demolition Man, Wesley Snipes plucks the eyeball out of the victim to >hold it up to the retinal scanner and escape. Hacked-off thumbs may provide >similar workarounds for fingerprint protection. Maybe what we want is Yep. part of the reason I dubbed it the "Thunderball" plan: in that movie, almost 30 years ago, a stolen nuclear weapon is armed by spoofing the retinal scanner with a stolen eyeball (or maybe it was fake contact lenses...it's been awhile). Given the stolen nukes theme, it's amazing that the debate has shifted so little in 30 years. (ObCrypto links: Gus Simmons, who most of you should know about via his "Contemporary Cryptology" book and his work on subliminal messages, was the *main guy* on the "Permissive Action Links" (PALs) used to secure American nukes. I asked Whit Diffie, a close friend of him, if it was true that Simmons and others leaked security info to the Soviets to help them to secure their own nukes against unauthorized use...apparently they did, with the approval of the U.S. government.) ... >I think this is where the tamper-proof wallet idea comes from; it is the >closest anyone has come to providing truly conserved digital cash. With >such a system you can get the benefits of on-line clearing even in the off- >line environment, just as people will accept cash today without taking it >to the bank first. As I remember the observer protocol (Chaum's "Scientific American" article, August of 1992, as I recall), a trusted manufacturer is needed. Tamper-resistant modules, etc. This still allows spoofing. I know that off-line clearing, in which I get my money at some time after the transaction, is a whole lot less satisfying that receiving confirmation from my own agents/bankers that the money has already been transferred into my account. I agree that various protocols will exist, at various prices, with various benefits. .. >I think this is the key point. All of our speculation about the relative >advantages of the various forms of cash is largely irrelevant, as long as some >form of privacy-protecting payments comes into existance. Then the details >of the implementations will determine the relative costs and the market >advantages of each approach. The hard part will be getting that first cash >system in place. Which a free-market person such as Hal agrees with, of course. The market will ultimately evolve various protocols. Provided that regulations do not stop certain approaches, of course. ... >>([...] My use of the term "claim" >>here is of the "You present the right number, you get access" kind. Like >>the combination to a safe. The train locker idea makes this clearer, and >>gets around the confusion about "digimarks" of "e$" actually _being_ any >>kind of money it and of itself.) > >Dollar bills got their start this way. At one time they were just "claims" >on the real dollars in the bank vaults. Yet most people find it more con- >venient to think of them as money, even back when you could still turn them >in for gold. I think it's useful to think of ecash as being money as well, >although granted it is money with its own characteristics different in some >ways from banknotes, checks, or coins. The plethora of financial instruments, derivative, etc., will be echoed with digital money (indeed, some existing instruments already overlap with digital money, albeit not yet of the Chaumian flavor). For example, traveller's checks evolved to fill a niche for a form of money which could be "lost or stolen" and yet still be replaced. Don't leave home without it. Lots of niches exist, and many new ones will be created. >One thing I think is clear is that off-line cash will not be issued to >anonymous recipients. Imagine a magic quarter which would reappear in >your pocket after you put it into the coke machine. How many people would >be willing to resist using it? That's what you'll have with an off-line >coin issued to a pseudonym. We agree. Protocols I've seen make off-line cash problematic. "There is no digital coin." But on-line cash can be, and hence will be, issued to anonymous recipients. It's already done, with numbered Swiss bank accounts (at least in the past), and with the train lockers I mentioned. People put money in train lockers anonymously, then give the key to others, in exchange for goods and services (drugs, return of kidnap victims, etc.). > >>And as networks get much faster, expect even off-line cash to fade. Depends >>on costs, insurance rates, benefits, and of course on regulations. > >This is probably right, although ironically the infrastructure for off-line >cash might be simpler. On-line cash needs 24-hour availability, quick >(nearly instantaneous) response, a fully automated cash validation system. >We have this now, with the Visa cards, but it didn't appear overnight. And >I doubt that the Internet is a suitable communications medium for it (due >to reasons of availability, reliability, and security). Off-line cash could >be handled with longer turnaraounds in a machine which is not on the net, >using manual intervention so pass words and such are not stored on-line. >Of course the disadvantage is that the off-line cash requires identity >authorization during issuing. Yes, it requires an infrastructure. But for reasonable-sized transactions, the few cents for a current VISA transaction would be lost in the noise. Even if more computations are needed (as they will be, presumably), on-line transactions will be manageable for the larger transactions. Very small transactions (buying snacks and newspapers) can be handled off-line. This is already done, as when people buy "subway cards" that are semi-tamper-resistant (we all know they aren't, but most people don't try to diddle them). Ditto for phone cards, parking coupons, etc. (But why bother with off-line cash for most purposes? Physical cash is convenient for such things. However, markets will decide.) >Tim's ideas about escrow agents and a credential-less society are very >interesting as well and I'll try to make some comments on them later. > >Hal I look forward to hearing these comments. Understand that I wrote that essay basically off the top of my head, pulling together some ideas that I think have been pretty obvious for a while. We don't often discuss these sorts of ideas, preferring (I guess) to correct each other on points of trivia about the flight range of the A-10 Warthog (;-}). Life on the Internet. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hart at chaos.bsu.edu Sun Aug 28 12:55:16 1994 From: hart at chaos.bsu.edu (Jim Hart) Date: Sun, 28 Aug 94 12:55:16 PDT Subject: Golbal Econ. In-Reply-To: <9408281835.AA11165@getafix.oasis.icl.co.uk> Message-ID: <199408281949.OAA18389@chaos.bsu.edu> All payment mechanisms require a basis of trust - so that the seller knows s/he will get paid . With an online clearing system, four elements of trust are needed: + both the vendor and the customer need to trust the bank + the customer needs to trust the vendor to deliver the goods and change once the vendor has been paid + any one out of n of the digital mixes (proxy servers) used to communicate between the parties needs to be trustworthy + independent auditors for the bank This kind of trust comes through repeated relations: if the vendor has delivered in the past, and benefits from staying in business in the future, they will deliver the goods today. Same for the bank issuing and honoring currency. Regular money supply figure updates and independent auditing of a free bank are important, so that they cannot take hidden actions to inflate the money supply. (Alternatively, an online bank can peg the value of its tokens to, and facilitate conversion to and from, a widely issued currency such as the dollar). Also, note that trust is unbundled. Each agent is only trusted with certain aspects of the transaction; no agent is trusted to carry out the entire transaction, or with the knowledge of all aspects of the transaction. There are entry and exit problems: it costs to gain a reputation, and if one's need for a future reputation is small it pays to abscond. These can be overcome by the agent trying to gain the reputation, via offering up-front subsidies to use their services (like sign up bonuses), by sponsorship and introduction of new services by known reputable agents, by keeping maximum transaction sizes low, and by other means. Many of these techniques are well known and commonly used by businessmen. Trust can also be gained by knowing someone personally. Many cypherpunks do, and this will remain important. But it's also a risk for controversial services, as being personally known puts them at greater risk of being shut down by intolerant force. So trust based on reputation of agents on the net, and on the contstraints imposed by cryptographic protocols -- that is our important task; if I might be so bold I'd say that's the essence of the cypherpunks vision. There are also a wide variety of other means of gaining trust through repeated relation, unbundling/distribution of trust, and the like. For example, an escrow is a third party trusted to hold transactions, eliminating the need for the customer to trust the vendor to deliver. Escrows are useful when the vendor is anonymous, not having established a reputation for its nym, and for large transaction sizes. The above bank/vendor/customer/mix scenario seems the simplest to start out with on the Internet at this time. Jim Hart hart at chaos.bsu.edu From hfinney at shell.portal.com Sun Aug 28 12:58:49 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 28 Aug 94 12:58:49 PDT Subject: e$: e-cash underwriting In-Reply-To: <9408271841.AA26491@ah.com> Message-ID: <199408281957.MAA02631@jobe.shell.portal.com> hughes at ah.com (Eric Hughes) writes: >Why does everyone think that the law must immediately be invoked when >double spending is detected? >Double spending is an informational property of digital cash systems. >Need we find malicious intent in a formal property? The obvious >moralism about the law and double spenders is inappropriate. It >evokes images of revenge and retribution, which are stupid, not to >mention of negative economic value. It was nice to finally meet Eric and other CP's at the Crypto conference. To me, double-spending is analogous to passing bad checks. I don't think people will be satisfied to simply view it as a formal property, any more than they are in the case of checks. In either case you are getting an explicit or implicit assurance from the payor that the instrument is good. Intentionally cheating would be viewed as fraud. I think this approach would increase the likelihood of digital cash being accepted. >What is needed are techniques to prevent the possibility of double >spending from taking down the system. These might include law, and >hence also identity, but need not. What is the point of an anonymous >system if identity is needed to make it stable? The contradiction >here is enormous. The offline cash protocols suffer from this fatal >design flaw, namely, anonymity for "good people" and identity for "bad >people". Why invoke identity at all if you can do without it? That's a big "if". I don't follow the proposed solution below. In any case, discussions about the role of identity are purely speculative. I think what we want is a system where people are free to use these technologies as they wish. If one bank offers certain advantages to people who are willing to authenticate their identity (as I think some will), that is fine. If a person chooses not to take advantage of those opportunities because he doesn't want to divulge his identity, that is fine, too. The real question is the degree to which adding identity authentication increases the likely range of situations that can be covered in a privacy-protecting way, and the degree to which it may lower costs. >Having a database of "spent money" is the primary technique for >prevent direct costs from being a problem. So what is left are >attempts to redeem multiple times the same note. They won't actually >get redeemed, but if there's a negligible marginal cost for trying, >well, then, some folks will try. >One solution is clear and direct: charge for each redemption attempt. >In that situation, multiple attempts get rejected, and the issuer is >recompensed for the attempt. No morality need be invoked. The problem is, the fraud doesn't occur (typically) when the note is redeemed at the bank, it occurs when the note is exchanged at the market. Is this proposing to charge the merchant when he in good faith turns in the cash which was given to him by the customer, and it turns out bad? What cruel irony! Here he is already cheated once, and the bank will charge him an extra fee as additional punishment? I must be misunderstanding. This seems not to deter double-spenders at all. >There remains an issue as to the size of this redemption fee, which >would have to be small. In order to optimize the transaction costs of >charging this fee, a bank might be willing to accept identity in >escrow for the transaction and to remove the fee for good >transactions. Identity might be a pseudonym revealed after 10 bad >attempts, say. This system removes the requirement for identity and >substitutes it for an economic optimization based on identity. Here I am lost completely. Whose identity is in escrow? The person to whom the coin is given in the first place? But I thought we were referring to a double-spending protocol in which users revealed their identity to the bank. Apparently not? Is the idea here that the bank doesn't know the user's identity, but some other escrow holder does, and it gets revealed only if the user double-spends 10 times? But that would still be identity-based, just with different rules about when it gets exposed. I really don't follow this at all. To me, there is no problem with revealing identity in certain situations as long as it is unlinkable to my other activities.. And I will be much more willing to lend credit or other forms of trust to pseudonyms if I know that they are willing to pay the ultimate price of punishment to their own very physical bodies if they cheat me. What more assurance could I want? And yet, as long as all parties are honest, we have no fear of our identities being revealed against our will. This is no more a contradiction than is the existance of one-way functions. Both are manifestations of control over information flow. If this control is possible, why not make use of it? Hal From rarachel at prism.poly.edu Sun Aug 28 13:33:25 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 28 Aug 94 13:33:25 PDT Subject: FCC Regulation (fwd) In-Reply-To: Message-ID: <9408282019.AA00924@prism.poly.edu> Who do we bitch to inorder to prevent this? From p.v.mcmahon.rea0803 at oasis.icl.co.uk Sun Aug 28 13:49:02 1994 From: p.v.mcmahon.rea0803 at oasis.icl.co.uk (p.v.mcmahon.rea0803 at oasis.icl.co.uk) Date: Sun, 28 Aug 94 13:49:02 PDT Subject: Golbal Econ. Message-ID: <9408282050.AA17744@getafix.oasis.icl.co.uk> > >An "internet economy" needs a basis of trust, as well as security > >mechanisms appropriate for the current level of IP security. What basis > >of trust do you envisage? > Secure transactions are here already. ... for parties with established commercial relationships. > Most of this can be done in civil law. It's done all the time in the > securities markets. If you have certificate which is collateralized, by an But the contractual agreements upon which these transactions are based don't scale too well to the [small] vendor / casual purchaser sector, which I guess the term "internet economy" is intended to encompass. The most likely basis of trust for this sector is not going to be achieved through each transient buyer-and-seller pair-instance entering into an explicit contract to enable the seller to believe the buyer's electronic [proxy-]promissory note - but by an extension of the current mechanism for telephone or mail-order payment, with the trusted third parties being VISA, AMEX, etc. While CommerceNet is the most prominent make-the-internet-safe-for-business initiative, it still only expects to have 1 million customers within five years - a goal that is modest enough given today's Internet user base, and growth rates. Even so, industry analysts consider this goal ambitious. Expectations for an internet economy based on techniques above and beyond the ability to securely send one's credit/charge card details are unlikely to be fulfilled in the short/medium term. - pvm From wfgodot at iquest.com Sun Aug 28 13:55:53 1994 From: wfgodot at iquest.com (Michael Pierson) Date: Sun, 28 Aug 94 13:55:53 PDT Subject: Cash, cheaters, and anonymity In-Reply-To: <199408272207.PAA23390@ar.com> Message-ID: In article <199408272207.PAA23390 at ar.com>, Rich H. Wesson wrote: > together gives me very fast access to numbers in the order of 8192 > digets in base 36, geesh I have no clue as to how many base 10 digits that > is but I feel that its proabably enough to play with some digital cash Uhh... I think it works out to something _roughly_ on the order of 1.69858109312_E_12749, give or take a few centillion^42s and change. -Michael From p.v.mcmahon.rea0803 at oasis.icl.co.uk Sun Aug 28 14:09:20 1994 From: p.v.mcmahon.rea0803 at oasis.icl.co.uk (p.v.mcmahon.rea0803 at oasis.icl.co.uk) Date: Sun, 28 Aug 94 14:09:20 PDT Subject: Golbal Econ. Message-ID: <9408282110.AA18575@getafix.oasis.icl.co.uk> > > All payment mechanisms require a basis of trust - so > > that the seller knows s/he will get paid . > The above bank/vendor/customer/mix scenario seems the > simplest to start out with on the Internet at this time. Indeed. But what I have still not seen in this thread is an articulation of a business case for existing financial institutions to support the putative [on|off]-line payment mechanisms - in particular as an alternative to charge/credit cards for one-off transactions. - pvm From tcmay at netcom.com Sun Aug 28 14:11:21 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 28 Aug 94 14:11:21 PDT Subject: FCC Regulation (fwd) In-Reply-To: <9408282019.AA00924@prism.poly.edu> Message-ID: <199408282111.OAA04192@netcom2.netcom.com> Arsen Ray Arachelian just wrote: > > Who do we bitch to inorder to prevent this? > Send your Morse code telegram--you've passed your exam, I presume?--to the FCC. But hurry, as I understand they're about to pass the law. Here's a section of what I sent FCC Commissioner Craig Shergold: Dih dah, dah, dah dah dah: Dih dih dah, dah dah dih dah, dah, dah dih dih dih, dah dih, dah dah dah, dih dah dih Dah dah -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Sun Aug 28 14:16:18 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 28 Aug 94 14:16:18 PDT Subject: "Must read" posts In-Reply-To: <199408281949.OAA18389@chaos.bsu.edu> Message-ID: <199408282116.OAA06583@netcom2.netcom.com> Many people seem to think I dislike the views of other Cypherpunks. Not so. In fact, I find many posters to be refreshingly direct and clear. For example, I find the view of Jim Hart to be clear, concise, and almost always on-target. I've moved him into the category of "must read," along with the other dozen or so authors here whose work seems consistently of high quality. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jya at pipeline.com Sun Aug 28 15:07:15 1994 From: jya at pipeline.com (John Young) Date: Sun, 28 Aug 94 15:07:15 PDT Subject: Not me PGP-tweaking Message-ID: <199408282206.SAA09801@pipe1.pipeline.com> Responding to msg by tcmay at netcom.com (Timothy C. May) on Sun, 28 Aug 12:58 PM >My ire at John Young came from his apparently malicious >"tweak" at me in which he sent me PGP-encrypted mail Warn't me, Tim. Still too crypto-knobbie without the skill for PGP mail or post. I got lumped with other tweakers while trying say a humorous word on your behalf. Ah well, so much for humor in the midst of a spat. I'll duck next time. John From ghio at chaos.bsu.edu Sun Aug 28 16:02:25 1994 From: ghio at chaos.bsu.edu (Matthew Ghio) Date: Sun, 28 Aug 94 16:02:25 PDT Subject: In the year 2525 Message-ID: <199408282257.RAA20353@chaos.bsu.edu> "Rick H. Wesson" wrote: > If I stole all the digital cash in the world, and held it for 30 > seconds in a numbered account, how much interest would I have? Zero. If you stole all the money, there would be none left to pay you interest. :) From merriman at metronet.com Sun Aug 28 16:09:53 1994 From: merriman at metronet.com (David K. Merriman) Date: Sun, 28 Aug 94 16:09:53 PDT Subject: In the year 2525 Message-ID: > If I stole all the digital cash in the world, and held it for 30 > seconds in a numbered account, how much interest would I have? Well, you'd certainly have *my* interest.... :-) Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From nobody at shell.portal.com Sun Aug 28 17:00:05 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sun, 28 Aug 94 17:00:05 PDT Subject: We get the government we deserve Message-ID: <199408282359.QAA18741@jobe.shell.portal.com> Tim C. May wrote: > We get the government we deserve. The Drug War is happening because > Americans shrilly say "Do something!" and would rather have the D.A.R.E. > commandoes educating their kids than do it themselves. Ditto for most of > the laws passed by the tens of thousands every year. (Ever wonder why we > need thousands of new laws? I do.) DARE really isn't so bad... Just because we recognize that people should have the freedom to use drugs if they choose to do so, doesn't mean that such drugs are good. Maybe a lot has changed since the DARE program was given at my school, but it mostly focused on why drugs were bad, allowing people to make a more informed decision about using drugs. That seems to me to be protection against fraud... I was talking about this with a cop recently, and he said that the DARE program was the most effective tactic against drug abuse. He admitted that busting drug dealers wasn't really effective (for several reasons). So maybe attitudes are changing. I asked him about legalization. He was somewhat hesitant on this point. His only objection was that he was afraid that it would "send the wrong message." However, he did admit, that everyone he had ever picked up for drug abuse was also involved in other crimes, theft being most common. So even if drugs were legalized, the same criminals would still get arrested for their crimes. From perry at imsi.com Sun Aug 28 17:01:30 1994 From: perry at imsi.com (Perry E. Metzger) Date: Sun, 28 Aug 94 17:01:30 PDT Subject: $10M breaks MD5 in 24 days In-Reply-To: <199408280651.XAA13677@servo.qualcomm.com> Message-ID: <9408290001.AA09827@snark.imsi.com> Phil Karn says: > >Well, I suppose this demonstrates that the NSA knew what they were > >doing when they set the SHA's length to 160 bits. Let it never be said > >that they aren't right on top of everything... > > On the other hand, I can't imagine that NSA is unaware that strong > cryptographic hash functions designed for authentication are also > useful building blocks for a confidentiality cipher. Which might make > them less than wholly enthusiastic about doing their best on a public > standard like SHA. True enough. However, we don't have a lot of alternatives right now. MD6, anyone? .pm From Mailer-Daemon at IntNet.net Sun Aug 28 17:21:39 1994 From: Mailer-Daemon at IntNet.net (Mail Delivery Subsystem) Date: Sun, 28 Aug 94 17:21:39 PDT Subject: Returned mail: unknown mailer error 1 Message-ID: <9408290013.AB03201@ IntNet.net> ----- Transcript of session follows ----- sh: /users/home/entropy/procmail: not found 554 "|IFS=' ' && exec /users/home/entropy/procmail -f- || exit 75 #entropy"... unknown mailer error 1 ----- Unsent message follows ----- Received: from toad.com (localhost) by IntNet.net (5.0/SMI-SVR4) id AA03078; Sun, 28 Aug 1994 20:13:55 +0500 Date: Sun, 28 Aug 1994 20:13:38 +0500 Message-Id: <9408290013.AA03078@ IntNet.net> Errors-To: cypherpunks at toad.com From: cypherpunks at toad.com (Cypherpunks List) To: entropy at IntNet.net (Jcooper) Subject: blah content-length: 24 Blah Blah Blah -cp  >From owner-cypherpunks Sun Aug 28 11:17:53 1994 From perry at imsi.com Sun Aug 28 17:21:52 1994 From: perry at imsi.com (Perry E. Metzger) Date: Sun, 28 Aug 94 17:21:52 PDT Subject: In the year 2525 In-Reply-To: <9408281711.AA14222@ua.MIT.EDU> Message-ID: <9408290021.AA09881@snark.imsi.com> Jason W Solinsky says: > Rick queried: > > > If I stole all the digital cash in the world, and held it for 30 > > seconds in a numbered account, how much interest would I have? > > Reminds one of the novela Press Enter, no? Reminds one of the random thoughts that come to drunken people at 3am in the morning. Normally, people don't feel that its necessary to repeat these things to hundreds of people. Perry From cp at omaha.com Sun Aug 28 18:57:55 1994 From: cp at omaha.com (alex) Date: Sun, 28 Aug 94 18:57:55 PDT Subject: We get the government we deserve In-Reply-To: <199408282359.QAA18741@jobe.shell.portal.com> Message-ID: <199408290017.TAA00187@omaha> > I was talking about this with a cop recently, and he said that the DARE > program was the most effective tactic against drug abuse. He admitted Sorry to be straying from crypto, but: I heard exactly the opposite, that studies have shown no difference whatsover in the usage rates in kids who went through DARE and kids who don't go through DARE. Alex From raph at CS.Berkeley.EDU Sun Aug 28 19:28:52 1994 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Sun, 28 Aug 94 19:28:52 PDT Subject: Announcement of premail v. 0.20 Message-ID: <199408290229.TAA12396@kiwi.CS.Berkeley.EDU> Hi all, I am releasing premail, a remailer chaining and PGP encrypting mail client, to the Net. If you are interested in using the cypherpunks remailers, but are intimidated by them or simply find them too hard to use, then this software can help. Premail will also PGP-encrypt and optionally sign outgoing mail. The README file is attached. Please check it out and let me know how you like it. Raph Levien ----------------------------------------------------------------------- README file for premail v. 0.20 27 Aug 1994 -- Raph Levien Premail is a mail client for Unix workstations, supporting PGP encryption and anonymous remailers. It can be used either stand-alone or as a layer under your favorite user mail client. Premail has been designed to be as simple and transparent as possible. Features include: * Chaining of messages for cypherpunk remailers. * Automatic selection of reliable remailers. * PGP encryption and signing. * Online and offline operation. Premail is designed to masquerade as sendmail. It accepts mail in the same way, and takes the the same options, and providing additional header fields for its privacy features. Thus, if you can get your mail client to pass the mail to premail rather than sendmail, then you gain the use of the privacy features without changing the way you send mail. In the interest of simplicity, premail only handles outgoing mail. It does not handle incoming mail, or PGP decryption. Installation ------------ This section explains how to set up premail for basic operation, without PGP encryption. Use of PGP encryption is highly encouraged, and is covered in a later section, as are configuration and advanced features. This section assumes that your machine is connected to the net when you run premail. It is capable of offline operation as well, as discussed in a later section. 1. Get the source. Given that you are reading this file, you may have already done this; if so, go to step 3. The latest version of premail is available at: ftp://kiwi.cs.berkeley.edu/pub/raph/premail-0.20.tar.gz 2. Unpack it. To do this, run: gzip -dc premail.tar.gz | tar xvf - 3. See if you can run it. First, do "cd premail", then "./premail" (without the "" marks in both cases). If it prints a usage summary, you are in luck. If you get "command not found," then the problem is most likely that your system's copy of perl does not live in /usr/bin. Type "which perl" to find out where it actually is, then edit the first line of the file "premail" to match that, and try again. 4. Copy premail into a directory in your path (this step is optional). For example, if ~/bin is in your path, then do: cp premail ~/bin After this step, you probably want to run "rehash" so your shell knows were to find premail. 5. Set up the premail configuration file by typing: cp .premailrc ~ 6. Test whether premail really works, by typing: premail your at own.email.addr Path: 1 Subject: Test Does this really work? . If everything goes well, you should get a response from an anonymous remailer in a few minutes. Then, premail is set up and ready to use. You probably want to set up PGP as well, but you don't have to. This and other configuration options are covered below. The configuration options are controlled by the ~/.premailrc file, so you might want to browse through it and tweak things to your taste. Setting up premail for PGP -------------------------- When properly set up, premail will automatically encrypt outgoing mail using PGP. This applies both to traffic routed through the remailers, and to email encrypted for the final recipient, who would use PGP to decrypt it. On the other hand, you can skip this section if you don't want that. First, you need to make sure that you have PGP set up on your machine. When you do, just type: premail -getkeys This will finger Matt Ghio's remailer list at remailer-list at chaos.bsu.edu . If this site is down, or if you are not connected to the net, you should get the list from somewhere else. You can specify either an email address to finger or a file. For example, if you save the keys into remailkeys.asc, then you can run: premail -getkeys remailerkeys The messages from PGP will tell you that it's adding about a dozen new keys to the keyring. You also need to tell premail that you've got PGP running, and have added the remailer keys to your keyring. To do so, add the following line to the ~/.premailrc file: $config{"encrypt"} = "yes"; Also, if you've got PGP in a non-standard place, so that typing "pgp" will not call it up, then you need to add this line to the ~/.premailrc file: $config{"pgp"} = "/wherever/you/put/pgp"; The vox remailer has a problem with MIT PGP 2.6. Thus, premail will by default not encrypt mail going through vox. If your PGP version is 2.3a or 2.6ui, then it should work fine, so add this line: $config{"oldpgp"} = "pgp"; or, if PGP is in a nonstandard place, $config{"oldpgp"} = "/wherever/you/put/pgp"; Integration with user mail clients ---------------------------------- Without premail, outgoing mail works as follows. After you compose your mail, your mail client hands it off to a program called sendmail, which forwards it to the Net. Sendmail (written by Eric Allman at UC Berkeley) knows a lot about email addresses, networking, and so on, but very little about privacy and security. That's the job of premail. It is possible to use premail in either mode: under your client, or by itself. Either way will give the same features, it's just that integrating it with your client will be more convenient to use (if a bit harder to set up). To use premail, type: premail recipient at email.addr and enter your mail as you normally would, ending with either Control-D or a line with just a . on it. Or, you can prepare an email message with your favorite editor, and send it with premail -t < your.file To add premail support to emacs, just add this line to your .emacs file: (setq sendmail-program "/your/premail/pathname/here") With other mail clients, you should be able to use a similar technique. Contact me if you need help with a particular client. If you are root on your machine, you can install premail in /usr/lib/sendmail, so that it will work for _all_ mail clients. This is a fairly bold move, so it would be wise to test this carefully before doing so. To do so, move the existing sendmail into, say, /usr/lib/real_sendmail . Then, add the line $config{"sendmail"} = "/usr/lib/real_sendmail"; to premail. Finally, copy premail to /usr/lib/sendmail. If you choose to do this, let me know how well it works out. Using the privacy features -------------------------- Premail has two important privacy features: chaining through remailers, and PGP encrypting the messages. To chain through the remailers, simply add a header line such as Path: 3 to your mail. The number 3 says how many remailers you want it to chain through. Three is a good compromise between privacy on the one hand and speed and reliablilty on the other. The remailers will automatically be selected for their reliablity and speed, using the remailer list I maintain (finger remailer-list at kiwi.cs.berkeley.edu to see it). If you want to specify a particular sequence of remailers, you can do that. For example, if you are very fond of the idea of your mail crossing national boundaries, you might want to send it through Canada, Austria, and Holland, in that order: Path: extropia;wien;usura When using the Path field, your identity will be completely obscured. If the recipient tries to reply to your mail, it will get nowhere. You can specify a reply address using the Anon-From field: Anon-From: an123456 at vox.hacktic.nl The Anon-From field only shows up in mail which goes through the remailers. In ordinary mail, it will be ignored. So, you can put it in all of your mail without worrying about compromising your identity. In fact, you can make premail automatically use it in all anonymous mail by adding this line to your ~/.premailrc file: $config{"anon-from"} = "an123456 at vox.hacktic.nl"; Similarly, if most of the mail you send will be through the remailers, then you can set premail to do that as the default. Add this line (or whatever path you want, if not 3) to ~/.premailrc: $config{"defaultpath"} = "3"; Then, whenever you want to send non-anonymous mail, add this header field: Path: ; The other important privacy feature is the ability to PGP encrypt outgoing mail. This works whether or not you use the remailers. The recipient's key must be in your public key ring before you can encrypt mail to them. Then, all you have to do is add this mail header field: Key: user_id The mail will be encrypted with this user_id. It will be formatted using the MIME content type of application/x-pgp. If the recipient has a MIME-capable mail reader, they can set it up to automatically call PGP when receiving encrypted mail. Otherwise, you don't need to worry about it. You can also have premail automatically sign your mail, as well. This feature is a potential security problem, so use it with caution. Add these lines to your ~/.premailrc: $config{"signuser"} = "your_user_id"; $config{"signpass"} = "your pass phrase"; Again, a warning: in doing so, you have just stored your pass phrase in a disk file, which is considered a security no-no. On the other hand, if you are using this for medium-security applications, or if you have good control over access to your machine, then it should be OK; certainly a _lot_ better than not using PGP at all. The ~/.premailrc file should always have -rw------- (600) permissions. Use with caution. How to use the cypherpunks remailers like anon.penet.fi ------------------------------------------------------- Even though the cypherpunks remailers do essentially the same things as anon.penet.fi (though faster and with better privacy), they work quite a bit differently, and can be somewhat intimidating. Premail can help. First, you will need to get an anonymous alias. At this time, the only cypherpunk remailer which will do this for you is "avox", or anon at vox.hacktic.nl. To get the alias, do: premail your at own.email.addr Subject: alias Path: avox Hopefully, this will assign me an alias. . In a few hours, you will get email back with an alias of the form an123456 at vox.hacktic.nl . Then, when you send anonymous email, give your alias as the reply address. Here is an example: premail recipient at email.addr Anon-From: an123456 at vox.hacktic.nl Path: 3 Hello, if you reply to this, mail will get to me. . Unfortunately, unlike penet, avox does _not_ make the person replying anonymous. The best way for them to be anonymous is to use the cypherpunks mailers as well (hopefully by using premail!). How to post to Usenet --------------------- The easiest way is to use a mail-to-Usenet gateway. For example, to post to alt.skydiving, just send mail to alt.skydiving at demon.co.uk . A full list is available by fingering remailer-list at chaos.bsu.edu, or from http://www.cs.berkeley.edu/~raph/ghio-remailer-list.html . Extra goodies ------------- Premail supports a few more features, for advanced users. These include: offline mail preparation, logging, a password for penet, and a debugging mode. The configuration options specifying these are described in the ~/.premailrc file, which is what you would need to edit. Have fun! From nobody at shell.portal.com Sun Aug 28 19:41:51 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sun, 28 Aug 94 19:41:51 PDT Subject: We get the government we deserve Message-ID: <199408290241.TAA27404@jobe.shell.portal.com> alex wrote: > nobody at shell.portal.com wrote: > > I was talking about this with a cop recently, and he said that the DARE > > program was the most effective tactic against drug abuse. He admitted > > Sorry to be straying from crypto, but: > > I heard exactly the opposite, that studies have shown no difference > whatsover in the usage rates in kids who went through DARE and kids who > don't go through DARE. I don't know; this was just one cop's opinion based upon his experience. He said most of his offenders were in their late 40s, having picked up a heroin problem after taking mophine in Vietnam, and they were doing all sorts of crazy (and stupid) things to support their habits. He said that the drug problem was 'getting better' because many of the junkies were dying from overdoses, and fewer of the younger generation were getting involved in that type of thing. YMMV depending on which part of the country you live in. You're right, this isn't crypto, but I suppose the war on drugs does bring up some privacy issues... From rah at shipwright.com Sun Aug 28 20:15:25 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 28 Aug 94 20:15:25 PDT Subject: Golbal Econ. Message-ID: <199408290314.XAA26990@zork.tiac.net> At 10:10 PM 8/28/94 +0100, p.v.mcmahon.rea0803 at oasis.icl.co.uk wrote: >But what I have still not seen in this thread is an articulation >of a business case for existing financial institutions to support >the putative [on|off]-line payment mechanisms - in particular as an >alternative to charge/credit cards for one-off transactions. I'd like to take a crack at this one. In the offline business model I'm mucking around with, the bank is responsible for "vouching" for the purchaser. An ATM gateway (which requires a bank) is how cash is sent to and from the underwriter. This cash is used to pay for and collateralize the digital certificates. And when cash is brought off of the net, the ATM gate serves as a place to send a "deposit" of the redeemer's cash. Banks get a commission for this. In addition, an institutional bank is also the trustee for the suspension account, which collateralizes the cash on the net. There are fees for that. The mechanics of getting paid are pretty straightforward. The size of the market is probably the most important question. I hold no illusions about this, but I think the costs of entry are still such that with reasonable royalty demands and with falling prices for equipment and network access a business could be started the proverbial garage (OK, 1000 ft or less of class b office space) and survive. Costs of entry will continue to go up, however. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sun Aug 28 20:15:53 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 28 Aug 94 20:15:53 PDT Subject: Golbal Econ. Message-ID: <199408290314.XAA26996@zork.tiac.net> At 9:50 PM 8/28/94 +0100, p.v.mcmahon.rea0803 at oasis.icl.co.uk wrote: >> >An "internet economy" needs a basis of trust, as well as security >> >mechanisms appropriate for the current level of IP security. What basis >> >of trust do you envisage? > >> Secure transactions are here already. > >... for parties with established commercial relationships. No, for individuals transacting business with commercial entities. The NYT article we disparaged for being rediculuously overdue is a case in point. > >> Most of this can be done in civil law. It's done all the time in the >> securities markets. If you have certificate which is collateralized, by an > >But the contractual agreements upon which these transactions are based >don't scale too well to the [small] vendor / casual purchaser sector, >which I guess the term "internet economy" is intended to encompass. I don't think so. If an underwriter has a standard purchase agreement with the purchaser, much like all the fine print we see in a packet of Amex checks but never read, which stipulates a collateralized certificate and that agreement is issued thousands or millions (someday billions?) of times, then what's the difference between that and one agreement for a single trade between commercial parties? I'd call that scalable, wouldn't you? > >The most likely basis of trust for this sector is not going to be achieved >through each transient buyer-and-seller pair-instance entering into an >explicit contract to enable the seller to believe the buyer's electronic >[proxy-]promissory note - but by an extension of the current mechanism for >telephone or mail-order payment, with the trusted third parties being >VISA, AMEX, etc. Okay. If the issuer is a trusted third party creating an exchange item of value. There is no promise required by any party except the issuer's promise to show up fork over physical cash on a one-for-one basis when the certificate is redeemed. > >While CommerceNet is the most prominent make-the-internet-safe-for-business >initiative, it still only expects to have 1 million customers within five >years - a goal that is modest enough given today's Internet user base, >and growth rates. Even so, industry analysts consider this goal ambitious. I think that the presupposition here is an underestimate, but it still may not be enough to support an underwriter just yet. It's an underestimate because CommerceNet is still an on-line business trying to get the "cream" of the market, largeish transactions. Their financial partner, Bank of America, is trying to do what it knows, which is credit cards and checks. However, the ability of small vendors of information to make low-cost transactions of practically any size is where the money will be, I believe. I believe that the things you may be able to buy on the internet are legion with just a little more bandwidth: music, information, software, on-line consultations, maybe even a movie ;-). The most important thing is that offline transactions with internet cash may enable much more granularity in the transaction base. There may be money for a business which underwrites those transactions. There has been some discussion here about much larger business-to-business cash transactions using the same idea, but that's not what I'm talking about here. I think that a presence as an underwriter of internet cash is sort of an option on market participation as the market grows. It may be that the experience may be worth something over time. > >Expectations for an internet economy based on techniques above and beyond >the ability to securely send one's credit/charge card details are unlikely >to be fulfilled in the short/medium term. Who knows? I'll tell you a story. I really got hit over the head with the idea that internet commerce was possible when I read one of the first issues of Wired, and there was this MTV VJay, of all people, saying that the record companies will go out of business as soon as somebody figured out how to "upload" money to the musicians themselves. This started me thinking, and I ran a bunch of Nexis searches on internet, and came up with "cypherpunks". Joy. The point is, whenever I think about internet commerce, I think about someone buying a copy of a song from a musician as the lowest level of economic granularity. What I get is an offline cash system. Cheers, Robert Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sun Aug 28 20:15:54 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 28 Aug 94 20:15:54 PDT Subject: Golbal Econ. Message-ID: <199408290315.XAA27007@zork.tiac.net> At 2:49 PM 8/28/94 -0500, Jim Hart wrote: >With an online clearing system, four elements of trust are >needed: > >+ both the vendor and the customer need to trust the bank >+ the customer needs to trust the vendor to deliver the >goods and change once the vendor has been paid >+ any one out of n of the digital mixes (proxy servers) used >to communicate between the parties needs to be trustworthy >+ independent auditors for the bank > I don't see why an offline system couldn't qualify for all of the above. >This kind of trust comes through repeated relations: if the >vendor has delivered in the past, and benefits from staying >in business in the future, they will deliver the goods today. >Same for the bank issuing and honoring currency. Regular >money supply figure updates and independent auditing of a >free bank are important, so that they cannot take hidden >actions to inflate the money supply. (Alternatively, >an online bank can peg the value of its tokens to, and >facilitate conversion to and from, a widely issued currency >such as the dollar). In an offline system, the underwriter's collateral position can be monitored by a trustee, which is itself audited also. This takes care of the contents of the "railroad locker". If the currency is consistently redeemed without the spectre of double spending, then the reputation of the currency increases. That should be taken care of with proper fraud detection and enforcement. >There are entry and exit problems: it costs to gain a >reputation, and if one's need for a future reputation is >small it pays to abscond. These can be overcome >by the agent trying to gain the reputation, via offering >up-front subsidies to use their services (like sign up >bonuses), by sponsorship and introduction of new services >by known reputable agents, by keeping maximum transaction sizes >low, and by other means. Many of these techniques are >well known and commonly used by businessmen. Amen. As I said previously on this list, if I'm an underwriter, and a legitimate customer comes up to my redemption window with a previously spent cash, he may be out the money, but I'm out the reputation of my product. Prosecuting fraud is the ultimate solution to this problem, but it's obvious that the above methods make perfect sense to protect the integrity of either off-line or on-line system. Thanks, Jim. I agree with Tim. I always learn something when you put something up. In particular, I'm now thinking about what happens if the risk of double spending is small enough to insure against. That would effectively do what issuers of credit cards or traveler's checks do when their products are "double spent". Make the victim whole and run the culprit to ground. For credit cards, it's cheap enough (3%) for them to self insure, with a vigilant enforcement effort. Unfortunately, there's probably a "frontier" stage at first, where the currency is more at risk. It is a caveat emptor situation, with Wyatt Earp for enforcement of the integrity of the underwriter's cash certificates. The brain grinds away. I hope I'm not stripping gears... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sun Aug 28 20:15:58 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 28 Aug 94 20:15:58 PDT Subject: e$: e-cash underwriting Message-ID: <199408290315.XAA27012@zork.tiac.net> At 12:57 PM 8/28/94 -0700, Hal wrote: >hughes at ah.com (Eric Hughes) writes: >>One solution is clear and direct: charge for each redemption attempt. >>In that situation, multiple attempts get rejected, and the issuer is >>recompensed for the attempt. No morality need be invoked. > >The problem is, the fraud doesn't occur (typically) when the note is >redeemed at the bank, it occurs when the note is exchanged at the >market. Is this proposing to charge the merchant when he in good faith >turns in the cash which was given to him by the customer, and it turns >out bad? What cruel irony! Here he is already cheated once, and the >bank will charge him an extra fee as additional punishment? > >I must be misunderstanding. This seems not to deter double-spenders at >all. The more I think about this, Eric, the more I think I caved in too early. Can you explain exactly how charging a back-end load on a digital cash certificate prevents double-spending? >>There remains an issue as to the size of this redemption fee, which >>would have to be small. In order to optimize the transaction costs of >>charging this fee, a bank might be willing to accept identity in >>escrow for the transaction and to remove the fee for good >>transactions. Identity might be a pseudonym revealed after 10 bad >>attempts, say. This system removes the requirement for identity and >>substitutes it for an economic optimization based on identity. This reminds me of the previous discussion of holding a person's cash bond hostage for good behavior. In this case, you're holding unencumbered redemption rights hostage and reducing transaction costs in relation to the person's relative risk. I think I get it now. I sort of took it on faith before, but I'm not so sure all this is necessary, see below. >Here I am lost completely. Whose identity is in escrow? The person to >whom the coin is given in the first place? But I thought we were >referring to a double-spending protocol in which users revealed their >identity to the bank. Apparently not? Is the idea here that the bank >doesn't know the user's identity, but some other escrow holder does, and >it gets revealed only if the user double-spends 10 times? But that would >still be identity-based, just with different rules about when it gets >exposed. I really don't follow this at all. I think that the business model I've been proposing may handle this a bit. In order for someone to cash out, they need to be able to speak to an ATM machine, which implies a bank-acceptable identity (whatever that means). It allows for nyms to trade offline, and it banks on being able to catch the nym by police work (Ace Ventura, Nym Detective!) if a "self-credentialed" nym double spends. Since most fraud schemes require a nym to do it, web-of-trust stuff would have to apply in the case of transactions with nyms. It's ugly, but it should work. > >To me, there is no problem with revealing identity in certain situations >as long as it is unlinkable to my other activities.. And I will be much >more willing to lend credit or other forms of trust to pseudonyms if I >know that they are willing to pay the ultimate price of punishment to >their own very physical bodies if they cheat me. What more assurance >could I want? And yet, as long as all parties are honest, we have no >fear of our identities being revealed against our will. I'm pretty sure I'm a little more loosey goosey about this. I think that there may be enough of an enforcement mechanism even if nyms remain completely anonymous. Cheers, Robert Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sun Aug 28 20:16:43 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 28 Aug 94 20:16:43 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408290316.XAA27027@zork.tiac.net> At 12:27 PM 8/28/94 -0700, Hal wrote: >rah at shipwright.com (Robert Hettinga) writes: > >>I suppose what I meant was is there any fully identified offline digital >>cash system in the literature. I haven't heard of any from secondary >>sources, like around here, or from my cursory reading of Schneier, for >>instance. > >"Fully identified cash" is not widely discussed in the literature because >it is (relatively) trivial, and here because it is not privacy >protecting. "Fully identified cash" is equivalent to a check made out to >"cash". All you need is a signed directive to your bank to transfer >money from your account number such-and-such to the bearer. > Open mouth. Insert sea boot. That's what I get for shooting everything that moves. I think I even remember this now. I should have remembered it before I opened my mouth. Sorry. Fully identified digital cash is basically a digital check. Got it. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From rah at shipwright.com Sun Aug 28 20:16:44 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 28 Aug 94 20:16:44 PDT Subject: Cash, cheaters, and anonymity Message-ID: <199408290315.XAA27015@zork.tiac.net> At 12:58 PM 8/28/94 -0800, Timothy C. May wrote: >As I remember the observer protocol (Chaum's "Scientific American" article, >August of 1992, as I recall), a trusted manufacturer is needed. >Tamper-resistant modules, etc. This still allows spoofing. I know that >off-line clearing, in which I get my money at some time after the >transaction, is a whole lot less satisfying that receiving confirmation >from my own agents/bankers that the money has already been transferred into >my account. So much for the observer protocol. Sigh. Tim, I think that we can equivocate an enormous amount about the phrase "some time" above. It is entirely possible to move whatever money you get in a transaction off the net at little or no cost, especially if the currency in question is front-end loaded, instead of back-end loaded, immediately after the transaction happens. It may also be possible to "test" an arbitrary piece of cash during an offline transaction by depositing it before accepting any more. However, the nice thing about using about an otherwise offline system in a near-online scenario, like the one above, is that you aren't wedded to using it all the time. If you can trust the cash you get, then your costs should be lower. Setting up a system like it can happen faster with less overhead for the issuers, also, so I expect that the first profitable digital cash systems will probably offline ones. How you feel about that satisfying "clink" sound, when you deposit that cash immediately upon receipt in your favorite online system, I can't really help you with... >>One thing I think is clear is that off-line cash will not be issued to >>anonymous recipients. Imagine a magic quarter which would reappear in >>your pocket after you put it into the coke machine. How many people would >>be willing to resist using it? That's what you'll have with an off-line >>coin issued to a pseudonym. > >We agree. Protocols I've seen make off-line cash problematic. "There is no >digital coin." But on-line cash can be, and hence will be, issued to >anonymous recipients. It's already done, with numbered Swiss bank accounts >(at least in the past), and with the train lockers I mentioned. People put >money in train lockers anonymously, then give the key to others, in >exchange for goods and services (drugs, return of kidnap victims, etc.). Light dawns on marblehead. The problem becomes allowing a nym to take his money off the net. We run into the law here if the money is too much at one time. Personally, I don't have any problems with preventing this, but I see precisely how this is diametrically opposed to the manefesto of this list. Can't we simply have a bank somewhere which accepts questionable, even anonymous credentials? Don't we have those already? It seems to me that Credit Suisse has every right to put up their own ATM gate on the net. The ability to unmask a double spending nym shouldn't be any harder than finding a nym who has created his own credentials in the first place, which means waiting for him to repeat himself and screw up, you wait for someone close to him to snitch, and you make sure he can't use the same nym again. >Yes, [an on-line transaction system] requires an infrastructure. But for >reasonable-sized transactions, >the few cents for a current VISA transaction would be lost in the noise. >Even if more computations are needed (as they will be, presumably), on-line >transactions will be manageable for the larger transactions. Very small >transactions (buying snacks and newspapers) can be handled off-line. This >is already done, as when people buy "subway cards" that are >semi-tamper-resistant (we all know they aren't, but most people don't try >to diddle them). Ditto for phone cards, parking coupons, etc. It's entirely possible that ontology may repeat phylogeny. Offline systems like cash always presage more complicated systems. I'm just curious whether if on offline system is implemented because it's easier, people will go through the extra effort of messing with an offline system except when they want to borrow something, like when they want to use a credit card. It's not entirely clear to me that on line systems are the "climax forest" of the internet ecology. But as Hal and Tim have said in this thread, the market will decide. I think that an offline cash underwriting market is just about ready for competitors to enter it. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From sw at tiac.net Sun Aug 28 20:21:19 1994 From: sw at tiac.net (Steve Witham) Date: Sun, 28 Aug 94 20:21:19 PDT Subject: Bad govt represents bad people? Message-ID: <199408290320.XAA27092@zork.tiac.net> >Phil Karn writes > >> It really gives one pause. Is government really the enemy of personal >> freedoms, or does it merely reflect an intolerant and unenlightened >> general population? John Kreznar replies- >Excellent question. Answering it the wrong way leads to tremendous >energy misdirected to trying to influence politicians and bureaucrats, >even when they are effectively representing their constituencies in the >general population... John seems to mean 1) the people are bad, and 2) people who believe the people are good try to influence politicians. Point 1: Saying that a bad government is just representing bad people gives it more credit than is due. Sure, that's what it claims to do, but does that have anything to do with reality? The whole is different from the sum of the parts. Besides the parts there is their arrangement. Government as we know it is a bad arrangement of people. It contains positive feedback structures that amplify certain mistakes instead of correcting for them. The bad things that happen with governments often play on people's irrational fears and psychological "hot buttons." They also make use of the news media's eagerness to cover certain kinds of subjects and events. A feedback loop will take advantage of whatever signal paths are out there. So, you have people whipped up into showing their worst sides, and then given exaggerated coverage on the news. It's hard to say what would give a true picture of what most people are like. On the other hand, governments contain negative feedbacks (formerly called checks and balances) that can sometimes make them act *more* sanely than the average mob taken from their own population. On John's point 2: The goodness or badness of the people has little to do with whether it makes sense to try to influence politicians, since they do not represent and are hardly influenced by the will of the majority anyway. It's the structure of government that needs changing. What might help change that is a complicated thing I won't go far into. But whether you're going with or against popular opinion probably has never mattered as much as how clever, ruthless, resourceful, well-connected, etc. you are. --Steve - - - - - - - - - - why did the chicken cross the infobahn? finger for more info. From nobody at ds1.wu-wien.ac.at Sun Aug 28 21:21:10 1994 From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at) Date: Sun, 28 Aug 94 21:21:10 PDT Subject: crypto anarchy thoughts Message-ID: <9408290420.AA17882@ds1.wu-wien.ac.at> -----BEGIN PGP SIGNED MESSAGE----- Robert Hettinga wrote: > Any argument which uses anonymity as the first cause for implementing > a digital cash system deserves to lose. Like sophisticated engraving, > intaglio printing, and a zealous anti-counterfeiting effort, strong > crypto and zealous anti-double spending efforts are the technologies > which enable trust in a digital cash certificate for it's own sake. This may be true, but how exactly do you plan to argue "anonymity" is necessary in a digital cash system (from the point of view of the bank and stores)? I mean, strong crypto could provide "zealous anti-counterfeiting" without providing anonymity. > Privacy, and maybe even crypto-anarchy or anarcho-capitalism, is the > icing on the cake. Precisely my point. Except I think the icing will be left off. Oh, and in response to Tim May, no, I'm not afraid to use my real name; I've been on this list quite a while (perhaps this is useless trivia). I just thought I'd try comminicating via anonymous remailer, perhaps establishing a pseudonym while I'm at it, so I'll be signing posts from now on (actually I already signed one previous post). Just playing around with some crypto-anarchy concepts. Thoth -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLmFhkfFYvlqvuKtBAQFFTgP9G1A8OtshS9DYFnNXyAYMkefHG9ECifKC 01b6A8ic/gdeEBkn0G1RpVfGlMEUqRrs7w6Q0jxaRv3HEKvOKN2a3wXA0w5ao+RX 3AB2aBiIY2awANBzCM6MZBw2q9sLn8ITWTokxs/j7wV2WMyBh1/2NlIuHBkNyf0X pSGTo43oHfw= =k1Cm -----END PGP SIGNATURE----- From nobody at ds1.wu-wien.ac.at Sun Aug 28 21:32:06 1994 From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at) Date: Sun, 28 Aug 94 21:32:06 PDT Subject: pgp fanaticism Message-ID: <9408290431.AA17951@ds1.wu-wien.ac.at> -----BEGIN PGP SIGNED MESSAGE----- Tim May wrote: > at least use a digitally-signed pseudonym, so we can know we're > talking to the same person. Done! I will be "thoth", keyid AFB8AB41. > In the meantime, I prefer to concentrate on the things I do pretty > well, like writing and thinking. Perhaps my apparent frustration is caused by the fact that I've become convinced that crypto-anarchy will not come to pass (I posted a lenghtly scenario earlier of that I think the future will be like). I think that writing and thinking is the only thing any of us can do that will have impact. The only coding effort I can see paying off is helping to make PGP better. Maybe that's what I'll do. Thoth -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLmFkXvFYvlqvuKtBAQHnAwP/RvH7UWt4wzDLjQ4oDUdJiEd5g32q4ueH U/zh6JzDFQyB8LaECT5PTrgEyYin05jlgxyvBp6PNTIoMTpWA7+/gLZ0q546ZSEj xgCtBesES2O1jDPmcXsOSMoN1CVJ9hToaDhgZVtoxoxcEtCht7h09nGr0cHZznMn M7NpkmEvwWQ= =kvQg -----END PGP SIGNATURE----- From sw at tiac.net Sun Aug 28 21:34:23 1994 From: sw at tiac.net (Steve Witham) Date: Sun, 28 Aug 94 21:34:23 PDT Subject: Sendmail & POP for PCs & Macs w/TCP? Message-ID: <199408290433.AAA27992@zork.tiac.net> Is there any reason sendmail and POP shouldn't compile fairly easily for PCs and Macs that have TCP/IP support? If that was done, couldn't I configure my Eudora to talk to a local sendmail and POP (TCP/IP within my own machine) which would then do whatever fancy filtering and then talk to the remote sendmail and POP? Can sendmail receive mail through POP? Or would it be easier to write an SMTP/POP intermediary from scratch? Or, jeez, has this all been done? --Steve - - - - - - - - - - why did the chicken cross the infobahn? finger for more info. From tcmay at netcom.com Sun Aug 28 22:21:01 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 28 Aug 94 22:21:01 PDT Subject: Not me PGP-tweaking In-Reply-To: <199408282206.SAA09801@pipe1.pipeline.com> Message-ID: <199408290521.WAA03627@netcom4.netcom.com> > Responding to msg by tcmay at netcom.com (Timothy C. May) on Sun, > 28 Aug 12:58 PM > > >My ire at John Young came from his apparently malicious > >"tweak" at me in which he sent me PGP-encrypted mail > > > Warn't me, Tim. > I got lumped with other tweakers while trying say a humorous > word on your behalf. > > Ah well, so much for humor in the midst of a spat. > > I'll duck next time. My apologies. I confused John with another. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Sun Aug 28 22:41:59 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 28 Aug 94 22:41:59 PDT Subject: Thus Spake Thoth In-Reply-To: <9408290431.AA17951@ds1.wu-wien.ac.at> Message-ID: <199408290542.WAA05869@netcom4.netcom.com> Thus spake Thoth: > > Tim May wrote: > > at least use a digitally-signed pseudonym, so we can know we're > > talking to the same person. > > Done! I will be "thoth", keyid AFB8AB41. Congratulatons, now your words, wherever they come from, will likely carry more weight, especially as your rep increases (or it could decrease...). By the way, for the other people who claimed I never use the tools I advocate, I *am* BlackNet. This is not a secret, but not everyone may know I created the key pair used to communicate with BlackNet, at least the original one (someone else created at least one additional BlackNet, spoofed the creation date so as to appear earlier than _my_ BN key, and spread the key around to the standard key servers! Hilarious!). > Perhaps my apparent frustration is caused by the fact that I've become > convinced that crypto-anarchy will not come to pass (I posted a > lenghtly scenario earlier of that I think the future will be like). I read that. No time to reply, yet. I think well-written scenarios like that are very useful. You may even be right. > I think that writing and thinking is the only thing any of us can do > that will have impact. The only coding effort I can see paying off is > helping to make PGP better. Maybe that's what I'll do. > > Thoth I'm not very pessimistic, actually. So long as I don't try to change the world by force-fitting a solution, things will eventually evolve in interesting directions. Given strong crypto, certain things seem almost inevitable. Trying to commercialize too early may be a bad idea, though...sort of like herding cats, as the saying goes. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jdwilson at gold.chem.hawaii.edu Sun Aug 28 22:55:57 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Sun, 28 Aug 94 22:55:57 PDT Subject: PGP fanatacism In-Reply-To: <199408281953.MAA07926@netcom14.netcom.com> Message-ID: > Anonymity is OK, but I encourage critics to come out from behind their wall > of anonymity and give their actual names, or at least use a > digitally-signed pseudonym, so we can know we're talking to the same > person. We could always assume that any non-signed anonymous identity is Larry D. ;-) -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From blane at squeaky.free.org Sun Aug 28 23:27:45 1994 From: blane at squeaky.free.org (blane at squeaky.free.org) Date: Sun, 28 Aug 94 23:27:45 PDT Subject: Linux and PGPsendmail Message-ID: X-Secure: add-key I now have my system somewhat kludged into the net. I can now EASILY send and receive PGP messages from my home box. I am connected to my shell account at free.org throught a local xyplex terminal server and term 2.0.4 I use popclient to get my mail from my host(a better way may be possible), and I have my local smtp service redirected to squeaky.free.org so that I can send mail out without a hassle. Anyone who needs help getting set up like this can e-mail me. PGP messages are welcome! Brian From hughes at ah.com Sun Aug 28 23:31:49 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 28 Aug 94 23:31:49 PDT Subject: DigiCash ??? In-Reply-To: <199408281436.JAA26470@zoom.bga.com> Message-ID: <9408290600.AA28305@ah.com> I would like somebody to explain how I would go about using an anonymous digicash system to buy a automobile? Let us remember that the reason for anonymous transaction systems in general is that if identity is revealed by default, there can never be full privacy. Merely because transactions exist where revealing identity must occur, for example, in the transferring of vehicle title, does not mean that the identity needs to derive from the means of payment or any identity attached to that means of payment. Just because the larger transaction itself is not anonymous is no argument against the monetary transaction being anonymous. Eric From hughes at ah.com Sun Aug 28 23:31:55 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 28 Aug 94 23:31:55 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408280516.BAA15355@zork.tiac.net> Message-ID: <9408290556.AA28298@ah.com> To review, I said the following: >-- The financial structure matters when things go right. >-- The legal structure matters when things go wrong. The reply: The law and the enforcebility of agreements is what makes financial instruments exist. Their behavior is a direct result of their legal underpinnings. This is absolutely false. Both a promissory note and a bond can have identical financial structure, but the legalities are completely different. The financial behavior of a security can thus be predicted just by assuming the efficacy of the legal system they're written in. Certainly the probability of transaction failure can be factored into the face value and behavior of the instrument, but the actions in case of transaction failure are not determined by how the financial transactions around the instrument are governeed. If you break the law or agreements creating a market, say if people didn't make their margin calls and got away with it, there wouldn't be a market on margin for very long. Sure, the legal system creates the stability that allows the financial structure to become significant. But neither side determines the other. Thus, by collateralizing what you would call a digital banknote, you are agreeing with the person you issued it to that at the very least, that dollar-for-dollar, there's money to back the note up. Well, no. At the _very_ least, you promise that there will be money for them when they redeem the note. There's no necessity to make any promise about what happens to the money in the meantime. Here, then, is most of the answer to the earlier pop quiz. Promissory notes need not be secured, whereas bonds by definition are securities. Money paid for a promissory note might, for example, be immediately lent out. As long as there's money for redemption when it becomes due, everything is OK. In bankruptcy, secured debt is paid off entirely before unsecured debt. By the way, I figured out just now why this can't be called a digital bank note [...] The issuing underwriter isn't anymore a bank than an institution offering any other piece of collateralized paper [...] Even though the issuer need not be a bank, the phrase digital banknote still captures most all of the intent of what these instruments are meant to be used for. >Merely saying that the money sits >somewhere while it's in transit (which it clearly does) does not make >the instruments secured. But it does, Eric. Especially if the underwriter says at the outset that the money's secured (collateralized). You are merely _assuming_ that the digital notes are secured; you do not seemed to have considered the possibility that they are not. If money isn't secured dollar for dollar, especially in the early stages, you get a whole mess of legal, not to mention financial problems. If I say that the notes I issuer are not secured, and yet for convenience keep the money in 100% liquid reserves, is there a contradiction? No, because security is a legal issue, namely promises to the holders of notes, and reserve structure is a financial property, namely where the money sits for the duration of the issuance. It should be possible to keep an issue of digital cash fully collateralized (secured) and still make money. You are confusing here, very clearly, the promise to keep a fund in a particular way, and actually keeping that fund in that way. If you undertake a legal responsibility, that will affect you financial structure, but merely naming some financial structure does not determine the legalities around it. Again, Eric, if one digital cash underwriter has to unwind a fully collateralized bunch of digital cash, what's the problem? Go do some reading. In the case of bankruptcy, for example, the issuer is not around anymore to do any unwinding. If the underwriter isn't fully collateralized, he's in violation of his issuance covenants and is likely to be sued by the trustee for the instruments, at the very least, long before a run on the cash started. Finally the hidden assumption of full collateral is revealed. Why on earth are you assuming that this has to be the case? Reasoning from a particular model about a set of properties is a good way to ensure that you don't see all the possibilities. Eric From hughes at ah.com Sun Aug 28 23:32:10 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 28 Aug 94 23:32:10 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <9408272345.AA08631@snark.imsi.com> Message-ID: <9408290458.AA28242@ah.com> > There certainly are digital funds transfer systems, almost all fully > identified. These are not digital money systems, although they may be > precursors. The U.S. banking system is largely a "digital money system" in the sense that the bulk of the money in the system is represented in book entry form in computer systems and has no other existance. Well, just to pick nits, I'm referring to a retail-level, digital, general-purpose, bidirectional transaction system. That doesn't exist yet. (Credit cards aren't bidirectional.) Certainly, though, the book entry money that is the world's high end monetary accounting is all digitized at this point. Eric From hughes at ah.com Sun Aug 28 23:32:18 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 28 Aug 94 23:32:18 PDT Subject: e$: e-cash underwriting In-Reply-To: <199408280514.BAA15326@zork.tiac.net> Message-ID: <9408290509.AA28256@ah.com> >Why does everyone think that the law must immediately be invoked when >double spending is detected? It's obvious I gave that impression. I regret the error. I wasn't referring just to you, but to what is unfortunately and surprisingly a general reaction to protocol failure in money protocols, namely, "lynch the bastard!". I assure you, as recently as last week I had the same reaction from someone at DigiCash. Anyone remember the rant of mine a few months back about language and about how imputing motive into protocol makes you stupid? Well, here's a good example of that connection in action. The dominant term in the literature for the agent of double-spending is a "cheater". And cheaters must not prosper, right, so let's punish them. That kind of reasoning leads without further thought to a reliance on law enforcement and identity. If someone deliberately double (or million) spends, then they should get busted for fraud. Period. If there's a charge for attempting a deposit, and this charge is paid, even a million times, do you still think such transactions should be considered fraud? Turn fraud attempts from a security cost to a profit center. Eric From hughes at ah.com Sun Aug 28 23:32:29 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 28 Aug 94 23:32:29 PDT Subject: e$: A prima facie business model for a digital cash underwriter. In-Reply-To: <199408280514.BAA15329@zork.tiac.net> Message-ID: <9408290518.AA28267@ah.com> My favorite one, and the one which may be most apprehendable to the public, is an ATM-card gate in which the purchaser swipes his card into a secure mosaic screen using a card reader at home (they're pretty cheap these days, and could get cheaper if this became prevalent). As a rule of thumb, the purchase of any hardware of any kind, no matter how inexpensive, drops your potential market by a factor of ten. That means anything put up on your spiffy Sparc machine and it's attendant code should be able to: 1. Generate to purchasers and take in digital cash from sellers. 2. Identify double spenders. Why item two? Have you made a decision that charging for deposit attempts doesn't work, or that identity is still needed for some reason? Eric From hughes at ah.com Sun Aug 28 23:32:35 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 28 Aug 94 23:32:35 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408280516.BAA15352@zork.tiac.net> Message-ID: <9408290529.AA28278@ah.com> As an aside, most finance professors consider accounting to be applied finance. I expect that accountants don't take to that kindly, however. No, I imagine the accountants don't. Yet the finance professors are wrong, to boot. Accounting covers more than finance, and plenty of finance is outside accounting. Eric From hughes at ah.com Sun Aug 28 23:32:42 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 28 Aug 94 23:32:42 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408280516.BAA15349@zork.tiac.net> Message-ID: <9408290523.AA28271@ah.com> Eric, what would that "few million for a good study" buy? Might it not be wiser spent on a full-blown market test, using software prototypes? That is exactly the kind of thing I meant. Several smart-card payment systems have been deployed in medium size cities in Europe as trials to see just how much they'd cost in practice to deploy. These trials cost more than just a few million, but prototype implementations of each of online and offline sorts of systems, complete with standard marketing tools such as focus groups and limited scale deployment, as, for example, inside an amusement park. Whatever the actual figures are, there are too many of them now to each side's benefit to say definitively what will be the best in any particular market segment, even if some of the choices are clearer than others. Eric From hughes at ah.com Sun Aug 28 23:32:56 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 28 Aug 94 23:32:56 PDT Subject: No Subject In-Reply-To: <199408260931.EAA17205@chaos.bsu.edu> Message-ID: <9408290437.AA28228@ah.com> I doubt digital signatures will ever be used alone much for signing expensive contracts. Not every binding signature is on a contract. The signature at the bottom of a check is not signing a contract, but rather referencing a contract between the drawer of the check and the bank whereby the bank agrees to accept such checks. Expect models like this to proliferate, where one physical signature initiates the use of many digital signatures in a proper context. Such a system could be used, for example, in a new beast called a "contract proxy", which is the nominal end of some contract, but which is really standing in for some other party. Activity within a contract is not the same thing as a creating a contract. This is one of the very first things I learned in this field, and I thank Mike Godwin for pointing this out to me. I predict it will become common practice, or even law, that digitally signed contracts over a certain amount are automatically invalid unless further precuations have been taken (signatures of notary witnesses, or perhaps some better crypto protocol designed for this purpose). This prediction is either far too premature, since the whole technical and le al situation with use of digital signatures in _any_ form is not yet well enough developed, or totally tautological, since a digital signature as such is merely a string of bits with little other than mathematical interpretation. What is certain is that the social process involved in making digital signatures useful will be far more complicated than the software needed to make the digital signatures. We may yet find protocols to mitigate or limit this kind of fraud -- make change traceable if linked to double spending, "Traceable to what?" is the real question. One can consider systems traceable to persons or systems traceable to security deposits, for example. Reliance on law enforcement flies in the face of cypherpunk goals, and indeed against the goals of good cops as well A system that requires police for its stability is externalizing part of its security costs to the governments of jurisdiction. The taxpayers of such jurisdictions are subsidizing these enterprises. And in cases where the powers of the jurisdiction are weak or non-existent, be that by accident or design, these kinds of systems just won't work economically. A protocol that treats common accident the same as criminal fraud, when the stakes are so high, is pathological. And not only that, it requires trafficking in identity. [...] we may not even need to recongize fraud in online cash -- just treat all online double spending as accident. No bonding, secured accounts, investigators, ID badges or cops with guns busting down Janes's door after Iriving has million-spent her coins. The economics of charging for deposit attempts clearly prevents most double spending. There may well, however, be an economic win for an business which finds a way to save on clearing costs by eliminating the deposit charge in lieu of some other notion of assurance against abuse, like a secured account from which deposit fees are levied. If clearing costs are less than plausible offline cash fraud and fraud prevention costs, online cash is a winner, both now and increasingly in the future as bandwidth becomes even cheaper. I agree. It appears to the back of my envelope that communication and computation charges are dropping fast enough that by the time offline smartcards are economical enough to deploy, that online systems will be cheaper. Eric From hughes at ah.com Sun Aug 28 23:33:35 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 28 Aug 94 23:33:35 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408241227.IAA22728@zork.tiac.net> Message-ID: <9408290406.AA28204@ah.com> The reduced overhead increases economic efficiency. There are other reasons for not doing on-line transactions. Including credit checks, interest calculations on outstanding balances, vendor reserve requirements, transaction threading, on-line wait states and bandwidth, etc. Whatever are you talking about? Credit checks for an online system? If anything, credit status for offline systems would be the salient issue. Interest calculations, if that's the product model, are consistent with both online and offline systems. Ditto for reserve requirements. Transaction serialization (threading) will be required for both systems and look to be more complicated for offline systems than for online. There are some additional costs with implementing the high-uptime systems required for online systems. On the other hand, with the right product structure, there's no need for identity at all in an online system as there is in offline systems with the ability to identify multiple spenders. Eric From hughes at ah.com Sun Aug 28 23:33:39 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 28 Aug 94 23:33:39 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408211918.PAA21612@zork.tiac.net> Message-ID: <9408290306.AA28148@ah.com> It's the behavior of the financial instrument I'm talking about. At some point, the principal goes away and has to be called from wherever it is (a bank account, the money market, etc.) to meet a cashed-out piece of digicash. In the meantime it earns interest. Thus it has principal, and interest, and it is called. It's a callable bond. Now, consider a promissory note which is redeemable on demand and which pays interest at redemption. This instrument has the same financial properties as a callable bond. Pop Quiz: why is this promissory note _not_ actually a callable bond? Eric From hughes at ah.com Sun Aug 28 23:33:46 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 28 Aug 94 23:33:46 PDT Subject: e$ as "travellers check? In-Reply-To: <199408211805.OAA25259@cs.oberlin.edu> Message-ID: <9408290300.AA28141@ah.com> But someone a long time ago brought up traveller's checks, and the similarity between them and ecash. [...] You pay some money to American Express, you get a note issued by them, you give it to a merchant, he redeems in with AE for money. [etc...] I dont' know much about economics, but as far as I can tell this seems a pretty solid analogy. What you have described is a financial model for digital cash, which is only part of a complete model. The financial model is, as you point out, pretty easy. You buy an instrument and then use it in lieu of a more direct transfer. The privacy to counterparty comes about because the issuer's name is on the instrument, not yours; the issuer is a proxy for identity. It's clearly not _illegal_ to issue travellers checks, No, but in certain places where they are used in lieu of greenbacks, aka Federal Reserve Banknotes, it _is_ illegal to use them without certain reporting requirements. (Duncan can elaborate, as he's much more up on the details here.) Complicity in failure to report can also be criminal. And an issuer that sets up a system to thwart reporting requirements could easily be considered _prima facie_ evidence of conspiracy to evade reporting. When the government doesn't want anonymity, expect that it will be difficult to create. Eric From hughes at ah.com Sun Aug 28 23:33:51 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 28 Aug 94 23:33:51 PDT Subject: On humor in the NSA In-Reply-To: <199408212145.OAA18486@deepthought.pylon.com> Message-ID: <9408290332.AA28173@ah.com> It was suggested by one of the NSA folks at CRYPTO that they should have done a rump session talk on the "NSA Offensive Driving School", which would completely explain the alleged threat to run Bidzos over. In addition, not only were the 'behind schedule' shirts a big hit with the NSA folk I saw, but at least some of them were going to get 'Sink Clipper' posters for their offices. Eric From hughes at ah.com Sun Aug 28 23:34:12 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 28 Aug 94 23:34:12 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408220047.UAA24562@zork.tiac.net> Message-ID: <9408290336.AA28180@ah.com> By the way, "calling the bond" is actually exercising an option, and yes, the finance guys will tell you that there is no difference. I acknowledge that they're financially the same, which means that when the transaction completes as normal, the financial effects are the same. When the transaction is contested, however, the two are not identical; that's a legal difference. More on this later; I wanted to point out an example early Eric From hughes at ah.com Sun Aug 28 23:34:18 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 28 Aug 94 23:34:18 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <199408211918.PAA21615@zork.tiac.net> Message-ID: <9408290317.AA28158@ah.com> >In an off-line system, is the cash really cleared immediately? Clearing in this case is when the cash passes from you to me. This is a pretty non-standard usage of the word "clearing", which happens when the issuer accepts the instrument for deposit. Settlement happens when money actually moves. The significant activity that happens at clearing is a liability acknowledgement by the issuer. This acknowledgement makes clear that the issuer has a liability. If the issuer clears but does not settle, i.e. accepts the liability but does not act upon it, the depositor can use the clearing as a claim against the issuer. (N.B. Here 'claim' is used in its strict legal meaning as the opposite of a 'defense'.) Eric From wcs at anchor.ho.att.com Sun Aug 28 23:36:46 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 28 Aug 94 23:36:46 PDT Subject: Is Off-Line Digital Cash Dead? Message-ID: <9408290635.AA25128@anchor.ho.att.com> Different businesses have different attitudes toward off-line cash and similar things. For instance, Bart/Metro magnetic subway tickets, and the similar scrip that supposedly is popular in Japan are all semi-electronic money, half-offline (don't know if the subway tickets get reported to central locations or if all the processsing is done locally...), and yet there's nothing more than honesty and the technical difficulty of forgery that keeps them from being forged. Postage meters are also off-line, and unlike subway rides, which are hard to make lots of money accumulating (:-), mail-oriented businesses could save lots of money using fake ones. The main similarities I see between the above kinds of money is that they're mainly issued, either directly or indirectly, by the providers of specific services, and they're hard to use for other kinds of service. Since they use physical tokens, though they may have digital information on them, they're obviously hard to email across the internet, but anybody you can send email to is already online... As I see it, there are three main reasons for wanting offline cash - - avoiding the need to wire your cash register equipment - avoiding the per-event communication costs for the transaction - avoiding the time delay for the communication Per-event costs may be low, but in the non-wired world they're non-trivial. A phone call typically costs at least one message unit, say 5 cents. A CDPD cellular packet, according to some pricing I've seen, is similar. That's not much money when you're selling cars, but it's a lot for newspapers. Here at the former National Cash Register company, we've found that retail stores really like wireless communications to the cash register; in stores without datacomm wiring, it means you don't need to install any, and even if there's wiring in place, being able to move point of sale terminals around can be worth a lot, and if you only have to find a location with AC power wiring and not data, you're more flexible. The time delay for credit card verification is also an issue - modem-based systems typically take 15-20 seconds, while on-line systems take 2-3 seconds when the network isn't busy. That's an important issue at a retail store, when you can spend the transaction time putting merchandise in bags - it's far more important for things like road tolls or subway turnstiles. And waiting three days for your remailer network to bounce back an acknowledgement on your retail cocaine transaction will just _not_ do :-)! If you can accomplish all these successfully with offline systems, great! Too bad it's hard to do while retaining anonymity. Bill Stewart From wcs at anchor.ho.att.com Sun Aug 28 23:57:45 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 28 Aug 94 23:57:45 PDT Subject: DigiCash ??? Message-ID: <9408290656.AA25299@anchor.ho.att.com> Jim Dixon writes: > In message <9408281521.AA13945 at ua.MIT.EDU> Jason W Solinsky writes: > > > I would like somebody to explain how I would go about using an anonymous > > > digicash system to buy a automobile? [ new car at local dealer ] ... > Do we care that you can't get it on the road without insurance in most > states, and that the registration must be in someone's name? Unfortunately, the government has gotten away with nearly banning non-anonymous automobile use and ownership, for various reasons including ability to tax, keeping insurance companies happy, controlling the population's behavior, etc. However, by the time digicash is well enough established that a car dealer will _accept_ N thousand dollar payments in it, if the rules for being allowed to own cars or money aren't much nosier, you want to walk into the dealership on a rainy night in February, offer them an annoyingly low price for the car, they accept, you refuse the offers to lease or finance the car, and they say "Foo Bar Holding Company? We won't take your corporate check without bank certification, but we'll take Star/Plus/Sanwa/Mac ATMs, Western Union digicash, credit cards for an extra 3%, or Federal Reserve notes for an extra 1% cash transaction reporting fee." Bill From hughes at ah.com Mon Aug 29 00:16:00 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 29 Aug 94 00:16:00 PDT Subject: Zimmermann/NSA debate postponed In-Reply-To: <199408281725.MAA00218@omaha.omaha.com> Message-ID: <9408290654.AA29042@ah.com> It seems to me that a prerequisite for a transparent, secure mail system is an efficient, interactive, IP based key distribution system. Wait! Reconsider! The problems of doing public key distribution are large, and not yet solved. Don't wait for a perfect world before trying to make a better one. The PEM folks got bogged down for four or five years with key distribution, only to need to put out version 2.0 because of lack of acceptibility. You need not repeat their mistake. Assume that key distribution happens somewhere else, and simply use the keys in some repository. Manual key distribution will work just fine for common correspondents, and that's most ofthe problem. Eric From wcs at anchor.ho.att.com Mon Aug 29 00:23:13 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 29 Aug 94 00:23:13 PDT Subject: Online cash, Internet, Pizza Hut Message-ID: <9408290721.AA25519@anchor.ho.att.com> > > > http://www.pizzahut.com > > demo is pretty lame I'm guessing it actually faxes the pizza order to the guessed-nearest store? Wonder if they're guessing by zipcodes, or doing a lookup by street address? > Is there any indication they will move to some kind of online pay system? It makes it tougher to tip the driver when payment is done in advance, since getting out your wallet is no longer an integral part of the transaction and you don't have paper change around. Of course, their pizza is even less inspired than Domino's. (Still wishing I could find decent pizza on this side of the hills; the only decent pizza I've had on this side of the _continent_ has been a couple places in San Francisco....) Bill Now, if you order from Uncle Enzo's, you know it'll arrive on time guaranteed! :-) From blancw at pylon.com Mon Aug 29 00:31:51 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Mon, 29 Aug 94 00:31:51 PDT Subject: The Effects of Thinking & Writing Message-ID: <199408290732.AAA20748@deepthought.pylon.com> Responding to msg by nobody at ds1.wu-wien.ac.at >I think that writing and thinking is the only thing any >of us can do that will have impact. The only coding >effort I can see paying off is helping to make PGP >better. Maybe that's what I'll do. > >Thoth .................................................... I have read in public & private, comments about cypherpunks and how there is really little to be expected from the list in terms of practical solutions to governments, surveillance, the new world order, etc. It sets me to reflect upon what people could really expect to get from a mailing list; why it is that there is disillusionment about what the members seek to accomplish, such that there are discrediting comments about what will really happen as a result of its existence: what is it that leads some people to expect that reading other people's mail is going to change the NSA's mind, or the world at large? Is it because "real" cypherpunks write code? Perhaps the expectations for the range of the efficacy of coding are a little too high in some people's estimation? (Just because criminals & the NSA think it's important, doesn't mean e-v-e-r-y-b-o-d-y else will think so, too. Okay, so you're going to disagree with me about that. So flame me.) I must reflect upon the fact that this is, after all, just a list - just reading material and interchange from anyone who feels sufficiently motivated to reply or comment or just send in their .02 cents. Perhaps someone's intellect could supply imaginative inspiration, perhaps their knowledge could provide missing pieces to a puzzle, perhaps their style could bolster a failing courage towards autonomous thinking & therefore acting. What could really be realized from a voluntary gathering of various & sundry assorted strangers who subscribe for their own self-decided particular reasons, which they don't divulge to all, to get what they will and contribute what they may at such time as they feel sufficiently motivated to do so? Is this the Cypherpunk Savings & Loan Division? or did I reach the wrong department. Blanc From hughes at ah.com Mon Aug 29 00:46:15 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 29 Aug 94 00:46:15 PDT Subject: e$: e-cash underwriting In-Reply-To: <199408281957.MAA02631@jobe.shell.portal.com> Message-ID: <9408290724.AA29103@ah.com> To me, double-spending is analogous to passing bad checks. Legally, it's one form of conversion. Conversion includes forgery, for example. In either case you are getting an explicit or implicit assurance from the payor that the instrument is good. That's the case with checks right now. The assurance you mention is, in law, called an "implied warranty", and there are several kinds of them. Implied warranties are creations of law, and need not exist in a newly designed system. The system in which the issuer charges for a deposit attempt needs no implied warranty of validity. A deposit attempt is made, the fee is paid which covers equipment and communication costs, and everyone is happy. The problem is, the fraud doesn't occur (typically) when the note is redeemed at the bank, it occurs when the note is exchanged at the market. Is this proposing to charge the merchant when he in good faith turns in the cash which was given to him by the customer, and it turns out bad? What cruel irony! Here he is already cheated once, and the bank will charge him an extra fee as additional punishment? Fairness is overrated. In the commercial paper world, there is the concept of the "holder in due course", which is a legally protected holder. In certain situations there are parties who have to pay off both the holder in due course as well as having already paid for the note, or in other words, there are parties who incur a dead loss. There is a public policy decision implicit in this doctrine that a protected market in commercial paper is more important than fairness at each stage in the transaction. This is a profound principle. Overall economic benefit was the goal, not individual economic benefit. Now, I should add that if the issuer charges a deposit attempt fee, that a reasonable merchant would pass that fee right along to an anonymous customer. If the merchant wishes to extend credit in the size of the transaction or in the size of the deposit fee, that's their business. So the question of intermediates is really not relevant. An intermediary, the merchant in this case, can derive some source of income by being an intermediary, and either passes the deposit fee along or averages it with other income. The market will decide. Any merchant who must pay deposit attempt fees and who neither passes that cost on nor makes any attempt to otherwise stochastically recover that cost is, well, stupid. >From the issuer's perspective, the system is stable because database queries, that is, deposit attempts, are being directly paid for. From a potential multiple spender's perspective, double spending gets them nothing, and they have to pay for getting nothing. They might be able to convince some merchant to try the transaction for them, but it won't succeed and the only difference is that someone else pays the bank. But I thought we were referring to a double-spending protocol in which users revealed their identity to the bank. I'm talking about an online system. The idea of charging per attempt might also work in an offline system, if only to get the merchant to pass the fee on to their customers. Eric From hughes at ah.com Mon Aug 29 00:56:58 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 29 Aug 94 00:56:58 PDT Subject: e$: e-cash underwriting In-Reply-To: <199408290315.XAA27012@zork.tiac.net> Message-ID: <9408290735.AA29122@ah.com> Can you explain exactly how charging a back-end load on a digital cash certificate prevents double-spending? In an online system, double spending gets immediately rejected, so the only loss incurred by the bank is the cost of a database query. So the bank gets reimbursed for the cost of that query. From the point of view of the double spender, they pay something in order to get nothing, although perhaps they can convince someone else to pay that little something for them. In either case there is no direct benefit to a double spender, and there is a waste of time incurred. Now, in an offline system, this doesn't work the same way, because presumably goods or services are rendered before payment clears. Remember differential time lags, and Herstadt risk--same issue, different context. So the fairly simple solution of charging for a deposit attempt doesn't work. (Regardless that the end of my previous message said that it might.) Chalk one up to the efficiency of online transactions. A simple product change, with very low impact, can entirely eliminate to participate in an identity regime. Of course, if you've got your heart set on offline... Have I mentioned how much more computation and communication those systems require by all parties? Eric From jkreznar at ininx.com Mon Aug 29 03:41:14 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Mon, 29 Aug 94 03:41:14 PDT Subject: Bad govt represents bad people? In-Reply-To: <199408290320.XAA27092@zork.tiac.net> Message-ID: <9408291041.AA01168@ininx> -----BEGIN PGP SIGNED MESSAGE----- sw at tiac.net (Steve Witham) writes > John seems to mean 1) the people are bad, and 2) people who believe the > people are good try to influence politicians. Point 1: > Saying that a bad government is just representing bad people gives it more > credit than is due. You leave me wondering what you mean by ``bad people''. As someone near here (Eric?) is fond of reiterating, never attribute to malice that which can adequately be explained by ignorance or stupidity. Bad people? Well, maybe, but it's mostly ignorant-bad, not malicious-bad. > ... The whole is different from the sum of the > parts. Besides the parts there is their arrangement. Government as we know > it is a bad arrangement of people. It contains positive feedback > structures that amplify certain mistakes instead of correcting for them. Yes. This is the social ``cancer'' I mentioned, democratic political government. > The bad things that happen with governments often play on people's > irrational fears and psychological "hot buttons." They also make use of > the news media's eagerness to cover certain kinds of subjects and events. > A feedback loop will take advantage of whatever signal paths are out there. > So, you have people whipped up into showing their worst sides, and then > given exaggerated coverage on the news. It's hard to say what would give > a true picture of what most people are like. Talk with them. Find that a decent, civilized Northridge resident uses the earthquake as cover for replacing his carpeting at taxpayer expense through FEMA assistance. Find that a self-proclaimed tax resister holds his rallys on a tax-funded picnic ground. Find that an active patron of free market educators lobbies in Washington for continued tariffs when his business is threatened by imports. Generally, find rampant gratuitous acceptance of the ``benefits'' of big government, generating the demand that makes it bigger still. > On John's point 2: The goodness or badness of the people has little > to do with whether it makes sense to try to influence politicians, since > they do not represent and are hardly influenced by the will of the majority > anyway. Majority or not, the constituents strongly influence the bureaucrats. A good recent example familiar to readers of this list is the EFF with its shrill and incessant campaign to all of us to pressure politicians to do this or that. Thanks to the EFF's efforts, proponents of government surveillance can now claim the cooperation of a leading representative of data communications users. And the cypherpunks who are designing privacy mechanisms will have new obstacles to overcome. With constituents that adamant, it's no wonder that a bureaucracy grows powerful. When its budget is up for review, it need only point to the clients clamoring at its door. > It's the structure of government that needs changing. The social cancer would need to be cured. It's hard to believe that what would result would embed anything like ``government''. > What might > help change that is a complicated thing I won't go far into. Well, can you go a little ways? John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLmG0OsDhz44ugybJAQHvKAQArFNeoK/YiXD4ymGJZ2CBhTWxzmjI3i2h cCUe/QM+l5FD6OUfJjnKbfXXu0AKAjpbwcK8i5xN8lGqYebakF032g5K8rF5CwK7 Vq6VEvJwwMHc6H85uFkdRrb38QlByCpqC25e3YgNGbeH0Ek3hdOUiUWObLM73L/S 039vfiF4W0U= =y9xl -----END PGP SIGNATURE----- From jdd at aiki.demon.co.uk Mon Aug 29 05:21:15 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Mon, 29 Aug 94 05:21:15 PDT Subject: Is pay-per authentication possible absent trust? Message-ID: <8402@aiki.demon.co.uk> In message <9408251545.AA22928 at ua.MIT.EDU> Jason W Solinsky writes: > > Here is the situation. Charles runs a certification agency. He might be > certifying that you have some basic competency so that people will hire > you. [etc] > Either way, Charles's certification is worth money to you. But the value to > you isn't a constant amount. Each time you use the certification, you derive > additional value from it. So Charles figures that it makes much more sense > to sell his certifications on a per use basis... [etc] > To do this Charles adopts a protocol in which his signatures are time > dependent. Everybody can verify that his signatures a valid for the time > at which a signature is required, but only Charles can figure out what > the correct signature is for time T in polynomial time. [etc] > Enter Ingve the insurance salesman. Ingve will guarantee to others that you > are certified by Charles by offering them bets. So suppose that Microsquish > sends you its advertising agent and the agent is offering a 10 nano-slinkys > [a cyberspatial monetary unit] bonus if you can produce one of Charles's > certifications. Charles is charging 8 nano-slinkys. In steps Ingve. You've > told Ingve that you are certified by Charles as a frequent purchaser of big > brother inside computers. So Ingve says: "I'll convince Microsquish to accept > my word that you have Charles's certification in exchange for just four > nanoslinkys. But if at my request you ask for the certification and Charles's > says you aren't certified then you owe me 64 nano-slinkys." Since you are sure > that you are certified you accept the deal. Then Ingve goes to Microsquish > and offers to insure your certification. Each time Microsquish accepts a > certification from Ingve for you, Ingve will pay Microsquish 2 nano-slinkys > but will be able to get your business (and thus offset that with the four > nano-slinkys). But, if it turns whenever Microsquish wants to it can check > up on your certification from Charles at cost (8 nano-slinkys). If Charles > certifies you all is well. Otherwise, you owe Ingve 64 nano-slinkys and > Ingve has to pay up Microsquish's insurance claim (which could be quite large > depending on the policy. > > The result of all this is that Charles is cheated out of his revenue. Ingve, > You and Microsquish profit, but Charles fails to reap the benefits of his > certification. The question is: Is there a secure method that charles can > use to prevent the "Ingve the insurance salesman attack"? This is one of these problems where there is less there than meets the eye. First, a distinction is made between Charley's type of certification and Ingve's: Charley provides absolute assurance and Ingve provides a guess. But in actuality nearly all certification is probabalistic. That is, Charley goes through some sort of process and decides that he takes very little risk in offering a certificate. But you can rarely be certain that anything is true. So both Charley and Ingve guess. Secondly, when Ingve makes a similar guess, he takes a quantifiable risk. If he guesses wrong, he pays a penalty to MS. You imply that Charley takes no similar risk. In fact he must. The risk may be quite visible (he posts a bond which he can lose, or the customer may sue for damages) or it may be less visible (customers will stop coming to him if his certifications are false). So Ingve and Charley both face a penalty if they guess wrong. Finally, you throw in a payment to MS so that Ingve pays something when he issues a certificate, but by omission you imply that Charley's certificates are cost free. However, if they were, than Ingve's rational course of action would be to do whatever cost-free mumbo jumbo Charley does and issue his own certificates. So Charlie's certification process must have a cost, and so we suspect that in fact Charlie is sometimes behaving just like Ingve. Sometimes Charlie just skips the expensive precertification steps and issues a certificate anyway, making an extra profit. This is a form of self-insurance. So they are both in the insurance business. At this point, the distinctions between Charlie and Ingve have largely vanished. Ingve is just a competitor. MS pays less for Ingve's certificates because Ingve is known to guess a lot, whereas Charlie is generally trusted more. You pay less to Ingve for the same reason. -- Jim Dixon From mark at unicorn.com Mon Aug 29 06:03:08 1994 From: mark at unicorn.com (Mark Grant) Date: Mon, 29 Aug 94 06:03:08 PDT Subject: Zimmermann/NSA debate postponed Message-ID: On Sun, 28 Aug 1994, Carl Ellison wrote: > Anyone else out there with their own mailer? Yep, there's Privtool for Sun workstations (or anything else that uses the XView toolkit). It's only a beta at the moment, but I'll hopefully have time to finish it off before the end of the year, it's available from ftp.c2.org and ftp.dsi.unimi.it, and the documentation is available on the WWW at http://www.c2.org/~mark/privtool/privtool.html (I posted that here and on Usenet a few months ago). Mark From paul at poboy.b17c.ingr.com Mon Aug 29 06:25:00 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Mon, 29 Aug 94 06:25:00 PDT Subject: Are RSA licenses fungible? In-Reply-To: <199408280534.WAA01508@ar.com> Message-ID: <199408291323.AA28951@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- Not long after my original post, I got a message from Dave Barnhart of ViaCrypt. He asserted that it would be "illegal" for me to buy a ViaCrypt license, then use PGP 2.6-based code in my own application, and that it would violate both my RSAREF license and my MIT license on any copies of PGP 2.6 that I was licensed to operate. So, the short answer is I'm going to roll my own instead of using PGP or a PGP-based tool. D-H for the initial key exchange, plus 3DES for the actual encryption, and poof! away I go. And yes, I know D-H is claimed by RSA's PK patents. - -Paul - -- Paul Robichaux, KD4JZG | Demand that your elected reps support the perobich at ingr.com | Constitution, the whole Constitution, and Not speaking for Intergraph. | nothing but the Constitution. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLmHhL6fb4pLe9tolAQFgAAQAn1hP9L1Tu8XwnQNwJ0ZqwpxPqJhSTZ4r iKjre6KBFQ/2V5lmd6booHoN9Acper2dTV1Pzlj4dhqK8ox9Fo6kgIjfsNZQdCRA JrWzgAyY6TvCEjkS2B5Uig90Ar2f/cKcwiyhm4nJ/0yTnJbjas25Ymu+DRH3zW4E 03EG+HSgKpg= =kVSt -----END PGP SIGNATURE----- From jdd at aiki.demon.co.uk Mon Aug 29 06:28:39 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Mon, 29 Aug 94 06:28:39 PDT Subject: In Search of Genuine DigiCash Message-ID: <8533@aiki.demon.co.uk> In message <9408290556.AA28298 at ah.com> Eric Hughes writes: > The law and the enforcebility of agreements is what makes financial > instruments exist. Their behavior is a direct result of their legal > underpinnings. > > This is absolutely false. Both a promissory note and a bond can have > identical financial structure, but the legalities are completely > different. This is absolutely illogical. He says, laws underlay financial 'behavior'. You say, [law1] -> [behavior1] and [law2] -> [behvarior1], and THEREFORE the proposition fails. He did not say "there is a one to one relationship between laws and financial instruments". What he says permits an N:1 relationship, or an N:M relationship. -- Jim Dixon From raph at CS.Berkeley.EDU Mon Aug 29 06:49:30 1994 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 29 Aug 94 06:49:30 PDT Subject: List of reliable remailers Message-ID: <199408291350.GAA14970@kiwi.CS.Berkeley.EDU> I have written and installed a remailer pinging script which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, at: http://www.cs.berkeley.edu/~raph/remailer-list.html Please let me know about any other remailers which I missed. I've only included remailers which can mail to arbitrary addresses, so I already know chop and twwells are missing. This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://kiwi.cs.berkeley.edu/pub/raph/premail-0.20.tar.gz This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 10-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"chaos"} = " cpunk hash ksub"; $remailer{"vox"} = " cpunk oldpgp."; $remailer{"avox"} = " cpunk oldpgp"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"kaiwan"} = " cpunk pgp hash latent cut"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"rebma"} = " cpunk pgp hash"; $remailer{"jpunix"} = " cpunk hash"; $remailer{"wien"} = " cpunk pgp hash nsub"; $remailer{"c2"} = " eric pgp hash"; $remailer{"soda"} = " eric pgp."; $remailer{"penet"} = " penet"; $remailer{"ideath"} = " cpunk hash ksub"; $remailer{"usura"} = " cpunk pgp hash latent cut"; $remailer{"leri"} = " cpunk pgp hash"; Last ping: Mon 29 Aug 94 6:00:01 PDT remailer email address history latency uptime ----------------------------------------------------------------------- kaiwan ghio at kaiwan.com ####*+**+*** 4:21 99.99% portal hfinney at shell.portal.com #####*#***+* 4:54 99.99% jpunix remailer at jpunix.com ####******+* 6:35 99.99% wien remailer at ds1.wu-wien.ac.at ####*****-** 10:32 99.99% alumni hal at alumni.caltech.edu ####******+* 7:30 99.99% usura usura at hacktic.nl ##*#-******* 13:35 99.99% bsu-cs nowhere at bsu-cs.bsu.edu ##-#**##**++ 18:22 99.99% extropia remail at extropia.wimsey.com ****++++--++ 1:13:54 99.99% vox remail at vox.hacktic.nl ----------- 7:04:23 99.99% c2 remail at c2.org ***++-+-.-++ 2:33:05 99.97% chaos remailer at chaos.bsu.edu ### *###*#** 0:58 99.56% ideath remailer at ideath.goldenbear.com ###+*+****-* 40:42 99.27% leri remail at leri.edu ###*++*--+* 1:41:41 99.03% soda remailer at csua.berkeley.edu +*-+++++++++ 1:30:41 97.61% rebma remailer at rebma.mn.org ----+ 5:46:02 64.79% penet anon at anon.penet.fi __ ._. 45:04:39 26.55% Suggested path: jpunix;portal;kaiwan For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html Options and features cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. oldpgp Remailer does not like messages encoded with MIT PGP 2.6. Other versions of PGP, including 2.3a and 2.6ui, work fine. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. special Accepts only pgp encrypted messages. History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). If you've got a Web page, please feel free to include a link to this page. If you think your Web page is relevant to the subject of remailers, let me know and I'll link it in. Comments and suggestions welcome! Note to remailer operators: this script generates hourly ping messages. If you don't want that, let me know and I will take your mailer off the list, or increase the interval between pings. Raph Levien From jya at pipeline.com Mon Aug 29 07:23:14 1994 From: jya at pipeline.com (John Young) Date: Mon, 29 Aug 94 07:23:14 PDT Subject: A Different EFF on DigiTel Bill Message-ID: <199408291422.KAA10836@pipe3.pipeline.com> Mike Godwin of EFF attacks the Digital Telephony Bill by challenging Professor Denning's advocacy in the September Internet World. (If anyone cares, Mike posts zingers and unhealthy thoughts like c'punks' regularly on list Cyberia-L.) John From TomHyphen at aol.com Mon Aug 29 08:21:50 1994 From: TomHyphen at aol.com (TomHyphen at aol.com) Date: Mon, 29 Aug 94 08:21:50 PDT Subject: send info Message-ID: <9408291121.tn455881@aol.com> send info cypherpunks tomhyphen at aol.com tom steinert-threlkeld From tony at hydra.prenhall.com Mon Aug 29 08:30:23 1994 From: tony at hydra.prenhall.com (Tony Iannotti) Date: Mon, 29 Aug 94 08:30:23 PDT Subject: FCC Regulation (fwd) In-Reply-To: Message-ID: This has got to be a hoax, right? The airwaves/ham radio license model really doesn't work in this area! I'd think it was pretty funny, if I didn't have niggling supicion that it might be possible for a gummint mind to think it could work. 5Mhz speed limit? Nominal charge for slowdown crystals? !!! ________________________________________________________________________ < Tony Iannotti, "SysAdmin" cc:Mail: Tony_Iannotti at prenhall.com PTR Prentice Hall email: tony at prenhall.com 113 Sylvan Avenue phone: 201/816-4148 Englewood Cliffs, NJ 07632 fax: 201/816-4146 ------------------------------------------------------------------------ On Fri, 26 Aug 1994, Al Billings wrote: > Forwarded from the com-priv mailing list: > > typing skills examination and achieve no less than 40 words per > minute to obtain a (temporary) novice license. This must be > raised to 80 words per minute before a regular-status license > will be issued. Novices will restricted to operating networked > computers having speeds of less than 5 Mhz or operation of SLIP > or dial-up connections of no greater than 2400 baud. (It is > rumored that the FCC will make 5 Mhz replacement crystals > available at a nominal charge to temporarily slow computers of > novice operators). From raph at CS.Berkeley.EDU Mon Aug 29 08:48:58 1994 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 29 Aug 94 08:48:58 PDT Subject: Announcement of premail v. 0.20 Message-ID: <199408291548.IAA15387@kiwi.CS.Berkeley.EDU> Hi all, I am releasing premail, a remailer chaining and PGP encrypting mail client, to the Net. If you are interested in using the cypherpunks remailers, but are intimidated by them or simply find them too hard to use, then this software can help. Premail will also PGP-encrypt and optionally sign outgoing mail. The README file is attached. Please check it out and let me know how you like it. Raph Levien ----------------------------------------------------------------------- README file for premail v. 0.20 27 Aug 1994 -- Raph Levien Premail is a mail client for Unix workstations, supporting PGP encryption and anonymous remailers. It can be used either stand-alone or as a layer under your favorite user mail client. Premail has been designed to be as simple and transparent as possible. Features include: * Chaining of messages for cypherpunk remailers. * Automatic selection of reliable remailers. * PGP encryption and signing. * Online and offline operation. Premail is designed to masquerade as sendmail. It accepts mail in the same way, and takes the the same options, and providing additional header fields for its privacy features. Thus, if you can get your mail client to pass the mail to premail rather than sendmail, then you gain the use of the privacy features without changing the way you send mail. In the interest of simplicity, premail only handles outgoing mail. It does not handle incoming mail, or PGP decryption. Installation ------------ This section explains how to set up premail for basic operation, without PGP encryption. Use of PGP encryption is highly encouraged, and is covered in a later section, as are configuration and advanced features. This section assumes that your machine is connected to the net when you run premail. It is capable of offline operation as well, as discussed in a later section. 1. Get the source. Given that you are reading this file, you may have already done this; if so, go to step 3. The latest version of premail is available at: ftp://kiwi.cs.berkeley.edu/pub/raph/premail-0.20.tar.gz 2. Unpack it. To do this, run: gzip -dc premail.tar.gz | tar xvf - 3. See if you can run it. First, do "cd premail", then "./premail" (without the "" marks in both cases). If it prints a usage summary, you are in luck. If you get "command not found," then the problem is most likely that your system's copy of perl does not live in /usr/bin. Type "which perl" to find out where it actually is, then edit the first line of the file "premail" to match that, and try again. 4. Copy premail into a directory in your path (this step is optional). For example, if ~/bin is in your path, then do: cp premail ~/bin After this step, you probably want to run "rehash" so your shell knows were to find premail. 5. Set up the premail configuration file by typing: cp .premailrc ~ 6. Test whether premail really works, by typing: premail your at own.email.addr Path: 1 Subject: Test Does this really work? . If everything goes well, you should get a response from an anonymous remailer in a few minutes. Then, premail is set up and ready to use. You probably want to set up PGP as well, but you don't have to. This and other configuration options are covered below. The configuration options are controlled by the ~/.premailrc file, so you might want to browse through it and tweak things to your taste. Setting up premail for PGP -------------------------- When properly set up, premail will automatically encrypt outgoing mail using PGP. This applies both to traffic routed through the remailers, and to email encrypted for the final recipient, who would use PGP to decrypt it. On the other hand, you can skip this section if you don't want that. First, you need to make sure that you have PGP set up on your machine. When you do, just type: premail -getkeys This will finger Matt Ghio's remailer list at remailer-list at chaos.bsu.edu . If this site is down, or if you are not connected to the net, you should get the list from somewhere else. You can specify either an email address to finger or a file. For example, if you save the keys into remailkeys.asc, then you can run: premail -getkeys remailerkeys The messages from PGP will tell you that it's adding about a dozen new keys to the keyring. You also need to tell premail that you've got PGP running, and have added the remailer keys to your keyring. To do so, add the following line to the ~/.premailrc file: $config{"encrypt"} = "yes"; Also, if you've got PGP in a non-standard place, so that typing "pgp" will not call it up, then you need to add this line to the ~/.premailrc file: $config{"pgp"} = "/wherever/you/put/pgp"; The vox remailer has a problem with MIT PGP 2.6. Thus, premail will by default not encrypt mail going through vox. If your PGP version is 2.3a or 2.6ui, then it should work fine, so add this line: $config{"oldpgp"} = "pgp"; or, if PGP is in a nonstandard place, $config{"oldpgp"} = "/wherever/you/put/pgp"; Integration with user mail clients ---------------------------------- Without premail, outgoing mail works as follows. After you compose your mail, your mail client hands it off to a program called sendmail, which forwards it to the Net. Sendmail (written by Eric Allman at UC Berkeley) knows a lot about email addresses, networking, and so on, but very little about privacy and security. That's the job of premail. It is possible to use premail in either mode: under your client, or by itself. Either way will give the same features, it's just that integrating it with your client will be more convenient to use (if a bit harder to set up). To use premail, type: premail recipient at email.addr and enter your mail as you normally would, ending with either Control-D or a line with just a . on it. Or, you can prepare an email message with your favorite editor, and send it with premail -t < your.file To add premail support to emacs, just add this line to your .emacs file: (setq sendmail-program "/your/premail/pathname/here") With other mail clients, you should be able to use a similar technique. Contact me if you need help with a particular client. If you are root on your machine, you can install premail in /usr/lib/sendmail, so that it will work for _all_ mail clients. This is a fairly bold move, so it would be wise to test this carefully before doing so. To do so, move the existing sendmail into, say, /usr/lib/real_sendmail . Then, add the line $config{"sendmail"} = "/usr/lib/real_sendmail"; to premail. Finally, copy premail to /usr/lib/sendmail. If you choose to do this, let me know how well it works out. Using the privacy features -------------------------- Premail has two important privacy features: chaining through remailers, and PGP encrypting the messages. To chain through the remailers, simply add a header line such as Path: 3 to your mail. The number 3 says how many remailers you want it to chain through. Three is a good compromise between privacy on the one hand and speed and reliablilty on the other. The remailers will automatically be selected for their reliablity and speed, using the remailer list I maintain (finger remailer-list at kiwi.cs.berkeley.edu to see it). If you want to specify a particular sequence of remailers, you can do that. For example, if you are very fond of the idea of your mail crossing national boundaries, you might want to send it through Canada, Austria, and Holland, in that order: Path: extropia;wien;usura When using the Path field, your identity will be completely obscured. If the recipient tries to reply to your mail, it will get nowhere. You can specify a reply address using the Anon-From field: Anon-From: an123456 at vox.hacktic.nl The Anon-From field only shows up in mail which goes through the remailers. In ordinary mail, it will be ignored. So, you can put it in all of your mail without worrying about compromising your identity. In fact, you can make premail automatically use it in all anonymous mail by adding this line to your ~/.premailrc file: $config{"anon-from"} = "an123456 at vox.hacktic.nl"; Similarly, if most of the mail you send will be through the remailers, then you can set premail to do that as the default. Add this line (or whatever path you want, if not 3) to ~/.premailrc: $config{"defaultpath"} = "3"; Then, whenever you want to send non-anonymous mail, add this header field: Path: ; The other important privacy feature is the ability to PGP encrypt outgoing mail. This works whether or not you use the remailers. The recipient's key must be in your public key ring before you can encrypt mail to them. Then, all you have to do is add this mail header field: Key: user_id The mail will be encrypted with this user_id. It will be formatted using the MIME content type of application/x-pgp. If the recipient has a MIME-capable mail reader, they can set it up to automatically call PGP when receiving encrypted mail. Otherwise, you don't need to worry about it. You can also have premail automatically sign your mail, as well. This feature is a potential security problem, so use it with caution. Add these lines to your ~/.premailrc: $config{"signuser"} = "your_user_id"; $config{"signpass"} = "your pass phrase"; Again, a warning: in doing so, you have just stored your pass phrase in a disk file, which is considered a security no-no. On the other hand, if you are using this for medium-security applications, or if you have good control over access to your machine, then it should be OK; certainly a _lot_ better than not using PGP at all. The ~/.premailrc file should always have -rw------- (600) permissions. Use with caution. How to use the cypherpunks remailers like anon.penet.fi ------------------------------------------------------- Even though the cypherpunks remailers do essentially the same things as anon.penet.fi (though faster and with better privacy), they work quite a bit differently, and can be somewhat intimidating. Premail can help. First, you will need to get an anonymous alias. At this time, the only cypherpunk remailer which will do this for you is "avox", or anon at vox.hacktic.nl. To get the alias, do: premail your at own.email.addr Subject: alias Path: avox Hopefully, this will assign me an alias. . In a few hours, you will get email back with an alias of the form an123456 at vox.hacktic.nl . Then, when you send anonymous email, give your alias as the reply address. Here is an example: premail recipient at email.addr Anon-From: an123456 at vox.hacktic.nl Path: 3 Hello, if you reply to this, mail will get to me. . Unfortunately, unlike penet, avox does _not_ make the person replying anonymous. The best way for them to be anonymous is to use the cypherpunks mailers as well (hopefully by using premail!). How to post to Usenet --------------------- The easiest way is to use a mail-to-Usenet gateway. For example, to post to alt.skydiving, just send mail to alt.skydiving at demon.co.uk . A full list is available by fingering remailer-list at chaos.bsu.edu, or from http://www.cs.berkeley.edu/~raph/ghio-remailer-list.html . Extra goodies ------------- Premail supports a few more features, for advanced users. These include: offline mail preparation, logging, a password for penet, and a debugging mode. The configuration options specifying these are described in the ~/.premailrc file, which is what you would need to edit. Have fun! From ravage at bga.com Mon Aug 29 08:57:50 1994 From: ravage at bga.com (Jim choate) Date: Mon, 29 Aug 94 08:57:50 PDT Subject: DigiCash ??? In-Reply-To: <9408281521.AA13945@ua.MIT.EDU> Message-ID: <199408291557.KAA06315@zoom.bga.com> > > You hire an anonymous reshiper... no different from an anonymous remailer > only you can't use an automated program (yet :) and its damn difficult to > avoid traffic analysis. Assuming that nobody has decided to follow the car > or put a locater in it, your anonymity is ultimatelly ensured by the fact > that the last reshiper in your chain doesn't know whether or not you are > also a reshipper or the new owner. I actually think that given the > impossibility of avoiding traffic analysis, the most sensible solution is > to find somebody that you absolutely trust to buy the car and give it to > you without adding additional stages. > I suspect the shippers will surrender their shipping documents when they are faced with the removal of their bonds. This seems like a very shaky proposition at best. As to using an anonymouse third party, by placing them at risk this opens them up to various tactics. For instance, they could be given immunity from any charges and then they would be compelled to rat me out. In every example that deals with the delivery of tangible goods (which is the majority of what we purchase) the anonymity breaks down at the delivery point. You have to prove you are the one who is justifiably taking possession. This to me is a big hole in the system. From rubin at faline.bellcore.com Mon Aug 29 09:28:34 1994 From: rubin at faline.bellcore.com (Avi Rubin) Date: Mon, 29 Aug 94 09:28:34 PDT Subject: Announcing Bellcore's Trusted Software Integrity (Betsi) System Message-ID: <199408291628.MAA19544@faline.bellcore.com> A N N O U N C I N G ! ! ! ! ! Bellcore's Trusted Software Integrity (Betsi) System. Betsi addresses a security concern of software distribution in the Internet. Currently, there is no way to know that software obtained by anonymous ftp has not been modified since it was posted. Also, malicious software can be posted without the offender leaving a trace. Betsi is an experimental prototype that is meant to provide some degree of assurance about the integrity of software and the identity of its author. The current version of Betsi is an experiment. The long-term goals are: - help software venders distribute programs and patches - provide accountability by linking the author of a program to a real person whose identity is verified off-line - allow users to run software obtained on the Internet with less danger of viruses and trojan horses - use cryptographically strong techniques to preserve file integrity - scale well in the Internet community - minimize effort on the part of the users - use existing infrastructure and standards Betsi is a free, experimental service. It requires use of pgp to verify signatures from Betsi. Betsi's public key is widely available. It can be obtained from numerous public key servers by requesting the key for certify or Betsi. It also appears in a paper that was submitted for publication, in the help file (described in a moment) and at the end of this message. For additional information on Betsi send mail to certify at bellcore.com with subject, help. A copy of the paper describing Betsi can be obtained by anonymous ftp from thumper.bellcore.com in the directory /pub/certify. A copy of the public key for Betsi can also be found there. It is recommended that the key be obtained from at least two different places and compared. Betsi's public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi5I0LwAAAEEAJZi970w+Lb7onAmrnExWKrgUFbjJku29qVRlBY6/UtUH+fW s7MtAEUKIhktJ0cDpE+5Tbi6Lev2RXmXhT1hEjwxSwVFOMJmOuMZxlj+586IKigC vVjF+hCFKQWRXsleM/axVbpH+pNUmWcK6QMdBDFlzS/9pxdAiBPcEwSgd4ahAAUR tBxCZXRzaSA8Y2VydGlmeUBiZWxsY29yZS5jb20+iQB1AgUQLkjREpti/eSkC5bZ AQFzNwL8CVk6J8jhHukKKjrkdZX5VZMwuvgs7+ZIVR8fY+vpEBs6EbWAQpmm4ekV C4D6UOYCRxARpQN09M1aE9qSz6XKkYQjs9Ul/xRLtazDAuYOAkRxO3mnrFa2u6Tc +qXcZame =68fV -----END PGP PUBLIC KEY BLOCK----- Fingerprint: 5F 34 26 5F 2A 48 6B 07 90 C9 98 C5 32 C3 44 0C From hughes at ah.com Mon Aug 29 09:44:36 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 29 Aug 94 09:44:36 PDT Subject: Statistics on remail message sizes In-Reply-To: <199408180420.VAA10365@jobe.shell.portal.com> Message-ID: <9408291623.AA29767@ah.com> A couple of weeks ago Eric asked for statistical information on remailer message sizes. I put in a size-counter a week ago [...] or so, and here are some results. Based on Hal's numbers, I would suggest a reasonable quantization for message sizes be a short set of geometrically increasing values, namely, 1K, 4K, 16K, 64K. In retrospect, this seems like the obvious quantization, and not arithmetic progressions. Live and learn. Eric From jamesd at netcom.com Mon Aug 29 10:42:08 1994 From: jamesd at netcom.com (James A. Donald) Date: Mon, 29 Aug 94 10:42:08 PDT Subject: pgp fanaticism In-Reply-To: <9408290431.AA17951@ds1.wu-wien.ac.at> Message-ID: <199408291742.KAA01019@netcom8.netcom.com> Thus spake Thoth: > Perhaps my apparent frustration is caused by the fact that I've become > convinced that crypto-anarchy will not come to pass (I posted a > lenghtly scenario earlier of that I think the future will be like). Grey and black capitalism is already a major component of international cash flows. Once adequate user friendly software is available, the internet will accellerate this already existing trend. A fifty percent taxation rate (income plus sales plus this and that) maximizes the states return in the short run, but is unsustainable in the long run. Crypto anarchy is merely the application of modern tools to assist covert capitalism. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From ravage at bga.com Mon Aug 29 10:58:23 1994 From: ravage at bga.com (Jim choate) Date: Mon, 29 Aug 94 10:58:23 PDT Subject: PGP shells ... Message-ID: <199408291758.MAA12261@zoom.bga.com> Hi all, On the issue of shells for PGP, has anyone released a REXX based shell? I have REXX working on my Dos, Linux, and Amiga boxes and the cross-compatibility would be very nifty... Any info on existing REXX shells or front-ends would be appreciated. From hfinney at shell.portal.com Mon Aug 29 12:01:13 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 29 Aug 94 12:01:13 PDT Subject: Problems with anonymous escrow 1 Message-ID: <199408291900.MAA08729@jobe.shell.portal.com> There has been some discussion here about how anonymity/pseudonymity can be applied to a wider range of relationships. One possibility that Tim May and others have mentioned is to have escrow agents be anonymous. (I will use "anonymous" and "pseudonymous" more or less interchangeably because the former term is more familiar. But I am really referring to a case where the agents maintain a certain amount of continuity via secret keys and such.) (Let me make it clear that I am not arguing that there SHOULD NOT be anonymous escrow agents. I am questioning whether they are likely to be viable entities due to the problems I am listing here.) The obvious problem I see with anonymous escrow agents is that it is much harder for them to become and stay trustworthy. With an identified (non-anonymous) agency, you can have a lot of information on which to base your judgement. You can look at its assets, at its employees and hiring procedures, at its record. You look at the jurisdiction in which it operates and judge what protection the legal system may offer. You can look at other agencies in that jurisdiction and what their track record has been. I would guess that most of that information would not be available from an anonymous escrow agent, at least not in a validated form. Perhaps some of it could be done with credentials (a blinded statement from a reputable accounting firm that (this?) escrow agency has assets of $X). But generally thinking I think it will be very difficult to get nearly as much high-quality information about an anonymous escrow agent. This leaves the possibility of using its public record to judge trustworthiness. It may be able to offer certified statements (again, credentials of a sort) from earlier customers to show that it behaved honestly. Tim has suggested "pinging" such businesses, performing various dummy transactions to make sure that they are still behaving honestly. All this can help establish a record, but how well can this be extrapolated into the future? One of the problems with anonymity which has no underlying identity certification is that you are pretty much forced to adopt the stance that "the key is the identity." Your only channel of communication with the agent is via its key, and any message signed with that key has to be assumed to be coming from the agent. There is nothing else. The problem with this is that keys are not people. People, and businesses, have a certain continuity, a certain predictability. Keys do not. A key may change its personality, literally overnight, and you will not have any warning about this. In an identified business, if it changes hands, acquires new management, or has some other change which might lead to new behavior, you generally have some warning (especially if it is a business which is selling trustworthiness, in which case it will probably provide customers with an unusual degree of access to the business's internals.) But with an anonymous business this is not the case. An escrow agent who has been as steady as the sunrise for years may, without any warning, become totally dishonest. Hidden behind the shield of anonymity there is no way for its customers to discover the change. What are the motivations for an anonymous escrow agency to stay in business, to not take the money and run? Legal sanctions would presumably be ineffective. One proposal is that as long as the expected future stream of income is worth more than the current value of all contracts being held by the agent, it is worthwhile for it to be honest. There are a couple of problems with applying this. First, it is necessary to know about how many contracts the agent is holding at one time. But this will be complicated by the possible desire on the part of many customers to keep their activities secret (even beyond their presumed shield of anonymity). So there must always be the worry that more contracts are in progress than you suspect. This is especially true when you consider the possibility that other agencies may secretly be owned by this one. But more importantly, judging whether a future income stream is worth more than a present sum depends on knowing the escrow agent's personal time preferences. Some people like to have their money now, some are willing to postpone present gratification in favor of future income. Neither position is inherently right or wrong, but obviously a customer would feel more comfortable with an agent which favored future income. And the fact that an agent has been in business a long time suggests that this is indeed its view - if the agent is stable. But combine this with the ease with which a key can change its personality without warning and it suggests that even a long track record of stability could be fragile. The business is passed from father to son, it is acquired, it is coerced away, the owner experiences a change of circumstances due to illness or other catastrophe, and suddenly the agency has changed. Now, future income doesn't look so attractive compared to present money. Now, the owners have an incentive to close the business and (I firmly think the word applies) cheat their customers. Again, with an identity-based business these kinds of changes will be monitored closely by customers. And after a change like this the customers will be nervous and may go through a period where they don't fully trust the changed company. But with an anonymous agent there is no way of knowing when these things happen, and this uncertainty will constantly threaten the safety of the customers. Hal From hfinney at shell.portal.com Mon Aug 29 12:02:31 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 29 Aug 94 12:02:31 PDT Subject: Problems with anonymous escrow 2 Message-ID: <199408291902.MAA11465@jobe.shell.portal.com> Besides the question of trustworthiness, another problem I see with anonymous escrow agents applies more generally to any form of anonymous business. Anonymity makes sense to me for the individual. Each person manages his own affairs and he can keep secret or reveal what he wants. But at the business level it is going to be much harder to keep the same level of secrecy. It is hard for me to see how a business larger than two or three people can really expect to operate with the kind of anonymity we are talking about here. These escrow agents will need significant assets to be useful, and probably staffs of at least dozens or hundreds of actuaries and other professionals who will judge the safety and appropriateness of the various deals the agency is offered. How can you expect to keep the location and true identities of the business principals secret? It is said that no more than three people can keep a secret; can we really expect a staff of hundreds not to reveal that they actually work for the mysterious XYZ escrow agency, accessible only through Blacknet? Even with the Mafia, everyone knows who works there (judging from the newspapers). Can we really expect more secrecy for these anonymous businesses? I think that it is really impossible for a business of any significant size to be anonymous in the same way that an individual can. The idea of an escrow agency that retains its anonymity seems impractical to me. Hal From hfinney at shell.portal.com Mon Aug 29 12:04:03 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 29 Aug 94 12:04:03 PDT Subject: Problems with anonymous escrow 3 Message-ID: <199408291903.MAA14375@jobe.shell.portal.com> (Note - I originally wrote this and my other two postings on this topic as one big message. So when I refer to "above" here I really mean my posting on "Problems with anonymous escrow 1".) Another argument sometimes advanced in favor of trustworthy escrow agents is the "iterated prisoner's dilemma". This refers to Axelrod's simulations of computer program agents which repeatedly interacted in a simple "prisoner's dilemma" game which captures much of the essence of the trust relationship (see his book "The Evolution of Cooperation"). His results generally have consistently shown that agents which are never the first to "cheat" in a relationship do better than those which try to take advantage of their counterparts. The main requirement for Axelrod's results to hold true is that there be a history of interaction, so that agents recognize when they have interacted before (and implicitly expect that they will interact again). It has been argued that interacting pseudonymous entities satisfy the basic requirements for Axelrod's analysis because their pseudonyms have continuity over time, and people can use past history as a basis for future predictions (as in the escrow agency example). There are some significant differences, though, between Axelrod's scenario and the anonymous agents we are talking about. One is the issue of pseudonym continuity. Although it is true that pseudonyms can have continuity, they are not forced to, unlike in Axelrod's experiments. One of the main reasons why cheating is a bad idea in Axelrod's runs is that the cheating is punished in future interactions (generally, by being cheated on in return). But of course in real life situations, cheaters don't hang around to receive their punishment. Implicit in the escrow cheating scenario above was that the agent vanishes. He isn't forced to stay in business to be cheated repeatedly by customers until they get even. He is able to opt out of the system. Axelrod's programs don't have that option. Worse, a pseudonymous cheater has other options which allow him to continue to benefit from interactions with others while cheating. He can use multiple identities to, in effect, wipe the slate clean when he has cheated. This plays havoc with the crucial assumption in applying Axelrod's results of a history. With multiple pseudonyms there is no way to know that good-guy pseudonym A is connected with the nefarious pseudonym B. In effect, a pseudonym can cheat and not carry over the record of that cheating into future interactions. (I know, as I said above, that cheating does have a cost in the form of lost reputation. But the costs are not applied in the form they were in Axelrod's contest, where the results of a bad action are carried forward more or less forever. This is a reason why his results are not applicable to this situation.) Another difference between real life and Axelrod's situations is the possibility of bankruptcy, which may result in the death of a pseudonym. Axelrod's tournaments were predicated on the implicit assumption of an indefinite number of interactions. (This is my recollection; I'd be interested in whether experiments have been tried with a known fixed number of interactions, and the agents knowing how many more there were.) It had long been recognized (pre-Axelrod) that the prisoner's dilemma might reach a stable cooperative solution with multiple interactions, but that this becomes unstable if the parties know that they are reaching the end of their interaction period. In particular, on the last interaction, it is hard to avoid cheating since one knows that the other player will have no opportunity to apply punishment. But then, if it is a foregone conclusion that the last round will result in cheating, then it is hard to justify not cheating on the next-to-last round, since the results of the last round are foreordained and hence don't really provide feedback for what is done this time. This leads to a disastrous regress in which one finds that the stable cooperative solution collapses into a string of cheating interactions. Although in real life it will not frequently happen that both parties know that a particular interaction is the last, it may be that one party will know. If a business has suffered reversals and is doing poorly, it may know that time is running out. In that case it will be more likely to cheat and quit while it is ahead of the game. (This is a variation on the argument I made above where the escrow agent changes its policies due to bad circumstances.) The problem is that business is, to a certain extent, a random walk. Most years you make money, but sometimes there is a run of bad luck and you lose. If you ever get down to negative assets, you are basically out of the game. But in a random walk like this you can show that eventually you will visit every point on the line, which means that eventually every business will fail. This is no great surprise, of course, but it does represent another way in which Axelrod's results, which presuppose an indefinitely continued series of interactions, fail to model the situation we are discussing. Based on these comments, it would be interesting to consider a variation of Axelrod's game, one modelled more on what we feel are the properties of a system of interacting pseudonyms. We might include the possiblity for competing programs to "quit" by retiring old pseudonyms and to create new ones. We might also simulate bankruptcy by having a rule that if the cumulative score of an agent ever became negative, it was out of the game. It would be interesting to see whether these changed rules again promoted the development of "nice" strategies or whether they tipped the balance in favor of cheating. This might actually be a doable project for an interested programmer. It would be interesting to see whether others agree that it could shed light on the problem. Hal From wcs at anchor.ho.att.com Mon Aug 29 12:29:34 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 29 Aug 94 12:29:34 PDT Subject: ?-line cash Message-ID: <9408291926.AA13668@anchor.ho.att.com> > In-Reply-To: "Rick H. Wesson"'s message of Sat, 27 Aug 1994 19:04:21 -0700 <199408280204.TAA23729 at ar.com> > > The last on-line cash system I tried to work up didn't > have a drop of anonymity to it, and I don't know how to blind the > bank to the transactions but keep the thing reliable and secure... > > Please look at Magic Money, which is an existing coded prototype which > uses blind signatures to represent digital banknotes. The canonical place to look for discussion of blinding is Chaum's article in CACM from maybe October 1985? Should be referenced in Schneier's bibliography. It's probably also available on chaum's web server (something-or-other.digicash.nl). Schneier also discusses the technology somewhat. From CCGARY at MIZZOU1.missouri.edu Mon Aug 29 12:30:26 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Mon, 29 Aug 94 12:30:26 PDT Subject: Using remailers, chained remailers? Message-ID: <9408291930.AA16471@toad.com> Hello Cypherpunks, Could anyone give me a concise post on how to use remailers & chained remailers? Or an ftp site where I can download the info.? Thank You, Gary Jeffers From cactus at bb.com Mon Aug 29 12:48:21 1994 From: cactus at bb.com (L. Todd Masco) Date: Mon, 29 Aug 94 12:48:21 PDT Subject: Statistics on remail message sizes In-Reply-To: <9408291623.AA29767@ah.com> Message-ID: <33tean$6ul@bb.com> In article <9408291623.AA29767 at ah.com>, Eric Hughes wrote: >Based on Hal's numbers, I would suggest a reasonable quantization for >message sizes be a short set of geometrically increasing values, >namely, 1K, 4K, 16K, 64K. In retrospect, this seems like the obvious >quantization, and not arithmetic progressions. Live and learn. A brief suggestion: Code the progression, not the four values. As time goes on (and lossy sendmails disappear), people are sending larger and larger messages; it's easily conceivable that people could be swapping multiMB files at some point in the not too distant future (indeed, I do occasionally send out files that are 4-5 MB large, uuencoded binaries and tar files). No point in limiting future behavior due to current usage. -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus at bb.com | you understand?" From cactus at bb.com Mon Aug 29 13:02:36 1994 From: cactus at bb.com (L. Todd Masco) Date: Mon, 29 Aug 94 13:02:36 PDT Subject: Announcing Bellcore's Trusted Software Integrity (Betsi) System In-Reply-To: <199408291628.MAA19544@faline.bellcore.com> Message-ID: <33tf52$744@bb.com> In article <199408291628.MAA19544 at faline.bellcore.com>, Avi Rubin wrote: >-----BEGIN PGP PUBLIC KEY BLOCK----- ... >-----END PGP PUBLIC KEY BLOCK----- > >Fingerprint: > >5F 34 26 5F 2A 48 6B 07 90 C9 98 C5 32 C3 44 0C I've seen this sort of thing several places... Am I totally off base in thinking that distributing the fingerprint in the same way as the public key is close to totally pointless? -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus at bb.com | you understand?" From adam at bwh.harvard.edu Mon Aug 29 13:14:58 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 29 Aug 94 13:14:58 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <9408290345.AA28187@ah.com> Message-ID: <199408292013.QAA16862@bwh.harvard.edu> A system built like this is not only expensive in terms of paying employees, its also asking to be exploited. The people doing the ID checking are likely to be poorly paid, poorly trained, undermotivated and easily bribed into entering the data of your choice, giving away their password, etc. Also, the folks who do the archiving (the physical tape swapping, labelling, etc) are likely to be as easily manipulated as the ones who do the identity verification. Adam Eric Hughes wrote: | Take "recording of names", for example. You're going to have to hire | (physical) people to look at other (physical) people and look at | various forms of ID. You'll have to pay these employees, and staff | costs always dominate the other costs in service industries. You'll | have to ascertain that a particular public key, for example, matches | that of the (physical) person who opened the account. | | When the gov't comes and asks for all the records for a certain name, | you'll have to produce all that you have or be criminally negligent. | I assure you, setting up an archival system for seven years of | transaction information with high reliability is not inexpensive. From CCGARY at MIZZOU1.missouri.edu Mon Aug 29 13:38:11 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Mon, 29 Aug 94 13:38:11 PDT Subject: MIT PGP - PGP UI - VIACRYPT mime Message-ID: <9408292038.AA17763@toad.com> Cypherpunks, Question concerning MIT PGP 6.2 & PGP 6.2 ui. If it is known that the PGP that encrypted a msg is one of these two versions, then can it be determined which of these two versions did the encrypting? Also, can it be determined that it was not VIACRYPT that did it. Note: If it can be determined that PGP 6.2 ui did it, then it might be a neat trick to change the ui version to mimic either of the other two at user command. Yours Truly, Gary Jeffers From eckerg at acf2.NYU.EDU Mon Aug 29 13:45:14 1994 From: eckerg at acf2.NYU.EDU (Greg Ecker) Date: Mon, 29 Aug 94 13:45:14 PDT Subject: e$ as "travellers check? In-Reply-To: <9408290300.AA28141@ah.com> Message-ID: On Sun, 28 Aug 1994, Eric Hughes wrote: > But someone a long time ago brought up traveller's checks, and the > similarity between them and ecash. [...] You pay some money to > American Express, you get a note issued by them, you give it to a > merchant, he redeems in with AE for money. [etc...] > > I dont' know much about economics, but as far as I can tell this > seems a pretty solid analogy. > > What you have described is a financial model for digital cash, which > is only part of a complete model. The financial model is, as you > point out, pretty easy. You buy an instrument and then use it in lieu > of a more direct transfer. The privacy to counterparty comes about > because the issuer's name is on the instrument, not yours; the issuer > is a proxy for identity. > > It's clearly not _illegal_ to issue > travellers checks, > > No, but in certain places where they are used in lieu of greenbacks, > aka Federal Reserve Banknotes, it _is_ illegal to use them without > certain reporting requirements. (Duncan can elaborate, as he's much > more up on the details here.) Complicity in failure to report can > also be criminal. And an issuer that sets up a system to thwart > reporting requirements could easily be considered _prima facie_ > evidence of conspiracy to evade reporting. traveller's checks are an extremely easy way to defraud any bank that issues them, what will happen to this difficulty factor if they are anonymous ? From perry at imsi.com Mon Aug 29 13:50:03 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 29 Aug 94 13:50:03 PDT Subject: e$ as "travellers check? In-Reply-To: Message-ID: <9408292049.AA11861@snark.imsi.com> Greg Ecker says: > traveller's checks are an extremely easy way to defraud > any bank that issues them, what will happen to this > difficulty factor if they are anonymous ? Digitally signed notes are not forgeable. .pm From cactus at bb.com Mon Aug 29 13:52:32 1994 From: cactus at bb.com (L. Todd Masco) Date: Mon, 29 Aug 94 13:52:32 PDT Subject: Announcing Bellcore's Trusted Software Integrity (Betsi) System In-Reply-To: <199408291628.MAA19544@faline.bellcore.com> Message-ID: <33ti2r$7mj@bb.com> [Not all observations are mine: some belong to Andrew Boardman] Okay, I have a strong interest in this, because we want to be able to distribute ICE through traditional "freeware" channels while minimizing the threat of spoofing. I expect much better from Bellcore. >Betsi addresses a security concern of software distribution in the Internet. >Currently, there is no way to know that software obtained by anonymous ftp >has not been modified since it was posted. Whoever wrote the blurb clearly wasn't aware of (or chose to ignore) the already existing practice of individuals signing their own code. Why channel everything through this one Betsi agent? If Betsi's key is compromised, *ALL* of their customers lose. > - provide accountability by linking the author of a program > to a real person whose identity is verified off-line This is unnecessary, and I would claim undesirable. A unique anonymous ID is just as good as a "real" one -- since you're relying upon PGP anyway, the mapping from signature to a known identity is one-to-one. The only reason I can see to require this "real human" mapping is to try to prosecute people for bugs in their code or some contamination that seeps into their release. That's not an aspect of the world I want to live in. > - minimize effort on the part of the users This, I'd love to see. How do you securely get a user who doesn't know how to use PGP to verify the signature? I think most users out there are not likely to learn to use PGP on their own: this is from too many (3+) years of tech support at Carnegie Mellon -- hardly a technological backwater. People want to use their application and not worry about anything else. Make the damned computer work and let me finish my paper and get out of here. I guess my overall reaction to this Betsi thing is: why? As far as I can see, this Betsi agent only sets up a single choke point through which all software using Betsi can be compromised, for no particular gain. The current method of individuals signing their code with their well-known keys is far more secure and doesn't force the handing over of identities to the Software Police. -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus at bb.com | you understand?" From rubin at faline.bellcore.com Mon Aug 29 14:04:03 1994 From: rubin at faline.bellcore.com (Avi Rubin) Date: Mon, 29 Aug 94 14:04:03 PDT Subject: Announcing Bellcore's Trusted Software Integrity (Betsi) System Message-ID: <199408292103.RAA18305@faline.bellcore.com> > Am I totally off base in thinking that distributing the fingerprint in > the same way as the public key is close to totally pointless? Well, in many cases, people will be checking the key in several different places for extra assurance that it is correct. Including the fingerprint just saves them a calculation. I suppose you have a point that the fingerprints could all match, and be unrelated to the key being posted, but then I'd only be cheating myself. From tcmay at netcom.com Mon Aug 29 14:05:15 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 29 Aug 94 14:05:15 PDT Subject: Problems with anonymous escrow 1--response Message-ID: <199408292104.OAA25319@netcom4.netcom.com> I welcome Hal's comments. Between this meaty discussion of crypto anarchic issues, along with the equally meaty comments by Eric and others about financial instruments, maybe we've temporarily exorcised the run of "cyphernukes" trivia postings. (Not that nukes are trivial...I understand that even one of them can ruin your whole day.) Hal split his post up into three parts (that I've seen so far), but my response would probably not be split the same way, ideally. But I'll go ahead and answer each of his posts in order, or at least get started. First, let me clarify some points very briefly, points that would ordinarily come up in the response to the second and third parts. * I've never thought that anonymous escrow agents would be large corporations, or even companies of several or more people. In fact, many trading and investment services are handled today by a single person. Many underworld financial services--e.g., offshore banks--are handled by a single person. New computer technology makes this more feasible than ever. Additional staff, especially at the spear carrier level (office workers, clerical staff, etc.), are security leaks, as Hal notes. * Family-based businesses are also common, where blood ties establish a web-of-trust. Very common in Asia, the Middle East, and in other areas where mistrust is a dominant concern. (The Mafia is known as the Family, of course.) In many of these cultures, defections (in the game-theoretic sense) are strongly disincentivized, by the blood ties and the repercussions (ostracism at best, death in many cases). * I agree strongly with Hal--and have argued this in several posts over the past couple of years--that the "ecology of interacting anonymous agents" merits much more study. We cite the fictional scenario of "True Names," and we have limited exposure to such ecologies from the criminal underworld (Triads, Mafia, Russians, Jamaicans, etc.), but few economic studies have been done of such systems. (My explicit focus in many of my posts on outlaw communities and outlaw actions is not because I admire violent criminals, but because these communities are obviously unable to use the legal systems of the modern world and thus have developed and evolved their own legal codes of sorts--sometimes with greater refinement than the so-called legal world. David Friedman once agreed with me that much more study of underground markets, criminal enterprises, and black markets in general is needed.) On to Hal's comments. I'll only respond now to #1, then to #2, #3, etc. later today. >There has been some discussion here about how anonymity/pseudonymity >can be applied to a wider range of relationships. One possibility >that Tim May and others have mentioned is to have escrow agents be >anonymous. (I will use "anonymous" and "pseudonymous" more or less >interchangeably because the former term is more familiar. But I am >really referring to a case where the agents maintain a certain amount >of continuity via secret keys and such.) > >(Let me make it clear that I am not arguing that there SHOULD NOT be >anonymous escrow agents. I am questioning whether they are likely to >be viable entities due to the problems I am listing here.) I'm not arguing, by the way, that such anonymous escrow agents (AEAs, for brevity) will dominate conventional escrow agents, such as banks, securities firms, etc. (all of which have certain escrow functions). But I do expect that as more transactions leave the conventional "legal world"--not because they are ipso facto illegal or criminal, but because they are between parties who don't each others identities or nationalities and hence are unlikely to agree that Afghani law, for example, applies--that cyberspatial escrow/PPL agents will be more common. And if they exist, outside the conventional legal structure for the reasons just given, what reason is for them to be _non_-anonymous, that is, for them to voluntarily reveal their phsysical identities, locations, etc.? Hal mentions someplace that non-anonymity allows customers to check the bona fides. Several points: * Bona fides are easily faked. Cf. my posts on the 60,000 people in the Witness Security Program (aka Witness Protection), most with full-backstopped legends. The various governments of the world are expert at creating such legends, including banks that meet their needs, transport companies, and (probably) escrow services. So non-anonymity is not necessarily what it's cracked up to be. * Non-anonymity will likely expose the escrow agent to various pressures and sanctions, including: lawsuits, subpoenas, threats by the parties involved in an escrow, taxation, etc. Lots of complications. I can readily imagine these pressures totally swamping the advantages of escrow. I certainly know that any "non-anonymous" escrow agent will immediately be beset by various pressures, legal, financial, and physical. I can't imagine one operating for long in the U.S., for example. * Non-anonymous escrow services in most jurisdictions (Hint: the operative word is "jurisdiction") will of course not be able to handle transactions that are illegal, e.g., information sales, drug money holding, etc. And they likely face "know your customer" laws in many jurisdictions. [I consider the idea of a non-anonymous escrow agent a non-starter, offering essentially nothing of interest to identity-blinded users and instead introducing unacceptable risks, pressures, and red tape.] * If the customers, Alice and Bob, are anonymous (actually, pseudonymous, of course), and are not associated with any jurisdiction, why should they be interested in using a non-anonymous escrow agent, one who may be find in favor of one party or another based on local law, based on pressures applied by one party, etc.? Anonymous parties should be more comfortable with AEAs, all other things being equal. >The obvious problem I see with anonymous escrow agents is that it is >much harder for them to become and stay trustworthy. With an >identified (non-anonymous) agency, you can have a lot of information >on which to base your judgement. You can look at its assets, at its >employees and hiring procedures, at its record. You look at the >jurisdiction in which it operates and judge what protection the legal >system may offer. You can look at other agencies in that jurisdiction >and what their track record has been. Eric Hughes' "encrypted open books" protocol may be useful in verifying assets. Pinging works, as do "reputation-rating services" which rate escrow agents. I look to the success of underworld escrow agents (a standard role for criminal syndicates is to enforce certain transactions "fairly"). Granted, they are not anonymous. But reputations do indeed build up, even with pseudonyms (one might say _especially_ with nyms). Lots of issues. > >I would guess that most of that information would not be available >from an anonymous escrow agent, at least not in a validated form. >Perhaps some of it could be done with credentials (a blinded statement >from a reputable accounting firm that (this?) escrow agency has assets >of $X). But generally thinking I think it will be very difficult to >get nearly as much high-quality information about an anonymous escrow >agent. By the way, Hal several times talks about the "assets" of the escrow agent. In general, a bonding is not needed, as the held items are *of no value* to the escrow agent, in many cases I can see. There are two cases to consider: 1. Items held by AEA are unusable to the AEA, e.g., encrypted secrets and money. (There's the issue that the AEA doesn't know if it's holding worthless bits or valid digicash, for example. Again, ways of approaching this, and the protocols will likely evolve with time.) 2. Items, or one half of them at least, are usable by the AEA. For example, the equivalent of $100,000 is transferred to the AEA. It's mostly this second situation I'm dealing with, as Hal is. But I mention the first to give a hint about using protocols which blind the transactions even from the AEA. How it all shakes out is, not surprisingly, unclear. Also, webs of AEAs, somewhat like "reinsurance" amongst insurers, can have positive effects. A complicated point to discuss here, but related to the difficulty of maintaining frauds consistenly in the presence of multiple agents, all unknown to each other. > >This leaves the possibility of using its public record to judge >trustworthiness. It may be able to offer certified statements (again, >credentials of a sort) from earlier customers to show that it behaved >honestly. Tim has suggested "pinging" such businesses, performing >various dummy transactions to make sure that they are still behaving >honestly. All this can help establish a record, but how well can this >be extrapolated into the future? Bear in mind that an anonymous escrow agent (AEA) is effectively no different from a _digital bank_! I thought this point was pretty clear, as I was discussing AEAs in the context of being a slightly different kind of bank, but maybe it wasn't. Consider one's bank today, even a small, poorly-capitalized one. It can always 'defect' and claim that one's money was already withdrawn, (Yes, there are complicated crypto protocols designed to prevent this, or lessen the chances. The crypto community is generally interested in mathematical rigor, not surprisingly, but reputations are crucial as well. Time-binding, evolutionary game theory, etc.) >One of the problems with anonymity which has no underlying identity >certification is that you are pretty much forced to adopt the stance >that "the key is the identity." Your only channel of communication >with the agent is via its key, and any message signed with that key >has to be assumed to be coming from the agent. There is nothing else. Yes, the purist stance. What else could there be and still act as we wish it to? This is not to say that customers could not voluntarily arrange all sorts of additional checks and balances, such as: - biometric security (retinal, thumbprint, earlobe shape, voice, handwriting) - protocol limits ($1000 a day withdrawal, required "co-signers," etc.) (co-signers, time delays, guardians, all are possible, and may even be a good idea...I, for one, would take steps to make sure that my total assets are not accessible via a single number. Nothing unusual about this, just a small matter of programming.) >The problem with this is that keys are not people. People, and >businesses, have a certain continuity, a certain predictability. Keys Well, Hal, this argument applies to all pseudonymous exchanges, not just the AEA idea. (A meta-point I've made in several ways is that parties to these transactions will be "first-class" objects, that is, there is no compelling reason to have a distinction between "customers," "merchants," "bankers," and "escrow agents." Such niche distinctions may evolve, as agents fill various roles more than others, but the software structures need not skew the transactions in any preferential way. I can imagine many transactions in which agents fill several roles. Indeed, we all do this with cash all the time: we act as buyers, sellers, holders of money in trust, cashers of checks, etc.) >do not. A key may change its personality, literally overnight, and >you will not have any warning about this. In an identified business, >if it changes hands, acquires new management, or has some other change >which might lead to new behavior, you generally have some warning >(especially if it is a business which is selling trustworthiness, in ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ A nice turn of phrase, and a key one. AEAs are nothing if not sellers of trustworthiness. You all know the drill here. >which case it will probably provide customers with an unusual degree >of access to the business's internals.) But with an anonymous >business this is not the case. An escrow agent who has been as steady >as the sunrise for years may, without any warning, become totally >dishonest. Hidden behind the shield of anonymity there is no way for >its customers to discover the change. Webs of anonymous escrow, the "laying-off" of escrowed amounts to a set of other AEAs (picked by customers, mutually, like a jury perhaps) could further lessen risks. (My hunch: Sets of AES, picked this way by the parties, could increase confidence exponentially. My hunch is that the math of DC-nets and remailer networks is isomorphic. I'll think about this some more.) >What are the motivations for an anonymous escrow agency to stay in >business, to not take the money and run? Legal sanctions would >presumably be ineffective. One proposal is that as long as the >expected future stream of income is worth more than the current value >of all contracts being held by the agent, it is worthwhile for it to >be honest. This is a powerful incentive, history has shown. (On a tangent, one reason 'dishonesty' is now rampant, with people wiggling out of contracts and finding ways to reneg on deals is that we've largely replaced local sanctions--including things like tarring-and-feathering cheats--with "governmental actions," which can take many years to reach justice, if then.) > >There are a couple of problems with applying this. First, it is >necessary to know about how many contracts the agent is holding at one >time. But this will be complicated by the possible desire on the part >of many customers to keep their activities secret (even beyond their >presumed shield of anonymity). So there must always be the worry that >more contracts are in progress than you suspect. This is especially >true when you consider the possibility that other agencies may >secretly be owned by this one. Hence the use of multiple AEAs, picked by the customers "randomly" (or based on private reasons) and mutually (protocol: each submits list of acceptable AEAs, intersection is picked, or variants of this idea). Makes collusion more difficult. (Anonymity helps becasue pressures cannot directly be applied. Back channels exist, though, perhaps. Playing "Anonymous Monopoly" might be a useful thought experiment.) ... >But combine this with the ease with which a key can change its >personality without warning and it suggests that even a long track >record of stability could be fragile. The business is passed from >father to son, it is acquired, it is coerced away, the owner >experiences a change of circumstances due to illness or other >catastrophe, and suddenly the agency has changed. Now, future income >doesn't look so attractive compared to present money. Now, the owners >have an incentive to close the business and (I firmly think the word >applies) cheat their customers. Yes, this is a risk. But also a risk in non-anonymous transactions. (The people boarding the jets to Brazil.) Well, this ends on a minor comment rather than a major essay point, but perhaps this is best. Meanwhile, the best sunshine part of the day has passed without me getting down to the beach, so I'll close now and try to get out and catch some remaining rays. The remaining posts from Hal I'll respond to tonight. (ObNukeThread: Micronukes with yields of a kiloton or less are possible with as little as 10 grams of Pu. The key is the computer-intensive design and precise implosion sequenve. But such secrets will be amongst the first high-value secrets sold in digital black markets. I'm not worried: so we'll lose a couple of cities someday. Big deal. Six billion people and more...they'll make more.) --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From paul at poboy.b17c.ingr.com Mon Aug 29 14:26:33 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Mon, 29 Aug 94 14:26:33 PDT Subject: Announcing Bellcore's Trusted Software Integrity (Betsi) System In-Reply-To: <33tf52$744@bb.com> Message-ID: <199408292126.AA02540@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > In article <199408291628.MAA19544 at faline.bellcore.com>, > Avi Rubin wrote: > >-----BEGIN PGP PUBLIC KEY BLOCK----- > ... > >-----END PGP PUBLIC KEY BLOCK----- > > > >Fingerprint: > > > >5F 34 26 5F 2A 48 6B 07 90 C9 98 C5 32 C3 44 0C > I've seen this sort of thing several places... > Am I totally off base in thinking that distributing the fingerprint in > the same way as the public key is close to totally pointless? Distributing the key fingerprint allows J. Random Human to correlate a key supplied via one method with that supplied via another. For example, now that I have the fingerprint for the Betsi key, I can verify whether any other alleged Betsi key I see is real or not. It's a lot easier to read off & cross-check 32-character fingerprints than the entire key block, especially as signatures are added and the key block grows in size. - -Paul - -- Paul Robichaux, KD4JZG | Demand that your elected reps support the perobich at ingr.com | Constitution, the whole Constitution, and Not speaking for Intergraph. | nothing but the Constitution. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLmJSdKfb4pLe9tolAQEZkgP/W7P8Edw8sEI78V3HgtDjXDo/F09Gw7VF 4FH6pMIVT9w/jT30Adf6BxL+dhb1mcHuBhnhr7bIA31cerZpt+NiVwBbqAoSh+XW vFfkId5k3qmUIAypFQFe5BSHKS+yF6Rf8ERXZAFv2+a/ZJrpLxnW6FgFiU+dFt86 KEK/5EFiOCw= =qlgk -----END PGP SIGNATURE----- From tcmay at netcom.com Mon Aug 29 14:29:36 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 29 Aug 94 14:29:36 PDT Subject: Statistics on remail message sizes Message-ID: <199408292116.OAA10312@netcom14.netcom.com> >In article <9408291623.AA29767 at ah.com>, Eric Hughes wrote: >>Based on Hal's numbers, I would suggest a reasonable quantization for >>message sizes be a short set of geometrically increasing values, >>namely, 1K, 4K, 16K, 64K. In retrospect, this seems like the obvious >>quantization, and not arithmetic progressions. Live and learn. > >A brief suggestion: Code the progression, not the four values. As > time goes on (and lossy sendmails disappear), people are sending larger > and larger messages; it's easily conceivable that people could be > swapping multiMB files at some point in the not too distant future > (indeed, I do occasionally send out files that are 4-5 MB large, > uuencoded binaries and tar files). > >No point in limiting future behavior due to current usage. Except that coding only the progression and not the actual values lessens the usefulness of quantizing. We may have one group of remailers/users which uses the Hughes sequence: 1, 4, 16, 64, and another group that uses another sequence: 3, 9, 27, etc. I'm not saying we'll ever get everybody to agree, but there are times when it's better to converge on solid, actual numbers and not on the more-elegant abstract progressions. But maybe I'm misunderstanding the point here. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From johndo at microsoft.com Mon Aug 29 14:38:29 1994 From: johndo at microsoft.com (John Douceur) Date: Mon, 29 Aug 94 14:38:29 PDT Subject: iterated prisoner's dilemma Message-ID: <9408292139.AA06676@netmail2.microsoft.com> -----BEGIN PGP SIGNED MESSAGE----- >From: Hal >Date: Monday, August 29, 1994 12:03PM >Another argument sometimes advanced in favor of trustworthy escrow >agents is the "iterated prisoner's dilemma". This refers to Axelrod's >simulations of computer program agents which repeatedly interacted in >a simple "prisoner's dilemma" game which captures much of the essence >of the trust relationship (see his book "The Evolution of Cooperation"). >His results generally have consistently shown that agents which are >never the first to "cheat" in a relationship do better than those >which try to take advantage of their counterparts. . . . >Axelrod's tournaments were predicated on the implicit >assumption of an indefinite number of interactions. (This is my >recollection; I'd be interested in whether experiments have been tried >with a known fixed number of interactions, and the agents knowing how >many more there were.) It had long been recognized (pre-Axelrod) that >the prisoner's dilemma might reach a stable cooperative solution with >multiple interactions, but that this becomes unstable if the parties >know that they are reaching the end of their interaction period. Axelrod's second tournament had a variable number of interactions, precisely to defeat penultimate-interaction attacks. He added this specifically because his first tournament had a fixed and known number of interactions, and several programs took advantage of it. However, even in the first tournament, the "nice" programs did better than the "mean" programs, and Tit-for-Tat was the winner. I suppose this doesn't prove much, insofar as a Tit-for-Tat-but- Screw-Em-on-the-Last-Round program would probably have come in first had it been entered. Even so, I expect that the marginal increase in score over Tit-for-Tat would have been vanishingly small for a large number of interactions. JD -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLmJSsEGHwsdH+oN9AQGIAAQAkT6GC1xOdmCh5Zp7LU17oKRH7WAqeYoK 6FypHPqfUK688uFUAUz61MhGaMkr9ZoCcnRdsmejOGq9zQ9sW6D3SnGvTtkgGyGD zNjle57RVxG8sqkaei8kKszCyVIxZfms2RkdrmQyC/GHwAo9i/5yOszdqFotWfVJ HRe05Pfrano= =zsiI -----END PGP SIGNATURE----- From brains at male.org Mon Aug 29 14:56:45 1994 From: brains at male.org (brains at male.org) Date: Mon, 29 Aug 94 14:56:45 PDT Subject: Announcing Bellcore's Trusted Software Integrity (Betsi) System Message-ID: >> - provide accountability by linking the author of a program >> to a real person whose identity is verified off-line > >This is unnecessary, and I would claim undesirable. A unique anonymous > ID is just as good as a "real" one -- since you're relying upon PGP > anyway, the mapping from signature to a known identity is one-to-one. > >The only reason I can see to require this "real human" mapping is > to try to prosecute people for bugs in their code or some contamination > that seeps into their release. > >That's not an aspect of the world I want to live in. Or to warn potential virus "authors" that *their* anonymity is no longer assured - not a bad thing. Not enough to justify the rest of it, IMHO, but certainly not Evil Incarnate (not to be flinging misinterpretations or aspersions :-) Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From warlord at MIT.EDU Mon Aug 29 14:59:19 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Mon, 29 Aug 94 14:59:19 PDT Subject: MIT PGP - PGP UI - VIACRYPT mime In-Reply-To: <9408292038.AA17763@toad.com> Message-ID: <9408292158.AA12392@toxicwaste.media.mit.edu> There is no PGP 6.2. There is no MIT PGP 6.2. There is no PGP 6.2 ui. Assuming you mean PGP 2.6, there is no cryptographic difference between any of these versions. -derek From cactus at bb.com Mon Aug 29 15:05:49 1994 From: cactus at bb.com (L. Todd Masco) Date: Mon, 29 Aug 94 15:05:49 PDT Subject: Statistics on remail message sizes In-Reply-To: <199408292116.OAA10312@netcom14.netcom.com> Message-ID: <199408292209.SAA08637@bb.com> Timothy C. May writes: > Except that coding only the progression and not the actual values lessens > the usefulness of quantizing. We may have one group of remailers/users > which uses the Hughes sequence: 1, 4, 16, 64, and another group that uses > another sequence: 3, 9, 27, etc. > > I'm not saying we'll ever get everybody to agree, but there are times when > it's better to converge on solid, actual numbers and not on the > more-elegant abstract progressions. > > But maybe I'm misunderstanding the point here. I think you are; My point was much more trivial than that; I'm just suggesting that the 1,4,16,64 be extended to 256, 1024, 4096,... -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus at bb.com | you understand?" From cactus at bb.com Mon Aug 29 15:07:59 1994 From: cactus at bb.com (L. Todd Masco) Date: Mon, 29 Aug 94 15:07:59 PDT Subject: Announcing Bellcore's Trusted Software Integrity (Betsi) System In-Reply-To: Message-ID: <199408292212.SAA08717@bb.com> brains at male.org writes: > Or to warn potential virus "authors" that *their* anonymity is no longer > assured - not a bad thing. Not enough to justify the rest of it, IMHO, but > certainly not Evil Incarnate (not to be flinging misinterpretations or > aspersions :-) Certainly not enough to justify the rest: Can you name one example of an author of a package including some virus? Not someone putting one post-production (individual signing will prevent that), but the original author? It's a straw man. -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus at bb.com | you understand?" From jya at pipeline.com Mon Aug 29 15:08:34 1994 From: jya at pipeline.com (John Young) Date: Mon, 29 Aug 94 15:08:34 PDT Subject: e$: e-cash underwriting Message-ID: <199408292207.SAA25709@pipe1.pipeline.com> Responding to msg by hughes at ah.com (Eric Hughes) on Sun, 28 Aug 10:9 PM >Turn fraud attempts from a security cost to a profit >center. Brilliant statement, Eric. My mouth fell open. This is the best synopsis I've seen for the conversion of our national security capitalism into democratic capitalism. It makes all the pleasurable, if demanding, digicash correspondence I've read here fall into place. John From jim at rand.org Mon Aug 29 15:35:48 1994 From: jim at rand.org (Jim Gillogly) Date: Mon, 29 Aug 94 15:35:48 PDT Subject: Announcing Bellcore's Trusted Software Integrity (Betsi) System In-Reply-To: <199408292212.SAA08717@bb.com> Message-ID: <9408292233.AA29506@mycroft.rand.org> > "L. Todd Masco" writes: > Certainly not enough to justify the rest: Can you name one example of an > author of a package including some virus? Not someone putting one Yes. > post-production (individual signing will prevent that), but the original > author? Mark Ludwig wrote KOH, an on-the-fly disk encryption program that is also a virus. It was posted recently to alt.security.pgp. Ludwig is the author of a number of other viruses that don't claim to be useful. > It's a straw man. OK. For the record, I think it's a Good Thing to have as much confidence in lots of different frequent-version programs as I do in (say) PGP with its signed-file protocols. Jim Gillogly Hevensday, 7 Halimath S.R. 1994, 22:32 From cactus at bb.com Mon Aug 29 15:38:24 1994 From: cactus at bb.com (L. Todd Masco) Date: Mon, 29 Aug 94 15:38:24 PDT Subject: Announcing Bellcore's Trusted Software Integrity (Betsi) System In-Reply-To: <199408292126.AA02540@poboy.b17c.ingr.com> Message-ID: <33to7k$8ug@bb.com> I've revised my opinion: It's not close to useless, it's worse than useless. Two things people seem not to be getting: 1. Including the fingerprint with a signed message is much less pointless. This was distributing the fingerprint *with the public key*. That's bogus. However, even were this a signed message rather than a key... 2. Encouraging people to trust the included ASCII fingerprint is a Bad Thing. Why not just include these fingerprint things and not bother with this confusing, patented RSA stuff? Much easier that way. Great. Here's the Betsi key, with the fingerprint included for those who don't want to use PGP to do the computation. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.7 mQA9Ai5iKZAAAAEBgMAWW4+5FhyI3A5g4BT7bX8HwC6Ql4rwD/VlCNZnWZefReA5 CMJ+ot/oLrWaACcuJQAFEbQWQmV0c2kgPGNlcnRpZnlAYmIuY29tPg== =9juv -----END PGP PUBLIC KEY BLOCK----- Fingerprint: 5F 34 26 5F 2A 48 6B 07 90 C9 98 C5 32 C3 44 0C [Security or ease of use. Choose one.] -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus at bb.com | you understand?" From merriman at metronet.com Mon Aug 29 15:48:52 1994 From: merriman at metronet.com (David K. Merriman) Date: Mon, 29 Aug 94 15:48:52 PDT Subject: Announcing Bellcore's Trusted Software Integrity (Betsi) System Message-ID: > >Certainly not enough to justify the rest: Can you name one example of an > author of a package including some virus? Not someone putting one > post-production (individual signing will prevent that), but the original > author? > >It's a straw man. Well, there was that CD-ROM program of a couple months ago that professed to be from one of the drive manufacturers (but wasn't) containing some kind of Binary Nasty (tm). The mfr's finally had to post (far and wide) the fact that it was *not* their program. The program was posted using a false ID, etc. Don't know if the Bellcore system would prevent that, but it is *one* example, anyway. I'm not arguing that the Bellcore system is the answer to Life, the Universe, and Everything; just that there are some small pieces to it that have *some* perceivable merit to them. Personally, I wouldn't want anything to do with it - as you note, the costs and hazards _far_ outweigh any benefits, and there are easier and more secure ways of accomplishing the same things. Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From cactus at bb.com Mon Aug 29 15:50:05 1994 From: cactus at bb.com (L. Todd Masco) Date: Mon, 29 Aug 94 15:50:05 PDT Subject: Announcing Bellcore's Trusted Software Integrity (Betsi) System In-Reply-To: <199408292212.SAA08717@bb.com> Message-ID: <199408292254.SAA09291@bb.com> Jim Gillogly writes: > Mark Ludwig wrote KOH, an on-the-fly disk encryption program that is also > a virus. It was posted recently to alt.security.pgp. Ludwig is the author > of a number of other viruses that don't claim to be useful. I stand corrected; However, my point (overstated as it was) is that this is insignificant to the total number of programs distributed: the whole mass of ftp.uu.net, wuarchive.wustl.edu,... > OK. For the record, I think it's a Good Thing to have as much confidence > in lots of different frequent-version programs as I do in (say) PGP with > its signed-file protocols. Oh, I certainly agree. I just don't believe that Betsi does anything constructive towards this -- doing this through reputations of known agents is a much better method, IMO -- and not one that requires an agent <-> human mapping. -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus at bb.com | you understand?" From entropy at IntNet.net Mon Aug 29 15:54:16 1994 From: entropy at IntNet.net (Jonathan Cooper) Date: Mon, 29 Aug 94 15:54:16 PDT Subject: e$ as "travellers check? In-Reply-To: <9408292049.AA11861@snark.imsi.com> Message-ID: > > traveller's checks are an extremely easy way to defraud > > any bank that issues them, what will happen to this > > difficulty factor if they are anonymous ? > > Digitally signed notes are not forgeable. Right. I doubt very seriously that there is anything on the planet that is *ABSOLUTELY* unforgable. It all comes down to how much energy and resources one is willing to sink into the project. -jon ( THEY CAN STOP THE PARTY, BUT THEY CAN'T STOP THE FUTURE ) ( --------------------[ entropy at intnet.net ]------------- ) From cactus at bb.com Mon Aug 29 15:55:51 1994 From: cactus at bb.com (L. Todd Masco) Date: Mon, 29 Aug 94 15:55:51 PDT Subject: Announcing Bellcore's Trusted Software Integrity (Betsi) System In-Reply-To: Message-ID: <199408292300.TAA09330@bb.com> "David K. Merriman" writes: > Well, there was that CD-ROM program of a couple months ago that professed to > be from one of the drive manufacturers (but wasn't) containing some kind of > Binary Nasty (tm). The mfr's finally had to post (far and wide) the fact > that it was *not* their program. The program was posted using a false ID, > etc. Don't know if the Bellcore system would prevent that, but it is *one* > example, anyway. That was Chinon; The Bellcore system would add nothing that Chinon signing their own material themselves would not add, and would reduce the security in that everybody would want to get their hands on the Betsi key to compromise those gazillion other packages. -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus at bb.com | you understand?" From huntting at glarp.com Mon Aug 29 16:07:28 1994 From: huntting at glarp.com (Brad Huntting) Date: Mon, 29 Aug 94 16:07:28 PDT Subject: Announcing Bellcore's Trusted Software Integrity (Betsi) System In-Reply-To: <199408292212.SAA08717@bb.com> Message-ID: <199408292304.RAA22130@misc.glarp.com> > Certainly not enough to justify the rest: Can you name one example of an > author of a package including some virus? Not someone putting one > post-production (individual signing will prevent that), but the original > author? Many Mac viruses that I've seen come straight from Microsoft neatly sealed in plastic on brand new disks. If they signed them it would not increase my confidence one iota. brad From cactus at bb.com Mon Aug 29 16:14:47 1994 From: cactus at bb.com (L. Todd Masco) Date: Mon, 29 Aug 94 16:14:47 PDT Subject: Announcing Bellcore's Trusted Software Integrity (Betsi) System In-Reply-To: <199408292212.SAA08717@bb.com> Message-ID: <199408292319.TAA09586@bb.com> Brad Huntting writes: > Many Mac viruses that I've seen come straight from Microsoft neatly > sealed in plastic on brand new disks. If they signed them it would > not increase my confidence one iota. How would getting Betsi to sign them increase your confidence? Betsi doesn't seem to claim to do any testing of the software, they just verify that it was really Bill Gates' company (in this example) that shipped the Microsoft product. BFD -- they can buy their own ViaCrypt PGP. I think people are missing my point: that having a third party sign your software without any testing (Betsi is free, after all) adds *nothing* except for a human-to-name mapping, and increases the risk of the signature being compromised. Now, there probably is a market for somebody who tests the software first and then certifies it -- in fact, that will probably be a big business in the future, one I can easily see someone like Cygnus getting into. But that's not what Betsi claims to do, and I certainly don't want to contemplate the legal issues (do you get your ass sued off when you're wrong? Almost certainly) involved with anybody trying to do that. -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus at bb.com | you understand?" From eb at comsec.com Mon Aug 29 16:35:51 1994 From: eb at comsec.com (Eric Blossom) Date: Mon, 29 Aug 94 16:35:51 PDT Subject: DSPs In-Reply-To: <8145@aiki.demon.co.uk> Message-ID: <199408292302.QAA02577@comsec.com> Jim Dixon writes: > The Motorola DSP96002 does an integer multiply in 2 or 3 clocks, so a > 33 MHz device does 11 million multiplies (and moves) a second. The > chip costs about $50. The 96002 is a floating point part. Last time I checked it cost several hundred dollars. I suspect that you were refering to the 56001/2 family (which does cost something like $50). From eb at comsec.com Mon Aug 29 16:36:36 1994 From: eb at comsec.com (Eric Blossom) Date: Mon, 29 Aug 94 16:36:36 PDT Subject: DSPs In-Reply-To: <199408262009.NAA17046@unix.ka9q.ampr.org> Message-ID: <199408292254.PAA02525@comsec.com> Phil Karn writes: > But then I hear people say that it's not the multiplication that slows > down modular exponentiation, it's the modular reduction. That's one of the driving reasons for using Montgomery multiplication. You do some up front work that changes the representation into one where the reduction on each multiply is a multple of 2^N (a shift, or fetch of the LSW or MSW of the result). See "Modular Multiplication Without Trial Division", Peter L. Montgomery, Mathematics of Computation, v44, n170, pp 519-521, Apr 1985. From solman at MIT.EDU Mon Aug 29 16:38:16 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Mon, 29 Aug 94 16:38:16 PDT Subject: Problems with anonymous escrow 1 In-Reply-To: <199408291900.MAA08729@jobe.shell.portal.com> Message-ID: <9408292337.AA02128@ua.MIT.EDU> > The obvious problem I see with anonymous escrow agents is that it is > much harder for them to become and stay trustworthy. With an > identified (non-anonymous) agency, you can have a lot of information > on which to base your judgement. You can look at its assets, at its > employees and hiring procedures, at its record. You look at the > jurisdiction in which it operates and judge what protection the legal > system may offer. You can look at other agencies in that jurisdiction > and what their track record has been. Why this dichotomy? A cyberspatial entity is somebody who owns a secret key. If said entity wants to maximize its anonymity it will reveal nothing about itself. If said entity wants establish the strongest possible reputation, it will reveal all (and lock itself into doing so ahead of time). Since it is enourmously difficult to deal with an entity with no reputation and since it requires a substantial amount of effort to establish certified facts about the nature of a cyberspatial entity, one would expect most (if not all) to exist somewhere in between the two extremes. > I would guess that most of that information would not be available > from an anonymous escrow agent, at least not in a validated form. > Perhaps some of it could be done with credentials (a blinded statement > from a reputable accounting firm that (this?) escrow agency has assets > of $X). But generally thinking I think it will be very difficult to > get nearly as much high-quality information about an anonymous escrow > agent. Agreed. The forms of information that one might need certified are so varied that the cyberspatial infrastructure needed to support this system would be massive. But in the mean time, I would expect insurance to pick up the slack. Under any such scheme the customer doesn't bother looking at the entity's credentials... it just looks at the insurance contract given by the insurance company to the customers of the entity via a blind signature. > This leaves the possibility of using its public record to judge > trustworthiness. It may be able to offer certified statements (again, > credentials of a sort) from earlier customers to show that it behaved > honestly. Tim has suggested "pinging" such businesses, performing > various dummy transactions to make sure that they are still behaving > honestly. All this can help establish a record, but how well can this > be extrapolated into the future? The problem with reputations of this form is that it is difficult to verify that the customer's opinions were not pre-selected. Otherwise a business could work under several different pseudonyms, combine only those pseudonyms receiving rave reviews, and leave you with the impression that they never had a displeased customer. Of course this happens to a degree in the real world today. > The problem with this is that keys are not people. People, and > businesses, have a certain continuity, a certain predictability. Keys > do not. A key may change its personality, literally overnight, and > you will not have any warning about this. That sounds an awful lot like a person to me. > In an identified business, > if it changes hands, acquires new management, or has some other change > which might lead to new behavior, you generally have some warning > (especially if it is a business which is selling trustworthiness, in > which case it will probably provide customers with an unusual degree > of access to the business's internals.) But with an anonymous > business this is not the case. An escrow agent who has been as steady > as the sunrise for years may, without any warning, become totally > dishonest. Hidden behind the shield of anonymity there is no way for > its customers to discover the change. I strongly refute the notion that anything other than federal regulations prevent this situation from existing in the real world today... And federal regulations can be replaced by cybergovernments. > What are the motivations for an anonymous escrow agency to stay in > business, to not take the money and run? Legal sanctions would > presumably be ineffective. One proposal is that as long as the > expected future stream of income is worth more than the current value > of all contracts being held by the agent, it is worthwhile for it to > be honest. This is easy, prevent the agent from taking the money without the agreement of a set of other parties. Hold money in escrow from the escrow. > Again, with an identity-based business these kinds of changes will be > monitored closely by customers. A key IS an identity. In terms of dealings with corporations there is no situation in which the official name of the corporation is any more useful than the key. When dealing with humans, yes a system which prevents an individual from every changing names can be very valuable, but such a system is difficult to maintain and requires of high level of physical realm support. JWS From johndo at microsoft.com Mon Aug 29 16:46:13 1994 From: johndo at microsoft.com (John Douceur) Date: Mon, 29 Aug 94 16:46:13 PDT Subject: e$ as "travellers check? Message-ID: <9408292346.AA13380@netmail2.microsoft.com> -----BEGIN PGP SIGNED MESSAGE----- >From: Jonathan Cooper >Date: Monday, August 29, 1994 6:45PM >> > traveller's checks are an extremely easy way to defraud >> > any bank that issues them, what will happen to this >> > difficulty factor if they are anonymous ? >> >> Digitally signed notes are not forgeable. > Right. > I doubt very seriously that there is anything on the planet that is >*ABSOLUTELY* unforgable. It all comes down to how much energy and >resources one is willing to sink into the project. This comment, unless I misunderstand it, supports (rather than refutes) Perry's rebuttal to the claim that forging digital traveller's checks would be "extremely easy." Sticking in my nose where it doesn't belong, JD -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLmJxiEGHwsdH+oN9AQFu3gP/c2toIn3PFVFREc/L3cNVlLuskLTAAwBW v7qjR3Lwc01vXgoze14uIxtkrSY9fIyXyZOyBqaOUGB1lJGlXpLjINjbBUIWa5QO h/SHkAc96FXVioYClXaBvPG2fn+mOy1/thIorvDCc3lcq9/es0oCDroAahgGgj5M DgHu4X+1+UQ= =E1Lt -----END PGP SIGNATURE----- From ianf at simple.sydney.sgi.com Mon Aug 29 17:29:46 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Mon, 29 Aug 94 17:29:46 PDT Subject: Nuclear Weapons Material Message-ID: <9408301026.ZM12846@simple.sydney.sgi.com> On Aug 25, 11:43pm, Phil Karn wrote: > Just to bring this back somewhat to cryptography, an interesting topic > for speculation is the operation of the "permissive action links" > (PALs) that control these weapons. The complexity of the procedure > suggests that the precise timing of many events is crucial if a > high-yield nuclear explosion is to result. This is particularly true > for the timing of the many HE detonators, the neutron generator and > the fusion boost injector. Perhaps these parameters are stored in > encrypted form in the weapon and can be decrypted for use only with > the proper externally-provided key? Considering that a brute force key > search would consume one weapon per trial key, perhaps this technique > isn't too bad against dictionary attacks? :-) I heard a rumor (from several independent sources) which indicated that the firing sequences are essentially encrypted detonator timings that are passed through the PAL, which decrypts it but makes no value judgement about the timings themselves. If the timings are wrong, you get a messy squib explosion which will make a mess for about 100m around the detonation site, and which will totally destroy the weapon beyond any hope of recovery. Whether this true is anyone's guess, and there is a lot of quite deliberate disinformation concerning nuclear weaponary. Considering that one known fact is that the original fatboy contained 64 detonators, and that we'd be talking about timing in hundreds of microseconds, a back of the envelope calculation indicates that the amount of timing information would be ~900 bits for a similar device. If this keyspace is indeed heavily permuted, so that no intelligent judgements could be made which would reduce the searchable keyspace, this seems to be rather secure. Obvious layers of further protection (eg. adding a counter which will restrict the lifetime of a particular firing sequence) are also possible. Ian. From hart at chaos.bsu.edu Mon Aug 29 17:42:49 1994 From: hart at chaos.bsu.edu (Jim Hart) Date: Mon, 29 Aug 94 17:42:49 PDT Subject: Transport Mixes Message-ID: <199408300037.TAA07496@chaos.bsu.edu> It might be possible to transport goods in a difficult to trace fashion, by applying the concept of a digital mix to physical transport. We can't make them cryptographically hard to trace, but perhaps we can minimize the clue trail by substituting crypto for normal shipment records. Here's a courier system for shipping small packages untraceably: + put your packages in a suitcase for a flight to a major hub airport, which is also a courier mix site. Each bag contains an innocuous looking Newton with a small wireless radio. These identify themselves as mix shipments only if the proper one time key is transmitted over a spread spectrum wireless channel. You also put a message in the Newton indicating the shipment route and enclosing digital cash as postage; these are successively encrypted with each mix's public key, just as with remailers + couriers spend all day locating mix bags and taking them to a nearby hotel room, and taking bags from the hotel room when they have been delayed, mixed, and queued for the flight they are and only take a few bags each at a time + the particular hotel and room changes every day + a separate courier inside the hotel room takes the following steps: -- decrypts a message inside the Newton with his private key to reveal the next destination for the shipment -- decrypts the digital cash fee for this mix and clears it -- puts the package and Newton in a new suitcase and puts it in a queue for that new destination (a flight at some point in the future, say 10-30 hours later) + like any mix, the delay depends on the rate of traffic going through the system: we'd like to mix up at least ten or so shipments at each mix + we assume that customs checks any bag at at most n-1 out of n hubs (highly probable unless the bag contains something that looks suspicious in the x-ray). + the contents of the package should contain no clues as to source and destination, unless they are securely encrypted + each mix is a separate organization, composed of only a few mutually trusted couriers + we need protocols for destroying shipments or shipping them back to the customer, due to suspicous nature of the package (customs would catch guns, bombs, sniffable drugs, etc.) unclearable postage, or other exceptions that might occur, and informing customers and arbitrators of these actions Something of this sort might even be possible with larger shipments using large ocean ports instead of airports, standard size pallets instead of suitcases, and warehouses instead of hotel rooms. Again, I make no claim that this would be cryptographically strong; but in some cases we can use cryptographic protocols to stop info flows related to transport that are otherwise vulverable to attack, and concentrate on various techniques to minimize other vulnerabilities. The mix concept is limited to important shipments where one is willing to pay a high preium. The number of mixes will be small, because increase in transport costs quickly overwhelms the increased security of using additional mixes, because there are these other vulnearabilities that become more important. Can one travel personally, untraceably? Here is a method analogous to a mix: + instead of flying directly to one's destination, fly through two or three hubs + pay for each ticket with cash; if ID is necessary use unlinkable nom de guerres at each airport + remove suitcase tags at each airport + dress differently at each airport (just enough to foil routine memories of stewardesses, etc.) + if one is being followed use the various methods to lose them, choose three new hub airports and start over Jim Hart hart at chaos.bsu.edu From tcmay at netcom.com Mon Aug 29 17:59:02 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 29 Aug 94 17:59:02 PDT Subject: Quibbling about "Forgeability" In-Reply-To: Message-ID: <199408300025.RAA09312@netcom14.netcom.com> > > > > Digitally signed notes are not forgeable. > > Right. > > I doubt very seriously that there is anything on the planet that is > *ABSOLUTELY* unforgable. It all comes down to how much energy and > resources one is willing to sink into the project. This is, with due respect quibbling. "Unforgeable" and "unbreakable" are commonly used terms of art, which we (mostly) all know have caveats about computational power attached to them. Purists may want all such statements modified with things like "effectively unforgeable" and "effectively unbreakable." Whatever. It's always important for people to understand that cyphers may be only computationally secure (to some amount of crunch), but one need not dwell on it. Perry was answering a "yeah, but what if people forge digital cash?" type of question. His brevity was understandable. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hfinney at shell.portal.com Mon Aug 29 18:05:28 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 29 Aug 94 18:05:28 PDT Subject: Cyberspatial governments? Message-ID: <199408300105.SAA11868@jobe.shell.portal.com> I have been very impressed with the imagination and depth of Jason Solinsky's ideas, especially considering his apparent youth. However, I want to take issue (not semantically this time!) with the idea of a government in cyberspace, which IMO Jason tends to rely on too heavily. As I understand Jason's proposal, his government does not rely on force, but rather it acquires authority by people voluntarily putting themselves at the mercy of the government to a certain extent. The principal mechanism I have seen suggested is for people to put some money into escrow or a bond which they will surrender (according to agreed-upon rules) if they break the laws of the government. Now the simple objection I offer is that most people don't have enough cash lying around to effectively obligate themselves. Most people, unfortunately, spend their money rather than saving it. Even people who do have large sums of cash are, for that very reason, able to tolerate larger losses, so they will apparently have to put up very large bonds, which would have to be a strain on their liquid capital as well. And, for people who do have the money, how can they tolerate tying up a large sum of cash for such a long period of time? Does the government offer interest? How are the funds invested - safe or risky? Low returns or high? People want to diversify their investments, and I don't think they are going to be willing to put all their cash into this one lump sum bond. When people do save money, it is often with the intention of spending it later. They save money to put their kids through college, or for retirement. Sooner or later their comes a time when they have to start consuming the nest egg. Will this entail withdrawal from the benefits of the cyberspace government? To sum up, I don't think most people's lives are structured in such a way that they can credibly obligate and commit themselves to a potentially risky contract. With physical governments people might say "as long as I live on this island I agree that the government can shoot me if I kill someone," and I will be inclined to believe that they will not try to commit murder. But that promise is much less credible if all they will do is forfeit a $2,000 bond, if that's all the money they've managed to save. Hal From koontzd at lrcs.loral.com Mon Aug 29 18:25:59 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Mon, 29 Aug 94 18:25:59 PDT Subject: Nuclear Weapons Material Message-ID: <9408300124.AA16228@io.lrcs.loral.com> >I heard a rumor (from several independent sources) which indicated that the >firing sequences are essentially encrypted detonator timings that are passed >through the PAL, which decrypts it but makes no value judgement about the >timings themselves. If the timings are wrong, you get a messy squib explosion >which will make a mess for about 100m around the detonation site, and which >will totally destroy the weapon beyond any hope of recovery. One would expect that there should be something in the permissive action link that prevents a radioactive mess as well, but I have heard these rumors too. I always wondered if you could do dial a yield this way. What you are inferring is a bunch of cables of different length (delay) or the equivalent between the firing circuit and the detonators. The input delay information would specify which delayed version of the detonate signal goes down which path. I get the impression that PAL is a little more complex than that, one of the reputed goals is to prevent a weapon from being easily modified to go around safeguards. Playing with just delays can be overcome by characterizing delays in a dismantled weapon. From tcmay at netcom.com Mon Aug 29 18:31:43 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 29 Aug 94 18:31:43 PDT Subject: Transport Mixes In-Reply-To: <199408300037.TAA07496@chaos.bsu.edu> Message-ID: <199408300131.SAA26705@netcom11.netcom.com> Jim Hart wrote: > It might be possible to transport goods in a difficult to trace fashion, > by applying the concept of a digital mix to physical transport. > We can't make them cryptographically hard to trace, but perhaps we > can minimize the clue trail by substituting crypto for normal > shipment records. We last had a major thread on this at least a year and a half ago, so it's worth looking at again certainly. Before I get to Jim's scheme, bear in mind a couple of extremely important aspects of physical package shipping vs. crypto: 1. The physical packages are extremely easy to inspect by sniffing (for certain chemicals), by examination of the package exteriors (unless "repackaged" each time), by x-raying of the interiors, and by weighing and similar mass/moments of inertia characterizations. 2. Physical packages are _often_ inspected, if suspicions arise. The level of security is vastly lower than for shipping encrypted bits around. Many people who thought they could carefully wrap some hash up and ship it home found out otherwise. 3. Since people cannot practically do the "envelope within envelopes" nesting, for packages [they can, but it's trivially detectable], a major element of mixes is lost. [Practically, any of the remailers can mark packages, attach bugs, etc. A killer.] Onward to Jim's scheme: > Here's a courier system for shipping small packages untraceably: > > + put your packages in a suitcase for a flight to a major hub airport, > which is also a courier mix site. Each bag contains an innocuous > looking Newton with a small wireless radio. These identify themselves > as mix shipments only if the proper one time key is transmitted over > a spread spectrum wireless channel. You also put a message in the > Newton indicating the shipment route and enclosing digital cash > as postage; these are successively encrypted with each mix's public > key, just as with remailers > > + couriers spend all day locating mix bags and taking them to > a nearby hotel room, and taking bags from the hotel room when > they have been delayed, mixed, and queued for the flight they are > and only take a few bags each at a time > > + the particular hotel and room changes every day If the mix process it itself trusted, then the airport steps can (and hence should) be skipped. Unlike the case with software remailers, where additional steps increase the chance that at least one of them is reliable (and hence mixes the traffic properly), physical remailers have the property that each additional mix node increase the chance of compromisinging things, of attaching bugs, of marking the packages, and so forth. > + we need protocols for destroying shipments or shipping them ^^^^^^^^^^^^^^^^ > back to the customer, due to suspicous nature of the package ^^^^^^^^^^^^^^^^^^^^ > (customs would catch guns, bombs, sniffable drugs, etc.) > unclearable postage, or other exceptions that might occur, > and informing customers and arbitrators of these actions Huh? Not much of an anonymous remailer if this is possible. (Our Cypherpunks remailers can do this trace-back only when people don't encrypt, and most easily only at the first stage. Properly executed mixes don't allow such trace-backs at all.) > Can one travel personally, untraceably? Here is a method > analogous to a mix: Jim's schemes elided. This is familiar stuff to any spy thriller fan, as I am, and it was "losing a tail" that motivated me to think about my "Labyrinth" scheme in 1987, which I then described to David Chaum at Crypto '88, only to find he'd already formalized it several years earlier. Both packages and people are easy enough to tag-and-follow that they are not even in the same league as the cryptograhic security of digital mixes. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From entropy at IntNet.net Mon Aug 29 18:41:37 1994 From: entropy at IntNet.net (Jonathan Cooper) Date: Mon, 29 Aug 94 18:41:37 PDT Subject: e$ as "travellers check? In-Reply-To: <9408292346.AA13380@netmail2.microsoft.com> Message-ID: > >> Digitally signed notes are not forgeable. > > > I doubt very seriously that there is anything on the planet that is > >*ABSOLUTELY* unforgable. It all comes down to how much energy and > >resources one is willing to sink into the project. > > This comment, unless I misunderstand it, supports (rather than refutes) > Perry's rebuttal to the claim that forging digital traveller's checks > would be "extremely easy." No - it just makes the point that there is almost nothing which is "not forgeable" with a suitable expenditure of effort & resources. -jon ( THEY CAN STOP THE PARTY, BUT THEY CAN'T STOP THE FUTURE ) ( --------------------[ entropy at intnet.net ]------------- ) From claborne at microcosm.sandiegoca.NCR.COM Mon Aug 29 18:43:00 1994 From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris) Date: Mon, 29 Aug 94 18:43:00 PDT Subject: In Search of Genuine DigiCash Message-ID: <2E628D30@microcosm.SanDiegoCA.NCR.COM> > From: Eric Hughes > ---------------------------------------------------------------------------- -- > Well we agree that the selling point is economic efficiency. But "anonymity > reduces overhead" ? > > All that you save is the space required for the recording of names. > > From a naive implementor's view, yes, perhaps that is the whole > savings. But the implementor's view is not the executive's view, and > many activities which the technical community does not understand have > real economic valuations. > > Take "recording of names", for example. You're going to have to hire > (physical) people to look at other (physical) people and look at > various forms of ID. You'll have to pay these employees, and staff > costs always dominate the other costs in service industries. You'll > have to ascertain that a particular public key, for example, matches > that of the (physical) person who opened the account. > > When the gov't comes and asks for all the records for a certain name, > you'll have to produce all that you have or be criminally negligent. > I assure you, setting up an archival system for seven years of > transaction information with high reliability is not inexpensive. > > There are more savings, which others can enumerate. I didn't even get > into legal savings, for example. > > Eric > Your point is an excellent example of what doing business in the US would be like... A pain in the ass! If we had someone from the banking community that knew all of the ins and outs, we probably find that setting this up in the US breaks laws, would cost too much in all of the pay-offs to govt. officials, take too long, etc. I would suggest setting up in a off-shore e$ banking system to avoid all of this and get it off the ground quickly. Aren't the Swiss are known to have sufficient privacy? They might be open to setting something up and an existing Swiss bank would have credibility. Privacy issues, regarding transactions, could be kept private. Why do you think crooks use them? I have no direct experience with Swiss accounts and have no idea what it would take to interest the Swiss Banking community. Anything that our government would come up with would be??? a. A clusterfuck. b. Designed so that they could track the movement of money for IRS and of course, to fight crime.. c. Expensive because of all the regulations. d. Have very little value add. e. All of the above. f. None of the above. If you chose "E", you are correct. :) The ability to issue orders to a bank to move e$ from one account to another could be done quickly and securely in any bank. If the destination is not at that bank, then the bank could create a check on your behalf and reference your name, account or what ever you want ... if anything. CheckFree in the US does this now but your name or the account your are paying on is on the check and I am sure our govt. has access to all the info in their database of transactions. I could also send you a e-note that you could then send to the bank and quickly confirm that the transaction is covered. (This would be better than todays banking where a merchant can call a bank and ask them about my account but boost the amount of the transaction to find out if I'm ritch bastard or not. With a crypto-sig on an e-note, I would be guaranteed that my bank would only answer questions about the amount on my e-note. Example. I ask you to move $e}1000.00 to a reference number X20567 at my Swiss bank. When I see the transaction deposited into my account I can send you my software. This account could be a temporary holding account or my permanent account. If you use the same Swiss bank or another Swiss bank that is part of the e$ community, it could take just a second and be easy for both of us. Issues: I guess it boils down to this, we have to have someone that we can trust. The issue of currency conversion would also be a new one for me. Would my money be Swiss? If the transaction gos south, what do I do, I am no longer covered by US law and would have no proof that this transaction ever took place (remember, no one can ask the bank for records). Hmmmm Is there a way that we can make the answer to my question above = "F"? ... __o .. -\<, chris.claborne at sandiegoca.ncr.com ...(*)/(*). CI$: 76340.2422 PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA Avail on Pub Key server. From entropy at IntNet.net Mon Aug 29 18:45:10 1994 From: entropy at IntNet.net (Jonathan Cooper) Date: Mon, 29 Aug 94 18:45:10 PDT Subject: Quibbling about "Forgeability" In-Reply-To: <199408300025.RAA09312@netcom14.netcom.com> Message-ID: > This is, with due respect quibbling. "Unforgeable" and "unbreakable" > are commonly used terms of art, which we (mostly) all know have > caveats about computational power attached to them. True; I, unfortunately, missed the context of that statement and took it as a blind faith declaration rather than a reply to a question. -jon ( THEY CAN STOP THE PARTY, BUT THEY CAN'T STOP THE FUTURE ) ( --------------------[ entropy at intnet.net ]------------- ) From claborne at microcosm.sandiegoca.NCR.COM Mon Aug 29 18:54:21 1994 From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris) Date: Mon, 29 Aug 94 18:54:21 PDT Subject: Zimmermann/NSA debate postponed Message-ID: <2E6290C6@microcosm.SanDiegoCA.NCR.COM> ---------- > > Isn't it time for cypherpunks-who-write-code to respond to this obvious > > customer need? > > > > I have no mailer myself but I do have a friend who produces one and I'm > > helping him to incorporate PGP seamlessly. It's taking a long time but it > > should be worth it. > > > > Anyone else out there with their own mailer? Just an FYI, ViaCrypt makes a PGP agent for WinCIM (Windows e-mail for CI$) and are planning on others. This is the key to making PGP the defacto standard. When it gets as easy as pushing a button the use will increase in a non-linear fashion. 2 -- C -- ... __o .. -\<, chris.claborne at sandiegoca.ncr.com ...(*)/(*). CI$: 76340.2422 PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA Avail on Pub Key server. From mjr at tis.com Mon Aug 29 20:04:44 1994 From: mjr at tis.com (Marcus J Ranum) Date: Mon, 29 Aug 94 20:04:44 PDT Subject: Clipper in the news... Message-ID: <9408300302.AA19410@tis.com> Just to give you an idea how far word of our favorite technological innovation has spread, from this month's (Fall Collection) issue of Vogue magazine: "...As for Orwell's telescreen, it's been replaced by the personal computer. Networks like Prodigy have been warning users that they will censor 'objectionable' messages, and the government is threatening to install the Clipper Chip in computers, allowing it to eavesdrop on digital transmissions. How to cope?" [P. 172] ...and I thought that Karl Lagerfeld's lineup was bad enough... mjr. From sw at tiac.net Mon Aug 29 21:30:51 1994 From: sw at tiac.net (Steve Witham) Date: Mon, 29 Aug 94 21:30:51 PDT Subject: Bad govt represents bad people? Message-ID: <199408300430.AAA19452@zork.tiac.net> >sw at tiac.net (Steve Witham) writes > >> Saying that a bad government is just representing bad people gives it more >> credit than is due. John Kreznar responds- >You leave me wondering what you mean by ``bad people''. As someone near >here (Eric?) is fond of reiterating, never attribute to malice that >which can adequately be explained by ignorance or stupidity. Bad >people? Well, maybe, but it's mostly ignorant-bad, not malicious-bad. Yah. I just meant "bad" to stand for something we were discussing: people who want to benefit from your being taxed, or restrict your freedoms gratuitously. >Majority or not, the constituents strongly influence the bureaucrats. Right, the problem is more than just people in government. I was just contradicting the idea that (as Tim May says) people get the government they deserve. Certainly not all people, maybe not most "deserve" this deal. > A >good recent example familiar to readers of this list is the EFF with its >shrill and incessant campaign Yeah, I said that cleverness, etc. helped to influence but left out persistence, volume, high profile. But not representativeness. > to all of us to pressure politicians to do >this or that. Thanks to the EFF's efforts, proponents of government >surveillance can now claim the cooperation of a leading representative >of data communications users. Yup. Whoops. There's a footnote in one of Bruno Bettleheim's books-- he says professional organizations resemble the guards recruited from among the prisoners in concentration camps. They both start out wanting to defend their fellows from the tyrants, but through compromise they end up being the ones who deliver the tyranny. >> It's the structure of government that needs changing. > >The social cancer would need to be cured. It's hard to believe that >what would result would embed anything like ``government''. You're right, the problem is bigger than government. Also, I was using "government" in the sense of "whatever way protection services are arranged for" rather than "government as we know it". (But I've blabbed enough about that usage.) --Steve - - - - - - - - - - It is said a Shao Lin priest can walk through walls. Looked for, he cannot be seen. Listened for, he cannot be heard. Touched, he cannot be felt. From tcmay at netcom.com Mon Aug 29 22:57:14 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 29 Aug 94 22:57:14 PDT Subject: Bad govt represents bad people? In-Reply-To: <199408300430.AAA19452@zork.tiac.net> Message-ID: <199408300529.WAA06832@netcom5.netcom.com> Steve Witham writes: > Right, the problem is more than just people in government. > I was just contradicting the idea that (as Tim May says) people get the > government they deserve. Certainly not all people, maybe not most "deserve" > this deal. To clarify my meaning, "people deserve the government they get" is short for saying that the evil, repressive, godforsaken government than everyone complains about is mostly their own doing. Majority rule, the will of the herd, etc. I certainly wasn't saying that *all* people asked for it. This seems quite obvious to me, that the problems of America and other such countries is not that some evil government was, say, imposed by conquest from the outside, but that the voters got what "they" asked for. ("They" being most of them, more or less, but not "all" of them.) I find it useful to remind people of this point, that they get the government they deserve, as a reminder that asking for the government to "do something!" or saying "there ought to be a law!" is exactly how we got into our current mess. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From wcs at anchor.ho.att.com Tue Aug 30 00:22:09 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 30 Aug 94 00:22:09 PDT Subject: Statistics on remail message sizes Message-ID: <9408300718.AA21999@anchor.ho.att.com> > I think you are; My point was much more trivial than that; I'm just > suggesting that the 1,4,16,64 be extended to 256, 1024, 4096,... I agree with this; one of the reasons that 64K tends to be a max is that a non-trivial number of mailers choke on messages larger than that. In the future, when there's more competent mail software (:-), I wouldn't be surprised to see 1MB being common (or 1.44 MB, if that stays the popular floppy disk size for a few years...), though I suspect there's not much need for 256KB messages. One approach suggested by several other people is for fragmenting mail into packets before remailing and reassembling on delivery. Some variants on this suggest having the remailer network do it, but I suspect it's more reliable on an end-to-end basis. -- end of real contents My comment about "competent mail software" is partly prompted by having to use Microsoft Mail which can handle large attachments to messages, but chokes on displaying simple ascii messages over 64K... > L. Todd Masco | "Which part of 'shall not be infringed' didn't > cactus at bb.com | you understand?" Let's see - "shall" is future tense, right - why are there predictions of the future in a political document ? :-) ---- Bill From wcs at anchor.ho.att.com Tue Aug 30 00:40:58 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 30 Aug 94 00:40:58 PDT Subject: Transport Mixes Message-ID: <9408300739.AA22252@anchor.ho.att.com> An interesting suggestion, though I think putting the bags in bins marked "W.A.S.T.E." may do just about as well :-) Aside from Tim's observation that the Enemy can often detect hashish, bombs, etc., greatly reducing the utility of the system, it's also a system designed for couriers to take bags back to hotel rooms and steal the Newtons from them before routing them on their way. On a slightly mroe serious note, I have seen some transport remailer systems operating, though without the crypto hardware involvement. I had a project that absolutely, positively had to get computers to Colorado overnight, but our building's shipping department insisted on using their regular arrangements anyway. The local carrier in New Jersey assembled my boxes and anything else going to Denver in big crates, shipped them by and air-freight company to another local carrier in Denver, who unpacked the crates and delivered it locally. I wasn't surprised when I got there that the equipment hadn't arrived - what surprised me was that they didn't have a record that said that my package number 12345 was in crate number 67890 which had/hadn't arrived. "No, we just pack them, and when they get to Denver they'll open the crates and see what's in each one. You gotta problem wi' dat?" (Since we weren't interested in anonymity, and were interested in reliability, any future packages went FedEx so we could track them.) I once talked with a guy who did his more private mail transactions through a Mexican postal worker in Tiajuana; any mail that came to the PO box would get put in bigger envelopes and mailed to his real address, and he'd send the guy another $10 to cover the next package; when he wanted to send mail privately, he'd mail it to the PO box along with $10, and the guy would mail it to the real address. Bill From rparratt at london.micrognosis.com Tue Aug 30 02:20:36 1994 From: rparratt at london.micrognosis.com (Richard Parratt) Date: Tue, 30 Aug 94 02:20:36 PDT Subject: Arizona State Email Non-Privacy Policy Message-ID: <9408300918.AA08344@pero> NetSurfer wrote: > Surprise. It is their equipment to do with as they please and if you > don't want to follow along with their conditions of access... In the > gov't it is literally against the law and considered theft of government > resources (cpu time, equipment (pc, terminal etc.), electricity...) to use > government equipment for private purposes. > I'm sure this is the case in law, but to take an analogy, this is like banning employees from *receiving* private telephone calls. (Email has zero marginal cost to most institutions, as does a telephone connection). While I am sure there are a few employers who do ban staff from taking calls at work, I'd think of them in the "Gradgrind and Gradgrind plc" class and not expect them to keep their staff long. In fact, I know of few employers who in practice object to reasonable use of the phones to *make* personal calls. (The government is an exception, although the UK defence ministry just worked out that 25% or so of their phone bill was to private numbers, which may herald a crackdown). ------------------------------------------------------------------------------ Richard Parratt * The reason why so many people play soccer Still in London, * is so they don't have to watch it being rparratt at london.micrognosis.com * played. ------------------------------------------------------------------------------ From banisar at washofc.epic.org Tue Aug 30 03:48:04 1994 From: banisar at washofc.epic.org (Dave Banisar) Date: Tue, 30 Aug 94 03:48:04 PDT Subject: FWD>This is currently being Message-ID: <00541.2861072408.7629@washofc.epic.org> Date 8/30/94 Subject FWD>This is currently being From Dave Banisar To Crypto List >From CPSR FWD>This is currently being pos -------------------------------------- From: "Shabbir J. Safdar" Message-Id: <199408300318.AA07665 at panix2.panix.com> Subject: This is currently being posted to Usenet. To: vtw-announce at vtw.org Date: Mon, 29 Aug 1994 23:18:18 -0400 (EDT) [updated August 29, 1994 shabbir] ********************************************************************* DISTRIBUTE WIDELY ********************************************************************* Table of contents: Status of the bills Five things you can do RIGHT now to stop Digital Telephony Records of legislators supporting/opposing/wavering on DT Digital Telephony bill FAQ The VTW Press Release Sample Letter To The Editor Who are we and how can you contact us? ------------------------------------------------------------------------------- STATUS OF THE BILLS (updated 8/10/94) Aug 18, 94 HR 4922 reported back to committee (write to Rep. Jack Brooks!) Aug 11, 94 Sen. Leahy & Rep. Edwards hold a joint hearing on the bills in Wash. DC at 1pm in Rayburn 2237. Aug 10, 94 HR 4922 referred to Subcomm. on Civil and Constitutional Rights Aug 10, 94 SB 2375 referred to Subcomm. on Technology and the Law Aug 9, 94 Rep. Hyde officially cosponsors HR 4922 Aug 9, 94 HR 4922 referred to House Judiciary Committee Aug 9, 94 SB 2375 referred to Senate Judiciary Committee Aug 9, 94 Identical House and Senate bills are announced by their respective sponsors, Rep. Don Edwards (D-CA) and Sen. Patrick Leahy (D-VT) EFF states the legislation is "not necessary". VTW will be monitoring this legislation in the same way that we monitored the Cantwell bill, with the blow by blow, day to day updates that cost us significant long distance bills. :-) We're not asking for money though. Don't send us money; we don't want it and it causes us bookkeeping work. Call/write your legislator instead and relay to them the sample communiques below. ------------------------------------------------------------------------------- FIVE THINGS YOU CAN DO *RIGHT* NOW (in their order of importance) 1. Write to the House Judiciary Committee Chairman, Jack Brooks (D-TX) and ask him to oppose the Digital Telephony bill. (HR 4922) 2. Fax/mail a copy of the VTW press release to your local newspaper, tv station, call-in show (everything from NPR to Rush Limbaugh), etc. 3. Write to your legislator (especially if s/he is on the Judiciary Committee (House or Senate) and ask that they oppose the Digital Telephony bills. (SB 2375/HR 4922) 4. Forward a copy of this FAQ to three friends who don't know about it. Or, print it out and place it on a bulletin board at work, at school, hand it out, etc. 5. Write a letter to the editor of your local newspaper, opposing the Digital Telephony bill. 1. CALL/WRITE TO REP. JACK BROOKS, HOUSE JUDICIARY COMM. CHAIRMAN Sample phone Communique: Rep. Jack Brooks Phone: (202) 225-6565 Dear Mr. Brooks, The recent Digital Telephony bills (HR 4922 & SB 2375) disturb me greatly. The FBI has not yet made their case that justifies building wiretap functionality into the telephones of 250 million people to justify the privacy intrusion. Please oppose HR 4922 and SB 2375. Sincerely, _______________________ Sample fax/letter Communique: Rep. Jack Brooks 2449 RHOB Washington, DC 20515 Phone: (202) 225-6565 Fax: (202) 225-1584 The Honorable Jack Brooks, Please oppose Senator Leahy's and Representative Edwards' Digital Telephony bills (HR 4922 & SB 2375). This legislation asks us, the American public, to trade our privacy to ensure law enforcement's future ability to continue to perform wiretaps. Unfortunately, the FBI has yet to make its case to the public to prove that it is unable to administer significant numbers of wiretaps. Telecommunications technology is very new and the change of pace in it is very rapid. The Digital Telephony bills are premature and should not be considered until: -the standards bodies are appointed and include privacy rights groups (not just the Electronic Frontier Foundation) at both the technical and policy levels -the standards are defined and accepted by the three stakeholders (law enforcement, common carriers, and privacy rights groups) -an adequate oversight agency has been given the authority previously allocated to the FCC -the technology has advanced to a point where the effect of such a broad ruling on the undustry can be ascertained. Please oppose HR 4922 & SB 2375. Sincerely, _______________________ If you want to help make legislators responsible for their actions, report this information back to vtw at vtw.org. We'll add their position to our database. 2. Take the press release attached and fax/mail/email it to local tv stations, radio stations, callin shows, newspapers, etc. Drop a note to vtw at vtw.org, where we'll track the coverage. 3. Forward this file to your friends and coworkers. Use it when you phone call-in shows; educate everyone you know. This is literally a "net" effort. Few people outside of the Internet know about this legislation; they would be horrified to discover its existence. Help educate them. 4. Call/write your legislator and ask them to oppose the Digital Telephony bill. Use the sample communiques above. To find your own legislator, contact the League of Women Voters in your area. 5. Write a letter to your local newspaper's editorial page about the Digital Telephony bill. We have attached a sample editorial page letter that you might base your letter upon. Feel free to use significant license. ------------------------------------------------------------------------------- LIST OF LEGISLATORS SUPPORTING/OPPOSING/WAVERING ON DIGITAL TELEPHONY -REPRESENTATIVES All addresses are Washington, D.C. 20515 Dist ST Name, Address, and Party Phone Fax ==== == ======================== ============== ============== 16 CA Edwards, Donald (D) 1-202-225-3072 1-202-225-9460 2307 RHOB House sponsor of the 1994 Digital Telephony bill 6 IL Hyde, Henry J. (R) 1-202-225-4561 1-202-226-1240 2110 RHOB Cosponsor of the 1994 Digital Telephony bill -SENATORS P ST Name and Address Phone Fax = == ======================== ============== ============== D VT Leahy, Patrick J. 1-202-224-4242 na 433 RSOB Washington, D.C. 20510 Senate sponsor of the 1994 Digital Telephony bill ------------------------------------------------------------------------------- DIGITAL TELEPHONY BILL FAQ What are the (DT) Digital Telephony bills and where did they come from? The DT bills were initially introduced by the Bush administration presumably at the request of the FBI. The initial proposals were very unpopular and met with great opposition, preventing them from moving through Congress. The current incarnations of the legislation (SB 2375 & HR 4922) have several features, but basically require the same thing: common carriers must be able to provide law enforcement officers with court orders access to personal communications. (eg, if the FBI presents a court order for a wiretap on your phone calls to NYNEX, NYNEX should be able to provide the FBI with the ability to intercept your communications under the terms of the court order.) To do this will require changes in the telephone equipment we use today. Since this will obviously cost money, the bill appropriates $500 million in Federal money to these carriers to compensate them for the changes. Does this include bulletin boards and Internet sites like Netcom, America OnLine? No, the legislation specifically identifies common carriers. Information Services, such as these above, are not common carriers. How will this affect me? Imagine there's a giant socket on the side of the phone company's equipment that says "FOR FBI USE ONLY" in giant red letters. Imagine if the fine for not implementing that socket was $10,000 per day for the phone company. How many communications carriers do you think will make any noise about the privacy of their customers' communications? Now imagine that you were asked to pay the bill for this. The proposed budget for implementing this functionality is $500 million dollars for 1995-1998. Just how many wiretaps per year are there? In 1992 there were less than 1,000 wiretaps performed. It is important to note that the legislation is targeted towards wiretaps that the government says they cannot implement. Since there is thus far no published evidence of unimplementable wiretaps, turning the nation's phone system into a giant eavesdropping device to prevent a problem which has not yet been documented or become widespread, sacrifies too much privacy for too little gain. Is there ever a legitimate need for law enforcement to conduct wiretaps? Yes, according to the 1992 Government Accounting Office's "Report on Applications for Orders Authorizing or Approving the Interception of Wire, Oral, or Electronic Communications (Wiretap Report)", there were 919 wiretaps authorized in 1992 (there were no requests denied). There were 607 individuals convicted as a result of these wiretaps. Although this is not an excessive amount, it is not ignorable either. However 607 convictions is infinitesmally small when one considers the number of people convicted yearly in the US. Furthermore, the report does not specify if any wiretaps were unimplementable because of advancing technology. The FBI maintains that advancing technology will prevent this, though this has not yet been documented. VTW feels that until the the FBI makes their case to the public, this bill should not be considered as legislation. Why should I be worried about this bill? THE BILL IS VAGUE REGARDING STANDARDS SETTING The bill requires industry standards groups to be formed to work with law enforcement to create technical standards for this functionality. There are a number of problems with this. First is that these standards bodies may not have even been appointed yet, giving incredible power to a presently unnamed group that will be responsible for appointing those bodies. Secondly, these standards bodies do not currently include any public input. There is a delicate balance involved in wiretapping vs. a citizen's privacy. The standards bodies that are proposed do not have any provisions for public input. Public-interest and/or privacy groups should be included at every level (including the technical level) in order to ensure that this balance is found. Without such input, the standards are likely to sacrifice privacy while giving more functionality than is needed by law enforcement to do its job. THE STANDARDS SHOULD BE ACCEPTED BEFORE THE LEGISLATION IS PROPOSED The DT legislation is vague regarding the standards for wiretapping functionality. Many of the questions and problems we have with this legislation stem from the vagueness of the details regarding the standards. The standards body should be appointed (with representatives from law enforcement, industry, and the public at both the technical and high level) and the standards accepted before the legislation is proposed. THE BILL PUTS GREAT POWER INTO STANDARDS AND COMMITTEES THAT DO NOT EXIST YET By empowering standards bodies that do not exist, and mandating standards that do not yet exist, great power is given to those individuals who can appoint the members of the standards bodies. Furthermore, no process is mandated for the appointment of the members of these standards bodies. THE BILL DOES NOT APPOINT AN ADEQUATE OVERSIGHT AUTHORITY In many situations the (FCC) Federal Communications Commission is appointed to be the final arbiter if industry standard bodies cannot agree on technical standards. The FCC currently serves the interest of industry in regulating the communication carriers. Because the Commission serves the interest of both groups, there is a conflict of interest. A different ageny should be appointed and given the FCC's oversight authority. TELECOMMUNICATIONS TECHNOLOGY IS NOT MATURE Telecommunications is a very new technology. Within the last twenty years, we have seen amazing advances in the technology. Ordering the implementation of such a broad privacy- sensitive function will have far-reaching effects on the future of the technology. This legislation should wait until the technology is more stable. ------------------------------------------------------------------------------- PRESS RELEASE [Please fax this to your local newspaper] Voter's Telecommunications Watch invites fellow citizens to join its media awareness campaign by emailing or faxing this press release to one of two media institutions. East of the Mississippi: Burlington Times email: _________ fax: ___________ West of the Mississippi: San Jose Mercury-News email: _________ fax: ___________ VTW is also experimenting with a fax/email chain letter. The document "An Open Letter on Digital Telephony" is currently circulating the Internet. VTW has also prepared an FAQ for Digital Telephony. Point your gopher to panix.com (port 70) and check under the VTW main menu entry, or use the URL: FOR IMMEDIATE RELEASE NEW YORK, NY -- 08/22/94 -- Contrary to popular belief, not all online civil libertarians support the Government's attempts to ensure the FBI can wiretap every citizen. Voter's Telecommunications Watch (VTW), a New York-based online activism group, working in conjunction with the Electronic Privacy Information Center (EPIC) and other privacy advocates, is working to energize and focus the grassroots opposition to the recently introduced Leahy-Edwards Digital Telephony Bill (H.R. 4922, S. 2375). The Digital Telephony Bill would require telecommunications service providers to design all their equipment to allow FBI agents and other government officials to wiretap any telephone conversation -- only if there is a court order permitting it, of course, the FBI promises. Adding this feature to the telecommunications system is costly -- so costly that the bill appropriates $500 million taxpayer dollars to reimburse phone companies for their "reasonable" expenses. "It's objectionable for the FBI to try to make us pay for invading our own privacy," says Alexis Rosen, co-founder of Public Access Networks Corporation, a regional public Internet provider. According to FBI Director Louis Freeh, there were 183 wiretaps in 1993 that would have been facilitated by the digital telephony mandates. "Should we really spend half a billion dollars for a couple of hundred wiretaps that compromise the privacy of two hundred million Americans?" asks Simona Nass, President of the Society for Electronic Access, a New York-based organization devoted to issues of civil liberties and public access. VTW is spearheading a drive to defeat the bill. Using the Internet to keep millions of electronically-connected citizens informed, VTW workers have put together summaries and analyses of the legislation and are tracking the bill's movements through the byzantine halls of Congress. Using this informations, citizens can inundate their representatives at optimum moments. VTW is tracking each influential legislators' position on the Digital Telephony initiative, and periodically publishes a scorecard summary of their positions, party, districts and contact information. To access VTW's anti-Digital Telephony effort, join the VTW electronic mailing list by sending Internet e-mail to vtw-list-request at panix.com. Information is also available via Internet Gopher in the VTW area of gopher.panix.com (port 70). For further information, contact Steven Cherry at 718-596-2851. PRESS CONTACT: Steven Cherry (718) 596-2851(voice mail) stc at acm.org (electronic mail) ------------------------------------------------------------------------------- SAMPLE LETTER TO THE EDITOR [Note, this is Steven Cherry's "Open Letter" on Digital Telephony. Please do not submit it to the New York Times. -Shabbir] An Open Letter Regarding Digital Telephony Digital Telephony, embodied in bills entered into Congress by Sen. Leahy (S.B. 2375) and Rep. Edwards (HR. 4922), would require that telecommunications carriers alter their equipment so as to allow wiretaps and similar surveillance to be performed at the companies' offices, or the offices of law enforcement. In a word, to make telecommunications equipment, "wiretap friendly"; to make a wiretap order executable "at the press of a button." With the help of some civil liberties activists, the bill admirably distinguishes between common carriers and information services. Only the former are subject to its provisions. But the distinction, while clear in the abstract, is hard to make in practice. The mom-and-pop neighborhood bulletin board service or Internet provider is excluded, but even if it is providing store-and-forward message-passing for an individual or other small provider? Indeed, the very definition of common carrier in the proposed legislation is problematic, as the definition relies on that used in the Communications Act of 1934, when just now that Act is being overhauled finally, after sixty years. The bill's authors have sensibly and cleverly left out of the legislation all the details of implementation. It is impossible to object to the bill on the grounds of being unworkable. It is also difficult to object on grounds of the risks to individual privacy, insofar as the risks are largely unquantifiable by virtue of being largely unknown. The very clever lack of any practical detail, however, leads the prudent citizen to question the public expenditure of $500,000,000 -- the figure is likely far too high, or far too low. Indeed, all we know is it is unlikely to be correct, and we therefore object to it as being unrealistic to the needs of the enterprise. In point of fact, one other thing is known about this figure -- it is but a fraction of the total expenditures resulting from the mandates of the bill. The balance will be borne by the common carriers, who, in turn, will either have to raise rates, reduce services, or restrict investment and expansion of their business at the very moment in the history of telecommunications that calls for them to do just the opposite. Indeed, the very forces of technological change that caused law enforcement to request this bill demand that it be defeated. We would like to return to the issue of increased risks for a moment. While unquantifiable, they are equally undeniable. The more facile the system, the more it will be overused and error-ridden. We must of course balance risk with reward. Who would refuse an extra paycheck for fear of getting a papercut? We must ask, what are the rewards of digital telephony? The FBI Director has variously stated the number of cases where a wiretapping was subverted by a digital switch or signal, offering contradictory figures from a low of 80 to a high of 183. The Director has not said all of them, or even any of them, were cases where a conviction was not obtained, or where a conviction could have been obtained with the wiretap, or could only have been attained with a wiretap. Of course, only these last possible instances really lend any justification to digital telephony. It is quite clear that digital technology offers more challenges to law enforcement than digital switches and signals. The object of a wiretap can easily use unbreakable encryption to protect the privacy of his or her communications. While the transmission of a message would be intercepted, the content would still evade the eyes and ears of law enforcement. Indeed, any, or all, of these 80 or 183 cases could have been subsequently frustrated by encryption even had digital telephony solved the initial digital barrier. Let us state the potential rewards as generously as possible -- or even more generously than possible. There were approximately 1000 wiretaps in 1993. Let us imagine, contrary to actual fact, all of these to be subverted by digital technology. Let us imagine the number to double in coming years. (Any or all of which could remain private through encryption.) 2000 cases. Weighed against these are the 200 million Americans whose security and privacy are compromised by digital telephony. Well, what if the number of wiretaps doubles again, and again and again? Don't 20,000 or 30,000 wiretaps, hypothetically, justify? Perhaps. But what kind of society needs so many police listening in on the private lives of so many people? At what point do we regret the lack of a public policy debate on mass wiretapping of the American citizenry? We do not live in a police state nor will we. And so we are back to supposing a massive technological effort at great expense to achieve a modest wiretapping program of small, perhaps almost nonexistent, benefit. To sum up, it is as if the entire city of population 25,000, were to have its telephone system restructured, its citizen's phone privacy compromised, all to make effective a wiretap on a single alleged drug peddler or gangster, which wiretap may or may not help in convicting the offender, if indeed he or she is guilty. All at a cost of $62,500 to the taxpayers, and more to the local telephone companies and their ratepayers. For all these reasons, the unclarity, the expense, the risks to privacy, and the lack of substantive benefits, separately and together, we oppose this bill. Steven Cherry stc at acm.org ------------------------------------------------------------------------------- CONTACT INFORMATION The Voters Telecomm Watch is a volunteer organization dedicated to monitoring federal legislation that affects telecommunications and civil liberties. We are based primarily out of New York, though we have volunteers throughout the US. Voters Telecomm Watch keeps scorecards on legislators' positions on legislation that affects telecommunications and civil liberties. If you have updates to a legislator's positions, from either: -public testimony, -reply letters from the legislator, -stated positions from their office, please contact vtw at vtw.org so they can be added to this list. Voice mail: (718) 596-2851 General questions: vtw at vtw.org Mailing List Requests: vtw-list-request at vtw.org Press Contact: stc at vtw.org Gopher URL: gopher://gopher.panix.com:70/11/vtw WWW URL: We're working on it. :-) ------------------------------------------------------------------------------- From jpb at gate.net Tue Aug 30 04:08:35 1994 From: jpb at gate.net (Joseph Block) Date: Tue, 30 Aug 94 04:08:35 PDT Subject: Sendmail & POP for PCs & Macs w/TCP? In-Reply-To: <199408290433.AAA27992@zork.tiac.net> Message-ID: <199408301108.HAA28175@inca.gate.net> There is at least one SMTP/POP3 server available for the Macintosh. It is called MailShare. jpb at gate.net From perry at imsi.com Tue Aug 30 05:26:49 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 30 Aug 94 05:26:49 PDT Subject: e$ as "travellers check? In-Reply-To: Message-ID: <9408301226.AA12779@snark.imsi.com> Jonathan Cooper says: > > > traveller's checks are an extremely easy way to defraud > > > any bank that issues them, what will happen to this > > > difficulty factor if they are anonymous ? > > > > Digitally signed notes are not forgeable. > > Right. > > I doubt very seriously that there is anything on the planet that is > *ABSOLUTELY* unforgable. It all comes down to how much energy and > resources one is willing to sink into the project. Sure, but if the resources are higher than the return there is no economic incentive to do it. The trick is to keep the costs high enough. In the case of some public key problems, it is also possible to make the cost of forgery impossibly high, in which case the attacker is forced to try to physically steal the key or play similar games. The question is not whether fraud will be attempted -- it will be attempted. The question is whether we can lower it from a substantial fraction of the cost of doing business to noise. If one's insurance premiums against fraud drop to levels comparable to one's expenditures on coffee filters for one's staff, then you know that you are in the right ballpark. Perry From pstemari at bismark.cbis.com Tue Aug 30 05:56:31 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Tue, 30 Aug 94 05:56:31 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408300124.AA16228@io.lrcs.loral.com> Message-ID: <9408301256.AA03173@focis.sda.cbis.COM> > I get the impression that PAL is a little more complex than that, one > of the reputed goals is to prevent a weapon from being easily modified > to go around safeguards. Playing with just delays can be overcome > by characterizing delays in a dismantled weapon. What I had heard was the the delays were implemented by varying the chemical composition of the explosive lenses around the plutonium core to modify their detonation rate. This prevents replacing the electronics to circumvent the security. From perry at imsi.com Tue Aug 30 06:00:50 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 30 Aug 94 06:00:50 PDT Subject: e$ as "travellers check? In-Reply-To: Message-ID: <9408301300.AA12819@snark.imsi.com> Jonathan Cooper says: > No - it just makes the point that there is almost nothing which is > "not forgeable" with a suitable expenditure of effort & resources. That depends on definitions. For instance, if I say "without stealing a copy of our one-time pad, or using coercion on one or the other of us, it would be impossible to forge a message between myself and my correspondant who shares a one-time pad with me, given that we properly use the one-time pad only once", I'm being reasonably correct -- no amount of expenditure of resources will do better for you than a random guess. It isn't true that "anything can be done given enough effort". Some things cannot be done period, and some things cannot be done given that we live in a finite universe. Myself, I worry about the physical security of my keys a lot more than about someone factoring them in most instances. Perry From jya at pipeline.com Tue Aug 30 06:32:54 1994 From: jya at pipeline.com (John Young) Date: Tue, 30 Aug 94 06:32:54 PDT Subject: Civil crypto anarchy Message-ID: <199408301331.JAA03215@pipe1.pipeline.com> Responding to msg by nobody at ds1.wu-wien.ac.at () on Sun, 28 Aug 2:32 AM >So basically the protocols are interesting in an >academic way, and we could sit here and discuss the >possibilities, but then I suppose a discussion about >atomic bombs will likely be of greater impact on our >future than crypto anarchy will. Out of your several thoughful comments this one strikes some sparks. Terror of nuclear weapons is universal. Nothing about crypto anarchy is terrifying (yet). A link between the two is not fanciful because of the challenge to those who hold secrets posed by crypto anarchy. One singularity of the nuclear arsenal was that few people actually know its capability. Its secrecy is a part of the threat. The same is true of the more general national security apparatus, most of whose power derives from privileged knowledge of weapon-systems capabilities. By extension of state power, under the rubric of national security, to other areas of government, often under the guise of intelligence and law enforcement needs, we have a society where a small number of economic, scientific, political, military and law enforcement persons hold privileged secrets and a very large citizenry who does not. Because of suspected abuse of privilege, these keepers of secrets are no longer trusted. Electoral politics, once thought to offer means to throw the scoundrels out, now feeds this suspicion, rather than relieving it, because little of entrenched power structures are changed by the voting process. The public process merely cosmetizes the means for exploiting the the secret privileges of the few. The crypto and related technological and civil issues discussed on this list might be viewed as exploring how to redirect the science and technology, heretofore used sustain a national security-driven economy, toward creating the apparatus for a more just and benefical civil society, one less fraught with military, police and economic insecurity and fear of the tools of privileged secrecy. Mastering cryptography and devising ways to put it to remunerative use are honorable and constructive alternatives to enduring unresponsive government. If successful they will set examples, and provide tools, for others to diminish state dependency. However, there is still the task of proving that crypto anarchy is not itself a play for power by those who write and master its cryptographic code. But better to test that in the public arena rather remain hidden and protected by state secrecy. Fierce opposition should be expected, not least by demonizing crypto anarchy. It will probably begin within the crypto anarchy enterprise under the guise of skeptical criticism and provocative baiting. It is worth recalling that classical black anarchy, the secret, lethal version as distinguished from open black flag type, is used by despots to justify their ruthless measures. Black anarchists, as agents of despots, mingle with avowed flag-wavers to spy and provoke acts that lead to repressive crackdowns. Black anarchists never announce themselves as such but may freely admit to being "anarchistic" as a wild-eyed subterfuge. Inept provocations sometimes reveal them but the most able are never detected. John From pcw at access.digex.net Tue Aug 30 07:20:30 1994 From: pcw at access.digex.net (Peter Wayner) Date: Tue, 30 Aug 94 07:20:30 PDT Subject: Clipper in the news... Message-ID: <199408301420.AA14089@access3.digex.net> > Just to give you an idea how far word of our favorite >technological innovation has spread, from this month's (Fall Collection) >issue of Vogue magazine: > > "...As for Orwell's telescreen, it's been replaced by the >personal computer. Networks like Prodigy have been warning users that >they will censor 'objectionable' messages, and the government is >threatening to install the Clipper Chip in computers, allowing it to >eavesdrop on digital transmissions. How to cope?" [P. 172] > > ...and I thought that Karl Lagerfeld's lineup was bad enough... > >mjr. I can see the advertisement for Cosmopolitan magazine... "I was talking to very buff beach volley ball player on my Clipper phone. (He's just a friend, really!) We talked about the strength of the Malibu sun, what to do when sand gets in your sun block and whether California roll sushi was really invented there. Then I tossed in some Navy blue words that will make those NSA spooks blush coral red. I'm just a flirt... but I guess you could say, I'm that COSMOPOLITAN girl." From jdd at aiki.demon.co.uk Tue Aug 30 08:16:06 1994 From: jdd at aiki.demon.co.uk (Jim Dixon) Date: Tue, 30 Aug 94 08:16:06 PDT Subject: DSPs Message-ID: <88@aiki.demon.co.uk> In message <199408292302.QAA02577 at comsec.com> Eric Blossom writes: > > The Motorola DSP96002 does an integer multiply in 2 or 3 clocks, so a > > 33 MHz device does 11 million multiplies (and moves) a second. The > > chip costs about $50. > > The 96002 is a floating point part. Last time I checked it cost > several hundred dollars. I suspect that you were refering to the > 56001/2 family (which does cost something like $50). I checked the 56001 data book, but it does 24 bit integer multiplies, not 32, so I didn't quote them. The figures I gave are for a 32-bit integer multiply, right out of the 96002 data book. I haven't checked 96002 prices for a couple of years. When I last checked it was something like 200 pounds ($300) in small quantities. It has now been outclassed by the C40 and several other very good DSP chips and time has passed, so I think that in production quantities the price would at least be under the $100 mark. -- Jim Dixon From hughes at ah.com Tue Aug 30 08:28:17 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 30 Aug 94 08:28:17 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <2E628D30@microcosm.SanDiegoCA.NCR.COM> Message-ID: <9408301507.AA01626@ah.com> Anything that our government would come up with would be??? c. Expensive because of all the regulations. I was reading American Banker yesterday, and found an absolutely amazing figure, which did not strike me that moment, so I don't remember details. I'm remembering this a bit dimly. ~"The cost of compliance in a typical USA bank is 14% of operating costs."~ Compliance refers to all the things the regulators make a bank do. Some the bank might do anyway, e.g. for a hypothetical private deposit insurance provider, but part of it is only for the benefit of the regulators. Now 14% is huge in terms of relative competitive disadvantage. In a tight market, even a 3% price difference in a commodity service is enough to capture a market. It's these kinds of effects combined with international competition which will cause banking deregulation in the USA. Eric From perry at imsi.com Tue Aug 30 08:38:37 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 30 Aug 94 08:38:37 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <9408301507.AA01626@ah.com> Message-ID: <9408301538.AA13252@snark.imsi.com> Eric Hughes says: > Now 14% is huge in terms of relative competitive disadvantage. In a > tight market, even a 3% price difference in a commodity service is > enough to capture a market. It's these kinds of effects combined with > international competition which will cause banking deregulation in the > USA. A simple thing like fixing the laws so that interstate branching is no longer subject to antideluvian regulation has taken many years and still isn't quite passed. Removing the obsolete Glass-Stegal (sp? I'm tired today) wall between commercial and investment banking, which is widely understood even by regulationists as bad law and has been talked about for years and years, is going very slowly. My guess is that the country will experience some sort of major upheaval before the banking system is deregulated. Perry From solman at MIT.EDU Tue Aug 30 08:39:44 1994 From: solman at MIT.EDU (Jason W Solinsky) Date: Tue, 30 Aug 94 08:39:44 PDT Subject: Cyberspatial governments? In-Reply-To: <199408300105.SAA11868@jobe.shell.portal.com> Message-ID: <9408301539.AA19053@ua.MIT.EDU> Hal speaks thusly: > As I understand Jason's proposal, his government does not rely on force, > but rather it acquires authority by people voluntarily putting themselves > at the mercy of the government to a certain extent. The principal > mechanism I have seen suggested is for people to put some money into > escrow or a bond which they will surrender (according to agreed-upon > rules) if they break the laws of the government. This is my simplest suggestion. I use it most frequently in situations requiring a level of trust which does not exist. But it is difficult to imagine the existance of a _powerful_ cyberspatial government that does not base its power on the non-linearity of the value of information (i.e. the fact that the act of communication tends to leave its participants with a more valuable set of resources afterwards than they had before the communication.) In my most recent use of the idea, I once again suggested it as a substitute for trust when cryptography will not suffice. You were writting about the problems of anonymous entities and suggested that you would have difficulty dealing with such entities because there is no way for you to know when a company you are dealing with undergoes a substantial change. But look at the physical realm. What is it that makes companies disclose changes in their upper management? Why do they announce major deals publicly? Why do they discuss strategy in their quaterly filings? They might well be motivated to disclose positive things without SEC regulations, but negative events show up because a government is forcing them to make those disclosures. I forget which financial magazine I read it in, but I recently saw an article discussing precisely the same problem with reguard to mutual funds. It seems that the federal requirements on disclosures of major changes in mutual fund management are sufficiently infrequent that on a number of occasions they have not been announced for months. Of course, the article recommended more regulation :-(. But the question is: How does an entity (any entity, not just cyberspatial entities and not just anonymous entities) convince the people it deals with that they will be notified immediatelly if any significant changes occur? Its an issue of trust. I don't see how it is possible to guarantee such a trust unless the entity put itself in hock to the extent that the people it deals with would be hurt if it broke that trust. > Now the simple objection I offer is that most people don't have enough > cash lying around to effectively obligate themselves. Most people, > unfortunately, spend their money rather than saving it. Even people who > do have large sums of cash are, for that very reason, able to tolerate > larger losses, so they will apparently have to put up very large bonds, > which would have to be a strain on their liquid capital as well. In just about 100% of these situations, I would expect an insurance company to be involved. So while the cybergovernments and escrow agents or whatever we call them will set a flat price, the insurance agent then has the ability to enter into a more personal relationship with the entity being insured (note there is absolutely no reason why the insurance agent needs to be a third party [in fact there are many good reasons why this might not be ideal] but the abstraction is a useful one.) These agents could lower their deposits in exchange for controls over parts of the decision making process. More importantly they could insure one entity for multiple potential violations (thousands in fact) and thus lower the deposit that way. Finally one would expect the least valueable certifications offered by cybergovernments [my use of the word implies the existence of some cybercitizenry to which access is made substantially cheaper by possesing the cybergovernment's certification] to be subsidized by the citizens of those governments. This last point should allow any honest business to achieve higher levels of certification by establishing a reputation. Will there be some entities which find themselves in a situation in which it makes economic sense to break the rules? Sure, we have plenty of them today. The cybercitizens and insured entities pick up the cost. And each time such a loss occurs, information becomes available that allows us to better match the constraints placed on receiving certification and the variety of certifications to the economic value derived. I would also expect proliferation af a trend we are seeing in the physical realm insurance business today... particularly in the employer indemnification business. The insurance companies combine their insurance with consulting on how to avoid the risks being insured for in the first place. This has the advantage of making the consulting part of the business receive compensation matched to the value it derives. It also allows companies to displace the uncertainty traditionally associated with government decisions. Normally it takes a significant amount of time before businesses can be sure what the government means by a new law. The close relationship between insurance company/consultant and customer allows the customer to price the governmental risk of all possible decisions, and immediately make the best decision and enter into a contract with the insurance company that hedges all risk. (The insurance company presumably has a sufficiently large protfolio to allow it to absorb the risk). > And, for people who do have the money, how can they tolerate tying up a > large sum of cash for such a long period of time? Does the government > offer interest? How are the funds invested - safe or risky? Low > returns or high? People want to diversify their investments, and I > don't think they are going to be willing to put all their cash into > this one lump sum bond. What I have suggested previously, and what I still think is the best idea, is to structure the deposit such that it can be spent by agreement of both parties (if the government imposes a fine and the fined entity agrees or if the entity decides to give up its certification and the government says it is payed up) or (in the case of a dispute) by the decision of an arbitrator (selected by a method determined at the time of the deposit). Under this method the deposit is in cash and it doesn't go anywhere. BUT, the type of cash can be any that both parties agree to. Since most cyberspatial currencies will be invested in some way, the deposit will increase in value [on average]. > When people do save money, it is often with the intention of spending > it later. They save money to put their kids through college, or for > retirement. Sooner or later their comes a time when they have to start > consuming the nest egg. Will this entail withdrawal from the benefits > of the cyberspace government? If you have been following the rules for a long time, the insurance company will allow you to decrease your deposit. Most car insurance companies do the same thing. It is possible the the government will interact with the insurance company in ways that allow the insurance company to also lower its (larger) deposit. > To sum up, I don't think most people's lives are structured in such a way > that they can credibly obligate and commit themselves to a potentially > risky contract. With physical governments people might say "as long as I > live on this island I agree that the government can shoot me if I kill > someone," and I will be inclined to believe that they will not try to > commit murder. But that promise is much less credible if all they will > do is forfeit a $2,000 bond, if that's all the money they've managed to > save. All that is important is that the value that is to be lost match the value that is to be gained by commiting the crime. It is my belief that most people will be able to offer non-monetary assurances to insurance companies that allow them to dramatically reduce their deposit. Cheers, Jason W. Solinsky From p.v.mcmahon.rea0803 at oasis.icl.co.uk Tue Aug 30 09:17:27 1994 From: p.v.mcmahon.rea0803 at oasis.icl.co.uk (p.v.mcmahon.rea0803 at oasis.icl.co.uk) Date: Tue, 30 Aug 94 09:17:27 PDT Subject: Betsi Message-ID: <9408292150.AA23309@getafix.oasis.icl.co.uk> FYI - PGP-based experimental service for verification of software integrity from Bellcore. I haven't seen this announcement turn up on the usual Usenet groups (yet), and thought that it may be of interest to people here. [Apologies in advance if it's a superfluous forwarding ...] - pvm Date: Mon, 29 Aug 1994 13:27:19 -0400 From: farber at central.cis.upenn.edu (David Farber) Subject: Bellcore's Trusted Software Integrity (Betsi) System A N N O U N C I N G ! ! ! ! ! Bellcore's Trusted Software Integrity (Betsi) System. Betsi addresses a security concern of software distribution in the Internet. Currently, there is no way to know that software obtained by anonymous ftp has not been modified since it was posted. Also, malicious software can be posted without the offender leaving a trace. Betsi is an experimental prototype that is meant to provide some degree of assurance about the integrity of software and the identity of its author. The current version of Betsi is an experiment. The long-term goals are: - help software vendors distribute programs and patches - provide accountability by linking the author of a program to a real person whose identity is verified off-line - allow users to run software obtained on the Internet with less danger of viruses and Trojan horses - use cryptographically strong techniques to preserve file integrity - scale well in the Internet community - minimize effort on the part of the users - use existing infrastructure and standards Betsi is a free, experimental service. It requires use of PGP to verify signatures from Betsi. Betsi's public key is widely available. It can be obtained from numerous public key servers by requesting the key for certify or Betsi. It also appears in a paper that was submitted for publication, in the help file (described in a moment) and at the end of this message. For additional information on Betsi send mail to certify at bellcore.com with subject, help. A copy of the paper describing Betsi can be obtained by anonymous ftp from thumper.bellcore.com in the directory /pub/certify. A copy of the public key for Betsi can also be found there. It is recommended that the key be obtained from at least two different places and compared. Betsi's public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi5I0LwAAAEEAJZi970w+Lb7onAmrnExWKrgUFbjJku29qVRlBY6/UtUH+fW s7MtAEUKIhktJ0cDpE+5Tbi6Lev2RXmXhT1hEjwxSwVFOMJmOuMZxlj+586IKigC vVjF+hCFKQWRXsleM/axVbpH+pNUmWcK6QMdBDFlzS/9pxdAiBPcEwSgd4ahAAUR tBxCZXRzaSA8Y2VydGlmeUBiZWxsY29yZS5jb20+iQB1AgUQLkjREpti/eSkC5bZ AQFzNwL8CVk6J8jhHukKKjrkdZX5VZMwuvgs7+ZIVR8fY+vpEBs6EbWAQpmm4ekV C4D6UOYCRxARpQN09M1aE9qSz6XKkYQjs9Ul/xRLtazDAuYOAkRxO3mnrFa2u6Tc +qXcZame =68fV -----END PGP PUBLIC KEY BLOCK----- Fingerprint: 5F 34 26 5F 2A 48 6B 07 90 C9 98 C5 32 C3 44 0C From jdwilson at gold.chem.hawaii.edu Tue Aug 30 10:11:35 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Tue, 30 Aug 94 10:11:35 PDT Subject: Arizona State Email Non-Privacy Policy In-Reply-To: <9408300918.AA08344@pero> Message-ID: > I'm sure this is the case in law, but to take an analogy, > this is like banning employees from *receiving* private telephone > calls. (Email has zero marginal cost to most institutions, as Within the US Gov't it is not uncommon to be told that you are not to receive personal phone calls on government time/government equipment. Not every office etc. enforces it, but it _is_ their equipment and you are working on _their_ time. Seems kinda harsh, but is legal and within their rights. Naturally emergencies are an exception. -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From lstanton at sten.lehman.com Tue Aug 30 10:12:28 1994 From: lstanton at sten.lehman.com (Linn Stanton) Date: Tue, 30 Aug 94 10:12:28 PDT Subject: In Search of Genuine DigiCash In-Reply-To: <9408301507.AA01626@ah.com> Message-ID: <9408301713.AA08110@sten.lehman.com> hughes at ah.com (Eric Hughes) writes: > ~"The cost of compliance in a typical USA bank is 14% of operating > costs."~ ... > Now 14% is huge in terms of relative competitive disadvantage. In a > tight market, even a 3% price difference in a commodity service is > enough to capture a market. It's these kinds of effects combined with > international competition which will cause banking deregulation in the > USA. Not necessarily. The real figure we need is not the US cost of compliance, but the difference between US costs and costs in other major banking markets. From jamesd at netcom.com Tue Aug 30 10:25:36 1994 From: jamesd at netcom.com (James A. Donald) Date: Tue, 30 Aug 94 10:25:36 PDT Subject: Nuclear Weapons Material In-Reply-To: <9408301256.AA03173@focis.sda.cbis.COM> Message-ID: <199408301723.KAA00736@netcom8.netcom.com> Paul J. Ste. Marie writes > What I had heard was the the delays were implemented by varying the > chemical composition of the explosive lenses around the plutonium > core to modify their detonation rate. This prevents replacing the > electronics to circumvent the security. This must be deliberate misinformation. It is relatively easy to make two explosive lenses that are exactly alike. It is extremely difficult to make two explosive lenses that differ by a precisely known and constant amount. The security in a nuclear weapon could certainly be defeated by physically ripping out any encryption electronics and replacing them with electronics with known and simple behavior. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From sandfort at crl.com Tue Aug 30 10:47:47 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 30 Aug 94 10:47:47 PDT Subject: OFFSHORE DIGITAL BANKS Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Chris Claborne wrote: I guess it boils down to this, we have to have someone that we can trust. The issue of currency conversion would also be a new one for me. Would my money be Swiss? If the transaction gos south, what do I do, I am no longer covered by US law and would have no proof that this transaction ever took place (remember, no one can ask the bank for records). Hmmmm Your money in a Swiss based bank would be Swiss if that's what you wanted. Almost certainly, you would have additional options for your "unit of accounting." Though US law might not help you, it is not true to say that "no one can ask the bank for records." You can. The proof that a transaction (such as a deposit) took place, is the digitally signed receipt you get from the bank. It is VERY good proof. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From pstemari at bismark.cbis.com Tue Aug 30 10:53:13 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Tue, 30 Aug 94 10:53:13 PDT Subject: Nuclear Weapons Material In-Reply-To: <199408301723.KAA00736@netcom8.netcom.com> Message-ID: <9408301749.AA04640@focis.sda.cbis.COM> > This must be deliberate misinformation. It is relatively easy to > make two explosive lenses that are exactly alike. It is extremely > difficult to make two explosive lenses that differ by a precisely > known and constant amount. No one said it was easy. > The security in a nuclear weapon could certainly be defeated by > physically ripping out any encryption electronics and replacing > them with electronics with known and simple behavior. That was the entire point. Having explosive lenses that aren't all the same defeats attacks on the electronics. From frissell at panix.com Tue Aug 30 12:07:20 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 30 Aug 94 12:07:20 PDT Subject: Cyberspatial governments? Message-ID: <199408301906.AA22809@panix.com> At 11:39 AM 8/30/94 EDT, Jason W Solinsky wrote: >You were >writing about the problems of anonymous entities and suggested that >you would have difficulty dealing with such entities because there is >no way for you to know when a company you are dealing with undergoes a >substantial change. But look at the physical realm. What is it that makes >companies disclose changes in their upper management? Why do they announce >major deals publicly? Why do they discuss strategy in their quarterly >filings? They might well be motivated to disclose positive things without >SEC regulations, but negative events show up because a government is forcing them to make those disclosures. An advanced telecommunications environment offers a number of ways to protect yourself against the problems involved in dealing with anonymous entities in a situation in which there is no monopoly Government. (Might I suggest that we adopt the typographic convention of using an upper case 'G' to spell Government when we are speaking of The Great Enemy and a lower case 'g' to refer to things like self government or corporate government or engine government.) When one's PBX finds that one's call is not going through via a particular long distance carrier, it automatically switches to another one. It is easy to imagine one's intelligent agents testing various sorts of transaction completions and switching vendors when one fails. Professional checkers can supply information on vendor status for a fee. After all, we don't care if a company we are dealing with changes if its service is unaffected. Eric Hughes is working on another approach, an Open Books protocol which will let companies post anonymous but checkable sets of accounts which can be accessed by anyone on the nets, can't be easily spoofed but give no private info to anyone else. Sort of Zero Knowledge Proof Bookkeeping. (Could we call this triple-entry bookkeeping?) It is important to note in any case that the use of third-party escrow as a substitute for Government regulation was a feature of the Northern European semi-anarchies of Iceland and Ireland that have informed modern libertarian thought. I doubt that my old Poli Sci prof Don Balmer would consider an escrow company to be the equivalent of the Government of the United States. DCF "Though he may be poor He will never be a slave" From trollins at debbie.telos.com Tue Aug 30 12:37:15 1994 From: trollins at debbie.telos.com (Tom Rollins) Date: Tue, 30 Aug 94 12:37:15 PDT Subject: Knuth Volume 2 Page 379 Message-ID: <9408301936.AA12752@debbie.telos.com> Hello, I have a little question about some math algorithms. People have talked in alt.security.pgp about the Miller Test and the Miller-Rabin Test. I am getting ready to improve PGP's testing of potential prime numbers and have been looking for a good algorithm. After reading some in Knuth Volume 2, I have come across Algorithm P on page 379. Is this algorithm in fact the Miller-Rabin Test ??? Thanks, Tom Rollins From tcmay at netcom.com Tue Aug 30 13:09:19 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 30 Aug 94 13:09:19 PDT Subject: OFFSHORE DIGITAL BANKS In-Reply-To: Message-ID: <199408301912.MAA24822@netcom11.netcom.com> Sandy Sandfort writes: > Your money in a Swiss based bank would be Swiss if that's what > you wanted. Almost certainly, you would have additional options > for your "unit of accounting." > > Though US law might not help you, it is not true to say that "no > one can ask the bank for records." You can. The proof that a > transaction (such as a deposit) took place, is the digitally > signed receipt you get from the bank. It is VERY good proof. My reading of the situation (Mooney's "Capital Protection" or somesuch--book not handy to me as I write) is that the Swiss-based banks will disclose records under several circumstances, and may be required to under Swiss law. These circumstances included evidence the account involves fraud, embezzlement, theft, etc. As I understand things at this instant, the Swiss don't recognize "tax evasion" in another country as an adequate reason to break bank-customer secrecy, but discussions are underway with the "enforcers" from the U.S., and many analysts predict that Switzerland will capitulate on this point as well. I gather that the Swiss bankers are not to happy with this extension of the "New World Order" into their vaults, as other countries which have not yet been "persuaded" to play ball with the U.S. are taking more of the accounts which otherwise would've gone into Switzerland. (Austria, Liechtenstein, etc., plus places like Isle of Man, Caymans, etc.) The link with crypto is an important one: with the loss of the U.S.S.R. as a superpower, the world is "unipolar" in terms of real superpower force. The U.S. can throw its weight around, encouraging compliance with U.S. polices in most areas. Everything from abortion policy to banking secrecy laws to key escrow. (I'm not saying the U.S. threatens force against, say, Luxembourg or Italy, just that the pressures to go along with the U.S. New World Order are strong. The latest scare tactic is the proliferation of nukes, which I suspect will be the instigator of a global N.E.S.T. commando group. (The Nuclear Emergency Search Team, currently based in Las Vegas, has C-5 cargo planes ready to fly teams of searchers, commandoes, etc., to any place in the U.S. where a nuclear bomb is suspected of being.)) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From pstemari at bismark.cbis.com Tue Aug 30 13:12:43 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Tue, 30 Aug 94 13:12:43 PDT Subject: CFB description in Schneier Message-ID: <9408302012.AA05838@focis.sda.cbis.COM> In the illustration on pg 161 of Schneier's Applied Cryptography (figure 8.5), the regeneration of bytes to XOR with the cyphertext stream is shown as using decryption. Doesn't this require ENcryption in order to produce the same sequence of XOR bytes that was used in encypherment? --Paul From sandfort at crl.com Tue Aug 30 13:32:08 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 30 Aug 94 13:32:08 PDT Subject: HEMISPHERE EMERGENCY ACTION TEAM Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, No, I didn't forget about Acapulco H.E.A.T. This week's episode was, "Code Name: Stranded." In this installment some of the Team boat off to an "uninhabited" Mexican island for a picnic and R&R. Of course, they forget to anchor the boat so they get stranded. To make matters worse, their is a loony Viet Nam vet (is there any other kind?) on the island who still things he's in 'Nam. Well, it goes pretty much as you would expect: gunfire, snake attack, poisonous spider attack, exploding hut and bikinis. There is *only* one crypto tie-in (and it's a stretch). They communicated an SOS to the remaining Team members by juryrigging an old field radio without a microphone, so that they could send Morse code. No Fabio, plenty of exposed Alison Armitage. FOR THE RECORD The cast listed above the main title: Catherine Oxenberg (Ringo Starr's wife Brandan Kelly Alison Armitage (yeah!) Spencer Rochfort Holly Floria Michael Worth The cast listed below the main title: Randy Vasquez Graham Heywood John Vernon Fabio (boo!) The executive producers are Max Keller, Jacques Konchier and Micheline Keller. The H.E.A.T. Team hotel location is provided by the Westin Regina Resort in Puerto Vallarta. The program is co-produced by M-6 and Les Films du Triangle with the participation of the Centre National de la Cinematographie. International Financing is by European Communications Inc. C'punks, I'm sure these last two items are where the motion picture business privacy, "regulatory arbitrage" and tax avoidance angles come in. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From klbarrus at owlnet.rice.edu Tue Aug 30 13:38:06 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Tue, 30 Aug 94 13:38:06 PDT Subject: Knuth Volume 2 Page 379 In-Reply-To: <9408301936.AA12752@debbie.telos.com> Message-ID: <9408302037.AA13755@elf.owlnet.rice.edu> Tom Rollins wrote: >I am getting ready to improve PGP's testing of potential >prime numbers and have been looking for a good algorithm. Heh, I thought this same thing a few months ago. As it turns out, Miller-Rabin and a modified Lucas test has already been coded up for the next release of PGP. >After reading some in Knuth Volume 2, I have come across >Algorithm P on page 379. Is this algorithm in fact the >Miller-Rabin Test ??? I don't have a copy of this handy, or I'd tell you. Basically, Miller-Rabin is similar Fermat except you continue testing and divide by two. The quick, dirty, and ugly explanation ;) -- Karl L. Barrus: klbarrus at owlnet.rice.edu 2.3: 5AD633; D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5 E8 97 64 7E 20 95 60 D9 "One man's mnemonic is another man's cryptography" - K. Cooper From adam at bwh.harvard.edu Tue Aug 30 14:31:48 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 30 Aug 94 14:31:48 PDT Subject: Cyberspatial governments? In-Reply-To: <199408301906.AA22809@panix.com> Message-ID: <199408302123.RAA22479@walker.bwh.harvard.edu> Duncan writes: | (Might I suggest that we adopt the typographic convention of using an upper | case 'G' to spell Government when we are speaking of The Great Enemy and a | lower case 'g' to refer to things like self government or corporate | government or engine government.) As Eric likes to point out, the Government is not a huge, monolithic enemy. It is a multitude of huge enemies. If you think of it as a single entity, you will often miss the subtelties in its actions. If you don't understand why your enemy is doing what they are doing, you will have trouble opposing it. If you talk about the actions of specific agencies, such as the FCC, DEA, NSA, etc, you will see that much of their motivation comes from bureaucratic turf wars. Seeing 'Government' as your great enemy is a damaging misnomer. I'm not arguing *for* government here, I'm simply pointing out that seeing government as a monolith is like seeing any large entity as a monolith. Its really made up of small parts that interact in strange & unpredicatble ways. Adam From Rachel_P._Kovner at gorgias.ilt.columbia.edu Tue Aug 30 15:21:33 1994 From: Rachel_P._Kovner at gorgias.ilt.columbia.edu (Rachel_P._Kovner at gorgias.ilt.columbia.edu) Date: Tue, 30 Aug 94 15:21:33 PDT Subject: Bad govt represents bad people? Message-ID: <1994Aug30.130706.1176995@gorgias.ilt.tc.columbia.edu> >>... the problem is more than just people in government. >>I was just contradicting the idea that (as Tim May says) people get the >>government they deserve. Certainly not all people, maybe not most "deserve" >>this deal. It was once said that (and I quote -very- loosely) "The price of liberty is eternal vigilance", therefore, 'bad government' is probably not a result of some kind of evil or malicious people, but just people who do not guard their rights. Obviously, there will be people in a society who will do their best to protect their rights, but I speak of "people" as a society as a whole, and therefore, if the isolated persons who stand up for their rights are unable to make an impression on society at large, they will also be subject to this 'bad government'. Government will continually encroach upon its citizens' rights if the people do not stand up for their liberties - therefore, if the citizens do not protect their liberties, the liberties will be lost, and the people will be responsible for this loss of liberty. ---------------------------------------------- Delivered by the NLTL Internet Gateway From wcs at anchor.ho.att.com Tue Aug 30 15:56:51 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 30 Aug 94 15:56:51 PDT Subject: OFFSHORE DIGITAL BANKS Message-ID: <9408302255.AA05770@anchor.ho.att.com> Tim writes: > My reading of the situation (Mooney's "Capital Protection" or > somesuch--book not handy to me as I write) is that the Swiss-based > banks will disclose records under several circumstances, and may be > required to under Swiss law. These circumstances included evidence the > account involves fraud, embezzlement, theft, etc. In particular, they take bank robbery real seriously. The original Swiss bank privacy laws made it illegal for banks to disclose information about their customers except for investigation of things that were crimes in Switzerland; the Swiss view tax evasion not as a crime, but as a civil issue between a citizen and a government, and view things like currency export and gold possession as no problem at all. The original foreign-government-defined "crime" that prompted this was "being Jewish" - the Nazi government pressured Swiss banks to turn over information about German accountholders with Jewish-sounding names (who might be trying to escape), and had the threat that they could require all German accountholders to withdraw their money from banks that didn't collaborate. I'm not sure if the laws were enacted during this period or after the war. > As I understand things at this instant, the Swiss don't recognize "tax > evasion" in another country as an adequate reason to break > bank-customer secrecy, but discussions are underway with the > "enforcers" from the U.S., and many analysts predict that Switzerland > will capitulate on this point as well. They've apparently been pressured to collaborate with Yankee investigations into politically-incorrect substance trafficking. Bill From perry at imsi.com Tue Aug 30 16:21:21 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 30 Aug 94 16:21:21 PDT Subject: Bad govt represents bad people? In-Reply-To: <1994Aug30.130706.1176995@gorgias.ilt.tc.columbia.edu> Message-ID: <9408302312.AA14325@snark.imsi.com> Rachel_P._Kovner at gorgias.ilt.columbia.edu says: > It was once said that (and I quote -very- loosely) "The price of liberty is > eternal vigilance", therefore, 'bad government' is probably not a result of > some kind of evil or malicious people, but just people who do not guard > their rights. Actually, as public choice economic theory has shown, bad government tends to be the inevitable result of the evolutionary pressures on government and government officials. This is not to say that some government programs are not occassionally well run or that some government officials are not legitimately "trying their best", but that the pressure on the whole system is to go towards maximum corruption, just as the evolutionary pressure on organisms is to only follow survival-prone strategies. As just one simple example, take subsidies. If you have a chance of getting a $1,000,000 subisidy for your company, you can afford, economically speaking, to spend up to $999,999 on lobbying to get it and still have a profit on your hands. If, on the other hand, you are Joe Taxpayer in a nation of 250,000,000 people, you are losing only $.004 because of the subsidy -- it is not even economically worth your while to spend a single stamp on trying to stop the subsidy. For this and a myriad of similar causes, the evolutionary pressure on governments is always towards evolution in an unsound direction. This is not because anyone involved is evil but for the same sorts of reasons that only organisms with healthy drives to reproduce are found on the planet. Perry From koontzd at lrcs.loral.com Tue Aug 30 16:35:07 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Tue, 30 Aug 94 16:35:07 PDT Subject: Bad govt represents bad people? Message-ID: <9408302334.AA16831@io.lrcs.loral.com> >Government will continually encroach upon its citizens' rights if the >people do not stand up for their liberties - therefore, if the citizens do >not protect their liberties, the liberties will be lost, and the people >will be responsible for this loss of liberty. Since when is the victim responsible for the crime? From claborne at microcosm.sandiegoca.NCR.COM Tue Aug 30 17:04:25 1994 From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris) Date: Tue, 30 Aug 94 17:04:25 PDT Subject: OFFSHORE DIGITAL BANKS Message-ID: <2E6381C9@microcosm.SanDiegoCA.NCR.COM> > From: Sandy Sandfort > Subject: OFFSHORE DIGITAL BANKS [SANDY SANDFORT wrote] > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > > C'punks, > > Chris Claborne wrote: > > I guess it boils down to this, we have to have someone > that we can trust. The issue of currency conversion > would also be a new one for me. Would my money be > Swiss? If the transaction gos south, what do I do, I am > no longer covered by US law and would have no proof that > this transaction ever took place (remember, no one can > ask the bank for records). Hmmmm > > Your money in a Swiss based bank would be Swiss if that's what > you wanted. Almost certainly, you would have additional options > for your "unit of accounting." > > Though US law might not help you, it is not true to say that "no > one can ask the bank for records." You can. The proof that a > transaction (such as a deposit) took place, is the digitally > signed receipt you get from the bank. It is VERY good proof. > If I my e-note instructed the bank to deposit some funds into a numbered account of my supplier, then I have no proof that that transaction was actually going to supplier X. Remember, one of the requirements by cypherpunks is to mask (if desired) where money is going. Even if I used the supplier's name on the e-note instructions, how could I prove that the name on the note and said supplier are the same? The only thing I could have PROOF of is that I spent N ammount of money. ... __o .. -\<, chris.claborne at sandiegoca.ncr.com ...(*)/(*). CI$: 76340.2422 PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA Avail on Pub Key server. From perry at imsi.com Tue Aug 30 17:25:54 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 30 Aug 94 17:25:54 PDT Subject: OFFSHORE DIGITAL BANKS In-Reply-To: <2E6381C9@microcosm.SanDiegoCA.NCR.COM> Message-ID: <9408310025.AA14411@snark.imsi.com> "Claborne, Chris" says: > If I my e-note instructed the bank to deposit some funds into a numbered > account of my supplier, then I have no proof that that transaction was > actually going to supplier X. You have proof that you sent funds to the stated account. Presumably, if you are sufficiently interested, you would have a contract with your vendor, signed by them, stating that they wanted to be paid that way. If for some reason that was not possible or insufficient, you could use a mutually selected agent and an excrow account of some sort. Perry From adam at bwh.harvard.edu Tue Aug 30 18:42:20 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 30 Aug 94 18:42:20 PDT Subject: Bad govt represents bad people? In-Reply-To: <9408302312.AA14325@snark.imsi.com> Message-ID: <199408310103.VAA26817@bwh.harvard.edu> Much of the interesting development of these ideas was done by Mancur Olsen, in several good books, and was addressed again recently by Jonathan Rochkind entitled Demosclorosis. Both authors are worth checking out. Adam Perry wrote: | Actually, as public choice economic theory has shown, bad government | tends to be the inevitable result of the evolutionary pressures on | government and government officials. This is not to say that some | government programs are not occassionally well run or that some | government officials are not legitimately "trying their best", but | that the pressure on the whole system is to go towards maximum | corruption, just as the evolutionary pressure on organisms is to only | follow survival-prone strategies. From blancw at pylon.com Tue Aug 30 21:49:02 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Tue, 30 Aug 94 21:49:02 PDT Subject: Alt.Gvmt.Bad.Bad.Bad Message-ID: <199408310449.VAA01301@deepthought.pylon.com> >From Rachel_P._Kovner: >It was once said that (and I quote -very- loosely) "The >price of liberty is eternal vigilance", therefore, >'bad government' is probably not a result of some kind >of evil or malicious people, but just people who do not >guard their rights. It could also be said, somewhat loosely, that criminal theft is just the result of people who do not protect their property. For them it's as easy as falling off a log: the big G will just keep getting worse and taking over more (Somebody Stop Me!). >From :Perry E. Metzger: >Actually, as public choice economic theory has shown, >bad government tends to be the inevitable result of >the evolutionary pressures on government and >government officials. The 'evolutionary' pressure on Government tends to go in the direction away from keeping accurate accounts, including keeping an eye on the consequences of policies & procedures. They would rather not note what the real source of new goods and wealth is, and they would rather not keep track of the success/failure of their legislative constructs. All this pressure towards backsliding on the evolutionary scale means that the big G will accept being as dependent on others, as some would like to be upon them. At the very least, they're not very admirable for making the rest of the population work so hard to prevent them from taking everybody down with them. Blanc From hughes at ah.com Tue Aug 30 22:36:21 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 30 Aug 94 22:36:21 PDT Subject: Cyberspatial governments? In-Reply-To: <199408302123.RAA22479@walker.bwh.harvard.edu> Message-ID: <9408310515.AA02777@ah.com> As Eric likes to point out, the Government is not a huge, monolithic enemy. It is a multitude of huge enemies. This was my best joke during my crypto presentation at HOPE a couple of weeks ago. I was describing threat models for remailer networks. 1. Recipient -- any indirection works 2. Sysadmins, and then I added, "or anyone else with root access". That got a big laugh. 3. Operators of the remailer nodes 4. Gov't -- law enforcement 5. Gov't -- national security It was during my explanation on why the FBI doesn't really get access to National Technical Means, e.g. NSA SIGINT, that I got the BIG laugh. Eric From hughes at ah.com Tue Aug 30 22:37:16 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 30 Aug 94 22:37:16 PDT Subject: CFB description in Schneier In-Reply-To: <9408302012.AA05838@focis.sda.cbis.COM> Message-ID: <9408310516.AA02791@ah.com> The first text paragraph on p.161 has the correct description. The picture seems to be in error. Eric From sw at tiac.net Tue Aug 30 23:39:03 1994 From: sw at tiac.net (Steve Witham) Date: Tue, 30 Aug 94 23:39:03 PDT Subject: Bad govt represents bad people? Message-ID: <199408310638.CAA14167@zork.tiac.net> Tim says: >To clarify my meaning, "people deserve the government they get" is >short for saying that the evil, repressive, godforsaken government >than everyone complains about is mostly their own doing. Majority >rule, the will of the herd, etc. > >I certainly wasn't saying that *all* people asked for it. Right, and I was saying maybe not even majority rule or will of the herd, but a system with a dynamic of its own. People get the government they don't know how to stop. I don't know what to expect of everyday people when even the brightest anarchists haven't found a working solution. --Steve - - - - - - - - - - It is said a Shao Lin priest can walk through walls. Looked for, he cannot be seen. Listened for, he cannot be heard. Touched, he cannot be felt. From sw at tiac.net Tue Aug 30 23:39:20 1994 From: sw at tiac.net (Steve Witham) Date: Tue, 30 Aug 94 23:39:20 PDT Subject: Fun with local TCP/IP & FTP Message-ID: <199408310638.CAA14177@zork.tiac.net> I just tried firing up the FTP server in NCSA Telnet, and then accessing it via Fetch (an FTP client), all on my home Mac. Various error messages when I quit one or the other app, but IT WORKS when MacTCP is set to LocalTalk, or set to PPP *and* I'm dialed into my "provider." However, doing it with PPP running, no packets seem to go across the modem. Yo babes lookit me truckin' now. I'm told MacTCP doesn't use the standard Berkeley sockets calls. Is this true? Is there a library to translate? --Steve - - - - - - - - - - It is said a Shao Lin priest can walk through walls. Looked for, he cannot be seen. Listened for, he cannot be heard. Touched, he cannot be felt. From tcmay at netcom.com Wed Aug 31 00:24:54 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 31 Aug 94 00:24:54 PDT Subject: Problems with anonymous escrow 2--response Message-ID: <199408310724.AAA20245@netcom7.netcom.com> This will be a much shorter than my reply of yesterday, to Part 1 of Hal's comments. >Besides the question of trustworthiness, another problem I see with >anonymous escrow agents applies more generally to any form of >anonymous business. Anonymity makes sense to me for the individual. >Each person manages his own affairs and he can keep secret or reveal >what he wants. But at the business level it is going to be much >harder to keep the same level of secrecy. It is hard for me to see >how a business larger than two or three people can really expect to >operate with the kind of anonymity we are talking about here. I see most businesses as very small. Or at least I see a large number of very small businesses. Like today, with consultants, one-person companies, small software firms, etc. Large corporations had their day, as described in "The Nature of the Firm," but the reasons are declining. The difficulties in keeping secrets, the need to insulate entities from lawsuits, and the various laws requiring employer-paid benefits, are all causing large monolithic organizations to downsize. (Not in all cases, of course.) How far this will go is unknown of course. But I grant you that most of my comments apply to individuals dealing with other individuals. Over the Net, this seems plausible. (Even for larger companies, they can designate someone to be their liaison, and not know his identity mapping...just an idea.) >These escrow agents will need significant assets to be useful, and I don't buy this. Escrow agents who are anonymous need no assets at all...what good would assets do if they can't be traced? More generally, reputation capital is what they need, not physical assets. >probably staffs of at least dozens or hundreds of actuaries and other >professionals who will judge the safety and appropriateness of the >various deals the agency is offered. How can you expect to keep the Underworld figures who make snap judgements on drug deals, on fencing goods, etc., don't need or don't use "hundreds of actuaries." Computers will of course make things even easier. I see the model as being more similar to Asian and Middle Eastern traders, where complicated arbitrage decisions are made every day by very small groups (individuals or families). Besides, the AEAs are not doing risk underwriting in a central way...they are agreeing to hold parts of a transaction and then make a fair decision on whether the terms and conditions were met. If research is needed, they can farm it out (untraceably, of course). >location and true identities of the business principals secret? It is >said that no more than three people can keep a secret; can we really >expect a staff of hundreds not to reveal that they actually work for >the mysterious XYZ escrow agency, accessible only through Blacknet? >Even with the Mafia, everyone knows who works there (judging from the >newspapers). Can we really expect more secrecy for these anonymous >businesses? But few people know the details of actual Mafia deals, and these are in the "real world." Deals over remailer nets are vastly less observable. > >I think that it is really impossible for a business of any significant >size to be anonymous in the same way that an individual can. The idea >of an escrow agency that retains its anonymity seems impractical to >me. > >Hal Not to me. Time will tell. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Wed Aug 31 00:24:55 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 31 Aug 94 00:24:55 PDT Subject: Problems with anonymous escrow 3--response Message-ID: <199408310724.AAA20251@netcom7.netcom.com> The third of my responses to Hal. Also included at the end is a discussion of a "crypto simulation environment," as it comes up in the context of Hal's comments about game theory and the need to simulate iterated prisoner's dilemma types of problems in a crypto context. >Another argument sometimes advanced in favor of trustworthy escrow >agents is the "iterated prisoner's dilemma". This refers to Axelrod's >simulations of computer program agents which repeatedly interacted in >a simple "prisoner's dilemma" game which captures much of the essence >of the trust relationship (see his book "The Evolution of Cooperation"). I agree that evolutionary game theory has rich implications for real world cryptography, especially as it involves trading, interactions, cooperation, etc. >again). It has been argued that interacting pseudonymous entities >satisfy the basic requirements for Axelrod's analysis because their >pseudonyms have continuity over time, and people can use past history >as a basis for future predictions (as in the escrow agency example). > >There are some significant differences, though, between Axelrod's >scenario and the anonymous agents we are talking about. One is the >issue of pseudonym continuity. Although it is true that pseudonyms >can have continuity, they are not forced to, unlike in Axelrod's >experiments. One of the main reasons why cheating is a bad idea in I think they are. Agents in an IPD (Iterated Prisoner's Dilemma) game can change their strategy...that is itself a strategy (e.g., "cooperate for the first 10 rounds, then nuke opponent"). Is this a change of strategy or a change in the agent? Maybe this is a semantic misunderstanding, but I don't see how "Pr0duct Cypher" or "Thoth" is not an Axelrodian agent? >Axelrod's runs is that the cheating is punished in future >interactions (generally, by being cheated on in return). But of >course in real life situations, cheaters don't hang around to receive >their punishment. Implicit in the escrow cheating scenario above was >that the agent vanishes. He isn't forced to stay in business to be >cheated repeatedly by customers until they get even. He is able to >opt out of the system. Axelrod's programs don't have that option. Because Axelrod and his contributors [well-described, by the way, in Hofstadter's "Metamagical Themas" book] barely scratched the surface of how real ecologies, real economies work. Reputations do matter, as shown by another classic game theory result, the "game of chicken." An escrow agent that defects faces some repercussions (who trusts whom in such disputes is another issue, possibly handled by selective disclosure, a la Chaum, by reputation rating services, etc.). > >Worse, a pseudonymous cheater has other options which allow him to >continue to benefit from interactions with others while cheating. He >can use multiple identities to, in effect, wipe the slate clean when >he has cheated. This plays havoc with the crucial assumption in Not in a "positive reputation" system. In a negative reputation system, it is true that an agent can alway flee and "start over" ("a fresh start'). But in a positive rep. system, each reputation only fairly slowly builds up a rep. [There are scams, such as the "brilliant penny" scam, to use collusive reputation setups to "inflate" a rep...nobody claimed it would be easy.] ... >know that they are reaching the end of their interaction period. In >particular, on the last interaction, it is hard to avoid cheating >since one knows that the other player will have no opportunity to >apply punishment. But then, if it is a foregone conclusion that the >last round will result in cheating, then it is hard to justify not >cheating on the next-to-last round, since the results of the last >round are foreordained and hence don't really provide feedback for >what is done this time. This leads to a disastrous regress in which >one finds that the stable cooperative solution collapses into a string >of cheating interactions. It's best that it never be known how many rounds there are to be. Sort of like not saying whether one is a source or sink of remailed messages...leave them guessing. (Or more mundanely, keeping the number of characters in a password a secret...the opponent doesn't have any "terminal" states or nodes.) I don't claim to know what the results are, this experiment not having been done that I know of, but looking around me I see people who interact with other people and who generally act as though "the game" will go on without limit. While they certainly don't act purely in a tit-for-tat way, they also interact as if their reputation for truthfulness, intelligence, etc. matters to them. (This is true even for most of the pseudonyms we have here, who give evidence of wanting whatever postivive reputations that have accrued to them to continue. Financial matters are not necessarily the same, granted.) >Although in real life it will not frequently happen that both parties >know that a particular interaction is the last, it may be that one >party will know. If a business has suffered reversals and is doing >poorly, it may know that time is running out. In that case it will be This is a good point, and needs more analysis. It may be that using a set of escrow agents will lessen the risk that any one of them is about exit, stage left. But bear also in mind that many escrow functions can be set up so as to have almost no benefits to the escrow agent if he defects and attempts to welch on the deal (kind of a "zero incentive" system). (This is how IOU systems often work.) ... >Based on these comments, it would be interesting to consider a >variation of Axelrod's game, one modelled more on what we feel are the >properties of a system of interacting pseudonyms. We might include >the possiblity for competing programs to "quit" by retiring old >pseudonyms and to create new ones. We might also simulate bankruptcy >by having a rule that if the cumulative score of an agent ever became >negative, it was out of the game. It would be interesting to see >whether these changed rules again promoted the development of "nice" >strategies or whether they tipped the balance in favor of cheating. > >This might actually be a doable project for an interested programmer. >It would be interesting to see whether others agree that it could shed >light on the problem. Here I agree most strongly with Hal. I have described my interest in this area to several Cypherpunks and their friends, including Nick Szabo, Eric Hughes, and Ted Kaehler (one of the developers of Smalltalk). The "protocol ecologies" idea I talked about here a month or so ago is related to this. To wit, building ecologies of interacting "cryptoids" which can scheme, game, apply various crypto protocols, etc. (I don't mean any high-falutin artificial intelligence, just a "testbed" for exploring agents that implement crypto methods as, well, as _methods_.) Toward this eventual end, if I can pull it off, I'm evaluating "SmalltalkAgents," a programming environment for the Mac (soon for Windows/Chicago, then Unix, etc.) which supports several interesting features, including run-time dynamic typing, multiple threads, agent-oriented methods (similar to Dylan, and maybe to the elusive Telescript), and a persistent object store (so that the evolved agents "remember" what they've learned and don't start from scratch each time). For you Perl and C fans, why Smalltalk? First, because I get to pick whatever environment I want. Second, because I enjoyed Lisp programming at Intel (and a bit since, in Scheme) more than C programming. Third, while I think the C++ class libraries are a powerful tool, I'm not interested in using them right now. Fourth, the advent of 50-100 MIPS processors for not much money places more premium on powerful prgramming environments and not on runtime efficiency. Fifth, SmalltalkAgents can do external calls of C, or whatever, code, so the the programming environment of Smalltalk can be coupled with specific C code fragments. Sixth, the focus on CORBA, OpenDoc, OLE, and other object protocols. (I wrote down some of my thoughts on tools for crypto, beyond subroutine libraries, a few months ago. "Crypto compilers," "intermediate design languages" (IDLs for crypto anyone?), provably correct synthesis, etc.) I think Hal is right that ecologies of interacting agents implementing various crypto protocols (spending digital money, trying to collude with others, etc.) is a ripe area for study. We learned a lot two years ago with the "Crypto Anarchy Game" we played with paper and pencil, but we quickly realized that humans are poor at remembering and enforcing complicated, multi-stage, multi-party protocols, and that someday these would have to be programmed into "crypto simulation" tools. When, if ever, will I have results on this? I don't know. Do I want to spend the next several years of my life on this? (As surely it's a thesis-complexity job, or a several man-year job for a small group of programmers...) I haven't decided. I haven't decided even if it's the most important--and interesting, since I'm working for myself, as most of us are--thing to work on. Enough writing for now. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From ruf at osiris.cs.uow.edu.au Wed Aug 31 00:37:17 1994 From: ruf at osiris.cs.uow.edu.au (Justin Lister) Date: Wed, 31 Aug 94 00:37:17 PDT Subject: Remote Sensing ?? Message-ID: <199408310736.AA05166@osiris.cs.uow.edu.au> Well this is probably isn't directly related, but what the heck we have seen plenty of non-related threads before. I was wondering if anyone here has any knowledge on remote sensing, in particular who, currently (ie. alive) is the leading researcher in the field. By remote sensing, I am refering to satelite/aircraft sensoring/analysis. I could probably justify it by asking if anyone has any knowledge of three letter agencies abilities, hmmm so what if you have 1024bit key, they are scanning for keystroke signals. B) -- +---------------------+--------------------------------------------------+ | ____ ___ | Justin Lister ruf at cs.uow.edu.au | | | \\ /\ __\ | Center for Computer Security Research | | | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-214-330 | | | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329 | | |_/ \/ \_/ |_| (tm) | Computer Security a utopian dream... | | | LiNuX - the only justification for using iNTeL | +---------------------+--------------------------------------------------+ From rishab at dxm.ernet.in Wed Aug 31 01:23:08 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 31 Aug 94 01:23:08 PDT Subject: Cypherpunk trademarks Message-ID: Tim May wrote: > "Digidollar" was one of the many names coined by folks on this list, > along with Cypherbucks, Digimarks, etc. I doubt whether DigiCash (tm DigiCash bv?) was actually thought of by Chaum - the name probably floated around first. Time for all bright cypherpunks to run to the PTO? After all, if you thought of it, trademark it... ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Wed Aug 31 01:23:22 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 31 Aug 94 01:23:22 PDT Subject: Taxation and participatory democracy Message-ID: Tim May: > In any case, something is a "market price" if one can walk away from > the transaction. I know of almost nothing the U.S. government calls a > "tax" that taxpayers are free to walk away from, to not pay (and thus > not receive the service). > > If Jason is arguing that goods and services will be bought and paid > for in cyberspace, who could disagree with this? They're just not > taxes. Of course taxes were originally meant to be payment for services (at least in democracies - even US taxes are not quite the same as the half-your-crop exploits of kings and modern despots). Taxes were to be compulsory where the services were, to - it's difficult to say that you don't need the police, or the roads, when you live in a community where you do benefit from them in any case. The same is true for basic amenities (sewage, water...) in countries that have a government monopoly on such things. With the ever-increasing complexity of governments, the taxes you pay have been far removed from the use they are finally put to, and a tax-payer's involvement in the decision of their use is remote (or non-existent, in the case of secret defense or intelligence budgets). There have been occasional suggestions that the use of taxes should be specified at the time of payment, rather as one can do with donations to many charities. Most economists think such hypothecated taxes impractical. So does The Economist - in "Taxing credulity" (August 20-26) it says that, while compelling, such taxes are unworkable in practise and result in increased public spending. Basically the problem is that changes in allocation of monies cannot be made fast enough, the reason why we have _representative_ democracy rather than _participatory_ democracy with universal involvement. I saw a good article some years ago in Telecomputing (?) magazine on how electronic networking could change things. As I outlined in some posts last week, the _necessity_ of government (as we experience it today, against highly distributed Internet-style administration) is doubtful. Taxation is but a pinhole in the colander of its flaws. However, the alternative comes from a cyberspace just 0.5% of the world's population. Change is hardly likely to come soon. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Wed Aug 31 01:23:48 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 31 Aug 94 01:23:48 PDT Subject: Walk away from your troubles Message-ID: solman at MIT.EDU (Jason W Solinsky): > True enough. Most of our rules have been bundled together. Either you accept > all of them or you walk away. So Tim, if you don't like the FBI monitoring > all of your communications and requiring you to give them copies of all > your secret keys, why don't you just leave? [or are you planing to do that?] And when all countries follow the lead of The World's Only Superpower in this great New World Order, what then? "Stop the Earth, I wanna get of!" ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Wed Aug 31 01:29:05 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 31 Aug 94 01:29:05 PDT Subject: Digicash and loose change Message-ID: rah at shipwright.com: > I'll try to to come at this from another tack. Cryptography gives > anonymity. Anononymity reduces the overhead. The reduced overhead should > make digital cash more economically efficient than on-line systems like > NetBank, or credit-cards or much of anything else, at the moment. The If someone did an operation count of Brands' digicash protocol, I wouldn't be surprised if it showed much more processing than, for instance, the simple public (or even secret) key encrypt-a-credit-card-number scheme. The latter has the overhead of transaction management - but the table lookup of databases is much simpler than modular exponentiation. Then there's the 'loose change' problem - one I haven't seen discussed too much. It seems that Bob will have to total up whatever he received from Alice and anyone else, then have notes _reissued_ from the bank in his chosen denominations - otherwise Bob could double-spend _Alice_'s cash, exposing her identity and getting away scot-free himself. The loose change is in choosing the note denominations - you don't have to go to a bank to change a 100 in 'real life'. Compare this with paper money. Cash has to be printed. Granted this is cheap, particularly with US Dollars, probably the easiest currency to forge. (Even Indian Rupees are gravure printed in multiple colours and textures. I was really laughing at the discussion here a while ago on how easy it is to pull out the metal strip from dollars - Rupees have metal woven in to the paper, which reflects light at an angle and is opaque, black, when seen through). Then there's the overhead of distribution, the 'loose change' - how many suitcase-fulls to buy a Boeing? Cheques (drafts, cards) are much simpler. There is a one-time overhead of customer verification when you get your account. Transaction-time verification is relatively simple. The additional overhead of transaction record management is easily implemented even in existing electronic systems. If it weren't for Cypherpunks, anonymous cash would die a natural death as money gets wired. Anon cash _is_ value added. And I don't see why there shouldn't be a market. We have least 700 already ;-) ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Wed Aug 31 01:29:06 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 31 Aug 94 01:29:06 PDT Subject: Governments and repression Message-ID: jamesd at netcom.com: > Obviously most people do not call MIT a government. > > And if MIT built some prison cells under the Admin building and started > locking people up in the dungeons for long periods, then people would > call MIT a government. Hezbollah, Hamas, the IRA, the Khmers Rouges lock people up. You may not believe it but there are those who accept their 'rules' under the threat of violence. I suppose 'most people' call _them_ governments? I'm amazed at the way some of you keep screaming about the violence of governments. Maybe you need to experience some _real_ repression. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Wed Aug 31 01:29:18 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 31 Aug 94 01:29:18 PDT Subject: Force is not physical Message-ID: elton at sybase.com: > "Rule", or "political ... control" are only ever exercised through force. > People keep using that word, "enforce", without looking carefully at it. "Force" is not necessarily physical and cannot be equated solely with the monopoly over guns. This whole thing started in the context of governance in cyberspace. In cyberspace, if you loose your net connection, right to post, read whatever, you're dead. You could be 'killed' by a coalition of system providers, or a 'government monopoly'. You _will_ follow the rules, won't you? The point of this discussion was a model government for cyberspace (and here the sense of 'governance' is administration), and its possible extension to brickspace. It is not true that cyberspace is invincible, that the Net can't be tamed and all that rot. The Internet cannot be censored as long as a part of it exists. The money, power and intention could destroy it completely, which would of course be foolish in the extreme. Assuming that it survives, 'untamed', how is it to be run, and how will it affect the way the rest of our lives are run? ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From Brands.cash at dxm.ernet.in Wed Aug 31 01:29:27 1994 From: Brands.cash at dxm.ernet.in (Brands.cash at dxm.ernet.in) Date: Wed, 31 Aug 94 01:29:27 PDT Subject: No Subject Message-ID: "Rick H. Wesson" : > I liked your description of Brans Cash. I'd like to turn your description > into psudo-code or Perl whichever comes first and you are more comfortable > with reviewing. Anyone lese interested in developing a bit of perl as an > example of Brands cash in action? If I remember his old posting, it's heavily patented, or will be, or whatever. He's apparently quite serious about making cash (pun intended) and had asked for 'commercial alliances' or some such. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From pierre at shell.portal.com Wed Aug 31 02:11:52 1994 From: pierre at shell.portal.com (Pierre Uszynski) Date: Wed, 31 Aug 94 02:11:52 PDT Subject: In Search of Genuine DigiCash Message-ID: <199408310911.CAA12995@jobe.shell.portal.com> Linn Stanton writes: > > hughes at ah.com (Eric Hughes) writes: > > [I read somewhere] ~"The cost of compliance in a typical USA > > bank is 14% of operating costs."~ > > The real figure we need is not the US cost of compliance, > but the difference between US costs and costs in other major banking > markets. Well... not if we compare to an unregulated cypherbank. What WE (cypherpunks) need to know is also how much of our taxes go to the government side of this regulatory activity. I'm not sure cypherpunks are ready to wait for deregulation to happen :-) >From the customer's point of view, if not the bank's point of view, there is the cost of creating and maintaining all these laws, agencies, and regulations. So not only the bank customers end up somehow paying the bank's cost of compliance (as typically the individual customers may be less susceptible to foreign bank competition than the shareholders who may be more easily convinced to invest in foreign banks), but the tax payers (be they customers or shareholders) end up paying the government side of this regulatory activity. Complete the picture by figuring in there the taxes paid by the bank to maintain the regulations ;-). Perpetual Travellers who bank in cypherspace and run cypherbusinesses for fun and profit end up winning several ways. Their banks can afford to pay better interest and charge less per transaction. They are not taxed to fund regulatory efforts, and they have a competitive advantage over regulated businesses. (In the short term, though, they have a major reputation (or lack thereof) or tradition problem to overcome.) They also take risks (testing unproven markets, trusting unproven business and crypto protocols, losing money to penultimate transaction cheaters...) Pierre. pierre at shell.portal.com From mimir at io.com Wed Aug 31 02:40:56 1994 From: mimir at io.com (Al Billings) Date: Wed, 31 Aug 94 02:40:56 PDT Subject: Governments and repression In-Reply-To: Message-ID: On Wed, 31 Aug 1994 rishab at dxm.ernet.in wrote: > jamesd at netcom.com: > > Obviously most people do not call MIT a government. > > > > And if MIT built some prison cells under the Admin building and started > > locking people up in the dungeons for long periods, then people would > > call MIT a government. > > Hezbollah, Hamas, the IRA, the Khmers Rouges lock people up. You may not > believe it but there are those who accept their 'rules' under the threat of > violence. I suppose 'most people' call _them_ governments? > > I'm amazed at the way some of you keep screaming about the violence of > governments. Maybe you need to experience some _real_ repression. I see. It's the ole "It's worse in other places so quit bitching." Sure, it's worse in a lot of places. This is the U.S.A. (or it is where I am). We use most of the world's resources and we are leaders in quite a few technologies (or close to it). That doesn't mean that when things are getting shitty here I have to tolerate it because "it could be worse" or "you could live under a REALLY repressive government." I don't want to live under ANY repressive government, period. From jkreznar at ininx.com Wed Aug 31 03:51:34 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Wed, 31 Aug 94 03:51:34 PDT Subject: Cyberspatial governments? In-Reply-To: <199408302123.RAA22479@walker.bwh.harvard.edu> Message-ID: <9408310900.AA01946@ininx> -----BEGIN PGP SIGNED MESSAGE----- Adam Shostack writes: > Duncan writes: > | (Might I suggest that we adopt the typographic convention of using an upper > | case 'G' to spell Government when we are speaking of The Great Enemy and a > | lower case 'g' to refer to things like self government or corporate > | government or engine government.) > As Eric likes to point out, the Government is not a huge, > monolithic enemy. It is a multitude of huge enemies. If you think of > it as a single entity, you will often miss the subtelties in its > actions. If you don't understand why your enemy is doing what they > are doing, you will have trouble opposing it. Right on. And as Eric pointed out on May 14, ``Misallocation of attention leads one down false trails. Who has the excess brainpower for that waste?'' > If you talk about the actions of specific agencies, such as > the FCC, DEA, NSA, etc, you will see that much of their motivation > comes from bureaucratic turf wars. But their power comes from their clients --- the hundred million of our ``friends and neighbors'' who plot and scheme to wield these agencies on their behalf. The agencies are just, well, agents. Remove them and their principals will immediately erect new ones in their place. Who are their principals? They are legion: Every person who solicits their services or even just gratuitously accepts their services. > Seeing 'Government' as your great enemy is a damaging misnomer. There's nothing wrong with Duncan's proposal to distinguish ``Government'' from ``government'', just so it's understood that ``Government'' includes most of the population. > I'm not arguing *for* government here, I'm simply pointing out > that seeing government as a monolith is like seeing any large entity > as a monolith. Its really made up of small parts that interact in > strange & unpredicatble ways. Yes. We cannot afford to misperceive it if we hope to successfully defend ourselves against it. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLmRFzcDhz44ugybJAQGqtwP/fq39qTFpzXfVmDt6zFc0s4FdahMigY4D EAqtlrLuOIB/c4NMpffWuOa2Rc4PXFfhgpEgccaqcmRePfMbht6rR2vcSHlV0Trb LDIaA8b9tc0qemqZiITE0qsE1HnEPHNorxPcmGloES7avnKJzH0q+GlfImimR0Aw m8zq0FazEeA= =v8mM -----END PGP SIGNATURE----- From perry at imsi.com Wed Aug 31 05:03:45 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 31 Aug 94 05:03:45 PDT Subject: Bad govt represents bad people? In-Reply-To: <199408310103.VAA26817@bwh.harvard.edu> Message-ID: <9408311203.AA14854@snark.imsi.com> Not to denegrate either of those individuals, but the "original" work on public choice economics was worth a Nobel Prize some years ago to Buchannan (sp?). Its only been recently that the ideas have been popularized by others. The concepts are more or less inherent in the work of the Austrian school economists as well, so I suppose one should credit Mises, Hayek, and the rest... Perry Adam Shostack says: > > Much of the interesting development of these ideas was done by > Mancur Olsen, in several good books, and was addressed again recently > by Jonathan Rochkind entitled Demosclorosis. Both authors are worth > checking out. > > Adam > > Perry wrote: > > | Actually, as public choice economic theory has shown, bad government > | tends to be the inevitable result of the evolutionary pressures on > | government and government officials. This is not to say that some > | government programs are not occassionally well run or that some > | government officials are not legitimately "trying their best", but > | that the pressure on the whole system is to go towards maximum > | corruption, just as the evolutionary pressure on organisms is to only > | follow survival-prone strategies. > From perry at imsi.com Wed Aug 31 05:35:50 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 31 Aug 94 05:35:50 PDT Subject: Governments and repression In-Reply-To: Message-ID: <9408311235.AA14914@snark.imsi.com> rishab at dxm.ernet.in says: > Hezbollah, Hamas, the IRA, the Khmers Rouges lock people up. You may not > believe it but there are those who accept their 'rules' under the threat of > violence. I suppose 'most people' call _them_ governments? I would refer to most governments as being no more than large organized gangs, differing from the Mafia or Hezbollah only in so far as they have convinced large numbers of people of their legitimacy. > I'm amazed at the way some of you keep screaming about the violence of > governments. Maybe you need to experience some _real_ repression. The vast majority of people killed in acts of violence this century have been killed by governments, often their own. I am no less concerned about being killed by non-governmental force, but the governmental forces stop me from doing things to lower my risk of being killed by non-governmental forces. Perry From pfarrell at netcom.com Wed Aug 31 05:59:32 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Wed, 31 Aug 94 05:59:32 PDT Subject: Bad govt represents bad people? Message-ID: <32161.pfarrell@netcom.com> "Perry E. Metzger" writes: > > Not to denegrate either of those individuals, but the "original" work > on public choice economics was worth a Nobel Prize some years ago to > Buchannan (sp?). Its only been recently that the ideas have been James Buchanan is at GMU, clearly one of the brightest stars on the faculty. > popularized by others. The concepts are more or less inherent in the > work of the Austrian school economists as well, so I suppose one > should credit Mises, Hayek, and the rest... Required reading, of course. Spontaneous order of markets and all that. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From tony at hydra.prenhall.com Wed Aug 31 06:38:54 1994 From: tony at hydra.prenhall.com (Tony Iannotti) Date: Wed, 31 Aug 94 06:38:54 PDT Subject: Bad govt represents bad people? In-Reply-To: <9408302334.AA16831@io.lrcs.loral.com> Message-ID: On Tue, 30 Aug 1994, David Koontz wrote: > Since when is the victim responsible for the crime? Well, in Jersey City, NJ, people whose houses get graffitti'd get fined if it's not repainted in a week. Police do not respond to graffitti calls, either. So I think the answer is "all too often." ________________________________________________________________________ < Tony Iannotti, "SysAdmin" cc:Mail: Tony_Iannotti at prenhall.com PTR Prentice Hall email: tony at prenhall.com 113 Sylvan Avenue phone: 201/816-4148 Englewood Cliffs, NJ 07632 fax: 201/816-4146 ------------------------------------------------------------------------ From meconlen at IntNet.net Wed Aug 31 07:32:47 1994 From: meconlen at IntNet.net (Michael Conlen) Date: Wed, 31 Aug 94 07:32:47 PDT Subject: Alt.Gvmt.Bad.Bad.Bad In-Reply-To: <199408310449.VAA01301@deepthought.pylon.com> Message-ID: On Tue, 30 Aug 1994 blancw at pylon.com wrote: > From Rachel_P._Kovner: > > >It was once said that (and I quote -very- loosely) "The > >price of liberty is eternal vigilance", therefore, > >'bad government' is probably not a result of some kind > >of evil or malicious people, but just people who do not > >guard their rights. > > > It could also be said, somewhat loosely, that criminal theft is > just the result of people who do not protect their property. > For them it's as easy as falling off a log: the big G will > just keep getting worse and taking over more (Somebody Stop > Me!). Theft could be from thoes who do not protect there property and from thoes who do not respect others property, so can it also be said that 'bad government' can be from people not protecting there rights and people who have no respect for the rights of others? Michael Conlen From jya at pipeline.com Wed Aug 31 09:33:23 1994 From: jya at pipeline.com (John Young) Date: Wed, 31 Aug 94 09:33:23 PDT Subject: Civil crypto anarchy Message-ID: <199408311632.MAA22201@pipe1.pipeline.com> Responding to msg by wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204) on Tue, 30 Aug 6:56 PM > >Sigh. Unfortunately, governments have been quite >effective in making people more afraid of "anarchists" >than they are of governments with nuclear >weapons..... Yeah, it's been conventional wisdom around NYC since the 19th century that the best way to get some funding from LEAs was to set up a group with the word "anarchist" in it, or have an anarchist-like manifesto. In the 80s the "commie bomb thrower" types were bitching that the money was moving out west to the "right wing gun nut" types. Now long-time anarchist hustlers around here say that even the gray-haired cops bemoan Red-squad cut backs so that LEA money could go toward defeating "psychopath survivalists" and "the David Koreshes" and "murderous ex-defense workers". To divert attention from the nuclear geopolitics of the Kissingers. From kevin at commtouch.com Wed Aug 31 09:41:44 1994 From: kevin at commtouch.com (Kevin Brisco) Date: Wed, 31 Aug 94 09:41:44 PDT Subject: vendors of royalty free libraries of PEM or PGP. Message-ID: <199408311641.JAA02603@jobe.shell.portal.com> Hello, Has anybody heard of vendors of royalty free libraries of PEM or PGP? Tzachi Sharfman. From jamesd at netcom.com Wed Aug 31 10:56:34 1994 From: jamesd at netcom.com (James A. Donald) Date: Wed, 31 Aug 94 10:56:34 PDT Subject: Bad govt represents bad people? In-Reply-To: <199408310638.CAA14167@zork.tiac.net> Message-ID: <199408311747.KAA22083@netcom8.netcom.com> Steve Witham writes > Right, and I was saying maybe not even majority rule or will of the herd, > but a system with a dynamic of its own. People get the government they > don't know how to stop. I don't know what to expect of everyday people > when even the brightest anarchists haven't found a working solution. Actually several solutions were discovered long ago. After Athenian democracy self destructed, the various warring parties found that they could only have peace if they disowned omnipotent government. They put together a peace agreement that in part proclaimed limits to government, in part acknowledged inherent limits to what was proper for governments to do and in part guaranteed that the government would not go beyond what it was proper for government to do, that the majority could not do as it pleased with the minority, that not any act of power was a law, that law was not merely whatever the government willed. They did not agree on a constitution but agreed to respect an unwritten constitution that already existed in some sense. A similar arrangement underlies the American constitution (now defunct) and the English declaration of right (also defunct) The problem with such formal peace agreements is that they can only be put together after government has substantially collapsed. Some of us wish to try other possibilities in the event of collapse. The American constitution collapsed because of the rise of nominalist theories "The constitution says whatever the courts say that it says." If they needed a constitutional amendment to ban alcohol, why did they suddenly decide that they did not need a constitutional amendment to ban cocaine and tommy guns? Despite frequent violations, the American Constitution was substantially observed for 150 years, and only was massively violated with the rise of nominalism. Rand's theory of concepts seems like hokum to me, but her argument that philosophy matters is absolutely true. Rights and sound philosophy are like condoms. The usual cause of condom failure is that you did not actually wear the condom when you should have. From CCGARY at MIZZOU1.missouri.edu Wed Aug 31 11:10:08 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Wed, 31 Aug 94 11:10:08 PDT Subject: Arizona State Email Non-Privacy Policy Message-ID: <9408311810.AA03039@toad.com> Netsurfer writes: >Within the US Gov't it is not uncommon to be told that you are not to >receive personal phone calls on government time/government equipment. ot >every office etc. enforces it, but it _is_ their equipment and you are >working on _their_ time. Seems kinda harsh, but is legal and within thir >rights. Naturally emergencies are an exception. I have some problems with this: "It is their equipment and you are working on their time". Govt property is stolen property. To agree that you are dealing with their property & their time is to confer legitimacy on their theft. I have problems with this: "...and within their rights." The relation- ship between rights & legal rights of the state is something like that of turtle soup to" real mock turtle soup". I don't wish to flame you, but if we confer legitimacy to the state thru our common conversation then it will be hard to free ourselves. PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCK! BBBEEEAAATTTT STATE! Gary Jeffers From CCGARY at MIZZOU1.missouri.edu Wed Aug 31 11:21:08 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Wed, 31 Aug 94 11:21:08 PDT Subject: Government and Repression Message-ID: <9408311821.AA03287@toad.com> Rishab Aiyer Ghosh writes ind! >I'm amazed at the way some of you keep screaming about the violence of >governments. Maybe you need to experience some _real_ repression. I disagree: In the U. S. we have real repression. Current real total taxation is approx. 45%. I believe the serfs of Europe only paid a small amount above 1/12 of their production to their lords. That's a little in excess of 8.3% We revolted against English rule for taxation that was tiny compared to current burden. Also, we are currently starving out Iraq, Cuba, & Haiti with embargoes as well as doing other atrocities. Our State is currently systematically ending our freedoms & is developing Hell weapons in Black Labs for domestic use. To say that we're ok because other oppressors are worse than ours is slave talk. PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCK! BBBEEEAAATTTT STATE! Gary Jeffers From joshua at cae.retix.com Wed Aug 31 11:28:03 1994 From: joshua at cae.retix.com (joshua geller) Date: Wed, 31 Aug 94 11:28:03 PDT Subject: Bad govt represents bad people? In-Reply-To: <199408311747.KAA22083@netcom8.netcom.com> Message-ID: <199408311827.LAA12973@sleepy.retix.com> > Actually several solutions were discovered long ago. After Athenian > democracy self destructed, the various warring parties found that they > could only have peace if they disowned omnipotent government. They put > together a peace agreement that in part proclaimed limits to government, > in part acknowledged inherent limits to what was proper for governments > to do and in part guaranteed that the government would not go beyond what > it was proper for government to do, that the majority could not do > as it pleased with the minority, that not any act of power was a law, > that law was not merely whatever the government willed. specifically what period are you referring to here? josh From cactus at bb.com Wed Aug 31 11:45:00 1994 From: cactus at bb.com (L. Todd Masco) Date: Wed, 31 Aug 94 11:45:00 PDT Subject: YAMPR Message-ID: <199408311850.OAA08526@bb.com> (Yet Another May Prediction Realized) The text of a "digital stalking bill" was just sent to Cyberia-l. -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus at bb.com | you understand?" From cactus at bb.com Wed Aug 31 12:42:29 1994 From: cactus at bb.com (L. Todd Masco) Date: Wed, 31 Aug 94 12:42:29 PDT Subject: Government and Repression In-Reply-To: <9408311821.AA03287@toad.com> Message-ID: <342mmc$8uv@bb.com> In article <9408311821.AA03287 at toad.com>, Gary Jeffers wrote: >Rishab Aiyer Ghosh writes ind! > >>I'm amazed at the way some of you keep screaming about the violence of >>governments. Maybe you need to experience some _real_ repression. > > I disagree: In the U. S. we have real repression. Current real total >taxation is approx. 45%. I believe the serfs of Europe only paid a >small amount above 1/12 of their production to their lords. That's a >little in excess of 8.3% We revolted against English rule for taxation >that was tiny compared to current burden. More to the point, the United States has the highest percentage of its population in prisons (according to Amnesty International statistics). Enough to swing an election. That's compared to the entire world, and this was the case before the USSR dissolved. The only country ahead of us then was South Africa, and we passed them -- before their government changed. This *is* a country under heavy oppression -- it's just arranged so that it's next to invisible to the people who aren't in prison or don't know anybody there. We're also trained to think that we're living in a dangerous time by the mass media, while statistics simply don't bear this out. People are regularly prosecuted multiple times for the same offense; The mumbo-jumbo of "different sovereigns" doesn't change this fact. Property is regularly confiscated without due process: due process must be followed to retrieve said property. Even without a conviction. Under the new Crime Law, people can be hauled off and tested for HIV infection merely by being accused of a sex crime. If you don't call this real violence, I don't what you call it -- does it matter if the victims are anonymously disappeared or if others know that they're in prison? Nobody seems to care because Cop Shows tell everyone that it's all for our own good. Thank you sir, may I have another. (Sorry for the rant.) -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus at bb.com | you understand?" From jamesd at netcom.com Wed Aug 31 14:04:19 1994 From: jamesd at netcom.com (James A. Donald) Date: Wed, 31 Aug 94 14:04:19 PDT Subject: Bad govt represents bad people? In-Reply-To: <199408311827.LAA12973@sleepy.retix.com> Message-ID: <199408312104.OAA20620@netcom8.netcom.com> > > I wrote: > > After Athenian > > democracy self destructed, the various warring parties found that they > > could only have peace if they disowned omnipotent government. > joshua geller writes > specifically what period are you referring to here? The guys that I praised were the same bunch as executed Socrates. Now you may well say that that shows that the new arrangement was seriously imperfect. But remember that Critias, Socrates disciple, had led the thirty. When they said that Socrates ideas had undermined society they were not talking about falling church attendance and teenagers screwing in the back seats. They were talking about the reign of terror, civil war, the massive destruction of property, and large scale massacres. Indeed it was clearly a violation of the "The ancient laws and customs of Athens" to execute Socrates, but after the peace agreement such violations were rare, whereas before the peace agreement massive violations had become routine and normal, eventually reaching such a scale that democracy became irrelevant before it actually fell. Of course bad philosophy should be fought with good philosophy, not by executing bad philosophers. I hope, and confidently expect, that after democracy collapses in the west we will remember that. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jamesd at netcom.com Wed Aug 31 14:16:49 1994 From: jamesd at netcom.com (James A. Donald) Date: Wed, 31 Aug 94 14:16:49 PDT Subject: Government and Repression In-Reply-To: <342mmc$8uv@bb.com> Message-ID: <199408312115.OAA22404@netcom8.netcom.com> L. Todd Masco writes > More to the point, the United States has the highest percentage of > its population in prisons (according to Amnesty International > statistics). Enough to swing an election. To put this proper perspective you should remember that the US has the most pleasant prisons in the world. In most of the world, indiscipline and bad behavior in the prison will get you beaten, unofficially in Australia, officially in Japan. (Yes, *corporal punishment*, gasp, oh the horror). In much of Africa they do not feed prisoners. If your relatives know where you are and care about you they feed you. If they do not, you starve. The reason for this strange generosity is creative lawyering with the "cruel and unusual punishment provisions" Remember that every time the prison authorities lose a "cruel and unusual punishment" case, their budget automatically increases. Needless to say they have been industriously losing ever more absurd "cruel and unusual punishment" cases. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From hfinney at shell.portal.com Wed Aug 31 14:17:35 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 31 Aug 94 14:17:35 PDT Subject: Force is not physical In-Reply-To: Message-ID: <199408312117.OAA19380@jobe.shell.portal.com> rishab at dxm.ernet.in writes: >"Force" is not necessarily physical and cannot be equated solely with the >monopoly over guns. This whole thing started in the context of governance in >cyberspace. One question I have been thinking about based on the recent discussions with Tim May, Eric Hughes, Jason Solinsky, and others, is whether it makes sense to say that nothing done in cyberspace should be considered to be punishable by force. This leads to the position that double spending is OK if you can get away with it (but we set up the system so you can't get away with it). It also suggests that contracts as such cannot really be binding (in the usual sense) since they are just words and people can repudiate them freely. Nobody puts a gun to your head and forces you to believe someone else's promise to pay you for work you do and deliver. If he wants to say, "tough luck, ha ha," then there's nothing much you can do about it other than try to be more careful next time (and let other people know who screwed you). I think this position is consistent and interesting, but it does seem like it may be inefficient compared to a system in which people can authorize the use of physical force applied against themselves under agreed-upon circumstances. It also seems like historically people have not used non-binding contracts as much as binding ones, and I wonder whether this suggests that non-binding contracts are less useful. Hal From blancw at microsoft.com Wed Aug 31 14:43:21 1994 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 31 Aug 94 14:43:21 PDT Subject: Problems with anonymous escrow 2--response Message-ID: <9408312143.AA04819@netmail2.microsoft.com> Anonymity & reputation as assets: >From Hal: Besides the question of trustworthiness, another problem I see with anonymous escrow agents applies more generally to any form of anonymous business. Anonymity makes sense to me for the individual. Each person manages his own affairs and he can keep secret or reveal what he wants. But at the business level it is going to be much harder to keep the same level of secrecy. >From Tim: ...what good would assets do if they can't be traced? More generally, reputation capital is what they need, not physical assets. ............................................................... I'm not seeing the relationship of these two concepts of anonymity in conjunction with reputation. How could such attributes co-exist? Can they really function successfully together for both the agent & their client: how could one individual or escrow agent be both unknowable and yet depend upon reputation capital to go on? To have reputation means that one's behavior from the past must be known & evaluated for future interactions, but to be anonymous means that their client will not know who that particular entity is with whom they is dealing: so would this like doing business with God, where you only know what s/he's *supposed* to deliver, but never really know who it is wot does the deed, or whether there really is one? Blanc From wcs at anchor.ho.att.com Wed Aug 31 14:44:44 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 31 Aug 94 14:44:44 PDT Subject: Government and Repression Message-ID: <9408312142.AA00718@anchor.ho.att.com> We're getting fairly far off topic here..... if we're going to talk about anarchy, some spontaneous order would be useful :-) > I disagree: In the U. S. we have real repression. Current real total > taxation is approx. 45%. I believe the serfs of Europe only paid a > small amount above 1/12 of their production to their lords. That's a > little in excess of 8.3% We revolted against English rule for taxation > that was tiny compared to current burden. Fairly typical taxation during English serfdom was two days labor per week for the landlord. 40% of an average US worker's work week is also two days, though serfs probably worked 6-7 days most weeks, less in winter. Serfs were generally not allowed to leave, while Americans are. Serfs could be drafted when there were wars, so can Americans. Control by the lords came partly from conquest, and partly (especially in France) from imposition of fealty in return for protection from invaders. Some of the somewhat vaguely cypherpunk-related issues are: - Serfdom and the social structures around it had troubles dealing with the emergence of merchant classes; non-government- controlled trade in an information economy may be similarly disruptive. (Serfdom was also seriously disrupted by the labor shortages following the Black Death, which gave lots more power and mobility to the remaining laborers.) - Health care insurance is becoming increasingly used as a technique for keeping track of all citizens, especially kids who are otherwise hard to trace - not only has Clinton proposed a health care smart card and a not-an-immigrant permission-to-work card, the administration's health/pension regulation bureaucrats have been demanding SS numbers on dependents' insurance claims. One of the big reasons is to keep people from going into the underground economy, but another is presumably the draft - current draft reservation is massively evaded, though that becomes much more difficult if you have databases of kids. Bill From wcs at anchor.ho.att.com Wed Aug 31 14:53:45 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 31 Aug 94 14:53:45 PDT Subject: including key fingerprints Message-ID: <9408312152.AA00997@anchor.ho.att.com> One of the better uses for key fingerprints is for inclusion in signature files and other places that a key itself is too bulky. By widespread dissemination of the fingerprint, the chances of a bogus key being undetected are decreased, since there ar more channels for the fingerprint to get to recipients, and more channels for the owner of a key to see any bogus fingerprints out on the net. It's also easier to validate keys with someone you don't know very well, since you've got more chances to see what the key for Joe X. is before meeting a person who tells you he's Joe X. and he'd like to have you sign his key, fingerprint 123456ABCDFEFG. On the other hand, if people widely start checking fingerprints they see, there *is* some opportunity for the Bad Guys to create a distrust and disinformation campaign by spreading false fingerprints and false keys. (Now that Tommy the Tourist's NSA-bait is getting more sophisticated, I'm almost surprised it's not including random PGP keys or fingerprints, whether real ones or bogus ones to prod people into checking signatures...) Bill From ianf at simple.sydney.sgi.com Wed Aug 31 15:34:35 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Wed, 31 Aug 94 15:34:35 PDT Subject: Government and Repression In-Reply-To: <199408312115.OAA22404@netcom8.netcom.com> Message-ID: <9409010829.ZM645@simple.sydney.sgi.com> On Aug 31, 2:15pm, James A. Donald wrote: > To put this proper perspective you should remember that the > US has the most pleasant prisons in the world. On whose reconning?! At the very least, the US is one of the largest users of capital punishment - including being one of the few countries where children can be tried as adults and executed - which sounds very comfortable to me. And let's not forget the rather unpleasant physical and sexual assault statistics which are noticed in prisons worldwide, which includes the USA. > In most of the world, indiscipline and bad behavior in the > prison will get you beaten, unofficially in Australia, officially > in Japan. (Yes, *corporal punishment*, gasp, oh the horror). Want to back this up with some reliable references? I am very aware of the criticisms of the Australian prison systems, and would be the first to agree that massive reform is needed. But I have never seen reference to this, and don't believe that it would be possible to supress it in this circumstance. Ian. From jya at pipeline.com Wed Aug 31 15:51:13 1994 From: jya at pipeline.com (John Young) Date: Wed, 31 Aug 94 15:51:13 PDT Subject: OFFSHORE DIGITAL BANKS Message-ID: <199408312231.SAA23437@pipe1.pipeline.com> Responding to msg by tcmay at netcom.com (Timothy C. May) on Tue, 30 Aug 12:12 PM >The link with crypto is an important one: with the loss >of the U.S.S.R. as a superpower, the world is >"unipolar" in terms of real superpower force. The U.S. >can throw its weight around, encouraging compliance >with U.S. polices in most areas. Everything from >abortion policy to banking secrecy laws to key >escrow. > >(I'm not saying the U.S. threatens force against, say, >Luxembourg or Italy, just that the pressures to go >along with the U.S. New World Order are strong. Tim, would you expand the link to crypto of unipolar superpower? Maybe some of the non-US c'punks can add more. Here's my >$.02: Some folks in other countries of more afraid of the USG and national security capitalism (protection of "national interest") than some of us are. They view it as normal that the Government will advance and protect interests of its economy, including, if necessary, by military force. Those who have lived abroad know that fear of our foreign policy is greater than the US public may want to believe. Our domestic-oriented politics clouds understanding of the effects of what is perceived to be aggression against the sovereignty of other nations' culture. Other countries' drive for nuclear weapons, or alliances with those who have nuclear capabilities, is based what they think is a "real politik" necessity to the loss of being able to balance the Soviets against the US. China, as the most obvious example, is working this fear-of-the-west hard to gain support in Asia and the Middle East for its nuclear program. Smaller countries have shown in their UN votes that they might welcome increased Chinese power to offset the Soviet loss, even as they hold out hands to the US. It will be difficult to convince these skeptics that US business can compete in the world without military backing. John From blancw at microsoft.com Wed Aug 31 16:17:27 1994 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 31 Aug 94 16:17:27 PDT Subject: FW: Problems with anonymous escrow 2--response Message-ID: <9408312318.AA09334@netmail2.microsoft.com> Oooopppps - I meant to say "...but to be anonymous means that their client will not know who that particular entity is with whom they {are} dealing" Blanc From yusuf921 at raven.csrv.uidaho.edu Wed Aug 31 16:20:17 1994 From: yusuf921 at raven.csrv.uidaho.edu (yusuf921) Date: Wed, 31 Aug 94 16:20:17 PDT Subject: Government and Repression In-Reply-To: <9409010829.ZM645@simple.sydney.sgi.com> Message-ID: On Thu, 1 Sep 1994, Ian Farquhar wrote: > On Aug 31, 2:15pm, James A. Donald wrote: > > To put this proper perspective you should remember that the > > US has the most pleasant prisons in the world. > > On whose reconning?! At the very least, the US is one of the largest users > of capital punishment... AH hem, that was prison system not judicual system, which is true; the only people who have a better (and both are free I might add) dental plan are the US senators [!] > - including being one of the few countries where > children can be tried as adults and executed - which sounds very comfortable > to me. If someone tries to blow my brains half way across the room I don't care if he's 17 because his birthday was yesterday or 16 because his birthday is day after tomarrow. Play like the big boys--PAY like the big boys. > And let's not forget the rather unpleasant physical and sexual > assault statistics which are noticed in prisons worldwide, which includes > the USA. do you have some statistics which says the USA has a significantly higher rate to compensate that free dental plan? > > In most of the world, indiscipline and bad behavior in the > > prison will get you beaten, unofficially in Australia, officially > > in Japan. (Yes, *corporal punishment*, gasp, oh the horror). > > Want to back this up with some reliable references? I am very aware of > the criticisms of the Australian prison systems, and would be the first > to agree that massive reform is needed. But I have never seen reference > to this, and don't believe that it would be possible to supress it in > this circumstance. > > Ian. Wouldn't know anything about this.... Saeed Yusuf -- Finger yusuf921 at raven.csrv.uidaho.edu for PGP public key 2.6ui GJ/GP -d+ H+ g? au0 a- w+++ v+(?)(*) C++++ U++1/2 N++++ M-- -po+ Y+++ - t++ 5-- j++ R b+++ D+ B--- e+(*) u** h* r+++ y? > > > > From solman at MIT.EDU Wed Aug 31 16:28:11 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Wed, 31 Aug 94 16:28:11 PDT Subject: Force is not physical In-Reply-To: <199408312117.OAA19380@jobe.shell.portal.com> Message-ID: <9408312327.AA06999@ua.MIT.EDU> Hal sez: > rishab at dxm.ernet.in writes: > > >"Force" is not necessarily physical and cannot be equated solely with the > >monopoly over guns. This whole thing started in the context of governance in > >cyberspace. > > One question I have been thinking about based on the recent discussions > with Tim May, Eric Hughes, Jason Solinsky, and others, is whether it > makes sense to say that nothing done in cyberspace should be considered > to be punishable by force. This leads to the position that double > spending is OK if you can get away with it (but we set up the system so > you can't get away with it). Force is something that happens in the physical realm and the government reigns supreme there. Do you want the Government getting involved in cyberspace? They surely will try, but we needn't encourage them. Perhaps, however, a more important consideration is the fact that our systems are highly flawed if we can NOT rely on them to protect us without government intervention. Its a good sound design criterion. Besides, what is the probability of a physical realm Government [Duncan's convention for the great evil :) ] catching an anonymous thief who went through a well designed remailer system. Not bloody likely... > It also suggests that contracts as such > cannot really be binding (in the usual sense) since they are just words > and people can repudiate them freely. Nobody puts a gun to your head > and forces you to believe someone else's promise to pay you for work > you do and deliver. If he wants to say, "tough luck, ha ha," then > there's nothing much you can do about it other than try to be more > careful next time (and let other people know who screwed you). A contract should ALWAYS contain enforceable breach provisions. The amount of misery that is caused in the physical realm each year due to people not following this rule is enormous. In cyberspace there is even less excuse for not following this rule because transaction costs are so low. [In the physical realm there are numerous situations in which high transaction costs render the negotiation of breach provisions for low probability events inefficient.] If you can't enforce a contract or the enforcement is not explicitly spelled out you've done something wrong and you are inviting both misery and inefficient litigation. Cheers, Jason W. Solinsky From tcmay at netcom.com Wed Aug 31 16:34:26 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 31 Aug 94 16:34:26 PDT Subject: Force is not physical In-Reply-To: <199408312117.OAA19380@jobe.shell.portal.com> Message-ID: <199408312224.PAA26605@netcom16.netcom.com> Hal Finney writes: > One question I have been thinking about based on the recent discussions > with Tim May, Eric Hughes, Jason Solinsky, and others, is whether it > makes sense to say that nothing done in cyberspace should be considered > to be punishable by force. This leads to the position that double > spending is OK if you can get away with it (but we set up the system so > you can't get away with it). It also suggests that contracts as such > cannot really be binding (in the usual sense) since they are just words > and people can repudiate them freely. Nobody puts a gun to your head > and forces you to believe someone else's promise to pay you for work > you do and deliver. If he wants to say, "tough luck, ha ha," then > there's nothing much you can do about it other than try to be more > careful next time (and let other people know who screwed you). I don't strongly argue for the position: "anything is OK if you can get away with it." In fact, I can think of many actions that, if "performed in cyberspace" would warrant physical retaliation up to and including deadly response. An example would be theft of "my" personal secrets, my digitial money, etc. The hard part, of course, is catching the person. And I see no point in making a big deal about "outlawing" such thefts, given that enforcement is so problematic. I don't know if this makes my personal morality clearer, or if my personal morality matters. I just wanted to make this clear, to prevent misunderstandings. Let me state a set of points in the context of locking doors, laws about entering a house even when the doors are unlocked, the role of the law, etc. (This has actually come up a couple of times as a parallel to crypto, to leaving files around for decryption, etc.) * Wise people don't just trust to laws about breaking-and-entering, they put locks on their doors. (And they use strong crypto when necessary, etc.) * An unlocked door is not a legal excuse for entering a house. Basic idea of property rights, a Schelling point for rights. (The issue of "unauthorized access" to computers via modems is a more problematic one in property rights; I have no firm conclusions yet, and hence I support using cryptographic access protocols to make the issue technologically moot.) * Regardless of whether I've locked my doors, if I find an intruder inside my house I'll shoot first and ask questions later. Though I don't support the ex post facto imposition of a death penalty for this entry, I support those who defend their property and themselves. * The law should not distinguish between locked and unlocked doors, period. While prudence dictates that doors should be locked, to cut down on the issues above, the law should be blind on this. To the extent there is any centralized law, that is. * A better solution: private law. One contracts with a PPL agency. They will likely charge for enforcement, as insurance and security companies currently do. Having an unlocked door--deduced somehow--may result in cancelled service, or higher premiums, etc. (There are too many issues to debate here, so I won't. Hal and others are well familiar with this...newcomers are urged to read up first. I've cited the books several times.) In summary, I can see some cyberspatial actions as triggering me into taking physical actions. With strong crypto though, and untraceability, the playing field changes dramatically and most cyberspace actions are unpunishable in the "real world." --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From solman at MIT.EDU Wed Aug 31 17:08:09 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Wed, 31 Aug 94 17:08:09 PDT Subject: Problems with anonymous escrow 2--response In-Reply-To: <9408312143.AA04819@netmail2.microsoft.com> Message-ID: <9409010008.AA07101@ua.MIT.EDU> Blanc quoth: > I'm not seeing the relationship of these two concepts of anonymity in > conjunction with reputation. > > How could such attributes co-exist? > Can they really function successfully together for both the agent & > their client: how could one individual or escrow agent be both > unknowable and yet depend upon reputation capital to go on? To have > reputation means that one's behavior from the past must be known & > evaluated for future interactions, but to be anonymous means that their > client will not know who that particular entity is with whom they is dealing: People are using anonymity in a different way than has practical value within cyberspace. Anonymity usually means that you can not match a physical realm person to a cyberspatial private key. But that doesn't mean you don't know anything about the entity. The skills of an entity without any reputation capital are absolutely worthless. But usually an anonymous entity will come around brandishing all sorts of certifications (reputation capital). So, as it is usually used, anonymity does not mean zero knowledge. It means you lack knowledge that would enable you to match the key to the physical realm person it corresponds to. With this in mind, the coexistence of the aforementioned attributes ceases to be problematic. JWS From tcmay at netcom.com Wed Aug 31 17:23:55 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 31 Aug 94 17:23:55 PDT Subject: OFFSHORE DIGITAL BANKS In-Reply-To: <199408312231.SAA23437@pipe1.pipeline.com> Message-ID: <199408312308.QAA02504@netcom16.netcom.com> John Young writes: (quoting me) > >of the U.S.S.R. as a superpower, the world is > >"unipolar" in terms of real superpower force. The U.S. > >can throw its weight around, encouraging compliance > >with U.S. polices in most areas. Everything from > >abortion policy to banking secrecy laws to key > >escrow. > > > >(I'm not saying the U.S. threatens force against, say, > >Luxembourg or Italy, just that the pressures to go > >along with the U.S. New World Order are strong. > > Tim, would you expand the link to crypto of unipolar > superpower? I'm not sure what John wants me to expand on here. Others have noted the same sorts of things. Here are some random, brief points: * U.S. is only remaining superpower. Soviet weapons disintegrating, rusting, becoming impossible to use. Soviet non-nuke weapons also declining. (Gulf War outcome.) * U.S. law enforcement (FBI, DEA, CIA, NSA) throws weight around with Interpol, with Latin America (War on Drugs, Peru, Columbia, etc.), FBI Director Louis Freeh travels to Russia to coordinate. Russia, flat on its back, naturally acquiesces. * U.S. tells the U.N. when to jump and how high. Only concession is that tell them how high in "meters" instead of in feet. Hence the rumblings from U.N. about Haiti invasion, Rwanda, Somalia, Cuba, etc. (In case of Haiti, no foreign aggression, so this is an unheard of extension of the charter.) * U.S. policy on birth control--which swings from one side to the other--is rammed down throat of other nations, via sanctions, aid, etc. * U.S. sits astride the world. U.S. orders the invasion of countries whose leaders it dislikes. (Lest I sound like a leftist, I'm not. I'm just seeing the full flowering of the American imperialist state, spreading its form of totalitarian government to other nations.) Is this enough of an expansion? --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jamesd at netcom.com Wed Aug 31 17:38:49 1994 From: jamesd at netcom.com (James A. Donald) Date: Wed, 31 Aug 94 17:38:49 PDT Subject: Force is not physical In-Reply-To: <199408312117.OAA19380@jobe.shell.portal.com> Message-ID: <199409010039.RAA19140@netcom8.netcom.com> Hal writes > If he wants to say, "tough luck, ha ha," then > there's nothing much you can do about it other than try to be more > careful next time (and let other people know who screwed you). > > I think this position is consistent and interesting, but it does seem > like it may be inefficient compared to a system in which people can > authorize the use of physical force applied against themselves under > agreed-upon circumstances. It also seems like historically people have > not used non-binding contracts as much as binding ones, Surely contracts binding by honor only are better than contracts binding by force. Honor has been predominantly used, rather than force. For example I have about $60 000 in unsecured credit. If I blew all that and told the banks to piss off, there is nothing they can do, other than burn my credit rating. And the US government (unfairly and unjustly) prevents them from burning my credit rating permanently. The legal system in the US has effectively collapsed. It is cheaper to use honor, than force. In cyberspace the cost advantage of honor is even greater. I expect that in the future, fifty to a hundred years, we will see a freeman class, literate and numerate, whose contracts are based entirely upon honor, and an illiterate servile class whose contracts are based primarily upon force: "If you do not pay back this loan with accumulated compound interest we will break your arms and legs, as you agreed." "Duh, whats compound interest?" "Or alternatively you could work for me for food and board until the debt is, Heh, heh, (evil laugh) paid off." -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From karn at qualcomm.com Wed Aug 31 17:45:21 1994 From: karn at qualcomm.com (Phil Karn) Date: Wed, 31 Aug 94 17:45:21 PDT Subject: Cyberspatial governments? In-Reply-To: <199408302123.RAA22479@walker.bwh.harvard.edu> Message-ID: <199409010045.RAA07345@servo.qualcomm.com> > If you talk about the actions of specific agencies, such as >the FCC, DEA, NSA, etc, you will see that much of their motivation >comes from bureaucratic turf wars. Seeing 'Government' as your great >enemy is a damaging misnomer. Indeed, many government policies can be understood only from this perspective. Clipper is a perfect example. Key escrow exists only because the NSA doesn't want to risk blame if some terrorist or drug dealer were to use an unescrowed NSA-produced algorithm. The fact that a terrorist or drug dealer can easily go elsewhere and obtain other strong or stronger algorithms without key escrow is irrelevant. The NSA simply doesn't care as long as *they* can't be blamed for whatever happens. Classic CYA, nothing more. A similar analysis applies to the export control regulations regarding cryptography. Phil From Rachel_P._Kovner at gorgias.ilt.columbia.edu Wed Aug 31 18:20:51 1994 From: Rachel_P._Kovner at gorgias.ilt.columbia.edu (Rachel_P._Kovner at gorgias.ilt.columbia.edu) Date: Wed, 31 Aug 94 18:20:51 PDT Subject: Bad govt represents bad people? Message-ID: <1994Aug31.161253.1181968@gorgias.ilt.tc.columbia.edu> perry at imsi.com wrote: >Actually, as public choice economic theory has shown, bad government >tends to be the inevitable result of the evolutionary pressures on >government and government officials. This is not to say that some >government programs are not occassionally well run or that some >government officials are not legitimately "trying their best", but >that the pressure on the whole system is to go towards maximum >corruption, just as the evolutionary pressure on organisms is to only >follow survival-prone strategies. and David Koontz wrote: >Since when is the victim responsible for the crime? I would agree with you that there is a natural evolutionary trend towards bad government - however, I do not think of this process as inevitable. The "eternal vigilance" quote I cited was merely my way of saying that "bad government" -will- come about if people do not protect their rights, because of this 'evolutionary pressure' of which you speak. Therefore, it's very important for a society to resist this evolutionary pressure. If they do not, their actions will contribute to the rise of bad government. I'm not really interested in throwing blame around, but I would say that those who do not resist 'bad government' are, in some small way, responsible for it's rise. There will always be people out there who will attempt to encroach on our liberties - sometimes they will succeed, sometimes they will fail. It depends on how much support they have and how much resistance they encounter. It is up to the people of a country to resist bad government - otherwise, although they will be the victims of bad government, they will have contributed to bringing it upon themselves. rk ---------------------------------------------- Delivered by the NLTL Internet Gateway From tcmay at netcom.com Wed Aug 31 18:38:05 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 31 Aug 94 18:38:05 PDT Subject: Problems with anonymous escrow 2--response In-Reply-To: <9409010008.AA07101@ua.MIT.EDU> Message-ID: <199409010136.SAA29637@netcom5.netcom.com> Jason S. said: > People are using anonymity in a different way than has practical value > within cyberspace. Anonymity usually means that you can not match a > physical realm person to a cyberspatial private key. But that doesn't > mean you don't know anything about the entity. The skills of an entity > without any reputation capital are absolutely worthless. But usually an > anonymous entity will come around brandishing all sorts of certifications > (reputation capital). > > So, as it is usually used, anonymity does not mean zero knowledge. It > means you lack knowledge that would enable you to match the key to the > physical realm person it corresponds to. With this in mind, the > coexistence of the aforementioned attributes ceases to be problematic. I think most of us understand this is what "pseudonymity" means...we only use "anonymous" as shorthand for this. You can quibble about this, and I might agree that the more awkward "pseudonymous" is a better term, but no one is being misled into thinking that "anonymous" means truly anonymous, with no credentials, no reputation, no trail. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From Rachel_P._Kovner at gorgias.ilt.columbia.edu Wed Aug 31 18:56:59 1994 From: Rachel_P._Kovner at gorgias.ilt.columbia.edu (Rachel_P._Kovner at gorgias.ilt.columbia.edu) Date: Wed, 31 Aug 94 18:56:59 PDT Subject: Government and Repression Message-ID: <1994Aug31.164507.1182797@gorgias.ilt.tc.columbia.edu> >In most of the world, indiscipline and bad behavior in the >prison will get you beaten, unofficially in Australia, officially >in Japan. (Yes, *corporal punishment*, gasp, oh the horror). Umm, minor point, but just for my personal clarification, are you sure there's corporal punishment in Japan? I seem to remember that during this whole Singapore thing, Japan was often raised as a model of a society with Singaporean crime rates and no corporal punishment. Rk ---------------------------------------------- Delivered by the NLTL Internet Gateway From tcmay at netcom.com Wed Aug 31 20:13:09 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 31 Aug 94 20:13:09 PDT Subject: ARTICLE" "Software's Chronic Crisis" Message-ID: <199409010311.UAA07349@netcom8.netcom.com> The latest "Scientific American," September 1994, has an excellent article entitled "Software's Chronic Crisis," by W. Wayt Gibbs. It discusses a lot of issues related to crypto, especially to the deployment of robust systems that can be built upon. Brad Cox is quoted. I'm not going to type in sections--go out and find this issue yourself. If you want to. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hughes at ah.com Wed Aug 31 20:37:31 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 31 Aug 94 20:37:31 PDT Subject: Force is not physical In-Reply-To: <199408312117.OAA19380@jobe.shell.portal.com> Message-ID: <9409010317.AA04442@ah.com> One question [...] is whether it makes sense to say that nothing done in cyberspace should be considered to be punishable by force. I, personally, will steer clear of making any such broad normative prescriptions. We have barely yet begun the task of determining whether violence-free systems can be stable in the long term. It's not yet fully clear to me that this is even true about a payments system, even though I've argued that it may well be so. And the payments systems are the only ones for which I've seen anything approaching a specification. Normative statements are, generally speaking, ones which contain the words "you ought to" or "you should" or "it would be wrong to". They imply some sort of obligation, but the recipient of that obligation is rarely explicitly stated. Normative statements create and bolster the "policeman inside"; they are intended to create in the hearer some sort of mental restriction--"I won't do that because I shouldn't". Why do normative statements ever even work? The simplest statement of the situation seems absurd--one person says "you ought" and then another person says "I will". "Those who do not will are willed." A wise man indeed. Normative statement work because of the implicit threats contained therein, threats of either violence or shunning. Years of conditioning, and not only by parents, are required to make these threats effective, and their effects persist long after. I want my threats to be overt. I would much rather say "If you steal from me I will hunt you and kill you" than say "People shouldn't steal from each other". One of the whole points of anonymity and pseudonymity is to create immunity from these threats, which are all based upon the human body and its physical surroundings. What is the point of a system of anonymity which can be pierced when something "bad" happens? These systems do not reject the regime of violence; rather, they merely mitigate it slightly further and make their morality a bit more explicit. (And now the flip side, where instead of saying "this is good" I will rather say "this is what I want".) I desire systems which do not require violence for their existence and stability. I desire anonymity as an ally to break the hold of morality over culture. Cyberspace is a substrate for identity whose locus is not a physical body. Not all of cyberspace will have these characteristics. There will be segments of the electronic world which are fully mapped one-to-one with individual bodies, and the actions taken here will be subject to the same morality of the physical world. Anonymous systems are neither necessary nor inevitable nor, because of the prevailing culture, obvious. The will of many individuals will be necessary into order to bring about their creation. Anonymous systems will start from a position of relative weakness, without the resources and familiarity that identified systems will have. I desire the anonymous spaces and the hidden places. I rejoice in the discussion of their creation on this mailing list. I want to win rather than to feel good about losing. Eric From jamesd at netcom.com Wed Aug 31 21:01:31 1994 From: jamesd at netcom.com (James A. Donald) Date: Wed, 31 Aug 94 21:01:31 PDT Subject: Government and Repression In-Reply-To: <1994Aug31.164507.1182797@gorgias.ilt.tc.columbia.edu> Message-ID: <199409010334.UAA24363@netcom14.netcom.com> I wrote: > >In most of the world, indiscipline and bad behavior in the > >prison will get you beaten, unofficially in Australia, officially > >in Japan. (Yes, *corporal punishment*, gasp, oh the horror). Rachel_P._Kovner at gorgias.ilt.columbia.edu writes > Umm, minor point, but just for my personal clarification, are you > sure there's corporal punishment in Japan? I seem to remember > that during this whole Singapore thing, Japan was often raised > as a model of a society with Singaporean crime rates and no > corporal punishment. There is no corporal punishment for crimes, but if you are a prisoner and you misbehave, you will get wacked, just as you will in most places. In Japan they do not seem terribly embarrassed about this. I saw this on TV. A bunch of prisoners sitting perfectly still for a long period, and a guard with a cane who wacked anyone who moved. He did not wack them very hard. It looked perfectly civilized to me, and I recommend the practice to US prisons. How can you maintain discipline in a prison otherwise? Answer: In US prisons there is no discipline. Prisoners learn to be aggressive, rude, and obnoxious to the guards and to each other. Good training to render them unemployable when they emerge.