From wcs at anchor.ho.att.com  Wed Jun  1 00:03:21 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com_1-510-484-6204)
Date: Wed, 1 Jun 94 00:03:21 PDT
Subject: IMP (was Re: ecash-info (fwd))
Message-ID: <9406010702.AA17708@anchor.ho.att.com>


> > 1.) Chaum's e-cash coupled with WWW/Mosaic is a de facto internet
> > mercantile protocol.

It ain't de facto until a lot of people are using it.
I suspect PGP with credit card numbers in free-form ASCII
is almost as common, at least for now; there are 4 or 5 groups I've 
seen that will accept that.  And phone calls or faxes to the number
on the bottom of the ad on Usenet probably outmumber those...

In particular, digicash isn't a standard until there's at least
one bank a lot of people can access via digicash.

However, it's certainly a nice approach.

Credit cards do take care of one of the objections Hal mentions,
which is how you can trust your vendor to ship you the goods
instead of absconding with your cash.  Some of the digicash protocols
can help with that process, at the cost of privacy - the spender
can reveal the number of the coin that was ripped off, but the receiver
may have cashed it via anonymous remailers, making it difficult to
prove who's telling the truth in court, especially when the goods
were software delivered by anonymous remailer chains as well.

			Bill





From crame001 at hio.tem.nhl.nl  Wed Jun  1 00:55:55 1994
From: crame001 at hio.tem.nhl.nl (ER CRAMER)
Date: Wed, 1 Jun 94 00:55:55 PDT
Subject: PGS bug! (fwd)
Message-ID: <9406010850.AA01556@hio.tem.nhl.nl>



I tried to reply to this messages but it was bounced back to me...
So I mail it to this list...

> > 	I like your PGS shell a great deal. Thank you for writing it. 
> 
> Thank you for liking it ;-)
> 
> > However, I have found what appears to be a small bug. I do not have my 
> > keyrings in my pgp directory. They are in a separate directory, specified 
> > via the PubRing, SecRing, and RandSeed directives in 'config.txt'. When I 
> > load PGS, it checks my pgp directory for these files, does not find them, 
> > and asks if I want to create a secret key ring. When I answer no, the 
> > program generates a General Protection fault #13, which is gracefully 
> > caught and handled by QEMM386, my memory manager.
> 
> We don't support keyrings that aren't in the PGPPATH (at least not yet). 
> To tell you the truth I didn't know of hte PubRing, SecRing and RandSeed
> directives... I guess I can take a look at it, maybe it's easy to change...
> 
> If you answer NO on the question to create a keypair PGS should quit. I have
> know problem with QEMM myself. What version of QEMM do you use???
> 

BTW: I tried out the PubRing and SecRing directives in my config.txt but
they where nog supported... Does anyone knows something about it???

... If you outlaw Privacy, only the Outlaws will have Privacy!

Eelco Cramer <crame001 at hio.tem.nhl.nl> ------
--------------------------------------------------




From limpe001 at hio.tem.nhl.nl  Wed Jun  1 01:13:15 1994
From: limpe001 at hio.tem.nhl.nl (HHM LIMPENS)
Date: Wed, 1 Jun 94 01:13:15 PDT
Subject: PGS-list
Message-ID: <9406010907.AA01660@hio.tem.nhl.nl>


For anyone who is interrested in bug-reports/update reports etc
for the Pretty Good Shell (PGS, available on several FTP sites, see previous
(few days) mail from Eelco Cramer, 
send a mail to listserv at vox.hacktic.nl and 
"they'll get my crypto key when they pry it from my dead, cold fingers"
 -NSA's (former) chief counsel Stewart Baker

"the NSA being the devious bastards"
 - Michael Handler

 +----------------------------------------+----------------------------+
 | Eric Limpens                           |  Where is my spycamera !?  |
 |                                        |     ..Bart Simpson..       |
 | <Limpe001 at hio.tem.nhl.nl>              +----------------------------+
 | S=limpe001;OU=hio;OU=tem;O=nhl;PRMD=surf;ADMD=400net;C=nl           |
 | finger limpe001 at 141.252.36.60 for PGP 2.7 key                       |
 +---------------------------------------------------------------------+




From limpe001 at hio.tem.nhl.nl  Wed Jun  1 01:17:59 1994
From: limpe001 at hio.tem.nhl.nl (HHM LIMPENS)
Date: Wed, 1 Jun 94 01:17:59 PDT
Subject: PGS-list
Message-ID: <9406010912.AA01740@hio.tem.nhl.nl>


Sorry, please forget the previous mail, things went weird....


Here we go again:


For anyone interressted in bug-reports/release updates etc..
on the Pretty Good Shell (PGS, compatible with 2.3a-2.6 and the notorious 2.7)
please send a mail message to: listserv at voc.hacktic.nl
with in the body of the message:
subscribe pgs-list

Anyone who encounters bugs/wants extra features etc, please drop us a message
using that list.



Eric Limpens, co-author of PGS.


"they'll get my crypto key when they pry it from my dead, cold fingers"
 -NSA's (former) chief counsel Stewart Baker

"the NSA being the devious bastards"
 - Michael Handler

 +----------------------------------------+----------------------------+
 | Eric Limpens                           |  Where is my spycamera !?  |
 |                                        |     ..Bart Simpson..       |
 | <Limpe001 at hio.tem.nhl.nl>              +----------------------------+
 | S=limpe001;OU=hio;OU=tem;O=nhl;PRMD=surf;ADMD=400net;C=nl           |
 | finger limpe001 at 141.252.36.60 for PGP 2.7 key                       |
 +---------------------------------------------------------------------+




From usura at vox.hacktic.nl  Wed Jun  1 03:15:55 1994
From: usura at vox.hacktic.nl (Usura)
Date: Wed, 1 Jun 94 03:15:55 PDT
Subject: PGS-list
Message-ID: <060194120025Rnf0.78@vox.hacktic.nl >


HHM LIMPENS <limpe001 at hio.tem.nhl.nl> writes:

>
>For anyone interressted in bug-reports/release updates etc..
>on the Pretty Good Shell (PGS, compatible with 2.3a-2.6 and the notorious 2.7)
>please send a mail message to: listserv at voc.hacktic.nl
                                         ^^^

 If you really want to subscribe send the message to:

         TO  :  listserv at vox.hacktic.nl
         SUBJ:  any
         BODY:  subscribe pgs-list
                end


>Anyone who encounters bugs/wants extra features etc, please drop us a message
>using that list.
>
>Eric Limpens, co-author of PGS.


The Staff at VoX Propaganda Labz.

--
Exit! Stage Left.
Alex de Joode                                 <usura at vox.hacktic.nl>





From MIKEINGLE at delphi.com  Wed Jun  1 04:53:51 1994
From: MIKEINGLE at delphi.com (Mike Ingle)
Date: Wed, 1 Jun 94 04:53:51 PDT
Subject: Clipper in patent trouble?
Message-ID: <01HD0J5OIAOO90S1RA@delphi.com>


(From alt.security.pgp)

Rich Lethin <lethin at toast.ai.mit.edu> wrote:
>
>I was chatting today with someone moderately well-informed about the
>clipper controversy (unlike me).  He pointed out the following work to me
>by Prof. Silvio Micali at LCS on a technical scheme which can serve as a
>compromise between the needs of society for legitimate wiretaps and the
>need of individuals for strong privacy.  Basically, it seems to be a
>protocol for extending a public key algorithm into a k-escrow system.  This
>apparently differs from the Clipper chip in that algorithmic details are
>well publicized.
>
>The work was in Crypto '92 apparently, and an MIT lab for CS tech report
>numbered TR-579b. 

Even worse, Micali is claiming that his patent on fair cryptosystems
(#5,276,737) covers Clipper as well.  In the Wall Street Journal (May 31,
1994, p. B6):

    Mr Micali, whose patent was issued in January, says his patent
    covers the concept of breaking an encryption key into multiple
    parts that are guaranteed to work, and are held by escrow
    agents.

It seems to me that Clipper does not guarantee that the multiple parts
will work in anywhere near the same way as his scheme does (see my book
for details); Clipper is simply a secret splitting scheme.  On the other
hand, Micali filed his patent application in Apr 92, a full year before
Clipper became public.

Bruce

**************************************************************************
* Bruce Schneier
* Counterpane Systems         For a good prime, call 391581 * 2^216193 - 1
* schneier at chinet.com
**************************************************************************





From talon57 at well.sf.ca.us  Wed Jun  1 06:49:43 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Wed, 1 Jun 94 06:49:43 PDT
Subject: clipper patent troubles?
Message-ID: <199406011349.GAA21026@well.sf.ca.us>



 ----------
Date: Wednesday, June 01, 1994 9:41AM

ADMINISTRATION'S CRYPTO PLAN MAY HAVE PATENT PROBLEMS - MIT professor says
he deserves royalties

     An MIT computer scientist is trying to earn royalties on the use of the

 Administration's Clipper
encryption plan. Negotiations, which one government official described as 
"erratic," have been going on for a couple months.

     Silvio Micali, the professor, holds one patent that he says covers a
critical part of the government's Clipper project. He says the U.S. Patent
and Trademark Office approved but has not yet publicly issued a second
patent improving on the original invention.

     The royalty negotiations throw a wildcard onto the table of U.S.
cryptography policy at an uncertain time. If the patent covers Clipper,
opponents of U.S. policy will likely seize on the patent dispute as just one


more reason to kill Clipper; users of Clipper will face higher
costs; and the U.S. government will also have a much harder time exporting
Clipper technology. Foreign governments recoil at the prospect of paying
royalties to a U.S. citizen.

     Still, it is unclear how committed Micali is to facing off against
barrel-chested U.S. negotiators. So far, he has been talking amiably to
Michael Rubin, deputy general counsel of the National Institute of Standards


and Technology, without the aid of a lawyer. "I didn't
think that in dealing with the U.S. government, I would need a lawyer,"
Micali says. "I may be proved wrong."

     The key escrow, or Clipper, proposal is a coding scheme to provide
privacy to voice, fax, and computer communications through the use of a
secret codes. The code is embedded in a computer chip, the Clipper chip,
that the government wants installed in telephones, fax
machines and computers.

     But there's a catch: The secret key that unlocks messages is broken
into two pieces and held in escrow by the government. With a court order,
the government can reunite the two escrowed keys and tap the coded
communications.

     Micali says that his patent covers the basic notion of escrowed keys in


which trustees are given guaranteed pieces of the key. And while most of the


18 claims of the patent don't seem relevant to Clipper, the last four could
be troubling.

     One of the claims clearly covers the division of a secret key into
pieces and the recreation of those pieces in order to tap a line.

     If it applies to Clipper, Micali's patent would pose a vexing problem.
Unlike most of the rest of the key U.S. cryptographic patents, the
government does not seem to be able to use Micali's technology for free.
Micali says he made the invention on his own time, not while working on
a government-funded project, which would give the U.S. government
royalty-free use.

     At least initially, the government will be the primary user of Clipper
chip encryption devices.
Officially, it is a voluntary standard for government use. But the Clinton
Administration hopes the concept will spread into the private market. If
that happens, consumers could face a higher price tag because of the Micali
patent. The Clipper chip itself currently costs $25.

     A NIST official says the government is now evaluating Micali's patent
and talking to the professor.  The analysis includes whether the government
provided any sort of funding to Micali's research that led to the invention
underlying the patent.

     Micali initially approached the government several years ago about
adopting a cryptographic scheme that he says is preferable to Clipper.

     Clipper is a private key system in which the same key, a so-called
session key, is used to both code and decode a message. From a practical
point of view, this requires the sender and user to exchange keys
beforehand, which can be dangerous, time-consuming and expensive.

     Micali envisioned a public key system that would still give the
government access to tap phone lines.  Public key, of course, is the
greatest recent cryptographic breakthrough because it frees the parties from


selecting a key in advance.

     In a public key system, a sender will code a message with the
receiver's public key, which is widely known.  The receiver will then decode


the message with his or her private key, which is mathematically related to
the public key but difficult to compute.

     Under Micali's scheme, users would break their private keys into pieces


and give each escrow agent a piece and a mathematical proof that the piece
is legitimate. Upon proper authority, the government could then reassemble
the pieces of the key to tap a message.

     The government obviously opted for Clipper rather than Micali's
approach, but Micali did not go away. Last January, the patent office issued


his patent, so the topic of conversations shifted to royalties.

     Micali won't say what sum he is seeking from the government except that


it is reasonable compared to standard practices. It is not unusual for
patent holders to seek 5 percent to 10 percent of sales if they feel they
hold a core patent and up to 2 percent if their invention is peripheral.

     The Micali patent covers a public key system, which Micali says would
give users more control over their keys and would be less expensive, even
with royalty payments, than a hardware-based solution, like Clipper. Most of


the patent's claims, therefore, don't cover Clipper, which is a private key
system. (A user, however, may want to use a public key system like RSA to
generate the session key under Clipper.)

      Micali's patent lawyer was wise enough to round out the patent with
four general claims that cover the use of escrowed keys, regardless of the
method. Micali says his second patent, which is not yet public, may cover
Clipper even more directly.

     Claim interpretation, of course, is a matter of impression and
imprecision, especially when it relates to inventions implemented in
software. And it may be that NIST decides that Micali's claims don't
specifically cover Clipper.

   In that case, Micali would be facing a legal bill of hundreds of
thousands of dollars to make his case in court.

     Until that time, Micali is not revealing his strategy other than to say


that he may soon need a lawyer.

 ----- that's all -----





From Pierre at eworld.com  Wed Jun  1 07:14:32 1994
From: Pierre at eworld.com (Pierre at eworld.com)
Date: Wed, 1 Jun 94 07:14:32 PDT
Subject: eWorld & Anonymity
Message-ID: <9405312236.tn36955@eworld.com>


I thought this might interest people... eWorld's "policy" on anonymity...

***************************************

Date:    Sat, May 28, 1994 5:52 AM EST
From:  eWorldAlert at eworld.com
Subj:    About Member Profiles.
To:       Pierre

Dear eWorld Beta Tester,
The recent eWorld host software upgrade rebuilt Member Profiles using the
name you entered during registration. If you do not want your complete name
reflected in the Member Profile you can change it. We ask that you enter at
least your first initial and true last name.

You can edit this field for the next couple of weeks, after which you can no
longer change it.

We want eWorld members to have real identities to encourage responsible
online behavior.

In the near future the eWorld Member Name in the Member Profile of
newly-registered people will automatically reflect the name provided during
registration and will not be editable. During registration members will
choose between listing first & last name or first initial & last name in the
Member Profile.

This prevents people from using anonymous member names in eWorld, such as
Your Worstnightmare. It also allows members to have impersonal identities in
eWorld if they are concerned about harassment.

Someone asks, "What if I have an uncommon last name, live in a small
community and express an unpopular viewpoint in a discussion where tempers
are high? Someone can use my Member Name and Location information to find my
phone number (or even my address) and harass me!"

Those with unusual last names have two options. The first is to change the
community name from a city or town to a geographical region, or even to
change the geographic reference to Somewhere Else. The second is to call the
eWorld Assistance Center at 1-800-775-4556, explain the problem and ask for
an altered Member Name.

You don't need to do that now, though -- at this point you can change it
yourself.

We don't want anyone getting beat up or harassed because of membership in
eWorld. But we do want to *substantially* reduce the amount of anonymity and
consequent irresponsible behavior possible with the present registration
system.







From perry at imsi.com  Wed Jun  1 07:20:17 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 1 Jun 94 07:20:17 PDT
Subject: clipper patent troubles?
In-Reply-To: <199406011349.GAA21026@well.sf.ca.us>
Message-ID: <9406011420.AA00353@snark.imsi.com>



Given that Micali is one of the "the government is here to help you"
crowd, I doubt he'll demand anything that actually makes Clipper
impractical. However, I will note that he's damaged his credibility as
a pro-clipper speaker, both because he now stands to personally profit
from it, and because he's made the following silly statement:

> "I didn't think that in dealing with the U.S. government, I would
> need a lawyer," Micali says. "I may be proved wrong."

The naivete is astonishing, but at least he admits that he may be
wrong on this point.

Perry





From smb at research.att.com  Wed Jun  1 07:54:25 1994
From: smb at research.att.com (smb at research.att.com)
Date: Wed, 1 Jun 94 07:54:25 PDT
Subject: Clipper in patent trouble?
Message-ID: <9406011454.AA27332@toad.com>


	 Even worse, Micali is claiming that his patent on fair cryptosystems
	 (#5,276,737) covers Clipper as well.  In the Wall Street Journal (May
	 31, 1994, p. B6):

	     Mr Micali, whose patent was issued in January, says his patent
	     covers the concept of breaking an encryption key into multiple
	     parts that are guaranteed to work, and are held by escrow
	     agents.

	 It seems to me that Clipper does not guarantee that the multiple parts
	 will work in anywhere near the same way as his scheme does (see my book
	 for details); Clipper is simply a secret splitting scheme.  On the
	 other hand, Micali filed his patent application in Apr 92, a full
	 year before Clipper became public.

I think Micali has a good case.  In patent law, the claims are vital.
Exactly what it is that you're claiming is new is described in the claims;
something infringes if it includes all of the elements of any one claim.
Here's claim 15 of that patent:

	    15. A method, using a cryptosystem, for enabling a
	predetermined entity to monitor communications of users
	suspected of unlawful activities while protecting the privacy
	of law-abiding users, wherein a group of users has a secret
	key, comprising the steps of:

	 breaking the secret key into shares;

	 providing trustees pieces of information that include shares
	 of the secret key; and

	 upon a predetermined request, having the trustees reveal the
	 shares of the secret key of a user suspected of unlawful
	 activity to enable the entity to reconstruct the secret key
	 and monitor communications to the suspect user.

Sure sounds like Clipper to me...  (Claims 1-14 deal with Micali's
major stuff, the ``fair'' public-key based systems.)

If Micali's claim holds up, it provides Cypherpunks with a whole new
weapon against obnoxious cryptographic protocols -- build 'em first,
patent 'em, and *don't* license them to the government...  (Of course,
since the U.S. uses a ``first to invent'' standard, they could defeat
that by opening up secret NSA archives to show that they really had
it first...)

Btw -- I found the patent online via WWW; see http://town.hall.org/
and do the obvious.  If you want just that single patent, go to
ftp://ftp.town.hall.org/patent/data1/05276/05276737, or do the obvious
ftp.





From frissell at panix.com  Wed Jun  1 08:12:22 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 1 Jun 94 08:12:22 PDT
Subject: Pedophiles in Cyberspace
Message-ID: <Pine.3.87.9406011106.A19111-0100000@panix.com>


The WSJ op ed page today has an article on the 1st Amendment in 
Cyberspace by Stephen Bates that focusses (analytically) on pedophiles 
and Usenet.  It is not hysterically negative but discusses the "downside" 
of our technology.

DCF






From hughes at ah.com  Wed Jun  1 08:21:57 1994
From: hughes at ah.com (Eric Hughes)
Date: Wed, 1 Jun 94 08:21:57 PDT
Subject: procmail
In-Reply-To: <199405311816.OAA10030@sparcserver.mc.ab.com>
Message-ID: <9406011525.AA03785@ah.com>


My first guess: if you have a home directory on the sparcstation, but
a .forward file and procmailrc there.  procmail is pretty good about
being transparent for delivery.  If you have an empty .procmailrc
file, it should dump everything right back in your spool file.

You can look at the last Received line in your incoming mail to
determine what machine the last sendmail is running on.  Your binary
should go on that machine, I think.

Eric





From hughes at ah.com  Wed Jun  1 08:28:09 1994
From: hughes at ah.com (Eric Hughes)
Date: Wed, 1 Jun 94 08:28:09 PDT
Subject: Cypherpunks' Electronic Book2
In-Reply-To: <9405311930.AA10172@toad.com>
Message-ID: <9406011535.AA03803@ah.com>


      Well, my evil plan to volunteer Eric Hughes's time  for my
   Cypherpunk's Electronic Book has not worked out as well as I had hoped

If you really had me in particular in mind, you should use private
email.  Since you did not, I assume there are others you may be trying
to interest.

   Eric, it is crucial to the project that
   you give out permissions for some people to change Majordomo, 

I can't give you that permission; I don't have that permission myself.

More generally, just because the cypherpunks list runs on toad.com
does not mean that toad.com is a common resource for all list members.
Gary is not the first to assume this; I do hope he will be one of the
last.

   I think
   CEB will generate a life of its own.

Four incarnation of a cypherpunks FAQ did not generate a life of their
own.  I see this as having strong parallels.

Let me repeat my earlier suggestion.  You, Gary Jeffers, can run this
out of your own account with a mail filter.  If you can't write it
yourself, you can ask for someone to help you set it up.  Everyone
who's put up a remailer has put up something similar to what you want.

Eric





From perry at imsi.com  Wed Jun  1 08:45:16 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 1 Jun 94 08:45:16 PDT
Subject: breaking encryption in microsoft word...
Message-ID: <9406011545.AA01861@webster.imsi.com>


Hi y'all.

A client of mine has lost the password to a Microsoft Word v6
document. I've found stuff on the net to crack Wordperfect, and
pointers to stuff to crack Lotus 1-2-3, Quatro-Pro, MS Excel and
Paradox, but nothing on Microsoft Word. Does Word use real
cryptography, or does someone out there have a way to break it pretty
quickly?

Perry





From hughes at ah.com  Wed Jun  1 08:50:54 1994
From: hughes at ah.com (Eric Hughes)
Date: Wed, 1 Jun 94 08:50:54 PDT
Subject: Cypherpunks' Electronic Book 3
In-Reply-To: <9406010232.AA16653@toad.com>
Message-ID: <9406011558.AA03865@ah.com>


   I don't know the languages or protocols or mechanics
   of the Internet to do it myself. I was hoping to provoke an Internet
   guru to do this.

When I wrote the very first cypherpunks remailer in September of 1993,
I did it without knowing Perl, which I learned during that time, over
a 2400 baud dialup to an overloaded Unix host, using emacs to edit
(ever seen a page up in emacs at 2400 baud?), and having to read lots of
man pages on slocal and perl (lots more screen refreshes).

Now look.  If you want to do something really useful, don't assume
that it can be done easily or without a lot of committment in time and
effort.

   I have no idea
   how heavy the duties of an administrator would be. 

I would suggest that since it's your idea that you should administer
it.  If you're not already putting out similar effort, it is somewhat
foolish to ask others to do so.

Eric





From danisch at ira.uka.de  Wed Jun  1 09:06:08 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Wed, 1 Jun 94 09:06:08 PDT
Subject: breaking encryption in microsoft word...
Message-ID: <9406011604.AA02418@tartarus.ira.uka.de>



> A client of mine has lost the password to a Microsoft Word v6
> document. I've found stuff on the net to crack Wordperfect, and
> pointers to stuff to crack Lotus 1-2-3, Quatro-Pro, MS Excel and
> Paradox, but nothing on Microsoft Word. Does Word use real
> cryptography, or does someone out there have a way to break it pretty
> quickly?


Some months ago there was an article in a german computer magazine about
the Microsoft Excel chiffre. If I remember well it was a simple thing:
Every byte is rotated by two (?) bits and then a 12-character password
is xored cyclic (vigenere-chiffre). The format of the file should be 
enough to do a known-plaintext-attack. Doesn't have the Microsoft word
document a lot of 0-Bytes within the first hundred bytes?

Hadmut




From sommerfeld at localhost.medford.ma.us  Wed Jun  1 09:30:18 1994
From: sommerfeld at localhost.medford.ma.us (Bill Sommerfeld)
Date: Wed, 1 Jun 94 09:30:18 PDT
Subject: Clipper in patent trouble?
In-Reply-To: <9406011454.AA27332@toad.com>
Message-ID: <199406011610.MAA00382@localhost>


	... Micali's major stuff, the ``fair'' public-key based systems.

Just to throw another sound bite in the pot:

Why would anyone in their right mind use a cryptosystem that's only "fair"
when they have their choice of so many "good" and "excellent" ones like
IDEA and RSA as well? :-) :-)

disclaimer: I haven't read Micali's papers in detail, but I understand that
the "fair' cryptosystem is effectively "key escrow in software".  Actually,
I haven't seen his protocols discussed in any level of detail on this list.
An overview might help improve the S/N ratio here..

   build 'em first, patent 'em, and *don't* license them to the government... 

Alternatively, hold out for 10% of the capital cost of the *entire*
communications system and put the money to good use if they're stupid
enough to pay.

					- Bill





From adam at bwh.harvard.edu  Wed Jun  1 09:40:47 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Wed, 1 Jun 94 09:40:47 PDT
Subject: FEDGOVT> OTA Report - Electronic Commerce - via ftp (fwd)
Message-ID: <199406011640.MAA29508@spl.bwh.harvard.edu>



Date: Tue, 31 May 1994 13:46:55 CDT
Newsgroups: bit.listserv.govdoc-l
From: "Dexter, Martha (Dir.,Info/Pub)" <mdexter at ops.ota.gov>
Subject: OTA Report on Electronic Commerce
 
----------------------------Original message----------------------------
May 26, 1994
 
OTA EXAMINES FUTURE ELECTRONIC COMMERCE
 
   Lawmakers and businessmen at the turn of the century reacted
only after new technologies had restructured their society.
However, citizens today have an opportunity to comprehend and
prepare for the radical changes taking place as the concept of a
National Information Infrastructure (NII) moves from vision to
reality, says the congressional Office of Technology Assessment
(OTA).
 
   The Clinton Administration announced in September 1993 an
initiative to promote the development of  NII ... "that would
create a seamless web of communications networks, computers,
databases, and consumer electronics that will put vast amounts of
information at users' fingertips.  ...[That] can help unleash an
information revolution that will change forever the way people
live, work, and interact with each other."
 
   The initiative relies on the private sector to innovate and
aggressively pursue the deployment of these technologies.  But
certain problems in the deployment of the NII will persist that
only the government can address, says OTA.
 
   In testimony today before the House Committee on Science,
Space, and Technology, OTA released the findings of its Report
Electronic Enterprises: Looking to the Future.  In the Report,
OTA takes a strategic look at the development of electronic
commerce, and outlines the characteristics of the infrastructure
that must support it.
 
   To support U.S. businesses and to ensure a competitive
economic playing field, the information infrastructure will need
to be flexible and open, seamless and interoperable  and evenly
and broadly deployed, says OTA.  The Report lays out a number of
government strategies to promote a network architecture that
meets these requirements.
 
   The US is in the midst of a transition created in part by
advances in communication and information technologies.  These
developments are radically altering the US economy and changing
the way that business is conducted, says OTA.  Markets are
expanding globally; business organizations are streamlining; what
we normally think of as a firm is becoming blurred; some worker
skills are becoming obsolete requiring worker retraining;and
production is being carried out "just-in-time" on a flexible
schedule, rather than being mass-produced.  These changes are
fundamental and far-reaching.
 
   OTA emphasizes that in an electronically networked economy,
the design and underlying architecture of the global information
infrastructure will have a major impact on national economic
growth and development.  If American businesses are to benefit
fully from electronic commerce, says OTA, not only technology but
also social and economic factors that govern the use of
networking technologies need adequate attention in designing
infrastructure policy.
 
   To address these factors, the government will need to look
beyond the traditional role of "regulator," and consider the full
range of strategies that it might pursue, says OTA.  In its other
various roles as broker, promoter, educator, and institution-
builder, the government must establish the rules of the game and
the incentive structure that will help determine private sector
choices.  As regulator, government will need to ensure that
electronic markets are evenly deployed, open, and accessible on
an equitable basis.
 
   Whether in work relationships within a firm, competition in
the marketplace, or trading relations among nations, having
access to information and the ability to use it strategically
will be the keys to success or failure.  What is different today,
OTA points out, is the extent to which knowledge is now embedded
in information and communication technologies.  As a result,
choices about the design, architecture and structure, or the
rules and regulations of network technologies will be
irreversible in the short- to medium-term.
 
   Requesters for the study are the Senate Committee on
Commerce, Science, and Transportation, and the House Committee on
Science, Space, and Technology.
 
   Copies of the 190-page Report Electronic Enterprises:
Looking to the Future will be available in about three weeks from
the Superintendent of Documents, U.S. Government Printing Office,
and from the National Technical Information Service. To inquire
about availability, call OTA at (202) 224-8996 or e-mail
pubsrequest at ota.gov. For copies for congressional use, please
call (202) 224-9241.  A 4-page Summary and testimony delivered at
the hearing are available electronically.  (The Report will be
available electronically in about a week.)  To download via ftp
from OTA, use the following procedures: ftp to otabbs.ota.gov
(152.63.20.13). Login as anonymous.  Password is your e-mail
address.  File is in the directory /pub/elenter.
 
 OTA is a nonpartisan analytical agency that serves the U.S
Congress.  Its purpose is to aid Congress in the complex and
often highly technical issues that increasingly affect our
society.
 
Martha Dexter                           mdexter at ota.gov
Director, Information Management        (202) 228-6233
Office of Technology Assessment         fax: (202) 228-6098
U.S. Congress
Washington, DC  20510






From koontzd at lrcs.loral.com  Wed Jun  1 10:23:38 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Wed, 1 Jun 94 10:23:38 PDT
Subject: Clipper in patent trouble?
Message-ID: <9406011542.AA16101@io.lrcs.loral.com>


>From: Mike Ingle <MIKEINGLE at delphi.com>

>Rich Lethin <lethin at toast.ai.mit.edu> wrote:
>>
>>I was chatting today with someone moderately well-informed about the
>>clipper controversy (unlike me).  He pointed out the following work to me
>>by Prof. Silvio Micali at LCS on a technical scheme which can serve as a
>>compromise between the needs of society for legitimate wiretaps and the
>>need of individuals for strong privacy.  Basically, it seems to be a
>>protocol for extending a public key algorithm into a k-escrow system.  This
>>apparently differs from the Clipper chip in that algorithmic details are
>>well publicized.
>>
>>The work was in Crypto '92 apparently, and an MIT lab for CS tech report
>>numbered TR-579b.
>
>Even worse, Micali is claiming that his patent on fair cryptosystems
>(#5,276,737) covers Clipper as well.  In the Wall Street Journal (May 31,
>1994, p. B6):
>
>    Mr Micali, whose patent was issued in January, says his patent
>    covers the concept of breaking an encryption key into multiple
>    parts that are guaranteed to work, and are held by escrow
>    agents.
>
>It seems to me that Clipper does not guarantee that the multiple parts
>will work in anywhere near the same way as his scheme does (see my book
>for details); Clipper is simply a secret splitting scheme.  On the other
>hand, Micali filed his patent application in Apr 92, a full year before
>Clipper became public.

>Bruce (Schneier)

One thing of note from the book on Crypto 92, is that the conference
occurred in August.  The paper on fair crypto systems contains references
to President Clinton and Clipper, having been written or revised between May
and August of 93.

Hardly seems fair for something supposedly presented (and reviewed in
92).  Is it just me or does this seem questionable?  (Possibly being an
attempt to show prior art, or perhaps being simply revised by someone
close to the publication process.)





From koontzd at lrcs.loral.com  Wed Jun  1 10:23:51 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Wed, 1 Jun 94 10:23:51 PDT
Subject: NSA breaks Russian PRNGs with neural networks??
Message-ID: <9406011531.AA16098@io.lrcs.loral.com>



>From: rishab at dxm.ernet.in
>
>tcmay at netcom.com:
>> An interesting article by Seymour Hersh is cited below. It says that
>> NSA had transcripts of the 1991 coup plotters (and presumably other
>> Russian leaders) and that Bush passed these on to Yeltsin to warn him.
>
>A recent article from the Daily Telegraph, another British paper, went on abou
>the possible encryption techniques used by the Russians. It described how
>reused one-time pads led to the unmasking of Fuchs, the Rosenbergs, Philby
>et al. Then it suggested that the method the NSA broke was based on (presumabl
>weak) PRNGs, a stream cipher. It suggested that the NSA might have developed
>techniques to find patterns in PRNG outputs through neural networks, or geneti
>algorithms!!
>
>While the latter sounds like crap to me, even though I've worked with and
>believe in the power of neural networks for amazing pattern recognition, unles
>the PRNGs were _really_ weak, I'm skeptical. I don't think the Russians are
>fools, and in these times one doesn't rely on secret weak algorithms for
>crypto, not when there are publicly well known strong ones. Humint? Maybe.

I can recall having seen keylists for Soviet crypto, similar (but larger)
than those used for shift register based U.S. tactical crypto from the
Korean War era.  We used to monitor send/receive ciphertext for U.S.
crypto during key changes.  One handy tool was a meter, which would integrate
(low pass) the data stream.  We could easily determine that the key had been
changed by watching the meter.  This was done with idle circuits operating
under traffic flow security (meaning the line was active, data equal to a
constant mark, the encrypted constant mark showing on the data stream).
The distribution of average voltage values (MIL STD 188) and how fast
and furious it would change, hop, skip and jump were generally distinct
between successive keys.

DES S Box outputs have the identical symbol distribution for key and key_not
(E(Rn) xor KSn, input to the S Boxes).  For a given round key (and its
inverse), there are between 0 and 65,536 symbols missing from the domain
of the P permutation (32 bit symbols).  Which symbols and how many that
don't show up are dependant on the key.  Some keys have no missing symbols,
while others have lots.  This is a function of the E permutation and R bit
sharing between adjacent S Boxes.  Someone appears to have been quite
aware of this weakness, the second XOR operation found in a DES round
( (E(Rn) xor KSn) xor Ln )goes a long way towards masking the fact that
some symbols can be missing.

Were DES not to perform the second XOR, you could determine the key
simply by monitoring missing symbols from the output of the S boxes
(P permutation).  Each new symbol found would eliminate certain patterns
from the scheduled key (KSn), a 48 bit value.  It would go a long way
to reducing the number of unknown key bits to the range of easy brute
force attacks.

Now imagine that shift register based crypto generally doesn't mix key and
data as well.  DES  operates on each bit 16 times, more than the typical
shift register based crypto.  Each bit of the output block of DES depends
on all the input bits and all the key bits input to the key scheduler.  A
shift register based crypto with a shift register of a size comparable to
the block size of DES would typically have a lot fewer variables contributing
to each key bit, making brute force attacks on a known crypto system
with known plaintext (including idle data values) much easier.  Now, imagine
that there is statistical significance to the output distribution of 1's
and 0's based on weaker mixing.  This sounds right up the alley for neural
nets.

Anyway, I think it really depends on the age of the crypto gear in use.
Older gear tends to be less secure based on shift register size, and
key/data mixing.  There are also rules used to specify tap to input
selections, which eliminate weak keys (the sort of rules enforced by
key card readers).  Attacking a cryptosystem operated with keys provided
from a centralized generation/distribution system would further reduce the
key search domain to strong keys.

Having worked on crypto gear built the year I was born (1954) through the
late '70s, I have no problem believing that Russia is using antiquated (and
thus more vulnerable) crypto today.  Based on replacement cost, the only thing
that would drive comsec gear out of service would be demonstrable weakness
(such as Bush giving Yeltsin intercepts, personnel insecurity with respect
to key handling, etc.), or prohibitive maintenance/operating costs.   After
all, some protection is better than none.





From tcmay at netcom.com  Wed Jun  1 11:09:08 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 1 Jun 94 11:09:08 PDT
Subject: Cypherpunks' Electronic Book 3
In-Reply-To: <9406011558.AA03865@ah.com>
Message-ID: <199406011808.LAA02168@netcom.com>



To expand on the points Eric Hughes made:

>    I don't know the languages or protocols or mechanics
>    of the Internet to do it myself. I was hoping to provoke an Internet
>    guru to do this.
> 
> When I wrote the very first cypherpunks remailer in September of 1993,
> I did it without knowing Perl, which I learned during that time, over
> a 2400 baud dialup to an overloaded Unix host, using emacs to edit
> (ever seen a page up in emacs at 2400 baud?), and having to read lots of
> man pages on slocal and perl (lots more screen refreshes).

Indeed, there's a trend here on Cypherpunks to try to get others do
the work, when what is really needed is more work, period. 

Although I am probably known for "rants," I more or less agree agree
with Pr0duct Cypher's pithy "One line of code is worth a thousand
rants." (I say "more or less" because I suspect some of my political
articles, here and elsewhere, are more useful than any of the lines of
code I've written...some Lisp, some Mathematica, and now some
Smalltalk/V.) 

But one principle I try to stick to is to always bite my tongue when I
feel tempted to ask others to do something "trivial."

A better approach is to find things one can do one's self and "just
do it." One of these things I am spending a lot of time on now is a
Cypherpunks FAQ. While I will welcome contributions, corrections, and
elaborations, this will have to come after it is distributed, not as a
"stone soup" sort of project.

(The "stone soup" approach, named of course after the fable, is to
throw out a crude outline and then wait for others to write sections.
This was tried a couple of times with the FAQ (not by me)--it failed.
I fear the "Cypehrpunks Electronic Book" falls into this category,
independent of the tangential issues of how it will get "automatically
distributed" with Majordomo or procmail or whatever.)

> Now look.  If you want to do something really useful, don't assume
> that it can be done easily or without a lot of committment in time and
> effort.
> 
>    I have no idea
>    how heavy the duties of an administrator would be. 
> 
> I would suggest that since it's your idea that you should administer
> it.  If you're not already putting out similar effort, it is somewhat
> foolish to ask others to do so.

Eric is right of course. Having an idea but expecting others to flesh
it out and do the actual work is akin to the folks who naively
approach published authors and say they have a "good idea" which
merely needs a "little work." It just doesnn't work that way.

The recently debated "Cypherpunks Electronic Book" I suspect is like
this. Sorting through 40 megabytes of Cypherpunks material for stuff
to include in my FAQ, and organizing and writing for a couple of hours
a day, I have a pretty clear idea of how much stuff is out there. A
lot.

A "Cypherpunks Electronic Book" is an even bigger project than the FAQ
I'm working on. And I have grave doubts that my FAQ will be read by
the very people that most need to read it, given their apparent
failure to read the existing FAQs in sci.crypt, the RSADSI/Paul Fahn
FAQ, the documentation as part of PGP, and Schneier's FAQ. (I hope I
have not insulted anyone who is undeserving of insult. If my words
apply to you, take it as a recommendation that you read the existing
FAQs carefully.)

So, if the CEB enthusiasts want to try this, I applaud them. I just
don't see the point in trying to have it declared an Official Project
(or whatever). If you want to do it, go ahead and do it.  But don't
expect that merely proposing the "idea" will mean others will "fill in
the details." (And the "details" of the writing of sections are vastly
more time-consuming than the mere issue of distributing!)

Frankly, I favor the WWW/HTML/Mosaic/Lynx approach, and may eventually do
something along these lines with my FAQ. (My FAQ is written in a
structured outline processor, "MORE" for the Mac, but of course will
be distributed in straight ASCII. However, I can read it into
FrameMaker, which I also have, and then--I hear, but haven't
tried--embed HTML links to other articles, URLs, etc.)

But this will have to wait.  First things first.

--Tim May




-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From jim at bilbo.suite.com  Wed Jun  1 11:37:45 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Wed, 1 Jun 94 11:37:45 PDT
Subject: Clipper in patent trouble?
Message-ID: <9406011835.AA28181@bilbo.suite.com>



smb at research.att.com writes:

> Btw -- I found the patent online via WWW; see http://town.hall.org/
> and do the obvious.  If you want just that single patent, go to
> ftp://ftp.town.hall.org/patent/data1/05276/05276737, or do the obvious
> ftp.
> 



Following smb's suggestion, I WWW'ed to town.hall.org and started poking  
around.  I found a second Micali "fair crypto-system" patent that also  
looks like it would cover Clipper.  It is patent number 05315658 (the  
other was 05276737).

I found it by traversing to

http://town.hall.org/cgi-bin/srch-patent

and searching using "public key" as the search criteria.

The two patents seem vary similar, but it seems to me that the second  
patent more closely describes a system similar to Clipper:

-----

NUM     Claim Number:				7.

Claim 7

     7. A method, using a cryptosystem, for enabling a predetermined  
entity to monitor communications of users suspected of unlawful activities  
while protecting the privacy of law-abiding users, wherein one user has at  
least a secret decryption key, comprising the steps of:

 having trustees hold pieces of information that are guaranteed to include
  shares of a secret decryption key; and

 upon a predetermined request, having a given number of trustees each  
reveal the piece of information that includes the share of the secret  
decryption key to enable the entity to attempt to monitor communications  
to the user suspected of unlawful activities.

NUM     Claim Number:				8.

     8. The method as described in claim 7 wherein upon the predetermined
request all of the trustees each reveal the piece of information.

[..]

NUM     Claim Number:				12.

     12. A method, using a cryptosystem, for enabling a predetermined  
entity to confirm that users of a system exchange messages encrypted  
according to a predetermined algorithm, comprising the steps of:

 providing each user in the system with a secure chip containing at least
  one secret key unknown to the user; and

 having the user send encrypted messages using the secure chip; and

 with each encrypted message sent by a user, having the secure chip also
  send a data string, computed using the secret key, to guarantee the  
entity that the encrypted message was generated by the secure chip using  
the predetermined algorithm.

NUM     Claim Number:				13.

     13. The method as described in claim 12 further including the steps  
of:

 providing trustees with pieces of information including shares of a  
secret key; and

 upon a predetermined request, having a given number of trustees send
  information including shares of the secret key to allow the entity to
  monitor communications to a suspect user.


 Jim_Miller at suite.com






From whitaker at dpair.csd.sgi.com  Wed Jun  1 11:50:45 1994
From: whitaker at dpair.csd.sgi.com (Russell Whitaker)
Date: Wed, 1 Jun 94 11:50:45 PDT
Subject: Applied Crypto errata location?
Message-ID: <9406011148.ZM3556@dpair.csd.sgi.com>


I'm looking for the latest list of errata in the 1st edition of Bruce Schneier's
(sp?) *Applied Cryptography*, which I picked up a couple of weeks ago.  I was
trying to follow the mathematics in one discussion of subliminal channels (near
p. 388; I don't have the book at hand), and ran into an egregious notational
inconsistency.

Before I go further, it looks like I'm going to have to handwrite all the known
typos into the text, just to be safe. I had heard about this problem... now I
see how little care was taken by the publishers.

Are the latest errata posted to an ftp site?  xarchie is not producing useful
hits for me on this one.

Assistance is appreciated.

--
Russell Earl Whitaker			    whitaker at csd.sgi.com
Silicon Graphics Inc.
Technical Assistance Center / Centre D'Assistance Technique /
  Tekunikaru Ashisutansu Sentaa
Mountain View CA     			    (415) 390-2250
================================================================
#include <std_disclaimer.h>









From markh at wimsey.bc.ca  Wed Jun  1 12:22:14 1994
From: markh at wimsey.bc.ca (Mark C. Henderson)
Date: Wed, 1 Jun 94 12:22:14 PDT
Subject: Applied Crypto errata location?
Message-ID: <m0q8vqK-000COJc@vanbc.wimsey.com>


-----BEGIN PGP SIGNED MESSAGE-----

Subject: Re: Applied Crypto errata location?

> I'm looking for the latest list of errata in the 1st edition of Bruce Schneier's
> (sp?) *Applied Cryptography*, which I picked up a couple of weeks ago.  I was
> trying to follow the mathematics in one discussion of subliminal channels (near
> p. 388; I don't have the book at hand), and ran into an egregious notational
> inconsistency.

get the following file by anon ftp
ftp.wimsey.bc.ca:/pub/crypto/Doc/applied_cryptography/errata_1.5.8.gz

As far as I know, this is the latest list.

Mark

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQBVAgUBLezfg2rJdmD9QWqxAQHbcQH/X99OjYQfyqXkOFBHo/7uURmRHDUb98GR
opiGwlydwLyDDnwsmdmmpQ559rTHicwjXhFKxYtcZQ2goPlRFHUObQ==
=K6hj
-----END PGP SIGNATURE-----

-- 
Mark Henderson markh at wimsey.bc.ca - RIPEM MD5: F1F5F0C3984CBEAF3889ADAFA2437433
ViaCrypt PGP key fingerprint: 21 F6 AF 2B 6A 8A 0B E1  A1 2A 2A 06 4A D5 92 46
low security key fingerprint: EC E7 C3 A9 2C 30 25 C6  F9 E1 25 F3 F5 AF 92 E3
cryptography archive maintainer -- anon ftp to ftp.wimsey.bc.ca:/pub/crypto





From whitaker at dpair.csd.sgi.com  Wed Jun  1 12:26:41 1994
From: whitaker at dpair.csd.sgi.com (Russell Whitaker)
Date: Wed, 1 Jun 94 12:26:41 PDT
Subject: Applied Crypto errata location?
In-Reply-To: <m0q8vqK-000COJc@vanbc.wimsey.com>
Message-ID: <9406011224.ZM3779@dpair.csd.sgi.com>


On Jun 1, 12:20pm, Mark C. Henderson wrote:
>
> get the following file by anon ftp
> ftp.wimsey.bc.ca:/pub/crypto/Doc/applied_cryptography/errata_1.5.8.gz
>
> As far as I know, this is the latest list.
>

Thanks Mark, and thanks Lefty, and whomever else is responding now.

Russell

--
Russell Earl Whitaker			    whitaker at csd.sgi.com
Silicon Graphics Inc.
Technical Assistance Center / Centre D'Assistance Technique /
  Tekunikaru Ashisutansu Sentaa
Mountain View CA     			    (415) 390-2250
================================================================
#include <std_disclaimer.h>









From whitaker at dpair.csd.sgi.com  Wed Jun  1 13:26:49 1994
From: whitaker at dpair.csd.sgi.com (Russell Whitaker)
Date: Wed, 1 Jun 94 13:26:49 PDT
Subject: Applied Crypto errata location?
In-Reply-To: <m0q8vqK-000COJc@vanbc.wimsey.com>
Message-ID: <9406011229.ZM3892@dpair.csd.sgi.com>


On Jun 1, 12:24pm, Russell Whitaker wrote:
> Subject: Re: Applied Crypto errata location?
> On Jun 1, 12:20pm, Mark C. Henderson wrote:
> >
> > get the following file by anon ftp
> > ftp.wimsey.bc.ca:/pub/crypto/Doc/applied_cryptography/errata_1.5.8.gz
> >
> > As far as I know, this is the latest list.
> >
>
> Thanks Mark, and thanks Lefty, and whomever else is responding now.
>

I have it now (version 1.5.8 of 14 April), and am printing it.  At 26Kb of
ASCII, it's not inconsiderable.

Thanks
Russell


--
Russell Earl Whitaker			    whitaker at csd.sgi.com
Silicon Graphics Inc.
Technical Assistance Center / Centre D'Assistance Technique /
  Tekunikaru Ashisutansu Sentaa
Mountain View CA     			    (415) 390-2250
================================================================
#include <std_disclaimer.h>









From mpj at netcom.com  Wed Jun  1 13:42:13 1994
From: mpj at netcom.com (Michael Paul Johnson)
Date: Wed, 1 Jun 94 13:42:13 PDT
Subject: Where to get PGP
Message-ID: <199406012041.NAA24376@netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----


WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP)
(Last modified: 26 May 1994 by Mike Johnson)


WHAT IS THE LATEST VERSION?

Platforms  | Released   | Version  | Notes & restrictions
           | by and for |          | Other restrictions may apply.
- -----------------------------------------------------------------------------
Dos & Unix | MIT        | 2.6      | Uses RSAREF.  Not for use in any
           | for use in |          | application that you get paid for.
           | North      |          | FREE.  Complete source code available.
           | America    |          | Patents licensed for personal use only.
           |            |          | Not for export from the USA or Canada.
           |            |          | RSA key limited to 1024 bits (probably
           |            |          | strong enough for most things, but not
           |            |          | as strong as the IDEA session key).
           |            |          | Not fully compatible with PGP 2.3a or
           |            |          | Viacrypt PGP 2.4.
- -----------------------------------------------------------------------------
Dos & Unix | mathew@    | 2.6ui    | Uses RSAREF.  Not for use in any
           | mantis.co  |          | application that you get paid for.
           | .uk for use|          | FREE.  Complete source code available.
           | outside    |          | IDEA licensed for personal use only.
           | the USA    |          | Use extremely limited by patents in USA.
           |            |          | Compatible with PGP 2.3a, 2.4 and MIT
           |            |          | PGP 2.6.
           |            |          | Contact mathew at mantis.co.uk if you have
           |            |          | contributions or suggestions for the
           |            |          | coming version 2.7ui, which will feature
           |            |          | a longer RSA key length limit.
- -----------------------------------------------------------------------------
DOS & Unix | Viacrypt   | 2.4      | 100% Legal for both personal and 
           | for use in |          | commercial use.  Not for export from
           | North      |          | the USA and Canada.  It is commercial
           | America    |          | copyrighted software, prices below.
           |            |          | Source code not available.
           |            |          | Viacrypt will soon release version 2.7
           |            |          | that will be compatible with MIT's 2.6
- -----------------------------------------------------------------------------
Amiga      |            | 2.3a2    | Use extremely limited by patents in USA.
- -----------------------------------------------------------------------------
Macintosh  |            | 2.3aV1.1 | Use extremely limited by patents in USA.
           |            | or       | 
           |            | 2.3aV1.2 | 
- -----------------------------------------------------------------------------
All others | Branko     | 2.3a     | Use extremely limited by patents in USA.
           | Lankaster  |          | Not fully compatible with version 2.6
           |            |          | or greater.
- -----------------------------------------------------------------------------
Note:  there are other version numbers floating around on the net from code
that has been altered by individuals for their own use.  The versions listed
above are the ones I trust.


WHERE CAN I GET VIACRYPT PGP?

If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in
Phoenix, Arizona, USA.  The commecial version of PGP is fully licensed to use
the patented RSA and IDEA encryption algorithms in commercial applications,
and may be used in corporate environments in the USA and Canada.  It is fully
compatible with, functionally the same as, and just as strong as the freeware
version of PGP. Due to limitations on ViaCrypt's RSA distribution license,
ViaCrypt only distributes executable code and documentation for it, but they
are working on making PGP available for a variety of platforms.  Call or
write to them for the latest information.  The latest version number for
their version of PGP is 2.4.  Prices shown include release of version 2.7
if you buy your copy after May 27, 1994 (otherwise the upgrade will be about
US$10).

Viacrypt's licensing and price information is as follows:

ViaCrypt PGP for MS-DOS             1 user        $  99.98
ViaCrypt PGP for MS-DOS             5 users       $ 299.98
ViaCrypt PGP for MS-DOS       20 users or more, call ViaCrypt


ViaCrypt PGP for UNIX               1 user        $ 149.98
ViaCrypt PGP for UNIX               5 users       $ 449.98
ViaCrypt PGP for UNIX         20 users or more, call ViaCrypt

ViaCrypt PGP for WinCIM/CSNav       1 user        $ 119.98
ViaCrypt PGP for WinCIM/CSNav       5 user        $ 359.98
ViaCrypt PGP for WinCIM/CSNav 20 users or more, call ViaCrypt


If you wish to place an order please call 800-536-2664 during the
hours of 8:30am to 5:00pm MST, Monday - Friday.  They accept VISA,
MasterCard, AMEX and Discover credit cards.

If you have further questions, please feel free to contact:

Paul E. Uhlhorn
Director of Marketing, ViaCrypt Products
Mail:          2104 W. Peoria Ave
               Phoenix AZ 85029
Phone:         (602) 944-0773
Fax:           (602) 943-2601
Internet:      viacrypt at acm.org
Compuserve:    70304.41


WHERE CAN I GET THE PGP FROM MIT THAT USES RSAREF?

MIT-PGP is for U. S. and Canadian use only, but MIT is only distributing it
within the USA (due to some archaic export control laws). 

1.  Read ftp://net-dist.mit.edu/pub/PGP/mitlicen.txt and agree to it.
2.  Read ftp://net-dist.mit.edu/pub/PGP/rsalicen.txt and agree to it.
3.  Telnet to net-dist.mit.edu and log in as getpgp.
4.  Answer the questions and write down the directory name listed.
5.  QUICKLY end the telnet session with ^C and ftp to the indicated directory
    on net-dist.mit.edu (something like /pub/PGP/dist/U.S.-only-????) and get
    the distribution files (pgp26.zip, pgp26doc.zip, and pgp26src.tar.gz).
    If the hidden directory name is invalid, start over at step 3, above.

You can also get PGP 2.6 from:

ftp.csn.net/mpj
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26.zip
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26src.tar
    See ftp://ftp.csn.net/mpj/README.MPJ for the ???????
    See ftp://ftp.csn.net/mpj/help for more help on negotiating this site's
    export control methods.

ftp.netcom.com/pub/mpj
    ftp://ftp.netcom.com/mpj//I_will_not_export/crypto_???????/pgp/pgp26.zip
    ftp://ftp.netcom.com/mpj//I_will_not_export/crypto_???????/pgp/pgp26src.tar
    See ftp://ftp.netcom.com/pub/mpj/README.MPJ for the ???????
    See ftp://ftp.netcom.com/pub/mpj/help for more help on negotiating this 
    site's export control methods.
    TO GET THESE FILES BY EMAIL, send mail to ftp-request at netcom.com
    containing the word HELP in the body of the message for instructions.  
    You will have to work quickly to get README.MPJ then the files before 
    the ??????? part of the path name changes again (several times a day).

ftp.eff.org
    Follow the instructions found in README.Dist that you get from one of:
    ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/README.Dist
    gopher.eff.org, 1/Net_info/Tools/Crypto
    gopher://gopher.eff.org/11/Net_info/Tools/Crypto
    http://www.eff.org/pub/Net_info/Tools/Crypto/

Colorado Catacombs BBS
    Mike Johnson, sysop
    Mac and DOS versions of PGP, PGP shells, and some other crypto stuff.
    Also the home of some good Bible search files and some shareware written
    by Mike Johnson, including DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP, MDIR,
    DELETE, PROVERB, SPLIT, ONEPAD, etc.
    v.FAST/v.32bis/v.42bis, speeds up to 28,800 bps
    8 data bits, 1 stop, no parity, as fast as your modem will go.
    Use ANSI terminal emulation, of if you can't, try VT-100.
    Free access to PGP.  If busy or no answer, try again later.
    Log in with your own name, or if someone else already used that, try
    a variation on your name or pseudonym.  You can request access to 
    crypto software on line, and if you qualify legally under the ITAR,
    you can download on the first call.
    Download file names:  pgp26.zip (DOS version with documentation)
                          pgp26src.tar (Unix version and source code)
                          pgp26doc.zip (Documentation only -- exportable)
    (303) 772-1062  Longmont, Colorado number - 2 lines.
    (303) 938-9654  Boulder, Colorado number forwarded to Longmont number
                    intended for use by people in the Denver, Colorado area.
    Verified: This morning.

Other BBS and ftp sites will no doubt pick it up rapidly after the beta test
is completed.


WHERE TO GET THE FREEWARE PGP FOR USE OUTSIDE OF THE USA

The freeware version of PGP is intended for noncommercial, experimental, and
scholarly use.  It is available on thousands of BBSes, commercial information
services, and Internet anonymous-ftp archive sites on the planet called
Earth.  This list cannot be comprehensive, but it should give you plenty of
pointers to places to find PGP.  Although the latest freeware version of PGP
was released from outside the USA (England), it is not supposed to be
exported from the USA under a strange law called the International Traffic in
Arms Regulations (ITAR).  Because of this, please get PGP from a site outside
the USA if you are outside of the USA and Canada.

This data is subject to change without notice.  If you find that PGP has been
removed from any of these sites, please let me know so that I can update this
list.  Likewise, if you find PGP on a good site elsewhere (especially on any
BBS that allows first time callers to access PGP for free), please let me
know so that I can update this list.

Source code (gzipped tar format):
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26ui-src.tar.gz
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26ui-src.tar.gz.sig

Source code (zip format):
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uis.sig
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uis.zip

Executable for DOS (zip format):
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uix.sig
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uix.zip

Other sites (may or may not have the latest versions):

    ftp.informatik.uni-hamburg.de
      /pub/virus/crypto
    ftp.ee.und.ac.za
      /pub/crypto/pgp
    soda.berkeley.edu
      /pub/cypherpunks/pgp (DOS, MAC)
      Verified: 21-Dec-93
    ftp.demon.co.uk
      /pub/amiga/pgp
      /pub/archimedes
      /pub/pgp
      /pub/mac/MacPGP
    ftp.informatik.tu-muenchen.de
    ftp.funet.fi
    ftp.dsi.unimi.it
      /pub/security
    ftp.tu-clausthal.de (139.174.2.10)
    wuarchive.wustl.edu
      /pub/aminet/util/crypt
    src.doc.ic.ac.uk (Amiga)
      /aminet
      /amiga-boing
    ftp.informatik.tu-muenchen.de
      /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2)
    black.ox.ac.uk  (129.67.1.165)
        /src/security/pgp23A.zip     (MS-DOS executables & docs)
        /src/security/pgp23srcA.zip  (Unix, MS-DOS, VMS, Amiga sources,
                                      docs, info on building PGP into
                                      mailers, editors, etc.)
        /src/security/pgp23A.tar.Z   (Same as PGP22SRC.ZIP, in Unix tar
                                      format)
        /src/security/macpgp2.3.cpt.hqx     (Macintosh version)

    iswuarchive.wustl.edu
      pub/aminet/util/crypt (Amiga)

    ftp.csn.net
      /mpj/public/pgp/ contains PGP shells, faq documentation, language kits.

    ftp.netcom.com
      /pub/dcosenza -- PGP 2.3a and an unofficial version that allows longer
                       RSA keys.
      /pub/gbe/pgpfaq.asc -- frequently asked questions answered.
      /pub/qwerty -- How to MacPGP Guide, largest steganography ftp site as
                     well.  PGP FAQ, crypto FAQ, US Crypto Policy FAQ,
                     Steganograpy software list. MacUtilites for use with 
                     MacPGP.  Stealth1.1 + other steganography programs.
                     Send mail to qwerty at netcom.com with the subject
                     "Bomb me!" to get the PGP FAQ and MacPGP guide if you
                     don't have ftp access.

    nic.funet.fi  (128.214.6.100)
        /pub/crypt/pgp23A.zip
        /pub/crypt/pgp23srcA.zip
        /pub/crypt/pgp23A.tar.Z

    van-bc.wimsey.bc.ca  (192.48.234.1)
        /m/ftp2/crypto/RSA/PGP/2.3a/pgp23A.zip
        /m/ftp2/crypto/RSA/PGP/2.3a/pgp23srcA.zip

    ftp.uni-kl.de (131.246.9.95)
    qiclab.scn.rain.com (147.28.0.97)
    pc.usl.edu (130.70.40.3)
    leif.thep.lu.se (130.235.92.55)
    goya.dit.upm.es (138.4.2.2)
    tupac-amaru.informatik.rwth-aachen.de (137.226.112.31)
    ftp.etsu.edu (192.43.199.20)
    princeton.edu (128.112.228.1)
    pencil.cs.missouri.edu (128.206.100.207)

StealthPGP:

    The Amiga version can be FTP'ed from the Aminet in 
    /pub/aminet/util/crypt/ as StealthPGP1_0.lha.

Also, try an archie search for PGP using the command:

    archie -s pgp23  (DOS Versions)
    archie -s pgp2.3 (MAC Versions)

ftpmail:

For those individuals who do not have access to FTP, but do have access
to e-mail, you can get FTP files mailed to you.  For information on
this service, send a message saying "Help" to ftpmail at decwrl.dec.com.
You will be sent an instruction sheet on how to use the ftpmail
service.

Another e-mail service is from nic.funet.fi. Send the following mail message
to mailserv at nic.funet.fi:

    ENCODER uuencode
    SEND pub/crypt/pgp23srcA.zip
    SEND pub/crypt/pgp23A.zip

This will deposit the two zipfiles, as 15 batched messages, in your mailbox
with about 24 hours.  Save and uudecode.

For the ftp sites on netcom, send mail to ftp-request at netcom.com containing
the word HELP in the body of the message.


World Wide Web URLs:

(Thanks to mathew at mantis.co.uk)

  UNIX PGP 2.3a
  
   Compiles best with GCC 2.4.x or higher. A straight port from DOS, so
   hardened UNIX users find it a bit chatty.
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23A.tar.Z
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp23A.tar.Z
     * _NL:_ ftp://svin02.info.win.tue.nl/pub/misc/pgp23A.tar.gz
     * _SE:_ ftp://ftp.sunet.se/pub/security/tools/crypt/pgp23A.tar.gz
     * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/pgp23A.tar.Z
     * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/pgp23A.tar.Z
     * _FI:_ ftp://ftp.funet.fi/pub/crypt/pgp23A.tar.Z
     * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp23A.tar.Z
     * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/pgp23A.tar.gz
       
   
     _________________________________________________________________
   
  MS-DOS PGP 2.3
  
    Program
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23A.zip
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp23A.zip
     * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/pgp23A.zip
     * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/pgp23A.zip
     * _FI:_ ftp://ftp.funet.fi/pub/crypt/pgp23A.zip
     * _IT:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp23A.zip
     * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/pgp23A.zip
       
    Source code
    
   Designed to compile with Turbo C; compiles fine with Microsoft Visual
   C++ also.
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23srcA.zip
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp23srcA.zip
     * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/pgp23srcA.zip
     * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/pgp23srcA.zip
     * _FI:_ ftp://ftp.funet.fi/pub/crypt/pgp23srcA.zip
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp23srcA.zip
     * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/pgp23srcA.zip
       
   
     _________________________________________________________________
   
  MACPGP 2.3
  
   A slightly souped-up port of PGP to the Mac. Has help menus and other
   goodies, but is still not a real Mac application. However, it works.
   
   Note that the version 2.3 release of MacPGP contains the major bug-fix
   which was later added to UNIX/DOS PGP 2.3. There was therefore no need
   for a MacPGP 2.3A release; version 2.3 already had the bug fix by the
   time it was released. There is no MacPGP 2.3A.
   
    Program
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.3.cpt.hqx
     * _UK:_ ftp://black.ox.ac.uk/src/security/macpgp2.3.cpt.hqx
     * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/macpgp2.3.cpt.hqx
     * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/macpgp2.3.cpt.hqx
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3.cpt.hqx
     * _US:_
       ftp://soda.berkeley.edu/pub/cypherpunks/pgp/macpgp2.3.cpt.hqx.gz
       
    Source code
    
   Requires Think C.
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.2src.sea.hqx --
       version 2.2 only
     * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/macpgp2.3src.sea.hqx.pgp
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3src.sea.h
       qx.pgp
       
    Documentation
    
   PGP is rather counter-intuitive to a Mac user. Luckily, there's a
   guide to using MacPGP in
   ftp://ftp.netcom.com/pub/qwerty/Here.is.How.to.MacPGP.
     _________________________________________________________________
   
  OS/2 PGP
  
   You can, of course, run the DOS version of PGP under OS/2.
   
    Program
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp22os2.zip -- version 2.2
       only, native binaries
     * _DE:_
       ftp://ftp.informatik.tu-muenchen.de/pub/comp/os/os2/crypt/pgp23os2
       A.zip
       
    Source code
     * _DE:_
       ftp://ftp.informatik.tu-muenchen.de/pub/comp/os/os2/crypt/pgp23src
       A.zip
       
   
     _________________________________________________________________
   
  AMIGA PGP
     * _UK:_ ftp://ftp.demon.co.uk/pub/amiga/pgp/pgp21ami.lha -- version
       2.1 only
     * _DE:_
       ftp://faui43.informatik.uni-erlangen.de/mounts/rzsuna/pub/aminet/u
       til/crypt/pgp21ami.lha -- version 2.1 only
     * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a_2.lha
     * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a_2.lha
       
    Source
     * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a2_src.lha
     * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a2_src.lha
       
   
     _________________________________________________________________
   
  ARCHIMEDES PGP
     * _UK:_ ftp://ftp.demon.co.uk/pub/archimedes/ArcPGP23a
       
   
     _________________________________________________________________
   
  DOCUMENTATION ONLY
  
     * _US:_ ftp://net-dist.mit.edu/pub/PGP/pgp26doc.zip
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26doc.zip
     * _US:_ ftp://ftp.netcom.com/pub/mpj/public/pgp/pgp26doc.zip
     * _US:_ ftp://ftp.ftp.csn.net/mpj/public/pgp/pgp26doc.zip
     * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/pgp23docA.zip
       
   
     _________________________________________________________________
   
  FOREIGN LANGUAGE MODULES
  
   These are suitable for most PGP versions.
   
    Italian
     * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/pgp-lang.italian.tar.gz
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.italian.t
       ar.gz
       
    Spanish
     * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/pgp-lang.spanish.tar.gz
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.tar.gz
       
    German
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_german.txt
       
    Swedish
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_swedish.txt
       
   
     _________________________________________________________________
   
  OTHER SITES
  
   Some cryptographic software is available from
   ftp://van-bc.wimsey.bc.ca/pub/crypto/software/. 
   Read the README file and proceed from there.
 

BBS sites:

    Colorado Catacombs BBS
    (See also the entry above for PGP 2.6)
    (303) 772-1062 Longmont, Colorado (2 lines)
    (303) 938-9654 Boulder, Colorado (free call from Denver CO, but 1 line)
    Verified: This morning.

    Hieroglyphics Voodoo Machine (Colorado)
    DOS, OS2, and Mac versions.
    (303) 443-2457
    Verified: 5-2-94
    For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO"
    with the password "NEW" (good for 30 minutes access to free files).

    Exec-Net (New York)
    Host BBS for the ILink net.
    (914) 667-4567

    The Ferret BBS (North Little Rock, Arkansas)
    (501) 791-0124   also   (501) 791-0125
    Special PGP users account:
    login name: PGP USER
    password:   PGP
    This information from: Jim Wenzel <jim.wenzel at grapevine.lrk.ar.us>

PGP 2.3A has been posted to the FidoNet Software Distribution Network and
should on most if not all Canadian and U.S. nodes carrying SDN software.  It
has also been posted on almost all of the major private North American BBS
systems, thence to countless smaller boards.  Consult a list of your local
BBSes; most with a sizeable file inventory should carry the program.

If you find a version of the PGP package on a BBS or FTP site and it does not
include the PGP User's Guide, something is wrong.  The manual should always
be included in the package.  If it isn't, the package is suspect and should
not be used or distributed.  The site you found it on should remove it so
that it does no further harm to others.


ARCHIE WHO?

There are many more sites.  You can use archie and/or other "net-surfing"
tools to find a more up-to-date listing, if desired.


- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.4

mQCNAi0aFSUAAAEEAOCOKpaLepvJCFgIR4m+UvZe0IN8g7Guwc+6GH4u6UGTPxQO
iAhk/MJ7E8LE4c55A1G8to2W4y3aKAHvi9QCYKnsLV8Ag0BYWo3bGGTPEfkS7NAI
N+Zy6vSjuF1D6MUnbvrQJ5p4efz7a28iYRKoAdan2bfnvIYWUD9nBjyFM+vFAAUR
tDdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajQgW2V4cCAz
MSBEZWMgOTRdiQCVAgUQLTqfXj9nBjyFM+vFAQGU7wP/ZuuHfdAnCIblNCtbLLG8
39CSg6JIVa3KWfe0WIz6dXFU3cvl2Wt094kJgZ+Nmq01INWlib2lTOznbkA9sV1W
q0aJSBHFWQH29qGmIdEqThs7A5ES2w8eRjJD80lxHodRIkBcC5KI6x4Mxo8cib5V
BrwsvtG0+81HD6Mrpvc+a0GJAJUCBRAtJc2rZXmEuMepZt0BAe4hA/9YANYPY4Z3
1pXv2mT6ReC09cZS5U3+xxC5brQdLsQGKuH6QVs/b5oc6NV84sh8A9tZyHG2067o
3XIEyN7PPQzRm2UUnHHqw9lBCNhMiFQsAJi4W+m8zXrVrpJWK0Wv61eV2/XIQl0V
d4lxu0r+MNRP6ID6FBzA4C9rO+RYEZmwOIkAlQIFEC0aGRzb/VZRBVJGuQEBfaUD
/3c2h//kg843OIcYHG4gMDqdeeZLzGlp3RVvh0Rs3/T0YylJZGjPL2L/BF/vfLlB
9E2Urh9mDG/7hiB5FncrUnkmN63IkSj+K9YyfPyYxBVx06Srj8ZzYynh0N+zledd
6cnwxRXhaD3Wc4EfSNR7BH9M2rjkGzyb5to9cgBb0ng+
=BLg5
- -----END PGP PUBLIC KEY BLOCK-----

I didn't have to generate a new key to use version 2.6, but I think keys
should be changed periodically anyway to limit damages just in case a key
got compromised and I didn't know about it.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAi3s6gIAAAEEALCnDYox7v0T3EDm7LlL6w/tlU6wm51QEZd/anrRHLkRaYi2
NtoNa7AcEGlArVlV0wSWvKU/IoLQOTU3mvl4SD3wVRI1aZ3NMFSkm+VntQeDBULO
mKqupduhXivNwwST8wzBvKvmtryGWaHClSoFLDNxpyr/tyw6JaAvIUiYSSpBAAUR
tCdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajeJAJUCBRAt
7O1fP2cGPIUz68UBAYKZBAC19BqRfVQpasOPKn32d31Ez9dQZKzw8svLUhPRVX5t
nWtYPbH+PyBt/b8A1keQtcY5Y6fYOtZgU5qUhDaHavwQAdp3xzOckm7H3W2L5goI
P7vf39wDtpw07x6+lknnwcQcfYYuuoiY1R8rSIE3gOLVtySDCu2KihcPRMp77FF5
+IkAlQIFEC3s7SSgLyFImEkqQQEBqkED/iBV2jbAdFIcEFSZhWHf3aZCJsQBKmv+
V0yuXWrw0gq5v35ZJbLeB7h/W3EqfKvLdGzLgpM0fi6EOgel2ilTOmkdICmCLERc
t/xXkSwIsYtlOjkjSkGeASSphdwDRJw+j+1e/PBeZz7XwAfKZcKwqlbFSAmc2DAk
9wPp29+MqvqltCtEb24ndCB1c2UgZm9yIGVuY3J5cHRpb24gYWZ0ZXIgMSBKdW5l
IDE5OTYutC1NaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqb2huc29Abnl4LmNzLmR1
LmVkdT60K01pY2hhZWwgUGF1bCBKb2huc29uIDxtLnAuam9obnNvbkBpZWVlLm9y
Zz60ME1pY2hhZWwgUGF1bCBKb2huc29uIDw3MTMzMS4yMzMyQGNvbXB1c2VydmUu
Y29tPrQdTWlrZSBKb2huc29uIDxtcGpAbmV0Y29tLmNvbT4=
=Lf60
- -----END PGP PUBLIC KEY BLOCK-----
                  ___________________________________________________________
 |\  /| |        |                                                           |
 | \/ |o|        | Michael Paul Johnson  Colorado Catacombs BBS 303-772-1062 |
 |    | | /  _   | mpj at csn.org aka mpj at netcom.com m.p.johnson at ieee.org       |
 |    |||/  /_\  | ftp://ftp.csn.net/mpj/README.MPJ        --... ...--  -.. .|
 |    |||\  (    | ftp://ftp.netcom.com/pub/mpj/README.MPJ  -. --- ----- ....|
 |    ||| \ \_/  |___________________________________________________________|

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQCVAgUBLezw3D9nBjyFM+vFAQH8MwP8Cer37LcsE4mkDIWBJ9kpHgwdera3hjqA
7J4R5nLV3kwk5g9atn2QihuEKGADDLpQZlchEBxBb9hjDxKFYx5GadKx1AFG0LGn
DhCVTsNbdfsRw2P3gJYQU3NApKgTVbdNWsmesqCF6r43GmKjHgs1ZM7O7vQlcsVb
7DlVSZoTJJw=
=Kkj9
-----END PGP SIGNATURE-----




From cyber1 at io.org  Wed Jun  1 14:05:48 1994
From: cyber1 at io.org (Cyber City)
Date: Wed, 1 Jun 94 14:05:48 PDT
Subject: Unicorn vs. tmp@netcom
Message-ID: <Pine.3.89.9406011727.A13655-0100000@r-node.io.org>


Now that we've had our debate, I withdraw any objections I've made to
the proposed lawsuit.  I just don't like to see the courts used as a
first resort in cases of conflict.  It also seems to me that personation
and forgery are more serious offences than libel and plagiarism.

On the subject of legal actions by pseudonymous entities, while I am
regrettably ignorant of U.S. copyright laws, readers here might find it
interesting that the new Canadian Copyright Act guarantees the right of
an author to write under a pseudonym. For example:

        Section 14.1. Moral Rights

        (1) The author of a work has, subject to section 28.2, the right
            to the integrity of the work and, in connection with an act
            mentioned in section 3, the right, where reasonable in the
            circumstances, to be associated with the work as its author
            by name or under a pseudonym and the right to remain
            anonymous.                           ^^^^^^^^^^^^^^^
            ^^^^^^^^^
        (2) No assignment of moral rights.-- Moral rights may not be
            assigned, but may be waived in whole or in part.

Section 3, referred to above, gives the author the sole right to
produce, reproduce, perform, publish, convert, and - in the case of
art - to communicate by telecommunication.

        Section 28.2. Nature of Right of Integrity

        (1) The author's right to the integrity of a work is infringed
            only if the work is, to the prejudice of the honour or
            reputation of the author,
            (a) distorted, mutilated, or otherwise modified; or
            (b) used in association with a product, service, cause or
                institution.

Under the Berne Convention and the Universal Copyright Convention, these
rights are enforceable in other countries only if those countries
guarantee the same rights to their own citizens.

Speculation: With the incursion of lawyers and lawsuits into the
network, Internet Service Providers (ISP's) will need to purchase
liability insurance. The insurance premiums will vary inversely with the
freedom of clients under acceptable usage agreements.  Thus ISP's will
have a sound business reason to reduce customer priviledges :-(






From eb at sr.hp.com  Wed Jun  1 15:05:09 1994
From: eb at sr.hp.com (Eric Blossom)
Date: Wed, 1 Jun 94 15:05:09 PDT
Subject: [garay@watson.ibm.com: Tunnel protocol revisited]
Message-ID: <9406012204.AA23908@srlr14.sr.hp.com>


Apologies to those who have already seen this.
Eric Blossom
----------------------------------------------------------------
Return-Path: <ipsec-request at ans.net>
Date: Wed, 1 Jun 94 17:20:36 EDT
From: "Juan A. Garay" <garay at watson.ibm.com>
To: ipsec at ans.net
Cc: amir at watson.ibm.com, hugo at watson.ibm.com
Subject: Tunnel protocol revisited

Jim,

We (Amir Herzberg, Hugo Krawczyk and I) took a look at your key
negotiation protocol for encrypting tunnels.
We applaud your bringing up the issue; we fully agree that this constitutes
an essential component of any secure architecture for Internet.
In this note we present a secure tunnel establishment protocol that is
related to, but different than yours. The remainder of the note is
organized as follows. We first sketch the requirements/goals for/of
a key establishment protocol. This is combined with comments and observations
about your proposal. We then present the protocol in two stages: a high
level design, followed by an implementation-oriented description. We
conclude with a review and more detailed comparison.

(WARNING: this is a long note.)

GOALS OF A KEY EXCHANGE PROTOCOL

1. Provide a shared session key. Your protocol achieves this from public
        keys. However, it should be possible in general to obtain a session
        key from a "master" shared key. The master key itself could be
        obtained from the public key, but not exclusively. Besides being
        more efficient, this approach would accommodate a variety of solutions,
        like key distribution centers, manual key installation, key cacheing,
        etc. In particular, the life span of a master shared key can cover
        several sessions; in each of these sessions a new (session) key is
        derived from the master key using conventional functions which are
        significantly more efficient than public-key operations.
        We maintain this distinction between master and session key throughout
        the rest of this note.

        An integral part of a key exchange and session establishment
        protocol is the mutual authentication of the parties.  This provides
        to each party assurance on the authentic identity of the other.
        Also, included in these protocols is the negotiation of tunnel
        parameters.

2. Efficiency. It is important to minimize both the number of flows and the
        the number of exponentiations (with large exponents).
        While the number of exponentiations required by your proposal is 8,
        our scheme  support different variants that require from 2 to 4
        exponentiations only (and no exponentiation at all if the parties
        already share a master key).
        Our scheme does not use Diffie-Helman, although it can be
        accommodated in the protocol. The reason is that D-H is expensive
        (4 exponentiations), but, as you mention, takes care of the
        "rubber hose" attack. This effectively poses a tradeoff
        in terms of the number of exponentiations that are required
        to achieve a certain level of security (see item (3) below).
        Key cacheing is also an important efficiency consideration.
        In your protocol, public keys are used in each session to derive the
        session keys. In our approach, public keys are used to obtain master
        shared keys, which in turn are used to obtain the session keys.

3. Level of Security. Our protocol is immune to the exposure of one of the
        private keys (indeed, an adversary needs to discover the private keys of
        both sender and receiver to derive the tunnel's key). We feel that this
        should be sufficient for the vast majority of applications.
        Your protocol, on the other hand, is secure even if both keys are
        exposed, at the expense of using Diffie-Helman.
        Simplicity and being amenable to analysis and proof are important
        features of any cryptographic protocol. Our protocol is structured,
        simple, and thus easier to analyze. (Indeed, methods similar to those of
        [1,2] can be used to establish the protocol's desired properties.)


Here's our proposal. We first present the high-level design, including
only the relevant information - the additional information (e.g., tunnel
parameters) which requires authentication is omitted here for simplicity.
We then specify the optimized implementation in more detail. Also for the
sake of clarity, in the high level description we present the two protocols
(i.e., master key exchange and session establishment) separately, and then
indicate how to combine them.

THE MASTER KEY EXCHANGE PROTOCOL

There are two parties, S and R. We assume that S and R posses an
authentic public key of each other, as well as share a nonce (a random
number).  The nonce serves as a challenge for guaranteeing the freshness of
the authentication (i.e., avoid replay attacks). Sharing a nonce is not
essential; it can be replaced by use of time stamps (at the expense of
requiring good clock synchronization) or by adding an extra flow to the
protocol (at the expense of performance).  The nonce also serves the purpose
of your Reply Identifier, namely, alleviating the effect of clogging.
In any case, we stress that our nonces require no secrecy, i.e., they can be
transmitted in the clear.

S (for sender) is the party that initiates the protocol.
We first include a brief explanation of the terminology:


        K_X: Random string chosen by party X.

        N_X: A nonce (i.e., a random number) chosen by X.

        E_X: RSA encryption with X's public key (this is your RSA1).
             We assume that the information is padded with a random string
             prior to encryption.

        SIGN_X: X's RSA signature (your RSA2).
        More specifically, by SIGN we mean first apply MD5 to the signed
        information, and then apply RSA (i.e., exponentiation with X's
        private key.) Since RSA operations require an argument as long as its
        modulus, and the MD5 output is shorter than this modulus, then
        the RSA operation will be performed on the concatenation of MD5 and
        some other fields in the packet to complete the modulus length
        (probably, with added randomness and redundancy). Details TBD.

        K: The shared master key, outcome of the protocol.

        MAC_K: A Message Authentication Code (or function) which is applied
        to a piece of information for authentication using a secret key K.
        Examples include block ciphers, e.g. DES, in MAC mode, or key-ed
        cryptographic hash functions, e.g. MD5 with prefixed/suffixed key.
        (MAC mode of block ciphers is like CBC encryption mode but only the
        last block is output.)


Here's the two-flow protocol. Initially, S and R share N_R:


  S                                             R

  S randomly chooses K_S, N_S

  Let E_1  = E_R(K_S)


      E_1, N_S, SIGN_S(E_1, TIME, N_S, N_R)

       ------------------------------------>

                                                 R randomly chooses K_R, N'_R

                                                 Let E_2 = E_S (K_R)

         E_2, N'_R, SIGN_R(E_2, N'_R, N_S)

       <-------------------------------------


  Both S and R compute the new master key as K = K_S XOR K_R.

  N'_R is the nonce to be used next time, i.e., S and R set N_R:=N'_R.

Observations:

1) The use of TIME in the S-->R flow is not strictly necessary. If the random
        nonce is not kept, then R may agree to use the time instead.
2) SIGN_R in the return flow is not really necessary either, it
        can be replaced by MAC_K(E_2, N_S, N'_R).
        The advantage of this is efficiency (i.e., less exponentiations),
        at the price of not being homogeneous in both flows.
        This replacement of SIGN by MAC doesn't hold for the first flow,
        where the signature is mandatory
        (i.e., anybody can choose K_S and compute E_R(K_S) and MAC_K_S(...)).
3) R first verifies the signature, and only if this succeeds it decrypts K_R
        (this reduces computational overhead, e.g., against
        clogging, since signature verification is much cheaper than decryption).
4) The protocol is in some sense minimal, since 2 flows are always
         needed, as well as secrecy and authentication each way (thus the 2
        exponentiations). This can be made even cheaper by letting
        only one party choose the key (in which case the compromise of the
        private key of this party would compromise the exchanged key).
5) The above protocol uses 4 exponentiations in total (2 by each party).
        Using variant 2) reduces the number to 3 (2 by S and 1 by R). By
        using also 4) the number of exponetiations can further be reduced to
        2 (1 per party).
        Our proposal is based on variant 2).

THE SESSION ESTABLISHMENT PROTOCOL

We now turn to the process of establishing a session between S and R.
This includes mutual authentication and the exchange of a session key (SK).
We assume that S and R already share a master key K, as well as the nonce N_R.
The protocol becomes:

  S                                              R

           N_S, MAC_K(TIME, N_S, N_R)

       ------------------------------------>

                                                  R randomly chooses N'_R


             N'_R, MAC_K(N'_R, N_S)

       <------------------------------------


Let T be the MAC expression in the return flow, i.e., T = MAC_K(N'_R, N_S).
Then, both S and R compute SK = F_K(T) and SK becomes the new session key.

Here F_K is a pseudorandom function with index K (K is the shared master
key). Roughly speaking, pseudorandom functions are characterized by the
pseudorandomness of their output, namely, each bit in the output of the
function is unpredictable if K is unknown.
Some of the functions used as MAC are also used as pseudorandom functions,
e.g., DES in MAC mode. Some key-ed hash functions, as MD5, are also conjectured
to be pseudorandom (although there exists less evidence for that than in the
case of DES; the same is true for the use of these functions as MAC).

Observations:

1. Notice that the session key SK is not explicitly transmitted. This avoids
        the need to encrypt this key as well as the need to authenticate it.
        The authenticity of SK is derived from the authenticity of the
        expression T.
2. The method can be readily extended to derive in turn several session keys
        (different keys may be needed, for example, for confidentiality and for
        integrity verification).
3. Notice that this protocol involves no public key at all.

THE COMBINED PROTOCOL

When exchanging a master key it is desirable to also have a mechanism to
derive a session key. This is obtained by combining the two protocols
presented above. This allows S and R to establish, starting with their
public keys, both a master key AND a session key in just two flows. The
first flow (from S to R) is the same as in the master key exchange protocol
described above.  For efficiency, the second flow uses observation 2)
of that protocol.


  S                                           R

      E_1, N_S, SIGN_S(E_1, TIME, N_S, N_R)

       ------------------------------------>



         E_2, N'_R, MAC_K(E_2, N'_R, N_S)

       <-------------------------------------

Let T' be the MAC expression in the return flow, i.e.,
T' = MAC_K(E_2, N'_R, N_S).  Then, both S and R compute SK = F_K(T') and
SK becomes the new session key.

Remark: the similarity between this protocol and the above session
        establishment protocol allows having the same packet format for the
        flows of both protocols.  This is presented in detail in the next
        section.


IMPLEMENTATION

We now describe the implementation aspects in more detail. (We are
borrowing the layout you used in your note.)
Most importantly, we stress that both the master key exchange protocol
and the session establishment protocol use the SAME packet format for the
different flows. Thus, we get added functionality without the penalty
of managing more packets.

For the sake of clarity we start with a description of the packet for the
case of master key exchange, and then comment on the use of the same packet
format for the session key establishment task.
Some of the details are still left undefined. Some of them are already treated in
your proposal; others will be added once/if the group shows interest in this
proposal.

The contents of the protocol's first flow (in the master key exchange
protocol) are as follows:

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     +
  |                   S's IP address                              |     |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
  |                   R's IP address                              |     |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
  |       Protocol Id; flow #; length of signature  (16 bits)     |     |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
  | Length of public key; Options (prot. mode, tunnel param., etc)|     |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  +  |
  |                   K_S                                         |  |  |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ E_1 |
  |                   Random pad                                  |  |  |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  +  |  *
  |                   Time                                        |    MD5 |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |  |
  |                   N_S                                         |     |  |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |SIGN_S
  |                   N_R                                         |     |  |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     +  |
  |                   HASH                                        |        |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+        +

Where:

"Tunnel parameters" includes all the administrative data, such as tunnel
lifetime, etc.


"Protocol Id"

"Protocol Mode" is basically a bit(s) indicating how should the contents
be interpreted.

The field K_S and the subsequent random pad do not appear in plain but
encrypted under RSA_R (this is E_1 in our notation).
The encryption can be extended, if desired, to hide additional fields
(e.g., the protocol parameters).

The HASH field contains the result of MD5 (or other one-way hash function,
if desired) computed on all previous fields (or in all fields that require
authentication).
NOTE: The position of N_S and N_R as the last arguments in the computation
of MD5 is intentional. The effectiveness of these nonces as freshness
guarantee is enhanced by fixing their offset relative to the beginning
or end of the authenticated arguments.

The signature (using the private key of S) is applied to information of
the length of the RSA modulus in use. This information MUST include the
result of the HASH in the last field and may include other
authentication fields as well as additional random padding and
redundancy. These details TBD.  We recommend, as Jim did, having the
nonce N_R included since this represents a good check against clogging.
(Notice that the variability on the signature scope is represented in
the above figure by the *).

The order of operations is as follows.

For S:

- Encrypt (i.e., E_1);
- perform MD5; and
- sign.

For R (upon receiving):

- Open signature;
- verify N_R;
- verify MD5; and
- decrypt.

Here's the master key exchange protocol's second flow:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     +
   |                   S's IP address                              |     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
   |                   R's IP address                              |     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
   |       Protocol Id; flow #; length of signature  (16 bits)     |     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
   | Length of public key; Options (prot. mode, tunnel param., etc)|     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  +  |
   |                   K_R                                         |  |  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ E_2 |
   |                   Random pad                                  |  |  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  +  |
   |                   Time                                        |   MAC_K
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
   |                   N'_R                                        |     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
   |                   N_S                                         |     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     +
   |                   MAC                                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


The field K_R and the subsequent random pad do not appear in plain but
encrypted under RSA_S (this is E_2 in our notation).  The encryption
can be extended, if desired, to hide additional fields.

The MAC field contains the result of MAC_K computed on all previous fields
(or in all fields that require authentication). As explained above for MD5
computation, also here the position of N'_R and N_S as the last fields in the
computation of MD5 is intentional.

The order of operations. For R:

- Encrypt (i.e., E_2); and
- compute MAC_K(...).

Upon receiving (S):

- Verify N_S;
- decrypt; and
- compute MAC_K(...) and compare with MAC field.

USE OF ABOVE PACKETS FOR THE SESSION ESTABLISHMENT PROTOCOL. Notice that
the second flow of both protocols (master key exchange and session
establishment) is identical except for the field E_2 in the first case.
Therefore, the packet for the second flow of the session establishment
protocol is identical to the one described above with the E_2 field omitted.
Since E_2 is a variable length field (depending on the modulus size) one
can use length 0 to accommodate the second flow of session establishment.
As for the first flow, in the case of session establishment no public key
operations are required. This means the following:
a) There is no need to use the field E_1 (this is similar to the omission of E_2,
discussed above); and
b) the HASH field in the above packet is used as the MAC field of the session
establishment protocol (128-160 bits will accommodate both cases).


SUMMARY

We have presented a protocol for the establishment of a secure tunnel.
The protocol supports the exchange of a shared (master) key for the
communicating parties as well as the establishment of secure sessions
between them. The sharing of a master key uses public key to a minimum,
and for session establishment (including session key exchange) no public
key is required.  Moreover,  our solution supports scenarios where shared
keys are obtained by different means, e.g., manual key installation
("sneaker-net"), key distribution centers, etc., and takes advantage of the
cacheing of these keys.
This added flexibility and functionality relative to Jim's proposal comes
without additional price in complexity (system- and computation-wise).
On the contrary, our solution accommodates the above scenarios with protocols
that require a) minimal interaction (i.e., two flows), b) a single and
compact packet format, and c) minimal computational overhead (only 3
long exponentiations).


REFERENCES

[1] R. Bird et al., "Systematic Design of Two-Party Authentication
        Protocols," Proc. Crypto '91, August 1991.
[2] Bellare, P. Rogaway, "Entity Authentication and Key Distribution",
        Advances in Cryptography '93, Springer-Verlag Lecture Notes on
        Computer Science #773






From rah at shipwright.com  Wed Jun  1 17:39:23 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 1 Jun 94 17:39:23 PDT
Subject: IMP (was Re: ecash-info (fwd))
Message-ID: <199406020038.UAA02040@zork.tiac.net>


Hal <hfinney at shell.portal.com> wrote,

>> 1.) Chaum's e-cash coupled with WWW/Mosaic is a de facto internet
>> mercantile protocol.
>
>You're jumping the gun here a little, aren't you?  There is no evidence
>yet that Chaum's current proposals are going to catch on.  The CommerceNet
>idea seemed to have more backing judging from the press releases.  And it
>did not appear to support anonymous transactions.

While I don't see how the two technologies are mutually exclusive, you may
have a point about anonymity. But WWW/Mosaic's acceptance of e-cash may
make it more attractive (don't know how just yet, but I bet it has to do
with liquidity), with or without anonymity.

>
>> 2.) It seems to me that that e-cash, contrary to the status quo's thinking,
>> is *critical* to internet commerce. An anonymous cash market is most
>> unrestricted and efficient market there is, because privacy/security (more
>> than trust, I think) is the capstone of any serious transaction mechanism.
>
>I don't follow this argument.  You are suggesting that an anonymous cash
>market would be more efficient than one based on checks and credit cards?
>It would have lower transaction costs, so things would be available for lower
>prices?  Why is this?  The hypothetical discussions we've had here on "if I
>ran an anonymous bank" often talked about service charges.
>
While only increasing the velocity of the air around here with my all my
hand-waving, I expect that the service charges would be justified with
increased liquidity of e-cash, I believe that the increased liquidity comes
from not having to balance a bunch of customer accounts at the end of the
day, either at the issuer of the cash, or the vendor who received the cash.
When a retailer goes to the bank with checks, each check is specifically
identified.  When the check bounces (a straw man in an electronic market),
it has to be collected.  When a customer reneges on a credit card
transaction, it has to be traced back to the retailer.  That doesn't happen
in e-cash.  I expect someone's said all this here before, and I beg the
cypher.gods indulgence...

>Your use of the term "capstone" is unclear in this context.  Are you suggesting
>that retaining privacy is more important for most people than trusting a
>seller in most transactions?  Most people would rather buy from FlyByNight
>Corp if they could stay anonymous than from Sears using their credit card?
>I don't think so.  For some people, the kind who won't use checks today and
>get by with cash and money orders, this might be true.  But I don't see
>it as being the rule.

I think that the credibility of the issuer is important to the security of
e-cash. That security is upheld with cryptography and Chaum's technology.
I think that privacy is a by-product of a very liquid and efficient funds
transfer system. All the byproducts of the reduced paperwork.  So, I think
I got the chicken and the egg mixed up. Point taken.

>It seemed to me that the IMP list discussions degenerated into flame wars
>between Detweiler and cypherpunks.  Those in the middle, which included
>most subscribers, were shocked and disgusted by Detweiler's crude flaming
>and this made everyone uncomfortable about bringing up the topic of anon-
>ymity and cash.  With Detweiler on the list it was impossible to have a
>serious discussion of the matter.

True.  But Tim(?) had a point back there when he talked about them having
to work around Chaum.  I also think that something important did happen on
imp-interest. Most of the pertinent discussion delt with the need to put
something up and test it out.  I didn't *see* anything in that vein until I
heard here about Tacky-Tokens and Magic Money.  But as Perry aptly pointed
out, Unless you denominate them in *real* money, you're just trading
baseball cards (or coke cans).  It ain't real until the financial system
plays. TT and MM are important, because they address the operational
issues.  They're where the rubber meets the road. They aren't the engine,
however. That's a true player in the financial system (a bank or bank-like
entity), and the people who have the technology: Digicash

>
>Chaum is trying to make money off his ideas.  In doing so, he is being
>guided by the invisible hand of the market to try to find those niches where
>his technologies can be most profitable.  Maybe going after the bankers is
>the wrong idea,

not at all

>but it is understandably tempting to prefer trying to get
>millions of dollars from a few people than a few dollars from millions of
>people.  It does sound, though, like he is trying to branch out now and
>spread his technology around.  Perhaps he will follow the lead of RSA and
>make a "ChaumREF" free implementation of his cash technology.  The Commerce-
>Net model had RSA supplying free client software while charging the vendors
>licensing fees, I believe.  Chaum may be planning a similar approach.

I hope he goes after the banks, central and otherwise, and lets the
mercantile protocol sort itself out in the market.  When I started reading
about you folks, I ran into an article in one of Stuart Brand's
publications (The Whole Earth Review?).  It talked about the "fax effect".
That is, one fax machine is worthless, but millions are very valuable.  I
think this is what the whole PGP idea was about.  In this case, if the
ability to spend and receive money was cheap (or free) the franchise to
print money would be very dear indeed.  I think Chaum understands this. I
hope he does, anyway.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From rah at shipwright.com  Wed Jun  1 17:42:03 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 1 Jun 94 17:42:03 PDT
Subject: IMP (was Re: ecash-info (fwd))
Message-ID: <199406020038.UAA02036@zork.tiac.net>


Tim, if you pat me on the head any more you're likely to get fleas...

The point of my post was to discuss the merits of a proposition. That is,
WWW/Mosaic is at least a prima facie (seems like a good idea), if not de
facto (they say it works) Internet Mercantile Protocol.  *If* that's the
case, then what would be proper the action to make it happen quicker.

*If* it is possible to send money through the internet *and* receive
something in return (probably nettable.stuff like software, information,
maybe bandwidth?), *then* you have an IMP.  I think Chaum's innocent until
proven guilty.  I used the words de facto in the existential, and not the
universal, sense. I could not possibly mean everyone's using it, in light
of the fact that he just announced the stuff!

>In the interests of brevity, I'll make my points without quoting
>Robert Hettinga's article.
>
>1. Like I said a couple of times, no flaming was intended. I was only
>urging what I ordinarily urge, that super-enthusiastic newcomers get

[charitable discussion of enthusiastic newcomers running about the house in
muddy boots, silly rah-rah (;-)) cheerleading behavior for people who don't
even read c'punks, and "if I were you, young man" instructions in proper
norms for a c'punk, etc.]

>It is also remotely possible that a Zimmermann-like person (or group)
>may develop a PGDC scheme. Maybe. But PGP took PRZ a lot of time, and
>that of the v 2.0 crew that helped (many of them on this List!), and
>hence it may not be too likely for a while.

This is where I think you're fighting the last (of several) wars.  I was
*not* trying to find out if anyone around here wanted to work for free.  I
was looking for a "snicker test" of the concept that WWW/Digicash might be
an IMP, so that folks like myself could do something to make it happen if
it is. Forthwith, I hereby promise *never* to ask someone on this list to
work for free. (I'll probably regret that ;-)).

>(Also, absent banks that
>will honor PGDC--though some efforts may change this--the challenge
>will be enormous. And straight encryption is vastly more
>understandable, conceptually and practically, than digital cash
>protocols.)

This is the first kernal of tenable argument in all the chaff of (face it,
Tim) condesention, and I agree with it.  I think getting banks - or other
people who convert money from one form to another - interested in digital
cash is something someone who doesn't code for a living could do. Points
like this were what I was looking for. Now that it can be done (as Chaum
has claimed to have demonstrated), then someone with more guts than brains
won't get laughed out of the office in the first round of due dilligence.

>
>7. The "voice encryption" is probably more important right now, and
>much "easier" to implement. It also can be done by independent groups...

[much sage advice about getting people to work for free on appropriate,
scalable projects, scarce c'punk resources, and herding cats]

>> I figure that somebody acted. Somebody wrote code. Is it shipping? I have a
>> product I'm dying to sell this way right now.
>
>It will likely be at least a few years, in my estimation, before
>enought peopole are using this so as to create a market. Meanwhile,
>sell your product the normal way...unless the privacy/anonymity issues
>are critical, why wait?

I'm not so sure here. If the market is for stuff like software and
information, and if the only proprietary market opportunity is at the
currency exchange level, then if a credible, (and legal) currency exchange
function is implemented on the internet, and we have a working Internet
Mercantile Protocol.  Lots of "ifs" in that line of reasoning, but they're
not hysterically unrealistic.

>>.... As it is, I feel like Garth and/or Wayne.  "I'm not worthy!,
>> I'm not worthy!" I really didn't want get into it with Tim May of all
>> people...
>>
>> How many lawns do I have to mow to pay for the window, mister? ;-).
>>
>
>Just read the articles. You don't have to be a number theory expert,
>debating birthday paradoxes with Eli Brandt, Hal Finney, Jay PP, Eric
>Hughes, and the other number theory savvy folks, but some overall . . .

[watch out for the fleas, Tim]

Happy Scratching,
Bob Hettinga

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From CCGARY at MIZZOU1.missouri.edu  Wed Jun  1 18:50:35 1994
From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers)
Date: Wed, 1 Jun 94 18:50:35 PDT
Subject: CEB 5 - The Hangover
Message-ID: <9406020150.AA07477@toad.com>



       Cypherpunks' Electronic Book (CEB) part 5 - the hangover.

   Tim May writes on & on & on about my failure to write the CEB.
Hey, just where did I pick up GUILT? I had a really great idea for
Cypherpunks that I also felt was a glaring omission of Cypherpunks'.
I wrote up the idea as best as I could & tried to interest some com-
petent C'punk to do it. I thought I did a really good job of writing
up the idea. Unfortunately, I lack the skills to write the particular
code to do the idea. Its sort of like bringing home a rabbit for supper
& everybody dumps on you cause it wasn't a moose. What kind of guilt do
you dump on people who actually do bad things?
   Admittedly, implementing the idea is magnitudes more work that get-
ting the idea. However, it was a great idea & why should I suppress it
because I personally couldn't implement it? No doubt, great ideas fall
from Tim May like rain from the skies & he considers them cheap if not
nuisances. However, in most of the world, they are in short supply & are
considered valuable.
   I have discovered that the idea of bunches of creative, skilled
programmers with lots of time on their hands is a myth. I guess they
all manage to figure out something worth while to write. Originally, I
had thought that there would be at least one of them around looking
for something worthy to do.
   Myself, I am busy trying to figure out what I'm doing wrong in using
Turbo Debugger to examine the transient part of a TSR, debugging a new
version of my shareware program, & then I will be busy converting my
shareware program to a version that I can donate to the Cypherpunks.
And I have my regular 40 hour a week job. I don't have loads of spare
time for CEB either.
   I believe that I have described a very worthwhile project for anyone
who wants to do it. I have a lot of hope that someone will do it later.
I don't think its going to be forgotten. I would like to thank the
people who supported the idea. CEB doesn't look like it is going to
happen soon but if Cypherpunks grows, I think it is inevitable that it
will happen.
   As for Tim May's FAQ project, I have some suggestions. I've noticed
that since Majordomo was implemented we seem to have much fewer requests
to Cypherpunks to unsubscribe. This may just be an artifact of Major-
domo's having unsubscribed all the subscribers & only the determined
resubscribed. Or maybe people are using Majordomo to unsubscribe & to
subscribe. Anyway, if Majordomo could be slightly reprogrammed to
advertise your FAQ anytime a user used the default salutation to
Majordomo such as a blank file or whatever, it would help.
   By using Majordomo you could actually have lots of people aware of
your FAQ & using it rather than just having your accomplishment laying
around gathering dust. I would also suggest that Majordomo be programmed
to post its basic capabilities to the list at least every week so that
everybody would have the basic knowledge to explore the Cypherpunk FAQs
& know the basics that they are expected to know.
   But, Tim, if you decide you want this done - do it yourself. You
just have no idea how you get dumped on when you suggest others do
it for you! :-)

                                         Yours Truly,
                                         Gary Jeffers
                                     PUSH EM BACK! PUSH EM BACK!
                                     WWWAAAYYY  BBBAAACCCKK!
                                     BBBEEEAAATTTT  STATE !





From rah at shipwright.com  Wed Jun  1 19:12:03 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 1 Jun 94 19:12:03 PDT
Subject: IMP (was Re: ecash-info (fwd))
Message-ID: <199406020211.WAA03002@zork.tiac.net>


hughes at ah.com (Eric Hughes) replies,

>   1.) Chaum's e-cash coupled with WWW/Mosaic is a de facto internet
>   mercantile protocol.
>
>Hardly.  The announcement just says it's available, not that anybody's
>using it.  Since the information came from a press release, we can
>assume that lack of mention of an important customer, like a bank,
>means that there are no such customers right now.  What that says to
>me is that DigiCash has looked for customers, and not found any.
>They've certainly had the time.

Chaum's chumming the hook.  I get it. But the claim has still been made
that the techonolgy works, right?

>
>Furthermore, it's not clear that this software can be both legally and
>usefully deployed in the USA.  The Foreign Bank Secrecy Act of 1974
>requires the microfilming of all checks of value over $100, with
>administrative provisions for extending the required recording
>keeping.  Other check-like transaction accounts have since been added.
>
>So can a bank avoid this?  First, they can limit transaction amounts
>to less than $100.  That violates my criterion of usefulness; it would
>have some utility, to be sure, but just as surely would be a severely
>crippled utility.  Second, they might be able to record the
>transaction as a "cash purchase".

I believe that that is the case, and thus whether or not it's considered a
check is immaterial.

>The problem here is that this
>accounting technique may be ruled non-compliant by the regulators,
>which would make the transaction _illegal_ (since there's not way to
>comply by recording both parties).  The regulators have been
>authorized to move activities across the boundary of legality by
>legislative action.  Now, one cost of deploying any such system would
>be the expected (negative) value of the risk taken in losing the whole
>development investment to an adverse regulatory decision, let alone
>possible actual penalties.

True. That is a risk of deploying the protocol from the financial entity's
standpoint.  Like most things in the banking system, a consensus (inside
the beltway and out) would have to be reached. But this is a political, not
a technical, challenge.

>
>Even beyond this, there's the IRS $10K cash reporting limit, and the
>attendant restrictions on structuring.  Detection of structuring
>becomes much more difficult, and banks are held responsible for at
>least some of the enforcement. Here's another set of risks, like
>above.

I'm hard pressed to see the difference between $10K of paper money and $10K
of e-cash.  That's the point of the technology. If you treat it the same
way, you can regulate it the same way.

>
>Just how big is the potential Internet market (in, say, two years),
>compared to other banking segments?  Precious small right now, really.
>Just plain profitability is also an issue.

If it is possible to sell, maintain and support software on the internet,
there will be an incentive for sellers to use it to reduce costs.  In my
own experience it is easier and much cheaper to identify customers who want
my somewhat specialized software on the internet than it is in a lot of
other places. It is possible to distribute my software to those people much
cheaper. It is cheaper to maintain that software through net.mail and ftp.
If I had an e-cash-register coupled with a transaction-ftp capability, I
could sell my software without knowing who bought it, and put the money in
the bank more efficiently than if I had to deal with checks, credit cards,
etc., I would jump at the chance. (If wishes were horses, beggars would
ride :-)... )

This forms demand for vendors to take e-cash. The demand from e-cash users
comes from the same advantage cash confers.  It's easier to use. Since
anyone (including a machine) can tell that it's e-cash, that it can't be
anything else, it's acceptable for all transactions.  A vendor doesn't have
to check the purchaser's bonafides. It doesn't matter. Privacy is a
by-product of this.

>   2.) It seems to me that that e-cash, contrary to the status quo's thinking,
>   is *critical* to internet commerce.
>
>No, it's not critical.  Some form of transaction mechanism is
>critical.  Privacy is not critical to the bulk of the economy, though.

I think you're right.  Personal privacy is a by-product of an iron-clad
interpersonal funds transfer system, like e-cash. The cladding comes from
encryption technology. A form of privacy, but I would be equivocating in
the way I used the word above if I used it that way. E-cash is critical
because of it's efficiency.  With it, I can sell software or
computer-related services from any net-connected machine to customers
Singapore, or Japan, or down the street without having to worry about who
they are, whether or not their checks clear, or without having to pay their
credit card company's customer accounting costs, or without having to
convert their e-cash from one form to another unless I wanted to.

>Face up to it.  If it were, it would be so obvious that we wouldn't be
>discussing it on a mailing list.  In fact, _we_ wouldn't be discussing
>it, but rather a whole bunch of bank vice presidents.

This is the "if we lived here, we'd be home now" argument. Goddard, Korolev
and Von Braun were making liquid-fueled rockets long before governments saw
the efficacy of missles as weapons of war, and "all" Von Braun wanted to do
was to go to the moon.  Admittedly, a war was required before people built
large rockets.  I expect that some powerful economic forces will have to
emerge in order to create demand for e-cash. I also that think that the
Internet is creating those forces. I also don't believe that strong crypto
is as engineering intensive as rocket science is (all my protestations
about its comprehensibility to the contrary....).

>Is anonymous cash really the most efficient?  No, not in all cases.
>When no one is looking, the anonymity is irrelevant, and
>identifier-based schemes work fine.  Is, for example, anonymity the
>most efficient for the Federal funds transfer network?  No, because
>the values of money are so large that default on a transaction would
>case serious systemic problems.
>
>Cash does have some advantages, in particular its immediate and final
>clearing.  These can reduce transaction costs in certain markets.
>Anonymity, however, is not a panacea.
>
Conceded. Anonymity is the result of the most efficient kind of personal
transaction. A cash transaction. I think the efficiency can be examined by
affirming the negative here.  Suppose that all cash transactions had to be
recorded and each party of the transaction had to be identified and
reported to some other third party (the government, say). Besides the
specter of big brother watching you, the economy would choke in
administrivia (I *like* that word, Eric).

>   3.) Since a big pile of the discussion on this group lately has been about
>   our collective concerns about an RSA-approved version of PGP, I think there
>   is a real parallel here in e-cash.
>
>PGP only requires the cooperation of your email correspondent in order
>to function.  The risk of a patent infringement suit is small, since
>the parties involved are small.  Digital cash requires the
>participation of many more parties, some of whom have, almost of
>necessity, deep pockets.
>
>The parallel does not extend very far.  Without the creation of an
>entirely black market which can remain completely unexposed (and this
>is more difficult that it appear even on second or third thought), it
>is unlikely that digital cash technology will be usefully deployed
>independently.

I don't think I was clear enough.  The parallels had to do with the
distribution of the technology. With PGP being everywhere, the value of PGP
grew.  If the people who control patents to the "wallets" and
"cash-register" technology would let that be available for all, then the
value of their patents on the means of producing the medium of exchange
(providing it can be readily converted into *real* money somewhere) goes up
enourmously.

I liked doing this. I hope all my yammering above holds water, and isn't a
waste of bandwidth.  These are precisely the kinds of arguments people in
the financial markets will use when they throw darts at participation in an
e-cash node. If the questions can be answered here, then whoever makes the
pitch will be that much ahead of the game.

Thanks,
Bob Hettinga


-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From qwerty at netcom.com  Wed Jun  1 22:17:23 1994
From: qwerty at netcom.com (-=Xenon=-)
Date: Wed, 1 Jun 94 22:17:23 PDT
Subject: News Flash: Clipper Bug?
Message-ID: <199406020517.WAA08969@netcom.netcom.com>


Is this for real? Or did some future Nobel prize winner discover that PGP
exists?

        WIRETAP FLAW
        NEW YORK (AP) -- A computer scientist reportedly has discovered a
basic flaw in coding technology that the Clinton administration has
been promoting as a standard for electronic communications. Matthew
Blaze, a researcher at AT&T Bell Laboratories, told the New York
Times that his research had shown that someone with sufficient
computer skills can beat the government's technology by encoding
messages so that no one, not even the government, can crack them.
The administration has been urging private industry to adopt the
so-called ``Clipper chip'' as a standard encoding system.





From Pierre at eworld.com  Wed Jun  1 22:37:46 1994
From: Pierre at eworld.com (Pierre at eworld.com)
Date: Wed, 1 Jun 94 22:37:46 PDT
Subject: Fwd: eWorld & Anonymity
Message-ID: <9406012237.tn42788@eworld.com>


 My first attempt to post this met with strange results; hopefully this
attempt will work.

Pierre
---------------------
Forwarded message:
Subj:    eWorld & Anonymity
Date:    94-05-31 22:35:57 PDT
From:    Pierre
To:      cypherpunks at toad.com

I thought this might interest people... eWorld's "policy" on anonymity...

***************************************

Date:    Sat, May 28, 1994 5:52 AM EST
From:  eWorldAlert at eworld.com
Subj:    About Member Profiles.
To:       Pierre

Dear eWorld Beta Tester,
The recent eWorld host software upgrade rebuilt Member Profiles using the
name you entered during registration. If you do not want your complete name
reflected in the Member Profile you can change it. We ask that you enter at
least your first initial and true last name.

You can edit this field for the next couple of weeks, after which you can no
longer change it.

We want eWorld members to have real identities to encourage responsible
online behavior.

In the near future the eWorld Member Name in the Member Profile of
newly-registered people will automatically reflect the name provided during
registration and will not be editable. During registration members will
choose between listing first & last name or first initial & last name in the
Member Profile.

This prevents people from using anonymous member names in eWorld, such as
Your Worstnightmare. It also allows members to have impersonal identities in
eWorld if they are concerned about harassment.

Someone asks, "What if I have an uncommon last name, live in a small
community and express an unpopular viewpoint in a discussion where tempers
are high? Someone can use my Member Name and Location information to find my
phone number (or even my address) and harass me!"

Those with unusual last names have two options. The first is to change the
community name from a city or town to a geographical region, or even to
change the geographic reference to Somewhere Else. The second is to call the
eWorld Assistance Center at 1-800-775-4556, explain the problem and ask for
an altered Member Name.

You don't need to do that now, though -- at this point you can change it
yourself.

We don't want anyone getting beat up or harassed because of membership in
eWorld. But we do want to *substantially* reduce the amount of anonymity and
consequent irresponsible behavior possible with the present registration
system.







From tcmay at netcom.com  Wed Jun  1 22:58:36 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 1 Jun 94 22:58:36 PDT
Subject: Micali's "Fair" Encryption
In-Reply-To: <199406011610.MAA00382@localhost>
Message-ID: <199406020558.WAA21607@netcom.com>


Bill Sommerfeld writes:

> 	... Micali's major stuff, the ``fair'' public-key based systems.
> 
> Just to throw another sound bite in the pot:
> 
> Why would anyone in their right mind use a cryptosystem that's only "fair"
> when they have their choice of so many "good" and "excellent" ones like
> IDEA and RSA as well? :-) :-)

Micali's scheme could be very useful for ensuring that a secret is not
lost forever upon the death, departure, or forgetfulness of an
employee. Even Cypherpunks Inc. would probably be interested in a
crypto system that allows reconstruction of a key by some process, for
secrets belonging to the company.

Generally, a whole range of algorithms and protocols is not a bad
thing. (A similar example is a protocol for digicash that only
"allows" partial withdrawals of one's cash...why would anyone "want"
such a limiting system? Think about it.) So long as the market is able
to function, and is not distorted by coercive laws, expect various
sorts of systems.

This said, I dislike the "fair" appelation, as it seems to be a kind
of propagandizing. In this age of hype, not surprising. But very bad
if the "fair" name gets used to help make such schemes mandatory for
private citizens.

> disclaimer: I haven't read Micali's papers in detail, but I understand that
> the "fair' cryptosystem is effectively "key escrow in software".  Actually,
> I haven't seen his protocols discussed in any level of detail on this list.
> An overview might help improve the S/N ratio here..

I look forward to hearing your summary, Bill! Micali's paper was
presented at the '92 Crypto Conference ("Proceedings" should be
readily available in the usual places: university libraries and large
technical bookstores, or by special order from Springer-Verlag),
around the same time Denning was describing this and other possible
"trial balloons" for key escrow.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Wed Jun  1 23:43:33 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 1 Jun 94 23:43:33 PDT
Subject: CEB 5 - The Hangover
In-Reply-To: <9406020150.AA07477@toad.com>
Message-ID: <199406020643.XAA26385@netcom.com>


Gary Jeffers apparently blames me for his dropping of the "Cypherpunks
Electronic Book" project:

>        Cypherpunks' Electronic Book (CEB) part 5 - the hangover.
> 
>    Tim May writes on & on & on about my failure to write the CEB.
> Hey, just where did I pick up GUILT? I had a really great idea for

I did not write "on and on" about this--go back and read what I wrote.

> Cypherpunks that I also felt was a glaring omission of Cypherpunks'.
> I wrote up the idea as best as I could & tried to interest some com-
> petent C'punk to do it. I thought I did a really good job of writing
> up the idea. Unfortunately, I lack the skills to write the particular
> code to do the idea. Its sort of like bringing home a rabbit for supper
> & everybody dumps on you cause it wasn't a moose. What kind of guilt do
> you dump on people who actually do bad things?

Flaky ranters like you and Hettinga are but the latest in a string of
ranters who wring their hands and cry "*Do* something@! I tried to be
polite in my comments, even saying "So, if the CEB enthusiasts want to
try this, I applaud them." 

In most of these cases, including Detweiler's similar wailings that no
one would create "alt.whistleblowers" for him, such politeness is
apparently unappreciated. Ranting is ever so much more fun, I guess.

(Hettinga's rants about "Garth and Wayne," broken windows, fleas on
his head, and "I'm not worthy" are just too strange for me to follow.
I sense a proto-Detweiler is forming in the great void.)

>    Admittedly, implementing the idea is magnitudes more work that get-
> ting the idea. However, it was a great idea & why should I suppress it
> because I personally couldn't implement it? No doubt, great ideas fall
> from Tim May like rain from the skies & he considers them cheap if not
> nuisances. However, in most of the world, they are in short supply & are
> considered valuable.

Nonsense. Like Detweiler's "electrocracy," this idea was just an old
notion in new clothes. In this case, the "stone soup" FAQ idea all
over again. 

I said it before, so I'll be brief: worrying about the details of
distribution instead of the writing is the big mistake. Distribution
is relatively trivial, whether by ftp at the soda site, distribution
by mail, whatever. 

>    I have discovered that the idea of bunches of creative, skilled
> programmers with lots of time on their hands is a myth. I guess they
> all manage to figure out something worth while to write. Originally, I
> had thought that there would be at least one of them around looking
> for something worthy to do.

If _you_ think it is worth, and _others_ think it is worthy, then
absolutely nothing is stopping you all from doing this project! Do you
think the comments of _me_ are enough to stop you? Jeesh.

What you seem to have done is to see my comments about such "stone
soup" let's-volunteer-the-others appraches and then just _given up_ in
a huff. Methinks you just have no staying power and were hoping the
Cyperpunks Masses would make your CEB project the centerpiece of their
efforts with little further work on your part. It just doesn't happen
that way.

>    I believe that I have described a very worthwhile project for anyone
> who wants to do it. I have a lot of hope that someone will do it later.
> I don't think its going to be forgotten. I would like to thank the
> people who supported the idea. CEB doesn't look like it is going to
> happen soon but if Cypherpunks grows, I think it is inevitable that it
> will happen.

It won't happen because nobody out there is going to do it, not
because your feelings got hurt. 

>    But, Tim, if you decide you want this done - do it yourself. You
> just have no idea how you get dumped on when you suggest others do
> it for you! :-)

More nonsense. Nonsense I am finished responding to. 


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From ddt at lsd.com  Thu Jun  2 00:33:37 1994
From: ddt at lsd.com (Dave Del Torto)
Date: Thu, 2 Jun 94 00:33:37 PDT
Subject: QUERY: who is this man?
Message-ID: <199406020733.AAA00205@netcom.netcom.com>


>ENCRYPTION: The Clinton administration's encryption
>  plans are having licensing troubles: The US Commerce
>  Department's NIST is having licensing discussions
>  with inventors over its Digital Signature Standard,
>  and an MIT scientist claims that the Clipper chip
>  infringes on his patents. <WSJ 5/31 p.B6>

Can someone please post the id of this "MIT Scientist?"

Also, any comments (however brief) on the NIST discussions?







From ddt at lsd.com  Thu Jun  2 00:34:07 1994
From: ddt at lsd.com (Dave Del Torto)
Date: Thu, 2 Jun 94 00:34:07 PDT
Subject: funny-byte
Message-ID: <199406020733.AAA00525@netcom.netcom.com>


"Yeah, I worked for the Phone Company back then, an' I guess it was an OK
job, but I didn't much like the way they calculated my paycheck: I got
$11.50 for the first hour, and twenty-five cents for each additional
hour..."

 [w/apologies to Charles Kozar, the Angry Black comic]







From ebrandt at jarthur.cs.hmc.edu  Thu Jun  2 00:57:50 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Thu, 2 Jun 94 00:57:50 PDT
Subject: News Flash: Clipper Bug?
In-Reply-To: <199406020517.WAA08969@netcom.netcom.com>
Message-ID: <9406020757.AA12534@toad.com>


> Matthew Blaze, a researcher at AT&T Bell Laboratories, told the New
> York Times that his research had shown that someone with sufficient
> computer skills can beat the government's technology by encoding
> messages so that no one, not even the government, can crack them.

Sounds like pre-encryption, after to the usual journalistic garbling.
Maybe not, I'll drop him a cc: (if I remember the address correctly).

   Eli   ebrandt at hmc.edu






From mathew at mantis.co.uk  Thu Jun  2 02:18:46 1994
From: mathew at mantis.co.uk (mathew)
Date: Thu, 2 Jun 94 02:18:46 PDT
Subject: Where to get PGP
In-Reply-To: <199406012041.NAA24376@netcom.com>
Message-ID: <m0q98p0-001JJ9C@sunforest.mantis.co.uk>


>Dos & Unix | mathew@    | 2.6ui    | Uses RSAREF.  Not for use in any
>           | mantis.co  |          | application that you get paid for.

No, no, no!  My release uses no RSAREF code at all.  Definitely not.


mathew





From perry at imsi.com  Thu Jun  2 04:54:42 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 2 Jun 94 04:54:42 PDT
Subject: News Flash: Clipper Bug?
In-Reply-To: <199406020517.WAA08969@netcom.netcom.com>
Message-ID: <9406021151.AA01748@snark.imsi.com>



-=Xenon=- says:
> Is this for real? Or did some future Nobel prize winner discover that PGP
> exists?

Thank you, Nik, for that insight.

My friend Matt Blaze at Bell Labs showed that you can forge LEAFs on
Tessera cards so that you can use Skipjack without anyone being able
to get the key you are using. Its a slick piece of work -- slick
enough that it made the front page of today's New York Times. I'm not
sure how practical it is, but its extraordinarily noteworthy.

Perry

> 
>         WIRETAP FLAW
>         NEW YORK (AP) -- A computer scientist reportedly has discovered a
> basic flaw in coding technology that the Clinton administration has
> been promoting as a standard for electronic communications. Matthew
> Blaze, a researcher at AT&T Bell Laboratories, told the New York
> Times that his research had shown that someone with sufficient
> computer skills can beat the government's technology by encoding
> messages so that no one, not even the government, can crack them.
> The administration has been urging private industry to adopt the
> so-called ``Clipper chip'' as a standard encoding system.





From perry at imsi.com  Thu Jun  2 04:56:33 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 2 Jun 94 04:56:33 PDT
Subject: News Flash: Clipper Bug?
In-Reply-To: <9406020757.AA12534@toad.com>
Message-ID: <9406021156.AA01774@snark.imsi.com>



Eli Brandt says:
> > Matthew Blaze, a researcher at AT&T Bell Laboratories, told the New
> > York Times that his research had shown that someone with sufficient
> > computer skills can beat the government's technology by encoding
> > messages so that no one, not even the government, can crack them.
> 
> Sounds like pre-encryption, after to the usual journalistic garbling.
> Maybe not, I'll drop him a cc: (if I remember the address correctly).

Its not pre-encryption. He's actually getting around the key escrow
features and using Skipjack in a secure manner. Its very slick.

Perry





From an60011 at anon.penet.fi  Thu Jun  2 05:54:33 1994
From: an60011 at anon.penet.fi (Ezekial Palmer)
Date: Thu, 2 Jun 94 05:54:33 PDT
Subject: CEB 5 - The Hangover
In-Reply-To: <9406020150.AA07477@toad.com>
Message-ID: <199406021236.AA23230@xtropia>


-----BEGIN PGP SIGNED MESSAGE-----

    Date: Wed, 01 Jun 94 20:49:42 CDT
    From: "Gary Jeffers" <CCGARY at mizzou1.missouri.edu>
    Subject: CEB 5 - The Hangover
    
    Its sort of like bringing home a rabbit for supper & everybody
    dumps on you cause it wasn't a moose.

It looked more like someone saying "Hey!  Let's have rabbit for
dinner!  Now, you there, go kill us a rabbit.  And you, over there,
start a fire.  And you..."  I realize that you think that you brought
a rabbit home, but others seem to think that you only brought a menu.

Zeke

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLe2xIhVg/9j67wWxAQEvtwP9HeNCN8htnWslcW82zPT5/5XWP9if1p98
Yd8DMk4X8BKeln0ErRPwQs+Sc4Erh/UF9rPeCCVo+luwBotQYVeh4Y+3KaImLhwt
SpTUeMaGQDIySKl4E2xJS+Fj4RRvh/8cWoRw3ktF7/+8aigvO9OZM46DfInbX1yl
/Yw+LSrHo/E=
=6Vdm
-----END PGP SIGNATURE-----





From pcw at access.digex.net  Thu Jun  2 05:54:50 1994
From: pcw at access.digex.net (Peter Wayner)
Date: Thu, 2 Jun 94 05:54:50 PDT
Subject: News Flash: Clipper Bug?
Message-ID: <199406021254.AA26863@access2.digex.net>



>
>My friend Matt Blaze at Bell Labs showed that you can forge LEAFs on
>Tessera cards so that you can use Skipjack without anyone being able
>to get the key you are using. Its a slick piece of work -- slick
>enough that it made the front page of today's New York Times. I'm not
>sure how practical it is, but its extraordinarily noteworthy.

Please explain how to forge the LEAFs. I presume that this doesn't 
involve super-encryption.







From perry at imsi.com  Thu Jun  2 05:57:21 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 2 Jun 94 05:57:21 PDT
Subject: News Flash: Clipper Bug?
In-Reply-To: <199406021254.AA26863@access2.digex.net>
Message-ID: <9406021257.AA01857@snark.imsi.com>



Peter Wayner says:
> >My friend Matt Blaze at Bell Labs showed that you can forge LEAFs on
> >Tessera cards so that you can use Skipjack without anyone being able
> >to get the key you are using. Its a slick piece of work -- slick
> >enough that it made the front page of today's New York Times. I'm not
> >sure how practical it is, but its extraordinarily noteworthy.
> 
> Please explain how to forge the LEAFs. I presume that this doesn't 
> involve super-encryption.

I'll see if I can get Matt to send an explanation himself.

Perry





From frissell at panix.com  Thu Jun  2 06:09:52 1994
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 2 Jun 94 06:09:52 PDT
Subject: News Flash: Clipper Bug?
In-Reply-To: <199406021254.AA26863@access2.digex.net>
Message-ID: <Pine.3.87.9406020953.A9487-0100000@panix.com>




On Thu, 2 Jun 1994, Peter Wayner wrote:

> 
> 
> Please explain how to forge the LEAFs. I presume that this doesn't 
> involve super-encryption.
> 

Here is what the article on the upper right hand side of this morning's 
New York Times says:

"To defeat the system, Dr. Blaze programmed a 'rouge' unit to test 
thousands of LEAF's.  Once he found a valid key, he inserted it in place 
of the one that would be generated by the Clipper device.  Later, if law 
enforcement officials attempted to use it for decoding, it would not 
unlock this particular message."

He was able to find LEAF's that passed checksum in spite of having an 
invalid session-key number.

If generating these things takes a lot of computing power, maybe we could 
come up with a distributed processing project like RSA 129 was cracked by.

DCF








From perry at imsi.com  Thu Jun  2 06:36:56 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 2 Jun 94 06:36:56 PDT
Subject: News Flash: Clipper Bug?
In-Reply-To: <Pine.3.87.9406020953.A9487-0100000@panix.com>
Message-ID: <9406021336.AA01931@snark.imsi.com>



Duncan Frissell says:
> If generating these things takes a lot of computing power, maybe we could 
> come up with a distributed processing project like RSA 129 was cracked by.

No, it doesn't require so much compute power as to need such
activity. I'm still examining Matt's paper -- I'll get him to explain,
or if he doesn't I'll post a summary.

Perry






From frissell at panix.com  Thu Jun  2 06:39:38 1994
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 2 Jun 94 06:39:38 PDT
Subject: News Flash: Clipper Bug?
In-Reply-To: <9406021336.AA01931@snark.imsi.com>
Message-ID: <Pine.3.87.9406020932.A17462-0100000@panix.com>




On Thu, 2 Jun 1994, Perry E. Metzger wrote:

> 
> No, it doesn't require so much compute power as to need such
> activity. I'm still examining Matt's paper -- I'll get him to explain,
> or if he doesn't I'll post a summary.
> 
> Perry
> 

Is the generation of a fake LEAF something that has to be done using the 
"current" communications session or can you store them up in advance of 
need and just slap them into place during each session?

DCF






From perry at imsi.com  Thu Jun  2 06:44:25 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 2 Jun 94 06:44:25 PDT
Subject: News Flash: Clipper Bug?
In-Reply-To: <Pine.3.87.9406020932.A17462-0100000@panix.com>
Message-ID: <9406021344.AA01960@snark.imsi.com>



Duncan Frissell says:
> On Thu, 2 Jun 1994, Perry E. Metzger wrote:
> > 
> > No, it doesn't require so much compute power as to need such
> > activity. I'm still examining Matt's paper -- I'll get him to explain,
> > or if he doesn't I'll post a summary.
> 
> Is the generation of a fake LEAF something that has to be done using the 
> "current" communications session or can you store them up in advance of 
> need and just slap them into place during each session?

Information *will* be forthcoming. Hang on.

Perry





From dmandl at lehman.com  Thu Jun  2 07:01:08 1994
From: dmandl at lehman.com (David Mandl)
Date: Thu, 2 Jun 94 07:01:08 PDT
Subject: News Flash: Clipper Bug?
Message-ID: <9406021400.AA08779@disvnm2.lehman.com>


> From: "Perry E. Metzger" <perry at imsi.com>
> 
> My friend Matt Blaze at Bell Labs showed that you can forge LEAFs on
> Tessera cards so that you can use Skipjack without anyone being able
> to get the key you are using. Its a slick piece of work -- slick
> enough that it made the front page of today's New York Times. 

More specifically, it was the TOP STORY in the Times.  Ha ha ha.

   --Dave.





From wln at tla.org  Thu Jun  2 07:38:05 1994
From: wln at tla.org (W Lee Nussbaum)
Date: Thu, 2 Jun 94 07:38:05 PDT
Subject: News Flash: Clipper Bug?
Message-ID: <9406021437.AA01473@nmi.tla.org>


In <9406021400.AA08779 at disvnm2.lehman.com>, dmandl at lehman.com (David
Mandl) writes:
>
>More specifically, it was the TOP STORY in the Times.  Ha ha ha.

Lesbian invisibility strikes again...  (of the six columns on a Times
front page, three of today's are topped by a picture, two by the
article "Pentagon Must Reinstate Nurse Who Declared She Is a Lesbian",
and one by this article, "Flaw Discovered In Federal Plan For
Wiretapping")

        - Lee





From koontzd at lrcs.loral.com  Thu Jun  2 07:46:36 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Thu, 2 Jun 94 07:46:36 PDT
Subject: News Flash: Clipper Bug?
Message-ID: <9406021445.AA17436@io.lrcs.loral.com>


>Eli Brandt says:

>Its not pre-encryption. He's actually getting around the key escrow
>features and using Skipjack in a secure manner. Its very slick.

I've been saying it can be done for more than a year. I wrote a C model
of some operating code for the chip.  The clipper chip has save and restore
commands that are used to dump and restore the LR register (crypto state).
You keep your own LEAF and feed it back to the chip.  You take the initial
value of the LR register after IV generation and reload, it contains the
IV.  You exchange IVs with the distant end, who has also feed his own
LEAF back to his chip.  You have achieved crypto sync.

The save and restore commands are to allow a single cryptographic algorithm
embodiment to be used for two or more contexts - in the case of a duplex
communications channel - send and receive.

The question should really be how easy it is to subborn a clipper phone
unit.  The TSD 3600 is the only one available at this time.  You need to
be able to capture its programming, either by modifying ROM, exception
handling and additional ROM, etc.

I've been hesitant to buy a couple and try it for several reasons:

1) I'm not sure the key exchange is satisfactory, any TSD 3600 will talk
   to any other.

2) There might be anti-tamper features (re: FIPS Pub 140-1), causing loss
   of crypto variables (say for key exchange).  It might be possible the
   TSD won't operate it all if security features are tripped.  (unlikely,
   when you consider mechanical switches might bounce when one of these
   is thrown is a briefcase).

3) Its potentially a lot of work to capture the instruction stream.  If internal
   ROM is used in something, its probably security locked.  

I could think of a couple of ways to make it harder to break into the code
that operates a clipper chip.





From 0006368931 at mcimail.com  Thu Jun  2 07:55:58 1994
From: 0006368931 at mcimail.com (Mark Voorhees)
Date: Thu, 2 Jun 94 07:55:58 PDT
Subject: Clipper in patent trouble?
Message-ID: <13940602144231/0006368931PK4EM@mcimail.com>


***********************************************************
                                      Information Law Alert
     |||||||||    ||           ||||   * a voorhees report *
        ||       ||         ||     || *                   *
       ||       ||         ||     ||  *    718-369-0906   *
      ||       ||         |||||||||   *        voice      *
     ||       ||         ||     ||    *    718-369-3250   *
    ||       ||         ||     ||     *         fax       *
|||||||||   ||||||||   ||     ||      markvoor at phantom.com*
***********************************************************
411 First St., Brooklyn, NY 11215-2507        May 27, 1994
_
__________

Clipper's dirty little secret
ADMINISTRATION'S CRYPTO PLAN MAY HAVE PATENT PROBLEMS
MIT professor says he deserves royalties 

     An MIT computer scientist is trying to earn
royalties on the use of the Administration's Clipper
encryption plan. Negotiations, which one government
official described as "erratic," have been going on for a
couple months.
 
     Silvio Micali, the professor, holds one patent that
he says covers a critical part of the government's
Clipper project. He says the U.S. Patent and Trademark
Office approved but has not yet publicly issued a second
patent improving on the original invention.
 
     The royalty negotiations throw a wildcard onto the
table of U.S. cryptography policy at an uncertain time.
If the patent covers Clipper, opponents of U.S. policy
will likely seize on the patent dispute as just one more
reason to kill Clipper; users of Clipper will face higher
costs; and the U.S. government will also have a much
harder time exporting Clipper technology. Foreign
governments recoil at the prospect of paying royalties to
a U.S. citizen.
 
     Still, it is unclear how committed Micali is to
facing off against barrel-chested U.S. negotiators. So
far, he has been talking amiably to Michael Rubin, deputy
general counsel of the National Institute of Standards
and Technology, without the aid of a lawyer. "I didn't
think that in dealing with the U.S. government, I would
need a lawyer," Micali says. "I may be proved wrong."
 
     The key escrow, or Clipper, proposal is a coding
scheme to provide privacy to voice, fax, and computer
communications through the use of a secret codes. The
code is embedded in a computer chipDthe Clipper chipDthat
the government wants installed in telephones, fax
machines and computers. 
 
     But there's a catch: The secret key that unlocks
messages is broken into two pieces and held in escrow by
the government. With a court order, the government can
reunite the two escrowed keys and tap the coded
communications.
 
     Micali says that his patent covers the basic notion
of escrowed keys in which trustees are given guaranteed
pieces of the key. And while most of the 18 claims of the
patent don't seem relevant to Clipper, the last four
could be troubling.
 
     One of the claims clearly covers the division of a
secret key into pieces and the recreation of those pieces
in order to tap a line.
 
     If it applies to Clipper, Micali's patent would pose
a vexing problem. Unlike most of the rest of the key U.S.
cryptographic patents, the government does not seem to be
able to use Micali's technology for free. Micali says he
made the invention on his own time, not while working on
a government-funded project, which would give the U.S.
government royalty-free use.
 
     At least initially, the government will be the
primary user of Clipper chip encryption devices.
Officially, it is a voluntary standard for government
use. But the Clinton Administration hopes the concept
will spread into the private market. If that happens,
consumers could face a higher price tag because of the
Micali patent. The Clipper chip itself currently costs
$25.
 
     A NIST official says the government is now
evaluating Micali's patent and talking to the professor.
The analysis includes whether the government provided any
sort of funding to Micali's research that led to the
invention underlying the patent.
 
     Micali initially approached the government several
years ago about adopting a cryptographic scheme that he
says is preferable to Clipper. 
 
     Clipper is a private key system in which the same
key, a so-called session key, is used to both code and
decode a message. From a practical point of view, this
requires the sender and user to exchange keys beforehand,
which can be dangerous, time-consuming and expensive.
 
     Micali envisioned a public key system that would
still give the government access to tap phone lines.
Public key, of course, is the greatest recent
cryptographic breakthrough because it frees the parties
from selecting a key in advance. 
 
     In a public key system, a sender will code a message
with the receiver's public key, which is widely known.
The receiver will then decode the message with his or her
private key, which is mathematically related to the
public key but difficult to compute.
 
     Under Micali's scheme, users would break their
private keys into pieces and give each escrow agent a
piece and a mathematical proof that the piece is
legitimate. Upon proper authority, the government could
then reassemble the pieces of the key to tap a message.
 
     The government obviously opted for Clipper rather
than Micali's approach, but Micali did not go away. Last
January, the patent office issued his patent, so the
topic of conversations shifted to royalties. 
 
     Micali won't say what sum he is seeking from the
government except that it is reasonable compared to
standard practices. It is not unusual for patent holders
to seek 5 percent to 10 percent of sales if they feel
they hold a core patent and up to 2 percent if their
invention is peripheral.
 
     The Micali patent covers a public key system, which
Micali says would give users more control over their keys
and would be less expensive, even with royalty payments,
than a hardware-based solution, like Clipper. Most of the
patent's claims, therefore, don't cover Clipper, which is
a private key system. (A user, however, may want to use a
public key system like RSA to generate the session key
under Clipper.) 
 
      Micali's patent lawyer was wise enough to round out
the patent with four general claims that cover the use of
escrowed keys, regardless of the method. Micali says his
second patent, which is not yet public, may cover Clipper
even more directly.
 
     Claim interpretation, of course, is a matter of
impression and imprecision, especially when it relates to
inventions implemented in software. And it may be that
NIST decides that Micali's claims don't specifically
cover Clipper.

     In that case, Micali would be facing a legal bill
of hundreds of thousands of dollars to make his case in
court.

     Until that time, Micali is not revealing his
strategy other than to say that he may soon need a
lawyer.
************************



----- that's all -----








From hal at martigny.ai.mit.edu  Thu Jun  2 07:57:06 1994
From: hal at martigny.ai.mit.edu (Hal Abelson)
Date: Thu, 2 Jun 94 07:57:06 PDT
Subject: PGP 2.6 FAQ
Message-ID: <9406021457.AA18204@toad.com>






			Questions and Answers
		    about MIT's Release of PGP 2.6
				   
				  by
    Hal Abelson, Jeff Schiller, Brian LaMacchia, and Derek Atkins

			     June 2, 1994


Q: Is PGP 2.6 an official release from MIT?

A: Yes.  PGP 2.6 is distributed via the Internet to non-commercial
U.S. users by MIT Information Systems, via anonymous ftp from
net-dist.mit.edu in the directory pub/PGP.  Planning for the PGP 2.6
release was conducted with the knowledge and approval of the MIT
administration.  The MIT News Office officially announced the
availability of PGP 2.6 in a press release dated May 26, 1994.

***

Q: Was PGP 2.6 released in cooperation with RSA Data Security, Inc.?

A: Yes.  PGP 2.6 uses the RSAREF(TM) Free Cryptographic Toolkit
(Version 1) licensed by RSADSI.  RSADSI has granted MIT permission to
access the non-published routines in RSAREF required to support PGP.

***

Q: Was Phil Zimmermann involved in the PGP 2.6 release?

A: Yes.  Zimmermann has been fully involved in the release process.
In addition, he approved all code changes from earlier versions of
PGP and updated the PGP documentation for version 2.6.

***

Q:  Can PGP 2.6 interoperate with previous versions of PGP?

A: Not completely.  There are two different incompatibilities between
PGP 2.6 and earlier versions of PGP.  The first incompatibility is a
deliberate format change that will trigger on September 1, 1994.  The
intent of this change is to discourage PGP users in the U.S. from
using PGP 2.3a, which potentially infringes patents.  The second
incompatibility is that PGP 2.6 requires signatures to be in PKCS
format, which has been the default since PGP 2.3, although PGP 2.3
was able to process non-PKCS signatures.

***

Q: What's the effect of the September 1 format change?  Will I still
be able to use my old keys?  Will I still be able to decrypt old
messages?

A: Both now and after September 1, PGP 2.6 will decrypt messages and
uses keys generated by PGP 2.3a.  To quote from the PGP 2.6 manual:

        PGP version 2.6 can read anything produced by versions 2.3,
        2.3a, 2.4, or 2.5.  However, because of a negotiated
        agreement between MIT and RSA Data Security, PGP 2.6 will
        change its behavior slightly on 1 September 1994, triggered
        by a built-in software timer.  On that date, version 2.6 will
        start producing a new and slightly different data format for
        messages, signatures and keys. PGP 2.6 will still read and
        process messages, signatures, and keys produced under the old
        format, but it will generate the new format.

***

Q: What about the PKCS requirement?

A: PKCS Stands for Public Key Cryptography Standards and is a
voluntary standard created by RSA Data Security and several industry
leading organizations, including MIT. PKCS specifies standard
encodings for encrypted and signed objects as well as some key
formats. The standard documents themselves may be obtained via
anonymous FTP from rsa.com.

Starting with PGP version 2.3, PGP signatures have conformed to the
PKCS signature standard.  Although PGP version 2.3 generated PKCS
format signatures, it was capable of understanding the non-PKCS format
generated by PGP 2.2 and earlier versions.  PGP 2.6 removes this
compatibility code. This makes some of the PGP 2.6 code cleaner and
ensures compatibility with future versions of RSAREF and other future
standard software.  Making the change now also encourages people to
obtain fresh signatures on their keys, which is a prudent thing to do
every so often.

Note: The PKCS requirement has nothing to do with the September 1 PGP
format change. It is an independent decision of the PGP development
team.

***

Q: Is there a technical reason for the September 1 format change?

A: No. The format change is being made for legal reasons, not
technical reasons.  MIT wanted to bring out a version of PGP that
would have the support of RSADSI.  RSADSI would not lend their support
to a product that fully interoperates with PGP 2.3, which, when used
in the United States, potentially infringes patents licensed to them
by Stanford and MIT.  The intent of this format change is to
discourage people from continuing to use the earlier software, which
will mitigate the patent-caused problems that have hampered use of PGP
within the U.S.  The time delay between now and September is to give
people adequate time to upgrade to the new software.

***

Q:  Does using RSAREF make PGP 2.6 run more slowly than previous
versions of PGP?

A: No.  The speed-critical portions of PGP 2.6 use the same
multi-precision integer libraries as in PGP 2.3a.  We have noticed no
appreciable speed difference between PGP 2.3a and PGP 2.6 on any of
the platforms we have tried.  If you observe a performance problem
with PGP 2.6, please send details to pgp-bugs at mit.edu.  Be sure to
tell us what platform and compiler you are using.

***

Q: Is there a back door in PGP 2.6?

A: No. You need not take our word for it.  PGP is distributed in
source code, so that you can verify its integrity yourself, or get
someone you trust to verify it for you.  The 2.6 MSDOS executable file
that we distribute has been digitally signed, so you will know that it
has not been tampered with.  In general, you should be wary of using
encryption programs that you receive as object code, whose origin you
cannot authenticate.

***

Q: Why is PGP 2.6 limited to 1024-bit keys?  Does this compromise the
security of PGP 2.6?

A: To quote from the PGP 2.6 manual:

        Beginning with version 2.4 (which was ViaCrypt's first
        version) through at least 2.6, PGP does not allow you to
        generate RSA keys bigger than 1024 bits.  The upper limit was
        always intended to be 1024 bits.  But because of a bug in
        earlier versions of PGP, it was possible to generate keys
        larger than 1024 bits.  These larger keys caused
        interoperability problems between different older versions of
        PGP that used different arithmetic algorithms with different
        native word sizes.  On some platforms, PGP choked on the
        larger keys.  In addition to these older key size problems,
        the 1024-bit limit is now enforced by RSAREF.  A 1024-bit key
        is very likely to be well out of reach of attacks by major
        governments.

Cracking a 1024-bit key is far beyond any publicly known computational
capability.  The table below, originally posted to Usenet in October,
1993, gives some numbers for the expected amount of work required to
crack keys of various sizes. The prediction for RSA129, which was
finally factored in April, 1994, was very close to the actual time
required.  (The time was about 5000 MIPS-years, depending on your
definition of a MIPS.)

    RSA129 (429 bits):      4,600 MIPS-YEARS
    a 512 bit key         420,000 MIPS-YEARS (safe for a little while!) 
    a 700 bit key   4,200,000,000 MIPS-YEARS (seems pretty safe to me!)
    a 1024 bit key    2.8 x 10^15 MIPS-YEARS (Wow!)

The above table is based on the Multiple-Polynomial Quadratic Sieve
(MPQS). Other algorithms under development may have slightly better
performance.

The bottom line is that cracking a 1024-bit key using anything like
presently known factoring methods will probably not happen within the
lifetime of anyone reading this FAQ at the time of this writing
(1994).  A breakthrough in computer technology or algorithm efficiency
that threatens a 1024 bit key is likely to be so powerful that it will
threaten much larger keys as well, and then all bets are off!

Any successful attack on PGP with large key sizes is more likely to
come from exploiting other aspects of the system (such as the prime
number generation algorithm) than by brute-force factoring of keys.
Given this, it is not at all clear that key sizes larger than 1024
bits provide increased security in any practical sense.

Nevertheless, RSADSI has granted MIT permission to modify RSAREF to
increase the key size, and larger keys will be supported in a future
PGP release.  These larger keys, however, will not be manipulated by
PGP 2.6 and earlier releases, so users will need to upgrade in order
to use them.

***

Q: There is no patent problem with using PGP 2.3a outside the U.S.
Isn't it offensive to impose a change on PGP users around the world
to accommodate a legal problem in the U.S.?

A: To quote from the PGP 2.6 manual:

        Outside the United States, the RSA patent is not in force, so
        PGP users there are free to use implementations of PGP that
        do not rely on RSAREF and its restrictions.  Hopefully,
        implementors of PGP versions outside the US will also switch
        to the new format, whose detailed description is available
        from MIT.  If everyone upgrades before 1 September 1994, no
        one will experience any discontinuity in interoperability.

We apologize to PGP users outside the U.S.  We are asking them to
undergo the inconvenience of making a change to the non-U.S. version
of PGP for no technical reason.  We hope that the effect of this
change, which will remove any legal controversy from the use of PGP in
the U.S., will benefit PGP users outside the U.S. as well as within
the U.S.

***

Q: How can PGP users outside the U.S. upgrade, if PGP 2.6 might be
subject to U.S. export controls?

A: The format change that will become effective on September 1, 1994
can be accomplished by a simple modification to the PGP 2.3a code,
which was developed outside the U.S.  MIT has published the new format
specification.  Consequently, a non-U.S. version of PGP that
interoperates with PGP 2.6 can be produced without the need
for anyone to attempt to export PGP software from the U.S.

***

Q: With this incompatible change, what provisions are being made for
users of ViaCrypt PGP (PGP 2.4) ?

A: ViaCrypt has announced a new release of their product, called PGP
2.7, that supports both the old and new formats.  They will also
provide upgrade kits for users for version 2.4.  For further
information, contact

    Paul E. Uhlhorn
    Director of Marketing, ViaCrypt Products
    Mail:          2104 W. Peoria Ave
		   Phoenix AZ 85029
    Phone:         (602) 944-0773
    Fax:           (602) 943-2601
    Internet:      viacrypt at acm.org
    Compuserve:    70304.41

***

Q: Does PGP 2.6 use RSAREF version 1, or RSAREF 2.0?

A: PGP 2.6 uses RSAREF version 1.  PGP 2.5 used RSAREF version 2.0.
During the discussions that led to the creation of PGP 2.6, RSA Data
Security requested that MIT switch to RSAREF 1.  Furthermore, RSADSI
gave MIT formal written permission to make calls to internal program
interfaces in RSAREF 1, consistent with the RSAREF 1 license.  From
a technical standpoint, it doesn't matter which version of RSAREF is
used by PGP.  The major enhancements to RSAREF 2.0 have to do with
functionality not required by PGP.  Also, RSADSI's licensing
restrictions (which require non-commercial use only) are not
significantly different from RSAREF 1 to RSAREF 2.  It is possible that
later releases of PGP from MIT may use a different release of RSAREF,
but we see no reason to do so at this time.

***

Q: What is PGP 2.5 and what is its status?

A: MIT initially released PGP 2.5 for beta test on May 9, 1994.
During the beta test period, we continued discussions with RSA Data
Security.  These discussions led us to decide to install the September
1 format change, as well to use RSAREF 1 (see question above).  PGP
2.5 contained several important bugs that have been fixed in PGP 2.6.
PGP 2.5 does *not* contain the software necessary to understand
messages generated by PGP 2.6 after September 1. We therefore urge all
U.S.  users to upgrade to PGP 2.6 (or a subsequent version).

***

Q: What is PGP 3.0?

A: PGP 3.0 is an anticipated upgrade to PGP.  Unlike PGP 2.6, PGP 3.0
will be a major rewrite and reconstruction of the PGP internal
software.  PGP 3.0 might be ready before the end of 1994, but there
are no specific release plans yet.

***

Q: Will there be further incompatible changes to PGP?

A: Almost certainly.  As new features are added, the format of
messages and other data structures will no doubt be changed.  For
example, we have considered adding a new packet type for signatures
that places the signature at the end of a signed packet rather then
the beginning.  This will permit restructuring the PGP software so
that it can operate in one pass, with no need to create the numerous
temporary files that PGP now creates. This will facilitate
applications that are not now currently possible.  For example, a
one-pass PGP could be used to encrypt data to a tape drive during
backup.  This cannot be done with PGP today because it would need to
create temporary files that consume almost twice as much disk space as
the data being backed up!

***

Q: Will keys generated prior to PGP 2.6 continue to be usable?

A: Yes. PGP 2.6 will always be able to use keys created by prior
versions. New keys, generated *after* September 1 will *not* be
usable by prior versions of PGP. However we hope that all PGP users
will have upgraded to PGP 2.6 or better (or its non-U.S. equivalent)
by September.

***

Q: Why did MIT release PGP 2.6, when PGP 2.3 is already available?

A: Using PGP 2.3 in the U.S. potentially infringes patents licensed
exclusively to Public Key Partners by Stanford University and MIT.
This sticky patent situation has deterred the spread of PGP, because
many people and institutions did not wish to risk violating
intellectual property restrictions.

MIT has addressed this problem in PGP 2.6 by using RSAREF, which is
licensed by RSA Data Security, Inc. RSADSI acknowledges that PGP 2.6
is a legitimate RSAREF application.  The RSAREF license includes
rights to all of the relevant U.S. patents on public key cryptography
for non-commercial use.

***

Q: Will there be version of PGP 2.6 for the Mac?

A: People are working on this, but it's not ready yet.  We hope it
will be available within a couple of weeks.

***

Q: Is MIT distributing PGP 2.6 to Canada?

A: No, or at least not yet.  There are some legal issues involved,
having to do with possible U.S. export control restrictions, and we're
getting advice on how to deal with these.  We hope to sort this out
next week.

***

Q: Who are the people who are working on the PGP 2.6 release?

A: People outside MIT working directly on the 2.6 release are Phil
Zimmermann and Colin Plumb.

People at MIT coordinating the PGP 2.6 release are Jeff Schiller, MIT
Network Manager; Hal Abelson, Prof. of Computer Science and
Engineering; Brian LaMacchia, graduate student in Computer Science;
and Derek Atkins, graduate student in Media Arts and Sciences.
Support from the MIT administration was provided by Jim Bruce, MIT
Vice-President for Information Systems; David Litster, MIT
Vice-President and Dean for Research; Karen Hersey, MIT Intellectual
Property Counsel; and John Preston, MIT Director of Technology
Development.

***

Q: Are there more questions?

A: Certainly.  If there are other questions about PGP 2.6 that you
think ought to be answered here, please send us to them (at
pgp-bugs at mit.edu) and we will try to include answers in future versions
of this FAQ.







From hughes at ah.com  Thu Jun  2 08:30:34 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 2 Jun 94 08:30:34 PDT
Subject: IMP (was Re: ecash-info (fwd))
In-Reply-To: <199406020211.WAA03002@zork.tiac.net>
Message-ID: <9406021538.AA05856@ah.com>


   >Now, one cost of deploying any such system would
   >be the expected (negative) value of the risk taken in losing the whole
   >development investment to an adverse regulatory decision, let alone
   >possible actual penalties.

   True. That is a risk of deploying the protocol from the financial entity's
   standpoint.  

It's a risk, that risk has costs both direct and indirect, and
therefore Chaum's systems are _more_expensive_ than they appear.  These
risk costs _will_ affect what gets deployed.

   Like most things in the banking system, a consensus (inside
   the beltway and out) would have to be reached. But this is a political, not
   a technical, challenge.

Almost all the problems in deploying a digital cash system at this
point are financial and political.

   re: IRS reporting

   I'm hard pressed to see the difference between $10K of paper money and $10K
   of e-cash.  That's the point of the technology. If you treat it the same
   way, you can regulate it the same way.

Smurfing is easier in the electronic domain by a long shot.  Smurfing,
for those, not in with the jargon, is sending out flunkies with a few
thousand in cash each to fetch cashier's checks (i.e. non-cash
instruments).  Since the transfer of e-cash and the creation of
nominal accounts is much easier, it's that much better for moving
anonymous money.

The Treasury Department will see this as a Bad Thing.  It will most
definitely be a regulatory hurdle.

   re: getting profitability

   If it is possible to sell, maintain and support software on the internet,
   there will be an incentive for sellers to use it to reduce costs.  [etc.]

I elided an important point.  It seems clear to us that there's a
large market available on the Internet.  Will it be clear to the
financiers?  Not without a lot of education.

   If I had an e-cash-register coupled with a transaction-ftp capability, I
   could sell my software without knowing who bought it, and put the money in
   the bank more efficiently than if I had to deal with checks, credit cards,
   etc., I would jump at the chance.

This is a feature of any all-electronic payments system, not only of
electronic cash systems.  There are alternatives which can work
economically.  Deployment of anonymous digital money is not an assured
event.

   E-cash is critical
   because of it's efficiency.  

Almost all the efficiency comes from the fact that it's electronic,
not that it's cash.  It is true that cash systems more quickly
consolidate receivables, but the advantage over paper is _relatively_
small.

   With it, I can sell software or
   computer-related services from any net-connected machine to customers
   Singapore, or Japan, or down the street [...]

As soon as foreign exchange transactions come into play, life gets
more complicated real quickly.  I think there really is a large market
available in low level foreign exchange, but it's much more likely
that single currency money systems will be the first to be deployed.

   Suppose that all cash transactions had to be
   recorded and each party of the transaction had to be identified and
   reported to some other third party (the government, say). Besides the
   specter of big brother watching you, the economy would choke in
   administrivia (I *like* that word, Eric).

Choke?  I think not.  Costs would go up a little, certainly, but all
the reporting could be put into software.  Ever heard of the term
"compliance officer" in banking?  It's someone who goes around and
makes sure the firm doesn't inadvertently break any laws.  Well,
compliance for cash reporting would be in software from day one of the
requirement.  It might add a bit to computer system costs, but not
appreciably to labor costs.  After all, filing would be done
electronically, for real-time monitoring.

   If the people who control patents to the "wallets" and
   "cash-register" technology would let that be available for all, 

The 'purchaser' package of DigiCash will be freely distributed.  I
don't think the 'merchant' package will be.  I infer this from looking
at the questionnaire for self-qualification of DigiCash's that got
posted here.  There was a one category for banks, certainly to be
licensees, and one for merchants, therefore also to be licensees.

In summary.  Anonymous cash systems are not clearly better than
identity money systems.  It's not clear at all that one will win out
over the other.  In the USA, there are strong governmental forces
against anonymity.  The best we can hope for is that both get
deployed.  The market will then be able to choose.

Eric





From hughes at ah.com  Thu Jun  2 08:35:13 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 2 Jun 94 08:35:13 PDT
Subject: New MacPGP
In-Reply-To: <199405311453.HAA05825@netcom.com>
Message-ID: <9406021543.AA05870@ah.com>


   Mike at mpj at netcom.com put it up within a day. That was a week after
   I sent it to both Erics, 

Nik at ndw1 at columbia.edu tried to send it to me through a remailer and
got the syntax wrong.  The operator of the remailer was kind enough to
send it along.

And I erased it.  I've had enough trouble with Mac distributions that
I'm only going to trust something uploaded via ftp and that has not
passed through a mail system.  YO!  Get the file README.UPLOAD and
follow the directions.

Eric





From koontzd at lrcs.loral.com  Thu Jun  2 08:40:01 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Thu, 2 Jun 94 08:40:01 PDT
Subject: No Subject
Message-ID: <9406021539.AA17518@io.lrcs.loral.com>


San Jose Mercury News, Front Page June 2, 1994

SCIENTIST FINDS FLAW IN CODE TECHNOLOGY

New York Times

  A computer scientist at AT&T Bell Laboratories has discovered a basic
flaw in the technology that the Clinton administration has been promoting
to allow law-enforcement officials to eavesdrop on electronically scrambled
telephone and computer conversations.

  Someone with sufficient computer skills can defeat the government's
technology by using it to encode messages so that not event the government
can crack them, according to the Bell Labs researcher, Matthew Blaze.

  For more than a year, the Clinton administration has been advocating the
encoding technology as the best way to ensure the privacy of telephone and
computer conversations while retaining the traditional right of law-
enforcement officials to use court-authorized wiretaps to eavesdrop on the
conversations of suspected criminals or terrorists.

  The technology, based on what is known as the Clipper chip, has been 
widely criticized by communications executives and privacy-rights advocates,
who fear its Big Brother potential.  The industry also fears foreign customers
might shun equipment if Washington keeps a set of electronic keys.

  But now, Blaze, as a result of his independent testing of Clipper, is 
putting forth perhaps the most compelling criticism yet:  The technology
simply does not work as advertised.  Blaze spelled out his findings in
a draft report that has been quietly circulated among computer researchers
and federal agencies in recent weeks.

  "The government is fighting an uphill battle," said Martin Hellman,
a Stanford University computer scientist who has read Blaze's paper and is
an expert in data encryption, as the field is known.  "People who want to
work around Clipper will be able to do it."

  But the National Security Agency, the government's electronic spying
agency, which played a lead role in developing the technology, said Wednesday
that Clipper remained useful, despite the flaw uncovered by Blaze. Agency
officials do not dispute the flaw's existence.

  "Anyone interested in circumventing law-enforcement access would most likely
choose simpler alternatives," Micheal A. Smith, the agency's director of
policy, said in a written statement.  "More difficult and time-consuming
efforts, like those discussed in the Blaze paper, are very unlikely to be
employed."

A necessary compromise?

  Since announcing the Clipper coding technology 13 months ago, White House
and Justice Department officials have argued forcefully that it is a 
necessary information-age compromise between the constitutional right to
privacy and the traditional powers of law-enforcement officials.

  The Clinton administration intends to use Clipper, which it is trying to
promote as an industry standard, for the government's sensitive non-military
communications.  The federal government is the nation's largest purchaser
of information technology. 

  But industry executives have resisted adopting Clipper's electronic
"backdoor," which is designed for legal wiretapping of communications, could
make it subject to abuse by the government or unscrupulous civilian computer
experts, who might eavesdrop without first obtaining a court order and the
electronic "keys" that are to be held in escrow by two government agencies.
Privacy-rights advocates have cited similar concerns.

  Industry executives also have worried that making Clipper a federal
government standard would be a first step toward prescribing the technology
for private industry or requiring that it be included in sophisticated
computing and communications that are to be exported.

Secret conversations

  Blaze said that the flaw he discovered in the Clipper design would not
permit a third party to break a coded computer conversation.  But it would 
enable two people to have a secret conversation that law-enforcement officials
could not unscramble.  And that could render Clipper no more useful to the
government than encryption technology already on the market to which it does
not hold the mathematical keys.

  "Nothing I've found affects the security of the Clipper system from the
point of view of people who might want to break the system," Blaze said 
Wednesday.  "This does quite the opposite, Somebody can use it to circumvent
the law-enforcement surveillance mechanism."

  Blaze said that several simple changes to the Clipper design could correct 
the flaw but that they might be difficult to adopt because they would require
the government to start over in the designing of Clipper.

  The government has already begun ordering telephones containing the Clipper
chip for use by federal agencies, and it is designing another Clipper-based
device, called the Tessera card, for use in personal computers.

  Hellman at Stanford said that the government was counting on most crooks and
terrorists not to go to the trouble of modifying the Clipper design or
otherwise seeking to disable it - fi they used it at all.

System not subverted

  One computer scientist who has been a proponent of the Clipper plan and who
is familiar with Blaze's paper said that the flaw would not immediately subvert
the system.

  "I don't think this undermines the Clipper," said Dorthy Denning, a computer
scientist at Georgetown University and part of a team chosen by the government
to evaluate the technology.  "But it's good to know what the vulnerabilities
are."

  Clipper was designed by researchers at the National Security Agency in 
cooperation with computer scientists at the National Institute of Standards
and Technology, a civilian agency that is responsible for setting computer
standards for non-military government applications.

  The Clipper chip is known as an "escrowed encryption system."  It is designed
so that law-enforcement officials wishing to eavesdrop on Clipper-encoded
communications must present a court warrant and a special number - or key -
generated by a Clipper chip to two separate government agencies.  Each of the
agencies would hold portions of a special number, which can be used together 
to decode the conversation.






From werner at mc.ab.com  Thu Jun  2 08:46:25 1994
From: werner at mc.ab.com (tim werner)
Date: Thu, 2 Jun 94 08:46:25 PDT
Subject: PGP 2.6 FAQ
Message-ID: <199406021546.LAA15890@sparcserver.mc.ab.com>


>Date: Thu, 2 Jun 94 10:56:11 -0400
>From: Hal Abelson <hal at martigny.ai.mit.edu>
>To: cypherpunks at toad.com
>
>People at MIT coordinating the PGP 2.6 release are Jeff Schiller, MIT
>Network Manager; Hal Abelson, Prof. of Computer Science and
>Engineering; Brian LaMacchia, graduate student in Computer Science;
                    ~~~~~~~~~
>and Derek Atkins, graduate student in Media Arts and Sciences.
>Support from the MIT administration was provided by Jim Bruce, MIT
>Vice-President for Information Systems; David Litster, MIT
>Vice-President and Dean for Research; Karen Hersey, MIT Intellectual
>Property Counsel; and John Preston, MIT Director of Technology
>Development.

Stoopid question: is the above-mentioned LaMacchia any relation to the
LaMacchia who got busted for running the illicit fsp site?

Just curious.

tw






From hughes at ah.com  Thu Jun  2 08:46:31 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 2 Jun 94 08:46:31 PDT
Subject: News Flash: Clipper Bug?
In-Reply-To: <9406021445.AA17436@io.lrcs.loral.com>
Message-ID: <9406021554.AA05918@ah.com>


   >Its not pre-encryption. He's actually getting around the key escrow
   >features and using Skipjack in a secure manner. Its very slick.

   I've been saying it can be done for more than a year. 

This is different.  Matt's technique can be used to interoperate with
a _compliant_ device on the other end.  Only modification to your own
end is required.

Matt, on this list, will respond at some point to be determined with
the involvement of corporate lawyers.

Eric





From hughes at ah.com  Thu Jun  2 08:49:20 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 2 Jun 94 08:49:20 PDT
Subject: patent musings
Message-ID: <9406021557.AA05939@ah.com>


I wonder what would happen if Micali sold his patent to RSADSI?  Might
there be another turnaround as with Schnorr/DSA?

Eric





From perry at imsi.com  Thu Jun  2 08:52:30 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 2 Jun 94 08:52:30 PDT
Subject: IMP (was Re: ecash-info (fwd))
In-Reply-To: <9406021538.AA05856@ah.com>
Message-ID: <9406021552.AA02177@snark.imsi.com>



I agree with virtually everything Eric says with one small exception...

Eric Hughes says:
>    E-cash is critical
>    because of it's efficiency.  
> 
> Almost all the efficiency comes from the fact that it's electronic,
> not that it's cash.  It is true that cash systems more quickly
> consolidate receivables, but the advantage over paper is _relatively_
> small.

The advantage is that its electronic AND that its secure. Since its
secure, the intermediation costs drop dramatically as the possibility
of fraud goes down. One could do electronic payments with credit cards
and email right now -- but the costs would be pretty bad.

There is another advantage you've glossed over, which is the fact that
since fraud is difficult, anyone, not just vendors, could receive
payment. (Vendor fraud is a huge cost in credit cards.)

I agree, however, that any truly secure electronic payments system has
these advantages -- anonymity isn't needed to gain most of the cost
benefits. I'll also note, by the way, that the stupid smartcard
systems that simply rely on "tamperproof" (ha!) cards that "know"
balances aren't going to have especially lower costs than credit cards
-- increased fraud might even raise costs! A truly secure system has
an enormous advantage over such systems.

Perry





From smb at research.att.com  Thu Jun  2 09:23:42 1994
From: smb at research.att.com (smb at research.att.com)
Date: Thu, 2 Jun 94 09:23:42 PDT
Subject: News Flash: Clipper Bug?
Message-ID: <9406021623.AA19701@toad.com>


	 Information *will* be forthcoming. Hang on.

Perry's right.  Several of us have seen Matt's paper, and the attacks
really do work.  (Even NSA admits that.)  But out of courtesy to Matt,
we'd rather leave it to him to discuss the details.


		--Steve Bellovin





From hughes at ah.com  Thu Jun  2 09:25:16 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 2 Jun 94 09:25:16 PDT
Subject: IMP (was Re: ecash-info (fwd))
In-Reply-To: <9406021552.AA02177@snark.imsi.com>
Message-ID: <9406021633.AA06028@ah.com>


   The advantage is that its electronic AND that its secure. Since its
   secure, the intermediation costs drop dramatically as the possibility
   of fraud goes down. 

But it is also possible to make systems that are secure and
non-anonymous.  Admittedly, I spoke of "identity-based systems", which
is not quite right.  Rather I should have said "identifying systems",
which include the identity but do not rely upon it alone to verify
payment, as do credit cards, say.  These kinds of systems can be just
as secure and completely lack anonymity.  

To pick just one, consider certified digital checks.  The drawer
writes a check, the bank certifies it (and puts a hold on the
account), the check is transmitted and deposited.  Secure, low level,
and totally identifying.

   One could do electronic payments with credit cards
   and email right now -- but the costs would be pretty bad.

I agree.  There's an interesting parallel.  As it turns out, credit
card fraud is _dropping_, because of various educational programs and
anti-fraud measures.  The one segment that credit card fraud is
increasing is in technical card forgery, which is way up.
Transmitting card numbers electronically over the Internet can only
exacerbate that problem.

Eric





From dave at marvin.jta.edd.ca.gov  Thu Jun  2 09:42:12 1994
From: dave at marvin.jta.edd.ca.gov (Dave Otto)
Date: Thu, 2 Jun 94 09:42:12 PDT
Subject: IMP (was Re: ecash-info (fwd))
In-Reply-To: <9406021633.AA06028@ah.com>
Message-ID: <9406021641.AA02889@marvin.jta.edd.ca.gov>


on Thu, 02 Jun 1994 09:33:23 -0700  hughes at ah.com wrote:
> Transmitting card numbers electronically over the Internet can only
> exacerbate that problem.
> 

Yes, if transmitted in the clear, PGP is legal now :-).  Vendors on the
net need to be pushed to use encryption.

        Dave Otto -- dave at marvin.jta.edd.ca.gov -- daveotto at acm.org
    "Pay no attention to the man behind the curtain!"     [the Great Oz]
    {I *DO* have a life, it's just that my kids are using it right now!}





From exabyte!gedora!mikej2 at uunet.uu.net  Thu Jun  2 09:45:43 1994
From: exabyte!gedora!mikej2 at uunet.uu.net (Mike Johnson second login)
Date: Thu, 2 Jun 94 09:45:43 PDT
Subject: Where to get PGP
In-Reply-To: <m0q98p0-001JJ9C@sunforest.mantis.co.uk>
Message-ID: <Pine.3.89.9406021015.C6180-0100000@gedora>




On Thu, 2 Jun 1994, mathew wrote:

> >Dos & Unix | mathew@    | 2.6ui    | Uses RSAREF.  Not for use in any
> >           | mantis.co  |          | application that you get paid for.
> 
> No, no, no!  My release uses no RSAREF code at all.  Definitely not.

OUCH!  Sorry, Mathew!  I'll release a correction!







From lefty at apple.com  Thu Jun  2 09:45:45 1994
From: lefty at apple.com (Lefty)
Date: Thu, 2 Jun 94 09:45:45 PDT
Subject: CEB 5 - The Hangover
Message-ID: <9406021640.AA03101@internal.apple.com>


>    Its sort of like bringing home a rabbit for supper & everybody
>    dumps on you cause it wasn't a moose.
>
>It looked more like someone saying "Hey!  Let's have rabbit for
>dinner!  Now, you there, go kill us a rabbit.  And you, over there,
>start a fire.  And you..."  I realize that you think that you brought
>a rabbit home, but others seem to think that you only brought a menu.

No, Mr. Jeffers is _too_ _busy_ debugging his TSR to bring a menu.  He
thinks it would be a terrific idea, though, and is beside himself that no
one has rushed out and invested their savings into buying a desktop
publishing system to produce a menu, and then opening a restaurant to
provide the cookware and the kitchen needed to prepare the rabbit which
_he_ has decided _we_ all need to eat.

For someone who professes to want to "beat the State", Mr. Jeffers seems to
have a lot of personal energy invested in trying to get people to do what
he says...

As Tim has pointed out with his usual grandmotherly kindness, the "CEB" is
hardly an original idea.  Every three or four months, someone new runs in
and shouts, "Hey, kids!  Let's put on a _show_!"  Mr. Jeffers will, sadly,
not be the last, I suspect.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From gtoal at an-teallach.com  Thu Jun  2 10:02:19 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 2 Jun 94 10:02:19 PDT
Subject: PGP 2.6 FAQ
Message-ID: <199406021700.SAA25323@an-teallach.com>


	>Engineering; Brian LaMacchia, graduate student in Computer Science;
	                    ~~~~~~~~~
	Stoopid question: is the above-mentioned LaMacchia any relation to the
	LaMacchia who got busted for running the illicit fsp site?

Yes, Brian is the elder brother.  I asked him right after David
was charged if he thought there was any connection, like using his
brother to put pressure on him about the key servers.  He said he
was fairly sure it was entirely independent.  Personally I don't
rule out MIT internecine warfare and personal grudges.  University
politics can get as dirty as the real thing at times, but I think
we can rule out *real* politics in this.

G





From gtoal at an-teallach.com  Thu Jun  2 10:04:13 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 2 Jun 94 10:04:13 PDT
Subject: News Flash: Clipper Bug?
Message-ID: <199406021704.SAA25398@an-teallach.com>


smb wrote:
	Perry's right.  Several of us have seen Matt's paper, and the attacks
	really do work.  (Even NSA admits that.)  But out of courtesy to Matt,
	we'd rather leave it to him to discuss the details.

One thing this shows, even if the application of the technique turns out
to be too difficult to be practical, is that Dorothy Denning's evaluation
of the design was worthless.  That team should have found this themselves.
No wonder she was trying to play it down in the NYT.

G





From nobody at kaiwan.com  Thu Jun  2 10:08:50 1994
From: nobody at kaiwan.com (Anonymous)
Date: Thu, 2 Jun 94 10:08:50 PDT
Subject: PGP 2.6 FAQ
Message-ID: <199406021708.KAA05113@kaiwan.kaiwan.com>


tim werner at mc.ab.com wrote:
 
>Stoopid question: is the above-mentioned LaMacchia any relation to the
>LaMacchia who got busted for running the illicit fsp site?
 
Yes; it's his brother.





From mpd at netcom.com  Thu Jun  2 10:11:04 1994
From: mpd at netcom.com (Mike Duvos)
Date: Thu, 2 Jun 94 10:11:04 PDT
Subject: Pedophiles in Cyberspace
Message-ID: <199406021710.KAA21953@netcom.com>


Duncan Frissell <frissell at panix.com> writes:

 > The WSJ op ed page today has an article on the 1st
 > Amendment in Cyberspace by Stephen Bates that focusses
 > (analytically) on pedophiles and Usenet.  It is not
 > hysterically negative but discusses the "downside" of our
 > technology.

Just what the world needs.  Another reporter who spends a short
time on Usenet and emerges to proclaim to the clueless masses
that the Internet is bursting at the seams with child porn GIFs
and that the pedophiles are frolicking uncontrollably.

While it would be difficult to list all the inaccuracies and
misstatements of fact contained in Steven Bates' WSJ article in a
single message, the following leap out at even the most
inexperienced Internet user.

The newsgroup, alt.sex.pedophile.mike-labbe, originally formed to
discuss the legal problems of a BBS Sysop, is almost dead and
averages no more than a few posts a week.  While pictures are
occasionally posted, they are almost without exception art taken
from legal sources.  While some messages have been posted which
might seem to solicit illegal activity, such messages are
regularly flamed by other readers of the group, and illegal
activity is discouraged.  Calling this group "alt.sex.pedophile"
and characterizing it as the Internet's official distribution
point for illegal child porn is a gross misrepresentation of
reality.

The newsgroup, alt.sex.intergen, formed to discuss issues
surrounding intergenerational relationships, including those
between adults and minors, is represented as a place where
pedophiles congregate to plot their evil deeds.  But discussion
of the sexual rights of minors is only one issue covered under
the alt.sex.intergen charter and it would be ludicrous to suggest
that pedophiles are the only people to whom such issues are
important.  You don't have to be a member of a sexual minority to
find fault with American sex and censorship laws, and such issues
are discussed by people representing all ages, sexual
orientations, and professions.  Taking a few lurid-sounding
quotes out of context from many months of postings does little to
correctly convey the tone of this newsgroup.

Mr. Bates repeats the popular myth that Europe is some bastion of
readily available child porn easily accessed via the Internet.
This is simply not the case.  All the European and Scandinavian
countries now have laws against distributing such material with
severe penalities for violations.  With the large number of
American net.cops trolling the Internet looking for illegal
pornography and the cooperation of foreign law enforcement
agencies in shutting down sites, no such operation could stay in
business for long.

The comparison the article makes between "advocating pedophilia"
and Holocaust Revisionism should be equally offensive to Jews and
non-Jews alike.  Suggesting that teenagers should have the right
to choose their own sexual partners cannot be compared to denying
the deliberate killing of six million men, women, and children.

Dr. Fred Berlin, who should have known better, is quoted in the
article as suggesting that people in general, and pedophiles in
particular, are prone to do in real life everything they
contemplate in fantasy.  Since the world of fantasy is largely
devoid of the moral and social inhibitions which constrain our
real-world behavior, this is unlikely to be the case.  Since Dr.
Berlin is the world's foremost authority on the treatment of
paraphilias, we should give him the benefit of the doubt and
assume he was either quoted out of context, or like Ken Udut,
deliberately misled as to the purpose for which his comments were
being solicited.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From catalyst-remailer at netcom.com  Thu Jun  2 10:12:59 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Thu, 2 Jun 94 10:12:59 PDT
Subject: New MacPGP
Message-ID: <199406021712.KAA02826@netcom.com>


Eric writ,

>I deleted it.

Enough said. BTW, BinHexed files are pure ascii.

 -=GuEsS WhO=-





From gtoal at an-teallach.com  Thu Jun  2 10:13:55 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 2 Jun 94 10:13:55 PDT
Subject: CEB 5 - The Hangover
Message-ID: <199406021712.SAA25607@an-teallach.com>


: For someone who professes to want to "beat the State", Mr. Jeffers seems to
: have a lot of personal energy invested in trying to get people to do what
: he says...

Well, if he *really really* wants it that much, and the only thing stopping
him is lack of expertise, then I'll do the work for him for two hundred dollars
a day.  (That's my cheap rate for fill-in work while I'm idle, which I may
well be in a couple of months time...)

G





From perry at imsi.com  Thu Jun  2 10:34:12 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 2 Jun 94 10:34:12 PDT
Subject: what I can say...
Message-ID: <9406021734.AA16072@webster.imsi.com>


Having seen Matt's paper, and having been asked by him not to
distribute it, I feel somewhat obligated not to give any details. The
complete method can actually be determined from the newspaper article
(which was astonishingly lucid, all things considered) but having been
"mentally contaminated" its not ethical for me to describe
it. However, I'll say this.

1) He found a beautiful little defect -- it can be explained in a
   couple of lines, and it seems obvious, but somehow no one but Matt
   saw it. Its a classic -- he deserves lots of kudos. It permits full
   interoperability between a "rogue" Tessera user and a
   non-rogue user.
2) Its likely that a redesign of the EES (escrowed encryption
   standard) could avoid this defect. Whether it could avoid all
   defects is, of course, unknowable -- but the current design is
   simply flawed and does not truly achieve its stated goal.
3) If the NSA actually worked for years designing this thing, someone
   wasn't thinking.

Perry





From perry at imsi.com  Thu Jun  2 10:47:55 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 2 Jun 94 10:47:55 PDT
Subject: Pedophiles in Cyberspace
In-Reply-To: <199406021710.KAA21953@netcom.com>
Message-ID: <9406021745.AA02447@snark.imsi.com>



Mike Duvos says:
> Duncan Frissell <frissell at panix.com> writes:
> 
>  > The WSJ op ed page today has an article on the 1st
>  > Amendment in Cyberspace by Stephen Bates that focusses
>  > (analytically) on pedophiles and Usenet.  It is not
>  > hysterically negative but discusses the "downside" of our
>  > technology.
> 
> Just what the world needs.  Another reporter who spends a short
> time on Usenet and emerges to proclaim to the clueless masses
> that the Internet is bursting at the seams with child porn GIFs
> and that the pedophiles are frolicking uncontrollably.

I must disagree. His analysis that discussion by pedophiles on
alt.sex.intergen is likely 100% covered by the first amendment was a
statment we would all agree with. I'd say his article was more on the
lines of "here are problems" not "here are problems -- lets regulate
the net". He didn't appear to be advocating any new laws or law
enforcement activities. I thought that the article was a bit of a
downer, but it was hardly horrifying. Indeed, I'd say it was quite
well written.

Perry





From sinclai at ecf.toronto.edu  Thu Jun  2 10:52:25 1994
From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N)
Date: Thu, 2 Jun 94 10:52:25 PDT
Subject: News Flash: Clipper Bug?
In-Reply-To: <199406021704.SAA25398@an-teallach.com>
Message-ID: <94Jun2.135210edt.13307@cannon.ecf.toronto.edu>


> One thing this shows, even if the application of the technique turns out
> to be too difficult to be practical, is that Dorothy Denning's evaluation
> of the design was worthless.  That team should have found this themselves.
> No wonder she was trying to play it down in the NYT.

It was my understanding that Denning was just looking at the Skipjack
algorithm, and not the clipper unit as a whole.  I wouldn't be too quick
to condemn her on this point.





From gtoal at an-teallach.com  Thu Jun  2 11:02:59 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 2 Jun 94 11:02:59 PDT
Subject: what I can say...
Message-ID: <199406021757.SAA26680@an-teallach.com>


	From: "Perry E. Metzger" <perry at imsi.com>

	3) If the NSA actually worked for years designing this thing, someone
	   wasn't thinking.

I still maintain that the FOIA'd docs extracted by gnu imply that there's a
*real* backdoor as well as the key escrow, and I suspect the key escrow/
Law Enforcement Abuse Field stuff was hurriedly tacked on as an afterthought.
Personally I wouldn't rely on clipper ever *with* a private session key.

G





From perry at imsi.com  Thu Jun  2 11:03:56 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 2 Jun 94 11:03:56 PDT
Subject: News Flash: Clipper Bug?
In-Reply-To: <94Jun2.135210edt.13307@cannon.ecf.toronto.edu>
Message-ID: <9406021803.AA02484@snark.imsi.com>



SINCLAIR DOUGLAS N says:
> > One thing this shows, even if the application of the technique turns out
> > to be too difficult to be practical, is that Dorothy Denning's evaluation
> > of the design was worthless.  That team should have found this themselves.
> > No wonder she was trying to play it down in the NYT.
> 
> It was my understanding that Denning was just looking at the Skipjack
> algorithm, and not the clipper unit as a whole.  I wouldn't be too quick
> to condemn her on this point.

I'll also note that as embarassing as Matt's discovery is, we must
continue to focus on the inherent flaw in the very concept of EES,
rather than on any particular technical flaw. The number of flaws we
can find with public information is limited, and NSA can always
bullshit congressmen until they give up. Besides, technical flaws can
be repaired. If people oppose the CONCEPT of the EES, then it makes no
difference how well implemented it is.

However, I really have to say, Matt's hack is still NEAT!

Perry





From jim at bilbo.suite.com  Thu Jun  2 11:06:31 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Thu, 2 Jun 94 11:06:31 PDT
Subject: CEB 5 - The Hangover
Message-ID: <9406021804.AA20814@bilbo.suite.com>



>>It looked more like someone saying "Hey!  Let's have rabbit for
>>dinner!  Now, you there, go kill us a rabbit.  And you, over there,
>>start a fire.  And you..."  I realize that you think that you brought
>>a rabbit home, but others seem to think that you only brought a menu.
>
>No, Mr. Jeffers is _too_ _busy_ debugging his TSR to bring a menu.  He


Come on, cut the guy some slack!  He fucked up and got suitably flamed.   
There's no need to pile it on.


Jim_Miller at suite.com





From tcmay at netcom.com  Thu Jun  2 11:07:27 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 2 Jun 94 11:07:27 PDT
Subject: Black Eye for NSA, NIST, and Denning
In-Reply-To: <9406021623.AA19701@toad.com>
Message-ID: <199406021806.LAA02504@netcom.com>



> 	 Information *will* be forthcoming. Hang on.
> 
> Perry's right.  Several of us have seen Matt's paper, and the attacks
> really do work.  (Even NSA admits that.)  But out of courtesy to Matt,
> we'd rather leave it to him to discuss the details.
> 
> 
> 		--Steve Bellovin

If Matt's attack works, and Clipper/Capstone/Tessera/etc. has to be
redesigned, some issues are pretty apparent:

* the NSA _apparently_ fell down on the job...where was their own
"Tiger Team" trying to break the proposed system?

* ditto for the whitewash by the "Blue Ribbon Panel," the one that
Dorothy Denning was on (chaired?) and that met for a _whole weekend_
(wow!) to bless the Capstone algorithm. Not that I really expected
otherwise.

* Combined with Micali's talk of a lawsuit, the slow acceptance of
Clipper (Cypherpunks and others have helped to make Clipper a very
dirty word, thus slowing any corporate acceptance that I suspect the
NSA was hoping for), and these problems, the Clipper program seems to
be in disarray.

So, NSA's vaunted crypto capabilities seem to be waning. (I'm sure
there are still many competent folks at the Fort, of course.) Their
venture in to the commercial world seems pretty flawed.

Which is good. And this stumblebum episode can be exploited by us.

At the risk of sounding like the tmp'ararily insane one, "hee hee."


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From wcs at anchor.ho.att.com  Thu Jun  2 11:14:45 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 2 Jun 94 11:14:45 PDT
Subject: News Flash: Clipper Bug?
Message-ID: <9406021813.AA10894@anchor.ho.att.com>


gtoal writes:
> One thing this shows, even if the application of the technique turns out
> to be too difficult to be practical, is that Dorothy Denning's evaluation
> of the design was worthless.  That team should have found this themselves.
> No wonder she was trying to play it down in the NYT.

Dorothy's group was highly worthwhile; you just have to understand
the objectives :-)  It produced a fine interim report describing
how strong the strong part of the Clipper system was,
making it politically easier for the NIST to declare their stuff
to be a standard blessed by experts.  The evaluation of the whole
Clipper system, beyond just the SkipJack algorithm itself,
will supposedly be in the final report, which will supposedly be out
Real Soon Now, according to a conversation I had with her in March.

I suspect that report is either being hastily revised (:-),
or else they had already discovered it and were stalling to see if
anyone else had, or they had seen Matt's draft and have already written
the revisions but were waiting to see if he could get it published.
On the other hand, maybe they've discovered one of the other N 
technical weaknesses in Clipper, or had given the system a negative
review and aren't getting support from NIST to release it,
or some other amusing variant.

Meanwhile, way to go, Matt!  Both for doing the analysis,
and for getting the material to the press effectively -
and also way to go John Markoff!  (Out here in the San Francisco
Chronicle, it only made the bottom half of Page 1 Column 1;
haven't seen the San Jose Murky News yet.)

		Bill





From wcs at anchor.ho.att.com  Thu Jun  2 11:23:33 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 2 Jun 94 11:23:33 PDT
Subject: News Flash: Clipper Bug?
Message-ID: <9406021822.AA11015@anchor.ho.att.com>


> Here is what the article on the upper right hand side of this morning's 
> New York Times says:
> 
> "To defeat the system, Dr. Blaze programmed a 'rouge' unit to test 
> thousands of LEAF's.  Once he found a valid key, he inserted it in place 

I assume 'rouge' is a typo - Matt's paper was talking about
rogue units, rather than Commies or makeup-artists :-)

One weakness in the weakness is that most Clippersystems
appear to be designed to use the same session key in each direction,
so both ends have to be privacy-protected versions to prevent
wiretapping, since a non-rogue LEAF from either end will give away the key.

But it's a good start, and ought to be exploited for all the
political mileage we can get out of it.... and it's not surprising
that security in a conversation is everybody's job...

		Bill
		





From perry at imsi.com  Thu Jun  2 11:27:11 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 2 Jun 94 11:27:11 PDT
Subject: LEAF forgery
Message-ID: <9406021826.AA16847@webster.imsi.com>


Matt gave me permission to explain the technical details of the paper.

This is the hack. Its idiotically simple.

According to the paper, because of the nature of the communications
involved, the Capstone chip is forced to accept as valid any LEAF with
the right 16 bit checksum. Note that the LEAF contains only the the
chip's ID, the key encrypted in the chip's "secret never to be
divulged except by escrow" key, and this checksum, all encrypted with
the family key.  Since the other chip lacks the "supersecret" key,
it can't check that the session key matches the encrypted session key.
It relies on the checksum for everything. That checksum is a silly 16
bits long.

Thus, you just have to try about 2^15 random LEAFs and you can get one
that works. You can even precompute them if you wish. Its that simple.
Then all you do is send the rogue LEAF instead of a legitimate one. 

Matt Blaze should be commended for finding such a big hole. As with
most such ideas, its obvious in retrospect but took some good thought
to come up with in the first place.

Let me say also that the NSA should feel highly embarassed. They
fucked up big time. My terror of them from a few days ago when we
heard the Russian Coup intercept story has lessened. Even if they are
years ahead of us, they are still human.


Perry


PS There are also a bunch of neat techniques out there for the "lets
say that you don't care about interoperating" case, but they are
naturally less general.





From perry at imsi.com  Thu Jun  2 11:45:10 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 2 Jun 94 11:45:10 PDT
Subject: what I can say...
In-Reply-To: <199406021757.SAA26680@an-teallach.com>
Message-ID: <9406021844.AA02568@snark.imsi.com>



Graham Toal says:
> 	From: "Perry E. Metzger" <perry at imsi.com>
> 
> 	3) If the NSA actually worked for years designing this thing, someone
> 	   wasn't thinking.
> 
> I still maintain that the FOIA'd docs extracted by gnu imply that there's a
> *real* backdoor as well as the key escrow,

Could you point out the lines that you believe imply this?

> Personally I wouldn't rely on clipper ever *with* a private session key.

I would agree, but only because I'm paranoid.

Perry





From collsc at snowbird.aud.alcatel.com  Thu Jun  2 11:51:03 1994
From: collsc at snowbird.aud.alcatel.com (Scott Collins)
Date: Thu, 2 Jun 94 11:51:03 PDT
Subject: LEAF forgery
Message-ID: <9406021850.AA26520@snowbird.aud.alcatel.com>


 
[Matt's wonderful LEAF forgery hack deleted]

> Matt Blaze should be commended for finding such a big hole. As with
> most such ideas, its obvious in retrospect but took some good thought
> to come up with in the first place.
> 

Indeed.  Is he now working furiously on a fix for this "big hole" which
he can then patent and refuse to license to Big Brother?

> Let me say also that the NSA should feel highly embarassed. They
> fucked up big time. My terror of them from a few days ago when we
> heard the Russian Coup intercept story has lessened. Even if they are
> years ahead of us, they are still human.
> 

This is true, although difficult to remember sometimes.

+--------------------------------------------------------------------------+
|Scott Collins                                      Alcatel Network Systems|
|collsc at aud.alcatel.com                                   Richardson, Texas|
|    Even if my employers agreed with this, they would never admit it.     |
|      GCS d? -p+ c++@ l u e- m* s+/ n- h+ f? g-(+++) w+@ t-- r- y?        |
+--------------------------------------------------------------------------+





From smb at research.att.com  Thu Jun  2 12:01:45 1994
From: smb at research.att.com (smb at research.att.com)
Date: Thu, 2 Jun 94 12:01:45 PDT
Subject: Matt Blaze's Clipper attack -- details
Message-ID: <9406021901.AA22805@toad.com>


I spoke with Matt Blaze; he gave me permission to post a summary of his
attacks.  But the paper is not yet available for ftp.

Matt's work was done using a prototype Tessera card, with a SCSI-PCMCIA
interface on a Sun 4.  That may (or may not) have implications for some
of the performance numbers.

There are two classes of ways to foil key escrow.  The less interesting
class of attacks are non-interoperable.  That is, two rogue
implementations can talk security, but can't talk to a conforming key
escrow device.  But there's another attack possible, wherein a rogue
application talks to a conforming device, but without presenting a
valid LEAF.

The LEAF contains a 32 bit unit id, an 80-bit session key encrypted
with the per-device secret key, and a 16 bit checksum.  The whole thing
is encrypted with the family key.  The checksum field is based on both
the session key and the IV.  A receiving device will not decrypt unless
it's handed a valid LEAF.  But it can only base its judgment on the
checksum and on its external knowledge of the key and IV; the actual
key in the LEAF is encrypted in a way that it cannot read.  LEAFs are
sent out of band by the application; they're not concealed in the
encrypted data stream.

Non-interopable applications work by generating a LEAF/IV pair and not
transmitting it.  (Users cannot control the IV; the Tessera interface
(and maybe the Capstone chip) generates it.)  The receiving end does
the same thing.  You don't need an IV for ECB mode, so you have at
least some access to Skipjack that way.  But that's too slow; at least
in the configuration tested, it took ~50 ms to do an ECB encryption.

In CBC mode, if you have the wrong IV, the first block of plaintext
will be garbled.  But the error recovery properties of CBC guarantee
that all subsequent blocks will be decrypted correctly.  (Derivation is
left as an exercise for the reader.)  The solution, then, is simple:
just pad your messages with an 8-byte garbage header.

OFB and CFB modes can be implemented as well.  The obvious way is via
ECB mode, but that's too slow.  It turns out that with a bit of work,
you can use CBC mode as a primitive to build OFB and CFB.  I'll
describe that if anyone's really interested.

The more interesting attack on key escrow is a rogue implementation
that can interoperate with a conforming one.  The checksum is only 16
bits; it's possible to brute-force it.  That is, generate random
128-bit strings, and see if your own Tessera card will accept it as a
valid LEAF.  Again, recall that it knows only the unencrypted key and
the IV.  On average, you'll find a hit in 2^15 tries; at 50 ms per try,
that's 28 minutes.  You can speed this up by running in parallel with
multiple Tessera cards.

		--Steve Bellovin





From Richard.Johnson at Colorado.EDU  Thu Jun  2 12:03:54 1994
From: Richard.Johnson at Colorado.EDU (Richard Johnson)
Date: Thu, 2 Jun 94 12:03:54 PDT
Subject: PGP 2.6 FAQ
In-Reply-To: <199406021700.SAA25323@an-teallach.com>
Message-ID: <199406021858.MAA24832@spot.Colorado.EDU>


  From the keyboard of:  gtoal at an-teallach.com (Graham Toal)

> Personally I don't
> rule out MIT internecine warfare and personal grudges.  University
> politics can get as dirty as the real thing at times, but I think
> we can rule out *real* politics in this.

"University politics is so vicious simply because there is so little at
stake." <-- reasonable accurate misquote

University politics are normally much dirtier than the real thing, and
much harder to stay out of if you spend more than 4 years at an
institution.  The battles over office space alone can make smear
campaigns via TV ads in a congressional race look like a friendly
debate.

Still, it seems from the outside that there wasn't much toe-stepping
going on at MIT with regard to their PGP release.  That's nice to see.
Perhaps, for once, the internal politics were calmer than the external
storm of paranoia?  :-)


Richard






From perry at imsi.com  Thu Jun  2 12:24:30 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 2 Jun 94 12:24:30 PDT
Subject: Matt Blaze's Clipper attack -- details
In-Reply-To: <9406021901.AA22805@toad.com>
Message-ID: <9406021924.AA02639@snark.imsi.com>



smb at research.att.com says:
> The LEAF contains a 32 bit unit id, an 80-bit session key encrypted
> with the per-device secret key, and a 16 bit checksum.  The whole thing
> is encrypted with the family key.  The checksum field is based on both
> the session key and the IV.

I'll point out that Matt concluded this based on empirical analysis of
LEAFs and IVs, no available documentation describes the nature of the
checksum. (More kudo's to Matt).

BTW, LEAF/IV pairs are manipulated by Tessera as a single operation. I
suppose this is, in retrospect, a big hint.

The observation that non-synchronized IVs pose little or no problem
was also another "damn; that should have been obvious" that Matt
picked up on and no one else got. I suppose the fact that the NSA
folks mixed the IV into the checksum meant that they thought
non-synchronized IVs would be more significant than they are.

Perry

PS Matt, you now have 14 more minutes of fame remaining. :-)





From wcs at anchor.ho.att.com  Thu Jun  2 12:39:40 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 2 Jun 94 12:39:40 PDT
Subject: Black Eye for NSA, NIST, and Denning
Message-ID: <9406021851.AA11330@anchor.ho.att.com>


Keywords: rant

Tim writes:

> If Matt's attack works, and Clipper/Capstone/Tessera/etc. has to be
> redesigned, some issues are pretty apparent:

Capstone/Tessera already had to be redesigned to use the
new Secure Hash Standard revision (one can speculate about
whether the NSA's revision was to remove an old weakness or 
install a new one, or both :-)

Of course, if they do redesign Clipper instead of junking it,
the chances of them making it *more* genuinely secure
by having the two wiretap keys installed separately
instead of having them combined (and probably stolen) by the NSA
and then the XOR loaded in are probably pretty low...
 
> * Combined with Micali's talk of a lawsuit, the slow acceptance of
> Clipper (Cypherpunks and others have helped to make Clipper a very
> dirty word, thus slowing any corporate acceptance that I suspect the
> NSA was hoping for), and these problems, the Clipper program seems to
> be in disarray.

It's especially enjoyable seeing that coming from Micali    -
his patent on "Fair Cryptosystems" is just *dripping* with
the collectivist use of "fair" as meaning "Do what we tell you".
His system also fails to carry out the claims made by his patent
that say it permits the government to access the keys of suspected
lawbreakers while protecting the privacy of law-abiding users,
unless you accept the Ed Meese position that people who are
law-biding aren't suspects...

> So, NSA's vaunted crypto capabilities seem to be waning. 
> (I'm sure there are still many competent folks at the Fort, of course.)
> Their venture into the commercial world seems pretty flawed.

While the SHS problems are crypto-related, the primary incapabilities
of the NSA's Clipper project aren't technical, but political - 
they're trying to tell the public "We don't trust you,
but you can trust us, because we're from the Government
and we're here to help you!", which is a hard sell for anyone :-)

		Bill
		





From mpd at netcom.com  Thu Jun  2 12:49:48 1994
From: mpd at netcom.com (Mike Duvos)
Date: Thu, 2 Jun 94 12:49:48 PDT
Subject: Pedophiles in Cyberspace
Message-ID: <199406021949.MAA28067@netcom.com>


Perry E. Metzger <perry at imsi.com> writes:

 > Mike Duvos says:
 >> Just what the world needs.  Another reporter who spends a short
 >> time on Usenet and emerges to proclaim to the clueless masses
 >> that the Internet is bursting at the seams with child porn GIFs
 >> and that the pedophiles are frolicking uncontrollably.

 > I must disagree. His analysis that discussion by pedophiles
 > on alt.sex.intergen is likely 100% covered by the first
 > amendment was a statment we would all agree with.

Mr. Bates lukewarm acknowlegement that the First Ammendment
protects such discussions hardly mitigates his other inaccuracies
and in any case, is not at odds with my statement above.

 > I'd say his article was more on the lines of "here are
 > problems" not "here are problems -- lets regulate the net".
 > He didn't appear to be advocating any new laws or law
 > enforcement activities.

No.  He was just attempting to convince the numerous readers of
the Wall Street Journal that Usenet has a "child porn newsgroup"
filled with the stuff and accessible to everyone on the net.
Once this incorrect notion is sold to the American public, new
laws will follow of their own accord, without need of any further
help from Mr. Bates.

 > I thought that the article was a bit of a downer, but it was
 > hardly horrifying. Indeed, I'd say it was quite well
 > written.

Only in the sense of being grammatically correct.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From gtoal at an-teallach.com  Thu Jun  2 13:08:08 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Thu, 2 Jun 94 13:08:08 PDT
Subject: News Flash: Clipper Bug?
Message-ID: <199406022007.VAA03682@an-teallach.com>


: > One thing this shows, even if the application of the technique turns out
: > to be too difficult to be practical, is that Dorothy Denning's evaluation
: > of the design was worthless.  That team should have found this themselves.
: > No wonder she was trying to play it down in the NYT.

: It was my understanding that Denning was just looking at the Skipjack
: algorithm, and not the clipper unit as a whole.  I wouldn't be too quick
: to condemn her on this point.

In which case it exposes the sham terms of reference that the committee
accepted to work under.  Either way, they lose.

G





From mpj at netcom.com  Thu Jun  2 13:11:53 1994
From: mpj at netcom.com (Michael Paul Johnson)
Date: Thu, 2 Jun 94 13:11:53 PDT
Subject: Where to get PGP (correction on PGP 2.6ui)
Message-ID: <199406022011.NAA21975@netcom14.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----


WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP)
(Last modified: 2 June 1994 by Mike Johnson)


WHAT IS THE LATEST VERSION?

Platforms  | Released   | Version  | Notes & restrictions
           | by and for |          | Other restrictions may apply.
- -----------------------------------------------------------------------------
Dos & Unix | MIT        | 2.6      | Uses RSAREF.  Not for use in any
           | for use in |          | application that you get paid for.
           | North      |          | FREE.  Complete source code available.
           | America    |          | Patents licensed for personal use only.
           |            |          | Not for export from the USA or Canada.
           |            |          | RSA key limited to 1024 bits (probably
           |            |          | strong enough for most things, but not
           |            |          | as strong as the IDEA session key).
           |            |          | Not fully compatible with PGP 2.3a or
           |            |          | Viacrypt PGP 2.4.
- -----------------------------------------------------------------------------
Dos & Unix | mathew@    | 2.6ui    | Does NOT use RSAREF.  No RSA patent
           | mantis.co  |          | problems outside the USA.
           | .uk for use|          | FREE.  Complete source code available.
           | outside    |          | IDEA licensed for personal use only in
           | the USA    |          | countries where the IDEA patent holds.
           |            |          | RSADSI claims this product would
           |            |          | infringe on its patents if used in the
           |            |          | USA.  Compatible with all current PGPs.
           |            |          | Contact mathew at mantis.co.uk if you have
           |            |          | contributions or suggestions for the
           |            |          | coming version 2.7ui, which will feature
           |            |          | a longer RSA key length limit.
           |            |          | If imported to the USA, don't export.
- -----------------------------------------------------------------------------
DOS & Unix | Viacrypt   | 2.4      | 100% Legal for both personal and 
           | for use in |          | commercial use.  Not for export from
           | North      |          | the USA and Canada.  It is commercial
           | America    |          | copyrighted software, prices below.
           |            |          | Source code not available.
           |            |          | Viacrypt will soon release version 2.7
           |            |          | that will be compatible with MIT's 2.6
- -----------------------------------------------------------------------------
Amiga      |            | 2.3a2    | Use extremely limited by patents in USA.
- -----------------------------------------------------------------------------
Macintosh  |            | 2.3aV1.1 | Use extremely limited by patents in USA.
           |            | or       | A pair of 2.6-compatible versions
           |            | 2.3aV1.2 | (USA/Canada & Non-USA) still not ready.
- -----------------------------------------------------------------------------
All others | Branko     | 2.3a     | Use extremely limited by patents in USA.
           | Lankaster  |          | Not fully compatible with version 2.6
           |            |          | or greater.
- -----------------------------------------------------------------------------
Note:  there are other version numbers floating around on the net from code
that has been altered by individuals for their own use.  The versions listed
above are the ones I trust.


WHERE CAN I GET VIACRYPT PGP?

If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in
Phoenix, Arizona, USA.  The commecial version of PGP is fully licensed to use
the patented RSA and IDEA encryption algorithms in commercial applications,
and may be used in corporate environments in the USA and Canada.  It is fully
compatible with, functionally the same as, and just as strong as the freeware
version of PGP. Due to limitations on ViaCrypt's RSA distribution license,
ViaCrypt only distributes executable code and documentation for it, but they
are working on making PGP available for a variety of platforms.  Call or
write to them for the latest information.  The latest version number for
their version of PGP is 2.4.  Prices shown include release of version 2.7
if you buy your copy after May 27, 1994 (otherwise the upgrade will be about
US$10).

Viacrypt's licensing and price information is as follows:

ViaCrypt PGP for MS-DOS             1 user        $  99.98
ViaCrypt PGP for MS-DOS             5 users       $ 299.98
ViaCrypt PGP for MS-DOS       20 users or more, call ViaCrypt


ViaCrypt PGP for UNIX               1 user        $ 149.98
ViaCrypt PGP for UNIX               5 users       $ 449.98
ViaCrypt PGP for UNIX         20 users or more, call ViaCrypt

ViaCrypt PGP for WinCIM/CSNav       1 user        $ 119.98
ViaCrypt PGP for WinCIM/CSNav       5 user        $ 359.98
ViaCrypt PGP for WinCIM/CSNav 20 users or more, call ViaCrypt


If you wish to place an order please call 800-536-2664 during the
hours of 8:30am to 5:00pm MST, Monday - Friday.  They accept VISA,
MasterCard, AMEX and Discover credit cards.

If you have further questions, please feel free to contact:

Paul E. Uhlhorn
Director of Marketing, ViaCrypt Products
Mail:          2104 W. Peoria Ave
               Phoenix AZ 85029
Phone:         (602) 944-0773
Fax:           (602) 943-2601
Internet:      viacrypt at acm.org
Compuserve:    70304.41


WHERE CAN I GET THE PGP FROM MIT THAT USES RSAREF?

MIT-PGP is for U. S. and Canadian use only, but MIT is only distributing it
within the USA (due to some archaic export control laws). 

1.  Read ftp://net-dist.mit.edu/pub/PGP/mitlicen.txt and agree to it.
2.  Read ftp://net-dist.mit.edu/pub/PGP/rsalicen.txt and agree to it.
3.  Telnet to net-dist.mit.edu and log in as getpgp.
4.  Answer the questions and write down the directory name listed.
5.  QUICKLY end the telnet session with ^C and ftp to the indicated directory
    on net-dist.mit.edu (something like /pub/PGP/dist/U.S.-only-????) and get
    the distribution files (pgp26.zip, pgp26doc.zip, and pgp26src.tar.gz).
    If the hidden directory name is invalid, start over at step 3, above.

You can also get PGP 2.6 from:

ftp.csn.net/mpj
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26.zip
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26src.tar
    See ftp://ftp.csn.net/mpj/README.MPJ for the ???????
    See ftp://ftp.csn.net/mpj/help for more help on negotiating this site's
    export control methods.

ftp.netcom.com/pub/mpj
    ftp://ftp.netcom.com/mpj//I_will_not_export/crypto_???????/pgp/pgp26.zip
    ftp://ftp.netcom.com/mpj//I_will_not_export/crypto_???????/pgp/pgp26src.tar
    See ftp://ftp.netcom.com/pub/mpj/README.MPJ for the ???????
    See ftp://ftp.netcom.com/pub/mpj/help for more help on negotiating this 
    site's export control methods.
    TO GET THESE FILES BY EMAIL, send mail to ftp-request at netcom.com
    containing the word HELP in the body of the message for instructions.  
    You will have to work quickly to get README.MPJ then the files before 
    the ??????? part of the path name changes again (several times a day).

ftp.eff.org
    Follow the instructions found in README.Dist that you get from one of:
    ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/README.Dist
    gopher.eff.org, 1/Net_info/Tools/Crypto
    gopher://gopher.eff.org/11/Net_info/Tools/Crypto
    http://www.eff.org/pub/Net_info/Tools/Crypto/

Colorado Catacombs BBS
    Mike Johnson, sysop
    Mac and DOS versions of PGP, PGP shells, and some other crypto stuff.
    Also the home of some good Bible search files and some shareware written
    by Mike Johnson, including DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP, MDIR,
    DELETE, PROVERB, SPLIT, ONEPAD, etc.
    v.FAST/v.32bis/v.42bis, speeds up to 28,800 bps
    8 data bits, 1 stop, no parity, as fast as your modem will go.
    Use ANSI terminal emulation, of if you can't, try VT-100.
    Free access to PGP.  If busy or no answer, try again later.
    Log in with your own name, or if someone else already used that, try
    a variation on your name or pseudonym.  You can request access to 
    crypto software on line, and if you qualify legally under the ITAR,
    you can download on the first call.
    Download file names:  pgp26.zip (DOS version with documentation)
                          pgp26src.tar (Unix version and source code)
                          pgp26doc.zip (Documentation only -- exportable)
    (303) 772-1062  Longmont, Colorado number - 2 lines.
    (303) 938-9654  Boulder, Colorado number forwarded to Longmont number
                    intended for use by people in the Denver, Colorado area.
    Verified: This morning.

Other BBS and ftp sites will no doubt pick this version up rapidly.


WHERE TO GET THE FREEWARE PGP FOR USE OUTSIDE OF THE USA

The freeware version of PGP is intended for noncommercial, experimental, and
scholarly use.  It is available on thousands of BBSes, commercial information
services, and Internet anonymous-ftp archive sites on the planet called
Earth.  This list cannot be comprehensive, but it should give you plenty of
pointers to places to find PGP.  Although the latest freeware version of PGP
was released from outside the USA (England), it is not supposed to be
exported from the USA under a strange law called the International Traffic in
Arms Regulations (ITAR).  Because of this, please get PGP from a site outside
the USA if you are outside of the USA and Canada.

This data is subject to change without notice.  If you find that PGP has been
removed from any of these sites, please let me know so that I can update this
list.  Likewise, if you find PGP on a good site elsewhere (especially on any
BBS that allows first time callers to access PGP for free), please let me
know so that I can update this list.

Source code (gzipped tar format):
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26ui-src.tar.gz
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26ui-src.tar.gz.sig
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp26ui-src.tar.gz
     * _IT:_
      ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp26ui-src.tar.gz.sig.gz

Source code (zip format):
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uis.sig
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uis.zip
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp26uis.sig
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp26uis.zip

Executable for DOS (zip format):
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uix.sig
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uix.zip
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp26uix.sig
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp26uix.zip

Other sites (may or may not have the latest versions):

    ftp.informatik.uni-hamburg.de
      /pub/virus/crypto
    ftp.ee.und.ac.za
      /pub/crypto/pgp
    soda.berkeley.edu
      /pub/cypherpunks/pgp (DOS, MAC)
      Verified: 21-Dec-93
    ftp.demon.co.uk
      /pub/amiga/pgp
      /pub/archimedes
      /pub/pgp
      /pub/mac/MacPGP
    ftp.informatik.tu-muenchen.de
    ftp.funet.fi
    ftp.dsi.unimi.it
      /pub/security
    ftp.tu-clausthal.de (139.174.2.10)
    wuarchive.wustl.edu
      /pub/aminet/util/crypt
    src.doc.ic.ac.uk (Amiga)
      /aminet
      /amiga-boing
    ftp.informatik.tu-muenchen.de
      /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2)
    black.ox.ac.uk  (129.67.1.165)
        /src/security/pgp23A.zip     (MS-DOS executables & docs)
        /src/security/pgp23srcA.zip  (Unix, MS-DOS, VMS, Amiga sources,
                                      docs, info on building PGP into
                                      mailers, editors, etc.)
        /src/security/pgp23A.tar.Z   (Same as PGP22SRC.ZIP, in Unix tar
                                      format)
        /src/security/macpgp2.3.cpt.hqx     (Macintosh version)

    iswuarchive.wustl.edu
      pub/aminet/util/crypt (Amiga)

    ftp.csn.net
      /mpj/public/pgp/ contains PGP shells, faq documentation, language kits.

    ftp.netcom.com
      /pub/dcosenza -- PGP 2.3a and an unofficial version that allows longer
                       RSA keys.
      /pub/gbe/pgpfaq.asc -- frequently asked questions answered.
      /pub/qwerty -- How to MacPGP Guide, largest steganography ftp site as
                     well.  PGP FAQ, crypto FAQ, US Crypto Policy FAQ,
                     Steganograpy software list. MacUtilites for use with 
                     MacPGP.  Stealth1.1 + other steganography programs.
                     Send mail to qwerty at netcom.com with the subject
                     "Bomb me!" to get the PGP FAQ and MacPGP guide if you
                     don't have ftp access.

    nic.funet.fi  (128.214.6.100)
        /pub/crypt/pgp23A.zip
        /pub/crypt/pgp23srcA.zip
        /pub/crypt/pgp23A.tar.Z

    van-bc.wimsey.bc.ca  (192.48.234.1)
        /m/ftp2/crypto/RSA/PGP/2.3a/pgp23A.zip
        /m/ftp2/crypto/RSA/PGP/2.3a/pgp23srcA.zip

    ftp.uni-kl.de (131.246.9.95)
    qiclab.scn.rain.com (147.28.0.97)
    pc.usl.edu (130.70.40.3)
    leif.thep.lu.se (130.235.92.55)
    goya.dit.upm.es (138.4.2.2)
    tupac-amaru.informatik.rwth-aachen.de (137.226.112.31)
    ftp.etsu.edu (192.43.199.20)
    princeton.edu (128.112.228.1)
    pencil.cs.missouri.edu (128.206.100.207)

StealthPGP:

    The Amiga version can be FTP'ed from the Aminet in 
    /pub/aminet/util/crypt/ as StealthPGP1_0.lha.

Also, try an archie search for PGP using the command:

    archie -s pgp23  (DOS Versions)
    archie -s pgp2.3 (MAC Versions)

ftpmail:

For those individuals who do not have access to FTP, but do have access
to e-mail, you can get FTP files mailed to you.  For information on
this service, send a message saying "Help" to ftpmail at decwrl.dec.com.
You will be sent an instruction sheet on how to use the ftpmail
service.


Another e-mail service is from nic.funet.fi. Send the following mail message
to mailserv at nic.funet.fi:

    ENCODER uuencode
    SEND pub/crypt/pgp23srcA.zip
    SEND pub/crypt/pgp23A.zip

This will deposit the two zipfiles, as 15 batched messages, in your mailbox
with about 24 hours.  Save and uudecode.

For the ftp sites on netcom, send mail to ftp-request at netcom.com containing
the word HELP in the body of the message.


World Wide Web URLs:

(Thanks to mathew at mantis.co.uk)

  UNIX PGP 2.3a
  
   Compiles best with GCC 2.4.x or higher. A straight port from DOS, so
   hardened UNIX users find it a bit chatty.
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23A.tar.Z
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp23A.tar.Z
     * _NL:_ ftp://svin02.info.win.tue.nl/pub/misc/pgp23A.tar.gz
     * _SE:_ ftp://ftp.sunet.se/pub/security/tools/crypt/pgp23A.tar.gz
     * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/pgp23A.tar.Z
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/pgp23A.tar.Z
     * _FI:_ ftp://ftp.funet.fi/pub/crypt/pgp23A.tar.Z
     * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp23A.tar.Z
       
   
     _________________________________________________________________
   
  MS-DOS PGP 2.3
  
    Program
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23A.zip
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp23A.zip
     * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/pgp23A.zip
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/pgp23A.zip
     * _FI:_ ftp://ftp.funet.fi/pub/crypt/pgp23A.zip
     * _IT:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp23A.zip
       
    Source code
    
   Designed to compile with Turbo C; compiles fine with Microsoft Visual
   C++ also.
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23srcA.zip
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp23srcA.zip
     * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/pgp23srcA.zip
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/pgp23srcA.zip
     * _FI:_ ftp://ftp.funet.fi/pub/crypt/pgp23srcA.zip
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp23srcA.zip
       
   
     _________________________________________________________________
   
  MACPGP 2.3
  
   A slightly souped-up port of PGP to the Mac. Has help menus and other
   goodies, but is still not a real Mac application. However, it works.
   
   Note that the version 2.3 release of MacPGP contains the major bug-fix
   which was later added to UNIX/DOS PGP 2.3. There was therefore no need
   for a MacPGP 2.3A release; version 2.3 already had the bug fix by the
   time it was released. There is no MacPGP 2.3A.
   
    Program
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.3.cpt.hqx
     * _UK:_ ftp://black.ox.ac.uk/src/security/macpgp2.3.cpt.hqx
     * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/macpgp2.3.cpt.hqx
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/macpgp2.3.cpt.hqx
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3.cpt.hqx
     * _US:_
       ftp://soda.berkeley.edu/pub/cypherpunks/pgp/macpgp2.3.cpt.hqx.gz
       
    Source code
    
   Requires Think C.
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.2src.sea.hqx --
       version 2.2 only
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/macpgp2.3src.sea.hqx.pgp
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3src.sea.h
       qx.pgp
       
    Documentation
    
   PGP is rather counter-intuitive to a Mac user. Luckily, there's a
   guide to using MacPGP in
   ftp://ftp.netcom.com/pub/qwerty/Here.is.How.to.MacPGP.
     _________________________________________________________________
   
  OS/2 PGP
  
   You can, of course, run the DOS version of PGP under OS/2.
   
    Program
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp22os2.zip -- version 2.2
       only, native binaries
     * _DE:_
       ftp://ftp.informatik.tu-muenchen.de/pub/comp/os/os2/crypt/pgp23os2
       A.zip
       
    Source code
     * _DE:_
       ftp://ftp.informatik.tu-muenchen.de/pub/comp/os/os2/crypt/pgp23src
       A.zip
       
   
     _________________________________________________________________
   
  AMIGA PGP
     * _UK:_ ftp://ftp.demon.co.uk/pub/amiga/pgp/pgp21ami.lha -- version
       2.1 only
     * _DE:_
       ftp://faui43.informatik.uni-erlangen.de/mounts/rzsuna/pub/aminet/u
       til/crypt/pgp21ami.lha -- version 2.1 only
     * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a_2.lha
     * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a_2.lha
       
    Source
     * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a2_src.lha
     * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a2_src.lha
       
   
     _________________________________________________________________
   
  ARCHIMEDES PGP
     * _UK:_ ftp://ftp.demon.co.uk/pub/archimedes/ArcPGP23a
       
   
     _________________________________________________________________
   
  DOCUMENTATION ONLY
  
     * _US:_ ftp://net-dist.mit.edu/pub/PGP/pgp26doc.zip
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26doc.zip
     * _US:_ ftp://ftp.netcom.com/pub/mpj/public/pgp/pgp26doc.zip
     * _US:_ ftp://ftp.ftp.csn.net/mpj/public/pgp/pgp26doc.zip
     * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/pgp23docA.zip
       
   
     _________________________________________________________________
   
  LANGUAGE MODULES
  
   These are suitable for most PGP versions.  I am not aware of any
   export/import restrictions on these files.
   
    German
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_german.txt
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_german.txt
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/PGP_german_docs.lha
 
    Italian
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp-lang.italian.tar.gz
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.italian.tar.gz
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.italian.tar.gz
     
    Japanese
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-msgs-japanese.tar.gz

    Lithuanian
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp23ltk.zip

    Russian
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp26ru.zip
 
    Spanish
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp-lang.spanish.tar.gz
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.tar.gz
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.spanish.tar.gz
      
    Swedish
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_swedish.txt
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_swedish.txt

  
     _________________________________________________________________
   
  OTHER SITES
  
   Some cryptographic software is available from
   ftp://van-bc.wimsey.bc.ca/pub/crypto/software/. 
   Read the README file and proceed from there.
 

BBS sites:

    Colorado Catacombs BBS
    (See also the entry above for PGP 2.6)
    (303) 772-1062 Longmont, Colorado (2 lines)
    (303) 938-9654 Boulder, Colorado (free call from Denver CO, but 1 line)
    Verified: This morning.

    Hieroglyphics Voodoo Machine (Colorado)
    DOS, OS2, and Mac versions.
    (303) 443-2457
    Verified: 5-2-94
    For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO"
    with the password "NEW" (good for 30 minutes access to free files).

    Exec-Net (New York)
    Host BBS for the ILink net.
    (914) 667-4567

    The Ferret BBS (North Little Rock, Arkansas)
    (501) 791-0124   also   (501) 791-0125
    Special PGP users account:
    login name: PGP USER
    password:   PGP
    This information from: Jim Wenzel <jim.wenzel at grapevine.lrk.ar.us>

PGP 2.3A has been posted to the FidoNet Software Distribution Network and
should on most if not all Canadian and U.S. nodes carrying SDN software.  It
has also been posted on almost all of the major private North American BBS
systems, thence to countless smaller boards.  Consult a list of your local
BBSes; most with a sizeable file inventory should carry the program.

If you find a version of the PGP package on a BBS or FTP site and it does not
include the PGP User's Guide, something is wrong.  The manual should always
be included in the package.  If it isn't, the package is suspect and should
not be used or distributed.  The site you found it on should remove it so
that it does no further harm to others.


ARCHIE WHO?

There are many more sites.  You can use archie and/or other "net-surfing"
tools to find a more up-to-date listing, if desired.


- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.4

mQCNAi0aFSUAAAEEAOCOKpaLepvJCFgIR4m+UvZe0IN8g7Guwc+6GH4u6UGTPxQO
iAhk/MJ7E8LE4c55A1G8to2W4y3aKAHvi9QCYKnsLV8Ag0BYWo3bGGTPEfkS7NAI
N+Zy6vSjuF1D6MUnbvrQJ5p4efz7a28iYRKoAdan2bfnvIYWUD9nBjyFM+vFAAUR
tDdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajQgW2V4cCAz
MSBEZWMgOTRdiQCVAgUQLTqfXj9nBjyFM+vFAQGU7wP/ZuuHfdAnCIblNCtbLLG8
39CSg6JIVa3KWfe0WIz6dXFU3cvl2Wt094kJgZ+Nmq01INWlib2lTOznbkA9sV1W
q0aJSBHFWQH29qGmIdEqThs7A5ES2w8eRjJD80lxHodRIkBcC5KI6x4Mxo8cib5V
BrwsvtG0+81HD6Mrpvc+a0GJAJUCBRAtJc2rZXmEuMepZt0BAe4hA/9YANYPY4Z3
1pXv2mT6ReC09cZS5U3+xxC5brQdLsQGKuH6QVs/b5oc6NV84sh8A9tZyHG2067o
3XIEyN7PPQzRm2UUnHHqw9lBCNhMiFQsAJi4W+m8zXrVrpJWK0Wv61eV2/XIQl0V
d4lxu0r+MNRP6ID6FBzA4C9rO+RYEZmwOIkAlQIFEC0aGRzb/VZRBVJGuQEBfaUD
/3c2h//kg843OIcYHG4gMDqdeeZLzGlp3RVvh0Rs3/T0YylJZGjPL2L/BF/vfLlB
9E2Urh9mDG/7hiB5FncrUnkmN63IkSj+K9YyfPyYxBVx06Srj8ZzYynh0N+zledd
6cnwxRXhaD3Wc4EfSNR7BH9M2rjkGzyb5to9cgBb0ng+
=BLg5
- -----END PGP PUBLIC KEY BLOCK-----

I didn't have to generate a new key to use version 2.6, but I think keys
should be changed periodically anyway to limit damages just in case a key
got compromised and I didn't know about it.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAi3s6gIAAAEEALCnDYox7v0T3EDm7LlL6w/tlU6wm51QEZd/anrRHLkRaYi2
NtoNa7AcEGlArVlV0wSWvKU/IoLQOTU3mvl4SD3wVRI1aZ3NMFSkm+VntQeDBULO
mKqupduhXivNwwST8wzBvKvmtryGWaHClSoFLDNxpyr/tyw6JaAvIUiYSSpBAAUR
tCdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajeJAJUCBRAt
7O1fP2cGPIUz68UBAYKZBAC19BqRfVQpasOPKn32d31Ez9dQZKzw8svLUhPRVX5t
nWtYPbH+PyBt/b8A1keQtcY5Y6fYOtZgU5qUhDaHavwQAdp3xzOckm7H3W2L5goI
P7vf39wDtpw07x6+lknnwcQcfYYuuoiY1R8rSIE3gOLVtySDCu2KihcPRMp77FF5
+IkAlQIFEC3s7SSgLyFImEkqQQEBqkED/iBV2jbAdFIcEFSZhWHf3aZCJsQBKmv+
V0yuXWrw0gq5v35ZJbLeB7h/W3EqfKvLdGzLgpM0fi6EOgel2ilTOmkdICmCLERc
t/xXkSwIsYtlOjkjSkGeASSphdwDRJw+j+1e/PBeZz7XwAfKZcKwqlbFSAmc2DAk
9wPp29+MqvqltCtEb24ndCB1c2UgZm9yIGVuY3J5cHRpb24gYWZ0ZXIgMSBKdW5l
IDE5OTYutC1NaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqb2huc29Abnl4LmNzLmR1
LmVkdT60K01pY2hhZWwgUGF1bCBKb2huc29uIDxtLnAuam9obnNvbkBpZWVlLm9y
Zz60ME1pY2hhZWwgUGF1bCBKb2huc29uIDw3MTMzMS4yMzMyQGNvbXB1c2VydmUu
Y29tPrQdTWlrZSBKb2huc29uIDxtcGpAbmV0Y29tLmNvbT4=
=Lf60
- -----END PGP PUBLIC KEY BLOCK-----
                  ___________________________________________________________
 |\  /| |        |                                                           |
 | \/ |o|        | Michael Paul Johnson  Colorado Catacombs BBS 303-772-1062 |
 |    | | /  _   | mpj at csn.org aka mpj at netcom.com m.p.johnson at ieee.org       |
 |    |||/  /_\  | ftp://ftp.csn.net/mpj/README.MPJ        --... ...--  -.. .|
 |    |||\  (    | ftp://ftp.netcom.com/pub/mpj/README.MPJ  -. --- ----- ....|
 |    ||| \ \_/  |___________________________________________________________|

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQCVAgUBLe47Jz9nBjyFM+vFAQFP9wQA322KC92MHLdGH1ma9kdnrZ9ExSNp5heM
di67wZgAGBmxJxlKhCgD0jWWvH5PLkhxVdi/F9k9NaJm3zcARZ9Elc0vCToADORq
TuohOYPv2bAQO0zcwuOyZLKCRhaXCOHFu8rF74luYJnUblNDl//YFIZyo1L15j52
lHb5i/yd6Ig=
=ZffA
-----END PGP SIGNATURE-----




From cknight at crl.com  Thu Jun  2 14:04:56 1994
From: cknight at crl.com (cknight at crl.com)
Date: Thu, 2 Jun 94 14:04:56 PDT
Subject: Who was...
Message-ID: <Chameleon.4.00.2.940602141626.cknight@cknight.apl.com>


Who was the CP on Live 105 Wednesday morning who kept interrupting Alex?


-ck






From frissell at panix.com  Thu Jun  2 14:05:00 1994
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 2 Jun 94 14:05:00 PDT
Subject: Clipper on Gene Burns?
Message-ID: <Pine.3.87.9406021435.A16954-0100000@panix.com>


Someone told me that Gen Burns, the libertarian syndicated talk show 
host, was supposed to focus on Clipper a few days ago but was missing a 
guest so he may do it at some time in the very near future.  Perhaps 
today.  Those interested should listen in.  He does one topic per 
three-hour show so it could be good.

DCF






From m5 at vail.tivoli.com  Thu Jun  2 14:11:18 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Thu, 2 Jun 94 14:11:18 PDT
Subject: Who was...
In-Reply-To: <Chameleon.4.00.2.940602141626.cknight@cknight.apl.com>
Message-ID: <9406022111.AA22418@vail.tivoli.com>



cknight at crl.com writes:
 > Who was the CP on Live 105 Wednesday morning who kept interrupting
 > Alex? 

Is this steganography?

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From pcw at access.digex.net  Thu Jun  2 14:46:09 1994
From: pcw at access.digex.net (Peter Wayner)
Date: Thu, 2 Jun 94 14:46:09 PDT
Subject: News Flash: Clipper Bug?
Message-ID: <199406022145.AA10996@access1.digex.net>


>> One thing this shows, even if the application of the technique turns out
>> to be too difficult to be practical, is that Dorothy Denning's evaluation
>> of the design was worthless.  That team should have found this themselves.
>> No wonder she was trying to play it down in the NYT.
>
>It was my understanding that Denning was just looking at the Skipjack
>algorithm, and not the clipper unit as a whole.  I wouldn't be too quick
>to condemn her on this point.

Of course, Dorothy Denning could simply say, "Gosh, the Blaze result
shows how to make Clipper _more_ secure for the average user. Now they
don't have to worry about the government. I stand by my assessment that
it is secure."







From baum at newton.apple.com  Thu Jun  2 14:56:50 1994
From: baum at newton.apple.com (Allen J. Baum)
Date: Thu, 2 Jun 94 14:56:50 PDT
Subject: News Flash: Clipper Bug?
Message-ID: <9406022155.AA20652@newton.apple.com>


koontzd at lrcs.loral.com (David Koontz )>

>I've been saying it can be done for more than a year. I wrote a C model
>of some operating code for the chip.  The clipper chip has save and restore
>commands that are used to dump and restore the LR register (crypto state).
>You keep your own LEAF and feed it back to the chip.  You take the initial
>value of the LR register after IV generation and reload, it contains the
>IV.  You exchange IVs with the distant end, who has also feed his own
>LEAF back to his chip.  You have achieved crypto sync.

Where did you get the information about the internals?
I've seen no references at all.

>2) There might be anti-tamper features (re: FIPS Pub 140-1), causing loss
>   of crypto variables (say for key exchange).  It might be possible the
>   TSD won't operate it all if security features are tripped.  (unlikely,
>   when you consider mechanical switches might bounce when one of these
>   is thrown is a briefcase).

Hmm- a lot of the pay-TV cable boxes have security like that, and they work
just fine.

**************************************************
* Allen J. Baum              tel. (408)974-3385  *
* Apple Computer, MS/305-3B                      *
* 1 Infinite Loop                                *
* Cupertino, CA 95014        baum at apple.com      *
**************************************************







From adam at bwh.harvard.edu  Thu Jun  2 15:34:23 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Thu, 2 Jun 94 15:34:23 PDT
Subject: Black Eye for NSA, NIST, and Denning
In-Reply-To: <199406021806.LAA02504@netcom.com>
Message-ID: <199406022230.SAA14419@duke.bwh.harvard.edu>


	Tim wrote:

| * the NSA _apparently_ fell down on the job...where was their own
| "Tiger Team" trying to break the proposed system?

	At today's talk at MIT (Morris & Unkenholz of the NSA) Morris
said several times that the escrow system had to be produced in a
hurry, on top of the Skipjack algorithim, which was designed
previously and 'sitting in a storeroom.' (boy, I'd like to FOIA that
storeroom. :)

	I didn't get a chance to ask why more time wasn't taken to
prepare the escrow system to be more robust, since there were already
a lot of political questions that these two really weren't in a
position to answer.


Adam
	
-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From koontzd at lrcs.loral.com  Thu Jun  2 15:48:03 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Thu, 2 Jun 94 15:48:03 PDT
Subject: Black Eye for NSA, NIST, and Denning
Message-ID: <9406022244.AA18607@io.lrcs.loral.com>


>        At today's talk at MIT (Morris & Unkenholz of the NSA) Morris
>said several times that the escrow system had to be produced in a
>hurry, on top of the Skipjack algorithim, which was designed
>previously and 'sitting in a storeroom.' (boy, I'd like to FOIA that
>storeroom. :)

Gee, now that mab at research.att.com (Matt Blaze), knows where to find
the checksum, and by extension the unit id (Which shows up on labels
in photos on the literature from Mykotronx) - providing a known plaintext,
maybe someone will start working on the family key?

(I won't hold my breath waiting for it to be announced)





From karn at qualcomm.com  Thu Jun  2 15:59:28 1994
From: karn at qualcomm.com (Phil Karn)
Date: Thu, 2 Jun 94 15:59:28 PDT
Subject: Black Eye for NSA, NIST, and Denning
In-Reply-To: <9406022244.AA18607@io.lrcs.loral.com>
Message-ID: <199406022259.PAA13315@servo.qualcomm.com>


>Gee, now that mab at research.att.com (Matt Blaze), knows where to find
>the checksum, and by extension the unit id (Which shows up on labels
>in photos on the literature from Mykotronx) - providing a known plaintext,
>maybe someone will start working on the family key?

Matt's attack doesn't require knowing where the checksums and unit IDs
are in the LEAF. Nor does it provide any insight into cracking
Skipjack itself, which would be required to learn the family key. He
simply determined that the chip will accept 1 out of every 65,536
randomly chosen LEAFs, which is a large enough fraction to make a
brute force search for one quite practical -- especially since it only
need be done once.

Phil





From warlord at MIT.EDU  Thu Jun  2 16:13:12 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Thu, 2 Jun 94 16:13:12 PDT
Subject: Black Eye for NSA, NIST, and Denning
In-Reply-To: <9406022244.AA18607@io.lrcs.loral.com>
Message-ID: <9406022313.AA00210@squeamish-ossifrage.mit.edu>


The format of the LEAF block is public knowledge.  Here is how it
is formed:


      [80-bit Session key Ks]   [16-bit # ]   [32-bit chip ID]

      [80-bit Unit Key    Ku]

      [80-bit.  {Ks}Ku      ]   [16b {#}Ks]   [32-bit chip ID]

      [128-bit LEAF:  {{Ks}Ku {#}Ks ID}Kf  (Kf == family key)]

Whether or not known plaintext will work is unclear, since you cannot
get {#}Ks (you really don't know what it is outside the chip) and you
also don't know what # is (it is, according to the NSA, a fixed number
in all the chips).

Hope this helps.

-derek

         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       warlord at MIT.EDU    PP-ASEL     N1NWH    PGP key available





From warlord at MIT.EDU  Thu Jun  2 16:14:38 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Thu, 2 Jun 94 16:14:38 PDT
Subject: Black Eye for NSA, NIST, and Denning
In-Reply-To: <199406022259.PAA13315@servo.qualcomm.com>
Message-ID: <9406022314.AA00217@squeamish-ossifrage.mit.edu>


> brute force search for one quite practical -- especially since it only
> need be done once.

actually, it needs to be done once per session key (i.e., when you
change the session key, you need to re-issue a LEAF)

-derek





From lefty at apple.com  Thu Jun  2 16:23:13 1994
From: lefty at apple.com (Lefty)
Date: Thu, 2 Jun 94 16:23:13 PDT
Subject: HACK - U HAVE NO PRIVACY
Message-ID: <9406022322.AA13406@internal.apple.com>


I don't know whether you all have seen this: I've got a double-sawbuck that
says it's nonsense, but those of you who are into recreational paranoia may
enjoy it.  

I especially enjoyed the mention of the Bilderbergers...

>From: fringeware at io.com (FringeWare Inc)
>To: lefty at apple.com
>Precedence: list
>List-Server: fringeware-request at io.com
>Errors-To: fringeware-owner at io.com
>X-Www-Page: http://io.com/commercial/fringeware/home.html
>Keywords: exchael psychotes convestuffican geneur existration tription 
>Subject: HACK - U HAVE NO PRIVACY 
>Reply-To: holo at netcom.com (D. Ronan Hallowell)
>Date: Wed, 25 May 1994 21:51:06 -0700 (PDT)
>
>Sent from: holo at netcom.com (D. Ronan Hallowell)
>
>---------- Forwarded message ----------
>>Date: Wed, 25 May 94 09:42:11 -0700
>>From:paul.geronca at support.com
>>To: sfraves at techno.Stanford.EDU
>
>  [mod's note: We received another forwarded copy of this message
>   annotated with a msg saying it's a hoax...?]
>
>NSA can crack PGP
>
>A lot of people think that PGP encryption is unbreakable and that the
>NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
>mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
>arrested  _one day_ before he and others went to stage a protest at government
>buildings; the police had a copy of a message sent by Steingold to another
>activist, a message which had been encrypted with PGP and sent through E-mail.
>
>Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to
>allow the NSA to easily break encoded messages. Early in 1992, the author,
>Paul Zimmerman, was arrested by Government agents. He was told that he
>would be set up for trafficking narcotics unless he complied. The Government
>agency's demands were simple: He was to put a virtually undetectable
>trapdoor, designed by the NSA, into all future releases of PGP, and to
>tell no-one.
>
>After reading this, you may think of using an earlier version of
>PGP. However, any version found on an FTP site or bulletin board has been
>doctored. Only use copies acquired before 1992, and do NOT use a recent
>compiler to compile them. Virtually ALL popular compilers have been
>modified to insert the trapdoor (consisting of a few trivial changes) into
>any version of PGP prior to 2.1. Members of the boards of Novell, Microsoft,
>Borland, AT&T and other companies were persuaded into giving the order for the
>modification (each ot these companies' boards contains at least one Trilateral
>Commission member or Bilderberg Committee attendant).
>
>It took the agency more to modify GNU C, but eventually they did it.
>The Free Software Foundation was threatened with "an IRS investigation",
>in other words, with being forced out of business, unless they complied. The
>result is that all versions of GCC on the FTP sites and all versions above
>2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
>with itself will not help; the code is inserted by the compiler into
>itself. Recompiling with another compiler may help, as long as the compiler
>is older than from 1992.
>
>Distribute and reproduce this information freely. Do not alter it.
>-------------------------------------------------------------------------
>To find out more about the anon service, send mail to help at anon.penet.fi.
>Due to the double-blind, any mail replies to this message will be anonymized,
>and an anonymous id will be allocated automatically. You have been warned.
>Please report any problems, inappropriate use etc. to admin at anon.penet.fi.
>
>
>
>

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From MIKEINGLE at delphi.com  Thu Jun  2 16:39:35 1994
From: MIKEINGLE at delphi.com (Mike Ingle)
Date: Thu, 2 Jun 94 16:39:35 PDT
Subject: Faster way to deescrow Clipper
Message-ID: <01HD2TUJI8NC95Q50V@delphi.com>


The attack posted here uses a brute-force search to find a phony LEAF
which has a valid checksum. Instead, why not just initialize the chip
with a session key and get the LEAF. Reset the chip and initialize it
with a different session key, but send the first LEAF instead of the
second one. The LEAF would look good unless you tried to decrypt the
session key. The wrong-IV problem would remain. The NSA should have
designed the Clipper so that, if the IV was wrong, the chips would not
accept the LEAF. They also should have used a much larger (32-bit or
even 64-bit) checksum.

--- Mike
 





From grendel at netaxs.com  Thu Jun  2 16:44:30 1994
From: grendel at netaxs.com (Michael Handler)
Date: Thu, 2 Jun 94 16:44:30 PDT
Subject: HACK - U HAVE NO PRIVACY
In-Reply-To: <9406022322.AA13406@internal.apple.com>
Message-ID: <199406022344.TAA29468@access.netaxs.com>


> I don't know whether you all have seen this: I've got a double-sawbuck that
> says it's nonsense, but those of you who are into recreational paranoia may
> enjoy it.  
> 
> I especially enjoyed the mention of the Bilderbergers...
> 
> [ Detweiler-food deleted ]

	Very amusing... Especially the compiler hack thing... It sounds 
like Ken Thompson's infamous "login:" compiler.
	The mention of the Trilateral Commission and the Bilderberg 
Committee makes me think it's a SubGenius / Illuminati joke. Those are 
two of their fave 'fronts for the Illuminati'. That and the Council for 
Foreign Relations [ Hear that, David Sternlight? ].

	One question: What's MJ12? British Intelligence was still MI5, 
right?
-- 
Michael Brandt Handler					 <grendel at netaxs.com>
Philadelphia, PA, USA	       PGP v2.6 public key via server / finger / mail
"I am iron, I am steel, nobody can touch me when I'm on the wheel"  --  Curve




From koontzd at lrcs.loral.com  Thu Jun  2 16:50:09 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Thu, 2 Jun 94 16:50:09 PDT
Subject: Spoofing Clipper
Message-ID: <9406022349.AA18689@io.lrcs.loral.com>



I had a fun idea.  Imagine getting enough information together to
spoof clipper transmissions?  The idea being to disguise other types
of secure transmissions as clipper ones. 

What would be needed would the escrow encryption identifer, a bunch of
damaged LEAF/IV assemblies and a transmission channel that wouldn't
be easily distinguishable from data portions of a clipper transmission.
You start the channel up prepending one of a large number of spoofed
LEAF/IV assemblies.  

With enough of these traversing the ether, the chaff/wheat noise ratio
goes down to where having a source identifier (ID in the LEAF) gets
real hit or miss - to where it loses traffic analysis value.  Sort of
growing weeds intentionally on the information superhighway.





From koontzd at lrcs.loral.com  Thu Jun  2 17:00:49 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Thu, 2 Jun 94 17:00:49 PDT
Subject: Spoofing Clipper
Message-ID: <9406030000.AA18711@io.lrcs.loral.com>


>With enough of these traversing the ether, the chaff/wheat noise ratio
>goes down to where having a source identifier (ID in the LEAF) gets
>real hit or miss - to where it loses traffic analysis value.  Sort of
>growing weeds intentionally on the information superhighway.

If the adversary learns to distinguish false clipper transmissions, you
could always use a fake one to lull him into not listening further.





From warlord at MIT.EDU  Thu Jun  2 17:01:18 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Thu, 2 Jun 94 17:01:18 PDT
Subject: Faster way to deescrow Clipper
In-Reply-To: <01HD2TUJI8NC95Q50V@delphi.com>
Message-ID: <9406030001.AA00327@squeamish-ossifrage.mit.edu>


Mike:

> The attack posted here uses a brute-force search to find a phony LEAF
> which has a valid checksum. Instead, why not just initialize the chip
> with a session key and get the LEAF. Reset the chip and initialize it
> with a different session key, but send the first LEAF instead of the
> second one. The LEAF would look good unless you tried to decrypt the
> session key. The wrong-IV problem would remain. The NSA should have
> designed the Clipper so that, if the IV was wrong, the chips would not
> accept the LEAF. They also should have used a much larger (32-bit or
> even 64-bit) checksum.

Because if *your* key really generates the LEAF, then they have your
ID in the LEAF, no matter if it is sent properly or not.  They might
not be able to decrypt the communications, but they still get your ID.

If you randomly generate a LEAF that works, odds are that the
decrypted value will not be your ID.  (If you could consistently
choose random blocks such that your ID appears when it is decrypted, I
would say that you have found a hole in Skipjack :-)

-derek





From t-vinodv at microsoft.com  Thu Jun  2 17:43:39 1994
From: t-vinodv at microsoft.com (Vinod Valloppillil)
Date: Thu, 2 Jun 94 17:43:39 PDT
Subject: HACK - U HAVE NO PRIVACY
Message-ID: <9406022345.AA24000@netmail2.microsoft.com>



>	One question: What's MJ12? British Intelligence was still MI5,
>right?
>--
>Michael Brandt Handler					 <grendel at netaxs.com>
>Philadelphia, PA, USA	       PGP v2.6 public key via server / finger / mail
>"I am iron, I am steel, nobody can touch me when I'm on the wheel"  --  Curve


	MJ12 is (supposedly) the ultra-secret high-level national security 
group for the free world in charge of advanced military projects and 
most importantly -- UFO phenomena.  In UFO conspiracy circles this 
group has supposedly sold the American public to alien abductors in 
exchange for technology, science, etc.  No list of good conspirators is 
complete without it !  :)


These opinions are mine, not Microsoft's.

Vinod Valloppillil






From t-vinodv at microsoft.com  Thu Jun  2 17:43:40 1994
From: t-vinodv at microsoft.com (Vinod Valloppillil)
Date: Thu, 2 Jun 94 17:43:40 PDT
Subject: HACK - U HAVE NO PRIVACY
Message-ID: <9406022345.AA24003@netmail2.microsoft.com>



>	One question: What's MJ12? British Intelligence was still MI5,
>right?
>--
>Michael Brandt Handler					 <grendel at netaxs.com>
>Philadelphia, PA, USA	       PGP v2.6 public key via server / finger / mail
>"I am iron, I am steel, nobody can touch me when I'm on the wheel"  --  Curve


	MJ12 is (supposedly) the ultra-secret high-level national security 
group for the free world in charge of advanced military projects and 
most importantly -- UFO phenomena.  In UFO conspiracy circles this 
group has supposedly sold the American public to alien abductors in 
exchange for technology, science, etc.  No list of good conspirators is 
complete without it !  :)


These opinions are mine, not Microsoft's.

Vinod Valloppillil






From nobody at shell.portal.com  Thu Jun  2 17:57:42 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Thu, 2 Jun 94 17:57:42 PDT
Subject: no subject (file transmission)
Message-ID: <199406030058.RAA02965@jobe.shell.portal.com>


Attn Pr0duct Cypher
-----BEGIN PGP MESSAGE-----
Version: 2.3a

hIwCwagUhZdVih0BBAChSe8ov73Jd8q6qWDqRnd8z84Rkg4+S3/+P0fUAbyAhQNb
pxX8+F2RKZMQcoxNZe1/nhkKOyFYt6bbvFqwwZc7Xuma8ZzXwkGfPvjqxWRHIsrn
S4bRr2t62oGzu5aVR8fiN9ZtYLiQ5Lp0A9RvGVEsKsGoD442Sf//MPHGBLqfzaYA
AAeonA5aIw2cAeKXEJY45MmJvbH2jfrBcnDl1nrQ4b7UO3HElIxdF0ivw++fagiT
oE8xSgKnCEk7zJ/Yv9Nam6Ryq1rohwleraGrhPmXmXYgjb80Zt1usCiDAiIjtbhj
yus7KknBEB7SE+BW81YFKdHm0XU9QFxHb1Fb8kO7q75yfFnxniCAqzaGgaITzXWM
AyLMQ5rIyrD5ClxU46t9BhgvIng/neMPfrrvg1MCU67LKug9z5hI2RlDay/7nbxT
rm0S2DxfdinvFWPfimvczUBFKkQjnADgKuSzQ6sNV7fwtJKO6YizZZVXgYCdwUU9
LuB0S5+FnQtkLMeljh1yDZMCn9sRqR1ptmDolR/yIikFJPe8toNLJG6j63FYjx+f
Di3XzwfO85fvlSlX8PN9K1YmynfBjL8kZf53nX+2vbyH3/g1KdihT0KoEgM9IztV
fPL3govzgU56EkEIhKGl3ziRc8bnyejiftz4yu6kopoZ5Av2Sprz9YkhiZk99/Ft
CsUlP0E7a1EKRIG2RHOB9HvdKwdEZyPt0bi3Q+s0AHyNJzXZHKk7XPHi+Is4Bjsv
rhCc0GbkfEw51b97O2R9XfIk6/X0Iw1DzxE9JX55skm9VT84rvR/rnDiaLYP6BxC
X5ui1GC2Xx4oJkz+vPCtEVFTrZpY7v+D+pHHDltJ+VYcs1aMfW4Mg1ApcAsmOzbY
hRD9/4wCLzB3Ewvie9hbpQajPz62Yw/V9rD3e6ojMIlNX7fa/qZ74Fc607w4/+z1
EZs+MRPwPT8o6jz9iJSj+8A+AJ8BQTPKORfvyiTqvLBUEzVAZPQIhktbEuhRDIKf
9P66fTmehly2Z8XrrGU3IGNgsV3uDYxwhribPFDp9AGyENtLOLrDU86IbRHzcmgz
9vm+epbn1mfJ5FIlfEZtlwIz3QPAo86i19inp+cpY9mUf5vKEmVJ8Z9WcjB8exkT
7WoXRzS0MkTYo1aNFMD/sbqf4q6KalhzTCkmFJvSejFu2QSBUH+d4kfI/+dijKFG
PVSMmqrT0n66DsN5qX+mBPVlFp3eG1rkvM5M/Z28U4ZQWZR0r5rUNaMpqbp6eZMd
3ndVwc01txIQoBoQwak/5E6BiVAwHr/BEa8Su+YUkRzSyPlPc13CzAceFm0lwqO+
FjUyUfxnbNqvDw+g3e++h7fum7dIGtxfl64JYmlrBrvxkQUuqGlG2Gkzu79LTZhJ
6FAYTGqjkBbBqBwnlfK0BKnZhKReAm5NlyK7VMbDGbOFLp9Xjh6rZPWnAAiyzxV6
6NV7tRxAOfDONKp9mLEPmgi9vAhWP48F6g6XmEJlOLBepUWmm9CQW0bZ410ndoMd
ZAqfTn7HDqBJ+1EVs72wsMfGsIo8OLqxIFELEP+C/ARMGsCxWpkYhoKQDEL8blnv
hF8elXbJa+wCu1Nk4VoCgY5FIj4JXVR6GH0/B+uQVCN7BzF869BoLKj7fiYEmGfn
6XjQiQ5edMoLsmqhyi4N1U/Uf+O+yRqFjPTEBy+eOVmhODAX/e+PjGx8+aFZ02Kv
wmog02GShuteJW0nAj8oVumb6sj68VF1HSNW6ZxQDKBniV2SLmNknyl1ZfebdmM6
WKeX/nv9EaIHrOZ4Tt0lV2wi1bg+LTFloR+QDpFxttnXWqC0zMGvfwyX/0T+PPEa
S937Blry5rXUDIZFqHY/n3mBzGppgaZidyZm0ET5//8cAmQnnayXYPrq2tG9cSsy
mZ246OCoMTSCqEuOeM9OQRtdKEKm2BIwiNXBqzHTRBS4xweR5V7tNql59F94fZOS
M1hsFPXQ3y65hqVfdIJpBKnmGNAJ/Hoi4zUJR+6mIhTJKNwbkyuofe6/A9W+PXNf
9ceVyPZgg2Tc7WNw1+gIvo2jzQAxmoOrRM4UrmWMLBeSN1+3H7MqsUliJpidXqkO
WKNcgLFjS8oti6Xp3F6YfXwHoZi0/w5XvViMhjYX0EKwPeYPOpXiSixbRB38t/mx
gzU1OKMHYA7g04v3I717pupt5vFpWNIh+tk7k1b/LXVDml60CocIdreG8z3eLicm
SO2XuVvq+VbYbLOIeilnEziuaihor/CPofphvi0u7gGMEpxy5ruSnCKYMAbJc198
EizICR594571WBxDWaRbAHXNnhIkCp2+jVNXkK/+T8/wu+qCvoMMEMSZW9ocH3JF
BP7dFudSEpFxnIgzCg/u7xuiNtFQOfgskNLUgICbxQNuJ8xQ6xocPPLDNhxYPghk
We8MA81RQgSm7tV63flA+uQ+T/gT4rKg+gEauQa9N4s4YzUBRztXJC8Epge/PlAg
KaX5ipk5Tx5sGMc6r6Uc6bo6L26wXqYdKgDwGnFBZ6NREtzteyE264d7JHyoIOvL
xryxz6qQVDtl/i2k6dIksXZK5r07XSTo6LPKJ2i2qA/3TZ/0MdUGAdLSG9Jg5QFi
QgbrUjap169XIil0exLz+Ix2SzuRQF7VlkH2cDNTumBSC0Y0DUvBk2tNQfRH5Hdf
OZOj7IQQPn9SQIXn7wR8BN0WlrE5lxKklj/HjMPyQvBNOuqnmDoPaBy6w/p1w89Z
wcvatuiJ0dI830JMIwKL0ETlRVuu6RfKAd3L7uxp3m4572LVfVbifmmKcQ==
=66Pi
-----END PGP MESSAGE-----





From an60011 at anon.penet.fi  Thu Jun  2 18:24:37 1994
From: an60011 at anon.penet.fi (Ezekial Palmer)
Date: Thu, 2 Jun 94 18:24:37 PDT
Subject: NYT article
Message-ID: <199406030108.AA27353@xtropia>


-----BEGIN PGP SIGNED MESSAGE-----

This is essentially the same as what David posted, but it's directly from the
New York Times and it includes a few bits that were edited out of the San Jose
version.  I'd already typed this in when David's version showed up here, so I
decided to compare the two -- which helped me to find some typos (in both
versions :-) and to see the odd collection of minor stylistic differences
between the two papers.

Zeke

==============================================================================
			      The New York Times
				  Vol. CXLIII
		     Copyright (c) 1994 The New York Times
			    Thursday, June 2, 1994

		FLAW DISCOVERED IN FEDERAL PLAN FOR WIRETAPPING

			       ----------------

			   CLIPPER CHIP IS AT ISSUE

			       ----------------

Scientist at Bell Laboratories Says Criminals Can Close an Electronic Backdoor

			       ----------------

				By JOHN MARKOFF

A computer scientist at AT&T Bell Laboratories has discovered a basic flaw in
the technology that the Clinton Administration has been promoting as a way to
allow law enforcement officials to eavesdrop on electronically scrambled
telephone and computer conversations.

Someone with sufficient computer skills can defeat the Government's technology
by using it to encode messages so that not even the Government can crack them,
according to the Bell Labs researcher, Matthew Blaze.

For more than a year, the Clinton Administration has been advocating the
encoding technology as the best way to insure the privacy of telephone and
computer conversations while retaining the traditional right of law-enforcement
officials to use court-authorized wiretaps to eavesdrop on the conversations of
suspected criminals or terrorists.

The technology, based on what is known as the Clipper chip, has been widely
criticized by communications executives and privacy-rights advocates, who fear
its Big Brother potential.  The industry also fears foreign customers might
shun equipment if Washington keeps a set of electronic keys.

But now Dr. Blaze, as a result of his independent testing of Clipper, is
putting forth perhaps the most compelling criticism yet: the technology simply
does not work as advertised.  Dr. Blaze detailed his findings in a draft report
that he has been quietly circulating among computer researchers and Federal
agencies in recent weeks and which he made available on Tuesday to the New York
Times.

``The Government is fighting an uphill battle,'' said Martin Hellman, a
Stanford University computer scientist who has read Dr. Blaze's paper and who
is himself an expert in data encryption, as the field is known.  ``People who
want to work around Clipper will be able to do it.''

But the National Security Agency, the Government's electronic spying agency,
which played a lead role in developing the technology, said yesterday that
Clipper remained useful, despite the flaw uncovered by Dr. Blaze.  Agency
officials do not dispute the flaw's existence.

``Anyone interested in circumventing law-enforcement access would most likely
choose simpler alternatives,'' Michael A. Smith, the agency's director of
policy, said in a written statement in response to a reporter's questions.
``More difficult and time-consuming efforts, like those discussed in the Blaze
paper are very unlikely to be employed.''

Since announcing the Clipper coding technology 13 months ago, White House and
Justice Department officials have argued forcefully that it is a necessary
information-age compromise between the constitutional right to privacy and the
traditional powers of law enforcement officials.

The Clinton Administration intends to use Clipper, which is [sic] is trying to
promote as an industry standard, for the Government's sensitive nonmilitary
communications.  The Federal Government is the nation's largest purchaser of
information technology.

But industry executives have resisted adopting Clipper as a standard for
several reasons.  Because the underlying mathematics of the technology remain a
classified Government secret, industry officials say there is no way to be
certain that it is as secure as encoding techniques already on the market.

They also fear that Clipper's electronic ``backdoor,'' which is designed for
legal wiretapping of communications, could make it subject to abuse by the
Government or unscrupulous civilian computer experts, who might eavesdrop
without first obtaining a court order and the electronic ``keys'' that are to
be held in escrow by two Government agencies.  Privacy-rights advocates have
cited similar concerns.

Industry executives have also worried that making Clipper a Federal Government
standard would be a first step toward prescribing the technology for private
industry or requiring that it be included in sophisticated computing and
communications devices that are to be exported.

Dr. Blaze said that the flaw he discovered in the Clipper design would not
permit a third party to break a coded computer conversation.  But it would
enable two people to have a secret conversation that law enforcement officials
could not unscramble.  And that could render Clipper no more useful to the
Government than encryption technology already on the market to which it does
not hold the mathematical keys.

Circumventing Surveillance

``Nothing I've found affects the security of the Clipper system from the point
of view of people who might want to break the system,'' Dr. Blaze said in a
telephone interview yesterday.  ``This does quite the opposite.  Somebody can
use it to circumvent the law-enforcement surveillance mechanism.''

Dr. Blaze said that several simple changes to the Clipper design could correct
the flaw, but that they might be difficult to adopt because they would require
the Government to start over in designing the Clipper.

The Government has already begun ordering telephones containing the Clipper
chip for use by Federal agencies, and it is designing another Clipper-based
device, called the Tessera card, for use in personal computers.

Dr. Hellman at Stanford said that the Government was counting on most crooks
and terrorists not to go to the trouble of modifying the Clipper design or
otherwise seeking to disable it -- if they used it at all.

Oliver North Cited

He cited the example of the Reagan Administration aide Oliver North, who he
said was both intelligent and security conscious; yet he ignored the existence
of computer back-up tapes of his electronic mail messages, which were later
obtained by Federal investigators in the Iran-Contra inquiry.

One computer scientist who has been a proponent of the Clipper plan and who is
familiar with Dr. Blaze's paper said that the flaw would not immediately
subvert the system.

``I don't think this undermines the Clipper,'' Dorothy Denning, a computer
scientist at Georgetown University and part of a team chosen by the Government
to evaluate the technology, said.  ``But it's good to know what the
vulnerabilities are.''

Clipper was designed by researchers at the National Security Agency in
cooperation with computer scientists at the National Institute of Standards and
Technology, a civilian agency that is responsible for setting computer
standards for nonmilitary Government applications.

The Clipper chip is known as an ``escrowed encryption system.''  It is designed
so that law enforcement officials wishing to eavesdrop on Clipper-encoded
communications must present a court warrant and a special number -- or key --
generated by a Clipper chip to two separate Government escrow agencies.  Each
of the agencies would hold portions of a special number, which can be used
together to decode the conversation.

The flaw found by Dr. Blaze exploits the technology feature of the Clipper
system that creates the number key that can later be used by law enforcement
officials to generate the second key number.

The first number is known as the Law Enforcement Access Field, or LEAF.  The
LEAF elements includes a unique number known as the encrypted session key and a
separate number -- called a checksum -- that mathematically verifies that the
session key is valid for Clipper.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLe4igxVg/9j67wWxAQGV3AP7BYrXK/G1YKwwCwzgjSsMDXaDiG6s8oY9
jCKKOGNKNX5X5EhpuzrdNDOEEjGTEvQEONZR9scc77Fx1ZSaR629QlykRIzAY3WA
hd1mbgYcfwznY/oAPgoLkTWamMSpuyYK1fIPU/RMVh4RQypfcbUzcZDf42Ho25tI
WL1l1isAFio=
=aID9
-----END PGP SIGNATURE-----





From nelson at crynwr.com  Thu Jun  2 18:45:30 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Thu, 2 Jun 94 18:45:30 PDT
Subject: Faster way to deescrow Clipper
In-Reply-To: <9406030001.AA00327@squeamish-ossifrage.mit.edu>
Message-ID: <m0q9NOu-000IB2C@crynwr.com>


   Cc: cypherpunks at toad.com
   Date: Thu, 02 Jun 1994 20:01:10 -0400
   From: Derek Atkins <warlord at MIT.EDU>

   ...not be able to decrypt the communications, but they still get your ID.

"your ID"?  You mean your phone's ID.  Goodness gracious, if you were
a criminal, you wouldn't go out and steal someone else's Clipper
phone, would you?  Let's not get too high tech here, just because we
have the ability.

-russ <nelson at crynwr.com>      ftp.msen.com:pub/vendor/crynwr/crynwr.wav
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)    | Quakers do it in the light
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From nelson at crynwr.com  Thu Jun  2 18:50:03 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Thu, 2 Jun 94 18:50:03 PDT
Subject: no subject (file transmission)
In-Reply-To: <199406030058.RAA02965@jobe.shell.portal.com>
Message-ID: <m0q9NVH-000IB2C@crynwr.com>


   Date: Thu, 2 Jun 1994 17:58:38 -0700
   From: nobody at shell.portal.com

   Attn Pr0duct Cypher
   -----BEGIN PGP MESSAGE-----
   -----END PGP MESSAGE-----

Now that's an interesting idea for contacting people anonymously.
Have a big mailing list where you know certain people are subscribed.
Everyone gets all the mail, but they put a filter on it so that only
mail directed to their anonym is delivered to them.  Or, if they're
really paranoid, they filter them by eye.

But it's so obvious that someone probably already thought of it...

-russ <nelson at crynwr.com>      ftp.msen.com:pub/vendor/crynwr/crynwr.wav
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)    | Quakers do it in the light
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From ghio at cmu.edu  Thu Jun  2 19:33:15 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Thu, 2 Jun 94 19:33:15 PDT
Subject: Anonymous mail pool
Message-ID: <9406030231.AA29489@toad.com>


russ <nelson at crynwr.com> wrote:

>Now that's an interesting idea for contacting people anonymously.
>Have a big mailing list where you know certain people are subscribed.
>Everyone gets all the mail, but they put a filter on it so that only
>mail directed to their anonym is delivered to them.  Or, if they're
>really paranoid, they filter them by eye.
>
>But it's so obvious that someone probably already thought of it...

Yes, I think you can subscribe to a mailing list for that purpose by sending
mail to pool0-request at extropia.wimsey.com  (Please correct me if that address
is wrong.)





From ghio at cmu.edu  Thu Jun  2 19:42:32 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Thu, 2 Jun 94 19:42:32 PDT
Subject: Faster way to deescrow Clipper
Message-ID: <9406030241.AA29540@toad.com>


russ <nelson at crynwr.com> wrote:

>   From: Derek Atkins <warlord at MIT.EDU>
>
>   ...not be able to decrypt the communications, but they still get your ID.
>
>"your ID"?  You mean your phone's ID.  Goodness gracious, if you were
>a criminal, you wouldn't go out and steal someone else's Clipper
>phone, would you?  Let's not get too high tech here, just because we
>have the ability.

Or you could just steal someone else's LEAF, by keeping a copy of it, and use
that for spoofing.  Then you could have a valid IV too...





From rishab at dxm.ernet.in  Thu Jun  2 19:48:34 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 2 Jun 94 19:48:34 PDT
Subject: BBS anonymity policy
Message-ID: <gate.RPLBNc1w165w@dxm.ernet.in>


Pierre at eworld.com:

> I thought this might interest people... eWorld's "policy" on anonymity...

Commercial net providers or BBSes usually don't bother much about anonymity.
A user may want anonymity on a BBS for three reasons: 
   1. to avoid harassment, or avoid situations like Unicorn's where the 
      'outside world' gets to know your electronic views
   2. to avoid being included in statistics - though most BBSes need statistics 
      for charging or whatever
   3. to do something either illegal, or provocative to legal action, such as
      tmp's. BBS providers are unlikely to condone or want to protect such 
      users.
      
A simple way to provide anonymity for (1) is used by a BBS I'm co-sysop of.
Everyone's identity is scrupulously recorded, for billing purposes. Users can 
create any number of identities for the purposes of posting or receiving mail,
and no corelation between these pseudonyms and real ones is available to other
users. For administration purposes, all pseudonyms for real names are available
to sysops.

--------------------------------------------------------------------------
Rishab Aiyer Ghosh                                     rishab at dxm.ernet.in
Voicemail +91 11 3760335; Vox/Fax/Data 6853410
H-34C Saket New Delhi 110017 INDIA

The National Fairness to Game Animals Association says:
                                          Support your right to arm bears!
--------------------------------------------------------------------------





From rishab at dxm.ernet.in  Thu Jun  2 19:48:51 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 2 Jun 94 19:48:51 PDT
Subject: Micali's 'fair' crypto
Message-ID: <gate.ekLBNc1w165w@dxm.ernet.in>


tcmay at netcom.com (Timothy C. May):

> Bill Sommerfeld writes:
> 
> > disclaimer: I haven't read Micali's papers in detail, but I understand that
> > the "fair' cryptosystem is effectively "key escrow in software".  Actually,
> > I haven't seen his protocols discussed in any level of detail on this list.
> > An overview might help improve the S/N ratio here..
> 
> I look forward to hearing your summary, Bill! Micali's paper was
> presented at the '92 Crypto Conference ("Proceedings" should be

Micali's system is really quite simple. While one can't expect everyone to read
all Crypto Conference Proceedings in their full technical glory, at least 
read Schneier. He has a short, but clear and readable summary of "fair" crypto
and indeed most technical things we discuss here.

--------------------------------------------------------------------------
Rishab Aiyer Ghosh                                     rishab at dxm.ernet.in
Voicemail +91 11 3760335; Vox/Fax/Data 6853410
H-34C Saket New Delhi 110017 INDIA

The National Fairness to Game Animals Association says:
                                          Support your right to arm bears!
--------------------------------------------------------------------------





From rishab at dxm.ernet.in  Thu Jun  2 19:49:58 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 2 Jun 94 19:49:58 PDT
Subject: Clipper infringes patents
Message-ID: <gate.4VLBNc1w165w@dxm.ernet.in>


ddt at lsd.com (Dave Del Torto)
> >ENCRYPTION: The Clinton administration's encryption
> >  plans are having licensing troubles: The US Commerce
> >  Department's NIST is having licensing discussions
> >  with inventors over its Digital Signature Standard,
> >  and an MIT scientist claims that the Clipper chip
> >  infringes on his patents. <WSJ 5/31 p.B6>
> 
> Can someone please post the id of this "MIT Scientist?"

Micali. He claims Clipper (and escrowed systems in general) violate his
2 year old "fair" crypto patent.

--------------------------------------------------------------------------
Rishab Aiyer Ghosh                                     rishab at dxm.ernet.in
Voicemail +91 11 3760335; Vox/Fax/Data 6853410
H-34C Saket New Delhi 110017 INDIA

The National Fairness to Game Animals Association says:
                                          Support your right to arm bears!
--------------------------------------------------------------------------





From rishab at dxm.ernet.in  Thu Jun  2 19:52:23 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 2 Jun 94 19:52:23 PDT
Subject: Multiple encryption
Message-ID: <gate.78TBNc1w165w@dxm.ernet.in>


perry at imsi.com:
> Jay Prime Positive says:
> > If you suspect that some of the non DOD/NSA cyphers might be broken,
> > but you are not ready to employ one-time-pads, then you should
> > threshold you mesages into N parts so that all N are needed to recover
> > the original.  Then encrypt each part under a different cypher.
> 
> Its far simpler to encrypt your message with multiple systems, one
> after another, than to break it up in the manner you suggest, and the
> security is in fact better that way than in the manner you suggest.
> 

It's not a good idea to encrypt binaries unless you know what they are. It's
not a good idea to apply one encryption system over another unless you're
sure of what you're doing, and know the effect of the two interacting.


--------------------------------------------------------------------------
Rishab Aiyer Ghosh                                     rishab at dxm.ernet.in
Voicemail +91 11 3760335; Vox/Fax/Data 6853410
H-34C Saket New Delhi 110017 INDIA

The National Fairness to Game Animals Association says:
                                          Support your right to arm bears!
--------------------------------------------------------------------------





From rishab at dxm.ernet.in  Thu Jun  2 19:52:49 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 2 Jun 94 19:52:49 PDT
Subject: PGP 2.6 is outside the US
Message-ID: <gate.8iuBNc1w165w@dxm.ernet.in>


pauls at dcs.rhbnc.ac.uk:
> Am I jumping the gun?  Should we just let MIT's v2.6 reach an FTP site 
> somewhere outside of the USA and let it slowly (and cautiously) get 
> distributed to a small community of cypherpunks leaving the rest incompatible?
>  
> All of those inside the USA, *PLEASE* get involved with this.  It _is_ 
> important!

As I've pointed out before, MIT PGP 2.6 _is_ outside the US. I'll list just
one site:

ftp.dsi.unimi.it /pub/security/crypt/PGP/pgp26.zip

Anyway, lucky non-US users can use the better PGP 2.6ui based on the original
code which is faster than MIT PGP's RSAREF. contact mathew at mantis.co.uk

ftp.dsi.unimi.it /pub/security/crypt/PGP/pgp26ui*

--------------------------------------------------------------------------
Rishab Aiyer Ghosh                                     rishab at dxm.ernet.in
Voicemail +91 11 3760335; Vox/Fax/Data 6853410
H-34C Saket New Delhi 110017 INDIA

The National Fairness to Game Animals Association says:
                                          Support your right to arm bears!
--------------------------------------------------------------------------





From rishab at dxm.ernet.in  Thu Jun  2 19:54:24 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 2 Jun 94 19:54:24 PDT
Subject: Where to ftp ITAR docs
Message-ID: <gate.4cXBNc1w165w@dxm.ernet.in>


Matthew.Ghio at andrew.cmu.edu:

> Is there anywhere I can ftp a copy of the ITAR law?

ftp.eff.org /pub/EFF/Policy/Crypto/ITAR_export/* 

(includes lots of other relevant stuff, cantwell bill etc.)







From rishab at dxm.ernet.in  Thu Jun  2 19:55:47 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 2 Jun 94 19:55:47 PDT
Subject: DSS Diffie-Helman program
Message-ID: <gate.FFXBNc1w165w@dxm.ernet.in>


Jay Prime Positive <jpp at jpplap.markv.com>:

>   There exist signature standards other than RSA.  Perhaps the USA's
> DSS can be exported.  If not, there may well be other systems out
> there.  Feel free to implement DSS, or others.

Vouch 1.0 does DSS and encryption with Diffie-Helman key exchange. The DOS
executables are at:
garbo.uwasa.fi /pub/pc/crypt/vouch10.zip

No ITAR problems, it's been developed by Awais Hussain in Pakistan.

Freeware, no source code. Awais is not on the Net (Pakistan doesn't appear to
have a gateway), and may not be aware of the need for GPL style stuff. I'm 
trying to get in touch with him, but the only contact info in the docs is a
post box number in Islamabad, and snail mail takes time...

The program itself seems ok, with decent key management etc, though we 
obviously don't want to rely on it without available source.








From rishab at dxm.ernet.in  Thu Jun  2 19:56:03 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 2 Jun 94 19:56:03 PDT
Subject: Unicorn case
Message-ID: <gate.VTVBNc1w165w@dxm.ernet.in>


> Call me a free speech absolutist, but I believe that.
>
> --Tim May

It would be just perfect if everyone were a free speech absolutist; till then...





--------------------------------------------------------------------------
Rishab Aiyer Ghosh                                     rishab at dxm.ernet.in
Voicemail +91 11 3760335; Vox/Fax/Data 6853410
H-34C Saket New Delhi 110017 INDIA

The National Fairness to Game Animals Association says:
                                          Support your right to arm bears!
--------------------------------------------------------------------------





From joshua at cae.retix.com  Thu Jun  2 20:08:09 1994
From: joshua at cae.retix.com (joshua geller)
Date: Thu, 2 Jun 94 20:08:09 PDT
Subject: NYT article
Message-ID: <199406030307.UAA00947@sleepy.retix.com>


an interesting commercial product might be software to
do blaze's trick....

josh





From koontzd at lrcs.loral.com  Thu Jun  2 20:14:00 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Thu, 2 Jun 94 20:14:00 PDT
Subject: Faster way to deescrow Clipper
Message-ID: <9406030313.AA19017@io.lrcs.loral.com>



>From: Matthew Ghio <ghio at cmu.edu>

>Or you could just steal someone else's LEAF, by keeping a copy of it, and use
>that for spoofing.  Then you could have a valid IV too...

Were you not to mind the adversary being able to get the session key, alice
and bob could have an agreed upon modulous (XOR value) for the IV, that could
be introduced by save and restore crypto state commands and xor.

(assuming that a mode were used behaving isosynchronous.)

Would law-enforcement carl know to ask national security bruce for help?





From lefty at apple.com  Thu Jun  2 20:14:13 1994
From: lefty at apple.com (Lefty)
Date: Thu, 2 Jun 94 20:14:13 PDT
Subject: to The Atlantic
Message-ID: <9406030313.AA18027@internal.apple.com>


>the DES algorithm it approved for commercial usage is breakable by the NSA

Is this a fact or a supposition?

--
Lefty [gYon-Pa] (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From grendel at netaxs.com  Thu Jun  2 20:19:22 1994
From: grendel at netaxs.com (Michael Handler)
Date: Thu, 2 Jun 94 20:19:22 PDT
Subject: NYT article
In-Reply-To: <199406030307.UAA00947@sleepy.retix.com>
Message-ID: <199406030319.XAA05688@access.netaxs.com>


> an interesting commercial product might be software to
> do blaze's trick....

	Of course, the problem with this new nifty way to foil Clipper, 
is that most of the Clipper implementations are in hardware, ie the LEAF 
interactions and such are transparent to us mere mortals, and we can't 
modify them via software. Unless I'm missing something, it's going to 
take some hardware hacking to implement the Honorable Dr. Blaze's fix 
for Clipper.

	[ 'Scuse me, I'm going to go dust off my soldering iron. ;) ]
-- 
Michael Brandt Handler					 <grendel at netaxs.com>
Philadelphia, PA, USA	       PGP v2.6 public key via server / finger / mail
"I am iron, I am steel, nobody can touch me when I'm on the wheel"  --  Curve




From VACCINIA at UNCVX1.OIT.UNC.EDU  Thu Jun  2 21:04:46 1994
From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU)
Date: Thu, 2 Jun 94 21:04:46 PDT
Subject: LEAF forgery
Message-ID: <01HD339SYNZ6001KXP@UNCVX1.OIT.UNC.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

Perry wrote about Matt Blaze's Awesome new hack: 

>Matt Blaze should be commended for finding such a big hole. As with most 
>such ideas, its obvious in retrospect but took some good thought to come
>up with.

It is indeed a great achievement to best the NSA at its own game. This hack 
allows secure transmission and closes the LEAF backdoor. However, this only 
strengthens my belief that they don't really need this LEAF access, can you 
say trapdoor? I still wouldn't be sending anything I wanted to keep a secret
using TESSERA, even with a newly generated LEAF field. I'd wager that Matt 
wouldn't either.

Scott G. Morham             !The First, 
Vaccinia at uncvx1.oit.unc.edu !           Second
PGP Public Keys by Request  !                  and Third Levels
                            !        of Information Storage and Retrieval
                            !DNA,                       
                            !     Biological Neural Nets,
                            !                             Cyberspace

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLe6rez2paOMjHHAhAQGPyAP+PJwI4Wd6C72u1hEAqSgdIGigT2dcPjR9
12Z3/dE+GBFebt3SSXxbo9FC5v5BqyIX4mHq1LwgN9eSQIpVTEGYuB3m+RkMXVS6
mApDYkzaXE0E/vdYkTsPsn6UvePu91rxtfM2gCSPgc6Ex88UHV4E2AGN0Jfn2WRK
NyyoN68bOoU=
=vjIr
-----END PGP SIGNATURE-----





From nobody at shell.portal.com  Thu Jun  2 21:56:06 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Thu, 2 Jun 94 21:56:06 PDT
Subject: Partition Encrypters for OS/2
Message-ID: <199406030457.VAA17548@jobe.shell.portal.com>


I've noticed a couple of TSRs and device drivers for DOS that
will encrypt an entire partition.  Does anyone know of one that 
will work for OS/2 2.1?  Thanks.





From nobody at shell.portal.com  Thu Jun  2 22:07:08 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Thu, 2 Jun 94 22:07:08 PDT
Subject: Mailer questions
Message-ID: <199406030508.WAA18218@jobe.shell.portal.com>


I have a few questions about the Cypherpunk remailers that
hopefully someone can answer for me:

What is the maximum length of a "Request-Remailing-To:" header?  
Can several of them be inserted for lengthy lists?  Regarding the 
"mail-to-Usenet" posting gateways, where you typically replace 
the dots in newsgroup names with hyphens, what about groups that 
have hyphens in their names?  Can the posting software tell the 
hyphens apart?

I understand that several of the headers can be changed by using 
a "##" token instead of "::".  Which ones can be changed and 
which ones can't?

Has anyone had any experience chaining from a Cypherpunk-style 
remailer to anon.penet.fi?  Can a "::" separator be used 
successfully, or which format will work?

-----





From ghio at cmu.edu  Fri Jun  3 00:55:50 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Fri, 3 Jun 94 00:55:50 PDT
Subject: Mailer questions
Message-ID: <9406030754.AA02490@toad.com>


nobody at shell.portal.com wrote:
 
> I have a few questions about the Cypherpunk remailers that
> hopefully someone can answer for me:
>
> What is the maximum length of a "Request-Remailing-To:" header?
 
Generally, as much as you can fit on the line.  If you're running out
of space in your particular mail editor, try using "Anon-To:" instead.
 
> Can several of them be inserted for lengthy lists?
 
If you mean chaining remailers, then yes.  If you mean the ability
to send to multiple recipients, then no.  Most remailers don't
allow multiple recipients.  This is due to our friend Detweiler
who likes to experiment with exponential growth phenomena.
 
> Regarding the "mail-to-Usenet" posting gateways, where you
> typically replace the dots in newsgroup names with hyphens,
> what about groups that have hyphens in their names?  Can the
> posting software tell the hyphens apart?
 
Obviously you have not read my info file on the remailers.
Finger remailer-list at chaos.bsu.edu or send mail to
mg5n+remailers at andrew.cmu.edu   It lists many mail-to-usenet
gateways which will accept dots.
 
> I understand that several of the headers can be changed by using
> a "##" token instead of "::".  Which ones can be changed and
> which ones can't?
 
When headers follow a ## token, they are simply added into the
output file without any processing.  Headers following the ::
token are processed as commands in normal headers.
 
This seems to have caused some confusion with respect to the
Subject: header.  Most remailers pass the subject header unaltered.
If there is a subject header following the :: token, it will be
treated as if it were a normal header, and passed thru to the
outgoing message.  A subject can also be added (like any other header)
following the ## token.  However, if you have a subject line in
the headers, and another following the ## token, the original subject
gets passed thru, and the second one then gets appended, resulting
in both Subject lines being present in the output file.
 
My remailer (ghio at kaiwan.com) will strip out a blank subject line,
so that you can insert one with the ## if you wish.  I think
Hal Finney's remailer is set up the same way.  Chael Hall's remailers
(bsu.edu) always remove the subject line, so you must insert it
with the ## header if you want one.
 
> Has anyone had any experience chaining from a Cypherpunk-style
> remailer to anon.penet.fi?  Can a "::" separator be used
> successfully, or which format will work?
 
I think it can be done...





From sidney at taurus.apple.com  Fri Jun  3 00:59:58 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Fri, 3 Jun 94 00:59:58 PDT
Subject: Faster way to deescrow Clipper
Message-ID: <9406030758.AA04800@federal-excess.apple.com>


Could someone please enlighten me on this: It seems from the descriptions
of the hack to fake a LEAF that 1) When two Clipper chips are going to
communicate, one of them generates the session key and sends a LEAF to the
other chip, 2) The second chip recognizes the LEAF as being valid based on
the validity of the checksum, but does not determine the session key from
the LEAF.

If that's the case, then 1) How does the second chip find out what the
session key is? 2) Doesn't the second chip also have to generate and send a
LEAF, if for no other reason than to identify itself to the wiretappers,
and if so won't that give away the session key if that chip's device is not
also hacked? 3) If all that is needed for this hack is a LEAF with a proper
checksum, why go through the brute force method of generating random LEAFs?
Why not just buy (or steal or whatever) another Clippered device that you
never use for real communication so the wiretappers have no record of who
has that serial number, and get LEAFs from it? For that matter, why can't
you obtain one LEAF from listening to anybody's Clippered transmission and
use it over and over again?

It can't be *that* simple, can it?

 -- sidney <sidney at taurus.apple.com>








From eagle at deeptht.armory.com  Fri Jun  3 01:35:14 1994
From: eagle at deeptht.armory.com (Jeff Davis)
Date: Fri, 3 Jun 94 01:35:14 PDT
Subject: Mailer questions
In-Reply-To: <9406030754.AA02490@toad.com>
Message-ID: <9406030135.aa03511@deeptht.armory.com>


Today I used the catalyst at netcom.com remailer to send an anonymous
contribution to a list.  They're raising hell about anonymity in their
list, but that's beside the point.  The message also showed up on a
seperate beta test list.  I assume this was done manually by 
<mcstout at netcom.com> bouncing the message to the other list, since he
is the sigular person on the planet subscribed to both lists.  mcstout
has been a quite vocal detractor of my catalyst contributions to the
other list.  I thus strongly suspect manual sabotage.  There was no
flaw in the Request-Remailing-To: adress.

Could someone please confirm that this was not a quirck of the remailer?

-- 
PGP PUBLIC KEY via finger!  JAFEFFM  Speaking & Thinking For Myself!
 
* eagle at deeptht.armory.com			email info at eff.org *
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
***** Committed to Free Public Internet Access for World Peace *****





From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Fri Jun  3 01:47:55 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Fri, 3 Jun 94 01:47:55 PDT
Subject: Mosaic / CEB / CypherEssay Archive and List
Message-ID: <770631019/vac@FURMINT.NECTAR.CS.CMU.EDU>



I think that Mosaic pages are the way to go these days.  These
are not hard to write and they are very nice to use.  For some 
interesting examples of what can be done, check out some of the 
existing cypherpunk mosaic pages:

   ftp://soda.berkeley.edu/pub/cypherpunks/Home.html
   ftp://ftp.u.washington.edu/public/phantom/cpunk/README.html
   http://www.quadralay.com/www/Crypt/Crypt.html
   http://digicash.support.nl
   ftp://furmint.nectar.cs.cmu.edu/security/README.html
   http://pmip.maricopa.edu/crypt/cypherpunks

I think it would be good to have a "cypherpunks-essay" mailing list
that was not moderated but people only sent essays that they thought
were good enough to be archived.  For starters, people can just
CC: mail to "vac+cypheressay" and it will get dropped into a separate
file in:

 ftp://furmint.nectar.cs.cmu.edu/security/cypheressay

My "vac+cypheressay" was done with one line in my .maildelivery
and a short shell script I call "save-numbered".  Both are below
(note the A.I. methods used to moderate mail).

Having a "cypherpunks-essay" mailing list on the same machine as 
"cypherpunks" could be nice for folks who want a lower volume group.
Could have mail to it also go to cypherpunks, and Reply-To: also 
go to cypherpunks.  

   -- Vince


Addr vac+cypheressay  pipe R /usr/vac/bin/save-numbered  /usr/anon/security/cypheressay


#!/bin/csh -f
#
# This is not totally safe as it is not atomic.  If two messages
# came at the same time there is a chance one would get lost.
# For a low volume list this will not be a problem.

cd $1

umask 022

set current = `cat num`
  @ next = $current + 1
echo $next > num

cat >> $next

# Moderator says no reply messages
grep "Re:" $next
if ($status == 0) then
    /bin/rm $next
endif








From usura at vox.hacktic.nl  Fri Jun  3 02:01:06 1994
From: usura at vox.hacktic.nl (Usura)
Date: Fri, 3 Jun 94 02:01:06 PDT
Subject: Mailer questions
Message-ID: <060394102852Rnf0.78@vox.hacktic.nl >


ghio at cmu.edu (Matthew Ghio) writes:


>> What is the maximum length of a "Request-Remailing-To:" header?
> 
>Generally, as much as you can fit on the line.  If you're running out
>of space in your particular mail editor, try using "Anon-To:" instead.

The remailers at VoX are running under dos so the maximum length is 
128 symbols. VoX accepts X-Anon-To: and the lenghty Request-Remailing-To:
it does _not_ support Anon-To:  [note to some hip edu site !!]

>> I understand that several of the headers can be changed by using
>> a "##" token instead of "::".  Which ones can be changed and
>> which ones can't?

VoX doesn't support ##.
 
>> Has anyone had any experience chaining from a Cypherpunk-style
>> remailer to anon.penet.fi?  Can a "::" separator be used
>> successfully, or which format will work?
> 
>I think it can be done...

I know it can be done...

--
Exit! Stage Left.
Alex de Joode                                 <usura at vox.hacktic.nl>





From ddt at lsd.com  Fri Jun  3 03:18:07 1994
From: ddt at lsd.com (Dave Del Torto)
Date: Fri, 3 Jun 94 03:18:07 PDT
Subject: CLIP: flaw found?
Message-ID: <199406031017.DAA04022@netcom.netcom.com>


"Nothing can be made to be foolproof: fools are far too ingenious." -dave

>Newsgroups: xpress.news.usa
>From: xpress (Associated Press)
>Date: 2 Jun 94 03:57:00 GMT
>X-Category: NA*N****
>Subject: Times: Flaw Found In Wiretap
>
>NEW YORK (AP)
>
>A computer scientist has discovered a basic flaw in coding technology that the
>Clinton administration has been promoting as a standard for electronic
>communications, The New York Times reported Thursday.
>
>Matthew Blaze, a researcher at AT&T Bell Laboratories, told the Times his
>research had shown that someone with sufficient computer skills can beat the
>government's technology by encoding messages so that no one, not even the
>government, can crack them.
>
>The administration has been urging private industry to adopt the so-called
>"Clipper chip" as a standard encoding system. The government says telephone and
>computer messages sent with the chip cannot be read by an outsider but can be
>decoded by government law-enforcement agencies.
>
>Officials fear that without such a system, wiretaps would be useless against
>criminals and terrorists because their communications could be hidden in
>unbreakable codes. But communications executives and privacy-rights experts
>fear the potential for snooping and worry that foreign customers wouldn't buy
>the equipment if Washington could snoop on it.
>
>Blaze said the flaw he discovered in the Clipper design would not permit a
>third party to break a coded computer conversation. But it would enable two
>people to have a secret conversation that law enforcement officials could not
>unscramble.
>
>Blaze said a draft report of his findings has been circulating among computer
>experts and federal agencies.
>
>The National Security Agency, which played a leading role in developing the
>technology, does not dispute the flaw's existence, but believes the Clipper
>remains useful anyway, the Times said.
>
>Michael A. Smith, the agency's director of planning, told the Times in a
>written response to questions that the flaw found by Blaze was difficult enough
>to exploit that most people wishing to circumvent the system would find other
>ways to do it.
>
>Martin Hellman, a Stanford University expert on data encryption who has read
>Blaze's paper, said: "The government is fighting an uphill battle. ... People
>who want to work around Clipper will be able to do it."







From ddt at lsd.com  Fri Jun  3 03:24:50 1994
From: ddt at lsd.com (Dave Del Torto)
Date: Fri, 3 Jun 94 03:24:50 PDT
Subject: MacPGP 2.6ui yet?
Message-ID: <199406031024.DAA04498@netcom.netcom.com>


Everyone,

Has David Sternlight's worst nightmare made it to a Mac version yet?

At  5:42 pm 5/27/94 +0100, mathew at mantis.co.uk (mathew) wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>This is to announce an unofficial release of PGP, based on 2.3a,
>modified for interoperability with MIT's PGP 2.6.

   dave







From cdodhner at indirect.com  Fri Jun  3 04:06:27 1994
From: cdodhner at indirect.com (Christian D. Odhner)
Date: Fri, 3 Jun 94 04:06:27 PDT
Subject: Anon Remailers + Clueless people = funny
Message-ID: <YyixjepAk1fJ064yn@indirect.com>


-------- Forwarded message --------
Newsgroups: alt.sex.pedophile.mike-labbe,alt.sex.intergen,alt.sex.bondage,can.infobahn,can.general,can.legal,soc.culture.canada,ont.general,alt.usenet.kooks
Date: Thu, 2 Jun 1994 12:08:30 GMT
From: nightfly at netcom7.netcom.com (Nightfly)
Subject: Re: Huge Porno Ring uncovered in Canada - audio report available


In article <2sj9a0$akq at agate.berkeley.edu> Tommy the Tourist <nobody at soda.berkeley.edu> writes:

   Notice to all computer geeks in Canada!
   Got any "erotic" Gifs ?  Delete them quick!
   Various Canadian Law enforcement agencies are about
   to redouble their efforts to stamp out pornography.

   Canadian Police are calling for a large scale crackdown on child pornography.
   It all started with two video tapes found by the river.  The investigation
   has blossomed and resulted in more than 30 arrests.

[yabbada yabbada yabbada]

Take this with a big grain of salt, people.  Tommy the Tourist has to
be the biggest dust case on the net.  Verify this through another source
before you start chewing up and swallowing your floppies.

Note addition of alt.usenet.kooks in the Newsgroups: line.


			*blink* Nightfly *blink*






From perry at imsi.com  Fri Jun  3 04:43:42 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 04:43:42 PDT
Subject: Black Eye for NSA, NIST, and Denning
In-Reply-To: <9406022244.AA18607@io.lrcs.loral.com>
Message-ID: <9406031142.AA03737@snark.imsi.com>



David Koontz says:
> Gee, now that mab at research.att.com (Matt Blaze), knows where to find
> the checksum,

Actually, he doesn't. He only knows how long it is, and what went into
generating it. That is enough.

> and by extension the unit id (Which shows up on labels
> in photos on the literature from Mykotronx) - providing a known plaintext,
> maybe someone will start working on the family key?

Skipjack is presumably immune to such attacks except by brute force. I
suspect that short of starting to reverse engineer the chip little
enough is known to provide information on the plaintext sufficient to
even know when you have cracked it. The encryption mode for the LEAF
is said to be unusual. All these things bode poorly for such a crack.

Perry





From perry at imsi.com  Fri Jun  3 04:47:02 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 04:47:02 PDT
Subject: Black Eye for NSA, NIST, and Denning
In-Reply-To: <9406022313.AA00210@squeamish-ossifrage.mit.edu>
Message-ID: <9406031145.AA03747@snark.imsi.com>



Derek Atkins says:
> The format of the LEAF block is public knowledge.  Here is how it
> is formed:

Er, the CONTENT of the LEAF block is approximately known (the method
for computing the checksum is not public knowledge, for instance) but
there isn't any public data (to my knowledge) on things like what
the format of the block actually is.

Perry





From pcw at access.digex.net  Fri Jun  3 04:48:01 1994
From: pcw at access.digex.net (Peter Wayner)
Date: Fri, 3 Jun 94 04:48:01 PDT
Subject: News Flash: Clipper Bug?
Message-ID: <199406031147.AA06752@access1.digex.net>


>> One thing this shows, even if the application of the technique turns out
>> to be too difficult to be practical, is that Dorothy Denning's evaluation
>> of the design was worthless.  That team should have found this themselves.
>> No wonder she was trying to play it down in the NYT.
>
>It was my understanding that Denning was just looking at the Skipjack
>algorithm, and not the clipper unit as a whole.  I wouldn't be too quick
>to condemn her on this point.

Of course, Dorothy Denning could simply say, "Gosh, the Blaze result
shows how to make Clipper _more_ secure for the average user. Now they
don't have to worry about the government. I stand by my assessment that
it is secure."







From perry at imsi.com  Fri Jun  3 05:02:27 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 05:02:27 PDT
Subject: Black Eye for NSA, NIST, and Denning
In-Reply-To: <9406022314.AA00217@squeamish-ossifrage.mit.edu>
Message-ID: <9406031201.AA03789@snark.imsi.com>



Derek Atkins says:
> > brute force search for one quite practical -- especially since it only
> > need be done once.
> 
> actually, it needs to be done once per session key (i.e., when you
> change the session key, you need to re-issue a LEAF)

However, it can be done in advance, and you can conceivably reuse
forged LEAFs.

I've come up with what I believe to be a pretty good algorithm to
prevent this problem. I would like to patent it so that I can then
charge exhorbitant sums of manufacturers should the technique be
incorporated in a future EES design. Anyone know where I can find a
cheap patent attorney?

Perry





From perry at imsi.com  Fri Jun  3 05:06:39 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 05:06:39 PDT
Subject: Faster way to deescrow Clipper
In-Reply-To: <01HD2TUJI8NC95Q50V@delphi.com>
Message-ID: <9406031157.AA03771@snark.imsi.com>



Mike Ingle says:
> The attack posted here uses a brute-force search to find a phony LEAF
> which has a valid checksum. Instead, why not just initialize the chip
> with a session key and get the LEAF. Reset the chip and initialize it
> with a different session key, but send the first LEAF instead of the
> second one.

An interesting idea. 

> The LEAF would look good unless you tried to decrypt the
> session key. The wrong-IV problem would remain. The NSA should have
> designed the Clipper so that, if the IV was wrong, the chips would not
> accept the LEAF.

That can't be done, I'm afraid. Its way to difficult to distinguish a
bad IV from line noise nuking the first block of your CBC
conversation.

> They also should have used a much larger (32-bit or even 64-bit) checksum.

Matt suggests precisely that in his paper.

Perry





From perry at imsi.com  Fri Jun  3 05:15:49 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 05:15:49 PDT
Subject: NYT article
In-Reply-To: <199406030307.UAA00947@sleepy.retix.com>
Message-ID: <9406031214.AA03817@snark.imsi.com>



joshua geller says:
> an interesting commercial product might be software to
> do blaze's trick....

You can't build it -- the EES is not available as an algorithmic
specification to the public -- only as hardware.

Perry





From perry at imsi.com  Fri Jun  3 05:17:55 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 05:17:55 PDT
Subject: to The Atlantic
In-Reply-To: <9406030313.AA18027@internal.apple.com>
Message-ID: <9406031217.AA03827@snark.imsi.com>



Lefty says:
> >the DES algorithm it approved for commercial usage is breakable by the NSA
> 
> Is this a fact or a supposition?

Its a fact that it can currently break DES, yes. I'll admit that I
have no direct proof, but I would imagine that since DES crackers can
be built for only $1mil or so, they almost certainly have them or
things even more sophisticated. After all, DES is widely used, and
their job is to break encrypted traffic.

I would not agree that there is a "back door" in DES, however. None is
needed anyway.

Perry






From perry at imsi.com  Fri Jun  3 05:21:12 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 05:21:12 PDT
Subject: Faster way to deescrow Clipper
In-Reply-To: <9406030313.AA19017@io.lrcs.loral.com>
Message-ID: <9406031220.AA03835@snark.imsi.com>



David Koontz says:
> 
> >From: Matthew Ghio <ghio at cmu.edu>
> 
> >Or you could just steal someone else's LEAF, by keeping a copy of
> >it, and use that for spoofing.  Then you could have a valid IV
> >too...
> 
> Were you not to mind the adversary being able to get the session key, alice
> and bob could have an agreed upon modulous (XOR value) for the IV, that could
> be introduced by save and restore crypto state commands and xor.
> 
> (assuming that a mode were used behaving isosynchronous.)
> 
> Would law-enforcement carl know to ask national security bruce for help?

What the hell are you talking about? Indeed, what the hell have you
been talking about for days?





From joshua at cae.retix.com  Fri Jun  3 05:21:23 1994
From: joshua at cae.retix.com (joshua geller)
Date: Fri, 3 Jun 94 05:21:23 PDT
Subject: NYT article
Message-ID: <199406031220.FAA01092@sleepy.retix.com>




> joshua geller says:
> > an interesting commercial product might be software to
> > do blaze's trick....
 
> You can't build it -- the EES is not available as an algorithmic
> specification to the public -- only as hardware.

quite true. I was mistaken.

josh





From perry at imsi.com  Fri Jun  3 05:23:41 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 05:23:41 PDT
Subject: LEAF forgery
In-Reply-To: <01HD339SYNZ6001KXP@UNCVX1.OIT.UNC.EDU>
Message-ID: <9406031222.AA03843@snark.imsi.com>



VACCINIA at uncvx1.oit.unc.edu says:
> It is indeed a great achievement to best the NSA at its own game. This hack 
> allows secure transmission and closes the LEAF backdoor. However, this only 
> strengthens my belief that they don't really need this LEAF access, can you 
> say trapdoor?

Your belief is without evidence. Its a supposition. I'd say that the
NSA has a lot to lose by putting holes in Skipjack.

None the less, I wouldn't use Skipjack, because I don't trust things I
don't know the design of. Unless people can widely examine Skipjack
I'd say it isn't trustworthy.

There also is, of course, a very slim chance that they were silly
enough to make Skipjack intentionally weak. However, that isn't a
major factor IMHO.

Perry





From pcw at access.digex.net  Fri Jun  3 05:38:32 1994
From: pcw at access.digex.net (Peter Wayner)
Date: Fri, 3 Jun 94 05:38:32 PDT
Subject: Denning and Clipper...
Message-ID: <199406031237.AA09080@access1.digex.net>


>> One thing this shows, even if the application of the technique turns out
>> to be too difficult to be practical, is that Dorothy Denning's evaluation
>> of the design was worthless.  That team should have found this themselves.
>> No wonder she was trying to play it down in the NYT.
>
>It was my understanding that Denning was just looking at the Skipjack
>algorithm, and not the clipper unit as a whole.  I wouldn't be too quick
>to condemn her on this point.

Of course, Dorothy Denning could simply say, "Gosh, the Blaze result
shows how to make Clipper _more_ secure for the average user. Now they
don't have to worry about the government. I stand by my assessment that
it is secure."







From perry at imsi.com  Fri Jun  3 05:48:42 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 05:48:42 PDT
Subject: Faster way to deescrow Clipper won't work
In-Reply-To: <9406030758.AA04800@federal-excess.apple.com>
Message-ID: <9406031247.AA03875@snark.imsi.com>



Allow me to clear up a major misconception here, which I initially
shared. According to Matt, the cleartext of the session key and the IV
are both components that go into the checksum. Therefore, the remote
EES unit CAN determine that you've spoofed them if you attempt a
shortcut like reusing a LEAF generated by another unit. You really
have to test lots of pseudoLEAFs against a test unit that you've
handed a session key to.

Perry

Sidney Markowitz says:
> Could someone please enlighten me on this: It seems from the descriptions
> of the hack to fake a LEAF that 1) When two Clipper chips are going to
> communicate, one of them generates the session key and sends a LEAF to the
> other chip, 2) The second chip recognizes the LEAF as being valid based on
> the validity of the checksum, but does not determine the session key from
> the LEAF.

Correct. However, remember that it tests the checksum against an IV
and session key.

> If that's the case, then 1) How does the second chip find out what the
> session key is?

"It depends". Diffie-Hellman, prearrangement, via a public key
mediated exchange, or anything else that seams reasonable.

> 3) If all that is needed for this hack is a LEAF with a proper
> checksum, why go through the brute force method of generating random LEAFs?

See above -- the problem is that of finding a LEAF with a proper
checksum that corresponds to the session key.

Perry





From perry at imsi.com  Fri Jun  3 05:55:30 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 05:55:30 PDT
Subject: Black Eye for NSA, NIST, and Denning
In-Reply-To: <9406031201.AA03789@snark.imsi.com>
Message-ID: <9406031254.AA03892@snark.imsi.com>



"Perry E. Metzger" says:
> However, it can be done in advance, and you can conceivably reuse
> forged LEAFs.

I will point out something that I didn't quite understand myself but
have since discussed with Matt Blaze in some detail -- LEAF checksums
are tied to session keys. You CAN do this in advance but only if your
key exchange will permit you to generate your session keys in advance,
too. Obviously, reusing forged LEAFs requrire requires reusing sesison
keys.

Perry





From perry at imsi.com  Fri Jun  3 05:57:00 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 05:57:00 PDT
Subject: Faster way to deescrow Clipper
In-Reply-To: <9406031157.AA03771@snark.imsi.com>
Message-ID: <9406031255.AA03902@snark.imsi.com>



"Perry E. Metzger" says:
> 
> Mike Ingle says:
> > The attack posted here uses a brute-force search to find a phony LEAF
> > which has a valid checksum. Instead, why not just initialize the chip
> > with a session key and get the LEAF. Reset the chip and initialize it
> > with a different session key, but send the first LEAF instead of the
> > second one.
> 
> An interesting idea. 

As I've now found out (I forwarded the message to Matt -- his paper
wasn't clear on this point) this won't work. As I've said in other
messages, session keys are an element of the method used to generate
the checksum buried in the LEAF.

Perry





From frissell at panix.com  Fri Jun  3 05:57:37 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 3 Jun 94 05:57:37 PDT
Subject: Matt Blaze & Tessera Linked in NYT Again
Message-ID: <Pine.3.87.9406030823.A24121-0100000@panix.com>


Check the first page of the Bussiness Section of this morning's NYT for 
an article by John Markoff on Matt and Tessera.

" 'The point is that the back door has a broken hinge,' said William 
Ferguson, vice president of Semaphore Corporation"


DCF






From frissell at panix.com  Fri Jun  3 06:24:08 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 3 Jun 94 06:24:08 PDT
Subject: Matt Blaze & Tessera Linked in NYT Again
In-Reply-To: <Pine.3.87.9406030823.A24121-0100000@panix.com>
Message-ID: <Pine.3.87.9406030908.A29624-0100000@panix.com>


To answer myself...

I also wanted to point out that Matt says his Clipper attack only works 
with Tessera not Clipperphone.

DCF

"See 'A Century of (Commie) Women' next Wednesday from Turner 
Broadcasting.  Several hours of the history of American women in the 20th 
Century that fails to uncover a single non-socialist in the bunch."






From gtoal at an-teallach.com  Fri Jun  3 06:45:52 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 3 Jun 94 06:45:52 PDT
Subject: HACK - U HAVE NO PRIVACY
Message-ID: <199406031344.OAA00681@an-teallach.com>


Please tell me you posted this as a joke and didn't even contemplate
it for a microsecond!  Haven't you ever heard of Craig Shergold?

Say, you're not the same lefty who's listed in the alt.syntax.tactical
FAQ are you?

G





From gtoal at an-teallach.com  Fri Jun  3 06:49:47 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 3 Jun 94 06:49:47 PDT
Subject: no subject (file transmission)
Message-ID: <199406031348.OAA00798@an-teallach.com>


See Tim May's "blacknet" spoof from last year.  Anonymous mail pools
have been the subject of long discussions.  We were talking about it
just last week actually - I pointed out that with suitable newsclip
software you didn't even need a designated pool group.

G
PS I got thrown off the machine I was using to run the newsclip
stuff on, so no more experiments with that for a long time...





From rishab at dxm.ernet.in  Fri Jun  3 07:03:18 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Fri, 3 Jun 94 07:03:18 PDT
Subject: The Delhi Detweiler
Message-ID: <gate.VJ3cNc1w165w@dxm.ernet.in>


gtoal at an-teallach.com (Graham Toal):
> PPS While in paranoid mode, I thought I'd mention that I've noticed
> some of Detweiler's mannerisms emanating from email in New Delhi of
> all places.  Weird.  I think I must be cracking up.


I've been worried myself, BBSes here have had a number of posts against those
who oppose our Government's recent moves to be nasty to BBSes. The style of 
these posts is very Detweiler; maybe you can now get a degree in Detweilerese?

Or did you mean me ;-)

--------------------------------------------------------------------------
Rishab Aiyer Ghosh                                     rishab at dxm.ernet.in
Voicemail +91 11 3760335; Vox/Fax/Data 6853410
H-34C Saket New Delhi 110017 INDIA

The National Fairness to Game Animals Association says:
                                          Support your right to arm bears!
--------------------------------------------------------------------------





From frissell at panix.com  Fri Jun  3 07:06:54 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 3 Jun 94 07:06:54 PDT
Subject: IMP (was Re: ecash-info (
Message-ID: <199406031405.AA09409@panix.com>



H >   2.) It seems to me that that e-cash, contrary to the status quo's 
H >thinking,
H >   is *critical* to internet commerce. 
H >
H >No, it's not critical.  Some form of transaction mechanism is
H >critical.  Privacy is not critical to the bulk of the economy, 
H >though.  Face up to it.  If it were, it would be so obvious that we
H >wouldn't be discussing it on a mailing list.  In fact, _we_ wouldn't be 
H >discussing it, but rather a whole bunch of bank vice presidents.



The nicest thing about electronic money is not that anonymous digital cash 
is possible. but that the money is electronic.  This means cheap 
transaction costs.  This means that even if "banks" deploy ID-based rather 
than anonymous transaction systems, civilians can quickly step in and 
offer to broker anonymous transactions for those who prefer their privacy. 
 
Just as you can cash checks for other people today, you will be able to 
carry out transactions for others on the nets.  Since it is much easier to 
operate these kinds of services in an electronic payment system with 
automation and on-line verification, suppliers should appear if the demand 
warrants.  Since people will be in different physical locations and legal 
jurisdictions proof of wrong doing will be hard to come by.

DCF

"It is perfectly possible to overthrow the old order without picking up a 
gun or violating any (significant) law.  If the conditions of human life 
change as radically and rapidly as they seem destined to, the (always 
bizarre) notion that groups of small oligarchies are competent to run the 
lives of everyone on earth will be swept aside almost accidentally as 
people move into their new lives." -- DCF
--- WinQwk 2.0b#1165                                                                             





From sommerfeld at localhost.medford.ma.us  Fri Jun  3 07:12:47 1994
From: sommerfeld at localhost.medford.ma.us (Bill Sommerfeld)
Date: Fri, 3 Jun 94 07:12:47 PDT
Subject: more info from talk at MIT yesterday.
Message-ID: <199406031357.JAA00376@localhost>


The folks from the NSA said the following about key generation:
	
	- each escrow agency provides a "seed key", seed1 and seed2
	- the box which programs the chip generates two random keys,
	random1 and random2
	- for each chip programmed during that batch (which is "12 to
14 hours of production"), the box computes a
	classified deterministic function
		(U1, U2) = F(serial, random1, random2, seed1, seed2)
	to generate the unit keys


They did *not* explicitly say that the random seeds were destroyed at
the end of the production run.

Also, someone asked
	"How do we know that the unit key isn't a hash function of
	the chip serial number?"

The answer was:

	"You don't".

They also confirmed Tom Knight's suspicions about what they're going
to do when someone reverse engineers the chip and publishes the
Skipjack algorithm & the family key: they've got a patent application
filed, under a secrecy order; if the algorithm is published, they'll
lift the secrecy order and have the patent issued, and use that to go
after anyone making a compatible version.

They also had a comment that they considered Blaze's findings to be
mostly irrelevant, as the only people who would use it would be
persons who *didn't* trust the escrow system, but *did* trust the
algorithm...

					- Bill





From perry at imsi.com  Fri Jun  3 07:35:04 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 07:35:04 PDT
Subject: more info from talk at MIT yesterday.
In-Reply-To: <199406031357.JAA00376@localhost>
Message-ID: <9406031434.AA04149@snark.imsi.com>



Bill Sommerfeld says:
> They also had a comment that they considered Blaze's findings to be
> mostly irrelevant, as the only people who would use it would be
> persons who *didn't* trust the escrow system, but *did* trust the
> algorithm...

Since the stated purpose of a voluntary key escrow system is to
provide government tested cryptography that cannot be used against the
government, Matt's result hurts the STATED purpose of the technology.
Naturally they would be unwilling to admit this.

Perry






From perry at imsi.com  Fri Jun  3 07:37:37 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 07:37:37 PDT
Subject: more info from talk at MIT yesterday.
In-Reply-To: <199406031357.JAA00376@localhost>
Message-ID: <9406031436.AA04161@snark.imsi.com>



Bill Sommerfeld says:
> They also confirmed Tom Knight's suspicions about what they're going
> to do when someone reverse engineers the chip and publishes the
> Skipjack algorithm & the family key: they've got a patent application
> filed, under a secrecy order; if the algorithm is published, they'll
> lift the secrecy order and have the patent issued, and use that to go
> after anyone making a compatible version.

Since when can the government patent its work? I thought that works
produced by government agencies could not be copyrighted or patented.

In any case, they cannot refuse to license a patent, so this isn't
real protection anyway. (The hope behind people patenting things they
may release in the future is to make it commercially less attractive,
not to utterly prevent use.)

Perry





From bwallet at mason1.gmu.edu  Fri Jun  3 07:50:44 1994
From: bwallet at mason1.gmu.edu (Bradley C Wallet)
Date: Fri, 3 Jun 94 07:50:44 PDT
Subject: more info from talk at MIT yesterday.
In-Reply-To: <9406031436.AA04161@snark.imsi.com>
Message-ID: <Pine.3.89.9406031050.A14457-0100000@mason1.gmu.edu>


On Fri, 3 Jun 1994, Perry E. Metzger wrote:

> Since when can the government patent its work? I thought that works
> produced by government agencies could not be copyrighted or patented.

nope, government patents its inventions all the time...





From adam at bwh.harvard.edu  Fri Jun  3 08:04:26 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Fri, 3 Jun 94 08:04:26 PDT
Subject: more info from talk at MIT yesterday.
In-Reply-To: <9406031436.AA04161@snark.imsi.com>
Message-ID: <199406031503.LAA15327@duke.bwh.harvard.edu>


Bill Sommerfeld says:
> They also confirmed Tom Knight's suspicions about what they're going
> to do when someone reverse engineers the chip and publishes the
> Skipjack algorithm & the family key: they've got a patent application
> filed, under a secrecy order; if the algorithm is published, they'll
> lift the secrecy order and have the patent issued, and use that to go
> after anyone making a compatible version.

	An interesting variant of this tactic might be for the folks
who reverse engineer Clipper/SkipJack to go off and patent it in
*other* countries, thus making it impossible to sell or use Clipper
outside of the USA.

Adam






From werner at mc.ab.com  Fri Jun  3 08:05:02 1994
From: werner at mc.ab.com (werner at mc.ab.com)
Date: Fri, 3 Jun 94 08:05:02 PDT
Subject: more info from talk at MIT yesterday.
Message-ID: <9406031505.AA00684@werner.mc.ab.com>


>Date: Fri, 03 Jun 1994 10:36:37 -0400
>From: "Perry E. Metzger" <perry at imsi.com>
>
>Since when can the government patent its work? I thought that works
>produced by government agencies could not be copyrighted or patented.

I'm not sure of the details, but I know the law in this area was changed
during the Reagan administration to unfetter U.S. companies who had done
research that was partially govt. funded.

Under the old rules, foreign companies could take advantage of work that
could not be patented or otherwise protected by trade secret.  Thus,
technologies that were developed through govt.-funded work were acquired
for free and used against the U.S. in global economic competition.

Not sure about work that is completely government-produced, but what did
the government ever come up with all on its own, anyway?

I do know that my company is currently engaged in several joint projects
with the government as a result of the new regulations, and part of the
deal is that we retain the rights to the inventions.

tw





From smb at research.att.com  Fri Jun  3 08:06:26 1994
From: smb at research.att.com (smb at research.att.com)
Date: Fri, 3 Jun 94 08:06:26 PDT
Subject: more info from talk at MIT yesterday.
Message-ID: <9406031506.AA08491@toad.com>


	 
	 Bill Sommerfeld says:
	 > They also confirmed Tom Knight's suspicions about what they're going
	 > to do when someone reverse engineers the chip and publishes the
	 > Skipjack algorithm & the family key: they've got a patent applicatio
	n
	 > filed, under a secrecy order; if the algorithm is published, they'll
	 > lift the secrecy order and have the patent issued, and use that to g
	o
	 > after anyone making a compatible version.

	 Since when can the government patent its work? I thought that works
	 produced by government agencies could not be copyrighted or patented.

The government can patent things, but not copyright them.

	 In any case, they cannot refuse to license a patent, so this isn't
	 real protection anyway. (The hope behind people patenting things they
	 may release in the future is to make it commercially less attractive,
	 not to utterly prevent use.)

Why can't they refuse to license a patent?





From perry at imsi.com  Fri Jun  3 08:06:57 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 08:06:57 PDT
Subject: more info from talk at MIT yesterday.
In-Reply-To: <199406031503.LAA15327@duke.bwh.harvard.edu>
Message-ID: <9406031506.AA04226@snark.imsi.com>



Adam Shostack says:
> 	An interesting variant of this tactic might be for the folks
> who reverse engineer Clipper/SkipJack to go off and patent it in
> *other* countries, thus making it impossible to sell or use Clipper
> outside of the USA.

That might work. Many other countries follow "first to file" rather
than "first to invent".

Perry





From perry at imsi.com  Fri Jun  3 08:16:35 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 08:16:35 PDT
Subject: more info from talk at MIT yesterday.
In-Reply-To: <199406031507.LAA19328@wintermute.imsi.com>
Message-ID: <9406031516.AA04246@snark.imsi.com>



smb at research.att.com says:
> Why can't they refuse to license a patent?

I was under the impression that the law obligated you to license
patents -- albeit not necessarily at an attractive price. I am quite
likely to be mistaken on this -- my memory on the topic is very
sketchy, as demonstrated by the fact that I didn't realize the
government can patent things (although I was right on copyrights.)

Perry





From f_griffith at ccsvax.sfasu.edu  Fri Jun  3 08:44:24 1994
From: f_griffith at ccsvax.sfasu.edu (f_griffith at ccsvax.sfasu.edu)
Date: Fri, 3 Jun 94 08:44:24 PDT
Subject: no subject (file transmission)
Message-ID: <9406031544.AA09336@toad.com>


   Date: Thu, 2 Jun 1994 17:58:38 -0700
>   From: nobody at shell.portal.com
>
>   Attn Pr0duct Cypher
>   -----BEGIN PGP MESSAGE-----
>   -----END PGP MESSAGE-----
>
>Now that's an interesting idea for contacting people anonymously.

However, it would have been kinder to the rest of the list members
to put Attn Pr0duct Cypher in the subject. 






From wcs at anchor.ho.att.com  Fri Jun  3 09:02:51 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 3 Jun 94 09:02:51 PDT
Subject: more info from talk at MIT yesterday.
Message-ID: <9406031601.AA22878@anchor.ho.att.com>


> Bill Sommerfeld says:
> > They also had a comment that they considered Blaze's findings to be
> > mostly irrelevant, as the only people who would use it would be
> > persons who *didn't* trust the escrow system, but *did* trust the
> > algorithm...

Defense Messaging System is supposedly going to use Skipjack,
so I assume it's reasonably secure - and if there *are*
NSA-only backdoors in the algorithm, at least they won't
be admitting it to your neighbor hood cops and FBI wiretappers,
so you'd have to be an *interesting* suspect to get cracked.

		Bill
		





From wcs at anchor.ho.att.com  Fri Jun  3 09:21:11 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 3 Jun 94 09:21:11 PDT
Subject: Black Eye for NSA, NIST, and Denning
Message-ID: <9406031620.AA23064@anchor.ho.att.com>


Perry writes:
> > However, it can be done in advance, and you can conceivably reuse
> > forged LEAFs.
> 
> I will point out something that I didn't quite understand myself but
> have since discussed with Matt Blaze in some detail -- LEAF checksums
> are tied to session keys. You CAN do this in advance but only if your
> key exchange will permit you to generate your session keys in advance, too
> Obviously, reusing forged LEAFs requires reusing session keys.

More precisely, as Steve's summary pointed out, it's tied to the IV,
which is tied to the session key.  (It makes sense - assuming the 
descriptions of the LEAF contents are true, the only session key
component in the LEAF itself is encrypted with the chip-unique backdoor key,
and tying it to the IV accomplishes key-dependence, though they could
also use the session key externally from the LEAF.)

Unfortunately, most Clipperphones will probably use Diffie-Hellman 
key exchange, since it reduces or eliminates the need for prearranged
public-key management (depending on whether they're using radio or
a medium that can be actively wiretapped), so precomputation will generally
not be usable.  I suppose some crude Diffie-Hellman implementations
might always use the same half-key for every conversation,
rather than generating a random one each time, and you could
precompute session keys for talking to them.

For email applications, however, most standards will probably use
sender-generated session keys, so it would be simple enough to
make secure Tessera mailers if you don't worry about 
subliminal channels in the hash.

		Bill
		





From smb at research.att.com  Fri Jun  3 09:22:07 1994
From: smb at research.att.com (smb at research.att.com)
Date: Fri, 3 Jun 94 09:22:07 PDT
Subject: more info from talk at MIT yesterday.
Message-ID: <9406031622.AA10011@toad.com>


	 > Bill Sommerfeld says:
	 > > They also had a comment that they considered Blaze's findings to b
	e
	 > > mostly irrelevant, as the only people who would use it would be
	 > > persons who *didn't* trust the escrow system, but *did* trust the
	 > > algorithm...

	 Defense Messaging System is supposedly going to use Skipjack,
	 so I assume it's reasonably secure - and if there *are*
	 NSA-only backdoors in the algorithm, at least they won't
	 be admitting it to your neighbor hood cops and FBI wiretappers,
	 so you'd have to be an *interesting* suspect to get cracked.

Not only that, there have been too many spies found in the various
intelligence agencies for them to risk such a thing.





From perry at imsi.com  Fri Jun  3 09:24:33 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 09:24:33 PDT
Subject: more info from talk at MIT yesterday.
In-Reply-To: <9406031601.AA22878@anchor.ho.att.com>
Message-ID: <9406031624.AA04363@snark.imsi.com>



bill.stewart at pleasantonca.ncr.com +1-510-484-6204 says:
> Defense Messaging System is supposedly going to use Skipjack,
> so I assume it's reasonably secure - and if there *are*
> NSA-only backdoors in the algorithm, at least they won't
> be admitting it to your neighbor hood cops and FBI wiretappers,
> so you'd have to be an *interesting* suspect to get cracked.

Indeed -- let us recall that Coventry was bombed into ruins rather
than reveal that the Brits could read German codes in WWII.

Perry





From sidney at taurus.apple.com  Fri Jun  3 09:30:14 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Fri, 3 Jun 94 09:30:14 PDT
Subject: Faster way to deescrow Clipper won't work
Message-ID: <9406031629.AA13941@federal-excess.apple.com>


Perry answered most of my questions with the new information that the
checksum is a function of the IV and session key. That still leaves one big
one unanswered: Doesn't the Clipper chip at the other end of the message
have to compute and send a LEAF too? Otherwise there would be no way for
the wiretappers to identify it. And that LEAF will contain the proper
session key unless both ends are using the same hack.

Also, what does Clipperphone have that the Tessera board doesn't which
keeps this hack from working? Is enough known about the workings of the two
so that someone could build a computer-based telephone using Tessera that
would be compatible with Clipperphone yet use this hack?

 -- sidney <sidney at taurus.apple.com>








From wcs at anchor.ho.att.com  Fri Jun  3 09:47:33 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 3 Jun 94 09:47:33 PDT
Subject: Faster way to deescrow Clipper
Message-ID: <9406031646.AA23374@anchor.ho.att.com>


Sidney Markowitz writes:

> If that's the case, then 1) How does the second chip find out what the
> session key is? 
That's a separate protocol issue; Clipper doesn't do any key exchange
itself, though Capstone does.  Unless manufacturers are bullied/bribed into
using a standard implementation, everyone will probably roll their own.

> 2) Doesn't the second chip also have to generate and send a
> LEAF, if for no other reason than to identify itself to the wiretappers,
> and if so won't that give away the session key if that chip's device is not
> also hacked? 

If you use the same session key for both directions of the conversation,
which most Clipperphones probably will, then yes, it's true.
That means you can only have private conversations with other people who 
also care about privacy, which is somewhat appropriate.

On the other hand, a big use of Clipper is traffic analysis,
and Matt's method *will* prevent them from getting your Clipper
serial number from your conversations, though they'll get the number
for the other end if they're not also hacking LEAFs.
That can be a big win, especially if the other end is a well-known person,
like your local cellphone provider or president at whitehouse.gov.
However, one danger of doing this for cellphone calls is that they
might notice that calls from your cellphone keep having different LEAFs,
and suspect that you're a Potential Troublemaker.

3) If all that is needed for this hack is a LEAF with a proper
> checksum, why go through the brute force method of generating random LEAFs?
> Why not just buy (or steal or whatever) another Clippered device that you
> never use for real communication so the wiretappers have no record of who
> has that serial number, and get LEAFs from it?  For that matter, why can't
> you obtain one LEAF from listening to anybody's Clippered transmission and
> use it over and over again?

The LEAF depends on the IV for the session, which depends on the session key.
Therefore, it's probably different for each call; otherwise you *could*
just reuse someone else's LEAF.  (This should be obvious,
but I wasn't thinking about it when I first read Matt's paper,
though the "but the IV will be wrong so that won't work" had been
a sufficient distraction for many of us when CLipper first came out.)

Remember that they don't record Clipper chip keys when you buy your
Clipperphone - otherwise stealing one would be effective.
They record the chip-unique backdoor keys when they make the chip,
so they can tap *any* conversation they hear without needing to
keep track of who owns what phone.  

On the other hand, for cellphones, it's *real* easy to find out who
uses a given chip, since the phone call setup protocols tell them
what phone it's coming from, and they _can_ look that up with the
phone company, so they can easily do that correlation.  (If the Clipper
chips are socketed, you could always swap them for occasional 
more-paranoid-but-still-tappable calls, but that would probably just 
annoy them.)

			Bill





From Eric_Weaver at avtc.sel.sony.com  Fri Jun  3 09:52:23 1994
From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver)
Date: Fri, 3 Jun 94 09:52:23 PDT
Subject: more info from talk at MIT yesterday.
In-Reply-To: <199406031357.JAA00376@localhost>
Message-ID: <9406031652.AA10205@sosfc.avtc.sel.sony.com>


   Date: Fri, 3 Jun 1994 09:57:36 -0400
   From: sommerfeld at localhost.medford.ma.us (Bill Sommerfeld)

   They [The NSA] also had a comment that they considered Blaze's
   findings to be mostly irrelevant, as the only people who would use
   it would be persons who *didn't* trust the escrow system, but *did*
   trust the algorithm...

					   - Bill

OOOooooo.  I think this means one had better use superencryption of
one kind or another with Clipper at all times.  Pardon me if this
is redundant, but has anybody done any differential analysis of, say,
DES (or 3DES) under Clipper, to see if it weakens?






From wcs at anchor.ho.att.com  Fri Jun  3 10:04:50 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 3 Jun 94 10:04:50 PDT
Subject: Faster way to deescrow Clipper
Message-ID: <9406031703.AA23517@anchor.ho.att.com>


> >   ...not be able to decrypt the communications, but they still get your ID.
> >"your ID"?  You mean your phone's ID.  Goodness gracious, if you were
> >a criminal, you wouldn't go out and steal someone else's Clipper
> >phone, would you?  Let's not get too high tech here, just because we
> >have the ability.
> 
> Or you could just steal someone else's LEAF, by keeping a copy of it, and use
> that for spoofing.  Then you could have a valid IV too...

The IV is session-dependent, and both ends generate it.
We don't know where in the LEAF the chipid is, but if they
use a fixed format and don't do a key-dependent permutation of the LEAF bits,

it shouldn't be hard to figure out (unless the checksum comes first
and they use a block-chaining encryption, in which case you know you lose.)

That would let you create rogue LEAFs with known users' chipids,
which would be interesting - does anyone want to make 65536 calls to
clipperphone at whitehouse.gov :-) ?  (Yeah, it's not quite that simple.)
(If you do need a lot of data, cellphones are a good source,
since the cellphone operators' chipids are likely to be wellknown, 
though rapidly tapped.)

Paranoid-speculation-mode: Of course, if you can forge LEAFs with
their chipid, they can forge LEAFs with yours, which could be used
to manufacture interesting evidence....

			Bill





From perry at imsi.com  Fri Jun  3 10:12:16 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 10:12:16 PDT
Subject: Faster way to deescrow Clipper
In-Reply-To: <9406031703.AA23517@anchor.ho.att.com>
Message-ID: <9406031712.AA04494@snark.imsi.com>



bill.stewart at pleasantonca.ncr.com +1-510-484-6204 says:
> We don't know where in the LEAF the chipid is, but if they
> use a fixed format and don't do a key-dependent permutation of the LEAF bits,
> it shouldn't be hard to figure out (unless the checksum comes first
> and they use a block-chaining encryption, in which case you know you lose.)
> 
> That would let you create rogue LEAFs with known users' chipids,
> which would be interesting -

The defect in this notion that the LEAF is encrypted with the family
key, which is not public knowledge. The mode that this encryption is
performed in is not public knowledge, either.

Perry





From wcs at anchor.ho.att.com  Fri Jun  3 10:13:12 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 3 Jun 94 10:13:12 PDT
Subject: News Flash: Clipper Bug?
Message-ID: <9406031711.AA23606@anchor.ho.att.com>


> > [ discussion of chip operations ]
> 
> Where did you get the information about the internals?
> I've seen no references at all.

Back when Clipper was first announced, you could call up Mykotronx and 
ask them for data sheets on the chip.  Don't know if they're still
giving them out or not.





From smb at research.att.com  Fri Jun  3 10:22:03 1994
From: smb at research.att.com (smb at research.att.com)
Date: Fri, 3 Jun 94 10:22:03 PDT
Subject: Ultra and Coventy
Message-ID: <9406031721.AA10925@toad.com>


Perry wrote that the British let Coventry be destroyed lest Ultra
be revealed.  Kahn doesn't believe that.  From ``Kahn on Codes'', p. 110:

	Nor, to debunk another story, did Churchill let Coventry
	be destroyed because he believed that defensive measures
	would risk the secret of ULTRA.  Critical analyses of
	documents show that this is pure myth.

The footnote cites F.H. Hinsley with E.E. Thomas, C.F.G Ransom, and
R.C. Knight, ``British Intelligence in the Second World War:  Its
Influence on Strategy and Operations'' (London, 1979- ), I:528-48;
N.E. Evans, ``Air Intelligence and the Coventry Raid'', Royal United
Services Institution Journal (September 1976), 66-73.  I don't have
access to either of those publications, so I can't assess that further.





From wcs at anchor.ho.att.com  Fri Jun  3 10:22:38 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 3 Jun 94 10:22:38 PDT
Subject: Faster way to deescrow Clipper
Message-ID: <9406031721.AA23784@anchor.ho.att.com>


> The defect in this notion that the LEAF is encrypted with the family
> key, which is not public knowledge. The mode that this encryption is
> performed in is not public knowledge, either.

Yeah, that was brain damage on my part.  My basic idea was that it
is possible, for some chaining methods, to find out where in the
LEAF the chipid is by watching what changes when you vary the keys and
the chipids used, even if you *don't* have the Family Key or know
the encryption mode, but the set of modes and component orders for
which that works is more limited than I first thought.
There are still some that work, though.

		Bill





From koontzd at lrcs.loral.com  Fri Jun  3 10:31:20 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Fri, 3 Jun 94 10:31:20 PDT
Subject: Faster way to deescrow Clipper
Message-ID: <9406031730.AA19390@io.lrcs.loral.com>


>From: sidney at taurus.apple.com (Sidney Markowitz)
>
>Could someone please enlighten me on this: It seems from the descriptions
>of the hack to fake a LEAF that 1) When two Clipper chips are going to
>communicate, one of them generates the session key and sends a LEAF to the
>other chip, 2) The second chip recognizes the LEAF as being valid based on
>the validity of the checksum, but does not determine the session key from
>the LEAF.

The session key encoded with the unit key in the Law Enforcement Access Field
is not recoverable.  The unit key is only contained within the orignating
clipper chip, and within the two escrowed key portions.

>If that's the case, then 1) How does the second chip find out what the
>session key is?

An external key exchange in performed.  In the case of AT&T TSD 3600s the
key is negotiated between them blindly.

>                 2) Doesn't the second chip also have to generate and send a
>LEAF, if for no other reason than to identify itself to the wiretappers,
>and if so won't that give away the session key if that chip's device is not
>also hacked?

FIPS Pub 185 requires that clipper phones adhere to a protocol not contained
within the FIPS, and requires transmission of the LEAF.

>              3) If all that is needed for this hack is a LEAF with a proper
>checksum, why go through the brute force method of generating random LEAFs?
>Why not just buy (or steal or whatever) another Clippered device that you
>never use for real communication so the wiretappers have no record of who
>has that serial number, and get LEAFs from it? For that matter, why can't
>you obtain one LEAF from listening to anybody's Clippered transmission and
>use it over and over again?

Using a constant unit ID even if the session key is not recoverable, still
leaves you open to traffic flow analysis.  Using a LEAF from another
clipper chip still identifies you (or serves to flag interest).  It would
be a wise to assume that the adversary routinely decodes all LEAFs crossing
their purview, recovering unit IDs.  (Which would at least flag a lot of
counterfeited LEAFS, were ID ranges or (as in IP) prefixes used.)





From ghio at cmu.edu  Fri Jun  3 11:25:23 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Fri, 3 Jun 94 11:25:23 PDT
Subject: Anonymous Remailers
Message-ID: <9406031824.AA11675@toad.com>


Usura at vox.hacktic.nl wrote:
>>> Has anyone had any experience chaining from a Cypherpunk-style
>>> remailer to anon.penet.fi?  Can a "::" separator be used
>>> successfully, or which format will work?
>>
>>I think it can be done...
>
>I know it can be done...

Well, some of the remailers will only send to naxxx at anon.penet.fi  I think
remailer at chaos.bsu.edu requires this.


Jeff Davis <eagle at deeptht.armory.com> wrote:

> Today I used the catalyst at netcom.com remailer to send an anonymous
> contribution to a list.  They're raising hell about anonymity in their
> list, but that's beside the point.  The message also showed up on a
> seperate beta test list.  I assume this was done manually by
> <mcstout at netcom.com> bouncing the message to the other list, since he
> is the sigular person on the planet subscribed to both lists.  mcstout
> has been a quite vocal detractor of my catalyst contributions to the
> other list.  I thus strongly suspect manual sabotage.  There was no
> flaw in the Request-Remailing-To: adress.
>
> Could someone please confirm that this was not a quirck of the remailer?

Try checking the headers to see what site it came from.





From koontzd at lrcs.loral.com  Fri Jun  3 11:31:18 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Fri, 3 Jun 94 11:31:18 PDT
Subject: Faster way to deescrow Clipper
Message-ID: <9406031829.AA19412@io.lrcs.loral.com>


>From: "Perry E. Metzger" <perry at imsi.com>
>
>Mike Ingle says:
>
>An interesting idea.
>
>> The LEAF would look good unless you tried to decrypt the
>> session key. The wrong-IV problem would remain. The NSA should have
>> designed the Clipper so that, if the IV was wrong, the chips would not
>> accept the LEAF.
>
>That can't be done, I'm afraid. Its way to difficult to distinguish a
>bad IV from line noise nuking the first block of your CBC
>conversation.

I used to work on NSA cryptographic equipment.  One of characteristic of
a system designed to use crypto is the ability to detect crypto sync.

If you have access to the control program (which you would if faking
LEAFS), you would tend to throw out the first block.  The difficulty is
that the DE (distant end) ain't necessarily smart enough to do so (assuming
it has not been modified), and is more than likely looking for a passed data
value (typically a sync symbol) to determine the state of crypto
synchronization.  Were the system consuming data from the enciphered link
properly prepped, it is possible that it would ignore garbage (Assuming the
damaged decrypted first block did not contain the sync), while awaiting
a synchronization indicator.

Most duplex crypto systems use some variant of End Around Prep (EAP),
where the receive data path is used to determine whether crypto synch is
acheived by looking for a constant mark or space, or idle character.  When
the receiver does not provide the proper value the transmit side is knocked
down, the DE receive notices and restarts its transmit.  A data value is
passed through the loop to tell the system to go to operate mode.   Such
functions are generally predicated on having crypto  - and the data system for
which it provides a link, separate.

The point being that a communications system that you can't modify
both ends of may not be able to accept a garbled first block.  Not to mention
that OFB is probably a lot more prevalent for voice applications.







From perry at imsi.com  Fri Jun  3 11:40:42 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 11:40:42 PDT
Subject: Faster way to deescrow Clipper
In-Reply-To: <9406031829.AA19412@io.lrcs.loral.com>
Message-ID: <9406031840.AA04734@snark.imsi.com>



David Koontz says:
> I used to work on NSA cryptographic equipment.

So you've said. However,
1) If you had, anything interesting you could say would be classified,
   you'd have a clearance, and you'd go to jail for mentioning it.
2) you've shown every sign of being fairly clueless. 

I'll point out as an example the fact that you don't understand
initialization vectors, and this gem:
> If you have access to the control program (which you would if faking
> LEAFS),

Huh? Have you been paying attention? I have no idea what on earth the
"control program" is, but Matt's work certainly has nothing to do with
any such thing...

And this gem:

> The difficulty is
> that the DE (distant end) ain't necessarily smart enough to do so (assuming
> it has not been modified), and is more than likely looking for a passed data
> value (typically a sync symbol) to determine the state of crypto
> synchronization.

Ahem. What the hell are you talking about? Tessera has no concept of
"crypto synchronization" or the detection thereof.

.pm





From VACCINIA at UNCVX1.OIT.UNC.EDU  Fri Jun  3 11:47:07 1994
From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU)
Date: Fri, 3 Jun 94 11:47:07 PDT
Subject: LEAF forgery
Message-ID: <01HD3Y2AJFOY0046AF@UNCVX1.OIT.UNC.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

I wrote about a possible trapdoor in Skipjack to which Perry replied:

>Your belief is without evidence. It is a supposition. I'd say the NSA 
>has a lot to lose by putting holes in Skipjack.

How true, yet the NSA also had a lot to lose by putting out a flawed 
backdoor in Skipjack which essentially negates much of this features (LEAF)
value. They did so none the less. In addition, I remember the comments 
of Stuart Baker; the audacity was typical of an organization which would
put in just such a hole and smugly disbelieve that anyone would find out.
In addition, it is possible that the agency is not alarmed about their LEAF
problems because they don't need to use it. Of course, even if the whole
algorithm was compromised I don't think they would show alarm outwardly. The 
possibilty is still there.

Since one does not know the Skipjack design, a belief that it does not 
contain a trapdoor is without evidence and also a supposition. My contention
is that the NSA is cocky enough to disregard the consequences of putting
holes in Skipjack. 

>None the less, I wouldn't use Skipjack, because I don't trust things I
>don't know the design of.

Me neither, and randomly generating new LEAF fields would not give me 
comfort as to the security of my transmissions. Which is the main point
here in my mind.

Scott G. Morham            !The First,
VACCINIA at uncvx1.oit.unc.edu!          Second  
PGP Public Keys by Request !                and Third Levels 
                           !      of Information Storage and Retrieval
                           !DNA,
                           !    Biological Neural Nets,
                           !                           Cyberspace


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLe92xz2paOMjHHAhAQHaUwP/T+Di/N7ej8pfW7jKJJHmV8CTfJaYkYgt
ejB2M+QTs23i+6AdT6yiSfs+cGXz19F/eHiNtvemJyYujnyXP8EjxeqkhCIjtu+/
ZkF9dBWSC6V1Xj7MycPZbG8lgv7EY57nnVDU7smv42xbRx9Co9qYF9zRdhe0WRZc
Hdzm4YP+8Bw=
=T1Tz
-----END PGP SIGNATURE-----





From perry at imsi.com  Fri Jun  3 11:52:51 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 11:52:51 PDT
Subject: IVs and synchronization
Message-ID: <9406031852.AA27251@webster.imsi.com>


Just in case it confuses people, when you are doing Matt's general
attack that interoperably works with non-rogue systems, you find via
exhaustive search a LEAF that corresponds to your selected
Session Key/IV pair. IV synchronization problems only show up if you
are using the less general "feed the LEAF back to the same processor"
trick.

Perry





From perry at imsi.com  Fri Jun  3 12:05:29 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 12:05:29 PDT
Subject: LEAF forgery
In-Reply-To: <01HD3Y2AJFOY0046AF@UNCVX1.OIT.UNC.EDU>
Message-ID: <9406031904.AA04786@snark.imsi.com>



VACCINIA at uncvx1.oit.unc.edu says:
> >Your belief is without evidence. It is a supposition. I'd say the NSA 
> >has a lot to lose by putting holes in Skipjack.
> 
> How true, yet the NSA also had a lot to lose by putting out a flawed 
> backdoor in Skipjack which essentially negates much of this features (LEAF)
> value. They did so none the less.

All the evidence is that it was an accident. You contend, without
evidence or even a rational reason, that they did it intentionally.

I'm not a conspiracy theorist. I operate on evidence and the
assumption that people behave in their self interest. NSA had nothing
to gain by sabotaging their own efforts in this manner. Even if they
had another back door it is worth their while to make the public back
door as good as possible. The notion that they would have done it
badly intentionally for no reason when doing it well would be easy is
at the very least without evidence or even rational suspicion.

What would they possibly have to gain via such an act?

> In addition, it is possible that the agency is not alarmed about their LEAF
> problems because they don't need to use it.

They may be able redesign the system before widespread deployment.
Its also in their interest to play mistakes down. How do YOU know they
aren't really embarassed?

Perry





From rishab at dxm.ernet.in  Fri Jun  3 12:15:35 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Fri, 3 Jun 94 12:15:35 PDT
Subject: PGP 2.6 hoax by Sternlight
Message-ID: <gate.k98cNc1w165w@dxm.ernet.in>


Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU:
> The pgp26-RSAREF_3.0_beta.tar.gz file is not real.  From some other
> post, it seems this came from the site in Italy that I mentioned awhile
> back.  They have removed the file from there.  It is a lot of bytes
> for a joke.  It should probably be removed from soda too.
> ...
> [Sternlight ASCII art]

I was surprised to see that this file was owned by "strnlght" on the Italian
site. Anyway, the file has been removed from the Italian site, and its
replacement, pgp26.zip, is real. (I haven't checked the sig, but the contents
seem ok, at least ;-)



--------------------------------------------------------------------------
Rishab Aiyer Ghosh                                     rishab at dxm.ernet.in
Voicemail +91 11 3760335; Vox/Fax/Data 6853410
H-34C Saket New Delhi 110017 INDIA

The National Fairness to Game Animals Association says:
                                          Support your right to arm bears!
--------------------------------------------------------------------------





From 0006368931 at mcimail.com  Fri Jun  3 12:29:01 1994
From: 0006368931 at mcimail.com (Mark Voorhees)
Date: Fri, 3 Jun 94 12:29:01 PDT
Subject: more info from talk at MIT yesterday.
Message-ID: <40940603192704/0006368931PK2EM@mcimail.com>


>Since when can the government patent its work? I thought that works
>produced by government agencies could not be copyrighted or patented.

No. The patent on the digital signature algorithm, the basis of the new
digital signature standard, for example, is held by NIST.





From edgar at spectrx.sbay.org  Fri Jun  3 12:45:23 1994
From: edgar at spectrx.sbay.org (Edgar W. Swank)
Date: Fri, 3 Jun 94 12:45:23 PDT
Subject: News: SecureDrive 1.3d
Message-ID: <Fa1cNc5w165w@spectrx.sbay.org>


-----BEGIN PGP SIGNED MESSAGE-----

Maintenance:

The original FPART 1.3d was not updated to check for 1.3d-level
SECTSR loaded.  It would run without SECTSR loaded.  I have
distributed now FPART13D.ZIP, which contains a replacement
FPART executable, source, and signature.

 Length  Method   Size  Ratio   Date    Time    CRC-32  Attr  Name
 ------  ------   ----- -----   ----    ----   -------- ----  ----
   4346  DeflatX   1717  61%  05-05-94  06:00  8ab67f77 --w-  FPART.C
  15452  DeflatX   9798  37%  05-05-94  06:01  bae1a9d8 --w-  FPART.EXE
    152  Stored     152   0%  05-14-94  23:10  7cc1bfdc --w-  FPART.SIG


FPART13D.ZIP is now available for download on the
following public BBS's.

  Eagle's Nest         (408)223-9821
  Flying Dutchman      (408)294-3065
  Catacombs BBS        (303)938-9654  (unverified)

It is also available from a mailserver in Texas.  Send mail to

Server at Star.Hou.TX.US

with body text that looks like this

get /files/public/fpart13d.zip
quit

This file is also available via FTP from netcom.com

ftp.netcom.com:/pub/mpj/I_will_not_export/crypto_???????/secdrv/fpart13d.zip
(See ftp.netcom.com:/pub/mpj/README.MPJ for the ???????)

Note the file SECDR13E.ZIP in this same NETCOM directory is just SecureDrive
1.3d with the new FPART modules.  The internal modules all still call
themselves 1.3d.  Furthermore, this ZIP file is incomplete, but all
the files except a trivial part of READ.ME can be retrieved after
processing the file with PKZIPFIX.

I haven't been able to verify if csn.org also contains FPART13D.ZIP.

Also note that the ZIP files contain PGP detached signatures (*.SIG)
for the executable files.

Documentation:

"Heavy" SecureDrive user, Duncan Frissell <frissell at panix.com>,
offers the following update to running SecureDrive under Windows:

Ordinarily, PGPPASS will not be available to DOS programs run under
Windows but if you use the Windows virtual device driver EDOS
(Extended DOS) PGPPASS will work in DOS windows.

EDOS  --- Enhanced DOS for Windows

Mom's Software
Box 449. 391 So. Pacific Street
Rockaway, Oregon 97136

503-355-2281 Voice

EDOS is Shareware.

Note:  Windows 3.1 and Windows For Workgroups 3.11 allow you to enable
32-bit disk access in the Virtual Memory/Windows Swapfile menu under
the 386 Enhanced section of the Control Panel.  In addition, Windows
for Workgroups 3.11 allows you to enable 32-bit file access in the
same menu.  You will be able to read a logged in SecureDrive partition
with 32-bit disk access enabled but *not* with 32- bit file access
enabled in Windows for Workgroups 3.11.
[end]

Finally here is my (Edgar's) public key, also available on many public
keyservers; note who has signed it.  Also note that my only correct
address is the sbay.org one.  The saigon address is no longer valid.

Type bits/keyID     Date       User ID
pub  1024/DA87C0C7 1992/10/17  Edgar W. Swank <edgar at spectrx.sbay.org>
sig       4AAF00E5               David Del Torto <ddt at lsd.com>
sig       08B707C5               Anton Sherwood <dasher at netcom.com>
sig       32DD98D9               Vesselin V. Bontchev <bontchev at fbihh.informatik.uni-hamburg.de>
sig       34D74DC1               Peter Simons <simons at peti.GUN.de>
sig       DA87C0C7               Edgar W. Swank <edgar at spectrx.sbay.org>
                               Edgar W. Swank <edgar at spectrx.saigon.com>
sig       3245BF5D               Jeremy S. Anderson <jeremy at cctwin.ee.ntu.edu.tw>
sig       08B707C5               Anton Sherwood <dasher at netcom.com>
sig       4AAF00E5               David Del Torto <ddt at lsd.com>
sig       32DD98D9               Vesselin V. Bontchev <bontchev at fbihh.informatik.uni-hamburg.de>
sig       FF67F70B               Philip R. Zimmermann <prz at sage.cgd.ucar.edu>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQCNAirfypkAAAEEAKe2jziPeFw6hY19clR2GtQ4gtGCSSVOTgPKEJzHfuC74Scf
9PEuu1kebLhHk43A9wo1vr52o4jpH/P/tnFmRtBQOMzLUzAt5rMucswtSVviMQS2
hBuc9yGJKWHVcyfA79EARKEYTdhx+2qKI+hFJcPE+rmD8wVoF94nNf3ah8DHAAUR
tCdFZGdhciBXLiBTd2FuayA8ZWRnYXJAc3BlY3RyeC5zYmF5Lm9yZz6JAJUCBRAt
1dNBocE4X0qvAOUBAQdhA/kB2vTXCIjZGtOw/bC6gOTHnMPBVTQeXHIZ3BZ4xYRd
MfdKsxN3gTezOI8QixQoHzhvNGB02fB5EdB8+Ulw9kn08AR2b+mTwkgeNtlytvNZ
52E7UpWEVtznxlGeiwRMbOFIaGKJFsGXFSRw3F89ZqoUnoeRvRgL0kJIQOZCLF62
ZYkAlAIFEC2o/S8YM6FlCLcHxQEBHcsD9i0o2d7Q2rsG/iRRwapxGKQbHPxgQXCB
6MLVNDEa3c/png8r2PA9cOeRcwx2xY/XxNuZo7lHXNp/j5xwYhooq+yTBJIL8DZq
W99QT8+c05vw7M1UCEpy7NT1exkMzoVR/Y3jKbIa4X1tX1ZrdmoozxW0T3DwCcCZ
7dR26eZXlx2JAJUCBRAtmw+uNlaXxjLdmNkBAULKA/4wqdMn2GCApAq+5kJT+iJm
LvVeNZj0JVjWspGDcd+1cjCK9XWVTATVtRAfWbDukoJ2wNzNuz7gbqVHHcrV7nvc
Qt3KUsxWRyahREklc75PtXBm0PKpr5TNTM2J/Kql28GXQQyL+PHawTDQVE8ybCPj
+WUgK5qd1o/2QPxnb4EAmYkAlQIFEC2bGrAPRy9bNNdNwQEBhLAD/3vWoDu4msz4
YA8BcnfuovI0ApDL5ekSu447ByXgIcqNRe4oDtGdvrqXvJhpyuj5t7vVDGtzgQE0
jU8H6u+Ocpj1nBlOXL36DASSaJuLErByNCzqTaGVya5WGxmK2m+pKS6UVIXitF2t
GxrKu+Pdp3rkv3oPHTWVgFT5eGRvfJIKiQCVAgUQLZj0qd4nNf3ah8DHAQFrQwP+
OeVHrxlNzhC+SxfttzIUC3g+VALuM6gv8b+cyxl0tlkwi6H9G8qmPh9nr2ppQZR5
jHUhubfsek/QGi88UwOfuRPdh+ZDl/rU4kMcXvdYGT9clOLjzXmcLM7y9v8F4mFL
sNtvFN2qWLsqne6hUI7EFn2ea/8ujdm7eoNlq7t8Cyu0KUVkZ2FyIFcuIFN3YW5r
IDxlZGdhckBzcGVjdHJ4LnNhaWdvbi5jb20+iQCVAgUQLAAAujTiKn8yRb9dAQGY
1AP/SNRWpPQsyhW/DtnPYVfJat0GfptGXIbF6pBaGKANdGKlnzbj98dsDa+RsBzM
RrLDxmnBFWaFY2zHFaGNgUiL3YpglsA/9chuv6sS5MiE8oooqG64YtRaF9eEIWW4
eOzcIDplDCdPiOe7U2UKRydYtsviS2q5vbMvCscI9R7fUvWJAJQCBRAr1jnTGDOh
ZQi3B8UBAc+sA/MFt/qVDLPBtTB3FrLMsOiHcfKCe6cuiiL7LPOIRVByE6BK3ewt
7YjXTwMvFOCn7bqUlhMBkH4aDwcbIH43PrbrcPReVVRdCL3/sJJHJ3xuFgV64U/A
XMc9ZmXIsMAiy5oR8GyanYMEuB9++FQKqKJZiY/2hr6s4D7kgdL7E3y0iQCVAgUQ
K5cyE6HBOF9KrwDlAQGoXQP+K0aEladxviotML5HAL6Z8Le70hGKR10pMqAvC3QK
rPW37eTQ0zspIMOR9ahRtQ6KpOqEdMsWNJPdXlaAVXJS1g2/eLDTtyYxySjv0HTg
4pOQ6ZlxJ0IQXy5bo7mJArSY6Ab9fkHSJp57/WjYnRriwJ3jb2flDTanxNyEUocz
cNyJAJUCBRArY+YsNlaXxjLdmNkBAQxGA/9ojDJpeuXhWjVqzT+2m2IfEFt/jJ48
peQjaQIxpMXo5iJuJ2SqlBzeQ7hs6SQ57LUcG8+nWlyteV3KDNZvILobulMyMB7P
foWyhOop0ws+AtJhOeT0prxf3o43sZxs7IhabhZ4zf7Ea0h3Oe35TiFFgQmQ/B4s
892mAcZr8CfOt4kAlQIFECsRFxzidd4O/2f3CwEBsmID/2qXL/VdjGxxYFNIZdA+
DC6howUXlHw66MUArILE2/9J69VvcpbQTKmD4A+04SwH9q8SDzWxsg+1VANuy08E
E0up9pm7ZBzrxkFcOydhsEwOt9fRn9EJ3tDNYe1SVoxV9Fc47of55Om7cTNrky0h
dp1LA13uf/TeV3nrBYa21zaz
=88H8
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLe7bB94nNf3ah8DHAQH8IQQAmqUpS3pCl1ByhKebRbp5ingyuk4WFkY0
T57ugOcVALqfmI7L1Cju/Hz6RkrJPrmfNqVmjY55XgXbrteZ8sXJ6ZS+wSsxP281
hRSTe83oaBN/JJXNc7rUkzkv6pUvWzzdE6ngj07PSIM0uOnm6HnNhrz+Md14l4vG
04LBE5T0DPw=
=qpRY
-----END PGP SIGNATURE-----

--
edgar at spectrx.sbay.org (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Cupertino, Ca






From edgar at spectrx.sbay.org  Fri Jun  3 12:45:44 1994
From: edgar at spectrx.sbay.org (Edgar W. Swank)
Date: Fri, 3 Jun 94 12:45:44 PDT
Subject: digital clearinghouse idea
Message-ID: <6B1cNc9w165w@spectrx.sbay.org>


-----BEGIN PGP SIGNED MESSAGE-----

Eric Hughs said,

    If you use the ACH system, you can't pre-authorize sporadic payments
    for arbitrary amounts.  ...

Not true.  Counter-example:  I recently authorized automatic (ACH)
payments from my bank account to pay my Discover Card (tm) bills.
These are both sporadic (some months may have no purchases) and in
varying amounts, usually a few hundred dollars, occasionally a few
thousand.

Personal note:  This feature of DC is especially valuable, since they
tend to have a short billing cycle and send their statement around the
middle of the month, too late to pay with all the other monthly bills.
The automatic payment is scheduled -after- the time limit for normal
payments, at the start of the next billing cycle (but still no finance
charge).

DC does not publicize this option. You have to call them & ask about
it.

ACH also pays my PG&E bill, which is not sporadic, but (obviously)
does vary in amount. Same with the water bill.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLe9z1N4nNf3ah8DHAQH3pQQAknjEoByxvF5XGQYrUvOq6Tdw4agBqPzD
THbC2JQaJJ0jRUVu7wvW/oU381MlTRIKU5EsR32pJb1qu0lARUbbxint1Atn4Ini
e8TBfKR49WX5cNVrbpKVYMrMCLTv5yWhA1RtasSggoTLHqm9XSq2NpK5LIiEtpPc
FUaYJ/2F2Pg=
=bFyB
-----END PGP SIGNATURE-----

--
edgar at spectrx.sbay.org (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Cupertino, Ca






From blancw at microsoft.com  Fri Jun  3 13:32:49 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 3 Jun 94 13:32:49 PDT
Subject: FW:  NSA Takes Over Healthcare Reform
Message-ID: <9406031934.AA14446@netmail2.microsoft.com>


From: Dr. David Chaos <dchaos at delphi.com>
Newsgroups: comp.org.eff.talk
Date: Fri, 3 Jun 94 02:07:20 -0500

June 3, 1994

NSA CLIPPER CHIP FAILS, AGENCY SETS SIGHTS ON HEALTHCARE

(ups) After the discovery of a fatal design flaw in the Clipper chip's
"crime-busting" LEAF system, NSA has shifted its focus to a "more attainable
goal, healthcare reform", said an anonymous government source.  "It appears
that President Clinton's healthcare reform package will likely result in
citizens, who can afford it, leaving the country for private healthcare
provided by foreign countries.  Based on this, NSA believes they have a clear,
jurisdictional mandate to develop healthcare policy." the source 
further stated.
"With NSA's technological superiority, we should have a system in place which
will prevent medical subversion within a few months.  Even the Bahamians will
be powerless to overcome it" said the source.

Despite objections from diverse medical organizations, the President supported
NSA's position that they are the most qualified to determine healthcare policy.
He further justified the agencies assertion that the details of the policy must
remain secret to prevent medical malingerers from abusing the system.  Secret
details of the policy, obtained by confidential informants, indicated that it
would be based on the "KneeCapstone" and the "Clapjack" algorithms.

An "independant" examination by the renowned doctor and cold-fusion
investigator, Dr. Staley Ponz, was recently conducted on the KneeCapstone
and Clapjack algorithms.  "These algorithms are totally and completely
malingerer proof...I really mean it, this time, honest!" said Dr. Ponz from
an undisclosed location in South America.

Further details on the plan will be forthcoming "real soon now" said government
policy advisor, Tyrone Shoelaces.

Reprinted, with permission, by,

Dr. David Chaos






From greg at ideath.goldenbear.com  Fri Jun  3 14:19:34 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Fri, 3 Jun 94 14:19:34 PDT
Subject: No compulsory licensing of patents in USA.
Message-ID: <m0q9gSS-0005GCC@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----


Perry Metzger writes:

> smb at research.att.com says:
> > Why can't they refuse to license a patent?

> I was under the impression that the law obligated you to license
> patents -- albeit not necessarily at an attractive price. I am quite
> likely to be mistaken on this -- my memory on the topic is very
> sketchy, as demonstrated by the fact that I didn't realize the
> government can patent things (although I was right on copyrights.)

- From "Intellectual Property: Patents, Trademarks, and Copyright in a
Nutshell", pp 12-13, Miller & Davis, West Pub., 1990. (not a particularly 
authoritative cite, but it ought to do)

"During the life of the patent, the owner has the complete right to 
determine who, if anybody, will have the right to use, make, or sell
the patented item, 35 USCA (s) 261, and to a more limited extent, how or
where it will be initially exploited. It is important to understand that
American law does not require the patentee to put the patent into use or
allow others to do so. The first requirement, of putting the patent into
use, is called 'working' the patent, a requirement with some historical
meaning and considerable foreign patent law significance. The second
requirement, of allowing others to use the patent, is called 'compulsory
licensing.' Like working, there is no absolute American requirement of
compulsory licensing, but other aspects of the law, especially antitrust,
may have the effect of obliging a patent owner to license others to use
the patent."


-----BEGIN PGP SIGNATURE-----
Version: 2.5

iQCVAgUBLe+bQn3YhjZY3fMNAQFMbQP/d6MuZtq87sbJIyZQaG05fMfvd2M0uCNP
hL18MTRCMAr+6esg5/QOsSwJ7Xd4XiRPFG3Dhq8U1Itl0zemcKd+5u0pxgAP3Dbu
GkNTDfk3x5TQMjzScchdkL7+V/yZ3G00GnH+kJwGdfIckJd/35nocN0KFVAle/28
Zi66/HIz3Sc=
=AnQK
-----END PGP SIGNATURE-----




From hughes at ah.com  Fri Jun  3 14:22:36 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 3 Jun 94 14:22:36 PDT
Subject: IMP (was Re: ecash-info (fwd))
In-Reply-To: <9406021641.AA02889@marvin.jta.edd.ca.gov>
Message-ID: <9406032131.AA09024@ah.com>


   > Transmitting card numbers electronically over the Internet can only
   > exacerbate that problem.

   Yes, if transmitted in the clear, PGP is legal now :-).  Vendors on the
   net need to be pushed to use encryption.

I'm not referring to the problem of sniffing credit card numbers off
the net.  I'm referring to the problem of credit card fraud by the
operation on the receiving end.  Even if the transmission is
encrypted, there's still risk.

Eric





From perry at imsi.com  Fri Jun  3 14:58:18 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 14:58:18 PDT
Subject: IMP (was Re: ecash-info (fwd))
In-Reply-To: <9406032131.AA09024@ah.com>
Message-ID: <9406032157.AA05381@snark.imsi.com>



Eric Hughes says:
>    > Transmitting card numbers electronically over the Internet can only
>    > exacerbate that problem.
> 
>    Yes, if transmitted in the clear, PGP is legal now :-).  Vendors on the
>    net need to be pushed to use encryption.
> 
> I'm not referring to the problem of sniffing credit card numbers off
> the net.  I'm referring to the problem of credit card fraud by the
> operation on the receiving end.  Even if the transmission is
> encrypted, there's still risk.

Eric is, of course, pointing out the fact that credit cards qua credit
cards are inefficient. (By the way, the transmitting end is also a
source of risk -- fraudulent possession of the card number is
possible.)

In general, you can't make credit cards secure by encrypting the
transmission of the numbers because the credit card mechanism has
inherent flaws irrespective of interception.

The only information needed to use the card is the card number.  Given
the card number, there is no restriction on how much of an account I
may draw. Stealing the (short) number, which must be communicated to
use the card, is the equivalent of stealing the account. The merchant
has no restrictions on how much he can draw other than the fact that
he'll be caught if he draws more than he says he will.

Fraud is naturally rampant, since it is childsplay to commit fraud. It
is a major cost of the system.

In even a primitive public key based system, there is no need to take
anyones word for anything, and no need to reveal the "key" to the
account in order to use it.

Perry






From an5877 at anon.penet.fi  Fri Jun  3 15:18:54 1994
From: an5877 at anon.penet.fi (deadbeat)
Date: Fri, 3 Jun 94 15:18:54 PDT
Subject: Black Eye for NSA, NIST, and Denning
Message-ID: <9406032148.AA09753@anon.penet.fi>



-----BEGIN PGP SIGNED MESSAGE-----

On the one hand, I applaud Dr. Blaze for the discoveries based on his
black-box analysis of the NSA product.  How fortunate to have him
working in a laboratory seeded with this gear.

On the other hand, I am amused at the "big deal" being made about such
a minor result.  This "protocol failure" exposes the NSA product to no
new threats.  If one's objective is to use SKIPJACK but to defeat key
escrow, pre-encryption is easier, conceptually simpler, and may be more
secure, depending on what is actually inside the SKIPJACK code.

I won't ask why the big deal is being made about all of this -- the
agenda surrounding Clipper and friends is clearly a political one, not
a technical one, so it is no surprise to hear even the technical voices,
i.e., this list, trumpeting Blaze's paper as though it were a dagger in
the heart of SKIPJACK.  But let's all acknowledge the technical weight
and importance of Blaze's result for what it is: minuscule.

DEADBEAT <na5877 at anon.penet.fi>

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQBFAgUBLe9KWPFZTpBW/B35AQEbdwGAmBpl2lBCtLkPN4QBruEEKsstCWWpIEGm
KMBK2YlxL5V9fnHRDn3RlRJT6Ji++7yd
=gIHN
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.





From adam at bwh.harvard.edu  Fri Jun  3 15:28:57 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Fri, 3 Jun 94 15:28:57 PDT
Subject: Black Eye for NSA, NIST, and Denning
In-Reply-To: <9406032148.AA09753@anon.penet.fi>
Message-ID: <199406032228.SAA19533@bwnmr7.bwh.harvard.edu>


deadbeat wrote:

| On the one hand, I applaud Dr. Blaze for the discoveries based on his
| black-box analysis of the NSA product.  How fortunate to have him
| working in a laboratory seeded with this gear.
| 
| On the other hand, I am amused at the "big deal" being made about such
| a minor result.  This "protocol failure" exposes the NSA product to no
| new threats.  If one's objective is to use SKIPJACK but to defeat key
| escrow, pre-encryption is easier, conceptually simpler, and may be more
| secure, depending on what is actually inside the SKIPJACK code.

	Actually, Blaze's work does nullify one important aspect of
Clipper that pre-encryption does not address, and that is traffic
analasis.

Adam


-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From perry at imsi.com  Fri Jun  3 15:41:46 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 3 Jun 94 15:41:46 PDT
Subject: Black Eye for NSA, NIST, and Denning
In-Reply-To: <9406032148.AA09753@anon.penet.fi>
Message-ID: <9406032241.AA05434@snark.imsi.com>



> But let's all acknowledge the technical weight
> and importance of Blaze's result for what it is: minuscule.

I'd love to see Mr. Deadbeat try to produce a similar result some
time. However, even beyond the raw intellectual achievement, Matt's
result is Pretty Good technically. He showed a major flaw in the
proposed escrowed encryption protocol that renders it pretty much
valueless. Deadbeat misses the boat when he notes you can pre-encrypt
-- with Matt's technique, I can actually interoperate with someone who
isn't attempting to avoid escrow. I'd like to see Deadbeat explain how
to manage that via any other method than the one proposed.

Perry





From thad at pdi.com  Fri Jun  3 15:43:15 1994
From: thad at pdi.com (Thaddeus Beier)
Date: Fri, 3 Jun 94 15:43:15 PDT
Subject: Black Eye for NSA, NIST, and Denning
Message-ID: <9406032240.AA09093@fulcrum.pdi.com>


To: cypherpunks at toad.com
Subject: Re: Black Eye for NSA, NIST, and Denning

DEADBEAT sez
>> I won't ask why the big deal is being made about all of this -- the
>> agenda surrounding Clipper and friends is clearly a political one, not
>> a technical one, so it is no surprise to hear even the technical voices,
>> i.e., this list, trumpeting Blaze's paper as though it were a dagger in
>> the heart of SKIPJACK.  But let's all acknowledge the technical weight
>> and importance of Blaze's result for what it is: minuscule.
>

The importance is that the current justification for Clipper is

1. The benevolent government wanted us to have very good encryption
    so they gave us SKIPJACK, but 
2. They didn't want to hurt themselves by giving away something that
    they couldn't crack.

The Clipper apologists have retreated from the "we are going to use this
to catch criminals" posture to "let's give the citizens good encryption that
doesn't hurt us".  PGP et al was a devastating answer to the first position,
so that is why they abandoned it.  Blaze's result destroys the current
justification, they are giving us good encryption that they can't break.

There is then no reason to push Clipper, unless it is fixed, of course.

thad
Thad Beier  Pacific Data Images  408)745-6755  thad at pdi.com







From sidney at taurus.apple.com  Fri Jun  3 15:43:46 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Fri, 3 Jun 94 15:43:46 PDT
Subject: Black Eye for NSA, NIST, and Denning
Message-ID: <9406032242.AA29671@federal-excess.apple.com>


DEADBEAT <na5877 at anon.penet.fi> says:

>If one's objective is to use SKIPJACK but to defeat key
>escrow, pre-encryption is easier, conceptually simpler, and may be more
>secure

Right now, you need to arrange things with another party if you are going
to have secure communication. If Clipper catches on the way the government
wants, you may be able to assume that someone you want to contact has an
encryption device compatible with yours. If Blaze's hack can be used by the
initiator of a communication to defeat key escrow without the cooperation
or knowledge of the other person, then Clipper will have made it more
difficult for law inforcement, since then criminals and other people with
privacy concerns will be able to have secure communication with people who
are not part of their pre-arranged secure communications system. That, the
defeat of traffic analysis, and the avoidance of the attention one could
draw by using non-LEAFed encrypted traffic, are the advantages of Blaze's
result.

 -- sidney <sidney at taurus.apple.com>









From paul at hawksbill.sprintmrn.com  Fri Jun  3 15:44:11 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Fri, 3 Jun 94 15:44:11 PDT
Subject: A black eye for whom?
Message-ID: <9406032346.AA20791@hawksbill.sprintmrn.com>


-----BEGIN PGP SIGNED MESSAGE-----
 
 
On Fri,  3 Jun 1994 21:48:53 UTC
 an5877 at anon.penet.fi (deadbeat) wrote -
 
> I won't ask why the big deal is being made about all of this -- the
> agenda surrounding Clipper and friends is clearly a political one, not
> a technical one, so it is no surprise to hear even the technical voices,
> i.e., this list, trumpeting Blaze's paper as though it were a dagger in
> the heart of SKIPJACK.  But let's all acknowledge the technical weight
> and importance of Blaze's result for what it is: minuscule.
 
 
Bullshit.
 
_Any_ pitfall in key escrow system or the Clipper technology itself
is far from "miniscule."
 
_______________________________________________________________________________
Paul Ferguson                         
US Sprint 
Enterprise Internet Engineering                    tel: 703.904.2437 
Herndon, Virginia  USA                        internet: paul at hawk.sprintmrn.com
 
-----BEGIN PGP SIGNATURE-----
Version: 2.6
 
iQCVAgUBLe+x15RLcZSdHMBNAQFgCAQAs6HdAdxs6wVnv2ScKd5cR9jVdz+rVyNn
gceOqi/BaOq8utu2lIPvO74qvMufCTycVBrSBPzFIZzfdzGKcwhmKIikpHMCy3f3
II1iM++P6+3HLzVGJUrTca7qMVS8H6fyPda7IufmYDOjqy8KEFfwwkoCXrnTBNY0
VHPYg2HYd3Y=
=yI2v
-----END PGP SIGNATURE-----
 
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6
 
mQCNAiuk0/8AAAEEALqlLc+x9lmgiJCRSpu/aPhQdi0hMjwiGlN2B/GJQqgZPhTb
pR+u5/blGogqT+WwcXZ2XfEdIV19FrJY4BXGGn4+4TjdVN3XuuCHuueoygBAmOQD
IloU6SJuDqJa0kFA5X/i/1ELn86I5+8A4Hx88FiYJIVUBR6SApRLcZSdHMBNAAUR
tCdQYXVsIEZlcmd1c29uIDxwYXVsQGhhd2suc3ByaW50bXJuLmNvbT60JVBhdWwg
RmVyZ3Vzb24gPGZlcmd1c29uQGljbTEuaWNwLm5ldD4=
=rtcO
-----END PGP PUBLIC KEY BLOCK-----





From rperkins at amtsgi.bc.ca  Fri Jun  3 15:52:17 1994
From: rperkins at amtsgi.bc.ca (Ryan Perkins)
Date: Fri, 3 Jun 94 15:52:17 PDT
Subject: Rperkins remailer
Message-ID: <m0q9i73-0001jOC@island.amtsgi.bc.ca>


Just a note to let you know that the rperkins remailer is back in
business. This is available via:
rperkins at nyx.cs.du.edu
rperkins at nox.cs.du.edu
rperkins at nyx10.cs.du.edu

Sorry it was down for so long, but I lost net connections for a
while. I'm still not back on the list, but for those who don't
know me, I used to be known as ub075 at freenet.victoria.bc.ca.

Have fun. 





From baum at newton.apple.com  Fri Jun  3 16:54:59 1994
From: baum at newton.apple.com (Allen J. Baum)
Date: Fri, 3 Jun 94 16:54:59 PDT
Subject: Black eyes heal
Message-ID: <9406032354.AA29053@newton.apple.com>


Its important to realize what was really gained by this revelation-
  - some PR value
  - several months before fixed Clipper/Tessara chips become available

I have no doubts that the problem that was revealed will be corrected.
I'm not sure it was a good idea to reveal the weakness. Imagine how much
worse it would be (in terms of PR) if lots of phones had been deployed
before the flaw was found? On the other hand, it's possible the weakness
was known and would have been (is being) corrected quietly.

So, there is a small window in which to take advantage of the PR, and the
delay in revised chip availablility. Unless there are some major defections
in Congressional support because of this, I don't think much will change;
Clipper will become a reality.

A competing product could devastate it- yes, government subsidies &
requirements might form the nucleus of support, but having to deal with NSA
restrictions and sole sourcing of the chip makes it a real, expensive pain
to turn it into a product. I don't think the revision will be completely
trivial, either. The way these chips are built means a much more extensive
verification process must be used- not just reburning a PROM.

A standard micro and a standard encryption chip on the side (don't have the
references here, but at HotChips there will be a paper on a 100kbit/sec
Single Chip Modular Exponentiation Processor from Holger Orup of Aarhus
Univ. Denmark) could make a viable, competing product.

Note that I'm not volunteering or suggesting that one of you should go out
and implement my great idea- just making predictions.

**************************************************
* Allen J. Baum              tel. (408)974-3385  *
* Apple Computer, MS/305-3B                      *
* 1 Infinite Loop                                *
* Cupertino, CA 95014        baum at apple.com      *
**************************************************







From hfinney at shell.portal.com  Fri Jun  3 17:45:58 1994
From: hfinney at shell.portal.com (Hal)
Date: Fri, 3 Jun 94 17:45:58 PDT
Subject: Black Eye for NSA, NIST, and Denning
Message-ID: <199406040047.RAA06014@jobe.shell.portal.com>


It was my understanding from what was posted here and on sci.crypt that
Clipper chips were only going to be given to phone manufactureres who
had an approved design.  This would mean no pre-encryption of messages,
and no hacks to defeat the LEAF block, would be allowed.

It's not clear to me whether the same restrictions apply to the use of
the Tessera plug-in card.  It sounds, from what was posted here, like
Blaze was able to feed sample LEAF's at his card until it accepted one.
Is that correct?  If so, apparently users of such cards have access to
low-level functions which would allow this kind of trick to be used.

Unless there is some way to get a supply of Clipper chips to allow you
to make Clipper-compatible phones which still protect privacy, then
all this theorizing is not too useful.

I am inclined to agree with Deadbeat that if you want to give the
impression that you are using Clipper on your phone calls (to blend in,
to keep a low profile) but at the same time you want the key escrow not
to work, then pre-encryption is a superior strategy to Matt Blaze's
idea.  Matt's trick only hides the session key if both sides are using
it.  And even in that case it appears to require particular key manage-
ment techniques that may not be standard (one side provides the session
key, or it is negotiated but both sides wait 30 minutes to talk).  So it
does seem that some pre-arrangement will be necessary in practice to allow
Blaze's approach to successfully hide the session key.

It's true that the Blaze technique hides the unit id, preventing traffic
analysis.  But that could be a negative.  Playing paranoid, suppose that
Clipper traffic is routinely decrypted with the family key.  Then the
fact that someone is using bogus LEAF's might be evident because the
unit id would change with each call.  Using pre-encryption makes you look
like a good little boy until they bring out the escrowed keys.


(Of course, they're not supposed to troll LEAF's, any more than they're
supposed to break escrow, but I'm assuming that the former will be easier
and more likely than the latter.)

Hal






From VACCINIA at UNCVX1.OIT.UNC.EDU  Fri Jun  3 18:34:33 1994
From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU)
Date: Fri, 3 Jun 94 18:34:33 PDT
Subject: LEAF forgery
Message-ID: <01HD4CD6HPJM0044FJ@UNCVX1.OIT.UNC.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

Perry responding to one of the points I made Said:

>VACCINIA at uncvx1.oit.unc.edu says:
>> How true, yet the NSA also had a lot to lose by putting out a flawed 
>> backdoor in Skipjack which essentially negates much of this features (LEAF)
>> value. They did so none the less.

>All the evidence is that it was an accident. You contend, without
>evidence or even a rational reason, that they did it intentionally.

I do not contend this, I contend they were negligent in checking their work.
That they were lax in their standards and that this lackadaisical attitude 
bespeakes arrogance. An arrogance that would allow them to think that they 
COULD put in a trapdoor (besides the LEAF) in Skipjack and easily get away 
with it.

>I'm not a conspiracy theorist. I operate on evidence and the
>assumption that people behave in their self interest. NSA had nothing
>to gain by sabotaging their own efforts in this manner. Even if they
>had another back door it is worth their while to make the public back
>door as good as possible. The notion that they would have done it
>badly intentionally for no reason when doing it well would be easy is
>at the very least without evidence or even rational suspicion.
>
>What would they possibly have to gain via such an act?

It would be in the NSA's self interest to have there own little door into 
Skipjack, wouldn't you say? Especially when the agency is quite satisfied 
that no one knows their algorithm. I don't see the evidence you are operating 
on, but will grant you the self interest part I mentioned above.

>> In addition, it is possible that the agency is not alarmed about their LEAF
>> problems because they don't need to use it.

>They may be able redesign the system before widespread deployment.
>Its also in their interest to play mistakes down. How do YOU know they
>aren't really embarassed?

Well, they did say so. But, I did agree with the play down mistakes position 
in the last post.


Vaccinia at uncvx1.oit.unc.edu


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLe/ZTT2paOMjHHAhAQHOCgP+MPt5QxnQF/2rbPpFWZi8t6iTb+6x45OF
sHoC7nZ/yLBjMpn8SdR4Jzf36m2yndQcVVBPAVkfMOAJ0V+mAZcrCqH+jrZWuX55
4Z1/A3fkuFmIp3/7irGnQENQ4PBcWZb7gSihPk4Ytc4EjTKdIDc9U6T5xtx+FbT2
/+7D259kgLE=
=WPJQ
-----END PGP SIGNATURE-----





From peb at netcom.com  Fri Jun  3 19:04:36 1994
From: peb at netcom.com (Paul E. Baclace)
Date: Fri, 3 Jun 94 19:04:36 PDT
Subject: Pedophiles in Cyberspace
Message-ID: <199406040204.TAA23468@netcom.com>


I agree with Perry's assessment, and would like to summarize the
conclusion of the article since it is about the blurring of 
national boundaries and lack of control by authority:

It is expressed that pedophiles who can communicate with like-minded
people anywhere in the world (where laws against it do not exist) will
get the impression that they are normal, okay people who live under an
unjust state.  Additionally, it is mentioned that unsupervised (i.e.,
no psychiatrist present) discussion between pedophiles will also
reinforce their predilections.

Unfortunately, the article does not mention how the blurring of 
national boundaries and uncontrolled (polically incorrect, etc.) 
conversations would also be beneficial.  Perhaps the real upshot
of the article is "May you live in interesting times".


Paul E. Baclace
peb at netcom.com






From klbarrus at owlnet.rice.edu  Fri Jun  3 19:10:13 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Fri, 3 Jun 94 19:10:13 PDT
Subject: Mosaic / CEB / CypherEssay Archive and List
In-Reply-To: <770631019/vac@FURMINT.NECTAR.CS.CMU.EDU>
Message-ID: <9406040210.AA18676@flammulated.owlnet.rice.edu>


> essays that they thought were good enough to be archived.

This isn't quite the mosaic site described, nor is it the "Cypherpunks
Electronic Book", but there is an archive of what I think are some of
the more interesting articles posted here (well, I'm a few weeks
behind adding new stuff and have several posts to include soon).

It's a gopher site: gopher.chaos.bsu.

-- 
Karl L. Barrus: klbarrus at owlnet.rice.edu         
keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5  3D F3 93 7E 81 B5 CC 32 

"One man's mnemonic is another man's cryptography" 
  - my compilers prof discussing file naming in public directories




From peb at netcom.com  Fri Jun  3 19:25:53 1994
From: peb at netcom.com (Paul E. Baclace)
Date: Fri, 3 Jun 94 19:25:53 PDT
Subject: to The Atlantic
Message-ID: <199406040225.TAA25861@netcom.com>


The NSA has not admitted that it can break DES, but there is plenty 
of evidence that 0.01% of its budget would be enough to build a 
machine to break it.

Paul E. Baclace
peb at netcom.com





From bbrown at coos.dartmouth.edu  Fri Jun  3 20:34:33 1994
From: bbrown at coos.dartmouth.edu (Brice A. Brown)
Date: Fri, 3 Jun 94 20:34:33 PDT
Subject: No Subject
Message-ID: <9406040334.AA02083@coos.dartmouth.edu>


  I posted about the NSA being human on ISCA. This was a response
I got from Milamber.


 
  I have a close relative who is a cryptologist for the NSA. He knows much
about skipjack. he couldn't/wouldn't tell me much, of course, mainly because
the last word I use to describe him is 'human'... he's more 'asshole'... but he
said the last thing he'd trust is skipjack/clipper... he says that the
CIA/FBI/NSA/ATF will almost assuradly _NOT_ violate the escrow rules (in other
words, they _will_ get a warrant for the key halves_) however, he also said
that there are so many back doors that they don't need them.  He also said that
they are expecting people to find about 60% of these doors, and they will
correct them when found (so they have a deck of aces up thier sleves) Damn
people.  
  However, he wasn't directly involved in the clipper shit, but he does have
high clearance.  But he's an asshole, like I said. NSA people, as a
generalization, usually are.  He'd turn _me_ in if he knew I hacked.


Entropy. 						Artimage.-






From diseased at panix.com  Fri Jun  3 20:40:23 1994
From: diseased at panix.com (Edward Hirsch)
Date: Fri, 3 Jun 94 20:40:23 PDT
Subject: News Flash: Clipper Bug?
In-Reply-To: <9406021437.AA01473@nmi.tla.org>
Message-ID: <Pine.3.87.9406032316.A23402-0100000@panix.com>




On Thu, 2 Jun 1994, W Lee Nussbaum wrote:

> In <9406021400.AA08779 at disvnm2.lehman.com>, dmandl at lehman.com (David
> Mandl) writes:
> >
> >More specifically, it was the TOP STORY in the Times.  Ha ha ha.
> 
> Lesbian invisibility strikes again...  (of the six columns on a Times
> front page, three of today's are topped by a picture, two by the
> article "Pentagon Must Reinstate Nurse Who Declared She Is a Lesbian",
> and one by this article, "Flaw Discovered In Federal Plan For
> Wiretapping")
> 
>         - Lee
> 
yeah, but the New York Time's "top story" is the one in far right-hand 
column.  Didn't they teach you that in junior high school social studies? ;)







From diseased at panix.com  Fri Jun  3 21:00:54 1994
From: diseased at panix.com (Edward Hirsch)
Date: Fri, 3 Jun 94 21:00:54 PDT
Subject: NYT article
In-Reply-To: <m0q9NOu-000IB2C@crynwr.com>
Message-ID: <Pine.3.87.9406032350.A23402-0100000@panix.com>


This might seem like a naive question, but I'm having a little trouble 
with the NSA'a logic... they are offering Clipper as an international 
standard, because an international standard is necessary.  However, other 
forms of encryption will still be legally available.  

Clipper includes the "wiretapping" feature because the government has the 
right and the need to look into individual's private correspondence in 
select circumstances.  However, the NSA recognizes that anyone who wants 
to encode information in ways that can't be wiretapped will be able to do 
so cheaply and easily (according to their statement in the New York Times 
piece).

Assuming we take the NSA at its word (i.e. that Clipper is only meant to 
be a voluntary standard , and is not being introduced as an initial step 
towards a mandatory standard with "wiretapping" capabilities), then why 
does it make sense to introduce Clipper, rather than go with something 
like PGP, which has become a defacto international standard already?






From anonymous at extropia.wimsey.com  Fri Jun  3 21:10:13 1994
From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com)
Date: Fri, 3 Jun 94 21:10:13 PDT
Subject: [ANON} War in rec.guns
Message-ID: <199406040352.AA06262@xtropia>


-----BEGIN PGP SIGNED MESSAGE-----

{{Reply-To: john.nieder at tigerteam.org}}

 -=> Quoting Royce at ug.eds.com to All <=-

 Ro> Um..not to encourage more of your ranting, but you published email
 Ro> from the r.g moderator.

The post was a message in which the moderator admitted to killing my
pro-anon messages to the group.  THAT's why I cross-posted it.

 Ro> You may not remember McCarthy's "I have here a list of 157
 Ro> communists...", but this argument sounds a lot like it.

The moderator did not post pro-anon messages I received Cc:s of.
Period.  After I started raising hell and mentioning specific messages,
they showed up - after "closure," of course.  Some never showed.
 
 Ro> You claimed this, and the other posters who were "censored" were free
 Ro> to post here as proof.  No one but you seems to be doing this.

Probably they care even less than I do at this point.  Still, I stand by
what I said, as some the messages started showing up _after_ I made the
accusation.

 Ro> The points you made were not relevant to the discussion.  You weren't
 Ro> paying attention when I explained why the first time.

Once and for all - my points; refute them or shut up:

1:  "Real" accounts are easily simulated/spoofed.  Therefore, a "real
accounts only" policy gives no protection whatever from whatever it is
that the moderator and rec.guns regulars feared so much from remailed
posts.

2:  Remailed posts are not always anonymous.  Some users (myself
included) use remailers non-anonymously because our normal systems do
not have as much flexibility, particularly with headers [Cc:, Bcc:,
Reference:, etc] as some remailers provide.  This is especially true for
users of BBS systems and other store-and-forward arrangements.  Such
posts, even with sigs, CLEARSIGN, and Reply-To: fields were being killed
when sent to rec.guns, simply because they came through remailers.  This
was unreasonable.  Jacob Vetleson in particular claimed to have posted
many, many tech posts and articles that were killed because they went
through a remailer.

3:  Some participants on gun forums are uncomfortable using their
regular accounts, especially when posting from their business sites,
because of employer prejudice against firearms, and desire some degree
of anonymity - even the trivial anonymity provided by the simple,
unencrypted remailers - to protect their jobs.  I also know a _lot_ of
single women who do not like to post on _any_ newsgroup because they
fear harassment at their jobsites stemming from some weirdo tracking
them from their mail address.  There are plenty of other reasons to use
anonymous remailers.  You may think they're stupid, I may think they're
stupid, but that's none of our business.  The measures one takes for his
own defense and privacy are his own affair and his own responsibility,
whether this means getting a house gun or using a remailer for his
messaging.  It's not for me or you to judge.

4:  Someone (was it you?) smugly said that remailers were no good
anyway, because of other measures available for defeating them,
specifically traffic analysis.  I posted a message explaining at some
length the exhaustive countermeasures some of the more sophisticated
remailers (and remailer users) incorporate to defeat traffic analysis.
I didn't hear another peep about _that_ subject.

5:  The remailers are the brainchildren of extremely pro-RTKBA net
activists.  Ignorantly banning remailer use was pointlessly antagonistic
toward several very powerful, active and well-financed allies.

6:  Numerous people simply hated remailed posts "on principle."  My
answer to that was basically, "So what?"  I hated all the inane newbie
crap that got posed on rec.guns asking the same _stupid_ questions ten
or twelve times a week, usually how best to violate 922(r) or render an
otherwise good weapon worthless through brainless modifications, etc..
etc., etc.  You know what I do when I see posts I don't like or that
offend my sensibilities?  I scroll through them.  I killfile the author.
I don't bother to read them.  These are perfect solutions for those who
have irrational aversions to anon posts.  Look into them.

 Ro> Answer this: Does every newsreader have a killfile option?

Every setup I have used (six or seven, I think) has _some_ provision for
twitting, filtering or killfiling.  If yours doesn't, you might want to
look into a change, especially if other peoples' posts bother you so
much.  Having whole classes of posts censored from a newsgroup seems an
awfully inefficient way of setting up a twitfile...but that's exactly
what you are, in essence, advocating.
 

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLe8FnBAm8ppE4nk3AQFD2gP/c17bmgM2JLQDXi9GJapxDYDmjW2KqapH
eaFMuxNxX0KBt34jZ1gDDnlM/WpzNN95HH0SLNZbcUF89yZ4bVgR1+cHlzXNi7pi
tS8ioYY27B85MXLczfpuTa6/Pi/nhAIhg4dakywAz207sRuQJEXwat6dC8rO0gY7
zJayx7AvNy0=
=3pDl
-----END PGP SIGNATURE-----






From bm189 at cleveland.Freenet.Edu  Fri Jun  3 22:50:01 1994
From: bm189 at cleveland.Freenet.Edu (Robert T. Mathews)
Date: Fri, 3 Jun 94 22:50:01 PDT
Subject: An Invitation..
Message-ID: <199406040549.BAA11786@nextsun.INS.CWRU.Edu>




Ladies and Gentlemen:

       You might think at the initial glance;  "The Gaul!".  However,
quite seriously, some of the esteemed members of this community might
consider the following announcement more in depth.  We invite you --
sincerely to join us in Hawaii, for PNC - People, Networks & 
Communication '94.


Our very best.
---------------

Enclosure:-



  ############################# Advance Release #############################


	    TITLE:  " PNC - People, Networks & Communication '94 "

		THEME:  " Turning 21 - A Journey to Maturity "

         TOPIC:  The Emergence of Application, Information Technology &
                          Policy for the 21st Century. 

    HOST CITY:  Honolulu;  Island of Oahu - " The Gathering Place ", Hawaii.

                  VENUE:  Mid-Pacific Conference Center,
			  Hilton Hawaiian Village Resort.
 
                       DATES:  October 11 - 14, 1994.

            Sponsored by The Pacific Network Consortium Limited.


  ############################# Advance Release #############################



  The Pacific Network Consortium Ltd., an EMERGING Not-for-Profit Regional
  Network Services Provider, invites you to enjoy our hospitality and join
       us in Hawaii for PNC - People, Networks and Communication '94.

  PNC '94 will facilitate a close exploration to the Building of the 
  Information Super-Highway and examine the essential ingredients to one -
  being a member among a larger, responsible and informed participating
  citizenry within a Global Informatic Society.  This Conference will lay
  focus to the various concerns as it relates to participation, management,
  policy, operations, security and factors of collaboration within and
  through the NII-National Information Infrastructure;  here in the United
  States and the similar structures in forming - elsewhere in the World.



	   A TASTE of subject areas that will be featured....


     O-     What will NII mean to me?

     O-     When will it really be here?

     O-     Who will fund the NII?

     O-     Who will be the large stakeholders?

     O-     What role will & must the Government have in developing the NII?

     O-     What does NII mean in terms of Global Citizenry, Fueling
            Competitiveness in Industry and Education?

     O-     How must the Educational culture evolve to practically react
            with existing and emerging informatic technology?

     O-     What are some of the problems associated with the youthfulness
            in the deployment of Networked Information Systems and their use?

     O-     What are the driving forces behind the large scale proliferation 
            of information systems?

     O-     What are the benefits of Networking and Inter-Networking?

     O-     How can companies benefit from connectivity to Global Networks?

     O-     What is the promise of an Electronic Government?

     O-     What is Community Computing;  is it an EQUALIZING force for 
	    citizenry within the NII?  ( MYTH & REALITY )

     O-     How will information services be structured in the 21st Century?

     O-     How will public libraries of the 21st Century service their
            patrons?

     O-     What is the need for Law & Order on the Information 
	    Super-Highway? 

     O-     Who & What, will govern the authenticity of information?





        Confirmed Speakers who have agreed to present as of 04/12/1994.
   ________________________________________________________________________




Ms. Gale Warshawsky       -  Co-ordinator for Computer Security Education 
			     & Awareness - Lawrence Livermore National
			     Laboratory (LLNL);  Computer Security Awareness
			     Outreach Program for Children.


Mr. Charlie Atterbury     -  Ret., Dir.: Information, Computer & Network
			     Security;  The Eastman Kodak Company.



Dr. Vinton G. Cerf        -  Senior Vice-President;  Data Architecture, MCI.



Dr. William Washburn      -  Executive Director;  CIX - The Commercial 
			     Internet EXchange.


Mr. Thomas Kappock        -  Vice-Chairman;  Bancorp Hawaii, Inc. 
                             Bancorp Hawaii, Inc., is the largest Financial
                             Institution in the PACIFIC Region with Assets 
                             exceeding U.S $12.5 Billion.


Ms. Linda Delzeit         -  Administrator;  Academy One Educational Network,
                             NPTN - National Public Telecomputing Network.


Mr. H. Leonard Fisher     -  Ret. Manager;  Specialized Libraries of LLNL 
			     and Senior Adjunct Professor of 
			     Telecomunications Management;  School of 
			     Technology & Industry, Golden Gate University.


Mr. Scott Charney, Esq.   -  United States Attorney-in-Charge;  Computer 
			     Crime Unit, United States Department of Justice.


Dr. Thomas Saka           -  Information Specialist;  State of Hawaii - 
			     Department of Education: IRM - Information 
			     Resource Management Division.


Dr. Hank Becker           -  College of Education, University of California
			     at Irvine.


Mr. Christopher Baker     -  Consultant;  IAEA - International Atomic Energy 
			     Agency, Network & Systems Administration:
                             DEP - Department of Educational Programs, 
			     Argonne National Laboratory.


Mr. Michael Higgins       -  Chief;  Office of Counter Measures, DISA - 
			     Defense Information Systems Agency.


Ms. Gail Thackeray, Esq.  -  Special Prosecutor;  Maricopa County 
			     Prosecutor's Office & The Organized Crime 
			     Division;  Phoenix, Arizona.


Mr. James Lewis       	  -  Liaison Officer;  NIIT - The National 
			     Information Infrastructure Testbed Consortia.


Mr. Bruce Nelson          -  Novell Inc.


Mr. Dain Gary		  -  Administration:  CERT/CC - The Computer Emergency
			     Response Task-force Co-ordinating Center, 
			     Carnegie Mellon University.


Dr. Richard Smith         -  Director of Instructional Technology, Huston
                             Independent School District;  Huston, Texas.


Mr. Walter Pioli          -  Director;  National Network Services, GTE.



Mr. William Cook Esq.     -  Villian, Brinks, Olds, Hofer, Gilson & Lione.
                             (Mr. Cook is a former United States Attorney;
			     now practicing in the area of Information
			     technology and evolving policies within, and
			     associated with, the NII - National Information
			     Infrastructure.


Ms. Bonnie Bracey         -  Member: United States Presidential Advisory
			     Council for the development of the National 
                             Information Infrastructure.





		  	 CONFERENCE REGISTRATION TEMPLATE:
			___________________________________



Dr./Mr./Mrs./Ms./Miss: __________________________________________________

Preferred Name on Name Tag: _____________________________________________

Organization Name: ______________________________________________________

Postal Address (Line 1): ________________________________________________

Postal Address (Line 2): ________________________________________________

Province/State: _________________________________________________________

Country & Postal/Zip Code: ______________________________________________

Title: __________________________________________________________________


Telephone & Telecopier Numbers: _________________________________________

Electronic Mail Address: ________________________________________________



Form of Payment:  [ ]  CHEQUE    [ ]  BANK DRAFT    [ ]  MONEY ORDER.

  Please issue your Cheque, Bank Draft or Money Order - payable to:

		 The Pacific Network Consortium Ltd.
		 ___________________________________



  Please send your Payment;  together with your Registration Template to:

	  	The Pacific Network Consortium Ltd.
	  	Suite 814
	  	415 Nahua Street
	  	Honolulu, Hawaii  96815.
          	United States of America.
	  	-------------------------

#############################################################################


			    ADVANCE REGISTRATION FEES:
	         (MUST be received - on, or before August 5, 1994)
		         _______________________________

 			  FULL CONFERENCE -  3 1/2 Days.


GENERAL ADMISSION.				  	: $ 690.00
Members of Non-Profit & Educational Organizations.	: $ 490.00
Members of the K-12 Community - for K-12 DAY ONLY.	: $ 150.00
		(October 12, 1994)
Students. (FULL 3 1/2 DAYS)				: $  70.00
Student CONFERENCE FEES PER DAY.   			: $  20.00

		-- SEE below, for special conditions --



			    LATE REGISTRATION FEES:
			    (after August 5, 1994)
			 _____________________________

			  FULL CONFERENCE - 3 1/2 Days.


GENERAL ADMISSION.					: $ 890.00
Members of Non-Profit & Educational Organizations.	: $ 790.00
Members of the K-12 Community - for K-12 DAY ONLY.	: $ 250.00
		(October 12, 1994)
Students. (FULL 3 1/2 DAYS)				: $  70.00
Student CONFERENCE FEES PER DAY.			: $  20.00
                                                    
		-- SEE below, for special conditions --


		     Please NOTE special conditions:
		     _______________________________



FOOD & BEVERAGE SERVICES:
_________________________


1) Food and Beverage services within the conference sessions will be
   available to those attendees from categories of General Admission and
   Members of Non-Profit and Educational Organizations.

   Members of the K-12 Schools Community who will be attending the
   Conference - on the K-12 Day (October 12, 1994) ONLY, will also be
   extended Food and Beverage services within the conference sessions.


2) Student fees DO NOT include Food and Beverage Services.


TOURS & EXTERNAL FUNCTIONS:
___________________________


   External Tours and Function fees are NOT included in ALL categories of
   conference fees.


#############################################################################

				Accomodations:
				______________


	For your convenience - The Pacific Network Consortium Ltd., have
        made available, through special arrangements with HILTON HOTELS;
	quality and spacious accomodations.  The Hilton Hawaiian Village
	is the largest hotel property on the Island.

	The Hilton Hawaiian Village sports fine accomodations within our
	Island Paradise, at a GREAT value.   To receive the Special Rate
	Extension, Please call 1-800-445-8667 & REFER to: "PNC - People,
	Networks & Communications '94 ".


			The rates are as follows:


			PNC '94 Hotel Rates:		Current Hotel Rates: 
	
Garden View		$ 140.00 + Tax			$ 225.00
Partial Ocean View	$ 155.00 + Tax			$ 250.00
Ocean View		$ 170.00 + Tax			$ 275.00

#############################################################################

				Travel.
				_______


	United Airlines has been chosen as the OFFICIAL CARRIER for " PNC
	- People, Networks & Communication '94.  

	United Airlines, is pleased to offer a 5% discount off the LOWEST
	applicable fare, including 1st (FIRST) class, or 10% Discount off
	the UNRESTRICTED BUA COACH fare;  through a special arrangement
	with The Pacific Network Consortium Ltd., 

	Help support PNC - People, Networks & Communications '94.  Secure
	your reservations with United Airlines;  offering you the MOST in
	convenience & flexibility with the LARGEST number of seats (5100)
	PER DAY to HONOLULU.  To obtain the best fares or schedule Inform-
	ation, please call UNITED AIRLINES Specialized Meeting Reservation
	Center at 1-800-521-4041.  Reservation Specialists are on duty 7
	days a week, from 7:00 A.m. to 10:00 P.m., Eastern Time (U.S.)

	It is a general fact that there exists from time to time, " AIR
	FARE WARS " between many of the Airlines in these United States.  
	United Airlines stands ready, to offer competitive rates to Hawaii
	as a Value Destination. So, please enquire about these value fares
	-- before you book your reservation.

	Please be sure to REFERRENCE I.D. number " 548NY " to receive 
	MUCH REDUCED fare considerations.   As a UNITED Meeting Attendee,
	You WILL also qualify for special discounts on HERTZ Rental Cars.  
	Mileage Plus members will receive FULL credit for all miles flown
	to HONOLULU.

	For your convenience, United will mail your tickets or you can pick
	up your tickets at your travel agent's desk or an United Airlines
	ticket office.

#############################################################################

			   Contact Information:

		PNC - People, Networks & Communication '94
		__________________________________________


	Conference Chairman:  	Dr. Ernest Kho, Jr.
				Chairman - Department of Chemistry,
				University of Hawaii - Hilo.
				Telephone:  808.933.3383
				Telecopier: 808.933.3693
				E.mail: ekho at uhunix.uhcc.hawaii.edu

	Conference Coordinator: Mr. Robert Mathews.
				Chairman - Steering Committee,
				The Pacific Network Consortium Ltd.
				Telephone & Telecopier: 808.921.2097 
				E.mail: bm189 at po.cwru.edu


 * Larger Conference details, Tour and External Function Information will *
		   * be released in the days to follow *
##############################################################################






From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Fri Jun  3 22:55:12 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Fri, 3 Jun 94 22:55:12 PDT
Subject: Though the war is not over, this battle is ours!
Message-ID: <770707304/vac@FURMINT.NECTAR.CS.CMU.EDU>



DEADBEAT:
>I won't ask why the big deal is being made about all of this -- the
>agenda surrounding Clipper and friends is clearly a political one, not
>a technical one, so it is no surprise to hear even the technical voices,
>i.e., this list, trumpeting Blaze's paper as though it were a dagger in
>the heart of SKIPJACK.  But let's all acknowledge the technical weight
>and importance of Blaze's result for what it is: minuscule.

It is just a battle victory, and the war is not over, but the 
advantage is now ours.

If today they forced everyone to use Clipper chips, we could now 
do so and still not let the government tap in.

If some company wants to use government subsidized hardware to have
very high speed encryption, they could do so with security.

As Adam/Hall said, Blaze's work is better than pre-encryption in that
the government can not even get unit IDs.

As Perry said, you can interoperate with someone who isn't attempting
to avoid escrow. 

This flaw, along with the recent DSS flaw, undermine the confidence
people had in the NSA.  This will slow down Clipper.

In terms of controlling encryption in general, the government train has
been switched onto a dead-end track.   If they decide to go back
through the standards acceptance again, it could be a long time before
there are products.  The rest of the industry will not wait - PGP etc
are moving along rapidly.  So the government position is either live
with a flawed chip, or go back for a probably fatal delay.  Either way,
they loose.

It is a big deal, and we do have cause to party!!!!!   :-)

   -- Vince

(PS  I have to wonder if this was just flame-bate.)





From warlord at MIT.EDU  Fri Jun  3 23:05:14 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Fri, 3 Jun 94 23:05:14 PDT
Subject: NYT article
In-Reply-To: <Pine.3.87.9406032350.A23402-0100000@panix.com>
Message-ID: <9406040604.AA15209@hal-2000.MIT.EDU>


Let me preface this with the statement that "this is according to the
NSA personnel who spoke at MIT a day ago"...

Having said that:

The NSA claims that they were asked to design an ecryption algorithm
for government use that can be used security by the government but
cannot be used against the government.  In order to accomplish this
(according to the NSA -- see the pattern yet? ;-) they developed a
secure algorithm (a-t-t-NSA), but put it in a package such that it
cannot be used without the key-escrow system.  It is this key-escrow
system that provides that functionality that "it cannot be used
against the government" (NSA-person's words, not mine).

I think the idea was that the government itself cannot operate without
a government standard, so the NSA was asked to create one, and they
did.  They also said that the key escrow system was not designed to
catch criminals, but to deter criminals from using the Skipjack
encryption algorithm (which they claim has no trap doors, and is very
secure).

In a private conversation afterwards, I asked about the fact that once
the two escrowed keys get discovered, say via a legal wiretap, then my
key is no good anymore.  They claimed that you can only read the data
by using a special box such that this box gets inputs from all the
escrow agencies and the law enforcement agency and outputs the
conversation, and that you cannot extract the key information from
this box.  I replied in the standard manner: Show me this box and
prove that is has these properties.  Their response was, of course,
that they could not do so, and that I had to trust them.  When I said
that I couldn't do that, the NSA employee suggested that I use PGP!
:-)

Anyways, I hope this sheds a little light (and maybe a little darkness
;-) on the subject.

Flames to me personally, please!

-derek

         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       warlord at MIT.EDU    PP-ASEL     N1NWH    PGP key available






From mpd at netcom.com  Fri Jun  3 23:53:01 1994
From: mpd at netcom.com (Mike Duvos)
Date: Fri, 3 Jun 94 23:53:01 PDT
Subject: Pedophiles in Cyberspace
In-Reply-To: <199406040204.TAA23468@netcom.com>
Message-ID: <199406040628.XAA24456@netcom.com>


Paul E. Baclace writes:

> It is expressed that pedophiles who can communicate with like-minded
> people anywhere in the world (where laws against it do not exist) will
> get the impression that they are normal, okay people who live under an
> unjust state. 

Are you referring to those places in the world with an order of magnitude 
less violence, child abuse, rape, and poverty where young people have a 
reasonable degree of sexual autonomy and the prosecution of real sexual 
abuse is not encumbered by having to pay lip service to a massive 
right-wing religious crusade?

Perish the thought that these values might someday be exported into the 
United States, or that our own pedophiles might be permitted contact with 
them.  It's much more healthy to leave them all unhappy, embittered, 
suicidal and feeling "not ok".

I am reminded of an exchange a while back between someone in the 
Netherlands and someone in the states on the topic of attitudes towards 
pedophilia.  The Dutch gentleman asked the American whether he would 
rather his teenage son have a relationship with a "happy well-adjusted 
pedophile" or an "angry depressed pedophile".  The American, 
characteristically, replied that his preference would be "A Dead Pedophile".

Needless to say, this remark quickly killed any further discussion of the
topic. :)

My own opinion on the subject is that the social contract between America 
and certain of its sexual minorities could use some improvement.  Contact 
with places that do things differently is a positive force for change, 
not something to be feared.  

> Additionally, it is mentioned that unsupervised (i.e.,
> no psychiatrist present) discussion between pedophiles will also
> reinforce their predilections.

Fred Berlin is no John Money.  (With apologies to Dan Quayle)

Personally, I wouldn't want to live in a country where anyone, regardless 
of their interests, was denied the opportunity to discuss them with 
others without a psychiatrist present to tell them what to think.  This 
is camel's nose under the tent talk.

> Unfortunately, the article does not mention how the blurring of 
> national boundaries and uncontrolled (polically incorrect, etc.) 
> conversations would also be beneficial.  

My objections to the article are straightforward.  First, discussions of 
pedophilia are hardly some sort of case study to demonstrate the limits 
to which the First Ammendment can be stretched.  Far worse things are 
protected by the First Ammendment in our country.

Fully half the article is based on the mistaken notion that the newsgroup 
a.s.p.m-l is actively distributing illegal child porn to everyone over 
the Internet.  This is a group almost no one posts to, and aside from an 
occasional David Hamilton photograph and numerous clueless newbies on a 
quest for the fabled non-existant mother load of Internet porn, would not 
be used at all.

The article is extremely value-laden and in my opinion prejudiced.  It's 
always open season on pedophiles.  Had any more mainstream sexual 
minority been subject to this kind of bashing, or had its name used 
interchangably as the name of a crime, we would have seen the ACLU and 
Queer Nation ripping bricks out of the Wall Street Journal building on 
the evening news.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From cdodhner at indirect.com  Sat Jun  4 01:46:42 1994
From: cdodhner at indirect.com (Christian D. Odhner)
Date: Sat, 4 Jun 94 01:46:42 PDT
Subject: MAKE DIGITAL MONEY FAST!!!
Message-ID: <8l3yjepAkjpB064yn@indirect.com>


-----BEGIN PGP SIGNED MESSAGE-----

Wanted: Cypherpunk with a little spare time and a lot of
reliability, a reputation I trust, and experience with the
Pr0duct Cypher Magic money client program, to split digital
proffits with me on a 75%-25% basis (ie: you keep 75% of the
digicash!)

Please reply promptly via email only.

Happy Hunting, -Chris
______________________________________________________________________________
Christian Douglas Odhner     | "The NSA can have my secret key when they pry
cdodhner @ indirect.com      | it from my cold, dead, hands... But they shall
pgp 2.3 public key by finger | NEVER have the password it's encrypted with!"
cypherpunks         WOw            dCD           Traskcom          Team Stupid
  Key fingerprint =  58 62 A2 84 FD 4F 56 38  82 69 6F 08 E4 F1 79 11 
- ------------------------------------------------------------------------------
 A government mandante for key-escrow encryption in all communication
 devices would be the information-age equivalent of the government requiring
 private citizens to quarter troups in their home.

 --David Murray

PGP NSA ViaCrypt Phrack EFF #hack LOD/H 950 FBI MindVox ESN KC NUA murder
QSD Hacker DEFCON SprintNet MCI AT&T HoHoCon DNIC TRW CBI 5ESS KGB CIA
RSA Communist terrorist assassin encrypt 2600 NORAD missile explosive hack
phreak pirate drug bomb cocain payment smuggle A.P. bullets semi-auto stinger
revolution H.E.A.T. warheads porno kiddiesex export import customs deviant
bribe corrupt White House senator congressman president Clinton Gore bootleg
assasinate target ransom secret bluprints prototype microfilm agents mole
mafia hashish everclear vodka TnaOtmSc Sony marijuana pot acid DMT Nixon
yeltsin bosnia zimmerman crack knight-lightning craig neidorf lex luthor
kennedy pentagon C2 cheyenne cbx telnet tymenet marcus hess benson & hedges
kuwait saddam leader death-threat overlords police hitler furer karl marx
mark tabas agrajag king blotto blue archer eba the dragyn unknown soldier
catch-22 phoenix project biotech genetic virus clone ELINT intercept diplomat
explosives el salvador m-16 columbia cartel

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLfAvLeKc9MdneB1xAQGtjAQAqTYEpiDau95tCM+kKiEUqX2JVbUgHqvb
nCGKy/ZcSraiawao7JnHns6BcJ+p0r9xNYEODJO5u1+NpFPLgD+iIpqKXeiY4h9g
7EYrpNdpcM07d49fM1NUk/snXmvFBiKgKbrKyfJJOm7XZDZGTfMZNxikoCUMtTf7
E4gNvfqhR8U=
=ex0S
-----END PGP SIGNATURE-----





From cdodhner at indirect.com  Sat Jun  4 01:47:55 1994
From: cdodhner at indirect.com (Christian D. Odhner)
Date: Sat, 4 Jun 94 01:47:55 PDT
Subject: LEAF forgery
In-Reply-To: <01HD4CD6HPJM0044FJ@UNCVX1.OIT.UNC.EDU>
Message-ID: <BS3yjepAkbZ6064yn@indirect.com>


-----BEGIN PGP SIGNED MESSAGE-----

> >All the evidence is that it was an accident. You contend, without
> >evidence or even a rational reason, that they did it intentionally.
> 
> I do not contend this, I contend they were negligent in checking their work.
> That they were lax in their standards and that this lackadaisical attitude 
> bespeakes arrogance. An arrogance that would allow them to think that they 
> COULD put in a trapdoor (besides the LEAF) in Skipjack and easily get away 
> with it.

The way I see it, the NSA guys/gals didn't notice/care
about/correct the bug/hole because they felt they didn't
need key escrow to intercept skipjack-encrypted
communications. This in turn indicates to me that they have
another, alternative method of access.

Happy Hunting, -Chris
______________________________________________________________________________
Christian Douglas Odhner     | "The NSA can have my secret key when they pry
cdodhner @ indirect.com      | it from my cold, dead, hands... But they shall
pgp 2.3 public key by finger | NEVER have the password it's encrypted with!"
cypherpunks         WOw            dCD           Traskcom          Team Stupid
  Key fingerprint =  58 62 A2 84 FD 4F 56 38  82 69 6F 08 E4 F1 79 11 
- ------------------------------------------------------------------------------
 A government mandante for key-escrow encryption in all communication
 devices would be the information-age equivalent of the government requiring
 private citizens to quarter troups in their home.

 --David Murray

PGP NSA ViaCrypt Phrack EFF #hack LOD/H 950 FBI MindVox ESN KC NUA murder
QSD Hacker DEFCON SprintNet MCI AT&T HoHoCon DNIC TRW CBI 5ESS KGB CIA
RSA Communist terrorist assassin encrypt 2600 NORAD missile explosive hack
phreak pirate drug bomb cocain payment smuggle A.P. bullets semi-auto stinger
revolution H.E.A.T. warheads porno kiddiesex export import customs deviant
bribe corrupt White House senator congressman president Clinton Gore bootleg
assasinate target ransom secret bluprints prototype microfilm agents mole
mafia hashish everclear vodka TnaOtmSc Sony marijuana pot acid DMT Nixon
yeltsin bosnia zimmerman crack knight-lightning craig neidorf lex luthor
kennedy pentagon C2 cheyenne cbx telnet tymenet marcus hess benson & hedges
kuwait saddam leader death-threat overlords police hitler furer karl marx
mark tabas agrajag king blotto blue archer eba the dragyn unknown soldier
catch-22 phoenix project biotech genetic virus clone ELINT intercept diplomat
explosives el salvador m-16 columbia cartel

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLfAqCuKc9MdneB1xAQHwWwQAg+I1uAqvfXt0IKwSx9f7K0eBPNjgd82y
dx24ATGG+6DCnb1+3PXQ78fbs0j6d/HKdL4HgN0sD23IabB0S+JsDAkodSyCqYhi
2m3w2kHdr//EBu1JEq+Ny3oq/QUHeuarBljNJUr0yoxvNpamu73/KaXtxkfSx8qV
JJGgmQ1Vd4k=
=PE7w
-----END PGP SIGNATURE-----





From ghio at kaiwan.com  Sat Jun  4 02:05:05 1994
From: ghio at kaiwan.com (Matthew Ghio)
Date: Sat, 4 Jun 94 02:05:05 PDT
Subject: Software upgrades to my anonymous remailer ghio@kaiwan.com
Message-ID: <ghio26160@kaiwan.com>


I added PGP support to my remailer.  For those not familiar with the format,
send mail to ghio at kaiwan.com, and on the first two lines of the message body,
put:

::
Encrypted: PGP

Then put the PGP encrypted message here.  Inside the PGP message, put:

::
Anon-To: <address at site>

##
Subject: whatever
Reply-To: or any other headers that you want to add to the message

The message body of the message to be remailed goes here.



The remailer now also supports a way to truncate the message.  This will
allow you to remove your signature.  Put a header Cutmarks: in your message
with what you want to use as a truncate line.  For example:

To: ghio at kaiwan.com
Subject: Anonymous Mail

::
Request-Remailing-To: address at site
Cutmarks: -truncate_here-

this is a message
all of this text will get remailed.

-truncate_here-

this text will not be included in the remailed message.


You can also use the cutmarks feature as a boundry between seperate messages.
To use it in this manner, you must put a :: and remailing instructions
immediately following the cutmarks.  For example:

To: ghio at kaiwan.com

::
X-Anonymously-To: joe at nowhere.edu
Cutmarks:-+-next-+-

##
Subject: hi joe

this is some anonymous mail

-+-next-+-
::
X-Anon-To: beth at somewhere.edu
Cutmarks: [END]

##
Subject: Hi, Beth

look this is anonymous! :)

[END]
- Here is my .sig which will get removed -



Additional notes & common problems:

The :: must go on the very first line of the message, or immediately after
the seperator/cutmarks.

The :: is for commands/headers that you want to give to the remailer
software.  Anything that can be put following the :: can also be put in the
regular headers.  The ## is for headers that you want to appear in the output
message.

When you use PGP, all the original headers get deleted, so you must put the
Subject inside the PGP message if you want one.

Messages seperated by cutmarks are treated as seperate mail messages.  Each
must have its own cutmarks header if you want to use cutmarks in the next
message.

Only one recipient may be specified per message.  This may be inconvienient,
but it was necessary to prevent Detweiler exponentiation.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQCKAi3vhFUAAAED6KSE5JwFAstBYAUEASfQCEr1wA+1YsWZl7nlNBA8Xq4YSwlg
eLCy9oiTDisxsxxxcbQdMtBTFcgQ2GVq7NhhjCEQkRzFRzPOG87T+0aUSufqD2RC
PYnwacPDpiTUe/TobHMs/Ov+yDuji0bIacveflubU8DvHLjHgI58Jgk1AAURtCRB
bm9ueW1vdXMgUmVtYWlsZXIgPGdoaW9Aa2Fpd2FuLmNvbT4=
=v5cv
-----END PGP PUBLIC KEY BLOCK-----

Let me know if you have any questions/problems.





From an5877 at anon.penet.fi  Sat Jun  4 03:26:09 1994
From: an5877 at anon.penet.fi (deadbeat)
Date: Sat, 4 Jun 94 03:26:09 PDT
Subject: Black Eye for NSA, NIST, and Denning
Message-ID: <9406041015.AA14516@anon.penet.fi>



-----BEGIN PGP SIGNED MESSAGE-----

Mr. Shostack makes a good point in identifying immunity from traffic
analysis as an advantage of Blaze's subterfuge.  Thank you.  Metzger,
on the other hand, appears to be as stupid as he is brazen.  If only
one party obscures the LEAF field, the needs of law enforcement are
as easily met by inspecting the LEAF transmitted by the other party.

DEADBEAT <na5877 at anon.penet.fi>

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQBFAgUBLe/dEvFZTpBW/B35AQF29wGAhymFAS6fXxiirWGPep7d0hXUsBfSqer6
+tZC5a45CqaP9M6zK/lEAJTHZgR6Gd9c
=bGiZ
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.





From remail at desert.hacktic.nl  Sat Jun  4 03:28:41 1994
From: remail at desert.hacktic.nl (remail at desert.hacktic.nl)
Date: Sat, 4 Jun 94 03:28:41 PDT
Subject: *** Flash - N.Y. Times on Clipper Flaw **
Message-ID: <199406041028.AA22629@xs4all.hacktic.nl>


> ...
> HOW THE CLIPPER TECHNOLOGY IS FLAWED
>
> 1. Taking advantage of desing imperfections, people trying to defeat the
> system could repeatedly alter the LEAF until it erroneously passed the
> "checksum" verification, despite an invalid session-key number.

This sounds like a very simple computation.  How much would it cost 
to fab up some chips to do this, and solder them into the circuitry 
next to the Clipper chip?  Or is there an even easier way to do this?








From an5877 at anon.penet.fi  Sat Jun  4 03:40:02 1994
From: an5877 at anon.penet.fi (deadbeat)
Date: Sat, 4 Jun 94 03:40:02 PDT
Subject: Black Eye for NSA, NIST, and Denning
Message-ID: <9406041027.AA15976@anon.penet.fi>



-----BEGIN PGP SIGNED MESSAGE-----

Thanks, Hal.  Maybe you remember me from some time past.  I confess
that Perry Metzger's tone set me off and prompted an intemperate reply,
for which I apologize.

Regardless of the technical brunt, I think we all view with great
satisfaction the shock waves produced by someone who the CypherPunks
can truly call one of their own.

DEADBEAT <na5877 at anon.penet.fi>

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQBFAgUBLe/hCPFZTpBW/B35AQG5/QF+P964XLXWp3SbtD4PyDHZQCAVK0GIsIPd
FEJW6UM42BkWd1rFgO+CmIq3bl8AaOzO
=MVs6
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help at anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin at anon.penet.fi.





From frissell at panix.com  Sat Jun  4 07:41:20 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sat, 4 Jun 94 07:41:20 PDT
Subject: Pedophiles in Cybersp
Message-ID: <199406041441.AA13087@panix.com>



P >Unfortunately, the article does not mention how the blurring of 
P >national boundaries and uncontrolled (polically incorrect, etc.) 
P >conversations would also be beneficial.  Perhaps the real upshot
P >of the article is "May you live in interesting times".
P >
P >
P >Paul E. Baclace
P >peb at netcom.com
P >
P >

This phenom is one of my big hopes for cyberspace.  Acquiesence in state 
control was caused by normal primate urges to get along with one's 
"tribe."  Cyberspace extends the changes that have already occured through 
urbanization and travel to a new threshold.  With interface improvements 
we will be able to live societies of our own choosing and enhance feelings 
of personal autonomy.

DCF

--- WinQwk 2.0b#1165
                                 





From gtoal at pizzabox.demon.co.uk  Sat Jun  4 10:28:59 1994
From: gtoal at pizzabox.demon.co.uk (gtoal@gtoal.com)
Date: Sat, 4 Jun 94 10:28:59 PDT
Subject: more info from talk at MIT yesterday.
Message-ID: <9406041651.AA04566@pizzabox.demon.co.uk>


	> Defense Messaging System is supposedly going to use Skipjack,
	> so I assume it's reasonably secure - and if there *are*
	> NSA-only backdoors in the algorithm, at least they won't
	> be admitting it to your neighbor hood cops and FBI wiretappers,
	> so you'd have to be an *interesting* suspect to get cracked.

	Indeed -- let us recall that Coventry was bombed into ruins rather
	than reveal that the Brits could read German codes in WWII.

I don't recall that at all, and neither do the papers that were recently
released under the 30 year rule.  (Somewhat delayed...)

G





From huntting at glarp.com  Sat Jun  4 15:08:16 1994
From: huntting at glarp.com (Brad Huntting)
Date: Sat, 4 Jun 94 15:08:16 PDT
Subject: No Subject
In-Reply-To: <9406040334.AA02083@coos.dartmouth.edu>
Message-ID: <199406042207.QAA01882@misc.glarp.com>



> I have a close relative who [...] he says that the CIA/FBI/NSA/ATF
> will almost assuradly _NOT_ violate the escrow rules (in other
> words, they _will_ get a warrant for the key halves_)[....]

Considering that most if not all of these TLA's can obtain warents
through the Federal Inteligence Survelance Court, it's not suprising
to hear they have no intention of violating the escrow rules.


brad





From peb at netcom.com  Sat Jun  4 16:25:17 1994
From: peb at netcom.com (Paul E. Baclace)
Date: Sat, 4 Jun 94 16:25:17 PDT
Subject: Pedophiles in Cybersp
Message-ID: <199406042325.QAA05709@netcom.com>


>From: Duncan Frissell <frissell at panix.com>

>P >of the article is "May you live in interesting times".

>This phenom is one of my big hopes for cyberspace.  

Me too.  The growth of non-centralized transfer of information will 
certainly bring about more democracy in the world (and thus, less
war).  Even the presence of large flame wars would not totally 
diminish the emergence of cooperation.  E.g., in WWI, trench warfare
dragged on because the soldiers on each side started to cooperate
in a sort of subliminal way: trench soldiers from either side would
develop a pattern of engagement that created a status quo where no
one would get killed.  This cooperation trend is eliminated by 
constantly swapping in new soldiers--this depersonifies the enemy
and makes it easier to shoot to kill.  

(I think this same effect is also seen in police beats--if the local 
cop gets really friendly, s/he starts cooperating with the people s/he 
is protecting rather than being completely objective.  From the 
"authority and control" perspective, this makes the cop corruptable.  
>From the citizens perspective, this makes the cop more cooperative to 
the direct needs (however unfair--it is more personal) of the citizens.)

I mention "interesting times" since the transition to new freedoms
does not occur without a fight from the side that loses some of
its control.  Overall, the effect of personifying people's enemies 
(proportionally less slanted, centrally transmitted news) should have 
a positive impact. 


Paul E. Baclace
peb at netcom.com










From peb at netcom.com  Sat Jun  4 16:43:16 1994
From: peb at netcom.com (Paul E. Baclace)
Date: Sat, 4 Jun 94 16:43:16 PDT
Subject: NYT article
Message-ID: <199406042343.QAA07231@netcom.com>


Does anyone find the following somewhat distorted:  "...White House
and Justice Department officials have argued forcefully that is a 
necessary information-age compromise between the constitutional
right to privacy and the *traditional* powers of law enforcement
officials."   [my emphasis]  If wiretapping laws were passed 
in 1968, I don't consider that *traditional*.  Is Markoff speaking
about surveillance in exceedingly general terms?


Paul E. Baclace
peb at netcom.com





From CCGARY at MIZZOU1.missouri.edu  Sat Jun  4 16:44:22 1994
From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers)
Date: Sat, 4 Jun 94 16:44:22 PDT
Subject: CEB 6 the Unpleasantness
Message-ID: <9406042344.AA04287@toad.com>


   Cypherpunks' Electronic Book (CEB) 6 the Unpleasantness.



>Gary Jeffers apparently blames me for his dropping of the "Cypherpunks
>Electronic Book" project:

>>        Cypherpunks' Electronic Book (CEB) part 5 - the hangover.

As badly as it was received, you should be proud to take the blame!
But no, I don't blame you.

>
>>    Tim May writes on & on & on about my failure to write the CEB.
>> Hey, just where did I pick up GUILT? I had a really great idea for

>I did not write "on and on" about this--go back and read what I wrote.

>> Cypherpunks that I also felt was a glaring omission of Cypherpunks'.
>> I wrote up the idea as best as I could & tried to interest some com-
>> petent C'punk to do it. I thought I did a really good job of writing
>> up the idea. Unfortunately, I lack the skills to write the particular
>> code to do the idea. Its sort of like bringing home a rabbit for suppr
>> & everybody dumps on you cause it wasn't a moose. What kind of guilt o
>> you dump on people who actually do bad things?

>Flaky ranters like you and Hettinga are but the latest in a string of

"Flaky ranters like you"? Now, you have lost your pretense of criticism
of an idea & have gotten to your real agenda - attack on my person -
you sorry fuck. (my turn) :-)

>ranters who wring their hands and cry "*Do* something@! I tried to be
>polite in my comments, even saying "So, if the CEB enthusiasts want to

& now after your heroic self control has been taxed to the max, You are
007 - Licensed to be nasty! a small max really, made for offense
taking.

>try this, I applaud them."

>In most of these cases, including Detweiler's similar wailings that no
>one would create "alt.whistleblowers" for him, such politeness is
>apparently unappreciated. Ranting is ever so much more fun, I guess.

>(Hettinga's rants about "Garth and Wayne," broken windows, fleas on
>his head, and "I'm not worthy" are just too strange for me to follow.
>I sense a proto-Detweiler is forming in the great void.)

   I have not followed your dysfunctional relationships with your
buddies Detweiler & Hettinga, but do feel free to keep them to your-
self. Are you trying disingenuously to identify me with these people?
They say that if you squint your eyes just right & long enough, dogs
look look much like Adolph Hitler. So, Tim, why don't you go out & find
one, squat, & squint till you notice the resemblance? :-) That's a
joke Tim.
   But in a more serious vein Tim (preferable a major one), I thought
your bad experience with the Extropians would have kept you from assaulting
-ing people with claims of being elements in a class based on flimsy
comparisons. You remember when your candy ass got chased off the
Extropians' list with allegations of your being a fascist. But, of
course, that would have scared anyone: a bunch of savage Extropians
writing Fascist! Fascist! Fascist! :-)

>>    Admittedly, implementing the idea is magnitudes more work that get
>> ting the idea. However, it was a great idea & why should I suppress i
>> because I personally couldn't implement it? No doubt, great ideas fal
>> from Tim May like rain from the skies & he considers them cheap if no
>> nuisances. However, in most of the world, they are in short supply & re
>> considered valuable.

>Nonsense. Like Detweiler's "electrocracy," this idea was just an old
>notion in new clothes. In this case, the "stone soup" FAQ idea all
>over again.

>I said it before, so I'll be brief: worrying about the details of
>distribution instead of the writing is the big mistake. Distribution
>is relatively trivial, whether by ftp at the soda site, distribution
>by mail, whatever.

>>    I have discovered that the idea of bunches of creative, skilled
>> programmers with lots of time on their hands is a myth. I guess they
>> all manage to figure out something worth while to write. Originally,
>> had thought that there would be at least one of them around looking
>> for something worthy to do.

   Note: There is no covert meaning to the above paragraph. I really was
naive in thinking that they might not have their time fully occupied
with projects.

>If _you_ think it is worth, and _others_ think it is worthy, then
>absolutely nothing is stopping you all from doing this project! Do you
>think the comments of _me_ are enough to stop you? Jeesh.

>What you seem to have done is to see my comments about such "stone
>soup" let's-volunteer-the-others appraches and then just _given up_ in
>a huff. Methinks you just have no staying power and were hoping the
>Cyperpunks Masses would make your CEB project the centerpiece of their
>efforts with little further work on your part. It just doesn't happen
>that way.

>>    I believe that I have described a very worthwhile project for anyoe
>> who wants to do it. I have a lot of hope that someone will do it late.
>> I don't think its going to be forgotten. I would like to thank the
>> people who supported the idea. CEB doesn't look like it is going to
>> happen soon but if Cypherpunks grows, I think it is inevitable that i
>> will happen.

>It won't happen because nobody out there is going to do it, not
>because your feelings got hurt.

Mocking other peoples' hurt feelings can get you into places where your
own delicate feelings get hurt.

>>    But, Tim, if you decide you want this done - do it yourself. You
>> just have no idea how you get dumped on when you suggest others do
>> it for you! :-)

>More nonsense. Nonsense I am finished responding to.

Tim, for a guy who doesn't care about other peoples' hurt feelings, you
have got real thin skin.

>--Tim May

   Its surprising to me that my CEB plan got such bad reviews. I got my
idea flamed by a lot of C'punks but life is tough. You present an idea
& its not necessarily going to get accepted. You take a chance. But
that is fair. I carry no grudge against the other C'punks. Tim May,
however, is different. He criticized ME! & he was so unpleasant!
Now we find out how Tim likes the intentionally unpleasant.
   I don't know Tim May very well but I've noticed he gets into a lot of
flame wars. Could this be his M O?: Get into an argument with a victim
over a matter of fact, then slyly turn it into an attack on the person
without losing the applause of the gallery? Also, I don't like his
shrill strident manner.
   I don't like a bully. When I run into one, I like to make sure he
takes a few lumps too!
                                            Yours Truly,
                                            Gary Jeffers
                                     PUSH EM BACK! PUSH EM BACK!
                                     WWWAAAYYY  BBBAAACCCKK!
                                     BBBEEEAAATTTT  STATE !





From jdwilson at gold.chem.hawaii.edu  Sat Jun  4 17:27:50 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Sat, 4 Jun 94 17:27:50 PDT
Subject: Ultra and Coventy
In-Reply-To: <9406031721.AA10925@toad.com>
Message-ID: <Pine.3.07.9406041400.C737-b100000@gold.chem.hawaii.edu>



On Fri, 3 Jun 1994 smb at research.att.com wrote:

> 	Nor, to debunk another story, did Churchill let Coventry
> 	be destroyed because he believed that defensive measures
> 	would risk the secret of ULTRA.  Critical analyses of
> 	documents show that this is pure myth.
> 

But as an aside, the CCCP was majorly pissed at us when they discovered that
we had cracked the german godes and not shared them with then-allies the CCCP.
If I remember correctly there were more CCCP casualties than those of any
other countries.

-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |finger for key / Viacrypt Reseller  >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>













From tcmay at netcom.com  Sat Jun  4 18:07:39 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sat, 4 Jun 94 18:07:39 PDT
Subject: Wiretapping, NYT article
In-Reply-To: <199406042343.QAA07231@netcom.com>
Message-ID: <199406050107.SAA27550@netcom.com>


Paul Baclace writes:

> Does anyone find the following somewhat distorted:  "...White House
> and Justice Department officials have argued forcefully that is a 
> necessary information-age compromise between the constitutional
> right to privacy and the *traditional* powers of law enforcement
> officials."   [my emphasis]  If wiretapping laws were passed 
> in 1968, I don't consider that *traditional*.  Is Markoff speaking
> about surveillance in exceedingly general terms?

I think the "traditional" use of wiretapping, prior to the 1968 law,
was _de facto_, not _de jure_. The cops just wiretapped whomever they
felt needed wiretapping. (For evidence of this, from the FBI to NSA,
see books on Hoover's era, and Bamford on the NSA. For local cops, I
have no immediate source, but note that "wire men" did not suddenly
spring into existence in 1968...wiretapping has been used for many
years.)

The increased focus on civil rights (some would disagree with this
characterizaton...) with the "Miranda rights" and "authorized wiretap"
trends of the 1960s forced these practices to be formalized.

I'm not arguing that wiretapping is "good," just noting that there is
a plausible meaning to "traditional" that extends back beyond the time
when wiretapping was "officially recognized" as a tool of law
enforcement.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From smb at research.att.com  Sat Jun  4 18:56:09 1994
From: smb at research.att.com (smb at research.att.com)
Date: Sat, 4 Jun 94 18:56:09 PDT
Subject: Wiretapping, NYT article
Message-ID: <9406050156.AA05462@toad.com>


	 I think the "traditional" use of wiretapping, prior to the 1968 law,
	 was _de facto_, not _de jure_. The cops just wiretapped whomever they
	 felt needed wiretapping. (For evidence of this, from the FBI to NSA,
	 see books on Hoover's era, and Bamford on the NSA. For local cops, I
	 have no immediate source, but note that "wire men" did not suddenly
	 spring into existence in 1968...wiretapping has been used for many
	 years.)

	 The increased focus on civil rights (some would disagree with this
	 characterizaton...) with the "Miranda rights" and "authorized wiretap"
	 trends of the 1960s forced these practices to be formalized.

More or less.  There was a Supreme Court ruling in 1967 (I don't have
the citation handy) that held that wiretaps constituted an illegal
search and seizure.  The Federal wiretap statute (18 U.S.C.  2510 et
seq., later amended by the ECPA) was a direct response to this ruling.
Until then, wiretaps were barred from Federal use by the Federal
Communications Act, and not by 4th Amendment considerations (Nardone v.
United States, 320 US 379 (1937)).  But that was a question of
admissibility of evidence, and in 1953 (Schwartz v. Texas, 344 US 199)
the Court ruled that that was not binding on state courts.

As a sidenote, the first act regulating police wiretaps was in New York
in 1942; in 1895, the state had passed a law prohibiting wiretaps
completely.







From darklord+ at CMU.EDU  Sat Jun  4 18:57:36 1994
From: darklord+ at CMU.EDU (Jeremiah A Blatz)
Date: Sat, 4 Jun 94 18:57:36 PDT
Subject: NYT article
In-Reply-To: <199406030108.AA27353@xtropia>
Message-ID: <MhwH2U200iUz02raZO@andrew.cmu.edu>


Excerpts from internet.cypherpunks: 2-Jun-94 NYT article by Ezekial
Palmer at anon.pene 
> ``Anyone interested in circumventing law-enforcement access would most
> likely choose simpler alternatives,'' Michael A. Smith, the agency's
> director of policy, said in a written statement in response to a 
> reporter's questions. ``More difficult and time-consuming efforts, like
> those discussed in the Blaze paper are very unlikely to be employed.''

Right, until the clipperphone conversion units come out. It's too hard
for the average drug dealer/terrorist to do, just like making a
cellphone that generates a random ID number every time you pick it up.
:-7

The street finds its own use for things

Jer

darklord at cmu.edu | "it's not a matter of rights  / it's just a matter of war
finger me for my |  don't have a reason to fight / they never had one before"
   Geek Code and |                                    -Ministry, "Hero"
  PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/





From darklord+ at CMU.EDU  Sat Jun  4 19:11:03 1994
From: darklord+ at CMU.EDU (Jeremiah A Blatz)
Date: Sat, 4 Jun 94 19:11:03 PDT
Subject: more info from talk at MIT yesterday.
In-Reply-To: <199406031503.LAA15327@duke.bwh.harvard.edu>
Message-ID: <AhwHEPS00iUzQ2rgkd@andrew.cmu.edu>


Excerpts from internet.cypherpunks: 3-Jun-94 Re: more info from talk at
.. by Adam Shostack at bwh.harvar 
> Bill Sommerfeld says:
> > They also confirmed Tom Knight's suspicions about what they're going
> > to do when someone reverse engineers the chip and publishes the
> > Skipjack algorithm & the family key: they've got a patent application
> > filed, under a secrecy order; if the algorithm is published, they'll
> > lift the secrecy order and have the patent issued, and use that to go
> > after anyone making a compatible version.
> 
>         An interesting variant of this tactic might be for the folks
> who reverse engineer Clipper/SkipJack to go off and patent it in
> *other* countries, thus making it impossible to sell or use Clipper
> outside of the USA.

Or to just write the software/burn the chips in other countries and
freely distribut the code/plans. Either way, the U.S. patent is
compromised.

Jer

darklord at cmu.edu | "it's not a matter of rights  / it's just a matter of war
finger me for my |  don't have a reason to fight / they never had one before"
   Geek Code and |                                    -Ministry, "Hero"
  PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/





From an60011 at anon.penet.fi  Sat Jun  4 20:24:38 1994
From: an60011 at anon.penet.fi (Ezekial Palmer)
Date: Sat, 4 Jun 94 20:24:38 PDT
Subject: Ultra and Coventy
In-Reply-To: <Pine.3.07.9406041400.C737-b100000@gold.chem.hawaii.edu>
Message-ID: <199406050251.AA11991@xtropia>


-----BEGIN PGP SIGNED MESSAGE-----

    Date: Sat, 4 Jun 1994 14:23:01 -1000 (HST)
    From: NetSurfer <jdwilson at gold.chem.hawaii.edu>
    Subject: Re: Ultra and Coventy

    If I remember correctly there were more CCCP casualties than those of any
    other countries.

I'd be awfully suprised if there were enough people in the central
committee (CCCP) to make that statement true :-)

Zeke

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLfE0UBVg/9j67wWxAQFcwAP9FFTXk09S0HvRN+PmTD8l4Lnn1+YVT6kW
892DXrO9FCG7Q21x49UvHi7EYavQHA7s6muCZRF/Y4X8SAEXZ3Z1d0bpJjg+YIEl
DVd8kgWwcJV0c+QKIhwhmsUYX9AZUu10aPXjI5Bs+yPLW1urSvGDTMGHCL4BvGq3
0rWSA3/IJ5c=
=8QKF
-----END PGP SIGNATURE-----





From lefty at apple.com  Sat Jun  4 21:48:14 1994
From: lefty at apple.com (Lefty)
Date: Sat, 4 Jun 94 21:48:14 PDT
Subject: to The Atlantic
Message-ID: <9406050447.AA06412@internal.apple.com>


>The NSA has not admitted that it can break DES, but there is plenty 
>of evidence that 0.01% of its budget would be enough to build a 
>machine to break it.

That sounds to me like a big "Yes" for supposition, then.


--
Lefty [gYon-Pa] (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From nobody at shell.portal.com  Sat Jun  4 22:38:51 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sat, 4 Jun 94 22:38:51 PDT
Subject: Bill Machrone's PC Magazine article
Message-ID: <199406050540.WAA16259@jobe.shell.portal.com>


"Privacy in the Digital Age"
Bill Machrone
PC Magazine June 14, 1994 page 87
Copyright 1994 Ziff-Davis, I'm sure, but don't let that stop you from 
forwarding to interested lists and newsgroups.

I'm a fairly conservative, law-and-order kind of guy.  I support my local
police.  I sometimes have trouble identifying with some of my more liberal
journalistic compatriots.  But suddenly, you and I (along with the rest of
the computer industry) are caught up in an issue of national importance
that transcends politics and gets down to constitutional issues and basic
freedoms.  The issues, however,are in danger of being clouded as the usual
suspects take sides and start shouting. 

The knee-jerk liberals have squared off against the knee-jerk
conservatives over the privacy and security of digital communications. 
The Electronic Frontier Foundation and the Computer Professionals for
Social Responsibility oppose the FBI and the Justice Department.  And
they're all quoting Al Gore.  Let's get beyond the labels, politics, and
allegiances and look at the facts. 

Here's the short form:  The Feds realized that with the advent of
widespread digital commmunications, their ability to monitor and tap
communications would be radically diminished or would take far more time
and money.  So they proposed that all future digital devices be equipped
with a high-security scrambling cip, called Clipper.  Crazy?  Like a fox. 
Every Clipper chip would have a serial number, which would give you access
to a key that would decrypt whatever data the chip had encoded.  The key
would be kep in two pieces in two different places, and only a court order
could bring them together.  Trouble is, nobody trusts the law enforcement
agencies to keep them apart.  Don't even wonder if the National Security
Agency will be monitoring digital conversations for its favorite trigger
words.  Furthermore, the pending legislation provides for fines up to
$10,000 a day against telecommunications companies who don't give the Feds
the access they want to decoded data streams. 

It doesn't end with telephones and data networks.  The Feds intend to have
Clipper technology on every fax machine, every cable TV box, every ATM,
every device capable of receiving and sending a digital data stream.  They
want to monitor the entire information network for "patterns of abuse and
criminal activity." 

Offering this capability in the form of a "security" chip that supposedly
protects our data is insulting and offensive.  The silly part of all this
is that it represents the classic case of locks keeping out the honest
people.  The sad part is that we don't trust law enforcement agencies,
however well-intentioned, not to abuse the power.  Even worse, we the
taxpayers are going to foot the bill (to the tune of half a billion
dollars) just to build the monitoring network.  We'll pay again in higher
product costs.  Nobody builds complex data-encryption chips for free. 

There is this little issue, however, of First Amendment rights.  When the
White House issued its briefing document on the Clipper announcement, it
averred that no U.S. citizen, "as a matter of right, is entitled to an
unbreakable commercial encryption product."  FBI director Louis J. Freeh
echoed this position in a _New York Times_ interview, in which he claimed
that the American people must be willing to give up a degree of personal
privacy in exchange for safety and security.  I find both statements
odious. 

Privacy is a nonissue for most of us.  People who want their
communications to be secure have always had the means to do so.  People
who don't need secure communications don't bother and don't care.  Also,
security is a pain in the neck.  The inherent hassles make us very choosy
about when we use it.  All the Clipper chip will do is waste our tax
money. 

There's no point in making everyone's transmissions and conversations
secure if a third party holds the key.  No criminal in his right mind
would depend on Clipper encoding when fully secure means are available. 

If the government manages to overthrow all logic and make Clipper a legal
requirement, those of us who want or need real security will be forced
into acts of civil disobediance.  For data, it's a piece of cake.  You can
find half a dozen shareware programs on ZiffNet that implement the
National Institute of Standards and Technology's Data Encryption Standard
(DES).  If you're one of the superparanoids who suspect that the NSA put a
trap door into DES--no one has ever found evidence of it--you can use PGP
(Pretty Good Privacy), a shareware program popular on the Internet, or
PC-IRIS, available on ZiffNet.  Both use a technique known as RSA to
encrypt your data, which is widely regarded as extremely difficult to
break.  RSA has the additional benefit of providing public-key encryption;
you publish a key that people use to encode messages to you, and then you
use a private key to decrypt the message.  DES is probably only viable for
another year or two before it becomes too easy to crack; RSA should be
secure for some time longer. 

Voice security is harder, but not much.  You either go to a spook shop and
pay a lot of money for a telephone scramber device or build your own.  The
latter option is not all that difficult, given the advent of DSP (digital
signal processing) chips.  All you need is the DSP, a couple of megs of
memory, and a few support chips.  Some of the DSP vendors have evaluation
kits that contain virtually everything you need, Basically, you digitize
your voice, take samples of the data, and perform calculations and
transformations on it.  You then turn the resulting data stream back into
sound and send it over the phone line.  For fun, you might send several
data streams at the same time but out of phase with one another, the way
modems do.  An identical piece of hardware on the other end performs the
operations in reverse order.  Suffice it to say, however, that if the NSA
types hear a scrambled conversation that they can't understand, they're
going to wonder what you've got to hide. 

We're not encouraging criminal behavior by pointing out cryptographic
resources.  The dummies won't read this and the smarties don't need to. 
The only people who will be adversely affected by Clipper are you and me. 

--end--






From kentborg at world.std.com  Sat Jun  4 23:37:29 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sat, 4 Jun 94 23:37:29 PDT
Subject: Black Eye for NSA, NIST, and Denning
Message-ID: <199406050637.AA29985@world.std.com>


thad at pdi.com (Thaddeus Beier)
>DEADBEAT sez
>>> and importance of Blaze's result for what it is: minuscule.
[with which thad disagrees:]
>Blaze's result destroys the current justification...

Both exaggerate, me thinks.

1) Dr. Blaze blasts out of the water any justification for faith in
the competence/honesty of the NSA in this matter.  This is a real
basic, easy to explain to the corner barber, case of the NSA being
caught with its pants down.  It was a serious technical flub for them
to leave something "this easy"* in the PCMCIA version of Clipper.

* "this easy" is compared to the billions-and-billions of years good
  crypto systems are supposed to hold up, it is not a dig on Dr. Blaze
  who knows one hell of a lot more about this than do I.

2) We might be net-geeks, but Normal People--even crooks--still use
the phone.  It is not at all clear to me that the Blaze LEAF Spoof
(BLS?) is something which will easily retrofit to a Clipper *phone*.
First, is it theoretically possible to do his spoof in the key
exchange of a telephone call?  Second, is it possible to do it quickly
enough that the other phone doesn't get suspicious--i.e., time out?
Third, is the needed spoofing hardware something tiny which I will be
able to find a Circuit City for $30, which I can trivially plug into
my phone as I walk out the door?  If not, the practical result is that
nearly no one will foil the phone tapping.


-kb, the mild-mannered Kent who just realized that: "Now I *am* in the
NSA's files.  Even the NSA on a stupid isn't dumb enough to not
archive this list."


P.S.  Seeing as how the NSA already has cypherpunks archived, maybe we
could talk them into letting us have access to their files--not
everything, just the stuff we wrote.  FoIA request maybe?

--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 28:15 hours of TV viewing so far in 1994!





From tcmay at netcom.com  Sun Jun  5 00:24:30 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 5 Jun 94 00:24:30 PDT
Subject: Black Eye for NSA, NIST, and Denning
In-Reply-To: <199406050637.AA29985@world.std.com>
Message-ID: <199406050724.AAA09592@netcom.com>


Kent Borg writes:

> the phone.  It is not at all clear to me that the Blaze LEAF Spoof
> (BLS?) is something which will easily retrofit to a Clipper *phone*.

The official product name is "LEAF Blower." Due to ITAR restrictions,
this is only available in kit form.


On another topic:

> -kb, the mild-mannered Kent who just realized that: "Now I *am* in the
> NSA's files.  Even the NSA on a stupid isn't dumb enough to not
> archive this list."
> 
> P.S.  Seeing as how the NSA already has cypherpunks archived, maybe we
> could talk them into letting us have access to their files--not
> everything, just the stuff we wrote.  FoIA request maybe?

They're not the only ones who've archived the list...

>           Proud to claim 28:15 hours of TV viewing so far in 1994!

Funny, my records show 71.91 hours so far.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From catalyst-remailer at netcom.com  Sun Jun  5 01:27:16 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Sun, 5 Jun 94 01:27:16 PDT
Subject: MAKE DIGITAL MONEY FAST!!!
Message-ID: <199406050827.BAA10078@netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

cdodhner at indirect.com (Christian Odhner) wrote:

>Subject: MAKE DIGITAL MONEY FAST!!!
>
>Wanted: Cypherpunk with a little spare time and a lot of
>reliability, a reputation I trust, and experience with the
>Pr0duct Cypher Magic money client program, to split digital
>profits with me on a 75%-25% basis (ie: you keep 75% of the
>digicash!)
>
<long NSA-bait sig deleted>

What application do you have in mind? Are you starting a currency
exchange, gambling server, or something similarly interesting? If
you need code written, be more specific. With the new 1.1 autoclient,
you should not need any code. The autoclient can be run by a script.
It takes all input from stdin and the command line. Never give up
more than 50% of the profits from anything!

                                           Pr0duct Cypher

P.S. Have you considered suing Stu Baker for stealing your sig and
using it in his propaganda?

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLfFPl8GoFIWXVYodAQHlMAQAkDDGlp0MOT8AERCfBXqA0Kpt5GnXEOAL
hmEpgrlBr7AYcfUkipoeAGkfvwEU4zKLVojrzdxa5vgPw9jnEkR8yOLS1R1Aq2BX
M/fJ2OJA0e08RUlAjpPsSLtzM637rUa3Rhx6wWihMZVAL5BblmF5nAVtpzvW4x7o
88UqWcK+UyA=
=Lyyl
-----END PGP SIGNATURE-----





From jdwilson at gold.chem.hawaii.edu  Sun Jun  5 03:00:46 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Sun, 5 Jun 94 03:00:46 PDT
Subject: Ultra and Coventy
In-Reply-To: <199406050251.AA11991@xtropia>
Message-ID: <Pine.3.07.9406042305.B1470-a100000@gold.chem.hawaii.edu>


On Sat, 4 Jun 1994, Ezekial Palmer wrote:

> 
> I'd be awfully suprised if there were enough people in the central >
committee (CCCP) to make that statement true :-) 

> 

> Zeke

Quite true - the "comrades" in the trenches were highly unlikely to be
Central Committee members (they were more likely to be home sipping fine
spirits)



-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |finger for key / Viacrypt Reseller  >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

















From jdwilson at gold.chem.hawaii.edu  Sun Jun  5 03:03:16 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Sun, 5 Jun 94 03:03:16 PDT
Subject: Extropians List Statistics 5/23 (fwd)
Message-ID: <Pine.3.07.9406050049.C1470-c100000@gold.chem.hawaii.edu>



Gee Tim, the Ex. list sure has quieted down since your departure!


-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |finger for key / Viacrypt Reseller  >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>







---------- Forwarded message ----------
Date: Sat, 4 Jun 1994 23:01:12 -0400
From: Extropians Mailing List <extropians-request at extropy.org>
To: Extropians at extropy.org
Subject: Extropians List Statistics 5/23

Weekly List Statistics for 5/23 to 6/3

Total Number of Messages Posted: 24
Total Size of Messages Posted  : 61156 bytes
Average Total Size per Day     : 8736 bytes
Average # of Messages per Day  : 3
Average Message Size           : 2548 bytes
Number of Posters Participating: 21



Top Ten Posters by Frequency

1. nancc at netcom.com (2 total, 0.3/day, 8.3% of total)
2. david at bitdance.mv.com (2 total, 0.3/day, 8.3% of total)
3. johnkc at well.sf.ca.us (2 total, 0.3/day, 8.3% of total)
4. russw at netcom.com (1 total, 0.1/day, 4.2% of total)
5. vincent.cate at furmint.nectar.cs.cmu.edu (1 total, 0.1/day, 4.2% of total)
6. sasha at cs.umb.edu (1 total, 0.1/day, 4.2% of total)
7. extropians-request at extropy.org (1 total, 0.1/day, 4.2% of total)
8. jhdaugh at mail.msen.com (1 total, 0.1/day, 4.2% of total)
9. pcm at world.std.com (1 total, 0.1/day, 4.2% of total)
10. georgesmit at aol.com (1 total, 0.1/day, 4.2% of total)



Top Ten Posters by Volume

1. more at usc.edu (10.9kbytes, 1601 bytes/day, 18.3% of total)
2. pcm at world.std.com (6.4kbytes, 934 bytes/day, 10.7% of total)
3. johnkc at well.sf.ca.us (4.7kbytes, 689 bytes/day, 7.9% of total)
4. vincent.cate at furmint.nectar.cs.cmu.edu (4.4kbytes, 648 bytes/day, 7.4% of total)
5. 70544.1227 at compuserve.com (3.9kbytes, 563 bytes/day, 6.4% of total)
6. david at bitdance.mv.com (3.4kbytes, 496 bytes/day, 5.7% of total)
7. jhdaugh at mail.msen.com (3.3kbytes, 476 bytes/day, 5.5% of total)
8. pavel at park.bu.edu (2.7kbytes, 399 bytes/day, 4.6% of total)
9. nancc at netcom.com (2.7kbytes, 398 bytes/day, 4.6% of total)
10. xtr at liberty.demon.co.uk (2.6kbytes, 386 bytes/day, 4.4% of total)




Histogram of the week by number of messages

       ++
Sun    |0|
       ++
       +----+
Mon    |4   |
       +----+
       +---+
Tue    |3  |
       +---+
       +-----+
Wed    |5    |
       +-----+
       +-------+
Thu    |7      |
       +-------+
       +-+
Fri    |1|
       +-+
       +----+
Sat    |4   |
       +----+




Histogram of the week by daily volume

       ++
Sun    ||0
       ++
       +-+
Mon    | |7280
       +-+
       +--+
Tue    |  |8507
       +--+
       +---+
Wed    |   |14024
       +---+
       +----+
Thu    |    |19545
       +----+
       ++
Fri    ||2389
       ++
       +--+
Sat    |  |9411
       +--+







From John.Schofield at f903.n102.z1.fidonet.org  Sun Jun  5 03:31:30 1994
From: John.Schofield at f903.n102.z1.fidonet.org (John Schofield)
Date: Sun, 5 Jun 94 03:31:30 PDT
Subject: Keep Out--The Journal of Electronic Privacy
Message-ID: <4670.2DF18F6B@mcws.fidonet.org>




-----BEGIN PGP SIGNED MESSAGE-----




                              Keep Out
                  The Journal of Electronic Privacy


     There is a well-established constitutional right to privacy in the United
States.  We have this right today because of the wisdom and forethought of our
founding fathers.

     That right is being threatened--usually not by would-be dictators or
demagogues, but by well-meaning people who are simply misguided.

     To counter that threat, I created Keep Out.

     Keep Out focuses on the practical side of cryptography, digital money,
anonymous remailers, and everything else that can increase privacy.  Rather
than discuss the obscure branches of mathematics that are the basis for these
technologies, Keep Out will discuss how to get these technologies, what they
can do, and how to use them.

     Stories in progress for the first issue include:
       *  A review of the different programs that claim to link PGP with
          off-line mail-readers
       *  A story on the breaking of RSA and what it really means in terms of
          the security of your messages
       *  An interview with Phil Zimmermann, including his thoughts on privacy
          in the digital age, export controls on cryptography, the copyright o
          RSA (the algorithm used in PGP), and information on his struggle wit
          US Customs over exporting PGP
       *  In our beginners' section, an explanation of how public-key
          encryption works, and how it can work for you

     In short, Keep Out focuses on who is taking your privacy away from you,
and what you can do to get it back.

     A one-year subscription (six issues) to Keep Out costs US $15.  Keep Out
can not accept credit-card orders, but checks and money orders payable to
"Keep Out" are welcome.

     The premier issue of Keep Out will reach newsstands everywhere August 1.

     The electronic version of Keep Out will be released after it is published
on paper.

     For information on advertising, to reach our editorial staff, or for
subscription questions, call (818) 345-8640, or write:

                Keep Out
                P.O. Box 571312
                Tarzana, CA 91357-1312

     You can fax Keep Out at (818) 342-5127.  You can also reach Keep Out
through the Internet at "Keep.Out at f903.n102.z1.fidonet.org" or call the Keep
Out BBS at (818) 342-5127.  Our Fidonet address is "Keep Out" at 1:102/903.0.



John Schofield
Publisher, Keep Out
John.Schofield at f903.n102.z1.fidonet.org


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLe59Qmj9fvT+ukJdAQHDnAQAnaXlNm8ilFmmCMM1w2CmP4425/7xJY7p
riPU9zJVWLskREMLqK6PAlWHnFjpwfBxOuPJAv8ONANVZzH7d7mkFR1AkTizjz8F
X/h50Jz8F+uGTGjLsgtD2up0ZmX/6wywJbxVLbQy2JpejBOhIyi+EZ2ZCEh5g6B1
yOARXVc+JMg=
=NA6C
-----END PGP SIGNATURE-----
**EZ-PGP v1.07 beta

--- Blue Wave/RA v2.12
--  
: John Schofield - via mcws.fidonet.org - Public Access (213)256-8371
: ARPA/INTERNET: John.Schofield at f903.n102.z1.fidonet.org
: UUCP: ...!cheshire!mcws!903!John.Schofield
: Compu$erve: >internet:John.Schofield at f903.n102.z1.fidonet.org





From rah at shipwright.com  Sun Jun  5 08:01:37 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Sun, 5 Jun 94 08:01:37 PDT
Subject: CEB 6 the Unpleasantness
Message-ID: <199406051501.LAA07530@zork.tiac.net>


>   Cypherpunks' Electronic Book (CEB) 6 the Unpleasantness.

[snip]

>   I don't know Tim May very well but I've noticed he gets into a lot of
>flame wars. Could this be his M O?: Get into an argument with a victim
>over a matter of fact, then slyly turn it into an attack on the person
>without losing the applause of the gallery? Also, I don't like his
>shrill strident manner.
>   I don't like a bully. When I run into one, I like to make sure he
>takes a few lumps too!
>                                            Yours Truly,
>                                            Gary Jeffers
[snip]



I like a lot of what Tim May says. I don't think he starts out to flame on
purpose.

I forgot something important about netiquette when I got into that flame
fight with Tim. If you ignore the first salvo, flame wars usually never
happen.

BTW, Gary, as a former Alaskan, the remark about rabbits and moose still
makes me laugh out loud... Don't know why...

Apologies ad<in>vance for the wasted bandwidth.

And now we return you to your regularly scheduled cryptography...


-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From Richard.Johnson at Colorado.EDU  Sun Jun  5 08:40:27 1994
From: Richard.Johnson at Colorado.EDU (Richard Johnson)
Date: Sun, 5 Jun 94 08:40:27 PDT
Subject: Keep Out--The Journal of Electronic Privacy
In-Reply-To: <4670.2DF18F6B@mcws.fidonet.org>
Message-ID: <199406051540.JAA08155@spot.Colorado.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

About "Keep Out": you might want to be more precise in your blurbs.  As
things stand, I'm leery of trusting anything I might see in your journal.

  From the keyboard of:  John.Schofield at f903.n102.z1.fidonet.org (John Schofiel)

> ...
>      Stories in progress for the first issue include:
...
>        *  A story on the breaking of RSA and what it really means in terms of
>           the security of your messages

RSA is not broken, as far as I know.  If you have verifiable details that
it has, that'll be quite a scoop.  If you meant to say "the _factoring_ of
RSA-129," well, you should have said that instead.

>        *  An interview with Phil Zimmermann, including his thoughts on privacy
>           in the digital age, export controls on cryptography, the copyright o
>           RSA (the algorithm used in PGP), and information on his struggle wit
>           US Customs over exporting PGP

A publisher, of all people, really needs to understand what a copyright
is.  Note that we cannot copyright ideas, only our expression of those
ideas.  Referring to a copyright on "the algorithm used in PGP" is
nonsense.  Instead, PKP holds licensing rights to a system _patent_ on
using RSA to perform public key encryption.


Otherwise, your stuff sounds cool to me, though I'd really prefer that
those who stand to get money for something not do their advertising via
this list.  Submitting boilerplate for comment is fine, but leave it to
other interested parties to pass your advertising brochures to the list.


Richard

-----BEGIN PGP SIGNATURE-----
Version: 2.3a-confuse-sternlight

iQCVAgUBLfH/q/obez3wRbTBAQHPVQP+OqHntzDTwHttV1Mq8zLDR8kExiLyq6br
uhJKIu3aSAQUEAiFge+UE03tR3w/ehnWvIcGfUJl4C0RQlLXl+aTdd7/q5F2V1Rp
WpLu+8VVUviwIzAUbymjy8xxiZC/4lOx2WOoWCJSm40uiA4MwCI7zFu/trVW4B+V
lFjz+mbiTSk=
=TRhJ
-----END PGP SIGNATURE-----






From cfrye at mason1.gmu.edu  Sun Jun  5 09:48:50 1994
From: cfrye at mason1.gmu.edu (Curtis D Frye)
Date: Sun, 5 Jun 94 09:48:50 PDT
Subject: CNN Covers Blaze's Clipper Flaw
Message-ID: <9406051648.AA05087@mason1.gmu.edu>


Folks -

CNN just did a piece (about 4 minutes) on Blaze's attack against Clipper.  
The piece seemed clearly biased against the chip, relegating the NSA's 
statement and a somewhat rushed and harried-sounding sound bite from Dorothy
Denning to the end of the bit.

Marc Rotenberg got in the point that we don't know how many other holes 
there are, though I believe the best bit of negative publicity was the 
presentation, without comment, of the NSA's claim that folks meaning to
circumvent the system would use simpler means.

Oh, this was on Science and Technology Week, which ran around 12:45pm ET.

Curt





From paul.elliott at hrnowl.lonestar.org  Sun Jun  5 11:46:48 1994
From: paul.elliott at hrnowl.lonestar.org (Paul Elliott)
Date: Sun, 5 Jun 94 11:46:48 PDT
Subject: Cypherpunks write articles
Message-ID: <2df2148a.flight@flight.hrnowl.lonestar.org>


-----BEGIN PGP SIGNED MESSAGE-----

Cypherpunks should write articles to local newspapers and journals to
undermine the Clipper Chip's political and bustiness support. Here is
a article that I was able to get published in a local computer users
Journal (HAL PC USERS JOURNAL). The net is already saturated with
information on this issue. It is time to attack more conventional
media. Others cypherpunks could write other articles to local
newspapers and journals.

The actual article is quoted with ">" I have added my commentary.

This Section was seen by the Editor only and was not published.

>(C) Copyright Paul Elliott 1994
>All rights reserved.
But it can be sent to the recipients of the cypherpunks and extropians mailing
list.
>
>I have used the TeXisms {\bf } and {\it }to denote text that should be
>placed in boldface or italics.
>
>Paul Elliott
>3987 South Gessner #224
>Houston Texas 77063
>Email: Paul.Elliott at HrnOwl.LoneStar.Org

>
>------------------------------Cut Here with a Chainsaw.------------------------------
Title
>The Clipper Chip Initiative
>What is the Clipper Chip Initiative?
>

In this section I do set up so the reader will know what the heck I am
talking about! I take a few shots at targets of opportunity along the
way.

>Encryption is a method of scrambling messages and files to keep them
>private. Governments and corporations have used encryption from time
>immemorial, but recently strong encryption has become available to
>individuals. Phil Zimmerman's freeware program Pretty Good Privacy
>(PGP) (available almost anywhere) provides a convenient way for
>individuals to encrypt and decrypt messages and files. Voice
>scramblers have existed for a long time, but in the past, analog
>scramblers were not cryptographically strong. That is, if a government
>or a corporation really wanted to overhear your scrambled speech, it
>could do so. Now, technology has advanced to the point that strong
>encryption of voice communications is becoming feasible at a price
>which will be affordable for the masses.
>
>The Clipper Chip Initiative is the "Escrowed Encryption Standard"
>which has been proposed as a standard for encrypted voice
>communications by the National Institute of Standards and Technology
>(NIST). This as a standard for a hardware chip which was designed by
>the National Security Agency (NSA) for NIST. This design was probably
>done illegally because the Computer Security Act of 1987 explicitly
>gives NIST the responsibility for standards-making for the
>unclassified governmental and commercial sectors. In NSA internal
>documents, the chip was originally called the "trapdoor" chip.
Use the NSA's own terminology to slime the chip.

>
>The plan features "key escrow," an arrangement whereby the government
>keeps the keys to decrypt all the information encrypted by any of the
>chips and then promises not to use them without legal authorization.
>
Many people have an instinctive distrust of promises.

The set up about the difference between a Clipper Chip Law and
the actual Clipper Chip Act is necessary so that the reader
will understand my comments about John Gilmore's freedom of
information act request later.

>The administration plans to implement the Clipper proposal entirely
>using authority that it believes it already has. It does not plan to
>get Congress to pass any new laws in implementing the Clipper
>standard.  This is why the proposal is called the "Clipper Chip {\bf
>Initiative}" rather than the "Clipper Chip {\bf Act}".  This is
>necessary because it is not clear that any Clipper proposal could pass
>Congressional muster. Last year the "Digital Telephony Act" went down
>in flames when it could not find even one Congress-person willing to
>sponsor it. (The "Digital Telephony Act" is the FBI's proposal to have
>the phone companies tap everyone's phone for the FBI with the cost
>being born by the people that pay phone bills. Of course, the FBI
>promises not to use this ability to record phone conversations without
>a proper court order.)  
>

In this section I try to convince the typical business man or
corporate buyer that the Clipper Chip is a bad business decision.

>The Clipper Chip is Bad Business.
>
>The Clipper Chip is a bad business decision for several reasons:
>
I found this list of Clipper Chip opponents in a magazine article.
>The Clipper Chip is not likely to become an Industry Standard in the
>sense of being widely used. It has been opposed by many respected
>industry leaders such as Lotus' CEO Jim Manzi, WordPerfect CEO Adrian
>Rietveid, Microsoft's Bill Gates, Ray Noorda of Novell, Carol Bartz of
>Autodesk, Aldus CEO Paul Brainerd, and Intergraph's Jim Meadlock, to
>name just a few. With this kind of opposition, it is not likely that
>the proposed standard will gain wide acceptance.
>

In this section I invoke the latent hatred of the IRS and regulatory
agencies, without suggesting that the reader may be contemplating any
extra-legal need for strong encryption. (Which he very well may be,
but I did not say it.)

>There are many situations in which it is legitimate and legal to keep
>secrets from the government. For example, while negotiating with the
>IRS or regulatory agencies, you are entitled to privacy while you are
>communicating with your lawyer.  However, if you are not able to make
>the required privacy a reality, you may be at a disadvantage when
>dealing with these agencies. Of course, you have the government's
>promise that it will never use its escrowed keys without proper
>authorization, but many people prefer not to rely on promises.
>

I use the drug war to point out security vulnerabilities of the Clipper
Chip.

>The Clipper Chip renders you vulnerable to industrial espionage.  To
>understand this, consider the hundreds of "drug war" investigations in
>progress across the country. If the Clipper were to become widely used
>by the targets of these investigations, it would be necessary to
>obtain the "escrow keys" for the suspects of these investigations and
>those of the people that they habitually call. Thus, there would be
>long lists of "escrow keys" that would have to be obtained for these
>investigations. An industrial spy could obtain an "escrow key" for a
>clipper device used by the competitor by bribing someone to add the
>key to one of these long lists. The key could then decrypt his
>competitor's communications. While many in law enforcement would
>refuse to participate in such a scheme, it only takes one person who
>is susceptible to a bribe to make this plan work. "And who is so firm
>as can not be seduced?" The intelligence agencies will say that their
>compartmentalization is such as to prevent this from happening. But
>compartmentalization did not prevent Aldrich Ames from passing to the
>Russians many secrets which he theoretically could not have even
>known.
>

I use John Gilmore's Freedom of information act request to spread fear
uncertainty and doubt.

>John Gilmore's Freedom of Information Act request may force the
>government to release all of the "escrowed" keys rendering all Clipper
>Chips worthless. To see how this is so, it is well to remember that
>the government plans to implement its Clipper proposal without passing
>any new laws. Since the government did not attempt to introduce any
>new laws, there was no opportunity to adjust the Freedom of
>Information Act with respect to the Clipper Chip.  The Freedom of
>Information Act does not include any exemptions for secret government
>databases containing Clipper Chip keys. If the government were to
>classify these databases, then it would become illegal to distribute
>the classified information to law enforcement officers, most of whom
>do not have the required clearance.  John Gilmore has previously won
>Freedom of Information Act cases relating to cryptography, so there is
>a good prospect that he will win this one as well.  If this should
>happen all Clipper Chip keys would be exposed.  
>

Suggest that businesses wait for strong encryption.

>The industry is likely to create a viable alternative to Clipper which
>does not have Clipper's deficiencies. Phil Zimmerman, the author of
>Pretty Good Privacy, is working on a voice encryption system using sound
>cards and a software implementation. There will probably soon be
>hardware systems coming to market that feature Public Key encryption.
>Systems that can be used internationally will probably come from abroad,
>as the administration is choking domestic encryption products with its
>inane "munitions export control laws."  
> 

In this section is aimed at the typical ACLU Democratic Party civil
liberties types. I try to disgust them with the policy of the Clinton
Administration. The hated (by Democratic liberal civil libertarians)
Rush Limbaugh makes the perfect foil.

>Political Analysis
>
>Why does the Clinton Administration support the Clipper Chip
>Initiative at the same time that the supposedly "right wing" Rush
>Limbaugh opposes it? Do not most ACLU members vote Democratic? Is it
>not supposed to be the "right-wingers" that want to limit our civil
>liberties? Is down up? Is up down? Are dogs and cats going to start
>living together? What can explain this astounding political reversal?
>
>It is possible to account for Rush's position. Rush has been forced to
>take an interest in First Amendment issues because of the proposed
>revival of the "Fairness Act" which has been viewed as covert way to
>flush Rush.  Also, Rush is a Republican. The Democrats control both
>the Legislative and Executive branches of government. The Clipper Chip
>Initiative proposes to increase government power in a way that could
>be used against Republicans.  Certainly, it would be more difficult
>for Rush to oppose the Clipper Chip if George Bush was still proposing
>it.
>

I compare Clinton to Nixon, who also liked to bug phones.

>It is more difficult to explain the position of the Clinton
>Administration.  Al Gore likes to talk about the administration's
>proposals for the Information Superhighway, but he seems very
>uncomfortable when discussing the Clipper Chip. A standard whose sole
>{\it raison d'etre} is to enable the government to tap everyone's
>phones seems positively Nixonesqe.
>

Moynihan originally used the phrase "boob bait for the bubbas
with respect to the people that support so-called welfare-reform.
ACLU types typically feel superior to these people, so I suggest
that they themselves are being taken for the same ride that the
bubba's are being taken on.

>Politicians may pay lip-service to civil liberties when addressing
>the ACLU, but their own true agenda is their own personal power
>and advancement. As government continues to demand more and more
>control over people's lives, more draconian methods must be used
>to meet resistance. The Democratic Party's nominal support for
>civil liberties may be only "boob bait for the Bubbas" 
>in the charming words of Senator Daniel Patrick Moynihan.
>

This section gets smiles from those who already oppose Clinton,
but I may be pushing the envelope too far, and risk loosing
Clinton's supporters.

>There is another possible explanation for the position of the Clinton
>administration.  The intelligence agencies like to tap people's
>phones, but they also love to bug people's bedrooms. Perhaps the
>Clinton administration finds itself in a position in which it has no
>choice but to agree to the requests of the intelligence agencies.
>


(This was written before the latest flaw in clipper's escrow
feature was found. If I were writting today, I would certainly
use it to show government incompetence and hence weakness in the
Clipper system.)

Many cypherpunks are intelligent and literate people. If I can
write and get an article like this published, even if in an
admittedly minor journal, other cypherpunks should be able to
write even better articles that undermine the clipper chip,
and get them published in more important journals.

- -- 
- ------------------------------------------------------------------------------
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott at hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLfIhnvBUQYbUhJh5AQFUIwP5Af6yH9zkgpIoxbHz9wyAIrxf720rywMv
wVjLY9XjP3+YpBR5qY8yh1bZhwrf/cXSwykT+gyPJhN7wG7qv4ToHmbF/bK4C0bm
q+xfptaeRa3khIXkHZvqMKtv1wBm0Fp+WE4ZoDlgTIgLoH6KN127w560MPuCYeXW
NbraKVfiJvs=
=u9xA
-----END PGP SIGNATURE-----





From jktaber at netcom.com  Sun Jun  5 12:28:11 1994
From: jktaber at netcom.com (John K. Taber)
Date: Sun, 5 Jun 94 12:28:11 PDT
Subject: NYT article "traditional", my ass.
Message-ID: <199406051928.OAA26507@netcom.com>


Forwarded message:
> From owner-cypherpunks at toad.com Sat Jun  4 17:47:37 1994
> Date: Sat, 4 Jun 1994 16:43:19 -0700
> From: peb at netcom.com (Paul E. Baclace)
> Message-Id: <199406042343.QAA07231 at netcom.com>
> To: cypherpunks at toad.com
> Subject: Re:  NYT article
> Sender: owner-cypherpunks at toad.com
> Precedence: bulk
> 
> Does anyone find the following somewhat distorted:  "...White House
> and Justice Department officials have argued forcefully that is a 
> necessary information-age compromise between the constitutional
> right to privacy and the *traditional* powers of law enforcement
> officials."   [my emphasis]  If wiretapping laws were passed 
> in 1968, I don't consider that *traditional*.  Is Markoff speaking
> about surveillance in exceedingly general terms?
> 
> 
> Paul E. Baclace
> peb at netcom.com
> 

Yes, I found it distorted.  My question for John Markoff, if he would be
kind enough to answer, is:  is "traditional" his word, or was it his
source's?  If source's, was source DoJ, or White House?

IMO, police wiretapping usurped a power forbidden to it by the Fourth.  To
call usurped power "traditional" is pretty smarmy.






From jktaber at netcom.com  Sun Jun  5 12:41:09 1994
From: jktaber at netcom.com (John K. Taber)
Date: Sun, 5 Jun 94 12:41:09 PDT
Subject: Black Eye for NSA, NIST, and Denning (fwd)
Message-ID: <199406051941.OAA28307@netcom.com>


Forwarded message:
> From owner-cypherpunks at toad.com Sun Jun  5 05:53:15 1994
> From: tcmay at netcom.com (Timothy C. May)
> Message-Id: <199406021806.LAA02504 at netcom.com>
> Subject: Black Eye for NSA, NIST, and Denning
> To: smb at research.att.com
> Date: Thu, 2 Jun 1994 11:06:57 -0700 (PDT)
> Cc: cypherpunks at toad.com
> In-Reply-To: <9406021623.AA19701 at toad.com> from "smb at research.att.com" at Jun 2, 94 12:19:45 pm
> X-Mailer: ELM [version 2.4 PL23]
> Mime-Version: 1.0
> Content-Type: text/plain; charset=US-ASCII
> Content-Transfer-Encoding: 7bit
> Content-Length: 1850      
> Sender: owner-cypherpunks at toad.com
> Precedence: bulk
> 
> 
> * Combined with Micali's talk of a lawsuit, the slow acceptance of
> Clipper (Cypherpunks and others have helped to make Clipper a very
> dirty word, thus slowing any corporate acceptance that I suspect the
> NSA was hoping for), and these problems, the Clipper program seems to
> be in disarray.
> 
> --Tim May

I'm waiting for Sternweiler to denounce Clipper for patent violations,
wince we know this was his only objection to PGP.




From adwestro at ouray.Denver.Colorado.EDU  Sun Jun  5 14:07:28 1994
From: adwestro at ouray.Denver.Colorado.EDU (Alan Westrope)
Date: Sun, 5 Jun 94 14:07:28 PDT
Subject: Keep Out--The Journal of Electronic Privacy
In-Reply-To: <4670.2DF18F6B@mcws.fidonet.org>
Message-ID: <cZZyjaa0iQnI065yn@ouray.denver.colorado.edu>


-----BEGIN PGP SIGNED MESSAGE-----

>                               Keep Out
>                   The Journal of Electronic Privacy
> 
>      There is a well-established constitutional right to privacy in the United
> States.  We have this right today because of the wisdom and forethought of our
> founding fathers.

Odd, but my copy of the Constitution (w/amendments) doesn't even contain
the word "privacy," let alone any mention of a "right to privacy."  (*Damn*
these variorum editions!)  There is the Fourth Amendment, of course, but
the right to be secure against unreasonable searches and seizures is not
synonymous with the right to privacy, IMO.

I believe it was in Katz v. U.S. (1967) that the Supreme Court first
enunciated the doctrine of a "reasonable expectation of privacy."  It's
interesting that it took the advent of telecommunications to bring this
issue to the fore -- Katz was a wiretapping case.  Of course,

#define IM_A_LAWYER  FALSE

And I may be wrong about all this, but it's too nice to stay inside and
confirm my facts.  :-)


Alan Westrope                  <awestrop at nyx.cs.du.edu>
__________/|-,                 <adwestro at ouray.denver.colorado.edu>
   (_)    \|-'                  finger for pgp 2.6 public key
S,W.E.A,T!  --  graffito at Moe's Pretty Good Gym

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLfI8r1RRFMq4NZY5AQE2nQP/fanAkJfoUPRQir22aaqNDdMcIPACBi74
D/FNxG5JXlSDUxmsVZh3gsIsFUepZQYHdE5/gp2cg8iHZqaO+EyH/HSnXSXpd/4G
Vpn01XEK5rq0GJZlzS9UUhXtKPiGRTWw+xMSosoZptUfpFduuioT3ehKCIvka0nB
hxLMUVdqzEg=
=fkii
-----END PGP SIGNATURE-----





From khijol!erc  Sun Jun  5 15:13:13 1994
From: khijol!erc (Ed Carp [SysAdmin])
Date: Sun, 5 Jun 94 15:13:13 PDT
Subject: The Illogic of Clipper
Message-ID: <Pine.3.89.9406051503.A1055-0100000@localhost>


I'm sorry, but I just don't understand the government's position on 
Clipper.  After all, the best way for people to ensure that the 
government's not going to listen in on their communications is to not use 
Clipper.  Now, unless it was a crime to use anything other than Clipper, 
the government couldn't do a thing about it.

No criminal is going to use a system that would allow the feds to 
eavesdrop - that's worse than sending messages "en clair".  The only way 
I see Clipper working is if it was mandatory to use it, with stiff 
penalties against using anything else.  That way, if the feds decided to 
listen in on someone's conversation, and they couldn't decrypt it, all 
they'd have to do would be to charge them with the crime of using a 
non-approved method of encryption.

This raises another question - wouldn't the mandatory use of Clipper 
violate the fifth amendment's protection against self-incrimination?  The 
courts have held that for the government to mandate someone filling out a 
form (for example) that would incriminate them is not legal.  It seems to 
me that to require someone to use an "approved" method of encryption is, 
in essence, violating one's fifth amendment rights.

Before someone points out that it's the case now with the government's 
ability to read stuff "en clair" anyway, I would point out that the 
courts may find that there is a higher expectation of privacy when 
someone uses encryption that if they did not.  There is a fundamental 
expectation of privacy, even if one is engaged in criminal activity, that 
the courts have tended to maintain.

Ed Carp, N7EKG/VE3	ecarp at netcom.com, Ed.Carp at linux.org

"What's the sense of trying hard to find your dreams without someone to share
it with, tell me, what does it mean?"        -- Whitney Houston, "Run To You"






From nowhere at bsu-cs  Sun Jun  5 15:26:31 1994
From: nowhere at bsu-cs (Anonymous)
Date: Sun, 5 Jun 94 15:26:31 PDT
Subject: No Subject
Message-ID: <199406052225.RAA01329@bsu-cs.bsu.edu>


forwarded from:

Date:         Sun, 5 Jun 1994 14:56:00 CDT
From: "(Jim Thomas)" <TK0JUT2 at NIU.BITNET>
Subject:      Cu Digest, #6.49


------------------------------

Date: Thu, Jun 2 1994 17:33:21 PDT
From: Brock Meeks <brock at well.sf.ca.us>
Subject: File 2--Jacking in from the SNAFU Port (Clipper Snafu update)

((Moderators' Note: The following article may not be reprinted or
reproduced without the explicit consent of the author)).

             CyberWire Dispatch // Copyright (c) 1994 //
                   Jacking in from the SNAFU Port:

Washington, DC -- Matthew Blaze never intended to make the front page
of the New York Times.  He was just doing his job:  Nose around inside
the government's most secret, most revered encryption code to see if
he could "break it." Blaze, a researcher for AT&T Bell Labs, was good
at this particular job. Maybe a bit too good.  Although he didn't
actually "break" the code, he did bend the fuck out of it.  That feat
landed him a front page story in the June 2 issue of the New York
Times.

What Blaze found -- and quietly distributed among colleagues and
federal agencies in a draft paper -- was that design bugs in Skipjack,
the computer code that underlies the Clipper Chip encryption scheme,
can be jacked around, and re-scrambled so that not even the Feds can
crack it.  This of course defeats the whole purpose of the Clipper
Chip, which is to allow ONLY the government the ability to eavesdrop
on Clipper encoded conversations, faxes, data transmissions, etc.

What Blaze's research attacks is something called the LEAF, short for
"Law Enforcement Access Field."  The LEAF contains the secret access
code needed by law enforcement agents to decode the scrambled
messages.  Blaze discovered that the LEAF uses only a 16- bit
checksum, which is a kind of self-checking mathematical equation.
When the checksum equations match up, the code is valid and
everything's golden.  The cops get to unscramble the conversations and
another kiddie porn ring is brought to justice.  (This is what the FBI
will tell you... again and again and again and... ) But you can
generate a valid 16-bit checksum in about 20 minutes, according to
those crypto-rebels that traffic the Internet's Cypherpunks mailing
list.  "A 16-bit checksum is fucking joke," one cryptographic expert
from the list told Dispatch.  "If it weren't so laughable, I'd be
insulted that all this tax payer money has gone into the R&D of
something so flawed."

But the New York Times got the story *wrong* or at least it gave only
part of the story.  "What the New York Times story didn't say was that
the findings... had nothing to do with the Government standard, which
covers voice, facsimile and low-speed data transmission," said an AT&T
spokesman.  AT&T was the first company to publicly support the Clipper
Chip.  A stance that was essentially bought and paid for by the U.S.
government with the promise it would get big government contracts to
sell Clipper equipped phones to Uncle Sam, according to documents
previously obtained by Dispatch.

The AT&T spokesman said the "frailty" that Blaze discovered doesn't
actually exist in the Clipper Chip applications.  "Our scientists,
working with National Security Agency (NSA) scientists, were
conducting research on proposed future extensions of the standard," he
said.

Those "future extensions" are the so-called Tessera chip, intended to
be embedded in a PCMCIA credit card sized device that fits into a slot
in your computer.

When the NSA trotted out its Tessera card, it invited Blaze, among
others, to review the technology, essentially becoming a beta-tester
for the NSA.  No formal contract was signed, no money changed hands.
Blaze took on the job in a volunteer role.  Using a prototype Tessera
chip installed on a PCMCIA card, he broke the damn thing.

AT&T claims the whole scenario is different from the Clipper because
the LEAF generated by Clipper "is a real time application... with
Tessera it's static," the spokesman said.  He said Tessera would be
used to encrypt stored communications or Email.  "And with Tessera,
the user has the ability to get at the LEAF," he said, "with Clipper,
you don't."

Blaze will deliver his paper, titled "Protocol Failure in the Escrowed
Encryption Standard," this fall during the Fairfax Conference.  His
findings "should be helpful" to the government "as it explores future
applications," of its new encryption technology the AT&T spokesman
said.  In our view, it's better to learn a technology's limitations
while there's time to make revisions before the Government spends
large sums to fund development programs."

This is an important, if subtle statement.  The Clipper Chip never
underwent this type of "beta-testing," a fact that's drawn the ire of
groups such as Computer Professionals for Social Responsibility (CPSR)
and the Electronic Frontier Foundation (EFF).  When the White House
began to take hits over this ugly situation, it agreed to have an
independent panel of experts review the classified code to check for
any trapdoors.

Those experts claim they found nothing fishy, but their report -- alas
--has also been classified, leading to further demands for openness
and accountability.  The White House is stalling, naturally.

But in an apparent about face, the NSA allowed an "open" beta- testing
for Tess and -- surprise -- we find out there are bugs in the design.

Okay, Pop Quiz time: Does the existence of "Blaze Bug" make you feel:
(A) More secure about the government's claim that Clipper will only be
used to catch criminals and not spy on the citizenry. (B) Less secure
about everything you've ever been told about privacy and encryption by
the Clinton Administration.  (C)  Like this entire episode is really
an extended "Stupid Pet Tricks" gag being pulled by David Letterman.

If you're still unsure about Clipper, check this quote from the AT&T
spokesman:  "It's worth noting that Clipper Chip wasn't subjected to
this type of testing."  Ah-huh... any questions?

The NSA is trying to downplay the news.  "Anyone interested in
circumventing law enforcement access would most likely choose simpler
alternatives," said Michael Smith, the agency's planning director, as
quoted by the New York Times.  "More difficult and time-consuming
efforts, like those discussed in the Blaze paper, are very unlikely to
be employed."

He's right.  Those "simpler alternatives" include everything from
private encryption methods to not using a Clipper equipped phone or
fax in the first place.  (Of course, the FBI keeps insisting that
criminals won't use any of this "simpler" knowledge because they are
"dumb.")

Despite the NSA's attempt to blow off these findings, the agency is
grinding its gears.  One NSA source told Dispatch that the Blaze paper
is "a major embarrassment for the program."  But the situation is
"containable" he said.  "There will be a fix." Dispatch asked if there
would be a similar review of the Clipper protocols to see if it could
be jacked around like Tess.  "No comment," was all he said.

Meeks out...

------------------------------

Date: Thu, Jun 2 1994 17:33:21 PDT
From: Brock Meeks <brock at well.sf.ca.us>
Subject: File 3--Jacking in from the "We Knew It All Along" Port (Clipper)

((Moderators' Note: The following article may not be reprinted or
reproduced without the explicit consent of the author)).

             CyberWire Dispatch // Copyright (c) 1994 //
           Jacking in from the "We Knew It All Along" Port:

Washington, DC -- The key technology underlying the Administration's
Tessera "Crypto Card" was fatally flawed from its inception, Dispatch has
learned.  Government researchers working for the National Security Agency
have known for months about the flaw, but purposefully withheld that
information from the public, a government official acknowledged today to
Dispatch.

Cryptographic researchers at the super-secret NSA have known all along that
the program used to scramble a key part of the government's Clipper system
could be thwarted by a computer savvy user with 28 minutes of free time,
according to an NSA cryptographic expert that spoke to Dispatch under the
condition he not be identified.

"Everyone here knew that the LEAF (Law Enforcement Access Field) could be
fucked with if someone knew what they were doing," the NSA expert said.
"We knew about the flaw well before it became public knowledge.  What we
didn't know is how long it would take an outside source to discover the
flaw."

In essence, the NSA decided to play a kind of high-tech cat and mouse game
with a technology being hailed as the most secure in the world.  So secure,
the White House is asking the public to give up a degree of privacy because
there's no chance it can be abused.

"We figured [the presense of the flaw] was an acceptable risk," the NSA
expert said.  "If no one found out, we probably would have fixed it sooner
or later," he said.  "I can't imagine that we would have let that one slip
through."

But someone spoiled the end game.  A 33-year-old AT&T scientist Matthew
Blaze discovered the crack in the White House's increasingly crumbling spy
vs. citizen technology.

Acting as a kind of beta-tester, Blaze found several techniques that could
be used to successfully thwart the LEAF, the encrypted data stream needed
by law enforcement officers in order to identify what amounts to a social
security number for each Clipper or Tessera chip.

Once the LEAF is in hand, law enforcement agents then submit it to the
"key escrow agents." These escrow agents are two government authorized
agencies that keep watch over all the keys needed to descramble Clipper
or Tessera encoded conversations, faxes or data transmissions. Without the
keys from these two agencies, the law enforcement agents hear nothing but
static. Without the LEAF, the agencies won't cough up the keys.

Bottom line:  If the LEAF is fucked, so is access to the scrambled
communications.

What Blaze so eloquently discovered is that someone with a modicum of
knowledge could do was jack around with the LEAF, rendering it unusable.
What Blaze didn't realize is that he was merely acting as an NSA stooge.

But the methods discovered by Blaze, and outlined in a draft paper he'll
later present this month during a high brow security shindig known as the
Fairfax conference, are cumbersome.  "The techniques used to implement
(the work arounds) carry enough of a performance penalty, however, to limit
their usefulness in real-time voice telephony, which is perhaps the
government's richest source of wiretap-based intelligence," Blaze writes in
his paper.

Notice he says "limit" not "completely render useless."  Important
distinction.  Are there other, faster, more clever ways to circumvent the
LEAF?  "If there are, I wouldn't tell you," the NSA crypto expert said.

Shut Up and Chill Out
=====================

The National Institute of Standards and Technology (NIST), the agency
walking point for the White House on the Clipper issue, takes these
revelations all in stride.  Sort of a "shut up and chill out" attitude.

The techniques described by Blaze "are very unlikely to be used in actual
communications," a NIST spokeswoman said.  Does that mean they could never
be used?  "It's very unlikely."

NIST, when confronted with the fact that NSA researchers knew all along
that the technology was broken, was unapologetic.  "All sound cryptographic
designs and products consider tradeoffs of one sort or another when design
complexities, costs, time and risks are assessed," the NIST spokeswoman
said.  The Clipper family of encryption technologies "is no exception,"
she said.

NIST said that the Tessera card "isn't a standard yet, so the process of
testing it's integrity is ongoing."  The technology in Tess is known as
the Capstone chip, which, unlike the Clipper Chip, hasn't yet been accepted
as a standard, NIST said.

Flaws, therefore, are assumably just part of an ongoing game.

The fact that the NSA knew about this flaw when it asked people like Blaze
to test it was "just part of the ongoing testing procedure," the
spokeswoman said.  And if Blaze or some other idea hamster hadn't
discovered the flaw?  You make the call.

What about Clipper?  Are there such flaws in it?  NIST says "no" because
it has already been through "independent testing" and accepted as a
standard.  If there are flaws there, they stay put, or so it seems.

Clipper's My Baby
=================

Beyond the high risk crypto games the NSA has decided to play, there's
another disturbing circumstance that could torpedo the Clipper before it's
given its full sailing orders.  This obstacle comes in the form of a patent
dispute.

Silvio Micali, a scientist at the massachusetts Institute of Technology
says the Clipper is his baby.  He claims to hold two crucial patents that
make the Clipper tick.

"We are currently in discussions with Mr. Micali," NIST said.  "We are
aware of his patent claims and we're in the process of addressing those
concerns now," a NIST spokeswoman said.

She wouldn't go into details about as to the extent of the talks, but
obviously, the government is worried.  They haven't flatly denied Micali's
claims.

If this all sounds like a bad nightmare, you're right.  NIST ran into the
same problems with its Digital Signature Standard, the technology they've
adopted as a means to "sign" and verify the validly of electronic mail
messages.  Others jumped on the government's DSS standard, claiming they
were owed royalties because they held patents on the technology.  These
discussions are still "ongoing" despite the government's adoption of the
standard.

The same situation is now happening with Clipper.  One could make a case
that Yogi Berra is the policy wonk for the Clipper program:  "It's like
deja vu all over again," Berra once said.

So it is, Yogi... so it is.

Meeks out...

------------------------------






From grendel at netaxs.com  Sun Jun  5 15:31:18 1994
From: grendel at netaxs.com (Michael Handler)
Date: Sun, 5 Jun 94 15:31:18 PDT
Subject: Keep Out--The Journal of Electronic Privacy
In-Reply-To: <cZZyjaa0iQnI065yn@ouray.denver.colorado.edu>
Message-ID: <199406052231.SAA07719@access.netaxs.com>


> Odd, but my copy of the Constitution (w/amendments) doesn't even contain
> the word "privacy," let alone any mention of a "right to privacy."  (*Damn*
> these variorum editions!)  There is the Fourth Amendment, of course, but
> the right to be secure against unreasonable searches and seizures is not
> synonymous with the right to privacy, IMO.
> 
> I believe it was in Katz v. U.S. (1967) that the Supreme Court first
> enunciated the doctrine of a "reasonable expectation of privacy."  It's
> interesting that it took the advent of telecommunications to bring this
> issue to the fore -- Katz was a wiretapping case.  Of course,

	I was told/taught/have read that _Griswold v. Connecticut_ 
(1965?) was a key case in defining the "Constitutional Right to Privacy." 
Briefly, Griswold was representing Planned Parenthood, and was 
challenging a CT law that made it illegal to give information about birth 
control to anyone except married couples. The Supremes said that this was 
an undue invasion of privacy, and that there *was* a Constitutional right 
to privacy. They neglected to specify exactly where it was, though. ;) 
However, they suggested that it was held somewhere under the Ninth Amendment.

Of course, 'assert (Mike == LAWYER);' fails during runtime. YMMV.

-- 
Michael Brandt Handler					 <grendel at netaxs.com>
Philadelphia, PA, USA	       PGP v2.6 public key via server / finger / mail
"I am iron, I am steel, nobody can touch me when I'm on the wheel"  --  Curve




From mgream at acacia.itd.uts.edu.au  Sun Jun  5 15:51:42 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Sun, 5 Jun 94 15:51:42 PDT
Subject: Annoucement for Australian Crypto Radio Documentary
Message-ID: <9406052254.AA03934@acacia.itd.uts.EDU.AU>



Largely of interest to the Australian -- can we be counted on one
hand ? :-) -- audience.

-----BEGIN PGP SIGNED MESSAGE-----

         
	 *PRESS RELEASE* *PRESS RELEASE* *PRESS RELEASE*
                       tales from the crypt
         ===============================================


           `There's nothing new about cryptography' ...
                           Bill Caelli.


     ABC (Australian Broadcasting Corporation) Radio National
               `Radio Eye -- Documentary Features'
                  Sunday Night, June 12th 8:20pm


                         ... presents ...


                     ``TALES FROM THE CRYPT''

             Rosie Cross <rx1 at sydgate.apana.org.au> &
                Matthew Gream <M.Gream at uts.edu.au>
                      (Mixed by John Jacobs)
                    (Sounds by Rob Joyner Jnr)


`Cryptography   is  a  very   political  technology'  says  Phil
Zimmermann,  author  of  Pretty Good  Privacy  (PGP), a computer
software  program  to  scramble  and  protect  your  most  vital
electronic  messages.  Complex algorithms such  as those used in
PGP  now give individuals the ability to carry out conversations
locked  away  from  the prying eyes  of  the most determined Law
Enforcement and National Security Agencies.

Fearing  a widespread loss of  effectiveness, these agencies had
their  wishes granted last year  with the US Governments release
of  the electronic `Clipper Chip'.  This insidious device, to be
planted  in  phones and facsimiles,  may scramble voice and data
between  both  ends of a connection,  but contains a backdoor so
these agencies can retain their surveillance edge.

Despite  assurances  by  the Government  and  proponents  of the
scheme  such  as  leading  cryptographer  Dorothy  Denning,  the
reaction  has  been  clearly negative  as  evidenced by echos of
dissent  across cypherspace. These assurances are easily refuted
by  John  Perry Barlow from  the  Electronic Frontier Foundation
(EFF)   and  Dave  Banisar  from   the  now  Electronic  Privacy
Information  Centre  (EPIC)  [*], representing  two  of the most
active groups opposing Clipper.

Viewed   from  the  Australian   perspective,  Jennifer  Seberry
describes  the  Clipper  proposal as  applying  `an atomic bomb,
where a drop of ointment is needed' and Trudi McIntosh describes
a  Government  looking on `with  interest'.  To Roger Clarke, an
Australian  expert  on  privacy  issues  and  new  technologies,
Clipper  seems  unlikely, but he  warns about complacency in his
assessment  of  the  possible  ramifications  for individuals in
electronic  societies  where  systematic  surveillance  and mass
matching could serve as a tool of the totalitarian state.

In  protecting ourselves from an  Orwellian society, the need to
extend  the physical concepts of  anonymity into the information
world  become of increasing importance.  The work of David Chaum
towards  Digital  Cash, and truly  anonymous payment systems can
steer the information superhighways past the military-industrial
complex.

In  the  end, the issue  isn't  about `cryptography', it's about
fundamental   rights  to  privacy  and  freedom  from  arbitrary
intrusion by an increasingly hostile state.

 ---

[*]    Formally   with   Computer   Professionals   for   Social
Responsibility (CPSR)


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQBVAgUBLfGDssFkzaa0vXnhAQFW4wH/Sa8KlS92O8plZO0nO1rnrXTF3IWMu7JD
T8rVRLm8wunBzwt6DDGMzKPTMAMB/MOpjqISz+wFvKcV6UeyofLRiA==
=WVKl
-----END PGP SIGNATURE-----

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQBNAi3xQ7gAAAECALAfA6WqWIqRBhvq6gKDVPKYAoEAO7Zr2C1/fYUOtTdxz7d6
uvmKRBzEV+Sys7Blf1ja4gioX46KwWTNprS9eeEABRO0JlRhbGVzIEZyb20gdGhl
IENyeXB0IC0tIFJhZGlvIE5hdGlvbmFsiQCVAgUQLfFDy5lab34em41tAQF1ngQA
u66CMVni7n5LRLqAISxYC9gWC7/AU9l8MYaYvR7D91OcAIzfyCGvJBGGEedSnURh
q8mPSy43E1n4c0ihBhLlfvvU3ABFLqvCOwznkJjqWqC7XckJRZVJceaniGyf9KE1
scx1IgvpdjDPVvrLOifwEBbzctv8OU6QcB+2ejvKfQM=
=dZMI
-----END PGP PUBLIC KEY BLOCK-----

-- 
Matthew Gream
Consent Technologies
Sydney, (02) 821-2043
M.Gream at uts.edu.au





From norm at netcom.com  Sun Jun  5 17:01:15 1994
From: norm at netcom.com (Norman Hardy)
Date: Sun, 5 Jun 94 17:01:15 PDT
Subject: The Illogic of Clipper
Message-ID: <199406060001.RAA12531@netcom.netcom.com>


At 15:27 6/5/94 +0100, Ed Carp [SysAdmin] wrote:
>I'm sorry, but I just don't understand the government's position on 
>Clipper.  After all, the best way for people to ensure that the 
>government's not going to listen in on their communications is to not use 
>Clipper.  Now, unless it was a crime to use anything other than Clipper, 
>the government couldn't do a thing about it.

I think that NSA, FBI & CIA hope that Clipper will become a de facto
standard resulting from its being required for certain kinds of
interactions with government agencies. If this were to happen non-clipper
products would have a more difficult time attaining a critical mass. The
real purpose of Clipper can thus be stated as an attempt to prevent the
success of some de facto standard that the government could not tap. I
recall hearing someone from NSA say something very much like this. 
...







From wcs at anchor.ho.att.com  Sun Jun  5 17:03:27 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 5 Jun 94 17:03:27 PDT
Subject: NYT article "traditional", my ass.
Message-ID: <9406060002.AA20606@anchor.ho.att.com>


John Taber writes:
> IMO, police wiretapping usurped a power forbidden to it by the Fourth. 

> To call usurped power "traditional" is pretty smarmy.

The Fourth Amendment is a good start, but it's by no means complete
protection - after all, it forbids "unreasonable" searches and seizures,
leaving only the police and the courts to decide what is "reasonable".
The police definition, before the Exclusionary Rule was "sounded useful",
and the courts have often let them get away with it - not surprising
from an organization with a tradition of upholding convictions of people
who dared publish pamphlets against the draft when the politicians were
trying to get into a war (Schenck ~1916), or of people who publish books
and magazines with non-nice descriptions of sex or support for Commie-nism.

Courts have generally been improving, and the Exclusionary Rule has
led to changes like New York City police getting search warrants
when they want to search places (they didn't bother getting any the year
before that rule was made!)  And while the 9th  and 10th Amendments
are largely gone and forgotten, courts do at least acknowledge that
there are some rights of privacy.


		Bill

# Bill Stewart       AT&T Global Information Solutions (new name for NCR!)
# 6870 Koll Center Pkwy, Pleasanton CA 94566  1-510-484-6204 fax-6399
# Email: bill.stewart at pleasantonca.ncr.com billstewart at attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465

KH: "A good friend, good lover, good neighbor"
Q:  "That's all there is to being an anarchist?"
KH: "What did you expect, a lot of rules?"

		Karl Hess, 1923-1994 - R.I.P.





From 71431.2564 at CompuServe.COM  Sun Jun  5 18:03:06 1994
From: 71431.2564 at CompuServe.COM (Bradley W. Dolan)
Date: Sun, 5 Jun 94 18:03:06 PDT
Subject: 6/6 New Yorker anti-crypto propaganda
Message-ID: <940606010046_71431.2564_FHA46-1@CompuServe.COM>


Highlights of "My First Flame", an article by John Seabrook in the
6/6/94 _New Yorker_ which explains why we need a benevolent government 
to help regulate the internet (a very sophisticated piece of
propaganda, IMHO):

I got flamed for the first time a couple of months ago. [...]  I had 
recently published a piece about Bill Gates, the chairman of Microsoft,
about whom this person has also written, and as I opened his E-mail to
me it was with the pleasant expectation of getting feedback from a 
colleague.  Instead, I got:

  Crave THIS, asshole:
  Listen, you toadying dipshit scumbag... remove your head from your
  rectum long enough to look around and notice that real reporters
  don't fawn over their subjects [...]  One good worm deserves 
  another.

[...]

My flame marked the end of my honeymoon with on-line communication. 
It made me see clearly that the lack of social barriers is also what 
is appalling about the net.  The same anonymity that allows the 
twelve-year-old access to the professor allows a pedophile access to
the twelve-year-old.  [...]  I sent E-mail to CompuServe, which was 
the network that carried my flame to me, to ask whether their 
subscribers were allowed to talk to each other this way. [...]

...[S]ince this person was a respected author, with a reputation to
consider, I thought someone might be electronically impersonating 
him ... so I settled on a simple, somewhat lame acknowledgment of
the flame [...]

In a few days, I received a reply from the writer, asking when my 
new column, "Pudlicker to the Celebrated," was going to start.

[...] And many of the [new internet] users are not the government
officials, researchers, and academics for whom the net was designed;
they're lawyers, journalists, teen-agers, scam artists, lonely 
hearts, people in the pornography business, and the faddists who
were buying CB radios in 1975.

[Lots of incoherent concerns that the vile e-mail might have
infected his computer with a `worm'.]  [...]

The table of contents for alt.pagan FAQ reads: [...]

20 NIGGER JOKES [...]

I suppose you could choose not to double-click on NIGGER JOKES,
but it's harder than you think.  This is the biggest drawback
of the way newsgroups are set up: a really interesting post
that enriches your understanding of a subject is next to a post
that is appropriate only for the space above the urinal. [...]

I considered posting a query about my worm in the newsgroup 
comp.virus, and I lurked around there for a while, but didn't 
post, because I was worried that my assailant might hear that
I was posting queries about him in a public spaces - it's 
difficult to keep secrets on the net - and devise some even more 
elaborate torture to inflict on my computer, or begin spoofing 
me in some diabolical fashion.  I had already seen how the net
could be used to hurt someone's reputation.  One day, as I was
wandering around inside the Electronic Frontier Foundation
discussion space, which is one of the most interesting news-
groups on the net, I came upon a subject line that said, "Ralph
Berkeley made homosexual advances toward me."  Ralph Berkeley
(I'm not using his real name) is a regular participant in
discussions of net policy, who appears, on the evidence of his
posts, to be an articulate and thoughtful man, and often takes
the postition that completely unrestricted speech might not be
such a good idea [...]

[Discusses his pain with a net.friend and she replies: ] 
Imagine these geeks, suddenly afraid that their magic treehouse
[the internet] was about to be boarded by American pop culture.
[...]

And you don't have to be responsible for what you say [on the
internet].  The great question for the future of the net is:  
To what extent will this extraordinary freedom be allowed to 
remain in the hands of the people, and to what extent will it
be limited and regulated?  The Internet is not the information
highway, but it might become part of the information highway.
In order for this to happen, though, the Internet will have to 
be "civilized" - a word that gives many net users the willies.
The net is, fundamentally, about free speech, while the I-way
is about commercial and civic transactions:  it's a route for 
delivering videos, newspapers, and catalogues into people's
home computers, for filing taxes on-line, eventually for 
voting on-line. Completely unrestricted speech, which is 
desirable in a free exchange of ideas and data, is less vital
when you're talking to a business competitor or to your 
congressman.  

The net poses a fundamental threat not only to the authority
of the government, but to all authority, because it permits
people to organize, think, and influence one another without
any institutional supervision whatsoever.  The government is
responding to this threat with the Clipper Chip [...]

[Discussion about why we need Clipper and why good encryption
is bad.]  The obvious danger in supplying people with 
encryption is that encryption makes it easier to keep secrets,
which makes it easier for people to commit crimes.  With 
powerful encryption, the net would become an ideal place for 
criminals to organize conspiracies. [...]  Dr. Clinton C.
Brooks, the N.S.A.'s lead scientist on the Clipper Chip 
project, told me, "You won't have a Waco in Texas, you'll have 
a Waco in cyberspace.  You could have a cult, speaking to each
other through encryption, that suddenly erupts in society -
well programmed, well organized - and then suddenly disappears
again."  Therefore, in an effort to balance the good and bad
sides of encryption, the United States government has proposed
that people use a brand of encryption that the government has
designed, which is powerful enough to take care of everybody's
legitimate encryption needs but has an electronic "back door"
that law-enforcement agencies could use, with a court order, 
to listen to the conversations of people they suspect of being
criminals.  This brand of encryption is inside the Clipper 
Chip.

[...]  In the future, somebody will develop encryption that
the N.S.A. won't be able to crack, and smart criminals will be 
able to talk without being overheard. [...]

[Author describes meeting he had with John Norstad of 
Northwestern University to ask about his "worm".] "Do I 
recognize the right of this person to flame me? Yes, I do. Do
I celebrate his right to flame me?  I'm not sure.  Do I
recognize the right of this person to send me a worm? Definitely
not.  But at what point does a flame become a worm?  I mean, can
a virus be a form of free speech?  In other words, could a 
combination of words be so virulent and nasty that it could to
property damage to your head?"  

[Norstad reassures author by telling him that most people on the
net "don't have a life."]

-----------
bdolan at well.sf.ca.us







From paul at hawksbill.sprintmrn.com  Sun Jun  5 18:30:19 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Sun, 5 Jun 94 18:30:19 PDT
Subject: 6/6 New Yorker anti-crypto propaganda
In-Reply-To: <940606010046_71431.2564_FHA46-1@CompuServe.COM>
Message-ID: <9406060232.AA09097@hawksbill.sprintmrn.com>




> 
> Highlights of "My First Flame", an article by John Seabrook in the
> 6/6/94 _New Yorker_ which explains why we need a benevolent government 
> to help regulate the internet (a very sophisticated piece of
> propaganda, IMHO):
>

Sounds like Mr. Seabrook may be just slightly anal retentive, only
a tad dangerous with his visions of a "kinder, gentler" net.

The culture that is "the Internet" is an anarchy and will probably
remain that way for some time to come. If he desires a more 
sanitized on-line world, he should probably stick to Prodigy.

Attitudes like his, in my own opinion, are what has made this
country (Amerika) a nation of overly sensitive dolts.

Cheers,

(speaking only for myself -- certainly not for Sprint...) 
_______________________________________________________________________________
Paul Ferguson                         
US Sprint 
Enterprise Internet Engineering                    tel: 703.904.2437 
Herndon, Virginia  USA                        internet: paul at hawk.sprintmrn.com




From ebrandt at jarthur.cs.hmc.edu  Sun Jun  5 18:55:00 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Sun, 5 Jun 94 18:55:00 PDT
Subject: 6/6 New Yorker anti-crypto propaganda
In-Reply-To: <940606010046_71431.2564_FHA46-1@CompuServe.COM>
Message-ID: <9406060154.AA22143@toad.com>


> From: "Bradley W. Dolan" <71431.2564 at CompuServe.COM>
> In a few days, I received a reply from the writer, asking when my 
> new column, "Pudlicker to the Celebrated," was going to start.

This guy even mentions that the flamer has a reputation at risk, but
apparently doesn't think of the normal social response: publicizing
the gist of this little exchange of e-mail.

> groups on the net, I came upon a subject line that said, "Ralph
> Berkeley made homosexual advances toward me."  Ralph Berkeley
> (I'm not using his real name) is a regular participant in
> discussions of net policy, who appears, on the evidence of his
> posts, to be an articulate and thoughtful man,

Apparently the writer didn't stick around to read the rest of this
thread, in which the poster was roundly excoriated as a putz, even
by people with little fondness for David Sternlight.

Yeesh.  I think I'll write a letter to the _New Yorker_, though they
won't publish it.

   Eli   ebrandt at hmc.edu






From nobody at kaiwan.com  Sun Jun  5 19:46:53 1994
From: nobody at kaiwan.com (Anonymous)
Date: Sun, 5 Jun 94 19:46:53 PDT
Subject: No Subject
Message-ID: <199406060246.TAA21729@kaiwan.kaiwan.com>


There are a number of good text files out on anonymous mail 
forwarding servers, but nothing that really "ties it all 
together", so to speak.  If you know of such a thing, please post 
it.  Anyway, let me ask a few specific questions:

I read that fingering ghio at andrew.cmu.edu will produce a current 
status of all "Cypherpunk" remailers.  I did so and it was quite 
informative.  However, "remailer at soda.berkeley.edu" was omitted 
from the list.  Is there a reason for that?

Do any of the other CP remailers (other than soda.berkeley.edu) 
offer a post-to-Usenet gateway?  If so, do they use the same 
syntax?

Is there a way to disable the encrypted reply address at the 
Berkeley remailer?

I know that a few of the CP remailers have a certain adddress, 
like "help@<address>" which will provide an info sheet by return 
mail.  Do any of the others support that?  If so, would "help" be 
used, or something else?

Thanks...

=====================





From Steve.Ott at m.cc.utah.edu  Sun Jun  5 22:29:44 1994
From: Steve.Ott at m.cc.utah.edu (Terry Ott)
Date: Sun, 5 Jun 94 22:29:44 PDT
Subject: New Encryption Scheme
Message-ID: <Pine.3.07.9406052312.A12456-b100000@u.cc.utah.edu>


	I was told to post here by the kind people on alt.security.  I
didn't know where to start, and they led me on the path to truth.  :):):)

	Alllll-right, to the heart of the matter: I've designed a new
encryption scheme for passwords (or any short string), not for files, as
of yet.  It might have some glaring holes that you who are knowledgeable
could see right through.  Since you DO have a pretty good clue what's up,
I'd love to see what you all think.  I'm willing to give out source code,
but I'd love to see what you can do without it.  =]  
	
	Thanks in advance, 
 
-Terry

+=========================+======================+==========================+
|    "Joke 'em if they    |       U  U      U  U |         Terry Ott        |
|   can't take a screw!"  |       U  U      U  U |  Steve.Ott at m.cc.utah.edu |
|			  |       UUUU  Of  UUUU |                          |
|     --Robin Williams    | University      Utah |   Optimystique Software  |
+=========================+======================+==========================+








From sandfort at crl.com  Sun Jun  5 22:35:07 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 5 Jun 94 22:35:07 PDT
Subject: Contacts for my next trip to Beijing (fwd)
Message-ID: <Pine.3.87.9406052220.A11792-0100000@crl.crl.com>


C'punks,

Thought this might be of interest to the list.  The People's Liberation 
Army seems to be on the cutting edge.


 S a n d y

---------- Forwarded message ----------
Date: Mon, 6 Jun 1994 02:13:27 +0200
From: Miguel Gallardo <gallardo at BATMAN.FI.UPM.ES>
To: Multiple recipients of list CHINANET <CHINANET at tamvm1.tamu.edu>
Subject: Contacts for my next trip to Beijing

I will be in Beijing from 7th to 13th of July.

I will be teaching Cryptology and Electronic Signatures there.
I have some friends at China Embassy in Madrid that arranged me this wonderful
trip to Beijing. Of course, most of my official conferences will be for Chinesse
Army, but I am completely free to have any interview there.

At the moment, I do not know my hotel or phone number there, but I am
 interestedin any contact with people related with technology business there.

Any suggestion for me?

Thanks before hand.



      _ _ _               _    Miguel A. Gallardo, President of APEDANICA
     ' ) ) )             //    Alcala de Henares University Lecturer
      / / / o __     _  //     P.O. Box 17083 - E-28080 Madrid (Spain)
     / ' (_<_(_//_/_</_</_     Tel: (341) 474 38 09 - FAX: 473 81 97
             _/                E-mail: gallardo at batman.fi.upm.es
Cervantes dreamed "El Quijote" close to the place where my PC is now!







From agarcia at sugar.NeoSoft.COM  Sun Jun  5 23:11:05 1994
From: agarcia at sugar.NeoSoft.COM (Anthony Garcia)
Date: Sun, 5 Jun 94 23:11:05 PDT
Subject: 6/6 New Yorker anti-crypto propaganda
In-Reply-To: <940606010046_71431.2564_FHA46-1@CompuServe.COM>
Message-ID: <199406060610.AA10841@sugar.NeoSoft.COM>


New Yorker writer says:
   [Many clueless things, including:]
   The net poses a fundamental threat not only to the authority
   of the government, but to all authority, because it permits
   people to organize, think, and influence one another without
   any institutional supervision whatsoever. 

Oh, Dear.  We Certainly Can't Let That Happen.

Sigh.  This gentleman obviously needs to be regrooved.  Does anyone
have his net address?

-Anthony Garcia
agarcia at sugar.neosoft.com
"Wacos In Cyberspace:  Hear, hear!"





From john.nieder at tigerteam.org  Sun Jun  5 23:56:11 1994
From: john.nieder at tigerteam.org (JOHN NIEDER)
Date: Sun, 5 Jun 94 23:56:11 PDT
Subject: Request Address, Please!
Message-ID: <B7771474@tigerteam.org>


Will someone, by netmail, tell me what subscription drill is for the
list?

Thanks.
___ Blue Wave/QWK v2.12





From lile at netcom.com  Mon Jun  6 00:14:21 1994
From: lile at netcom.com (Lile Elam)
Date: Mon, 6 Jun 94 00:14:21 PDT
Subject: CNN Covers Blaze's Clipper Flaw
Message-ID: <199406060714.AAA14388@netcom.com>


Yes!!!!!!!!!


*beaming*

-lile


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lile Elam	    |  "Remember... No matter where you go, there you are."
lile at netcom.com     |		
Un*x Admin / Artist |			 Buckaroo Banzai
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From ghio at kaiwan.com  Mon Jun  6 00:32:02 1994
From: ghio at kaiwan.com (Matthew Ghio)
Date: Mon, 6 Jun 94 00:32:02 PDT
Subject: Anonymous Remailers
Message-ID: <199406060731.AAA01381@kaiwan.kaiwan.com>


Anonymous says:
 
> There are a number of good text files out on anonymous mail
> forwarding servers, but nothing that really "ties it all
> together", so to speak.  If you know of such a thing, please post
> it.  Anyway, let me ask a few specific questions:
 
Well, there's a lot of stuff on the gopher site at chaos.bsu.edu...
Some of it was a bit out of date last time I checked tho.
 
> I read that fingering ghio at andrew.cmu.edu will produce a current
> status of all "Cypherpunk" remailers.  I did so and it was quite
> informative.  However, "remailer at soda.berkeley.edu" was omitted
> from the list.  Is there a reason for that?
 
Yeah, it didn't answer the pings my software sent out because it
doesn't support Request-Remailing-To.  I changed it to Anon-Send-To,
and it's in the list now.
 
> Do any of the other CP remailers (other than soda.berkeley.edu)
> offer a post-to-Usenet gateway?  If so, do they use the same
> syntax?
 
Yes and no.  I think vox.hacktic.nl can post to usenet with
X-Anon-To: alt.whatever.usenet.group
 
> Is there a way to disable the encrypted reply address at the
> Berkeley remailer?
 
It won't include the reply block if you send mail to remailer at soda
from another remailer.  (I haven't tried this using all the
remailers tho, so I don't know if it will recognize them all as
being non-replyable addresses.)  Otherwise, you can chain from soda
to my remailer and use the Cutmarks: feature to snip it.
 
> I know that a few of the CP remailers have a certain adddress,
> like "help@<address>" which will provide an info sheet by return
> mail.  Do any of the others support that?  If so, would "help" be
> used, or something else?
 
Well, there's mg5n+remailers at andrew.cmu.edu ...





From edgar at spectrx.sbay.org  Mon Jun  6 01:28:55 1994
From: edgar at spectrx.sbay.org (Edgar W. Swank)
Date: Mon, 6 Jun 94 01:28:55 PDT
Subject: More SecureDrive News
Message-ID: <JyNHNc11w165w@spectrx.sbay.org>


-----BEGIN PGP SIGNED MESSAGE-----

To: SecureDrive Users

Since my last news bulletin I have been able to verify that the
fix to the FPART utility, FPART13D.ZIP is now available on csn.org.

Also file SECDR13E.ZIP is release 1.3d with the updated FPART files.

The configureation of csn.org has changed somewhat:

Anonymous ftp for csn.org has been moved to ftp.csn.net. There isn't
any "pub" directory any more, so cd directly to mpj.  get README
or README.MPJ to the console and then cd to the directory name indicated.

then cd to secdrv.  The files are

- -rw-r--r--  1 5420         12461 May 26 20:51 fpart13d.zip
- -rw-r--r--  1 5420        115287 May 26 14:37 secdr13e.zip

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLfLUTd4nNf3ah8DHAQEMDQP8DPvdAYZ7Ywfe8RjQscYCSThiKzEmFycs
vJFwZuyoaqLAi6zGgUIDW+xl1IQMml1QKq2gWx+dd4FThCIFPfWrYB4+ya28Y45h
YBLWdZbhlvhdlTwNEWEjs/IyDcAab4cxIR40N1b916LFRh9Rhr3XkXy8BmwQj6x1
27krqLextAU=
=wrfL
-----END PGP SIGNATURE-----

--
edgar at spectrx.sbay.org (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Cupertino, Ca






From MWayne at eworld.com  Mon Jun  6 04:01:59 1994
From: MWayne at eworld.com (MWayne at eworld.com)
Date: Mon, 6 Jun 94 04:01:59 PDT
Subject: Help A Novice Understand
Message-ID: <9406060401.tn55367@eworld.com>


Greetings all--

I have been reading the list for a couple of months now and have come across
the names of two people who seen to stir some very serious passions, David
Sternlight, & L. Detweiller.

Can someone tell me who they are and why C'punks hold them in such low
esteem??

Thanks

--Mitch






From rishab at dxm.ernet.in  Mon Jun  6 04:06:58 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Mon, 6 Jun 94 04:06:58 PDT
Subject: Ninth Amendment and privacy??
Message-ID: <gate.ZeHiNc1w165w@dxm.ernet.in>


grendel at netaxs.com (Michael Handler):
> control to anyone except married couples. The Supremes said that this was 
> an undue invasion of privacy, and that there *was* a Constitutional right 
> to privacy. They neglected to specify exactly where it was, though. ;) 
> However, they suggested that it was held somewhere under the Ninth Amendment.

Amendment IX                                          (1791)

The enumeration in the Constitution, of certain rights, shall 
not be construed to deny or disparage others retained by the people.

C'est tout. Sounds very clearly like a right to privacy to me ;-)

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh                                    They came for the Jews,                                  and I was silent because I was not a Jew;
rishab at dxm.ernet.in                        They came for the Trade Unionists,
                                     and I did not protest, because I did not
Voice/Fax/Data +91 11 6853410                        belong to a trade union;
Voicemail +91 11 3760335      They came for the Catholics, and I said nothing
                                                because I was not a Catholic;
H 34C Saket                                        And then they came for me.
New Delhi                            There was no one left to say anything...
INDIA                                                   ----Father Niemoeller





From usura at vox.hacktic.nl  Mon Jun  6 04:33:04 1994
From: usura at vox.hacktic.nl (Usura)
Date: Mon, 6 Jun 94 04:33:04 PDT
Subject: Anonymous Remailers
Message-ID: <060694130332Rnf0.78@vox.hacktic.nl >


ghio at kaiwan.com (Matthew Ghio) writes:
>Anonymous says:
> 
>> Do any of the other CP remailers (other than soda.berkeley.edu)
>> offer a post-to-Usenet gateway?  If so, do they use the same
>> syntax?
> 
>Yes and no.  I think vox.hacktic.nl can post to usenet with
>X-Anon-To: alt.whatever.usenet.group
>

That is correct, but it can only post to newsgroups that are carried by
the hacktic newsserver [apr. 2800 newsgroups]
 
>> I know that a few of the CP remailers have a certain adddress,
>> like "help@<address>" which will provide an info sheet by return
>> mail.  Do any of the others support that?  If so, would "help" be
>> used, or something else?
> 
>Well, there's mg5n+remailers at andrew.cmu.edu ...

If you send a message to help at vox.hacktic.nl you will receive a help file,
on the various remailers that vox.hacktic.nl supports [you can add your 
PGPpubKEY to my keyring, all mail to you will then be encypted, etc..]

--
Exit! Stage Left.
Alex de Joode                                 <usura at vox.hacktic.nl>





From perry at imsi.com  Mon Jun  6 04:49:18 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 6 Jun 94 04:49:18 PDT
Subject: Black eyes heal
In-Reply-To: <9406032354.AA29053@newton.apple.com>
Message-ID: <9406061149.AA07999@snark.imsi.com>



Allen J. Baum says:
> I have no doubts that the problem that was revealed will be corrected.
> I'm not sure it was a good idea to reveal the weakness. Imagine how much
> worse it would be (in terms of PR) if lots of phones had been deployed
> before the flaw was found?

Enormous investment has already been made. Furthermore, the EES design
has provisions in the processor for only a 128 bit LEAF. Its hardly
clear that they can just "patch" this in a few weeks.

However, I'll note that Matt felt he had an obligation as a scientist
to reveal the flaw and even to state in his paper how to fix it
(although thats more or less obvious -- increase the checksum to 32 or
64 bits.)

> So, there is a small window in which to take advantage of the PR, and the
> delay in revised chip availablility. Unless there are some major defections
> in Congressional support because of this, I don't think much will change;
> Clipper will become a reality.

I doubt that its that cut and dried. Unless they can convince congress
to undertake a major legal change to make a discredited technology
manditory, no one outside the government will use it.

Perry





From perry at imsi.com  Mon Jun  6 04:58:04 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 6 Jun 94 04:58:04 PDT
Subject: Black Eye for NSA, NIST, and Denning
In-Reply-To: <199406040047.RAA06014@jobe.shell.portal.com>
Message-ID: <9406061157.AA08012@snark.imsi.com>



Hal says:
> It's not clear to me whether the same restrictions apply to the use of
> the Tessera plug-in card.

Well, they are planning on selling the things to all comers as an
encryption standard for all sorts of applications, so there are limits
on how restrictive they can be.

> It sounds, from what was posted here, like
> Blaze was able to feed sample LEAF's at his card until it accepted one.
> Is that correct? 

Yes.

> If so, apparently users of such cards have access to
> low-level functions which would allow this kind of trick to be used.

Yes.

> Unless there is some way to get a supply of Clipper chips to allow you
> to make Clipper-compatible phones which still protect privacy, then
> all this theorizing is not too useful.

Clipper, Capstone, Tessera, etc, are, to my knowledge, interoperable
implementations of the EES.

Perry





From gtoal at an-teallach.com  Mon Jun  6 05:26:27 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Mon, 6 Jun 94 05:26:27 PDT
Subject: 6/6 New Yorker anti-crypto propaganda
Message-ID: <199406061226.NAA03980@an-teallach.com>


	Highlights of "My First Flame", an article by John Seabrook in the
	6/6/94 _New Yorker_ which explains why we need a benevolent government 
	to help regulate the internet (a very sophisticated piece of
	propaganda, IMHO):

Would it be a waste of time to emil this buffoon and put him right?  Or
bypass him and mail the New Dworkin directly?  Anyone got the fax no?

G





From gtoal at an-teallach.com  Mon Jun  6 05:28:28 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Mon, 6 Jun 94 05:28:28 PDT
Subject: Help A Novice Understand
Message-ID: <199406061228.NAA04010@an-teallach.com>


: From: MWayne at eworld.com
: Greetings all--
: I have been reading the list for a couple of months now and have come across

Really?  I didn't realise Apple's E-World had been online that long.

: the names of two people who seen to stir some very serious passions, David
: Sternlight, & L. Detweiller.

: Can someone tell me who they are and why C'punks hold them in such low
: esteem??

Assuming you aren't just deliberately shit-stirring, if you really
want to know I suggest you subscribe to usenet groups comp.org.eff.talk,
comp.org.cpsr.talk, sci.crypt, alt.security.pgp and alt.fan.david-sternlight
and find out for yourself.  That's how usenet works, you know... (Or don't
those Apple people let you play in the big boy's sand pit?)

G






From perry at imsi.com  Mon Jun  6 05:32:41 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 6 Jun 94 05:32:41 PDT
Subject: No Subject
In-Reply-To: <9406040334.AA02083@coos.dartmouth.edu>
Message-ID: <9406061232.AA08071@snark.imsi.com>



> about skipjack. he couldn't/wouldn't tell me much, of course, mainly
> because the last word I use to describe him is 'human'... he's more
> 'asshole'... but he said the last thing he'd trust is
> skipjack/clipper... he says that the CIA/FBI/NSA/ATF will almost
> assuradly _NOT_ violate the escrow rules (in other words, they
> _will_ get a warrant for the key halves_) however, he also said that
> there are so many back doors that they don't need them.

This "relative" either does not exist, is spewing bullshit, or is
violating federal law by divulging classified information. In any
case, I find the message to be low in information content.

Perry





From jp at jep.pld.ttu.ee  Mon Jun  6 05:50:00 1994
From: jp at jep.pld.ttu.ee (Jyri Poldre)
Date: Mon, 6 Jun 94 05:50:00 PDT
Subject: Clipper LEAF simulator chip???
Message-ID: <9406061244.AA03192@jep.pld.ttu.ee>



> > 1. Taking advantage of desing imperfections, people trying to defeat the
> > system could repeatedly alter the LEAF until it erroneously passed the
> > "checksum" verification, despite an invalid session-key number.
> > This sounds like a very simple computation.  How much would it cost 
> to fab up some chips to do this, and solder them into the circuitry 
> next to the Clipper chip?  Or is there an even easier way to do this?

As far asi I know there has been no direct info about how the checksum is calculated, only that it is somehow connected to IV. 

So , the function of the chip for doing IT would look like the following:

1. Intercept original LEAF.
  Can be done. There should be no problems with such small timeouts, cause phones may sometimes have bad links, also the data transfer rate is of no big deal. 

2. Generating Random LEAF and testing it. 
The only problem here is the time it takes to test these forged LEAFs. Does it have the limit? Maybe chip waits some time before allowing for next testing, 0.1 sec would be enough - you would have to wait almost 2 hours for finding forged LEAF and for law-obeying user 0.1 sec makes no difference. Then maybe Clipper chips will re-initiate key exchange or whatever after some time-out.

If that is no question, meaning that  other chip will wait for connection then the whole design would consist of RND generator and some logic. This would fit perfectly into XILINX 3010 FPGA. There is another good point in using FPGA- the configuration info could be made public knowledge and then everyone could go out and make themselves one for some hamburgers price. 

price of 3010 FPGA in Estonia is  $5-$8 

Oops. add a Coke to these burgers :-)

(Xcuse me if I misunderstood smth. Haven't seen a live clipperphone, therefore can give no soldering / other details. ) 

JP from TTU.


> 
> 
> 





From usura at vox.hacktic.nl  Mon Jun  6 05:56:54 1994
From: usura at vox.hacktic.nl (Usura)
Date: Mon, 6 Jun 94 05:56:54 PDT
Subject: Anonymous Remailers
Message-ID: <060694144942Rnf0.78@vox.hacktic.nl >


usura at vox.hacktic.nl (Usura) writes:
 
>>> I know that a few of the CP remailers have a certain adddress,
>>> like "help@<address>" which will provide an info sheet by return
>>> mail.  Do any of the others support that?  If so, would "help" be
>>> used, or something else?
>> 
>>Well, there's mg5n+remailers at andrew.cmu.edu ...
>
>If you send a message to help at vox.hacktic.nl you will receive a help file,
>on the various remailers that vox.hacktic.nl supports [you can add your 
>PGPpubKEY to my keyring, all mail to you will then be encypted, etc..]

The syntax of this message _must_ be :

	To: help at vox.hacktic.nl
      Subj: help
           ^ only one space please, 
             otherwise the help file will not be send.

--
Exit! Stage Left.
Alex de Joode                                 <usura at vox.hacktic.nl>





From jamesd at netcom.com  Mon Jun  6 07:36:43 1994
From: jamesd at netcom.com (James A. Donald)
Date: Mon, 6 Jun 94 07:36:43 PDT
Subject: Help A Novice Understand
In-Reply-To: <9406060401.tn55367@eworld.com>
Message-ID: <199406061436.HAA29082@netcom14.netcom.com>


MWayne at eworld.com writes
> I have been reading the list for a couple of months now and have come across
> the names of two people who seen to stir some very serious passions, David
> Sternlight, & L. Detweiller.
 
Sternlight is a big wheel in government.  What makes him a
big wheel is classified.  He is physically close to a major
NSA center.  He has been accused of being NSA, and has not
denied it.
 
He campaigns tirelessly, endlessly, and repetitiously
against PGP, and against crypto for the masses.
 
He will never admit to being wrong in argument, and will
just go on repeating claims that have been proven false.
 
His posts are well written and well informed, but
invariably false or misleading, and usually highly
repetitious.
 
He is an extraordinarily profligate poster, which makes me
suspect he has a several secretaries assisting him.
 
Detweiller is a moderate statist with middle of the road
political views.  Naturally he got severely flamed.  There
are a number of anarchists on this list who can never
disagree with or correct somebody without attacking that
persons honor, intelligence, and worth.
 
Detweiller posts endless and repetitious flames, much of it
severely deranged. Nobody talks to him any more, so he
largely talks to himself.  He floods newsgroups with
irrelevant and repetitious garbage.  Many of his postings
verge on mailbombing, they are such random garbage.  He
frequently posts under other names, but makes little effort
to conceal his real identity.
 
-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our    |
property, because of the kind of animals that we |         James A. Donald
are.  True law derives from this right, not from |
the arbitrary power of the omnipotent state.     |         jamesd at netcom.com





From mech at eff.org  Mon Jun  6 07:36:55 1994
From: mech at eff.org (Stanton McCandlish)
Date: Mon, 6 Jun 94 07:36:55 PDT
Subject: Unicorn vs. tmp@netcom
In-Reply-To: <Pine.3.89.9405261102.A4118-0100000@io.org>
Message-ID: <2svca0$1rl@eff.org>



> Was it Rousseau who said, "First, we kill all the lawyers"?

No.  This was a fictional criminal in Shakespeare (and the Bard makes it
clear it is not his opinion, but the opinion of an idiot; Shakespeare is
frequently quoted out of context on that one, as if he agreed with the
sentiment).  Other's may find it witty or stupid, for one reason or
another, of course (YMMV).
-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O





From mech at eff.org  Mon Jun  6 07:44:48 1994
From: mech at eff.org (Stanton McCandlish)
Date: Mon, 6 Jun 94 07:44:48 PDT
Subject: Unicorn vs. tmp@netcom
In-Reply-To: <199405270000.BAA11641@an-teallach.com>
Message-ID: <2svcom$26r@eff.org>


I've met Uni in person.

In article <199405270000.BAA11641 at an-teallach.com>,
Graham Toal <gtoal at an-teallach.com> wrote:
>Of course, no-one has considered the possibility that the tmp at netcom persona
>was manufactured and played out over time solely in order to boost the
>credibility of the 'uni' persona :-)  [does anyone have any proof that
>*either* of these people exist in real life or that all this flurry of
>pseudo-legal action ever took place???]
>
>G(in the spirit of Detweiler, since LD isn't around to suggest it himself :-) )


-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O





From remailer-admin at chaos.bsu.edu  Mon Jun  6 07:58:11 1994
From: remailer-admin at chaos.bsu.edu (Anonymous)
Date: Mon, 6 Jun 94 07:58:11 PDT
Subject: No Subject
Message-ID: <199406061453.JAA02561@chaos.bsu.edu>


>	verge on mailbombing, they are such random garbage.  He
>	frequently posts under other names, but makes little effort
>	to conceal his real identity.

Don't bet on that. At least not with "wilhoek"--Supermoron is battling
it out right now with his alter ego on news.admin.policy.





From paul at poboy.b17c.ingr.com  Mon Jun  6 08:02:44 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Mon, 6 Jun 94 08:02:44 PDT
Subject: Black Eye for NSA, NIST, and Denning
In-Reply-To: <9406061157.AA08012@snark.imsi.com>
Message-ID: <199406061501.AA27258@poboy.b17c.ingr.com>


-----BEGIN PGP SIGNED MESSAGE-----

Perry said:

> Clipper, Capstone, Tessera, etc, are, to my knowledge, interoperable
> implementations of the EES.

MYK-78 (or Clipper, not to be confused with the C400 Clipper in my
desktop machine) provides Skipjack encryption. Note that it does not
include any type of key exchange; the equipment designer is in charge
of that.

Capstone provides Skipjack encryption, plus DSS and SHA-based
signatures and D-H key exchange. The encryption is of course
interoperable with MYK-78 units, but I would guess that a
Capstone-based unit would need key-exchange code for each individual
class of MYK-78 device.

Tessera is Capstone packaged on a PCMCIA card for use with PCs and
computers. NSA and DoD intend Tessera cards to be issued to
individuals as authentication and encryption tokens.  _Network World_
reported in February that the initial Tessera beta testing would
include ~300 general officers from the US armed forces.  Plus Matt
Blaze :)

- -Paul

- -- 
Paul Robichaux, KD4JZG      | Out the 10Base-T port, through the router, 
perobich at ingr.com           | over the leased line, off the bridge, past
Intergraph Federal Systems  | the firewall... nothing but net.
	       Of course I don't speak for Intergraph.

-----BEGIN PGP SIGNATURE-----
Version: 2.5

iQCVAgUBLfM6Kafb4pLe9tolAQFc9QQAhAMrrfwkAG5VVB7jaLAgK8oFzx3zPYv5
PmJ3f2P8l6FaHUdohX2g8W6C+ZvMJ1m9Cw2YLg3+0gARVl1m3qTdvZaPV+vx+kwI
DKI3CIS+7J+6D3tiJRCXmV/BLYjOPzLQf6m0wirgamu7BfxD1ctkhCQ3Nv9MNlqK
JOM3V4Vcgpk=
=nPlx
-----END PGP SIGNATURE-----





From geoffw at nexsys.net  Mon Jun  6 08:04:17 1994
From: geoffw at nexsys.net (Geoff White)
Date: Mon, 6 Jun 94 08:04:17 PDT
Subject: JOB POSTING: InterNex
Message-ID: <199406061501.IAA25069@nexsys.nexsys.net>


Forgive my posting this here but I figure that I might just get
someone who has the skillset and the sensibilities to understand
the potential future issues that a service provider might have to 
deal with around "privacy issues" anyway:



---------------------------------------------------------------------------


		MANAGER OF NETWORK OPERATIONS

[This is NOT an entry level position]

InterNex is seeking a versatile and dynamic individual to be a
hands-on senior technical leader in our rapidly growing Network
Operations Center. This multifaceted job will involve all aspects of
network and system administration and management in a TCP/IP based,
public internet. You will have a leadership role in the design and
construction of a wide area internet that incorporates high bandwidth
technologies such as ISDN, Frame Relay, T1, SMDS, and ATM.

You will participate in the design, construction, and maintenance of a
variety of network devices and software that generate and sustain the
growing area of Cyberspace for which InterNex is responsible. You will
also support in-house development, including creating tools to
facilitate network management, perform connection billing, implement
bandwidth management, and automate new user configuration.

The successful candidate will also provide technical expertise to
customers with varying levels of technical sophistication and support
other members of the InterNex team. You should have good writing
skills and be able to communicate clearly.

This job requires proven proficiency with Sun System Administration
skills, a solid working knowledge of the IP protocol suite, router
configuration, SMTP/Sendmail, SNMP, DNS configuration, Perl, C/C++
program porting, and firewall construction. Experience with Windows,
Novell, Macintosh, X.500, ATM are pluses. Knowledge of Telco systems,
and project leadership skills are desirable. Commitment to teamwork is
an essential aspect of the job.

More than four years previous system experience is required. A degree
in computer science or a related field is desirable.

InterNex is located in the highly desirable mid-peninsula community of
Menlo Park. Close to Stanford University, on the edge of Silicon
Valley, 35 minutes from the Pacific Ocean and San Francisco. InterNex
offers a high quality of life and a team of professionals dedicated to
setting new standards of excellence in technology and customer
service.

Compensation package includes salary, health care and stock options
and is based on experience and performance reviews.

For immediate consideration, please e-mail your resume (ASCII and
postscript) to personnel at internex.net, or fax it to (415) 473-3062. No
phone calls please.

InterNex Information Services is a rapidly growing Internet service
provider start-up that specializes in helping businesses do business
on the Internet. We provide our customers One-Stop-Shopping for
high-bandwidth connectivity utilizing leading edge technology. We also
address the need for Internet presence by providing electronic
publishing services such as WWW, Gopher, WAIS, FTP, and custom
servers.

InterNex is an equal opportunity employer.





From jp at jep.pld.ttu.ee  Mon Jun  6 08:38:54 1994
From: jp at jep.pld.ttu.ee (Jyri Poldre)
Date: Mon, 6 Jun 94 08:38:54 PDT
Subject: Clipper- Who's Fooling Who
Message-ID: <9406061533.AA03489@jep.pld.ttu.ee>




It simply is not possible for them to have ACCIDENTALLY OVERLOOKED such a thing as 16 bit CRC. 

Let us assume, that 2 distinct users want to initiate clipper connection. They will have their secret keys generated inside chips and as key distribution is not a part of clipper they can happily use DH or whatever to do it, meaning that they still are the only ones to know them. To be able to intercept these keys clipper chips have ( presumably ) skipjack cipher to make LEAFS. Now cipher must take arguments data and key. But we assume, that Chips  have Family key, but not Master key ( such a thing would have been nonsense- you cannot rely on one key for all chips ), meaning that they share no global knowledge except SJ algorithm. So, for other chip to make difference between RIGHT and WRONG LEAF it has shared secret, meaning session key and LEAF. What could have been simpler than using these 2 components and SJ to generate cryptographic checksum? Nothing, execpt that this checksum is of no use to goverment- it does not know shared secrets, so it cannot use this checksum anyway. BUt that is not such a big pr



oblem - line noise and checksums can be applied externally. So why not use session key and SJ, generate a 80 BIT checksum and append it to LEAF. I do not believe that it would make SJ useless because of cancellation :-) 
The proposed scheme would look like this:
Sa, LEAFa, Sb, LEAFb  the session keys and LEAFs of a and b
1. A and B generate and exchange keys
2. A sends to B SJ(LEAFA,Sb), LEAFA
3. B verifyes it and takes into use Sa. 
,the same thing in opposite directions.

Rather EASY not to implement it.      
Now they did not do it. Instead they used only 16 bits. Weird. Unless...
OK, SJ has no backdoors, but somehow manages to send the parts of LEAF fields 
maybe 0.5 bits per one SJ coded user data block. (it is always possible to compress data that much ) That would change the things. 
We would be happy about our checksum and they would be really happy about (us) US.
A little media now and then - it's for advertisment. Just think that This 16 bits did not make SJ weaker, meaning people who would have used it for sequrity will do so anyway. The i-do-not-know class will switch over to it because of if-I-want-I-can-crack-it( or buy device or have it installed or whatever). 


I'm Looking for a partner 
Someone who gets things fixed
Think about it seriosly
do you want to get rich?

OK for Pet Shop Boys, but NSA???


JP from TTU





From jdwilson at gold.chem.hawaii.edu  Mon Jun  6 09:41:58 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Mon, 6 Jun 94 09:41:58 PDT
Subject: Applied Cryptography
Message-ID: <Pine.3.07.9406060642.A3946-a100000@gold.chem.hawaii.edu>




Aloha, CP's:

Periodically there have been people seeking copies of Schneier's "Applied
Cryptography".  I've found a source you can order them from electronically
if you are so inclined.

"Applied Cryptography", by Bruce Schneier
0-471-59756-2 $44.95
Wiley Books

Stacey's Bookstore - staceysbks at aol.com
Softpro - softpro at csns.com
Reiter's Scientific & Professional Books - bks at reiters.com
Quantum Books - quanbook at world.sto.com
Softpro - softpro at world.std.com



-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |finger for key / Viacrypt Reseller  >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>








From warlord at MIT.EDU  Mon Jun  6 09:47:24 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Mon, 6 Jun 94 09:47:24 PDT
Subject: Clipper LEAF simulator chip???
In-Reply-To: <9406061244.AA03192@jep.pld.ttu.ee>
Message-ID: <9406061647.AA00259@squeamish-ossifrage.mit.edu>


> As far asi I know there has been no direct info about how the checksum
> is calculated, only that it is somehow connected to IV.

According to the NSA talk at MIT last week, the "checksum" is formed
by taking a 16-bit, fixed number (fixed in all chips) and encrypting
it with the session key via some special form of skipjack. 

-derek

         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       warlord at MIT.EDU    PP-ASEL     N1NWH    PGP key available






From mech at eff.org  Mon Jun  6 10:01:02 1994
From: mech at eff.org (Stanton McCandlish)
Date: Mon, 6 Jun 94 10:01:02 PDT
Subject: Why it is legal to export PGP under ITAR
In-Reply-To: <199405280642.XAA05875@jobe.shell.portal.com>
Message-ID: <2svko5$6v5@eff.org>


Nice try, but NEVER confuse a dictionary definition with a legal definition.

In article <199405280642.XAA05875 at jobe.shell.portal.com>,
 <nobody at shell.portal.com> wrote:
>The US ITAR law exempts many things from export restrictions, among them,
>materials availiable in public libraries.  It gives no special definition for a
>library.  My American Heritage Dictionary defines "library" as, among other
>things, "An orginized collection of recorded data arranged for ease of use."
>IOW, an ftp site.  Which means that if a program is available from a public ftp
>site, you're legally allowed to export it. :)


-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O





From warlord at MIT.EDU  Mon Jun  6 10:01:51 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Mon, 6 Jun 94 10:01:51 PDT
Subject: Help A Novice Understand
In-Reply-To: <199406061436.HAA29082@netcom14.netcom.com>
Message-ID: <9406061701.AA00293@squeamish-ossifrage.mit.edu>


Just to play devil's advocate....

[about Sternlight...]
> He campaigns tirelessly, endlessly, and repetitiously
> against PGP, and against crypto for the masses.

Actually, this should be "about PGP [possibly] infringing on
patents"..  He made a PGP key, but when the patent issues came up, he
destroyed everything.  Now that 2.6 is out and santified by all
parties concerned, he has created a new key, which is on the
keyservers!

Just thought I'd clear the air a little it (I hope)

-derek






From jdwilson at gold.chem.hawaii.edu  Mon Jun  6 10:04:25 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Mon, 6 Jun 94 10:04:25 PDT
Subject: PC Techniques June/July 1994 V5 #2
Message-ID: <Pine.3.07.9406060653.B3946-c100000@gold.chem.hawaii.edu>



The above issue's cover page is on "Encryption - Key to a Secure Future"

It has several articles re encryption, and included the Wiley Books
section (which also had Applied Cryptography on the cover page of its
pull-out section) from which I quoted as a source for the book.

On the Editor's Notepad (Page 4) there are two paragraphs of note.

"If the cyberpunk {sic their spelling} crowd ever created a medal for mad
courage in the face of insuperable odds, that medal should go to John 
Gilmore, who has just filed a Freedom of Information Act (FOIA) request
for _the entire Clipper encryption key database_, now being compiled by
the Feds for use in their demented Clipper system.  Gilmore and his
attorney have studied Clipper and the FOIA in detail and have found no
exemptions that would apply to the key database.  They've scratched
together some donations and are taking the government to court under FOIA 
for refusing to release the database to them.

"The Feds always win, even if they have to break their own laws to do it.
Nevertheless, Gilmore & Co. may slow the project down some, and we can all
savor the irritation they will doubtless cause the Powers in the process

---

Also from the same page:

_No Code Overseas_

"Asinine Federal regulations concerning the export of cryptographic tech-
nology means that code diskettes for this issue destined for overseas
subscribers will not contain any of the encryption-related code.  Our
First Amendment prevents the Feds from censoring printed material in the
magazine, but software on diskette is not protected that way.  There's
nothing we can do.  Vote _against_ your representatives this fall, 
regardless of party; that's the only thing that gets their attention.

On Page 6 Jeff Duntemann KG7JF has another full page re Clipper and gives
full and "express permission to freely print and distribute this editorial
electron- ically in the cause of defeating the Clipper initiative."

On page 12 they list the source as available on Compu$erve GO CLMFORUM
and see Lib 16.  Also Turbo User Group Library sells the PC Techniques
archive listing disks at 206-779-9508.

Who knows, they might slip up and have the code available there...

On page 24, Bruce Schneier has an article "Secret Sharing" - perhaps
if you ask you can get his OK to include it here.

Page 35 has an article on "Simple Encryption via XOR" by Mark R. Parker.
For those of you feeling the werewolf need to rip something apart in
an electronic feeding frenzy, this should keep you sated for a millisecond
or two... <hehe>

Also, in the June issue of Upside ("The Business Magazine for the Techno-
logy Elite" - their title), the Editor-In-Chief, Eric Nee, 
has a commentary entitled "Keep Big Brother Out."  Guess what it is about,
kiddies...

Over the last few months I've been colleting articles on DSP's from the
many trade rags I get.  I'd be happy to send one copy to someone who
is seriously interested in this and willing to scan them in etc. to
share with like-minded CP'sters.  

Aloha from Paradise {lost}

-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |finger for key / Viacrypt Reseller  >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>













From remail at desert.hacktic.nl  Mon Jun  6 10:10:14 1994
From: remail at desert.hacktic.nl (remail at desert.hacktic.nl)
Date: Mon, 6 Jun 94 10:10:14 PDT
Subject: No Subject
Message-ID: <199406061710.AA11023@xs4all.hacktic.nl>


##
Subject: Ignore - message to Pr0duct Cypher

-----BEGIN PGP MESSAGE-----
Version: 2.3a

hIwCwagUhZdVih0BA/0WkeQZFU1ALqa5jAR+IBsbwnTH5053tTbr2jg9cURQxHov
Fpj8Z0udacPJXYjK6nRdgGEz8AY1QY3b5e+QAsszDjPIOeOHFqs257K1ih8Wumxd
fBCimbGnHAv8kR0d/vEbpxIDFsuniMc0gTqgTrPDeMdpPFHI4QGd+XQ/oheb4qYA
AAYa7Q7gq1tTJSHKFM9raFloTVuXXrNWG4bdHCgotC3EZnjojaX7/bpwceQMufH8
l6foC1emtM8ll+fTjdP1I9A62yO+c5xmUyF4dUTXUCUpdAsEV94nHzQLWBTWIUwc
Q2xE+2xW2HMkmP2hpM33C2kAOSsw38gP9LV4cG6kWYCB5cwQunmTtOf9zOv3xFh3
qdwnp2pFQlHoLMiR+2gMfI13D0y+5gvI23uSjf4/O7/rBP0n/RZFo527UY5KyM7H
U8VFliwnX5BbbCMVEYF7nlTWsMcMbYy8OahdegpPC3A/PtlHhdGAdDkz4zezA7eL
OSywePf3XBm1MtWb0C6EHjg9mhiI6PqSCXi94V4bqBV6M+M+DuT4yYYEd1dQkgVr
DzvFoP8tuck249B6u3+4y+HahYsZBaT2q4HIx5kzlv7j4gbEDfDzMZlPTrm5bKlb
xxDaSg3EbwHIkDj1HRYSkIGQe/WNsmRMqv0b1SESEHaUXnlkmSq7dE10HpGRCibw
4z/xa9mLQYASc3aPLV8QBmIKu0Rd7GKEh006r5vKW9TqzFk3ilrowJq7H3dpC+jr
BXikKquoTOkt++aEL6PwsgNbZEP6LylKJVVLZcjij+JUBop3b3NtQgJz+6SZinC8
b1DMYbCXsZPeSc/ky3w3H4lOyNMioJoML+gROaDu3pygcD/SmnIL16G7fCsopXgG
ps41w/g5kqGy6us+KEOjSwXeF92pZ94Tk1txPaZneP4pfralfLm0Ym6Lu8y0xc8c
tBSqqOxGoBvZDPqZCpSDtEKiB1KJAuSKpNT2mMXsuPdPIA/OmdzxCmdQzLh5j5oi
8xqVH9p34Wm2fHC4pRjCa3jlflu7LaSY6Sv7B/0FSMDx0z0Q9XW3hnIYR+ErxRT7
2ixYIy9cd0R3iZ2dSZs2olra35iUjBcTDP4JcVuYsmxEgRPo3Z/i/O2vrjqcnQel
8RueM5zNILm3pc+yb25g7KDwrkqPuyabm+EdR2+fyCKhWLmkkyAnQ7MJkPFbOn3t
rXIufQz8zsT89PosAnXOvEUlsEwhYfj/0mlbvXKIC9a1hWE9e0SOsYzMssekN7/s
nPxYTRQqxFs+CyTaxlV1IbOjXc+xLgkPnXaEJn16WsM9I8xTo2nnkyYuWmO77h1N
/+xXRjeUn32L3S8oOgXBlnt36JBsh27zLYCBEu86Vxb0pviAu/AGVm4qI3XQ3pbS
7k3h2Iw3ZEUzAJFCxQycZq3IP2VgrGE7zb8BHyctO1+k8BEtGSIq4XWKYDMxCjhj
h7o1536+le7I2PnYdGI4i3tiUDB+Pm5C56f6axiZvT0qMvFewWzkr95eklT9ldsB
QLmDSIHh3aebmciLpRRN5MUcMtDwBFmkCrnUk0y1Odyl6zXo0YGdmYJSEEj+jdRC
vImKxYEdjT65krOXsAQVf7sEQTUW3XFXZI889b9CWZsYtVN0TEZuw8UW2GRxfrZb
UgkU/xF40sI2kmsbp5X72pW2k52/yuC4D4IMbLC8IKRPYMl7f4xmBIp1UrvH75Z4
La646SkOfezU4J+dsrWQXI8OAE3gqK831FkFJKI9PmyxZT7dy0LeohHhTps2YT0j
J0o6CBopNGlCY2pxO5D1VheojCDuAdgQWOlAjAIF5xmNntMiHf3ics/GUZsexzON
vnkctH/xNMPxnPlWC1RNSJVZwKmUraqSfEiThYR98/ZQ2QxAgHbkUEHKJtKcRm/z
guwbcAD6YhaofwUF4rYGw0pyN8CIROITGZ3uHoMPM3BCeaum/mhzXd7navaab5m4
WaK/n2TLNJVtJcgfQ6mtq5DuYikMWndM3iKSciLFW1eGTlXGXbdB/WCH2Jvpaf7T
yMCp4Dbk/MoasQOmxt6eBr2SWQSG0pfD7ExgroSZSuoC+EgETPAHUuPgUWoyRu1/
bTl53eZNDlN0R3Yir4HxXOaudLKCLXfYRC9doZvHwah1G7rXrJ/bHWtlvq1JAWny
M7UzCu/3xFXOdBa20NvXh9AQ5hA8F2JkZVi9qWFk4HA8rNzYIrw+E3i0N81+Pu0G
DxwtGZOOYLENpf46eMHibdW1jlgV8Hkyuk7M40I=
=z/nc
-----END PGP MESSAGE-----







From jp at jep.pld.ttu.ee  Mon Jun  6 10:19:13 1994
From: jp at jep.pld.ttu.ee (Jyri Poldre)
Date: Mon, 6 Jun 94 10:19:13 PDT
Subject: that is cool
Message-ID: <9406061713.AA03617@jep.pld.ttu.ee>



> According to the NSA talk at MIT last week, the "checksum" is formed
> by taking a 16-bit, fixed number (fixed in all chips) and encrypting
> it with the session key via some special form of skipjack. 
> 
And by doing that add silicon area and  new algorithm? Instead of using one that already existed? Concern for Net bandwith ( 16 instead of 80 bits per session ) and stupidity is of cource noteworthy, but i personally think that they have got spy working there, who deliberately disrupts their work to an extent where they just must quit Clipper and say Oh, let us be friends and use DES :)
 
JP from TTU. 





From jdwilson at gold.chem.hawaii.edu  Mon Jun  6 10:20:10 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Mon, 6 Jun 94 10:20:10 PDT
Subject: Hints at spoofing given on TCP-IP Listserv...
Message-ID: <Pine.3.07.9406060712.H3946-a100000@gold.chem.hawaii.edu>




---------- Forwarded message ----------
Date: Sun, 5 Jun 1994 23:46:22 LCL
From: William <billw at GLARE.CISCO.COM>
To: Multiple recipients of list TCP-IP <TCP-IP%PUCC.BITNET at cmsa.Berkeley.EDU>
Subject: Re: Is IP source routing a bad idea?

A correct and bug-free implementation of IP source routing allows
any host on the internet to masquerade as any IP address that it would
like to, thus breaking any access control based on the source IP address
(eg, most of the unix r-utilities.)

Exactly how to do this is left as an excercise to the reader, but the
fundamental problem is that the source route allows the packet to travel
"through" possibly suspect IP entities that have not had the slightest
amount of authentication as "trustworthy" routers applied to them.

BillW
cisco

==========================================================================

Tentacle food for thought?








From i-vancec at microsoft.com  Mon Jun  6 10:21:58 1994
From: i-vancec at microsoft.com (Vance Cochrane (B.E.S.T.))
Date: Mon, 6 Jun 94 10:21:58 PDT
Subject: Why it is legal to export PGP under ITAR
Message-ID: <9406061623.AA23845@netmail2.microsoft.com>


| Nice try, but NEVER confuse a dictionary definition with a legal definition.
|
| In article <199405280642.XAA05875 at jobe.shell.portal.com>,
|  <nobody at shell.portal.com> wrote:
| >The US ITAR law exempts many things from export restrictions, among them,
| >materials availiable in public libraries.  It gives no special 
definition for a
| >library.  My American Heritage Dictionary defines "library" as, among other
| >things, "An orginized collection of recorded data arranged for ease of use."
| >IOW, an ftp site.  Which means that if a program is available from a 
public ftp
| >site, you're legally allowed to export it. :)

I am not a lawyer so don't scorch me...
Where does one obtain a legal definition if it is not in Blacks Law Dictionary?
Isn't the next source a "regular" dictionary?

...thats what they do on Perry Mason ;-)


vec





From darklord+ at CMU.EDU  Mon Jun  6 10:29:00 1994
From: darklord+ at CMU.EDU (Jeremiah A Blatz)
Date: Mon, 6 Jun 94 10:29:00 PDT
Subject: 6/6 New Yorker anti-crypto propaganda
In-Reply-To: <199406061226.NAA03980@an-teallach.com>
Message-ID: <chwplzy00iUyQ4Q9Av@andrew.cmu.edu>


Excerpts from internet.cypherpunks: 6-Jun-94 Re: 6/6 New Yorker
anti-cry.. by Graham Toal at an-teallach. 
> Would it be a waste of time to emil this buffoon and put him right?  Or
> bypass him and mail the New Dworkin directly?  Anyone got the fax no?

This buffoon, BTW, is the article's author.
Do not flame him! This will serve only to justify his ideas. If,
however, you sent him a polite, well reasoned debate, it would probably
do a world of good. Also, if you present views that are "too radical,"
he will most likely discount you as a kook and thus ignore all of your
arguments and associate them with some dangerous revolutionary movement.
This is a bad thing.

Jer

darklord at cmu.edu | "it's not a matter of rights  / it's just a matter of war
finger me for my |  don't have a reason to fight / they never had one before"
   Geek Code and |                                    -Ministry, "Hero"
  PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/





From werner at mc.ab.com  Mon Jun  6 11:16:24 1994
From: werner at mc.ab.com (werner at mc.ab.com)
Date: Mon, 6 Jun 94 11:16:24 PDT
Subject: Help A Novice Understand
Message-ID: <9406061816.AA02183@werner.mc.ab.com>


>
>[about Sternlight...]
>

Someone said that Sternlight is a high-placed govt official.  I don't
believe this.  I think he is a retired old fart with a home computer
and an internet acct.

Sternlight is neurotic.  Detweiler is psychotic.

I don't think Sternlight has been a factor in this mailing list, except
that people who read the Usenet crypt groupts and comp.eff.talk.org. have
had to deal with his posts alot, and some may be assuming that everyone on
this list is quite familiar with his name.

Detweiler, and posts about Detweiler, dominated this list for awhile.  I
hope this doesn't start up again, especially about Sternlight, since he
never even posts to this list.  Unless it has something to do with
cypherpunk issues, of course.

tw





From hughes at ah.com  Mon Jun  6 11:18:27 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 6 Jun 94 11:18:27 PDT
Subject: The Illogic of Clipper
In-Reply-To: <Pine.3.89.9406051503.A1055-0100000@localhost>
Message-ID: <9406061827.AA13664@ah.com>


   No criminal is going to use a system that would allow the feds to 
   eavesdrop - that's worse than sending messages "en clair".  

Who is the opponent?  For a criminal enterprise, I see two: law
enforcement and the other competing criminal enterpriss.  Clipper
protects against the competition, but not against law enforcement.
Therefore use of Clipper as such is not irrational.

On the other hand, if a secure phone at the same cost is available
which doesn't use Clipper, it is not rational to use that instead of
Clipper.

What you are seeing is the overweening arrogance of the spies that the
only individuals who can make secure phones will be in league with the
government.  The product announcements are not out yet, however.

Eric





From axelrod at s106.es.llnl.gov  Mon Jun  6 11:31:09 1994
From: axelrod at s106.es.llnl.gov (Mike Axelrod 422-0929)
Date: Mon, 6 Jun 94 11:31:09 PDT
Subject: restore subscription
Message-ID: <9406061830.AA19897@s106.es.llnl.gov.seismic>


For some reason, I have stopped getting mail. Please restore.




From jktaber at netcom.com  Mon Jun  6 11:35:51 1994
From: jktaber at netcom.com (John K. Taber)
Date: Mon, 6 Jun 94 11:35:51 PDT
Subject: 6/6 New Yorker anti-crypto propaganda
Message-ID: <199406061835.NAA04039@netcom.com>


Forwarded message:
> From owner-cypherpunks at toad.com Mon Jun  6 03:51:24 1994
> Date: Mon, 6 Jun 1994 01:10:22 -0500
> From: Anthony Garcia <agarcia at sugar.NeoSoft.COM>
> Message-Id: <199406060610.AA10841 at sugar.NeoSoft.COM>
> To: cypherpunks at toad.com
> Cc: agarcia at sugar.NeoSoft.COM
> In-Reply-To: "Bradley W. Dolan"'s message of 05 Jun 94 21:00:47 EDT <940606010046_71431.2564_FHA46-1 at CompuServe.COM>
> Subject: Re: 6/6 New Yorker anti-crypto propaganda
> Sender: owner-cypherpunks at toad.com
> Precedence: bulk
> 
> New Yorker writer says:
>    [Many clueless things, including:]
>    The net poses a fundamental threat not only to the authority
>    of the government, but to all authority, because it permits
>    people to organize, think, and influence one another without
>    any institutional supervision whatsoever. 
> 
> Oh, Dear.  We Certainly Can't Let That Happen.
> 
> Sigh.  This gentleman obviously needs to be regrooved.  Does anyone
> have his net address?
> 
> -Anthony Garcia
> agarcia at sugar.neosoft.com
> "Wacos In Cyberspace:  Hear, hear!"
> 

Well, as I read that sentence in isolation, it is true, and a Good Thing.
I will be concerned if the author is urging "institutional" supervision.
Guess I gotta go read the New Yorker now.  Sheesh, you guys, you get me
to read the Atlantic Monthly, now the New Yorker.  I hope they have 
gotten away from their dilatory style, and that the cartoons are still
good, if I gotta waste my money this way.




From gtoal at an-teallach.com  Mon Jun  6 11:55:40 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Mon, 6 Jun 94 11:55:40 PDT
Subject: 6/6 New Yorker anti-crypto propaganda
Message-ID: <199406061854.TAA20229@an-teallach.com>


: This buffoon, BTW, is the article's author.
: Do not flame him! This will serve only to justify his ideas. If,
: however, you sent him a polite, well reasoned debate, it would probably
: do a world of good. Also, if you present views that are "too radical,"
: he will most likely discount you as a kook and thus ignore all of your
: arguments and associate them with some dangerous revolutionary movement.
: This is a bad thing.

Tell me, Mr Newbie, do they have the expression "Go teach your
granny to suck eggs" in the US too?

G





From tcmay at netcom.com  Mon Jun  6 11:59:51 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 6 Jun 94 11:59:51 PDT
Subject: Can Feds be Sued for Clipper Delays and Redesign Costs?
In-Reply-To: <9406061149.AA07999@snark.imsi.com>
Message-ID: <199406061859.LAA11790@netcom.com>



> 
> Enormous investment has already been made. Furthermore, the EES design
> has provisions in the processor for only a 128 bit LEAF. Its hardly
> clear that they can just "patch" this in a few weeks.
> 

> Perry

I wonder if companies and individuals out there can seek damages for
the costs and delays of having to redesign systems? Assuming EES gets
redesigned, companies ranging from AT&T to MIPS to Tim's Clipjack
Consulting will presumably face product introduction delays, redesign
efforts, etc.

I know suing the government is generally hard, so this may be futile.

But the redesign costs and delays may certainly piss off a lot of
folks. AT&T has several camps opposed to EES (as we all know, from the
comments of Blaze, Stewart, Bellovin, and others) and some camps
supporting EES (AT&T Surety Systems, North Carolina, etc.), but this
latest black eye may certainly tilt things further against the EES.

And what happens if folks who've already _bought_ Clipper phones are
not able to use them to communicate? What happens to the chips already
shipped?

It seems the Feds lose any way you cut it. If EES goes out as
presently designed, workarounds will proliferate (not that EES ever
looked like an especially economical scheme--costs were high). If EES
gets replaced by EES II, delays and costs will mount. And so will bad
will.

I'm overjoyed.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From harveyrj at vt.edu  Mon Jun  6 12:17:16 1994
From: harveyrj at vt.edu (R. J. Harvey)
Date: Mon, 6 Jun 94 12:17:16 PDT
Subject: Help A Novice Understand
Message-ID: <9406061917.AA10779@toad.com>


>
>Someone said that Sternlight is a high-placed govt official.  I don't
>believe this.  I think he is a retired old fart with a home computer
>and an internet acct.
>
   Having been naive enough to actually read a number of his posts
regarding PGP-related topics on the usenet groups, I would likewise
be amazed if "Dr. Sternlight" was indeed a 'highly placed' govt
official, if for no other reason than it would be inconceivable 
for any branch of our government that's supposed to operate in secret 
to allow the stream of effluent that he generates over the net to 
appear _with attribution_.  A wanna-be net-cop with too much time
on his hands, perhaps, but a high government offical in a 
super-secret agency???  NOT!
------------------------------------------------------------------
R. J. Harvey                              (email: harveyrj at vt.edu)    
PGP key 0BADDDB5 (82 42 53 EA 97 B0 A2 B2 FC 92 90 BB C2 26 FD 21)
Opinions expressed do not necessarily reflect those of my employer






From ravage at bga.com  Mon Jun  6 12:27:48 1994
From: ravage at bga.com (Jim choate)
Date: Mon, 6 Jun 94 12:27:48 PDT
Subject: Lattice Secret Disk II
Message-ID: <199406061927.OAA19504@zoom.bga.com>


Hi All,

I recently got a copy of Lattice's Secret Disk II and not bad. Anyone have
any ideas what the 'FAST' technology is? It supports DES for those who are
not familiar with the product.

Take care.






From mech at eff.org  Mon Jun  6 12:46:37 1994
From: mech at eff.org (Stanton McCandlish)
Date: Mon, 6 Jun 94 12:46:37 PDT
Subject: pgs099a.zip
Message-ID: <199406061945.PAA11734@eff.org>


The ftp.funet.fi/pub/msdos/crypto/ path is invalid, FYI.
-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
"In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich
Partners, two-thirds said it was more important to protect the privacy of
phone calls than to preserve the ability of police to conduct wiretaps.
When informed about the Clipper Chip, 80% said they opposed it."
- Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994




From willey at bach.seattleu.edu  Mon Jun  6 13:18:26 1994
From: willey at bach.seattleu.edu (steve willey)
Date: Mon, 6 Jun 94 13:18:26 PDT
Subject: REMAILERS: standard xx-To: line
In-Reply-To: <9406061917.AA10779@toad.com>
Message-ID: <Pine.3.89.9406061359.C18573-0100000@oliver.seattleu.edu>


cp's,
matt just mentioned that remailer at soda doesn't accept "Request-Remailing-To" 
header lines (which explains why i thought it was dead) and i note that not 
all other remailers accept "Anon-Send-To:".  anarchy has it's place in 
our lives but, it would be nice to cut down on sode come in remailing and 
ping scripts.  the three close to standard headers seem to be 
"Anon-Send-To:", "Request-Remailing-To:", and "X-Anon-To:".  it would be 
more convenient :) for all remailers to either allow all three or settle 
on one standard (nfl).

thanks,
steve

------
** stephen willey  DoD# 0769, 1Kspt=5.80, prez IBMC    *   '92 CFM-2    **
** willey at seattleu.edu      pgp key on server          *   '81 GS450    **
**   "The tree of liberty must from time to time be    *   '73 RD350    **
**    refreshed by the blood of patriots and tyrants."  t. jefferson    **






From greg at ideath.goldenbear.com  Mon Jun  6 13:29:44 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Mon, 6 Jun 94 13:29:44 PDT
Subject: Sternlight & PGP
Message-ID: <m0qAkZ8-0005HsC@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----


Derek Atkins writes:

> [about Sternlight...]
> > He campaigns tirelessly, endlessly, and repetitiously
> > against PGP, and against crypto for the masses.

> Actually, this should be "about PGP [possibly] infringing on
> patents"..  He made a PGP key, but when the patent issues came up, he
> destroyed everything.  Now that 2.6 is out and santified by all
> parties concerned, he has created a new key, which is on the
> keyservers!

Derek's list is incomplete; Sternlight also alleged that there were
"copyright problems" with PGP, insinuating that some of the code in PGP
had been copied (or derived from) RSAREF code - he backed down pretty
quickly when asked for substantiation. He also wrote to the administrators
of US-based FTP sites, suggesting that PKP/RSADSI was contemplating legal
action against them if they didn't stop making PGP available via FTP. I
suspect (but cannot prove) that he was also the person who reported those
FTP sites to Bidzos, thus creating the lawsuit threat that he then pretended
to protect the FTP sites from.

He also recently wrote to Netcom administrators, encouraging them to take
action against a user who included a public key marked 2.3a in his
.plan file. 


-----BEGIN PGP SIGNATURE-----
Version: 2.5

iQCVAgUBLfN7yX3YhjZY3fMNAQEUPQP9EZHEiYMAO4Z3ZuRJ/YgThX6CCNlqARic
hFVgZX9kU2xfbKeJsJfBAXJvQDCbq7AOK6uuWIF+2VTb9gt7WcYe4nZiRoWe77v+
/QAYbuefLTGMjhneQ43ZFU3HIYDvzkZBmeZk0jtSzdWafhflnRxaBlFjzAjx1WTS
+8uE9isIqAo=
=V+Ix
-----END PGP SIGNATURE-----




From jamesd at netcom.com  Mon Jun  6 13:35:25 1994
From: jamesd at netcom.com (James A. Donald)
Date: Mon, 6 Jun 94 13:35:25 PDT
Subject: Help A Novice Understand
In-Reply-To: <9406061917.AA10779@toad.com>
Message-ID: <199406062035.NAA20802@netcom.com>


> >Someone said that Sternlight is a high-placed govt official.  I don't
> >believe this.
 
(That someone was me, folks.)
 
According to Tommy <nobody at soda.berkeley.edu>
  David Sternlight is a member of the council on foreign
  relations (pg. 176 of the 1993 Annual Report of the CFR)
 
  The following Executive Branch officials are also 
  members of this organization:
 
  William J. Clinton, President
  Lloyd Cutler, Counsel to the President
  George Stephanopoulos, Senior Advisor
  David Gergen, Assistant to the President for Communications
  W. Anthony Lake, Assistant to the President for National Security Affairs
  Samuel R. Berger, Deputy Assistant to the President for National Security
  Adm. William Crowe, Jr., Chairman, Foreign Intelligence Advisory Board
  John H. Gibbons, Director, Office of Science and Technology Policy
  Gen. Gordon R. Sullivan, Chief of Staff, Army     \
  Gen. Merrill A. McPeak, Chief of Staff, Air Force  > Joint Chiefs of Staff
  Gen. Carl E. Mundy, Commandant, Marine Corps      /
  R. James Woolsey, Director of Central Intelligence
  Adm. William O. Studeman, Deputy Director of Central Intelligence
  Joseph S. Nye, Jr., Chairman, National Intelligence Council
 
  **Stephan Breyer, Current nominee to the Supreme Court
  **Alan Greenspan, Chairman of the Federal Reserve
 
(Paranoid commentary by Tommy edited out)
 
 
R. J. Harvey writes
> I would likewise
> be amazed if "Dr. Sternlight" was indeed a 'highly placed' govt
> official, if for no other reason than it would be inconceivable 
> for any branch of our government that's supposed to operate in secret 
> to allow the stream of effluent that he generates over the net to 
> appear _with attribution_. 
 
Compared to your typical high government official, David
Sternlight is a genius.  Indeed if they were all as smart
as he is, I would be slightly worried - but only very
slightly.  :-)
 
 
 
-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our    |
property, because of the kind of animals that we |         James A. Donald
are.  True law derives from this right, not from |
the arbitrary power of the omnipotent state.     |         jamesd at netcom.com





From lefty at apple.com  Mon Jun  6 13:41:23 1994
From: lefty at apple.com (Lefty)
Date: Mon, 6 Jun 94 13:41:23 PDT
Subject: Why it is legal to export PGP under ITAR
Message-ID: <9406062040.AA08306@internal.apple.com>


>I am not a lawyer so don't scorch me...
>Where does one obtain a legal definition if it is not in Blacks Law Dictionary?

>From relevant court decisions.  Black's Legal Dictionary is a useful
reference tool, but has absolutely no weight of authority whatsoever.

>Isn't the next source a "regular" dictionary?

Not in this instance.

>...thats what they do on Perry Mason ;-)

Don't take legal advice from mediocre actors.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From i-vancec at microsoft.com  Mon Jun  6 14:00:03 1994
From: i-vancec at microsoft.com (Vance Cochrane (B.E.S.T.))
Date: Mon, 6 Jun 94 14:00:03 PDT
Subject: Why it is legal to export PGP under ITAR
Message-ID: <9406062001.AA06676@netmail2.microsoft.com>


| >I am not a lawyer so don't scorch me...
| >Where does one obtain a legal definition if it is not in Blacks Law 
Dictionary?
|
| >From relevant court decisions.  Black's Legal Dictionary is a useful
| reference tool, but has absolutely no weight of authority whatsoever.
|
| >Isn't the next source a "regular" dictionary?
|
| Not in this instance.
|
| >...thats what they do on Perry Mason ;-)
|
| Don't take legal advice from mediocre actors.

But its ok if they are good actors, right? <:-/






From m1tca00 at FRB.GOV  Mon Jun  6 14:15:51 1994
From: m1tca00 at FRB.GOV (Tom Allard)
Date: Mon, 6 Jun 94 14:15:51 PDT
Subject: Sternlight & PGP
Message-ID: <9406062114.AA15434@mass6.FRB.GOV>


-----BEGIN PGP SIGNED MESSAGE-----


greg at ideath.goldenbear.com (Greg Broiles) wrote:

> [...]
> 
> Derek's list is incomplete; Sternlight also alleged that there were
> "copyright problems" with PGP, insinuating that some of the code in PGP
> had been copied (or derived from) RSAREF code - he backed down pretty
> quickly when asked for substantiation. He also wrote to the administrators
> of US-based FTP sites, suggesting that PKP/RSADSI was contemplating legal
> action against them if they didn't stop making PGP available via FTP. I
> suspect (but cannot prove) that he was also the person who reported those
> FTP sites to Bidzos, thus creating the lawsuit threat that he then pretended
> to protect the FTP sites from.
> 
> He also recently wrote to Netcom administrators, encouraging them to take
> action against a user who included a public key marked 2.3a in his
> .plan file. 

Re: copyrights, I have yet to hear Herr Sternlight say that pgp23a does
not have copyright problems.  He may not be asserting that as much,
but he has yet to recant.  It all started in a discussion about NAFTA,
GATT and patents.  Someone posted a passage from GATT about expansion
of copyrights (NOT patents).  He then used that post to assert that
pgp23a infringes in Europe.  When it was pointed out that the discussion
had been about patents, he asserted that pgp23a also violated copyrights
(I think he was just too embarrassed to admit confusing patents and
copyrights).  When I last asked him directly about why he thought pgp23a
violated, he used the fact that the pgp doc's referred to itself as
"contraband" as evidence.

Re: SternCop, he wrote to support at netcom.com complaining that he had found
a pgp23a key in beker at netcom.com's .plan file.  Netcom told him that
he should take the matter up with PKP/RSADSI.  Beker posted Sternlight's
message here and I forwarded it to alt.security.pgp.  This really bugged
Sternlight and he then wrote ANOTHER letter to support at netcom.com
asserting that beker had violated his copyright.  He also sent me
a similair message and told me that he knew the Chairman of the
Federal Reserve Board and that I had better publicly apologize to him.
He warned me that his complaints about me would not go to postmaster but
rather to his own contacts.  Why he thought economists would care about
usenet is beyond me.  Anyway...  support at netcom.com told him they didn't
think beker violated his copyright and if he wanted to pursue the matter
further he should sue beker.  I have yet to hear about his complaints
about me.  If he did complain to anyone about me, they must've completely
blown him off.

Anyway, my all-time favorite Sternlight quote follows:

> Newsgroups: sci.crypt
> From: strnlght at netcom.com (David Sternlight)
> Message-ID: <strnlghtCpH991.8GK at netcom.com>
> Reply-To: david at sternlight.com (David Sternlight)
> Organization: DSI/USCRPAC
> Date: Sun, 8 May 94 05:34:13 EDT

> [...] Something did snap, and it did so
> with the death of Richard Nixon. On thinking of his achievements, and the
> way he was savagely hounded by the left all his life (not without cause, but
> not deserving of the extreme demonizing he got), I decided it was time to
> stop pussy-footing around here, and start calling jerks, cowards, hoodlums,
> and defamers for what they were. [...]

rgds-- TA  (tallard at frb.gov)
I don't speak for the Federal Reserve Board, they don't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D
              

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLfORNKAudFplx0TNAQHVeAP5AXttXRYS9gyp5xoCIRA9q91Bl6+XhKYk
nCcFxFBeSsOzde6pOXpAD5Gnyl1H3p7Dnw6vveYBtjYY06x3iG5S8ZRodkbwPIG/
PbCE+y2K155ORm+jV/Yz6ZmTtKMeS/oXWiOrvtSbabTYqH2HM3Wzp7PbNMlQ0h1b
j9PRTDDmtG4=
=Z20z
-----END PGP SIGNATURE-----





From gtoal at an-teallach.com  Mon Jun  6 14:43:45 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Mon, 6 Jun 94 14:43:45 PDT
Subject: Help A Novice Understand
Message-ID: <199406062143.WAA25035@an-teallach.com>


	From: "James A. Donald" <jamesd at netcom.com>

	> >Someone said that Sternlight is a high-placed govt official.  I don't
	> >believe this.
	 
	(That someone was me, folks.)
	 
	According to Tommy <nobody at soda.berkeley.edu>
	  David Sternlight is a member of the council on foreign
	  relations (pg. 176 of the 1993 Annual Report of the CFR)
	 
	  The following Executive Branch officials are also 
	  members of this organization:
	 
	  William J. Clinton, President
	etc etc...

The CFR is a politicans equivalent of the rotary club and something
you get into in exchange for little more than a few of the green
folding ones.  Everyone and his dog is in it - the membership must
be in the tens if not hundreds of thousands.  Basically it's like
an English 'Gentleman's Club' - you're paying for the snob value
of membership.  What they get out of it is a big party cum picnic
at somewhere posh once a year (like Camp David) and the chance to
schmooze with the nobs.  They disguise this on their tax claims
as a policy conference.

Membership marks Sternlight as a social climber, not as a mover
and shaker.

G





From gtoal at an-teallach.com  Mon Jun  6 14:46:38 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Mon, 6 Jun 94 14:46:38 PDT
Subject: Sternlight & PGP
Message-ID: <199406062139.WAA24963@an-teallach.com>


: From: Greg Broiles <greg at ideath.goldenbear.com>

: action against them if they didn't stop making PGP available via FTP. I
: suspect (but cannot prove) that he was also the person who reported those
: FTP sites to Bidzos, thus creating the lawsuit threat that he then pretended
: to protect the FTP sites from.

He recently owned up to it on alt.security.pgp ...  In fact, he was
bragging about it and how in fact he had "won" if anybody had won...

G
PS Here's the post:
Newsgroups: alt.security.pgp
Path: an-teallach.com!demon!uknet!doc.ic.ac.uk!agate!library.ucla.edu!csulb.edu!csus.edu!netcom.com!strnlght
From: strnlght at netcom.com (David Sternlight)
Subject: Re: Not Phil Zimmermann, Mark Riordan.
Message-ID: <strnlghtCqwput.6Kz at netcom.com>
Reply-To: david at sternlight.com (David Sternlight)
Organization: DSI/USCRPAC
References: <RbDxjiU9QXUS065yn at spartan.ac.brocku.ca> <2sq6aq$pll at nyx10.cs.du.edu> <strnlghtCqvvv0.G9p at netcom.com> <2sre71$7cn at nyx.cs.du.edu>
Date: Sun, 5 Jun 1994 04:30:29 GMT
Lines: 82

In article <2sre71$7cn at nyx.cs.du.edu>,
Alex Strasheim <astrashe at nyx.cs.du.edu> wrote:
>>Finally a few words about the "we won" nonsense at the end of Alex's
>>message.
>
>>There is no "we" and there was never anything to "win".
>
>I beg to differ:  we won, and you lost.  We being the friends of PGP, and 
>you being, well, just you.

You don't get it.

I LIKE PGP. I grabbed it when I first saw it. Only when I found it infringed
RSADSI's patents did I feel I needed to take action.

That action was a deliberate strategy:

1. I worked behind the scenes urging Jim Bidzos of RSADSI to find a way to
license PGP. I did so in a sustained and intense way. Ask him. We discussed
many options, and he checked with his lawyers on each one. (I was not the
only one and claim no special credit).

2. In order to persuade Jim it was clear to me that I had to defend his
patent rights in public. Any attempt to force PGP down his throat was doomed
to fail in my view. Thus I gave no quarter, and no comfort to those
attacking RSADSI, following a strategy of deliberate provocation, or in any
way making it harder for Jim to compromise (recall that HE has the patent,
not the PGP fans. Recall also that it is an MIT/Stanford University patent,
not some commercial exploiter of the civil liberties of the downtrodden.)

3. In a small number of instances I saw some underhanded cheating going on
that could threaten sites I use and benefit from. By "underhanded cheating"
I mean posting infringing software which I had good reason to believe put
sites at risk with neither the permission nor knowledge of the site admins
or owners. I have never objected to individuals putting PGP up on their own
computers with full knowledge of the risks they were taking. 

In conversations with Jim he told me he was going to go after those sites
and close them down. I didn't want that to happen, so I reported the
background to a very few sites I used, leaving the site admins to make up
their own minds what to do. In one case a user was asked to remove PGP and
did. In another case it was taken down. In a third case the site declined to
get involved. Note that in each case I was a party at interest and felt I
might be damaged by the consequences of PGP being up there; rightly or
wrongly my conversations with Bidzos led me to believe he was preparing
imminent action, and I thus took my own action to warn sites I used, to
protect myself from the possibility of losing their services.

I have explained this repeatedly, but the PGP infringers, having not a leg
to stand on, decided to react with a smoke screen of vilification,
defamation, and falsehoods about my motives, and even my bona fides, since
they could not confront the issues honestly and directly given their dirty
hands in the matter. For some of the worst excesses, read this week's New
Yorker article: "My First Flame."

That's it. There was never a hidden agenda, or the assumption of any net.cop
role--I acted to protect a very few sites I benefitted from, and even then
only by presenting the facts and leaving it up to the admins. I acted in a
way designed form the start to get a non-infringing PGP available in the
U.S.

Thus if anyone won, I did. I now have what I've been seeking all along, a
non-infringing version of PGP, thanks to MIT. The de facto standard version
of PGP in the U.S. is properly licensed by RSADSI. It will drive out the
infringing versions in very short order and we can all, honestly and
legally, use PGP.

If anyone lost, it is the juvenile thugs flaunting their disobedience to
authority. PGP hit its limits with the infringing version in the U.S. No
serious company or law abiding professional would consider it as long as it
was under a cloud. Now the infringing versions are about to become history,
and using PGP 2.6 in the U.S. is an act of legitimacy, not an act of
disobedience to authority or disrespect for patents one doesn't like. Those
with authority figure problems will have to find another "cause"--they've
now been very effectively deprived of this one by the simple expedient of
respect for others' property. It was a long, hard fight, but in the end,
despite the obfuscation, slime, lies, defamation, playground bully, and
hoodlum tactics of a short list of people--names available on request :-) --
the good guys won.

David





From blancw at microsoft.com  Mon Jun  6 15:43:07 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Mon, 6 Jun 94 15:43:07 PDT
Subject: FW: Crypto'94, 8/21-25, Santa Barbara
Message-ID: <9406062144.AA13496@netmail2.microsoft.com>


Date: 2 Jun 1994 05:52:48 -0500

			     CRYPTO '94

			General  Information

			 August 21-25, 1994



The program: Crypto '94 is the fourteenth in a series of workshops
on cryptology held at Santa Barbara, California and is sponsored
by the International Association for Cryptologic Research, in
cooperation with the IEEE Computer Society Technical Committee on
Security and Privacy and the Computer Science Department of the
University of California, Santa Barbara. The program for the
workshop will cover all aspects of cryptology.  Formal proceedings
will be provided at the conference.

In addition to the regular program of papers selected or invited
by the program committee, there will be a poster session on Monday
evening.  There will also be a rump session on Tuesday evening for
informal presentations.  Facilities will also be provided for
attendees to demonstrate hardware, software and other items of
cryptological interest.  If you wish to demonstrate such items,
you are urged to contact the General Chair so that your needs will
be attended to.  The social program will include hosted cocktail
parties and dinners on Sunday, Monday and the Beach Barbecue on
Wednesday.  These events are included with the cost of
registration.  No evening meals will be provided at the dining
hall.

About the conference facilities:  The workshop will be held on the
campus of the University of California, Santa Barbara.  The campus
is located adjacent to the Santa Barbara airport and the Pacific
Ocean.  Accommodations are available in the university dormitories
at relatively low cost for  conference participants.  Children
under the age of 13 are not allowed to stay in the dormitories, so
those bringing small children will need to make separate
arrangements in one of several nearby hotels.  More information on
hotels is enclosed.  Parking on campus is available at no cost to
participants.

Travel information:  The campus is located approximately 2 miles
from the Santa Barbara airport, which is served by several
airlines, including American, America West, Delta, United and US
Air.  Free shuttle bus service will be provided between the Santa
Barbara airport and the campus on Sunday and Thursday afternoons.
All major rental car agencies are also represented in Santa
Barbara, and AMTRAK has rail connections to San Francisco from the
north and Los Angeles from the south.  Santa Barbara is
approximately 100 miles north of the Los Angeles airport, and 350
miles south of San Francisco.

Registration:  Participation is invited by interested parties, but
attendance at the workshop is limited, and pre-registration is
strongly advised. To register, fill out the attached registration
form and return to the address on the form along with payment in
full before July 8, 1994.  Campus accommodations will be available
on a first come, first serve basis for attendees who register by
July 8, 1994. Late registrations, subject to a late registration
fee, may be accepted if space is available, but there are no
guarantees.  The conference fees include participation in the
program and all social functions, as well as membership to the
IACR and a subscription to the Journal of Cryptology.  The room
and board charges include dormitory lodging Sunday night through
Wednesday night and breakfast and lunch Monday through Thursday.
Technical sessions will run from Monday morning to Thursday at
noon.  A very limited number of stipends are available to those
unable to obtain funding.  Students whose papers are accepted and
who will present the paper themselves are invited to apply if such
assistance is needed.  Requests for stipends should be sent to the
General Chair before June 3, 1994.

==================================================================

				Hotels


For those who choose not to stay in the dormitories, the following
is a partial list of hotels in the area.  Those who choose to stay
off campus are responsible for making their own reservations, and
early reservations are advised since August is a popular season in
Santa Barbara.  Note that Goleta is closer to UCSB than Santa
Barbara, but a car will probably be required to travel between any
hotel and the campus.  All prices are subject to change; prices
should be confirmed by calling the individual hotels directly.
However, mention CRYPTO '94 when you are making your reservation
and in several of the hotels you will be eligible for the
university rate which can be significantly less than the normal
rates.  We are not able to block rooms in these hotels, so please
make reservations as early as possible.  The quality of the hotels
range from rather expensive beach-front resorts to basic
inexpensive accommodations.  For further information, try
contacting the Santa Barbara Convention and Visitors Center, (805)
966-9222.

South Coast Inn:  5620 Calle Real, Goleta, CA  93117.  Single is
$89; Double is $94. Call to see if they have University rates.
Contact person is Ms. Murrill Forrester (805) 967-3200, Fax (805)
683-4466.

Cathedral Oaks Lodge:  4770 Calle Real, Santa Barbara, CA 93110.
Single rates start at $75; double rates start at $85.  No
University rates available.  Prices include breakfast.  Contact
Doug Smoot or Tom Patton at (805) 964-3511.  Fax (805) 964-0075

Motel 6: 5897 Calle Real , Goleta, CA  93117.  Single rate is
$36.99 + tax.. Double rate is 42.99 + tax. (Rates are subject to
change.)  (805)  964-3596.

The Sandman Inn:  3714 State Street, Santa Barbara, CA  93105.
Single rate: $71  Double rate: $81. (805) 687-2468.  Fax (805)
687-6581.

Miramar Hotel (Beachfront): 3 miles south of Santa Barbara on U.S.
101 at San Ysidro turnoff. No  specific single or double rate.
Rooms begin at $75.  Call  Laura at (805) 969-2203.  Fax (805)
969-3163.

Pepper Tree Inn:  3850 State Street, Santa Barbara, CA  93105.
Single rate: $112  Double rate: $120.
(805) 687-5511.  Fax (805) 682-2410

Encina Lodge:  2220 Bath Street, Santa Barbara, CA  93105.  Single
rate: $112  Double rate: $118.
(805) 682-7277.  Fax (805) 563-9319.

Pacifica Suites (formerly Quality Suites):  5500 Hollister Avenue,
Santa Barbara, CA  93111 (close to campus).  Normal rates begin at
$120 for a suite.  Includes full-cooked breakfast.  Contact
Michael Ensign at (805) 683-6722.   Fax (805) 683-4121.

Upham Hotel: (bed-and-breakfast) 1404 De La Vina Road, Santa
Barbara, CA  93101.  Beginning rate: $105 per night.  (You must
mention you are attending the Crypto conference.)  Contact:
Shirley Fagardo  or reservations at  (805) 962-0058.  Fax (805)
963-2825.

The El Encanto Hotel:  1900 Lasuen Road, Santa Barbara, CA 93105.
Beginning rate: $90.  Contact: Elizabeth Spencer, (805) 687-5000.
Fax (805) 687-3903.

==================================================================

		    CRYPTO '94 Registration Form

		 Registration deadline: July 8, 1994

Last Name:________________________________________________________

First Name:__________________________________  Sex: (M)___  (F)___

Affiliation:______________________________________________________

Mailing Address:__________________________________________________

		__________________________________________________

		__________________________________________________

		__________________________________________________

Phone: _________________________   Fax: __________________________

Electronic Mail: _________________________________________________

Payment of the conference fee entitles you to membership in the
International Association for Cryptologic Research for 1995 at no
extra charge, including a subscription to the Journal of
Cryptology, published by Springer-Verlag, at no extra charge.  Do
you wish to be an IACR member?   YES_____  NO ______

Conference fee:
	Regular ($300)                            US $    ________

	Attended Eurocrypt '94, Perugia ($250)            ________

	Full Time Student ($150)                          ________

	deduct $50 if you do not wish the proceedings     ________
	(There will be NO pre-proceedings; the
	proceedings will be provided at the conference)

	Total Conference fee:                             ________

Room and Board (4 nights):    Smoking ______ Non-Smoking _____
(Prices include breakfast and lunch on Monday through Thursday)

	Single room ($250 per person)                     ________

	Double room ($200 per person)                     ________
		Roommate's name: ___________________

	Saturday Night                                    ________
		($50 per person single / $40 per person double)

	$50 late fee for registration after July 8;       ________
	(registration not guaranteed after July 8)

	Total Guest Fees (from back of form)              ________

Total funds enclosed (U.S. Dollars)               US$     ________

Payment must be by check payable in U.S. funds, by money order in
U.S. funds or by U.S. bank draft, PAYABLE  TO: CRYPTO '94.



Payment should be mailed to
the General Chair:                  Additional Contact Information:

	Jimmy Upton, Crypto '94     Email:  crypto94 at uptronics.com
	1590 Oakland Road           Phone:  (408)451-8900
	Suite B203                  Fax:    (408)451-8901
	San Jose, CA  95131

==================================================================

		      CRYPTO '94 Guest Form

	       Registration deadline: July 8, 1994

Please fill out this form for anyone who is coming with a
conference attendee but not registering for the conference and
wishes to either stay on campus or attend the social functions
Sunday, Monday and Wednesday.  Guests are not entitled to attend
the talks and must be attending with someone registering for the
conference.

Last Name:________________________________________________________

First Name:__________________________________  Sex: (M)___ (F)____

Affiliation:______________________________________________________

Mailing Address:__________________________________________________

		__________________________________________________

		__________________________________________________

		__________________________________________________

Phone: _________________________   Fax: __________________________

Electronic Mail: _________________________________________________

Social Program Attendance ($50)                          _________
	(Sunday, Monday and Wednesday Night
	Dinners - No admittance to talks)

Room and Board (4 nights):  Smoking ______   Non-Smoking _____

(Prices include breakfast and lunch on Monday through Thursday)
	Single room ($250 per person)                     ________

	Double room ($200 per person)                     ________
		Roommate's name: ___________________

	Saturday Night                                    ________
		($50 per person single / $40 per person double)


Total Guest Fees                                  US$     ________
(Show here and on the other side of this form)







From mpd at netcom.com  Mon Jun  6 15:51:07 1994
From: mpd at netcom.com (Mike Duvos)
Date: Mon, 6 Jun 94 15:51:07 PDT
Subject: The Crypto Home Shopping Network
Message-ID: <199406062251.PAA12841@netcom.com>


I noticed a little blurb on the Business Wireservices today
stating that a company named "Digital Delivery" has licensed
technology from RSADSI for a turnkey CD-ROM software catalog
called "CD Product Portfolio".

The product is supposed to permit a company's most valuable
software and intellectual property to be browsed, ordered,
unlocked, and installed from CD-ROM with "absolutely no worry
about hacking or unauthorized use."

The product is based on BSAFE and uses the RSA Public Key
Cryptosystem and the RC4 stream cipher.

Now the interesting part is that this product has been granted
commodity jurisdiction from the Department of Commerce and will
be be allowed to be EXPORTED outside the United States under
license, permitting foreign customers to create encrypted
software catalogs and make use of this distribution mechanism.

Through the magic of RSA encryption, a given program or image (!)
on the CD-ROM will only be released after the browser has
actually ordered and paid for the product.

Do you think this crypto is "strong"?  I am not familiar with
RC4, but it would seem unlikely that it is both hack-proof and
exportable at the same time.  Cost considerations probably
preclude encrypting CDs individually with different keys, so it
is difficult to see what prevents disk owners from communicating
keys to one another for the purpose of unlocking software.  This
idea of mass-produced CDs might nicely dovetail with DigiCash to
enable the complete electronic purchase of programs without the
necessity of having a high-bandwidth connection with the seller
to transfer the software to ones own machine.

Given the extensive "Threat of Crypto" propaganda we have been
hearing from government minions lately, it is very nice to see
the government pushing us towards a future where we may buy all
sorts of interesting things from foreign mass-produced encrypted
CD-ROMs with anonymous DigiCash, all in complete privacy.

Thank-YOU Big Brother. :)

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From jktaber at netcom.com  Mon Jun  6 16:29:15 1994
From: jktaber at netcom.com (John K. Taber)
Date: Mon, 6 Jun 94 16:29:15 PDT
Subject: Sternlight & PGP
Message-ID: <199406062329.SAA19494@netcom.com>


I would like clarification on Sternlight's contention that PGP violates
RSA's patents.  My understanding is that PGP < 2.4 does not so long as
its use was private and non-commercial.  

In other words, isn't the patent issue a fabrication of Sternlight to
attack PGP?

Or did he really have a point?




From gtoal at an-teallach.com  Mon Jun  6 16:35:23 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Mon, 6 Jun 94 16:35:23 PDT
Subject: The Crypto Home Shopping Network
Message-ID: <199406062335.AAA27342@an-teallach.com>


I think RC4 is the 32 bit cypher used in cellular phones throughout
Europe.  Rumour has it it can be cracked in realtime.  The actual
cypher is secret though, which makes it *very* interesting that
it'll be available in a software product.  The phones use custom
chips...

G





From fringeware at io.com  Mon Jun  6 16:48:33 1994
From: fringeware at io.com (FringeWare Inc)
Date: Mon, 6 Jun 94 16:48:33 PDT
Subject: MEDIA - Cyberwire Dispatch
Message-ID: <199406060722.fw.1316@illuminati.IO.COM>


Sent from: jonl at well.sf.ca.us (Jon Lebkowsky)

   [mod's note: The last couple of Cyberwire Dispatches from Brock
    Meeks <brock at well.com>.  He says you can redistribute so long as
    you do so freely, without charge. Also note the defense fund msg
    we're re-sending.]

 CyberWire Dispatch // Copyright (c) 1994 //
 
 Jacking in from the SNAFU Port:
 
 Washington, DC -- Matthew Blaze never intended to make the front
 page of the New York Times.  He was just doing his job:  Nose
 around inside the government's most secret, most revered encryption
 code to see if he could "break it."
 
 Blaze, a researcher for AT&T Bell Labs, was good at this particular
 job. Maybe a bit too good.  Although he didn't actually "break" the
 code, he did bend the fuck out of it.  That feat landed him a front
 page story in the June 9 issue of the New York Times.
 
 What Blaze found -- and quietly distributed among colleagues and
 federal agencies in a draft paper -- was that design bugs in
 Skipjack, the computer code that underlies the Clipper Chip
 encryption scheme, can be jacked around, and re-scrambled so that
 not even the Feds can crack it.  This of course defeats the whole
 purpose of the Clipper Chip, which is to allow ONLY the government
 the ability to eavesdrop on Clipper encoded conversations, faxes,
 data transmissions, etc.
 
 What Blaze's research attacks is something called the LEAF, short for "Law
 Enforcement Access Field."  The LEAF contains the secret access code needed
 by law enforcement agents to decode the scrambled messages.  Blaze
 discovered that the LEAF uses only a 16- bit checksum, which is a kind of
 self-checking mathematical equation.  When the checksum equations match up,
 the code is valid and everything's golden.  The cops get to unscramble the
 conversations and another kiddie porn ring is brought to justice.  (This is
 what the FBI will tell you... again and again and again and... )
 
 But you can generate a valid 16-bit checksum in about 20 minutes,
 according to those crypto-rebels that traffic the Internet's Cypherpunks
 mailing list.  "A 16-bit checksum is fucking joke," one cryptographic
 expert from the list told Dispatch.  "If it weren't so laughable, I'd be
 insulted that all this tax payer money has gone into the R&D of something
 so flawed."
 
 But the New York Times got the story *wrong* or at least it gave only part
 of the story.  "What the New York Times story didn't say was that the
 findings... had nothing to do with the Government standard, which covers
 voice, facsimile and low-speed data transmission," said an AT&T spokesman.
 AT&T was the first company to publicly support the Clipper Chip.  A stance
 that was essentially bought and paid for by the U.S. government with the
 promise it would get big government contracts to sell Clipper equipped
 phones to Uncle Sam, according to documents previously obtained by
 Dispatch.
 
 The AT&T spokesman said the "frailty" that Blaze discovered doesn't
 actually exist in the Clipper Chip applications.  "Our scientists,
 working with National Security Agency (NSA) scientists, were
 conducting research on proposed future extensions of the standard,"
 he said.
 
 Those "future extensions" are the so-called Tessera chip, intended to be
 embedded in a PCMCIA credit card sized device that fits into a slot in your
 computer.
 
 When the NSA trotted out its Tessera card, it invited Blaze, among others,
 to review the technology, essentially becoming a beta-tester for the NSA.
 No formal contract was signed, no money changed hands.  Blaze took on the
 job in a volunteer role.  Using a prototype Tessera chip installed on a
 PCMCIA card, he broke the damn thing.
 
 AT&T claims the whole scenario is different from the Clipper because the
 LEAF generated by Clipper "is a real time application... with Tessera it's
 static," the spokesman said.  He said Tessera would be used to encrypt
 stored communications or Email.  "And with Tessera, the user has the
 ability to get at the LEAF," he said, "with Clipper, you don't."
 
 Blaze will deliver his paper, titled "Protocol Failure in the Escrowed
 Encryption Standard," this fall during the Fairfax Conference.  His
 findings "should be helpful" to the government "as it explores future
 applications," of its new encryption technology the AT&T spokesman said.
 "In our view, it's better to learn a technology's limitations while there's
 time to make revisions before the Government spends large sums to fund
 development programs."
 
 This is an important, if subtle statement.  The Clipper Chip never
 underwent this type of "beta-testing," a fact that's drawn the ire of
 groups such as Computer Professionals for Social Responsibility (CPSR) and
 the Electronic Frontier Foundation (EFF).  When the White House began to
 take hits over this ugly situation, it agreed to have an independent panel
 of experts review the classified code to check for any trapdoors.
 
 Those experts claim they found nothing fishy, but their report -- alas
 --has also been classified, leading to further demands for openness and
 accountability.  The White House is stalling, naturally.
 
 But in an apparent about face, the NSA allowed an "open" beta- testing for
 Tess and -- surprise -- we find out there are bugs in the design.
 
 Okay, Pop Quiz time: Does the existence of "Blaze Bug" make you feel:  (A)
 More secure about the government's claim that Clipper will only be used to
 catch criminals and not spy on the citizenry. (B) Less secure about
 everything you've ever been told about privacy and encryption by the
 Clinton Administration.  (C)  Like this entire episode is really an
 extended "Stupid Pet Tricks" gag being pulled by David Letterman.
 
 If you're still unsure about Clipper, check this quote from the AT&T
 spokesman:  "It's worth noting that Clipper Chip wasn't subjected to this
 type of testing."  Ah-huh... any questions?
 
 The NSA is trying to downplay the news.  "Anyone interested in
 circumventing law enforcement access would most likely choose simpler
 alternatives," said Michael Smith, the agency's planning director, as
 quoted by the New York Times.  "More difficult and time-consuming efforts,
 like those discussed in the Blaze paper, are very unlikely to be employed."
 
 He's right.  Those "simpler alternatives" include everything from private
 encryption methods to not using a Clipper equipped phone or fax in the
 first place.  (Of course, the FBI keeps insisting that criminals won't use
 any of this "simpler" knowledge because they are "dumb.")
 
 Despite the NSA's attempt to blow off these findings, the agency is
 grinding its gears.  One NSA source told Dispatch that the Blaze
 paper is "a major embarrassment for the program."  But the
 situation is "containable" he said.  "There will be a fix."
 
 Dispatch asked if there would be a similar review of the Clipper protocols
 to see if it could be jacked around like Tess.  "No comment," was all he
 said.
 
 Meeks out...
 
ANOTHER ISSUE:

 CyberWire Dispatch // Copyright (c) 1994 //
 
 Jacking in from the "We Knew It All Along" Port:
 
 Washington, DC -- The key technology underlying the Administration's
 Tessera "Crypto Card" was fatally flawed from its inception, Dispatch has
 learned.  Government researchers working for the National Security Agency
 have known for months about the flaw, but purposefully withheld that
 information from the public, a government official acknowledged today to
 Dispatch.
 
 Cryptographic researchers at the super-secret NSA have known all along that
 the program used to scramble a key part of the government's Clipper system
 could be thwarted by a computer savvy user with 28 minutes of free time,
 according to an NSA cryptographic expert that spoke to Dispatch under the
 condition he not be identified.
 
 "Everyone here knew that the LEAF (Law Enforcement Access Field) could be
 fucked with if someone knew what they were doing," the NSA expert said.
 "We knew about the flaw well before it became public knowledge.  What we
 didn't know is how long it would take an outside source to discover the
 flaw."
 
 In essence, the NSA decided to play a kind of high-tech cat and mouse game
 with a technology being hailed as the most secure in the world.  So secure,
 the White House is asking the public to give up a degree of privacy because
 there's no chance it can be abused.
 
 "We figured [the presense of the flaw] was an acceptable risk," the NSA
 expert said.  "If no one found out, we probably would have fixed it sooner
 or later," he said.  "I can't imagine that we would have let that one slip
 through."
 
 But someone spoiled the end game.  A 33-year-old AT&T scientist Matthew
 Blaze discovered the crack in the White House's increasingly crumbling spy
 vs. citizen technology.
 
 Acting as a kind of beta-tester, Blaze found several techniques that could
 be used to successfully thwart the LEAF, the encrypted data stream needed
 by law enforcement officers in order to identify what amounts to a social
 security number for each Clipper or Tessera chip.
 
 Once the LEAF is in hand, law enforcement agents then submit it to the
 "key escrow agents." These escrow agents are two government authorized
 agencies that keep watch over all the keys needed to descramble Clipper
 or Tessera encoded conversations, faxes or data transmissions. Without the
 keys from these two agencies, the law enforcement agents hear nothing but
 static. Without the LEAF, the agencies won't cough up the keys.
 
 Bottom line:  If the LEAF is fucked, so is access to the scrambled
 communications.
 
 What Blaze so eloquently discovered is that someone with a modicum of
 knowledge could do was jack around with the LEAF, rendering it unusable.
 What Blaze didn't realize is that he was merely acting as an NSA stooge.
 
 But the methods discovered by Blaze, and outlined in a draft paper he'll
 later present this month during a high brow security shindig known as the
 Fairfax conference, are cumbersome.  "The techniques used to implement
 (the work arounds) carry enough of a performance penalty, however, to limit
 their usefulness in real-time voice telephony, which is perhaps the
 government's richest source of wiretap-based intelligence," Blaze writes in
 his paper.
 
 Notice he says "limit" not "completely render useless."  Important
 distinction.  Are there other, faster, more clever ways to circumvent the
 LEAF?  "If there are, I wouldn't tell you," the NSA crypto expert said.
 
 Shut Up and Chill Out
 =====================
 
 The National Institute of Standards and Technology (NIST), the agency
 walking point for the White House on the Clipper issue, takes these
 revelations all in stride.  Sort of a "shut up and chill out" attitude.
 
 The techniques described by Blaze "are very unlikely to be used in actual
 communications," a NIST spokeswoman said.  Does that mean they could never
 be used?  "It's very unlikely."
 
 NIST, when confronted with the fact that NSA researchers knew all along
 that the technology was broken, was unapologetic.  "All sound cryptographic
 designs and products consider tradeoffs of one sort or another when design
 complexities, costs, time and risks are assessed," the NIST spokeswoman
 said.  The Clipper family of encryption technologies "is no exception,"
 she said.
 
 NIST said that the Tessera card "isn't a standard yet, so the process of
 testing it's integrity is ongoing."  The technology in Tess is known as
 the Capstone chip, which, unlike the Clipper Chip, hasn't yet been accepted
 as a standard, NIST said.
 
 Flaws, therefore, are assumably just part of an ongoing game.
 
 The fact that the NSA knew about this flaw when it asked people like Blaze
 to test it was "just part of the ongoing testing procedure," the
 spokeswoman said.  And if Blaze or some other idea hamster hadn't
 discovered the flaw?  You make the call.
 
 What about Clipper?  Are there such flaws in it?  NIST says "no" because
 it has already been through "independent testing" and accepted as a
 standard.  If there are flaws there, they stay put, or so it seems.
 
 Clipper's My Baby
 =================
 
 Beyond the high risk crypto games the NSA has decided to play, there's
 another disturbing circumstance that could torpedo the Clipper before it's
 given its full sailing orders.  This obstacle comes in the form of a patent
 dispute.
 
 Silvio Micali, a scientist at the massachusetts Institute of Technology
 says the Clipper is his baby.  He claims to hold two crucial patents that
 make the Clipper tick.
 
 "We are currently in discussions with Mr. Micali," NIST said.  "We are
 aware of his patent claims and we're in the process of addressing those
 concerns now," a NIST spokeswoman said.
 
 She wouldn't go into details about as to the extent of the talks, but
 obviously, the government is worried.  They haven't flatly denied Micali's
 claims.
 
 If this all sounds like a bad nightmare, you're right.  NIST ran into the
 same problems with its Digital Signature Standard, the technology they've
 adopted as a means to "sign" and verify the validly of electronic mail
 messages.  Others jumped on the government's DSS standard, claiming they
 were owed royalties because they held patents on the technology.  These
 discussions are still "ongoing" despite the government's adoption of the
 standard.
 
 The same situation is now happening with Clipper.  One could make a case
 that Yogi Berra is the policy wonk for the Clipper program:  "It's like
 deja vu all over again," Berra once said.
 
 So it is, Yogi... so it is.
 
 Meeks out...








From mab at research.att.com  Mon Jun  6 16:54:56 1994
From: mab at research.att.com (Matt Blaze)
Date: Mon, 6 Jun 94 16:54:56 PDT
Subject: Paper available via ftp
Message-ID: <9406062354.AA15289@big.l1135.att.com>


A preliminary draft of my paper, "Protocol Failure in the Escrowed
Encryption Standard" is now available via anonymous ftp from
research.att.com in the file /dist/mab/eesproto.ps .  The paper is
in PostScript format and seems to print on most PS printers.

This is only a preliminary draft; the final published version
will likely include additional material on the production version
of the PCMCIA card, which, I understand, will differ in some
respects from the prototype I examined.

-matt





From jis at mit.edu  Mon Jun  6 18:15:51 1994
From: jis at mit.edu (Jeffrey I. Schiller)
Date: Mon, 6 Jun 94 18:15:51 PDT
Subject: PGP 2.6 FAQ (PGP Signed)
Message-ID: <9406070115.AA06871@big-screw>


This version is identical to the version mailed out by Hal Abelson. I
was out of town so I was unable to sign it. The only change to this
document (besides the addition of the PGP signature) is the conversion
of tabs to spaces and the removal of trailing whitespace.

-----BEGIN PGP SIGNED MESSAGE-----

                        Questions and Answers
                    about MIT's Release of PGP 2.6

                                  by
    Hal Abelson, Jeff Schiller, Brian LaMacchia, and Derek Atkins

                             June 2, 1994


Q: Is PGP 2.6 an official release from MIT?

A: Yes.  PGP 2.6 is distributed via the Internet to non-commercial
U.S. users by MIT Information Systems, via anonymous ftp from
net-dist.mit.edu in the directory pub/PGP.  Planning for the PGP 2.6
release was conducted with the knowledge and approval of the MIT
administration.  The MIT News Office officially announced the
availability of PGP 2.6 in a press release dated May 26, 1994.

***

Q: Was PGP 2.6 released in cooperation with RSA Data Security, Inc.?

A: Yes.  PGP 2.6 uses the RSAREF(TM) Free Cryptographic Toolkit
(Version 1) licensed by RSADSI.  RSADSI has granted MIT permission to
access the non-published routines in RSAREF required to support PGP.

***

Q: Was Phil Zimmermann involved in the PGP 2.6 release?

A: Yes.  Zimmermann has been fully involved in the release process.
In addition, he approved all code changes from earlier versions of
PGP and updated the PGP documentation for version 2.6.

***

Q:  Can PGP 2.6 interoperate with previous versions of PGP?

A: Not completely.  There are two different incompatibilities between
PGP 2.6 and earlier versions of PGP.  The first incompatibility is a
deliberate format change that will trigger on September 1, 1994.  The
intent of this change is to discourage PGP users in the U.S. from
using PGP 2.3a, which potentially infringes patents.  The second
incompatibility is that PGP 2.6 requires signatures to be in PKCS
format, which has been the default since PGP 2.3, although PGP 2.3
was able to process non-PKCS signatures.

***

Q: What's the effect of the September 1 format change?  Will I still
be able to use my old keys?  Will I still be able to decrypt old
messages?

A: Both now and after September 1, PGP 2.6 will decrypt messages and
uses keys generated by PGP 2.3a.  To quote from the PGP 2.6 manual:

        PGP version 2.6 can read anything produced by versions 2.3,
        2.3a, 2.4, or 2.5.  However, because of a negotiated
        agreement between MIT and RSA Data Security, PGP 2.6 will
        change its behavior slightly on 1 September 1994, triggered
        by a built-in software timer.  On that date, version 2.6 will
        start producing a new and slightly different data format for
        messages, signatures and keys. PGP 2.6 will still read and
        process messages, signatures, and keys produced under the old
        format, but it will generate the new format.

***

Q: What about the PKCS requirement?

A: PKCS Stands for Public Key Cryptography Standards and is a
voluntary standard created by RSA Data Security and several industry
leading organizations, including MIT. PKCS specifies standard
encodings for encrypted and signed objects as well as some key
formats. The standard documents themselves may be obtained via
anonymous FTP from rsa.com.

Starting with PGP version 2.3, PGP signatures have conformed to the
PKCS signature standard.  Although PGP version 2.3 generated PKCS
format signatures, it was capable of understanding the non-PKCS format
generated by PGP 2.2 and earlier versions.  PGP 2.6 removes this
compatibility code. This makes some of the PGP 2.6 code cleaner and
ensures compatibility with future versions of RSAREF and other future
standard software.  Making the change now also encourages people to
obtain fresh signatures on their keys, which is a prudent thing to do
every so often.

Note: The PKCS requirement has nothing to do with the September 1 PGP
format change. It is an independent decision of the PGP development
team.

***

Q: Is there a technical reason for the September 1 format change?

A: No. The format change is being made for legal reasons, not
technical reasons.  MIT wanted to bring out a version of PGP that
would have the support of RSADSI.  RSADSI would not lend their support
to a product that fully interoperates with PGP 2.3, which, when used
in the United States, potentially infringes patents licensed to them
by Stanford and MIT.  The intent of this format change is to
discourage people from continuing to use the earlier software, which
will mitigate the patent-caused problems that have hampered use of PGP
within the U.S.  The time delay between now and September is to give
people adequate time to upgrade to the new software.

***

Q:  Does using RSAREF make PGP 2.6 run more slowly than previous
versions of PGP?

A: No.  The speed-critical portions of PGP 2.6 use the same
multi-precision integer libraries as in PGP 2.3a.  We have noticed no
appreciable speed difference between PGP 2.3a and PGP 2.6 on any of
the platforms we have tried.  If you observe a performance problem
with PGP 2.6, please send details to pgp-bugs at mit.edu.  Be sure to
tell us what platform and compiler you are using.

***

Q: Is there a back door in PGP 2.6?

A: No. You need not take our word for it.  PGP is distributed in
source code, so that you can verify its integrity yourself, or get
someone you trust to verify it for you.  The 2.6 MSDOS executable file
that we distribute has been digitally signed, so you will know that it
has not been tampered with.  In general, you should be wary of using
encryption programs that you receive as object code, whose origin you
cannot authenticate.

***

Q: Why is PGP 2.6 limited to 1024-bit keys?  Does this compromise the
security of PGP 2.6?

A: To quote from the PGP 2.6 manual:

        Beginning with version 2.4 (which was ViaCrypt's first
        version) through at least 2.6, PGP does not allow you to
        generate RSA keys bigger than 1024 bits.  The upper limit was
        always intended to be 1024 bits.  But because of a bug in
        earlier versions of PGP, it was possible to generate keys
        larger than 1024 bits.  These larger keys caused
        interoperability problems between different older versions of
        PGP that used different arithmetic algorithms with different
        native word sizes.  On some platforms, PGP choked on the
        larger keys.  In addition to these older key size problems,
        the 1024-bit limit is now enforced by RSAREF.  A 1024-bit key
        is very likely to be well out of reach of attacks by major
        governments.

Cracking a 1024-bit key is far beyond any publicly known computational
capability.  The table below, originally posted to Usenet in October,
1993, gives some numbers for the expected amount of work required to
crack keys of various sizes. The prediction for RSA129, which was
finally factored in April, 1994, was very close to the actual time
required.  (The time was about 5000 MIPS-years, depending on your
definition of a MIPS.)

    RSA129 (429 bits):      4,600 MIPS-YEARS
    a 512 bit key         420,000 MIPS-YEARS (safe for a little while!)
    a 700 bit key   4,200,000,000 MIPS-YEARS (seems pretty safe to me!)
    a 1024 bit key    2.8 x 10^15 MIPS-YEARS (Wow!)

The above table is based on the Multiple-Polynomial Quadratic Sieve
(MPQS). Other algorithms under development may have slightly better
performance.

The bottom line is that cracking a 1024-bit key using anything like
presently known factoring methods will probably not happen within the
lifetime of anyone reading this FAQ at the time of this writing
(1994).  A breakthrough in computer technology or algorithm efficiency
that threatens a 1024 bit key is likely to be so powerful that it will
threaten much larger keys as well, and then all bets are off!

Any successful attack on PGP with large key sizes is more likely to
come from exploiting other aspects of the system (such as the prime
number generation algorithm) than by brute-force factoring of keys.
Given this, it is not at all clear that key sizes larger than 1024
bits provide increased security in any practical sense.

Nevertheless, RSADSI has granted MIT permission to modify RSAREF to
increase the key size, and larger keys will be supported in a future
PGP release.  These larger keys, however, will not be manipulated by
PGP 2.6 and earlier releases, so users will need to upgrade in order
to use them.

***

Q: There is no patent problem with using PGP 2.3a outside the U.S.
Isn't it offensive to impose a change on PGP users around the world
to accommodate a legal problem in the U.S.?

A: To quote from the PGP 2.6 manual:

        Outside the United States, the RSA patent is not in force, so
        PGP users there are free to use implementations of PGP that
        do not rely on RSAREF and its restrictions.  Hopefully,
        implementors of PGP versions outside the US will also switch
        to the new format, whose detailed description is available
        from MIT.  If everyone upgrades before 1 September 1994, no
        one will experience any discontinuity in interoperability.

We apologize to PGP users outside the U.S.  We are asking them to
undergo the inconvenience of making a change to the non-U.S. version
of PGP for no technical reason.  We hope that the effect of this
change, which will remove any legal controversy from the use of PGP in
the U.S., will benefit PGP users outside the U.S. as well as within
the U.S.

***

Q: How can PGP users outside the U.S. upgrade, if PGP 2.6 might be
subject to U.S. export controls?

A: The format change that will become effective on September 1, 1994
can be accomplished by a simple modification to the PGP 2.3a code,
which was developed outside the U.S.  MIT has published the new format
specification.  Consequently, a non-U.S. version of PGP that
interoperates with PGP 2.6 can be produced without the need
for anyone to attempt to export PGP software from the U.S.

***

Q: With this incompatible change, what provisions are being made for
users of ViaCrypt PGP (PGP 2.4) ?

A: ViaCrypt has announced a new release of their product, called PGP
2.7, that supports both the old and new formats.  They will also
provide upgrade kits for users for version 2.4.  For further
information, contact

    Paul E. Uhlhorn
    Director of Marketing, ViaCrypt Products
    Mail:          2104 W. Peoria Ave
                   Phoenix AZ 85029
    Phone:         (602) 944-0773
    Fax:           (602) 943-2601
    Internet:      viacrypt at acm.org
    Compuserve:    70304.41

***

Q: Does PGP 2.6 use RSAREF version 1, or RSAREF 2.0?

A: PGP 2.6 uses RSAREF version 1.  PGP 2.5 used RSAREF version 2.0.
During the discussions that led to the creation of PGP 2.6, RSA Data
Security requested that MIT switch to RSAREF 1.  Furthermore, RSADSI
gave MIT formal written permission to make calls to internal program
interfaces in RSAREF 1, consistent with the RSAREF 1 license.  From
a technical standpoint, it doesn't matter which version of RSAREF is
used by PGP.  The major enhancements to RSAREF 2.0 have to do with
functionality not required by PGP.  Also, RSADSI's licensing
restrictions (which require non-commercial use only) are not
significantly different from RSAREF 1 to RSAREF 2.  It is possible that
later releases of PGP from MIT may use a different release of RSAREF,
but we see no reason to do so at this time.

***

Q: What is PGP 2.5 and what is its status?

A: MIT initially released PGP 2.5 for beta test on May 9, 1994.
During the beta test period, we continued discussions with RSA Data
Security.  These discussions led us to decide to install the September
1 format change, as well to use RSAREF 1 (see question above).  PGP
2.5 contained several important bugs that have been fixed in PGP 2.6.
PGP 2.5 does *not* contain the software necessary to understand
messages generated by PGP 2.6 after September 1. We therefore urge all
U.S.  users to upgrade to PGP 2.6 (or a subsequent version).

***

Q: What is PGP 3.0?

A: PGP 3.0 is an anticipated upgrade to PGP.  Unlike PGP 2.6, PGP 3.0
will be a major rewrite and reconstruction of the PGP internal
software.  PGP 3.0 might be ready before the end of 1994, but there
are no specific release plans yet.

***

Q: Will there be further incompatible changes to PGP?

A: Almost certainly.  As new features are added, the format of
messages and other data structures will no doubt be changed.  For
example, we have considered adding a new packet type for signatures
that places the signature at the end of a signed packet rather then
the beginning.  This will permit restructuring the PGP software so
that it can operate in one pass, with no need to create the numerous
temporary files that PGP now creates. This will facilitate
applications that are not now currently possible.  For example, a
one-pass PGP could be used to encrypt data to a tape drive during
backup.  This cannot be done with PGP today because it would need to
create temporary files that consume almost twice as much disk space as
the data being backed up!

***

Q: Will keys generated prior to PGP 2.6 continue to be usable?

A: Yes. PGP 2.6 will always be able to use keys created by prior
versions. New keys, generated *after* September 1 will *not* be
usable by prior versions of PGP. However we hope that all PGP users
will have upgraded to PGP 2.6 or better (or its non-U.S. equivalent)
by September.

***

Q: Why did MIT release PGP 2.6, when PGP 2.3 is already available?

A: Using PGP 2.3 in the U.S. potentially infringes patents licensed
exclusively to Public Key Partners by Stanford University and MIT.
This sticky patent situation has deterred the spread of PGP, because
many people and institutions did not wish to risk violating
intellectual property restrictions.

MIT has addressed this problem in PGP 2.6 by using RSAREF, which is
licensed by RSA Data Security, Inc. RSADSI acknowledges that PGP 2.6
is a legitimate RSAREF application.  The RSAREF license includes
rights to all of the relevant U.S. patents on public key cryptography
for non-commercial use.

***

Q: Will there be version of PGP 2.6 for the Mac?

A: People are working on this, but it's not ready yet.  We hope it
will be available within a couple of weeks.

***

Q: Is MIT distributing PGP 2.6 to Canada?

A: No, or at least not yet.  There are some legal issues involved,
having to do with possible U.S. export control restrictions, and we're
getting advice on how to deal with these.  We hope to sort this out
next week.

***

Q: Who are the people who are working on the PGP 2.6 release?

A: People outside MIT working directly on the 2.6 release are Phil
Zimmermann and Colin Plumb.

People at MIT coordinating the PGP 2.6 release are Jeff Schiller, MIT
Network Manager; Hal Abelson, Prof. of Computer Science and
Engineering; Brian LaMacchia, graduate student in Computer Science;
and Derek Atkins, graduate student in Media Arts and Sciences.
Support from the MIT administration was provided by Jim Bruce, MIT
Vice-President for Information Systems; David Litster, MIT
Vice-President and Dean for Research; Karen Hersey, MIT Intellectual
Property Counsel; and John Preston, MIT Director of Technology
Development.

***

Q: Are there more questions?

A: Certainly.  If there are other questions about PGP 2.6 that you
think ought to be answered here, please send us to them (at
pgp-bugs at mit.edu) and we will try to include answers in future versions
of this FAQ.

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAgUBLfPJx1UFZvpNDE7hAQGA1AH9Hi0A+45X9YwxaSr6KMAVEXaR6JuktgfC
rpmt2F5obv352uBU3oKDEpyCJW7wPgLudQ3eEbwZXytXRMeGNkQBgg==
=QHEg
-----END PGP SIGNATURE-----





From ebrandt at jarthur.cs.hmc.edu  Mon Jun  6 18:22:54 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Mon, 6 Jun 94 18:22:54 PDT
Subject: The Crypto Home Shopping Network
In-Reply-To: <199406062335.AAA27342@an-teallach.com>
Message-ID: <9406070122.AA17402@toad.com>


> From: gtoal at an-teallach.com (Graham Toal)
> I think RC4 is the 32 bit cypher used in cellular phones throughout
> Europe.  Rumour has it it can be cracked in realtime.

I dunno whether that's RC4, but RC4 is a stream cipher developed by
Rivest.  It's not patented; instead, RSADSI licenses it only as an
object module.  RC4 and RC2 (a block cipher) use variable-length
keys, and can be exported if the key length is 40 bits or less.
(Naturally, they're not very strong when used this way...)

   Eli   ebrandt at hmc.edu
         finger for PGP key.





From Richard.Johnson at Colorado.EDU  Mon Jun  6 18:27:25 1994
From: Richard.Johnson at Colorado.EDU (Richard Johnson)
Date: Mon, 6 Jun 94 18:27:25 PDT
Subject: Applied Cryptography (correction to typo in email address)
In-Reply-To: <jdwilson@gold.chem.hawaii.edu>
Message-ID: <199406070127.TAA05038@spot.Colorado.EDU>


  From the keyboard of:  NetSurfer <jdwilson at gold.chem.hawaii.edu>

> Softpro - softpro at csns.com

That should be:
  Softpro - softpro at cscns.com
                      ^
The 'cscns' stands for Colorado Springs Community News Service.


Richard






From sommerfeld at orchard.medford.ma.us  Mon Jun  6 20:04:35 1994
From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld)
Date: Mon, 6 Jun 94 20:04:35 PDT
Subject: The Crypto Home Shopping Network
In-Reply-To: <199406062251.PAA12841@netcom.com>
Message-ID: <199406070257.WAA00381@orchard.medford.ma.us>


A year or so ago, my employer's export control expert said that
decrypt-only strong crypto for intellectual property protection was
exportable (in object code form only).

					- Bill






From dcwill at ee.unr.edu  Mon Jun  6 20:06:20 1994
From: dcwill at ee.unr.edu (D.C. Williams)
Date: Mon, 6 Jun 94 20:06:20 PDT
Subject: [butthead] and PGP
Message-ID: <9406070306.AA00768@solstice.unr.edu>


> 
> > 
> > I would like clarification on [butthead's] contention that PGP violates
> > RSA's patents.  My understanding is that PGP < 2.4 does not so long as
> > its use was private and non-commercial.  
> > 
> > In other words, isn't the patent issue a fabrication of [butthead] to
> > attack PGP?
> > 
> > Or did he really have a point?
> 
> Can we please can this crapola? The only thing more wasteful of human
> effort than listening to the moron is listening to people recount what
> he says. If you want to do this, please do it privately. Many of us are
> sick and tired of this certified net.wacko, and speaking for myself and
> any others of like mind, take it up privately on your own time. Check
> out alt.security.pgp and alt.fan.[butthead]. Better yet, find out where
> he lives and camp out on his front lawn. 
> 
> The only point he has is the one on his head.
> 
> =D.C. Williams
> 
> 






From jdwilson at gold.chem.hawaii.edu  Mon Jun  6 20:24:00 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Mon, 6 Jun 94 20:24:00 PDT
Subject: Excerpt from E-d-u-p-a-g-e 06/05/94
Message-ID: <Pine.3.07.9406061750.A7385-b100000@gold.chem.hawaii.edu>



CP's, for your edification:

Date: Mon, 6 Jun 1994 00:09:30 -0400
From: E-d-u-p-a-g-e <info at ivory.educom.edu>

E-MAIL AT THE WHITE HOUSE
        Both the Bush and Clinton administrations have tried to restrict
public access to White House e-mail, but later this year the National
Security Agency will publish "White House E-Mail," a book-length collection
of e-mail messages.  The book includes Iran-Contra affair communications to
and from Oliver North, who used e-mail because he thought it could be
easily deleted. One message from him reads: 

"Oh lord. I lost the slip and
broke one of the high heels. Forgive please. Will return the wig on
Monday."  (So who needs the Clipper Chip?) (New York Magazine, 6/6/94 p.20)
----------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^---------------------------------

I guess the spirit of J. Edgar Hoover lives on at the Whitehouse <hehehe>



-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |finger for key / Viacrypt Reseller  >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>









From drzaphod at brewmeister.xstablu.com  Mon Jun  6 21:05:51 1994
From: drzaphod at brewmeister.xstablu.com (Doctor Zaphod)
Date: Mon, 6 Jun 94 21:05:51 PDT
Subject: The Crypto Home Shopping Network
In-Reply-To: <199406070257.WAA00381@orchard.medford.ma.us>
Message-ID: <m0qAsJW-0009kVC@brewmeister>


> [...] decrypt-only strong crypto for intellectual property 
>	protection was exportable (in object code form only).
> 					- Bill

	What's to say the source code isn't encrypted on the disk?
Could this be the answer to exporting the source in Schneier's book?
Just hide it in a kid's game on a 3.5" |-] TTFN.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- DrZaphod                #Don't Come Any Closer Or I'll Encrypt!   -
- [AC/DC] / [DnA][HP]     #Xcitement thru Technology and Creativity -
- [drzaphod at brewmeister.xstablu.com] [MindPolice Censored This Bit] -
-         50 19 1C F3 5F 34 53 B7   B9 BB 7A 40 37 67 09 5B         -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




From ghio at cmu.edu  Mon Jun  6 21:34:27 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Mon, 6 Jun 94 21:34:27 PDT
Subject: REMAILERS: standard xx-To: line
Message-ID: <9406070433.AA20262@toad.com>


>cp's,
>matt just mentioned that remailer at soda doesn't accept "Request-Remailing-To"
>header lines (which explains why i thought it was dead) and i note that not
>all other remailers accept "Anon-Send-To:".  anarchy has it's place in
>our lives but, it would be nice to cut down on sode come in remailing and
>ping scripts.  the three close to standard headers seem to be
>"Anon-Send-To:", "Request-Remailing-To:", and "X-Anon-To:".  it would be
>more convenient :) for all remailers to either allow all three or settle
>on one standard (nfl).

My remailer (ghio at kaiwan.com) supports all three, and also Anon-To.

All of the remailers support Request-Remailing-To, except soda.

I'm not completely sure which support Anon-To and which use X-Anon-To.
Soda.berkeley.edu is the only one which requires Anon-Send-To.





From ebrandt at jarthur.cs.hmc.edu  Mon Jun  6 21:38:54 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Mon, 6 Jun 94 21:38:54 PDT
Subject: The Crypto Home Shopping Network
In-Reply-To: <199406070257.WAA00381@orchard.medford.ma.us>
Message-ID: <9406070438.AA20315@toad.com>


> A year or so ago, my employer's export control expert said that
> decrypt-only strong crypto for intellectual property protection was
> exportable (in object code form only).

Seems to me it's pretty hard to make a stream cipher decrypt-only.
A little hacking around and you can do what you want with the stream.

   Eli   ebrandt at hmc.edu
(or you could snarf PGP from Finland, but Commerce hasn't clued in on that)





From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Tue Jun  7 01:12:58 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Tue, 7 Jun 94 01:12:58 PDT
Subject: Tax Free In Cyberspace Only
Message-ID: <770976058/vac@FURMINT.NECTAR.CS.CMU.EDU>



Encryption will have a profound impact on society as we move further into
the information age.  In particular, some things that are currently taxed
will be very hard to tax in the future.

Encryption lets non-tangible things move around like the ghosts they
are.  Since this movement is ininvisible, it will be impossible to tax.
So things which can exist in cyberspace will tend to move around tax
free.  This will include things like:

   Securities     - stocks, bonds, mutual funds
   Savings        - cash
   Profits        - 
   Information    - newsletters, magazines, databases
   Software       -

This non-taxability comes from the fact that only the parties exchanging
something in cyberspace even need to know about the exchange - and they
can encrypt everything so that nobody else knows.  It also comes from the
fact that the entities involved in commerce in cyberspace can be located
anyplace in the physical world and there are many places that do not tax
companies.

Tangible things within the territory of some government will always be
taxable by that government.  This is especially true for things where
it is desirable to have a government issued "title".  Major tax
categories will still include:

   Real-estate    - land, houses, buildings, factories
   Vehicles       - cars, boats, planes
   Tangible goods - any objects bought or sold
   Fuel           - gas, diesel, jet fuel
   People         - poll tax
   Companies      - annual registration of corporations

Income for self employed information workers will be hard to tax.  
However, for a number of years yet, most incomes will still be taxed. 

So governments will have to rework their tax base.  National sales taxes
or VATs will probably be more common.  Taxes on dividends, interest,
capital gains, etc., will fade away.

This change will be difficult, and probably the technology will move 
faster than the governments can comfortably react.  Instead of adapting to
the changes, many governments will probably try to prevent them.  These
attempts will fail - probably not even slowing things down much.

The cyberspace economy will be very close to pure capitalism.  Regulation
of cyberspace trade will be impossible.  It will not be possible to even
determine if two parties are doing business, let alone to stop them.
Initiation of force in cyberspace should be less and less of a problem as
computer systems get more secure.  Impersonation is easily prevented with
digital signatures.

This new tax base may not let governments operate in the manner to which
they have become accustomed.  Each government will be faced with the
choice of either printing more money (causing painful inflation), or
making painful cuts in programs.  This will no doubt cause some protests
and unrest, but certainly need not result in anarchy. 

    -- Vince Cate


This file should end up in:

  ftp://furmint.nectar.cs.cmu.edu/security/cypheressay





From cdodhner at indirect.com  Tue Jun  7 03:26:44 1994
From: cdodhner at indirect.com (Christian D. Odhner)
Date: Tue, 7 Jun 94 03:26:44 PDT
Subject: Keep Out--The Journal of Electronic Privacy
In-Reply-To: <cZZyjaa0iQnI065yn@ouray.denver.colorado.edu>
Message-ID: <fNyyjepAkLJ5064yn@indirect.com>


-----BEGIN PGP SIGNED MESSAGE-----

> Alan Westrope                  <awestrop at nyx.cs.du.edu>
> __________/|-,                 <adwestro at ouray.denver.colorado.edu>
>    (_)    \|-'                  finger for pgp 2.6 public key
> S,W.E.A,T!  --  graffito at Moe's Pretty Good Gym
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^--What
the hell is that??????? I've read lot 49, etc but I really
don't get it. Could you explain?


Happy Hunting, -Chris
______________________________________________________________________________
Christian Douglas Odhner     | "The NSA can have my secret key when they pry
cdodhner @ indirect.com      | it from my cold, dead, hands... But they shall
pgp 2.3 public key by finger | NEVER have the password it's encrypted with!"
cypherpunks         WOw            dCD           Traskcom          Team Stupid
  Key fingerprint =  58 62 A2 84 FD 4F 56 38  82 69 6F 08 E4 F1 79 11 
- ------------------------------------------------------------------------------
 A government mandante for key-escrow encryption in all communication
 devices would be the information-age equivalent of the government requiring
 private citizens to quarter troups in their home.

 --David Murray

PGP NSA ViaCrypt Phrack EFF #hack LOD/H 950 FBI MindVox ESN KC NUA murder
QSD Hacker DEFCON SprintNet MCI AT&T HoHoCon DNIC TRW CBI 5ESS KGB CIA
RSA Communist terrorist assassin encrypt 2600 NORAD missile explosive hack
phreak pirate drug bomb cocain payment smuggle A.P. bullets semi-auto stinger
revolution H.E.A.T. warheads porno kiddiesex export import customs deviant
bribe corrupt White House senator congressman president Clinton Gore bootleg
assasinate target ransom secret bluprints prototype microfilm agents mole
mafia hashish everclear vodka TnaOtmSc Sony marijuana pot acid DMT Nixon
yeltsin bosnia zimmerman crack knight-lightning craig neidorf lex luthor
kennedy pentagon C2 cheyenne cbx telnet tymenet marcus hess benson & hedges
kuwait saddam leader death-threat overlords police hitler furer karl marx
mark tabas agrajag king blotto blue archer eba the dragyn unknown soldier
catch-22 phoenix project biotech genetic virus clone ELINT intercept diplomat
explosives el salvador m-16 columbia cartel

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLfO4j+Kc9MdneB1xAQFXJAQAq6eVp3XVpYR6nzau97Kjzkh8NR2gY1E+
Dc1SwtPir8ljrFUg/jGE7lLdz//mNnZ+uQrlkTI3d7vp8w+65aljNRGnCCh8NCQA
1JqdbTfkryX06KbU1QPXMrlapPGPlif1uuOqpaf8Xtz8N6fLgLJM3NRtfx25BcNv
HNFQ+/WuX6Y=
=Hxj4
-----END PGP SIGNATURE-----





From rishab at dxm.ernet.in  Tue Jun  7 05:14:54 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Tue, 7 Jun 94 05:14:54 PDT
Subject: Cyberspace is by nature crime-free
Message-ID: <gate.ZB7iNc1w165w@dxm.ernet.in>


"Bradley W. Dolan" <71431.2564 at CompuServe.COM>:
> [Seabrook's rant against flaming]
> project, told me, "You won't have a Waco in Texas, you'll have 
> a Waco in cyberspace.  You could have a cult, speaking to each
> other through encryption, that suddenly erupts in society -
> well programmed, well organized - and then suddenly disappears
> again."  Therefore, in an effort to balance the good and bad

Excuse me? Will the cyberspace Waco abuse children with paddles in basement
'punishment rooms' - maybe by posting their names to alt.basement.punishment?
Will the cyberspace Waco be able to _physically_ intimidate people into acting
against their will?

The major difference between cyberspace and the world of brick houses is that
no _physical_ crime is possible - no matter what anti-porn kooks say, you 
_can't_ rape with words; or murder, or torture or kidnap. Even the pedophiles
(98.3356% of the Net's population, apparently) cannot go beyond _communication_
on the Net... Even if one agrees with the debatable criminality of consensual
sex with minors, the act itself has to be _physical_! The crime cannot be in
discussing it. What's the FBI going to do? Jail people for _talking_ about
murder, or jail _murderers_?

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh                                    They came for the Jews,
                                    and I was silent because I was not a Jew;
rishab at dxm.ernet.in                        They came for the Trade Unionists,
                                     and I did not protest, because I did not
Voice/Fax/Data +91 11 6853410                        belong to a trade union;
Voicemail +91 11 3760335      They came for the Catholics, and I said nothing
                                                because I was not a Catholic;
H 34C Saket                                        And then they came for me.
New Delhi                            There was no one left to say anything...
INDIA                                                   ----Father Niemoeller





From perry at imsi.com  Tue Jun  7 05:32:01 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 7 Jun 94 05:32:01 PDT
Subject: The Crypto Home Shopping Network
In-Reply-To: <199406062335.AAA27342@an-teallach.com>
Message-ID: <9406071231.AA10475@snark.imsi.com>



Graham Toal says:
> I think RC4 is the 32 bit cypher used in cellular phones throughout
> Europe.

No.

(RC4 is simply Rivest Cipher 4, or Ron's Cipher 4. Its a stream cipher
that RSA sells. It has nothing to do with the GSM standards.)

> Rumour has it it can be cracked in realtime.

No.

(It is true that only 40 bit key (or smaller) versions of RC4 are
exportable, and that exported RC4 is often pretty quick to crack as a
result. Even under this limited sense of the exported keysize-limited
versions, however, it isn't real time.)

> The actual
> cypher is secret though,

No.

(Its merely trade secret protected -- you get full details if you buy
a license from RSA, which is not an uncommon thing. No security
clearances or anything. If you have a copy of any one of several Lotus
or other programs you have RC4 right on your machine, and if you have
a disassembler you can likely find out exactly how it works.)

> which makes it *very* interesting that
> it'll be available in a software product.

No.

(Its available all over the place. Dozens of products in your local
computer store use it, and all are software.)

Perry





From perry at imsi.com  Tue Jun  7 05:35:20 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 7 Jun 94 05:35:20 PDT
Subject: The Crypto Home Shopping Network
In-Reply-To: <9406070122.AA17402@toad.com>
Message-ID: <9406071235.AA10491@snark.imsi.com>



Eli Brandt says:
> I dunno whether that's RC4, but RC4 is a stream cipher developed by
> Rivest.  It's not patented; instead, RSADSI licenses it only as an
> object module.

I believe you get sources if you get a source license for their stuff.
I may be wrong, but I was going through the process of getting a
license for Lehman Brothers when I was there, and I don't recall
anything about objects only for RC2 and RC4...

Perry





From agarcia at sugar.NeoSoft.COM  Tue Jun  7 06:11:41 1994
From: agarcia at sugar.NeoSoft.COM (Anthony Garcia)
Date: Tue, 7 Jun 94 06:11:41 PDT
Subject: Cyberspace is by nature crime-free
In-Reply-To: <gate.ZB7iNc1w165w@dxm.ernet.in>
Message-ID: <199406071311.AA13308@sugar.NeoSoft.COM>


rishab at dxm.ernet.in writes:

    The major difference between cyberspace and the world of brick houses
    is that no _physical_ crime is possible

Right on.  With the exception of fraud (the danger of which is
lessened by the use of appropriate cryptographic protocols in your
business transactions), cyberspace is essentially crime free.

Mind y'all, when I said "Wacos in Cyberspace: Hear, hear!"  I thinking
of the positive aspects of the former Branch Davidian community: they
were independent, effectively sovereign, and capable and willing to
defend themselves.  (Vernor Vinge's "The Ungoverned"[1] is one of my
favorite stories.)

I *am* *not* fond of their plethora of bad aspects: that they were
religious-fanatic leader-following probably-child-abusing collectivist
loonies with barely a gram of rational grey matter amongst the lot of
them.

    What's the FBI going to do? Jail people for _talking_ ... ?

I'm sure they'd like to.  It would certainly make things more... *orderly*.
"You have been found guilty of Thoughtcrime..."

Actually, in a recent case a person was threatened with jail for
exercising freedom of expression.  Underground comix artist named Mike
Diana recently was found guilty of distributing pornography; he
self-published a xeroxed zine containing his own rather raw artwork.

As part of his sentence, the judge ordered him to *never draw this
kind of stuff again*!.  Seriously: the judge ordered that the guy's
parole officer was to *make unannounced checks of the guy's house
periodically to make sure he wasn't drawing anything pornographic*!
Even if he wasn't publishing it!  [Check around on Usenet for more
details; I can't remember which newsgroups I saw this in.]

ObCrypto: Perhaps Diana could begin drawing on a Mac, and use Stego
to hide his stuff.  "Sure, officer, wanna see some of the landscapes
I've been working on?"

-Anthony Garcia
agarcia at sugar.neosoft.com

[1] Vernor Vinge's short story "The Ungoverned" is a great depiction of
anarchocapitalism in action.  Look for it in either of his collections
"Across Realtime" and "True Names and Other Dangers", both from Baen
Books, in paperback.





From jgostin at eternal.pha.pa.us  Tue Jun  7 11:32:33 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Tue, 7 Jun 94 11:32:33 PDT
Subject: (None)
Message-ID: <940607120937f8Tjgostin@eternal.pha.pa.us>


rishab at dxm.ernet.in writes:

> discussing it. What's the FBI going to do? Jail people for _talking_ about
> murder, or jail _murderers_?
     Actually, United States law has something "Conspiracy". That's where
you talk about committing a crime. There are certain limitations to it,
but essentially, idly chatting about killing someone might be construed as
a Conspiracy to do it. Therefore, yes, you _can_ go to jail for _talking_
about murder.

                                                  --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From mech at eff.org  Tue Jun  7 11:41:48 1994
From: mech at eff.org (Stanton McCandlish)
Date: Tue, 7 Jun 94 11:41:48 PDT
Subject: CP Criminal & Strong Crypto gphx. and shirts
Message-ID: <199406071841.OAA12134@eff.org>


1) who designed those graphics, and what redist. requirements if any do
you have on them?
2) where are my t-shirts?  >:)





From paul at hawksbill.sprintmrn.com  Tue Jun  7 12:09:26 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Tue, 7 Jun 94 12:09:26 PDT
Subject: CP Criminal & Strong Crypto gphx. and shirts
In-Reply-To: <199406071841.OAA12134@eff.org>
Message-ID: <9406072011.AA29011@hawksbill.sprintmrn.com>



> 
> 1) who designed those graphics, and what redist. requirements if any do
> you have on them?
> 2) where are my t-shirts?  >:)
> 

1 cvoid at netcom.com
2 cvoid at netcom.com

,-)

- paul




From ebrandt at jarthur.cs.hmc.edu  Tue Jun  7 14:41:32 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Tue, 7 Jun 94 14:41:32 PDT
Subject: CP Criminal & Strong Crypto gphx. and shirts
In-Reply-To: <9406072011.AA29011@hawksbill.sprintmrn.com>
Message-ID: <9406072141.AA01966@toad.com>


> > 1) who designed those graphics, and what redist. requirements if any do
> > you have on them?
>
> 1 cvoid at netcom.com

I think the crypto-sticker logo was Jef's, actually.

   Eli   ebrandt at hmc.edu






From mech at eff.org  Tue Jun  7 18:25:41 1994
From: mech at eff.org (Stanton McCandlish)
Date: Tue, 7 Jun 94 18:25:41 PDT
Subject: Email security user survey (fwd)
Message-ID: <199406080124.VAA23163@eff.org>


Forwarded message:
Subject: Email security user survey
Date: Fri, 03 Jun 1994 13:22:32 -0700
From: John Gilmore <gnu at cygnus.com>

Let's give Dana some data about PGP users.  Please spread...

	John

------- Forwarded Message

Subject: Request for info from Dana C. Ellingen
Date: Fri, 03 Jun 94 09:33:50 -0400
From: Mark S Feldman <feldman at tis.com>

- -----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-ID-Asymmetric: MFMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNRDE
 kMCIGA1UEChMbVHJ1c3RlZCBJbmZvcm1hdGlvbiBTeXN0ZW1zMREwDwYDVQQLEwh
 HbGVud29vZA==,06
MIC-Info: RSA-MD5,RSA,UrO04KAws35IxkK3iROrfIsWLHc5CXq84Wu9fyJBEAc
 4rwYiHlmfKYrc6j2FtIxqts+MT/KT4/De/Qr79Bdg4OW33TZ8umY4QqYmVJlWGvf
 5y7686g8+EyTEyku15Pi8


Dana C. Ellingen <ellingen at netcom.com> is preparing a special issue of
the Ferris E-Mail Analyzer on security in electronic mail, and would
like to get your input.  If any of you would like to respond to him,
send him email or get in touch with him as follows:

  Dana C. Ellingen                   Electronic Commerce Consultant
  415.726.9712 (telephone); 415.726.3093 (FAX); ellingen at netcom.com
  410 Laurel Ave., Half Moon Bay, CA  94019-1674

Following are his questions.

 Mark



Note that all answers will be "not for attribution," and will be
melded into the overall issue.

Vendors, I would like the names of several happy users of your
product, even if they have just chosen it and it is not yet installed.
I am interested in why they chose to make this move now rather than
later, as well as how happy they may be with your product.

Questions for Email Security users, for Ferris E-Mail Analyzer:

A - What form of security does your firm use for electronic mail and 
messaging?

B - Given the state of turmoil in the industry, why did you choose to be 
an "early adopter," and to put security into your forms and 
messaging applications?  Why now?

C - What problems have you had, having added security?

D - What compromises have you had to make to add security?

E - Product support:  Do you currently use (or are you considering) a 
commercial product for secure EM?  Which one?  Why?  
Are you happy with the support you are getting?

F - Interoperability:  Do you currently or do you want to exchange 
secure EM with people outside of your organization?  How do you 
deal with the interoperability problem?

G - International:  Do you have overseas offices, or do you exchange 
secure EM with persons outside of the US?  Are you concerned about 
having to cut back on your security to do this?

H - Certificates:  Do you issue certificates to your users?  

I - Certificates:  If someone else issues certificates, how do 
establish trust with that organization?

J - Certificates:  How do you verify the authenticity of a 
digital signature on a document that you receive?

K - Policy:  Does your firm have a written policy on electronic 
mail?  Can your firm read its employees' EM?  

L - Escrowed keys:  Do you keep copies of the private keys of the 
individuals in your firm?  Do you think that you should, or that 
you have the right to do so?

M - Integration:  How important is it that you have a product that is 
fully integrated with your existing mail system?

N - What did I leave out?  What else do you want to discuss?
- -----END PRIVACY-ENHANCED MESSAGE-----

------- End of Forwarded Message






From mech at eff.org  Tue Jun  7 18:31:10 1994
From: mech at eff.org (Stanton McCandlish)
Date: Tue, 7 Jun 94 18:31:10 PDT
Subject: NSA LEAKS AGAIN (fwd) ?
Message-ID: <199406080130.VAA23316@eff.org>


Forwarded message:
Subject: NSA LEAKS AGAIN
Date: Fri, 3 Jun 1994 21:55:24 -0700 (PDT)
From: Jeff Davis <eagle at deeptht.armory.com>
To: eff-activists at eff.org (eff-activists mailing list)

Thank God for anonymous remailers eff-activists.  I snagged this out of
cyberspace and can't vouch for the substance of the claim, however, relatives
of those with FTS or TS (high) security clearances are the weakest link
in the whole secrecy chain.  That I know from first hand experience.  

--------- 
  I have a close relative who is a cryptologist for the NSA. He knows much
about skipjack. he couldn't/wouldn't tell me much, of course, mainly because
the last word I use to describe him is 'human'... he's more 'asshole'... but he
said the last thing he'd trust is skipjack/clipper... he says that the
CIA/FBI/NSA/ATF will almost assuradly _NOT_ violate the escrow rules (in other
words, they _will_ get a warrant for the key halves_) however, he also said
that there are so many back doors that they don't need them.  He also said that
they are expecting people to find about 60% of these doors, and they will
correct them when found (so they have a deck of aces up thier sleves) Damn
people.  
  However, he wasn't directly involved in the clipper shit, but he does have
high clearance.  But he's an asshole, like I said. NSA people, as a
generalization, usually are.  He'd turn _me_ in if he knew I hacked.

-- 
PGP PUBLIC KEY via finger!  JAFEFFM  Speaking & Thinking For Myself!
 
* eagle at deeptht.armory.com			email info at eff.org *
*** O U T L A W S  On The  E L E C T R O N I C  F R O N T I E R ****
***** Committed to Free Public Internet Access for World Peace *****



-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
"In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich
Partners, two-thirds said it was more important to protect the privacy of
phone calls than to preserve the ability of police to conduct wiretaps.
When informed about the Clipper Chip, 80% said they opposed it."
- Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994




From mgream at acacia.itd.uts.edu.au  Tue Jun  7 19:03:56 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Tue, 7 Jun 94 19:03:56 PDT
Subject: Cyberspace is by nature crime-free
In-Reply-To: <199406071311.AA13308@sugar.NeoSoft.COM>
Message-ID: <9406080206.AA04748@acacia.itd.uts.EDU.AU>


"Anthony Garcia" wrote:

> Right on.  With the exception of fraud (the danger of which is
> lessened by the use of appropriate cryptographic protocols in your
> business transactions), cyberspace is essentially crime free.

I have to disagree with this, especially the title 'is by nature'.
Cyberspace as a communications forum still presents many opportunities
for crime as are present in physical and related communications media.
To rattle a few off the top of my head without thinking to broadly:

 - break and enter --> cracking/hacking (whatever you want to call it)
 - vilification, discrimination
 - sedition
 - inciting violence
 - fraud (as you've mentioned)
 - transfering funds, tax evasion
 - illegal business activity, false advertising
 - contempt of court
 - copyright infringment

Admittedly by the nature of cyberspace, detecting and gaining evidence
for these crimes can be more complicated than in a tangible physical
medium, but none the less these actions are still criminal. 

In fact, I think it is much better that these activities are possible
in cyberspace, since it's a better representation of the real world.
Crime is pervasive, it is naive to expect that it would fail to follow
people into cyberspace.

Matthew.

-- 
Matthew Gream
Consent Technologies
Sydney, (02) 821-2043
M.Gream at uts.edu.au





From nobody at shell.portal.com  Tue Jun  7 19:04:04 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Tue, 7 Jun 94 19:04:04 PDT
Subject: No Subject
Message-ID: <199406080205.TAA24689@jobe.shell.portal.com>


Can a registered crypto FTP account at RIPEM.MSU.EDU be accessed
via a USA-based FTP-by-mail server, assuming the correct account 
ID and password are used, and the FTPed file is destined for the 
original, USA-based email address?  Or will the use of the 
intermediate server cause the request to be rejected because the 
host ID does not match the original one specified when the 
account was opened?

If so, can PGP 2.6 be FTPed from another anonymous FTP site, 
either in the USA or abroad?  Thanks.

====





From dichro at tartarus.uwa.edu.au  Tue Jun  7 21:53:38 1994
From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn)
Date: Tue, 7 Jun 94 21:53:38 PDT
Subject: your mail
In-Reply-To: <199406080205.TAA24689@jobe.shell.portal.com>
Message-ID: <199406080453.MAA03718@lethe.uwa.edu.au>


> 
> Can a registered crypto FTP account at RIPEM.MSU.EDU be accessed
> via a USA-based FTP-by-mail server, assuming the correct account 
> ID and password are used, and the FTPed file is destined for the 
> original, USA-based email address?  Or will the use of the 
> intermediate server cause the request to be rejected because the 
> host ID does not match the original one specified when the 
> account was opened?
> 
> If so, can PGP 2.6 be FTPed from another anonymous FTP site, 
> either in the USA or abroad?  Thanks.

Just out of curiosity - could i get into trouble for keeping some US-only 
crypto stuff in my ftp directory in Australia? I've just recently created 
the directory, and i was thinking that PGP would look really nice in there...

If anyone wants to give me a copy, drop it off at 
tartarus.uwa.edu.au:/pub/dichro/incoming
 - provided, of course, that it is legal for you to do so ...:)

--
*       *       Mikolaj J. Habryn
                dichro at tartarus.uwa.edu.au
    *           "I'm just another sniper on the information super-highway."
                PGP Public key available by finger
    *           #include <standard-disclaimer.h>





From agarcia at sugar.NeoSoft.COM  Tue Jun  7 23:06:45 1994
From: agarcia at sugar.NeoSoft.COM (Anthony Garcia)
Date: Tue, 7 Jun 94 23:06:45 PDT
Subject: Cyberspace is by nature crime-free [?]
In-Reply-To: <199406080522.AA20166@sugar.NeoSoft.COM>
Message-ID: <199406080605.AA21091@sugar.NeoSoft.COM>


mgream at acacia.itd.uts.edu.au (Matthew Gream) writes:

   I have to disagree with this, especially the title 'is by nature'.
   Cyberspace as a communications forum still presents many opportunities
   for crime as are present in physical and related communications media.

Good points, I wasn't thinking far enough.  The examples you cite can
be classified as follows:

- Breaking and entering:  Yes, an obvious "cyberspace crime" which I
  unthinkingly missed.  Could perhaps be considered fraud: If you give a
  username/password to gain access, you are falsely asserting that
  you're an authorized user of that username.

- Vilification/slander/libel: Also possibly can be considered as
  fraud?  You're asserting things that are false, and people who rely on
  your false information will make bad decisions.

- Discrimination:  I don't think this should be a crime.  
  The interactions/commerce/associations that people engage in should
  be freely assented to by all parties, even if they have really
  stupid reasons for deciding to refuse.

- Sedition:  Not a crime in my book... Yay, Sedition!

- Inciting violence:  Perhaps even can be covered by fraud, if you
  stretch it hard enough:  You give people false information ("Such and
  such ethnic group are polluting our precious bodily fluids and
  should be killed") which they then rely on to make bad choices
  regarding the perpertration of violence.  Of course, the actual
  physical committing of violence is a much more serious crime.

- Transferring funds, tax evasion:  Also not a crime in my book.
  Yay Tax Evasion!

- Illegal business activity, false advertising:  False advertising
  is an instance of fraud.  I'm not sure what you mean by
  "illegal business activity."

- Contempt of court:  Hm.  Refusing to provide your decryption
  key to the judge...  Not really a crime *of* cyberspace; more
  akin to a crime of the courtroom.

- Copyright infringment:  Ah, theft of Intellectual Property.
  A tough nut in these modern times.  If you had to forge authorization
  information to get the material, then it would be fraud in the same
  sense as an unauthorized login:  You are fraudulently asserting
  that you are a paying customer.  But if the material is just lying
  around unprotected for you to pick up?  Hm...

-Anthony Garcia
agarcia at sugar.neosoft.com

P.S. Larry, if you're still lurking around here:  the "Yay Sedition!" and
"Yay Tax Evasion!" are especially for *yoooouuu*.







From jamesd at netcom.com  Tue Jun  7 23:12:16 1994
From: jamesd at netcom.com (James A. Donald)
Date: Tue, 7 Jun 94 23:12:16 PDT
Subject: Cyberspace is by nature crime-free
Message-ID: <199406080612.XAA13707@netcom.com>


 
Matthew Gream writes
> I have to disagree with this, especially the title 'is by
> nature'. Cyberspace as a communications forum still
> presents many opportunities for crime as are present in
> physical and related communications media. To rattle a few
> off the top of my head without thinking to broadly:
> 
> - break and enter --> cracking/hacking (whatever you want
>   to call it)
 
Can be limited to acceptable levels by normal precautions.
The owner ultimately has physical control, the cracker does
not.
 
>  - vilification, discrimination
 
Not a crime.
 
>  - sedition
 
Not a crime.
 
>  - inciting violence
 
Not a crime.
 
>  - fraud (as you've mentioned)
 
There is plenty of fraud, but it can be controlled by
common sense and cryptographic precautions.  (Gasp - this
post is actually slightly relevant to the Cyberpunks list.)
 
>  - transfering funds, tax evasion
 
Not a crime.  Neither of these are extraditable offenses.
 
>  - illegal business activity, false advertising
 
Not a crime, except for fraud, discussed above.
 
>  - contempt of court
 
There is plenty of contempt of court.  Courts are coming
to accept the reality that cyberspace is beyond their
power, hence not a crime.  Note that contempt of court has
never been an extraditable offense.
 
>  - copyright infringment
 
There is plenty of copyright infringement, but the old
concept of copyright does not fit well on the net, because
information is separated from its physical embodiment and
is endlessly mutable.
 
The concept of "copyright" has limited usefulness in
cyberspace.  We are returning to the older concepts of
"plagiarism" and "authenticity".  Notice how many people
were reluctant to accept PGP 2.6 until it was blessed by
Zimmerman.
 
> Admittedly by the nature of cyberspace, detecting and
> gaining evidence for these crimes can be more complicated
> than in a tangible physical medium, but none the less these
> actions are still criminal.
 
If a law cannot be enforced, or cannot be enforced except
by grossly violating someone's rights, then it is no law.
 
But cyberspace does make new offenses possible. 
 
The two new offenses of cyberspace are spamming and spoofing.
 
Both of these seem to be controlled at acceptable levels.
 
Spamming is controlled by vengeance campaigns of the
silicon cowboys and the cyber vigilantes.   The green card
lawyers were run off the net. The Armenian genocide guy is
almost within net custom, he pushes the edge but does not
obviously exceed it.
 
Serious spoofing seems rare.  In every spoofing that I have
seen the spoofer has made his true identity fairly obvious,
which is why we call it spoofing, not impersonation.  If
anyone is in real danger of malicious spoofing - for
example David Sternlight - then he should PGP sign all his
messages, thus eliminating the problem.
 
-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our    |
property, because of the kind of animals that we |         James A. Donald
are.  True law derives from this right, not from |
the arbitrary power of the omnipotent state.     |         jamesd at netcom.com





From bmorris at netcom.com  Tue Jun  7 23:27:51 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Tue, 7 Jun 94 23:27:51 PDT
Subject: CYBERSPACE IS BY NATURE C
Message-ID: <199406080627.XAA02185@netcom.com>


To: cypherpunks at toad.com

RR> sex with minors, the act itself has to be _physical_! The crime cannot
RR> discussing it. What's the FBI going to do? Jail people for _talking_ a
RR> murder, or jail _murderers_?

Uh, I think they can, and do, jail for discussing a crime.  It's called
conspiracy, and the crime does *not have to have been committed for
conspirators to be jailed.  It happened here in L.A. recently.  Some
skinheads were jailed for conspiracy to bomb an synagogue, however the
synagogue had not actually been bombed.  They went to prison.

 * RM 1.4 B0037 *
                                                                     





From wcs at anchor.ho.att.com  Tue Jun  7 23:33:20 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 7 Jun 94 23:33:20 PDT
Subject: FTP-by-mail from US sites for accessing crypto archives?
Message-ID: <9406080632.AA22571@anchor.ho.att.com>


Nobodu asks if FTP-by-mail from a US site will let outsiders
retrieve crypto.  Most of the popular crypto sites in the US
that support non-exportable materials store them in a directory
that's constantly being renamed, and require you to read a readme file
with the license material so you've been warned before they'll tell you
where it is.  Most of the popular ftp-by-email sites have tended to
be slow when I've used them :-)  So it may not work very well,
unless you catch a fast ftp-by-mail site.  MIT requires you to
telnet to ftp-dist.mit.edu and log on to register for PGP,
which is tougher to do by email.

		BIll





From mgream at acacia.itd.uts.edu.au  Wed Jun  8 00:31:10 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Wed, 8 Jun 94 00:31:10 PDT
Subject: Cyberspace is by nature crime-free
In-Reply-To: <199406080612.XAA13707@netcom.com>
Message-ID: <9406080736.AA25638@acacia.itd.uts.EDU.AU>


"James A. Donald" wrote:

> > - break and enter --> cracking/hacking (whatever you want
> >   to call it)
>  
> Can be limited to acceptable levels by normal precautions.
> The owner ultimately has physical control, the cracker does
> not.

It's still a crime, and still everpresent in cyberspace, and it still
occurs.

> >  - vilification, discrimination
>  
> Not a crime.

Is in Australia, probably in other countries as well. Naturally
there are going to be problems with international aspects of
crime in this respect, jurisdictions and so on, but those are
only technicalities -- the crime can easily occur in a localised
environment.

> >  - sedition
>  
> Not a crime.

as above.

> >  - inciting violence
>
> Not a crime.

as above.

> >  - transfering funds, tax evasion
>  
> Not a crime.  Neither of these are extraditable offenses.

as above (re. tax evasion). Does it matter if it's not extradictable ?
what happens if it occurs locally ? not all crimes require
extradition.

> >  - illegal business activity, false advertising
>  
> Not a crime, except for fraud, discussed above.

False and misleading advertising is a crime in Australia, and granted
it is a form of fraud.

> >  - contempt of court
>  
> There is plenty of contempt of court.  Courts are coming
> to accept the reality that cyberspace is beyond their
> power, hence not a crime.  Note that contempt of court has
  ^^^^^^^^^^^^^^^^^^^^^^^^^
> never been an extraditable offense.

Huh, you're asserting that because it is beyond their control, it isn't
a crime ? Whether or not it's beyond control or not does not disguise
the fact that legally it's still a crime, and the entire fact that it
is totally beyond their control is debatable. Whilst at the moment, it
seems that that is the case, who's to say things aren't going to be
instigated a little further down the track ?

That's a fairly sweeping argument that `courts are _coming to accept_
the reality ...', they've had a hard time dealing with cyberspace --
and going to have much harder times, but I don't think they're going to
just forget cyberspace.

> >  - copyright infringment
>  
> There is plenty of copyright infringement, but the old
> concept of copyright does not fit well on the net, because
> information is separated from its physical embodiment and
> is endlessly mutable.

Yup, the definition of copyright has problems in cyberspace, that is
true, but that doesn't mean it isn't a crime.

> If a law cannot be enforced, or cannot be enforced except
> by grossly violating someone's rights, then it is no law.

I don't agree with this, all these crimes _could_ be enforced to
certain extents -- and regardless of whether they can or not, they are
still crimes, still defined as crimes, and still exist to be used if
the possibility arises.

If I use a pseudonym to run a mailing list for the purpose of
discussing seditious activities and planning such activities,
regardless of how infeasable it is to associate a real name with the
pseudonym or to enforce the law, the activity is still (legally, in
terms of the laws of this nation) a crime.

Matthew.

-- 
Matthew Gream
Consent Technologies
Sydney, (02) 821-2043
M.Gream at uts.edu.au





From remailer-admin at chaos.bsu.edu  Wed Jun  8 05:51:50 1994
From: remailer-admin at chaos.bsu.edu (Anonymous)
Date: Wed, 8 Jun 94 05:51:50 PDT
Subject: No Subject
Message-ID: <199406081247.HAA01492@chaos.bsu.edu>


> From: Anthony Garcia <agarcia at sugar.neosoft.com>

> P.S. Larry, if you're still lurking around here:  the "Yay Sedition!" and
> "Yay Tax Evasion!" are especially for *yoooouuu*.

funny think about garcia, his first time ever post on c'punx was about
larry too......  strange times indeed when a newbie bursts on the scene
knowing all about us

Date: Wed, 19 Jan 1994 23:18:22 -0600
From: Anthony Garcia <agarcia at sugar.neosoft.com>
Message-Id: <199401200518.AA05127 at sugar.NeoSoft.COM>
Cc: agarcia at sugar.neosoft.com
Subject: Detweiler's SQUISH broadcast: can remailers filter out addressee?

I'm not familiar with anonymous remailer internals.  Would it be cheap
in terms of hack-time to add the capability for an anonymous remailer
to maintain a list of addresses (or address regexp's) which do not
wish to receive anonymous remailed messages?

That way, if Detweiler is sending unwanted msgs to say,
"chess-fans at foo.bar.com" via an anonymous remailer, and the readers of
chess-fans complained to the (hopefully responsive) remailer operator,
the remailer operator could add the "chess-fans" address to a "don't-
remail-to-these-folks" list so that the nice readers of chess-fans can
read mail in peace.

However, if the "Don't-mail-to-these-folks" list gets too long, it
would probably degrade remailer performance... sigh.  (remailer authors:
is this a correct assumption?)

(Perhaps the "don't-mail" addresses could be tagged with amount of time
somebody last attempted them;  addresses that no one's attempted to
hit in say, a year, could be expired.)

-Anthony Garcia
agarcia at sugar.neosoft.com
NeoSoft is a commercial access provider, not my employer.  (They didn't
demand identity verification when I signed up, either.  Yay, capitalism!)

P.S. Larry:  I didn't make the "tentacle" list in your SQUISH post?  I
feel slighted!  Please correct in the next version.





From ravage at bga.com  Wed Jun  8 05:57:12 1994
From: ravage at bga.com (Jim choate)
Date: Wed, 8 Jun 94 05:57:12 PDT
Subject: CYBERSPACE IS BY NATURE C
In-Reply-To: <199406080627.XAA02185@netcom.com>
Message-ID: <199406081256.HAA10247@zoom.bga.com>


> 
> To: cypherpunks at toad.com
> 
> RR> sex with minors, the act itself has to be _physical_! The crime cannot
> RR> discussing it. What's the FBI going to do? Jail people for _talking_ a
> RR> murder, or jail _murderers_?
> 
> Uh, I think they can, and do, jail for discussing a crime.  It's called
> conspiracy, and the crime does *not have to have been committed for
> conspirators to be jailed.  It happened here in L.A. recently.  Some
> skinheads were jailed for conspiracy to bomb an synagogue, however the
> synagogue had not actually been bombed.  They went to prison.
> 
>  * RM 1.4 B0037 *
>                                                                      
> 
 For a group to comit conspiracy they have to actually do something other than
just talk about it. For example, you and I are discussing robbing a bank over
lunch, nothing illegal about that. However(!), the instant you say "lets use
my car" or "I have a gun we can use" then you have committed conspiracy.

It is my understanding that conspiracy is a felony even if the crime is a    
misdemeanor...






From rishab at dxm.ernet.in  Wed Jun  8 06:07:05 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Wed, 8 Jun 94 06:07:05 PDT
Subject: Cyberspace is by nature crime-free
Message-ID: <gate.R90LNc1w165w@dxm.ernet.in>


f_griffith at ccsvax.sfasu.edu:

>A correction: there was no evidence that the cult in Waco was abusing
>children - that was government propaganda, part of its demonizing of
>them to justify its own atrocious actions.  The Texas welfare dept. had
>previously investigated such allegations of child abuse.  

Though someone (Time?) published a child's description of the 'punishment 
room,' that was not my contention. As the author had provided Waco as an 
example of cult criminality, my response explained why, _assuming_ such a
cult _was_ indeed criminal, it's crimes would _in no way_ occur, or be
enhanced by, the usage of the Internet. 

Any crime (apart from white collar financial fraud) has to occur in a physical
location, not in cyberspace...

Rishab





From rishab at dxm.ernet.in  Wed Jun  8 06:07:08 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Wed, 8 Jun 94 06:07:08 PDT
Subject: Crime and punishment in cyberspace - 1 of 3
Message-ID: <gate.9PemNc1w165w@dxm.ernet.in>


Uhh. When I started this thread with "Cyberspace is by nature crime-free," I
meant crime as what at least _I_ perceive as morally wrong enough to justify
the intervention of society as a whole, usually represented by functionaries
of the state - police, judiciary, etc.; and NOT what may or not be wrong in 
the eyes of existing law, which as we all know, is an ass.

Unless we want a totally "everyone for him/herself" society (which is 
contradictory - society is a framework or protocol by which individuals 
interact with each other), and become like Rwanda, say, we need the 
intervention of [police/state/society/collective] to ensure that basic social
agreements are kept - thou shalt not rape, for instance. Even anarchist Tim May
has in previous posts conceded the possible need for a police force to 
investigate murders.

Now to cyberspace...

I greatly believe in the Internet as a model for society. While there are 
incompatibilities between a society on cyberspace and one on the streets, what
is needed is an adaption of cybersociety to the "real world" NOT vice versa.

Out of all 'crimes' listed in previous posts by Matthew Gream and others, the
only one I accept as possibly requiring society intervention in the information
age is that of intellectual property. The extent of such intervention is 
debatable. 

I will summarize my attitude to the other points with this: saying that 
cracking an ordinary Unix system is fraud is like saying that walking into 
a field protected perhaps by a tattered hedge is 'breaking in.'

Unless you want a nanny state, you have to protect yourself, and your rights.
Unless you want a jungle, you have to accept intervention by agents of the 
society you live in, when protection is far to difficult for an individual.

You expect police help to catch a murderer. You don't expect police help to
catch someone who stole money that fell out of your torn pocket. (_I_ don't.)

Continued...
-----------------------------------------------------------------------------
Rishab Aiyer Ghosh                                    They came for the Jews,
                                    and I was silent because I was not a Jew;
rishab at dxm.ernet.in                        They came for the Trade Unionists,
                                     and I did not protest, because I did not
Voice/Fax/Data +91 11 6853410                        belong to a trade union;
Voicemail +91 11 3760335      They came for the Catholics, and I said nothing
                                                because I was not a Catholic;
H 34C Saket                                        And then they came for me.
New Delhi                            There was no one left to say anything...
INDIA                                                   ----Father Niemoeller





From rishab at dxm.ernet.in  Wed Jun  8 06:07:12 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Wed, 8 Jun 94 06:07:12 PDT
Subject: PGP in Australia
Message-ID: <gate.FVBmNc1w165w@dxm.ernet.in>


dichro at tartarus.uwa.edu.au:
> If anyone wants to give me a copy, drop it off at 
> tartarus.uwa.edu.au:/pub/dichro/incoming
> - provided, of course, that it is legal for you to do so ...:)

Pick up PGP versions 2.2 - 6, and the non-RSAREF 6ui, from ftp.dsi.unimi.it
/pub/security/crypt/PGP

Unless Australia forbids _importing_ crypto, not a crime. PGP 6 is the MIT 
RSAREF version, so someone violated ITAR to get it to Italy. Using it outside
the US and Canada also violates RSADSI's _copyrights_. PGP 6ui was released 
from the UK, and therefore does not violate ITAR. It doesn't use RSAREF, so it
doesn't violate RSADSI copyrights. If used in the US, it does violate RSADSI
_patents_.


-----------------------------------------------------------------------------
Rishab Aiyer Ghosh                                    They came for the Jews,
                                    and I was silent because I was not a Jew;
rishab at dxm.ernet.in                        They came for the Trade Unionists,
                                     and I did not protest, because I did not
Voice/Fax/Data +91 11 6853410                        belong to a trade union;
Voicemail +91 11 3760335      They came for the Catholics, and I said nothing
                                                because I was not a Catholic;
H 34C Saket                                        And then they came for me.
New Delhi                            There was no one left to say anything...
INDIA                                                   ----Father Niemoeller





From rishab at dxm.ernet.in  Wed Jun  8 06:07:19 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Wed, 8 Jun 94 06:07:19 PDT
Subject: Crime and punishment in cyberspace - 2 of 3
Message-ID: <gate.eqemNc1w165w@dxm.ernet.in>


The way police can help protect against murders is to patrol the streets.
The way police can help identify fraud on cyberspace is Clipper.

If you demand protection from society against cyberspace fraud, you accept
society's right to violate someone's privacy. You have to also accept their
right to violate _yours_.

Just as in brickspace (I'm getting sick of calling it the 'real world') you
try to protect yourself, _first_, and when it is socially recognized as not
possible or very difficult, the police comes in...
   Are you going to expect the police to protect you against rude language?
   No, you protect yourself by ignoring it.
   Are you going to expect the police to protect you against broken promises?
   No, it's your own failed judgement, or luck. Or you'd have a formal contract.
   Are you going to expect the police to protect you against terrorist bombs?
   I would; that's a full-time job that I'm paying them for.

In cyberspace too, where you can protect yourself with available tools - 
encryption, authentication and the other protocols we discuss here, you should
not expect police help. You should _refuse_ it. Alternatively, you should give
them the power to help you; the power to listen in to 'criminals'; the power
to identify conspiracies through communication route tracing. Sounds familiar?

Continued... (so that those who look for interesting matter in the first para 
don't ignore this ;)

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh                                    They came for the Jews,
                                    and I was silent because I was not a Jew;
rishab at dxm.ernet.in                        They came for the Trade Unionists,
                                     and I did not protest, because I did not
Voice/Fax/Data +91 11 6853410                        belong to a trade union;
Voicemail +91 11 3760335      They came for the Catholics, and I said nothing
                                                because I was not a Catholic;
H 34C Saket                                        And then they came for me.
New Delhi                            There was no one left to say anything...
INDIA                                                   ----Father Niemoeller





From rishab at dxm.ernet.in  Wed Jun  8 06:07:20 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Wed, 8 Jun 94 06:07:20 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
Message-ID: <gate.JqemNc1w165w@dxm.ernet.in>



All this brings us to a related issue - another one hinging on principles:
Do cypherpunks accept the need for wiretapping?

Wiretapping is necessary to solve many 'crimes'. If we accept that these crimes
are important enough to justify wiretapping, than there is little difference
between wiretapping analog phones and tapping data.

The EFF and other organizations have pursued the laudable goals of extending
laws guaranteeing freedom of expression, privacy etc to cyberspace, adapting 
them, as and where necessary, to the nature and technology of digital networks.

It is only to be expected that the FBI, theoretically a socially agreed upon 
body enforcing laws made by socially agreed upon legislators, to attempt to 
extend the powers granted to it for wiretapping to cyberspace. _Adapting them,
as and where necessary (eg. digital encryption), to the nature and technology
of digital networks.

If we accept the need for wiretapping, than the only problem is to find a way
to make Clipper/DTII as protective of privacy as current analog-tapping laws;
as inconvenient as current analog tapping. If we accept the need for 
wiretapping, we can find such ways. Variants of Micali's fair crypto; an open,
publicly available no-trapdoor algorithm; a requirement that, as with primitive
exchanges, DTII'd ones would still have to be visited by LEOs to work a tap,
etc. We can then respond to the various (non-serious) calls from Freeh, Denning
et al for an 'alternative'.

Or else, if wiretapping per se does more harm to privacy than it does to crime,
call for an end to wiretapping altogether.

There is an anecdote about George Bernard Shaw (or Bertrand Russell?):
At a social event, he hypothetically asks the lady next to him whether she
would sleep with him for a million pounds. For a million pounds, she says, she
migh consider it. "Would you sleep with me for sixpence, then?" he asks. 
Outraged, she replies "What kind of woman do you think I am?" His response:
"We have already established what kind of woman you are. We are just haggling
about the price."

Rishab

(ps. no offence intended -- that's an illustratory anecdote, c'est tout)


-----------------------------------------------------------------------------
Rishab Aiyer Ghosh                                    They came for the Jews,
                                    and I was silent because I was not a Jew;
rishab at dxm.ernet.in                        They came for the Trade Unionists,
                                     and I did not protest, because I did not
Voice/Fax/Data +91 11 6853410                        belong to a trade union;
Voicemail +91 11 3760335      They came for the Catholics, and I said nothing
                                                because I was not a Catholic;
H 34C Saket                                        And then they came for me.
New Delhi                            There was no one left to say anything...
INDIA                                                   ----Father Niemoeller





From frissell at panix.com  Wed Jun  8 06:27:27 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 8 Jun 94 06:27:27 PDT
Subject: Crime and punishment in cyberspace - 1 of 3
In-Reply-To: <gate.9PemNc1w165w@dxm.ernet.in>
Message-ID: <Pine.3.87.9406080905.A23938-0100000@panix.com>




On Wed, 8 Jun 1994 rishab at dxm.ernet.in wrote:

> Uhh. When I started this thread with "Cyberspace is by nature crime-free," I
> meant crime as what at least _I_ perceive as morally wrong enough to justify
> the intervention of society as a whole, usually represented by functionaries
> of the state - police, judiciary, etc.; and NOT what may or not be wrong in 
> the eyes of existing law, which as we all know, is an ass.
> 

I like to use the Common Law distiction between Malum in Se and Malum 
Prohibitum.  ("wrong because it is wrong" and "wrong because it is 
prohibited.")  There are lots of "legislative crimes" that are creatures 
of their time and place.  Cyberspace is a hard place to commit real 
wrongs in.  Those of us of a more libertarian bent think that the major 
benefit of cyberspace is that it makes certain crimes like "legislation" 
less effective.  Note that Common Law crimes were "discovered" by judges 
without legislatures.

DCF

"Was there ever anything so impolite as a group of guys sitting around 
ruling others?" 






From Richard.Johnson at Colorado.EDU  Wed Jun  8 07:19:49 1994
From: Richard.Johnson at Colorado.EDU (Richard Johnson)
Date: Wed, 8 Jun 94 07:19:49 PDT
Subject: PGP in Australia
In-Reply-To: <gate.FVBmNc1w165w@dxm.ernet.in>
Message-ID: <199406081419.IAA13340@spot.Colorado.EDU>


  From the keyboard of:  rishab at dxm.ernet.in

> Using it [MIT PGP 2.6] outside the US and Canada also violates
> RSADSI's _copyrights_.

Not so.  The RSAREF license is valid in countries outside the USA/Canada
crypto ghetto.


Richard






From DAVEOTTO at ACM.ORG  Wed Jun  8 07:31:18 1994
From: DAVEOTTO at ACM.ORG (Dave Otto daveotto@acm.org)
Date: Wed, 8 Jun 94 07:31:18 PDT
Subject: LEAF Blower Paper
Message-ID: <01HDAM6YGECI001Q24@PASCAL.ACM.ORG>


Does anyone have an ASCII version of EESPROTO.PS (Matt Blaze's paper)?
I browsed soda but couldn't find anything.

thanks,

daveotto at acm.org

| the sysadmin on my local domain didn't know what /etc/named was and deleted
| it so i have to use a VMS machine until we can rebuild it :-(

        Dave Otto -- daveotto at acm.org -- (dave at gershwin.jta.edd.ca.gov)
    "Pay no attention to the man behind the curtain!"       [the Great Oz]





From adam at bwh.harvard.edu  Wed Jun  8 08:09:07 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Wed, 8 Jun 94 08:09:07 PDT
Subject: your mail
In-Reply-To: <199406080205.TAA24689@jobe.shell.portal.com>
Message-ID: <199406081507.LAA21118@duke.bwh.harvard.edu>



| If so, can PGP 2.6 be FTPed from another anonymous FTP site, 
| either in the USA or abroad?  Thanks.

ftp.dsi.unimi.it:/pub/security/crypt/PGP has pgp 2.5, 2.6.  There are
several versions of each; a README explaining the 2.6 suffixes would
be nice.  

Adam


-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From gtoal at an-teallach.com  Wed Jun  8 08:31:50 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Wed, 8 Jun 94 08:31:50 PDT
Subject: Email security user survey (fwd)
Message-ID: <199406081532.QAA00902@an-teallach.com>


: Yes, please do give me more info.  I am trying to get all of the
: responses I can in hand by Friday of this week (June 10, 1994), before
: finishing the writing.  So speak now, or ...  Of course, if you speak later,
: that is still interesting, but it won't get into the publication.  Thanks
: for the broadcast, John. 

Have you read the article in the UK 'Computer Weekly', May 5?  It quotes
the Ferris Email Analyzer in an article on p32 which gives every impression
that the world of email is entirely running on commercial software and
that 'the market' is defined really as 'the commercial market'.  The article
went on to give recommendations for what software to get to run email and
*not one* of the 10 packages cited was freeware.  Yet 99% of the people
I talk to across the world on email are using free mailer software.

So is your article going to give equal time to net.freeware or will it
be another marketing puff?  (or was the Computer Weekly article not
representative of the FEA piece it was based on?)

If you are going to cover pgp properly, I'm available for interviews;
I work for a company that will be using pgp to protect medical patient
records for the UK national health system, and I hacked a version of the
standard Unix mailer so that it does pgp transparently.

G
PS CC'd to cypherpunks where I saw the original request.
PPS I've sent in the pro forma answers in a separate mail.





From m1tca00 at FRB.GOV  Wed Jun  8 08:35:52 1994
From: m1tca00 at FRB.GOV (Tom Allard)
Date: Wed, 8 Jun 94 08:35:52 PDT
Subject: Sternlight & PGP
Message-ID: <9406081534.AA09792@mass6.FRB.GOV>



-----BEGIN PGP SIGNED MESSAGE-----


greg at ideath.goldenbear.com (Greg Broiles) wrote:

> [...]
> 
> Derek's list is incomplete; Sternlight also alleged that there were
> "copyright problems" with PGP, insinuating that some of the code in PGP
> had been copied (or derived from) RSAREF code - he backed down pretty
> quickly when asked for substantiation. He also wrote to the administrators
> of US-based FTP sites, suggesting that PKP/RSADSI was contemplating legal
> action against them if they didn't stop making PGP available via FTP. I
> suspect (but cannot prove) that he was also the person who reported those
> FTP sites to Bidzos, thus creating the lawsuit threat that he then pretended
> to protect the FTP sites from.
> 
> He also recently wrote to Netcom administrators, encouraging them to take
> action against a user who included a public key marked 2.3a in his
> .plan file. 

Re: copyrights, I have yet to hear Herr Sternlight say that pgp23a does
not have copyright problems.  He may not be asserting that as much,
but he has yet to recant.  It all started in a discussion about NAFTA,
GATT and patents.  Someone posted a passage from GATT about expansion
of copyrights (NOT patents).  He then used that post to assert that
pgp23a infringes in Europe.  When it was pointed out that the discussion
had been about patents, he asserted that pgp23a also violated copyrights
(I think he was just too embarrassed to admit confusing patents and
copyrights).  When I last asked him directly about why he thought pgp23a
violated, he used the fact that the pgp doc's referred to itself as
"contraband" as evidence.

Re: SternCop, he wrote to support at netcom.com complaining that he had found
a pgp23a key in beker at netcom.com's .plan file.  Netcom told him that
he should take the matter up with PKP/RSADSI.  Beker posted Sternlight's
message here and I forwarded it to alt.security.pgp.  This really bugged
Sternlight and he then wrote ANOTHER letter to support at netcom.com
asserting that beker had violated his copyright.  He also sent me
a similair message and told me that he knew the Chairman of the
Federal Reserve Board and that I had better publicly apologize to him.
He warned me that his complaints about me would not go to postmaster but
rather to his own contacts.  Why he thought economists would care about
usenet is beyond me.  Anyway...  support at netcom.com told him they didn't
think beker violated his copyright and if he wanted to pursue the matter
further he should sue beker.  I have yet to hear about his complaints
about me.  If he did complain to anyone about me, they must've completely
blown him off.

Anyway, my all-time favorite Sternlight quote follows:

> Newsgroups: sci.crypt
> From: strnlght at netcom.com (David Sternlight)
> Message-ID: <strnlghtCpH991.8GK at netcom.com>
> Reply-To: david at sternlight.com (David Sternlight)
> Organization: DSI/USCRPAC
> Date: Sun, 8 May 94 05:34:13 EDT

> [...] Something did snap, and it did so
> with the death of Richard Nixon. On thinking of his achievements, and the
> way he was savagely hounded by the left all his life (not without cause, but
> not deserving of the extreme demonizing he got), I decided it was time to
> stop pussy-footing around here, and start calling jerks, cowards, hoodlums,
> and defamers for what they were. [...]

rgds-- TA  (tallard at frb.gov)
I don't speak for the Federal Reserve Board, they don't speak for me.
pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6  DE 14 25 C8 C0 E2 57 9D
              

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLfORNKAudFplx0TNAQHVeAP5AXttXRYS9gyp5xoCIRA9q91Bl6+XhKYk
nCcFxFBeSsOzde6pOXpAD5Gnyl1H3p7Dnw6vveYBtjYY06x3iG5S8ZRodkbwPIG/
PbCE+y2K155ORm+jV/Yz6ZmTtKMeS/oXWiOrvtSbabTYqH2HM3Wzp7PbNMlQ0h1b
j9PRTDDmtG4=
=Z20z
-----END PGP SIGNATURE-----





From jamesd at netcom.com  Wed Jun  8 08:55:54 1994
From: jamesd at netcom.com (James A. Donald)
Date: Wed, 8 Jun 94 08:55:54 PDT
Subject: Cyberspace is by nature crime-free
In-Reply-To: <9406080736.AA25638@acacia.itd.uts.EDU.AU>
Message-ID: <199406081555.IAA23639@netcom.com>


Matthew Gream writes
> > >  - sedition
  
I wrote:
> > Not a crime.
> 
> Is in Australia, probably in other countries as well. Naturally
> there are going to be problems with international aspects of
> crime in this respect, jurisdictions and so on, but those are
> only technicalities -- the crime can easily occur in a localised
> environment.

Witchcraft is also illegal in Australia.  When was the last 
prosecution for sedition?

During the many decades I lived in Australia there was never
a prosecution for sedition, and there was plenty of sedition.

Has the place turned totalitarian since I left?



-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our    |
property, because of the kind of animals that we |         James A. Donald
are.  True law derives from this right, not from |
the arbitrary power of the omnipotent state.     |         jamesd at netcom.com




From thad at pdi.com  Wed Jun  8 09:10:28 1994
From: thad at pdi.com (Thaddeus Beier)
Date: Wed, 8 Jun 94 09:10:28 PDT
Subject: Clipper alternatives debated
Message-ID: <9406081608.AA29855@fulcrum.pdi.com>



This was in the Mercury News business section yesterday, June 7 1994.
It looks to me like a bunch of beltway sharks circling a big pile
of money that will soon be available again...

Reprinted without permission.


Clipper substitutes suggested

* Computer and telephone industries offer alternatives to
controversial encoding system.

By Robert S. Boyd

WASHINGTON - The Clinton administration and the computer and
telephone industries are discussing ways to resolve their
conflicts over the government's plan to enable it to eavesdrop on
coded communication.

Industry representatives hope the discussions will produce a
substitute for the controversial Clipper chip, an electronic
encoding and decoding system that the government is pushing over
opposition from the computing community and privacy advocates.

Several alternatives were suggested Monday at a conference on
cryptography and privacy attended by government and industry
officials.

At the conference, Lynn McNulty, associate director for computer
security at the National Institute of Standards and Technology,
said the administration is "willing to discuss alternatives to
Clipper."

McNulty said the Commerce Department is asking industry to join
in cooperative research projects to develop cryptographic
methods, both hardware and software, that would satisfy law
enforcement agencies and also be acceptable to private business.

One industry proposal woud provide computer software to law
enforcement officials that would allow them to decode encrypted
messages by suspected criminals or terrorists.

The software would replace the Clipper Chip, a hardware device
costing about $1,000 that can be placed in telephones to scramble
conversations electronically.

"Software is much cheaper than hardware," said Steve Lipner of
Trusted Information Systems, the Glenwood Md. firm that set up
the White House computer security system.

Low-cost cryptographic software could be embedded in widely used
computer applications, such as word processors or data bases,
Lipner said. "This would be a market-acceptable way to build
cryptography into high-volume products."

Another proposal discussed at Monday's conference would let
private companies, instead of the government, keep the electronic
"keys" required to decode encrypted data and conversations.
Police or the FBI could get the key by court order, such as is now
required for wiretaps, according to Jon Roberts, president of
TECSEC Inc., a security consulting form in Vienna, Va.

"The government could subpoena the key from the bank that holds
Mafia records or from the fraudulent government contractor,"
Roberts said.

Under the Clipper chip system favored by the Clinton
administration, the key would be held "in escrow" by the
government, but, to minimize the risk of abuse, it would be split
in half. One have would be held by the Treasury Department, the
other half by the Commerce Department. A court order would be
needed to get both halves to decode a message.

Privacy experts protest that splitting the key between two
departments of the executive branch offers little protection
against a rogue administration.

A third proposal discussed Monday, therefore, was to give one
half of the electronic key to the legislative or judicial branch
of government.

The Department of Justice has already ordered 9,000 Clipper chips
for distribution to federal, state, and local law enforcement
agencies. McNulty said no decision has yet been made to use the
chip in other departments.

A gloomy note was struck by Susan Landau, a staff member of a
special government-industry committee on cryptography that was
created to give Congress recommendations on how to balance the
government's needs with those of business.

After months of study, the committee, organized by the ACM, a
major industry trade group, was unable to agree on what should be
done. The committee will publish a report in July that simply
identifies unresolved issues for continued debate. They include
the cost of cryptographic security, the needs of law enforcement,
national security, international trade, privacy and civil
liberties, Landau said.






































Thad Beier  Pacific Data Images  408)745-6755  thad at pdi.com







From jamesd at netcom.com  Wed Jun  8 09:15:39 1994
From: jamesd at netcom.com (James A. Donald)
Date: Wed, 8 Jun 94 09:15:39 PDT
Subject: PGP in Australia
In-Reply-To: <gate.FVBmNc1w165w@dxm.ernet.in>
Message-ID: <199406081615.JAA25506@netcom.com>


rishab at dxm.ernet.in writes
> Using [PGP 2.6] outside
> the US and Canada also violates RSADSI's _copyrights_.

False:  The RSADSI license does not prohibit copyright.

The one of the notes distributed with PGP 2.6 comments
that export violates US ITAR laws.


-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our    |
property, because of the kind of animals that we |         James A. Donald
are.  True law derives from this right, not from |
the arbitrary power of the omnipotent state.     |         jamesd at netcom.com




From jamesd at netcom.com  Wed Jun  8 09:43:52 1994
From: jamesd at netcom.com (James A. Donald)
Date: Wed, 8 Jun 94 09:43:52 PDT
Subject: PGP in Australia
In-Reply-To: <199406081615.JAA25506@netcom.com>
Message-ID: <199406081644.JAA28457@netcom.com>


Oops.  Garbled message.  What I meant to say was of course

rishab at dxm.ernet.in writes
> Using [PGP 2.6] outside
> the US and Canada also violates RSADSI's _copyrights_.

False:  The RSADSI license does not prohibit exportt.

One of the notes distributed with PGP 2.6 comments
that export violates US ITAR laws.


-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our    |
property, because of the kind of animals that we |         James A. Donald
are.  True law derives from this right, not from |
the arbitrary power of the omnipotent state.     |         jamesd at netcom.com




From an49 at desert.hacktic.nl  Wed Jun  8 09:48:36 1994
From: an49 at desert.hacktic.nl (an49 at desert.hacktic.nl)
Date: Wed, 8 Jun 94 09:48:36 PDT
Subject: Windows PGP and remailer list
Message-ID: <199406081647.AA25161@xs4all.hacktic.nl>


1.  What is the best implementation of a Windows GUI for
PGP out there?

2.  Where do I 'finger' to get the latest remailer list?

thanks,

-----------------------------------------------------------------------------
This message was mailed through the remailer anon at desert.hacktic.nl
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to kafka at desert.hacktic.nl
For help, send a message to help at desert.hacktic.nl. Send a message
ping at desert.hacktic.nl to allocate an anonymous account.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQBNAi2+t1EAAAECALUS6KI7WLBB47y5dDIN+vHAW2XLxu+ELJCNkHLKYxhAr6vY
Ku1e9oMry+bHizW8wCt0JPWMlnzZOkhZplIGsqkABRG0O0Rlc2VydCBBbm9ueW1v
dXMgUmVtYWlsaW5nIFNlcnZpY2UgPGFub25AZGVzZXJ0LmhhY2t0aWMubmw+iQBV
AgUQLb63vZRymF15lPcFAQF88AH/TdqfNlZ2uNH/CpQiy6BneDa0+FJTmBFgy5W+
wcpbsljOFFheH3zz5zA2rkpxIBoy/nd4vQ9kaa6fc1TkVMeBfokAlQIFEC2+t6C+
ZjYIMi0DBQEBT4YD/0NK9fCG8JjE0fS/0SlFshWAGSZxUYREKoQiwo8/ZPEbORHa
+a6E8mXOjy7XHVH00S8/1aOO+ji89FFY2aVNqVVDfZI53er9pZAeNSQ1mvD7isor
B3IOQ+WeKgXL/IvOEaZro0ZA/FWtry0Ty7RZbPwX4j1TkBTxlRI08e2dG7YI
=MfIT
-----END PGP PUBLIC KEY BLOCK-----







From jamesd at netcom.com  Wed Jun  8 09:52:06 1994
From: jamesd at netcom.com (James A. Donald)
Date: Wed, 8 Jun 94 09:52:06 PDT
Subject: Crime and punishment in cyberspace - 1 of 3
In-Reply-To: <gate.9PemNc1w165w@dxm.ernet.in>
Message-ID: <199406081651.JAA29344@netcom.com>


rishab at dxm.ernet.in writes
> Unless we want a totally "everyone for him/herself" society (which is 
> contradictory - society is a framework or protocol by which individuals 
> interact with each other), and become like Rwanda,

Rwanda was and is a police state.  If the revolutionaries win, as
seems likely, it will become a more law abiding police state.

-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our    |
property, because of the kind of animals that we |         James A. Donald
are.  True law derives from this right, not from |
the arbitrary power of the omnipotent state.     |         jamesd at netcom.com




From koontzd at lrcs.loral.com  Wed Jun  8 10:27:46 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Wed, 8 Jun 94 10:27:46 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
Message-ID: <9406081725.AA22933@io.lrcs.loral.com>


>If we accept the need for wiretapping, than the only problem is to find a way
>to make Clipper/DTII as protective of privacy as current analog-tapping laws;
>as inconvenient as current analog tapping. If we accept the need for
>wiretapping, we can find such ways. Variants of Micali's fair crypto; an open,
>publicly available no-trapdoor algorithm; a requirement that, as with primitive
>exchanges, DTII'd ones would still have to be visited by LEOs to work a tap,
>etc. We can then respond to the various (non-serious) calls from Freeh, Denning
>et al for an 'alternative'.

The problem is that the Genie of strong cryptography is out of the bag.  A
large part of the internet community is capable of implementing strong
crypto.  Given a publicly available no-trapdoor algorithm, requiring the
'source' be visited, denies wiretap capabilities.  The LEO follows the
flow of information further and further upstream/down stream, noting that
encryption is used.  Eventually one follows the communications media
directly to someones office/residence/car/pocket (which implies bugs
instead of wiretaps).  On the pro-wiretap side this is unacceptable.
On the anti-wiretap side, what we see is the result of haggling over
the price, provisions for wire and control records, which provide for
fishing expeditions in the event the traffic is not particularly
enlightening.

As a corallary, allowing wiretapping but making them extremely expensive
and dangerous to use could be explored - again haggling over the price.
One can imagine making the LEO requesting a tap personally at risk for
draconian retribution in terms both civil and criminal.

It is unclear whether the antis should be prepared to negotiate at all.
There is historical precedence by the U.S. supreme court to suggest that
the right to privacy is absolute.  The problem is that contrary to the
Radio Act of 1934 and various other statutes covering public utility
provided communications, the right to privacy is not being respected
for electronic forms of expression.

Before negotiating to give anything away, this issue should be satisfied.
Hence the direction of a lot of groups like EFF, etc.

The arguments go that no one has an expectation of privacy on unprotected
media.  The answer to that is to use strong crypto.  The second level
argument is that this denies the 'traditional' monitoring for law
enforcement purposes of communications that had no expectation of privacy.
Well I expect privacy with strong encryption.  Tough teat.

But then criminals will have privacy!  (It may be their constitutional right.)

I'm not particularly shocked to hear that someone may commit a crime in
private.

There should be compelling proof to show the needs of society overide
the rights of the individual (in a republic).  The arguments put forth
by the pro-wiretap sides are inadequate to that determination, relying
instead of emotional appeals and other propaganda.





From tcmay at netcom.com  Wed Jun  8 11:00:11 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 8 Jun 94 11:00:11 PDT
Subject: Crime and punishment in cyberspace - 1 of 3
In-Reply-To: <gate.9PemNc1w165w@dxm.ernet.in>
Message-ID: <199406081759.KAA08528@netcom.com>



I've stayed out of this thread on what's criminal and what's not,
mainly because I'm spending all my waking hours (and more) trying to
finish up the %&*#$%^$ FAQ, but I perk up when my name is mentioned:

rishab at dxm.ernet.in said:

> Unless we want a totally "everyone for him/herself" society (which is 
> contradictory - society is a framework or protocol by which individuals 
> interact with each other), and become like Rwanda, say, we need the 
> intervention of [police/state/society/collective] to ensure that basic social
> agreements are kept - thou shalt not rape, for instance. Even anarchist Tim May
> has in previous posts conceded the possible need for a police force to 
> investigate murders.

But generally I don't favor such governmental police forces, and
especially not national police forces. (That is, cops should be
local to the community...and perhaps even privately
contracted-for...no time here (or direct relevance) to go into how
such privatization works.)

The Rwanda example is especially important. It is mainly two rival
"statist" camps that are killing civilians, butcheing members of the
rival camp, etc. And of course the farmers and peasants were long ago
disarmed by the Tutsi and Hutu "governments," in the interests of
ensuring safety and order (codewords), with predictable results.

Same thing happened in Somalia...jeep-loads of teenaged "soldiers"
terrorizing, raping, looting, and pillaging. A familiar pattern.

States and statists have killed several hundred million people this
century, in various purges, forced famines, holocausts, etc. (the
names of Stalin, Hitler, Mao, and Pol Pot come to mind). This makes
the "dangers" of cyberspatial pedophiles and tax cheats rather
invisible by comparison.

I don't often rant here about crypto anarchy, having written about it
extensively, but it's important for folks to understand that it is not
about tearing down all governments and adopting a "red of tooth and
claw" jungled survival situation. Rather, it involves personal forms
of withdrawing from the system of government, to various extents.
Initially in cyberspace--just like this list (this list spans many
nations, with no intervention by states, no legal system...sounds like
"anarchy" to me...). As tax collection wanes, as interactions in
cyberspace come to be even more important than they are today, crypto
anarchy becomes more important.

But of course nobody is forced into this...they can vote in their
local elections, appoint censors of what they see in non-crypto
channels, vote to tax transactions they can identify, and form armies
to invade North Korea for the "sin" of doing what our "friends" like
South Africa, Israel, and even Risha's own India have been doing for
20 years. (Sorry to digress on this last point, and I have no brief
for North Korea....I just hate Orwellian propaganda disguising
hypocrisy.)

Enough on anarchy for now. Back to the FAQ.

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Wed Jun  8 11:18:24 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 8 Jun 94 11:18:24 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
In-Reply-To: <gate.JqemNc1w165w@dxm.ernet.in>
Message-ID: <199406081817.LAA10664@netcom.com>


rishab at dxm.ernet.in said:

> All this brings us to a related issue - another one hinging on principles:
> Do cypherpunks accept the need for wiretapping?
> 
> Wiretapping is necessary to solve many 'crimes'. If we accept that these crimes
> are important enough to justify wiretapping, than there is little difference
> between wiretapping analog phones and tapping data.

As an anarchist, anarchocapitalist, crypto anarchist, etc., I prefer
to think in different terms. I don't think in terms of "rights," but
in terms of avoidance. 

Some points on wiretapping and privacy:

* If I suspect someone is plotting against me--perhaps I suspect my
neighbor across the street is preparing to torch my house--I'd have
no problem placing microphones so as to hear him. Or bugging a
girlfriend I suspected of planning to kill me for my money.

(These are personal statements, to show that I'm not a moral
absolutist, a believer in abstractions over practicality.)

* If someone else tries to wiretap or bug me, I'll seek ways to bypass
this. To fight back.

* If a band of folks called "the government" seeks my vote to "allow"
wiretaps and bugs, I'll generally shrug and still try to avoid such
laws. (I'll admit to some ambivalence and confusion here....I can
support _some_ government wiretaps, as in kidnapping cases, bomb
plotters, etc., and not others. Mostly I view governments as having no
more moral authority than I have, or that others have.)

* If, however, governments seek my approval to pass laws making
curtains illegal (because it makes surveillance harder), or requires
"conversation escrow" (all conversations must be taped, with a copy of
the tape filed with the police), and so on, then I will strongly
oppose these laws.

I don't know if this clarifies things. My preference is to avoid
talking about the "right to wiretap" and instead to take steps to make
it harder for a band of thugs to do so.

Things will get very complicated in the next few years, as sensor
technology and other privacy-invading technology gets dramatically
more powerful. To name but one example, video technology and
storage/search technology makes it trivially possible to place
traffic-monitoring cameras ubiquitously...it makes the Chaumian issues
of digicash toll payments moot. (Source on this: my brother works for
City of Los Angeles traffic department....deploying high resolution
cameras at intersections is one of his projects.)

So, do we argue for "rights" of privacy? Or do we monkeywrench such
technologies? Or do we develop tools and systems to protect our own
privacy as best we can?

Tough choices.

Thanks to Rishab for raising these issues again.


--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From jgostin at eternal.pha.pa.us  Wed Jun  8 11:20:29 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Wed, 8 Jun 94 11:20:29 PDT
Subject: (None)
Message-ID: <940608131840c0Gjgostin@eternal.pha.pa.us>


Jim choate <ravage at bga.com> writes:

>  For a group to comit conspiracy they have to actually do something other 
> than
> just talk about it. For example, you and I are discussing robbing a bank over
> lunch, nothing illegal about that. However(!), the instant you say "lets use
> my car" or "I have a gun we can use" then you have committed conspiracy.
     My (non-professional) understanding is that conspiracy just requires
intent to commit a crime. Two people sitting around a table, throwing
around hypothetics is no big deal. Two people, sitting around a table,
making plans, OTOH, is.

> It is my understanding that conspiracy is a felony even if the crime is a    
> misdemeanor...
I think you're right, although I'm not sure I understand that rationale
behind it...

                                   --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From rishab at dxm.ernet.in  Wed Jun  8 11:50:18 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Wed, 8 Jun 94 11:50:18 PDT
Subject: Tim Merlin's Holy FAQ
Message-ID: <gate.iJXmNc1w165w@dxm.ernet.in>


Tim May said:
[ I've re-ordered his para's ]

> to invade North Korea for the "sin" of doing what our "friends" like South 
> Africa, Israel, and even Risha[b]'s own India have been doing for 20 years

Actually Uncle Sam frequently makes noises about India's arsenal, and India
responds with cries of "hypocrisy! global disarmament!"...

> I've stayed out of this thread on what's criminal and what's not,
> mainly because I'm spending all my waking hours (and more) trying to
> finish up the %&*#$%^$ FAQ, but I perk up when my name is mentioned:
> ...
> Enough on anarchy for now. Back to the FAQ.

Well, we are _really_ expecting a 5 Mb FAQ now! Every week adds another meg ;-)

> --Tim May


-----------------------------------------------------------------------------
Rishab Aiyer Ghosh                                    They came for the Jews,
                                    and I was silent because I was not a Jew;
rishab at dxm.ernet.in                        They came for the Trade Unionists,
                                     and I did not protest, because I did not
Voice/Fax/Data +91 11 6853410                        belong to a trade union;
Voicemail +91 11 3760335      They came for the Catholics, and I said nothing
                                                because I was not a Catholic;
H 34C Saket                                        And then they came for me.
New Delhi                            There was no one left to say anything...
INDIA                                                   ----Father Niemoeller





From ghio at cmu.edu  Wed Jun  8 11:59:41 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Wed, 8 Jun 94 11:59:41 PDT
Subject: Remail: It's impossible to make anything foolproof, because fools are so ingenious
Message-ID: <9406081856.AA16808@toad.com>


I've had a lot of people make mistakes when using my remailer.  Maybe this
is common to happen to most people who run remailers, but the large number
of mistakes surprised me.  To eliminate the clutter in my inbox, I
modified my remailer to check the first line of the message for an Anon-To:
or Request-Remailing-To: header, in case the person forgot the double colon.
If the first line is blank, it checks the second.  This seems to have taken
care of most of the problems.

But somehow, someone figured out how to defeat my efforts and mess up anyway:
They began with the header Encrypted: PGP and then followed it with an
unencrypted message...





From rishab at dxm.ernet.in  Wed Jun  8 12:02:15 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Wed, 8 Jun 94 12:02:15 PDT
Subject: A million dollars and DC Nets
Message-ID: <gate.g9XmNc1w165w@dxm.ernet.in>



Singapore offers a new, get-rich-quick oppurtunity especially for Americans.
Inspired by the case of Michael Fay, who spray-painted ("vandalized") cars and
was caned, and now, according to his agent will make $1,000,000 appearing on
talk shows, plus "at least $500,000" for pictures of his scarred buttocks, the
Singapore office of external publicity has announced special, 3-month visas for
vandalizers. The only condition - they must say, on each talk show appearance,
"But the computerized city management system is so fucking efficient!"

ObCrypto: Anyone interested in an experimental DC-Net implementation with all
the usability of tcp or ethernet?

Rishab, who is rather amused by the economics of crime

ps. what's the "Ob" in "Ob Crypto"?

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh                                    They came for the Jews,
                                    and I was silent because I was not a Jew;
rishab at dxm.ernet.in                        They came for the Trade Unionists,
                                     and I did not protest, because I did not
Voice/Fax/Data +91 11 6853410                        belong to a trade union;
Voicemail +91 11 3760335      They came for the Catholics, and I said nothing
                                                because I was not a Catholic;
H 34C Saket                                        And then they came for me.
New Delhi                            There was no one left to say anything...
INDIA                                                   ----Father Niemoeller





From frissell at panix.com  Wed Jun  8 12:26:38 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 8 Jun 94 12:26:38 PDT
Subject: Matt in Newsweek
Message-ID: <Pine.3.87.9406081504.A22797-0100000@panix.com>


Catch page 60 of the June 13th Newsweek - "Foiling the Clipper Chip" for 
an article on Matt.

Pull quote "Has the National Security Agency foisted a nightmare on itself?"

DCF






From jamiel at sybase.com  Wed Jun  8 12:27:16 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Wed, 8 Jun 94 12:27:16 PDT
Subject: Remail: It's impossible to make anything foolproof, because fools areso ingenious
Message-ID: <9406081926.AA03650@ralph.sybgate.sybase.com>


At 11:55 AM 06/08/94 -0700, Matthew Ghio wrote:
>I've had a lot of people make mistakes when using my remailer.  Maybe this


Out of curiousity, how do you handle this mail? The thought occurred to me
once in thinking about the ethics of remailers. What do you do with it?






From rishab at dxm.ernet.in  Wed Jun  8 13:01:37 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Wed, 8 Jun 94 13:01:37 PDT
Subject: A million dollars and DC Nets
Message-ID: <gate.s51mNc1w165w@dxm.ernet.in>


Jim McCoy <mccoy at ccwf.cc.utexas.edu>:
> > ObCrypto: Anyone interested in an experimental DC-Net implementation with all
> > the usability of tcp or ethernet?
> 
> Sure, you have one?  Is it based upon just the stock DC-net methods (Chaum
> 88) or does it include any of the disruption detection and fail-stop
> broadcast methods outlined in more recent papers?

I'm working on one. I'd appreciate references to the improvements you've 
mentioned; I'll outline my own improvisations in a future post. I've tried to
address issues such as the left and the right partner conspiring to identify
the output of the middle one, etc.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh                                    They came for the Jews,
                                    and I was silent because I was not a Jew;
rishab at dxm.ernet.in                        They came for the Trade Unionists,
                                     and I did not protest, because I did not
Voice/Fax/Data +91 11 6853410                        belong to a trade union;
Voicemail +91 11 3760335      They came for the Catholics, and I said nothing
                                                because I was not a Catholic;
H 34C Saket                                        And then they came for me.
New Delhi                            There was no one left to say anything...
INDIA                                                   ----Father Niemoeller





From blancw at microsoft.com  Wed Jun  8 13:42:24 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Wed, 8 Jun 94 13:42:24 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
Message-ID: <9406081944.AA07181@netmail2.microsoft.com>


From: Timothy C. May

" . . .I don't think in terms of "rights," but in terms of avoidance.
	. . . . .
* If I suspect someone is plotting against me--perhaps I suspect my
neighbor across the street is preparing to torch my house--I'd have
no problem placing microphones so as to hear him. Or bugging a
girlfriend I suspected of planning to kill me for my money."

	If your neighbor or girl"friend" were plotting against you using 
email, they could avoid your spying using PGP and anonymous remailers.	

"So, do we argue for "rights" of privacy? Or do we monkeywrench such
technologies? Or do we develop tools and systems to protect our own
privacy as best we can?"

You could argue and and still not be understood or agreed with.   The 
concept of "rights" is really only meaningful in the context of a group 
of people, a society which has agreed to band together for some 
purpose.  But since it can't be guaranteed that anyone would be 
educated on the matter of observing the delineated rights, or that 
having been educated they would respect them and observe limits upon 
themselves in regard of these rights, it would be unwise to desist from 
the development of the tools and systems for self-protection.   I can't 
see where any anarcho-type, or any rational person, would give up the 
liberty to be creative in developing the ideas which one could get for 
the design of tools & systems per se, some of which could be applied to 
privacy or personal safety  (although there could be objections to 
making them commercially available).

Blanc







From ghio at cmu.edu  Wed Jun  8 13:50:43 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Wed, 8 Jun 94 13:50:43 PDT
Subject: Remailers: What to do with improperly addressed anon mail?
Message-ID: <9406082049.AA18585@toad.com>


jamiel at sybase.com (Jamie Lawrence) asked:

> Out of curiousity, how do you handle this mail? The thought occurred to me
> once in thinking about the ethics of remailers. What do you do with it?

Well, what should I do with it?  Sometimes I send them a note and tell them
what they did wrong...  but sometimes people then get upset because they
think I'm spying on them or reading their mail or something.  So other times
I just delete it and let them figure it out on their own.





From jim at bilbo.suite.com  Wed Jun  8 14:33:14 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Wed, 8 Jun 94 14:33:14 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
Message-ID: <9406082131.AA10760@bilbo.suite.com>



> The concept of "rights" is really only meaningful in the
> context of a group  of people, a society which has agreed to
> band together for some  purpose.  But since it can't be
> guaranteed that anyone would be educated on the matter of
> observing the delineated rights, or that having been
> educated they would respect them and observe limits upon 

> themselves in regard of these rights, it would be unwise
> to desist from  the development of the tools and systems
> for self-protection.
> 


Rather than spending effort developing technology for self-protection,  
wouldn't it be better to spend effort developing a society in which  
self-protection is unnecessary?  Think of all the energy and resources  
that would be saved if people just got along.  I think the cypherpunks  
should redirect their efforts into the fields of genetics and human  
behavior.  Better people make a better world.  A committee should be  
formed to develop specifications describing a good person.  The committee  
could then launch a program to guide society to a future where everyone  
met or exceeded the recommended specifications.  The project would include  
frequent quality assurance testing to guarantee rapid convergence to the  
desired goals.  Individuals who did not meet the specifications would be  
removed from the program.


Citizen-Unit Miller






From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Wed Jun  8 15:00:21 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Wed, 8 Jun 94 15:00:21 PDT
Subject: URL for Perpetual Traveler / Previous Taxpayer
Message-ID: <771112646/vac@FURMINT.NECTAR.CS.CMU.EDU>



What follows is from:

   ftp://furmint.nectar.cs.cmu.edu/security/perpetual-traveler.html

 -- Vince

---------------------------------------------------------

<HEAD>
<TITLE> Vince Cate's Perpetual Traveler Page </TITLE>
</HEAD>

<P>
Welcome to
<A HREF=ftp://furmint.nectar.cs.cmu.edu/security/perpetual-traveler.html>
Vince Cate's perpetual traveler page.</A>
Send comments to me at vac at cs.cmu.edu.

<P>
The "Perpetual Traveler" can be a "Previous Taxpayer".
People traveling through a country do not have to pay income
taxes etc. while they are in that country, even if they are
there for 3 to 9 months (depends on country).  If you can 
work over the net, it is possible to work from anyplace.  The 
IRS says that a US citizen has to be out of the country for 
330 days of the year to not owe any taxes on your first $70,000.  
So by moving from country to country you can legally avoid taxes.  

<P>
A home that can move around the world is not really more 
expensive than home that does not move.  For example, the
65 foot long sailboat the "MacGregor 65" is only $149,000 new.
This is a good price, and that is probably why they can say
"best selling large yacht in history".  One family, or 2 couples, 
could be very comfortable on a boat of this size.  It will do 
over 10 knots under power and 20 under sail.  For free information
from MacGregor call (714) 642-6830.

<P>
After the 3 months, or whatever, that the country will let you
visit, you can pull up anchor and go on to another country.
At 250 miles per day, it would not take long to get to 
another country, especially in the Carribean where some island
countries are 20 miles apart.

<P>
Boats cost a bit more to operate/upkeep than a house, but they do 
not have property tax.  In PA the property tax is about 3%. 
For a house as expensive as the MacGregor 65 this is $4,500/year.
Note that a self employed person inside the USA needs to earn like 
$9,000 to have enough "after tax" money to pay $4,500 property tax.  
If you only move the boat 4 times a year, the annual costs are 
probably between these two numbers.

<P>
You can always rent out a room on your boat.  Strange as it sounds,
it seems you can charge more for the rent of one room than you would
be paying in mortgage payments for the whole boat.  

<P>
So with this type of life style, one need not hassle with social 
security tax, income tax, health tax, property tax, investment taxes, 
etc.  On top of having far more money and freedom, you don't have 
the paperwork!

<P>
At this time there is no mailing list for exactly this topic, but 
there are 2 mailing lists that are probably of interest.  
The
<A HREF=ftp://furmint.nectar.cs.cmu.edu/flotilla/flotilla> flotilla mailing list</A>
is for a group of people that plan to all share one full internet
connection by keeping their boats within radio range of each other.
The second is the 
<A HREF=ftp://furmint.nectar.cs.cmu.edu/flotilla/live-aboard> 
live-aboard mailing list</A>
for people that either live on boats or want to.

<P>
I keep a file on 
<A HREF=ftp://furmint.nectar.cs.cmu.edu/flotilla/wireless.email>
how to get wireless email </A>
while you are on your boat.

<P>
Charles Vollum wrote up an article on 
<A HREF=ftp://furmint.nectar.cs.cmu.edu/flotilla/ham.radio.email>
how to use ham radio for email. </A>

<P>
I also have a list of 
<A HREF=ftp://furmint.nectar.cs.cmu.edu/security/banks>
banks good for world travelers </A>
and a 
<A HREF=ftp://furmint.nectar.cs.cmu.edu/security/README.html>
cypherpunk page. </A>

<P>
<H3><A href=ftp://alex.sp.cs.cmu.edu/www/vincent-cate.html>Vincent Cate</A></H3>







From cort at ecn.purdue.edu  Wed Jun  8 15:01:23 1994
From: cort at ecn.purdue.edu (cort)
Date: Wed, 8 Jun 94 15:01:23 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
In-Reply-To: <9406082131.AA10760@bilbo.suite.com>
Message-ID: <199406082200.RAA20783@en.ecn.purdue.edu>


> Rather than spending effort developing technology for self-protection,  
> wouldn't it be better to spend effort developing a society in which  
> self-protection is unnecessary?

[...]

> Individuals who did not meet the specifications would be  
> removed from the program.

Ahhhh, good news.  This program is well underway!  Many intermediate
successes to report and major milestones achieved.

It's never too late (or too early) to be "removed" from the program!




From blancw at microsoft.com  Wed Jun  8 15:55:06 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Wed, 8 Jun 94 15:55:06 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
Message-ID: <9406082156.AA19192@netmail2.microsoft.com>


From: Jim Miller

Better people make a better world.  A committee should be
formed to develop specifications describing a good person.  The committee
could then launch a program to guide society to a future where everyone
met or exceeded the recommended specifications.
...............................

Better yet, why not build your own!

With the growing field of robotics & nanotechnology, you could just 
grow your own version of the perfect citizen (all in your own image of 
virtue&morality). There would be no objections, then, to "frequent 
quality assurance testing to guarantee rapid convergence to the desired 
goals.  [Automatons] who did not meet the specifications would be 
[rewired into] the program."

And there would be no protests or rants regarding privacy, since there 
would be no need, since everyone would be alike and predictable in 
their "values" & "ambitions".

Blanc









From an50 at desert.hacktic.nl  Wed Jun  8 16:33:39 1994
From: an50 at desert.hacktic.nl (an50 at desert.hacktic.nl)
Date: Wed, 8 Jun 94 16:33:39 PDT
Subject: Censoring the Internet
Message-ID: <199406082333.AA21080@xs4all.hacktic.nl>


: GG> In another vien, it was noted that a David Southerland of the National
: GG> Advisory Council on the Information Highway stated that the council was
: GG> advising the Canadian Government on the regulation and control of the
: GG> 'net, and were pushing for a means of tracing messages sent through the
: GG> Internet [Does anyone know who these people are?, where they come from?].

: David Sutherland headed the organizing committee for the National
: Capital FreeNet and currently holds the positions of Chairman of the
: Board of Directors and acting President. Mr. Sutherland is Director of
: Computing and Communications Services at Carleton University in
: Ottawa. His major interests in this context are public literacy in the
: use of telecommunications technology and services, the social impacts
: of these services and the development of a "new democratic process"
: via computer mediated communications.

>Now isn't this gentleman also the person who recommended (and possibly 
>decided upon) the banning of the alt.sex* newsgroups at Carleton University?


"Electronic democracy" and "accountability", when applied to the
Internet, are being used as nice-sounding buzzwords that coverup
their practical consquences: the oppression of intellecual and
political minorities, and the conversion of the Internet from 
a decentralized system, relatively free of coercion, into a 
centralized, politically controlled "Information Superhighway", 
a convenient metaphor for centralized government takeover of 
the next generation media, on which our ability to freely
express ourselves depends.

The agenda of people like David Sutherland, L.Detweiler's
friend at the NSA who rants about a "Waco in cyberspace",
Al Gore, and their ilk runs along the lines of the following:

* identification and tracking of all posters and other Internet
users for the purpose of "accountability", ie, the ability to 
threaten and apply coercive retaliation
for expressing views that embarass them .  The targets
for censorship are for now not explicitly political (except
for such universally loathed groups as Nazis), but
rather selective enforcement of vague notions such as 
"obsecenity", "harrassment", etc.   These serve to set
precedents to allow further centralization and control in
the future.  These bullies call people who wish to 
speak free of such threats, such as anonymous posters, 
"cowards" because we do not wish to submit to their threats.

* attack against "pseudospoofing" (the alleged use of
multiple pseudonyms to make it appear more people favor
a point of view).  Many "electronic democracy" fans worship
the results of opinion polls rather than thinking for themselves; 
they get truly pissed by the possibility that their lemming 
mentality could be manipulated.  As freinds of the status quo,
they ignore the fact that modern centralized media can manipulate our
view of "popular" opinion far more radically than "pseudospoofing" 
possibly could.  As L.Detweiler (aka tmp at netcom.com) has quite 
unintentionally demonstrated, it is very difficult to maintain 
even a few vocal pseudonyms in practice without folks catching
on.  

* imposing radical, unprecedented controls on cyberspace to 
promote outmoted varieties of commerce (enforcement of some
kinds of copyrights and patents recognized by some jurisdictions, 
attempts to resolve commercial non-repudiation problems in ways 
that require elimination of privacy on the Internet, etc.) instead of 
working on new forms of free enterprise that complement, rather
than destroy, the freedom and privacy available on the Internet
(multinational small business, privacy preserving
digital cash, etc.).  For "Info Superhighway" fans, "the needs
of commerce" can provide nice-sounding excuses to kill free 
enterprise.

* similarly, extending outmoded forms of government operation,
such as Canada's ban on media coverage of certain court trials,
attempts to enforce collection of taxes on international
information exchange, and attempts to monitor "conspiracies"
(broadly enough defined to cover any group talking about things
that threaten them, and might be illegal somewhere).
The way they propose to avoid these "threats" is, again, 
to radically alter the entire Internet (not just Usenet) 
by instituting panoptic monitoring and content control.
Many politicians and fans of the status quo would rather
impose 1984 than adapt their operations to the coming
era of private, and even cheaper, worldwide communications.

* calling for "community standards" for a network that
criss-crosses communities that include, by no means at
the extremes, both Baghdad and Bangkok.  Often, the
assumption is that their view of North American standards 
can be applied to the Internet, and everybody else just
better go along, including those of us in North America
with different standards.  They'd rather impose their
community standards on others than using filters to
define their own unique local communities.

Freedom is, practically, given as much (or more) by the
tools we can build to protect it, as it is by our ability
to convince others who violently disagree with us not to
attack us.  On the Internet we have tools like anon
remailers and PGP that give us a great deal of freedom
from coercion even in the midst of censors.
Thus, these tools piss of fans of centralized information
control, the defenders of the status quo, like nothing 
else on the Internet.

You'll see these folks attacking anonymous remailers, 
cryptography, psuedonymous accounts, and other tools 
of coercion-free expression and information 
interchange on the net, ironically often in the name
of promoting "commerce".  You'll hear them rant and
rave about "criminals" and "terrorists", as if they
even had a good clue about the laws of the thousands 
of jurisdictions criss-crossed by the Internet, and as
if their own attempts to enable coercion bear no resemblance
to the practice of terrorism.  The scary thing is, they 
really think they have a good idea about what all those laws 
should be, and they're perfectly willing to shove it down our 
throats, regardless of the vast diversity of culture, 
intellectual, political, and legal opinion on the planet.

Alas, you'll also hear rhetoriticans otherwise promoting 
privacy and freedom piously dismiss tools as "mere technology",
or react against some of their unexpected, unfamiliar, in some
ways radical enchancement of privacy and freedom.  They do this
because as with most development, it follows a real-world nonlinear
path, not a nice logically consistent political argument.
These are the otherwise devoted libertarians who will quick
to say, "I'm no crypto-anarchist", after their opponents
have called them that in the midst of their typical reactionary
ranting.  But all the convicing rhetoric in the world doesn't 
finally decide these issues; in the end its what specifically 
we do with our cyberspace technology that will decide how free 
we are in cyberspace.



-----------------------------------------------------------------------------
This message was mailed through the remailer anon at desert.hacktic.nl
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to kafka at desert.hacktic.nl
For help, send a message to help at desert.hacktic.nl. Send a message
ping at desert.hacktic.nl to allocate an anonymous account.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQBNAi2+t1EAAAECALUS6KI7WLBB47y5dDIN+vHAW2XLxu+ELJCNkHLKYxhAr6vY
Ku1e9oMry+bHizW8wCt0JPWMlnzZOkhZplIGsqkABRG0O0Rlc2VydCBBbm9ueW1v
dXMgUmVtYWlsaW5nIFNlcnZpY2UgPGFub25AZGVzZXJ0LmhhY2t0aWMubmw+iQBV
AgUQLb63vZRymF15lPcFAQF88AH/TdqfNlZ2uNH/CpQiy6BneDa0+FJTmBFgy5W+
wcpbsljOFFheH3zz5zA2rkpxIBoy/nd4vQ9kaa6fc1TkVMeBfokAlQIFEC2+t6C+
ZjYIMi0DBQEBT4YD/0NK9fCG8JjE0fS/0SlFshWAGSZxUYREKoQiwo8/ZPEbORHa
+a6E8mXOjy7XHVH00S8/1aOO+ji89FFY2aVNqVVDfZI53er9pZAeNSQ1mvD7isor
B3IOQ+WeKgXL/IvOEaZro0ZA/FWtry0Ty7RZbPwX4j1TkBTxlRI08e2dG7YI
=MfIT
-----END PGP PUBLIC KEY BLOCK-----







From mech at eff.org  Wed Jun  8 17:51:14 1994
From: mech at eff.org (Stanton McCandlish)
Date: Wed, 8 Jun 94 17:51:14 PDT
Subject: 6/6 New Yorker anti-crypto, anti-net article
In-Reply-To: <01HDACEX3N5S95MW3K@Sol.YorkU.CA>
Message-ID: <199406090051.UAA25796@eff.org>


Regarding the author of the anti-net/anti-crypto article, someone says:

>  I do not have Seabrook's e-mail address, but he is on CompuServe
>  and it can be obtained from Compuserve's directory.


-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
"In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich
Partners, two-thirds said it was more important to protect the privacy of
phone calls than to preserve the ability of police to conduct wiretaps.
When informed about the Clipper Chip, 80% said they opposed it."
- Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994




From blancw at microsoft.com  Wed Jun  8 17:52:21 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Wed, 8 Jun 94 17:52:21 PDT
Subject: Censoring the Internet
Message-ID: <9406082354.AA28409@netmail2.microsoft.com>


From: Nobody  <an50 at desert.hacktic.nl>

Many "electronic democracy" fans worship
the results of opinion polls rather than thinking for themselves;
they get truly pissed by the possibility that their lemming
mentality could be manipulated.
               ....
But all the convicing rhetoric in the world doesn't
finally decide these issues; in the end its what specifically
we do with our cyberspace technology that will decide how free
we are in cyberspace.
....................................

I read a statement somewhere to the effect of:
When we are faced with a disease, we shouldn't say "what is wrong with 
the germ"?  Rather we should be asking ourselves "what should we be 
doing to prevent it from affecting us"?
Rather than achieving a grasp of methods&means to help themselves, 
lemmings will instead complain about the need for "good" leadership.

This is a good summary from "Nobody" on what I have noticed from my 
very recent forays into Usenet newsgroups (and other places).

Blanc





From clewton at netcom.com  Wed Jun  8 18:52:01 1994
From: clewton at netcom.com (charles lewton)
Date: Wed, 8 Jun 94 18:52:01 PDT
Subject: (None)
In-Reply-To: <940608131840c0Gjgostin@eternal.pha.pa.us>
Message-ID: <Pine.3.89.9406081807.A7345-0100000@netcom5>


The last time I read anything on the subject, conspiracy exists when
any co-conspirator makes any action included in the planned event.

If no one makes the first move, no felony.  Make any action to complete
a step of the crime and you automatically become conspirators.

Even if the plan is to commit a misdemeanor, the conspiracy is a felony, 
and one frowned upon by LE types.

Well, back to lurking.  It isn't often I have much to add to the group.
I do enjoy the exercise sifting through the distilled thoughts of a bright
bunch.

Chuck                                             clewton at netcom.com
					     E-mail for PGP 2.x
                                             public key               

On Wed, 8 Jun 1994, Jeff Gostin wrote:

> Jim choate <ravage at bga.com> writes:
> 
> >  For a group to comit conspiracy they have to actually do something other 
> > than
> > just talk about it. For example, you and I are discussing robbing a bank over
> > lunch, nothing illegal about that. However(!), the instant you say "lets use
> > my car" or "I have a gun we can use" then you have committed conspiracy.
>      My (non-professional) understanding is that conspiracy just requires
> intent to commit a crime. Two people sitting around a table, throwing
> around hypothetics is no big deal. Two people, sitting around a table,
> making plans, OTOH, is.
> 
> > It is my understanding that conspiracy is a felony even if the crime is a    
> > misdemeanor...
> I think you're right, although I'm not sure I understand that rationale
> behind it...
> 
>                                    --Jeff
> --
> ======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
>   ==    ==        | The new, improved, environmentally safe, bigger, better,|
>   ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
> ====    ======    | Now with a new fresh lemon scent!                       |
> PGP Key Available +---------------------------------------------------------+ 
> 






From mgream at acacia.itd.uts.edu.au  Wed Jun  8 19:02:08 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Wed, 8 Jun 94 19:02:08 PDT
Subject: PGP in Australia
In-Reply-To: <gate.FVBmNc1w165w@dxm.ernet.in>
Message-ID: <9406090204.AA26833@acacia.itd.uts.EDU.AU>


"rishab at dxm.ernet.in" wrote:

> Unless Australia forbids _importing_ crypto, not a crime. PGP 6 is the MIT 

There are no restrictions on importing crypto into Australia, there are
some on export (hardware only) due to COCOM. 

ObBtw, I recently queried our Attorney-General's department on this
topic, along with, inter alia, questions relating to whether Clipper
like systems are of interest to authorities in Australia. The reply,
the AG's Security Division, was that `I understand that encryption is
not an issue' -- but he acknowledged they'd been following the US
controversy.

I'm still waiting for some replies back from another Government Dept
and have a few other avenues to chase up, when I do I'll make available
the information (if this particular geographic oddity is of interest
to anyone ?).

Matthew.

-- 
Matthew Gream
Consent Technologies
Sydney, (02) 821-2043
M.Gream at uts.edu.au





From mgream at acacia.itd.uts.edu.au  Wed Jun  8 19:19:14 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Wed, 8 Jun 94 19:19:14 PDT
Subject: Cyberspace is by nature crime-free
In-Reply-To: <199406081555.IAA23639@netcom.com>
Message-ID: <9406090221.AA28440@acacia.itd.uts.EDU.AU>


"James A. Donald" wrote:

> Witchcraft is also illegal in Australia.  When was the last 
> prosecution for sedition?

There are shit laws in many countries, including Australia, but
unfortunately they are still laws and still crimes, ready to be pulled
out and (unfortunately) used. The point is that whether or not it's a
`dead letter' law (as David McKnight puts it), it still exists and
still can be used and (in the eyes of the law, but not necessary in the
eyes of the majority) still a crime.

> During the many decades I lived in Australia there was never
> a prosecution for sedition, and there was plenty of sedition.

There is one that I can remember, documented in David McKnight's recent
book on ASIO and it's operation as a political tool against the left
during the 50s and 60s. A leading CPA figure was successfully
prosecuted in Brisbane for calls to citizens to not assist the country
in the next war (something or other, I don't have the book with me).

This only seems to prove my point that a seemingly useless crime is
still there ready be used as a tool of state suppression.

> Has the place turned totalitarian since I left?

Not yet.


Matthew.

-- 
Matthew Gream
Consent Technologies
Sydney, (02) 821-2043
M.Gream at uts.edu.au





From pkm at maths.uq.oz.au  Wed Jun  8 19:39:09 1994
From: pkm at maths.uq.oz.au (Peter Murphy)
Date: Wed, 8 Jun 94 19:39:09 PDT
Subject: Cyberspace is by nature crime-free
In-Reply-To: <199406081555.IAA23639@netcom.com>
Message-ID: <9406090237.AA26512@axiom.maths.uq.oz.au>


> 
> Matthew Gream writes
> > > >  - sedition
>   
> I wrote:
> > > Not a crime.
> > 
> > Is in Australia, probably in other countries as well. Naturally
> > there are going to be problems with international aspects of
> > crime in this respect, jurisdictions and so on, but those are
> > only technicalities -- the crime can easily occur in a localised
> > environment.
> 
> Witchcraft is also illegal in Australia.  When was the last 
> prosecution for sedition?
> 
> During the many decades I lived in Australia there was never
> a prosecution for sedition, and there was plenty of sedition.
> 
> Has the place turned totalitarian since I left?
> 

Not really. No more so than other countries (like the U.S and Canada),
and a lot less than other countries (like Singapore). On the negative
side, the absence of a constitutional equivalent to the First amend-
ment does mean that speech is slightly more limited here, but not much.
One example is that the magazine "Who Weekly" was ordered to stop
distributing one of it's issues, as it identified on the front cover (with
photo attached) a person charged with murdering several backpackers. 
One other cloud on the horizon is that the Keating government may make
race-hate speech illegal. I doubt it will be tabled in anything other than
an emasculated format, and will be shredded to pieces in the Senate. It's
still a dubious precedent. :-<

However, there are a few positive aspects. The religious right are not as
numerous, and do not have as much political power. Our most notable 
fundamentalist, Reverend Fred Nile, is in the legislative council of N.S.W.,
but he is widely regarded as a loonie. Homosexuality is legal in every
state except Tasmania, and that will change soon :-) (although I do think
that the tactic of appealing to the UN Human Rights Commision to achieve this
is slightly shoddy.) We also permit hypodermic needle exchanges, and that
keeps the AIDS rate down. In short, in some ways we are as liber[al/tarian]
as the U.S., in other ways we aren't.

Unfortunately, legislation is always reformed on a piece meal basic. This
means that there is always a lot of miscellaneous obsolete legislation that 
no-one ever gets around to removing until something stupid happens as a result.
For example, one Tarot card reader in Ipswich (a satellite city of Brisbane)
did get charged with witchcraft by some undercover police. I think (and a
lot of other people would agree here) that this was a waste of police resources
that would be better served fighting real crime (i.e., murder, rape, theft,
etc.). I just hope the case gets thrown out of court.

	Alas, this ain't cryptography.

> 
> 
> -- 
>  ---------------------------------------------------------------------
> We have the right to defend ourselves and our    |
> property, because of the kind of animals that we |         James A. Donald
> are.  True law derives from this right, not from |
> the arbitrary power of the omnipotent state.     |         jamesd at netcom.com
> 

=======================================================
| Peter Murphy. <pkm at maths.uq.oz.au>.  Department of  |
| Mathematics - University of Queensland, Australia.  |
-------------------------------------------------------
| "What will you do? What will you do? When a hundred |
| thousand Morriseys come rushing over the hill?"     |
|                                       - Mr. Floppy. |
=======================================================






From agarcia at sugar.NeoSoft.COM  Wed Jun  8 21:50:57 1994
From: agarcia at sugar.NeoSoft.COM (Anthony Garcia)
Date: Wed, 8 Jun 94 21:50:57 PDT
Subject: Regarding my 500/1 Lurk/Post ratio
In-Reply-To: <199406081247.HAA01492@chaos.bsu.edu>
Message-ID: <199406090450.AA04878@sugar.NeoSoft.COM>


an anonymous poster says:

   funny think about garcia, his first time ever post on c'punx was about
   larry too......  strange times indeed when a newbie bursts on the scene
   knowing all about us

   [deleted: A January post of mine.  Ah, a fellow completist archiver...]

I got on Cypherpunks last year when Clipper was first announced; I'd
been aware of it before then due to Tim May's crossposts to the
Extropians list.  I've been lurking here since then.  I don't post
much, mainly because I don't have the time.  My offhand remark about
LD was due to having been recently watching his strange self-flaming
behavior in various newsgroups; I'd thought I'd throw out some bait to
see if he was still receiving the list somehow.

I'm decidedly not an LD "tentacle".  Call me if you like:  713-946-6249
home, 713-739-9101 work, 713-269-4382 pager...  

-Anthony Garcia
agarcia at sugar.neosoft.com
Houston, TX





From bmorris at netcom.com  Wed Jun  8 22:04:07 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Wed, 8 Jun 94 22:04:07 PDT
Subject: CYBERSPACE IS BY NAT
Message-ID: <199406090503.WAA14786@netcom.com>


To: cypherpunks at toad.com

RR> > skinheads were jailed for conspiracy to bomb an synagogue, however
RR> > synagogue had not actually been bombed.  They went to prison.

RR>  For a group to comit conspiracy they have to actually do something ot
RR> just talk about it.

Ah, thanks for the clarification.  The skinheads had amassed guns and
bombs and were clearly past the just-speculating stage.

RR> It is my understanding that conspiracy is a felony even if the crime
RR> is a misdemeanor...

Something which is as legalistically demented as ITAR not allowing the
PGP EXE to be exported but which does allow the source and detailed file
format changes to be exported!

 * RM 1.4 B0037 * 
                                                                                





From frissell at panix.com  Thu Jun  9 01:55:11 1994
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 9 Jun 94 01:55:11 PDT
Subject: Censoring the Internet
Message-ID: <199406090855.AA01082@panix.com>



A >The agenda of people like David Sutherland, L.Detweiler's
A >friend at the NSA who rants about a "Waco in cyberspace",
A >Al Gore, and their ilk runs along the lines of the following:
A >

There won't be a "Waco in Cyberspace" until the feds can figure out how to 
stuff a couple of hundred BATF and FBI agents with tanks down a strand of 
glass fiber.

DCF & LR

"Watch the Senate Hearings on HSA'94 on CSPAN.  Would you hire any of 
those guys to clean your yard much less design a health care 'system'?"

--- WinQwk 2.0b#1165
                                                                                                           





From nobody at cyberspace.org  Thu Jun  9 02:14:55 1994
From: nobody at cyberspace.org (nobody at cyberspace.org)
Date: Thu, 9 Jun 94 02:14:55 PDT
Subject: Newsgroups via. Email...
Message-ID: <m0qBgC3-0001acC@grex.cyberspace.org>


Hello Cypherpunks,

  Another new remailer anon at cyberspace.org is on-line now... Does anyone know
if one can get news postings via. email? My site doesn't support a few of the
groups i'd like to read. Can i get subscribed to any using email? I know that
my INBOX would see more traffic...

                                Thanks in advance,
				Anonymous Remailer.

ps - sorry no pgp support... <not enough disk space for pgp executable or for
any logs> thanks...





From MichaelRgn at aol.com  Thu Jun  9 03:11:21 1994
From: MichaelRgn at aol.com (MichaelRgn at aol.com)
Date: Thu, 9 Jun 94 03:11:21 PDT
Subject: PGP 2.6
Message-ID: <9406090611.tn1000245@aol.com>


Hello C'punx,

I really enjoy reading this list.  Keep up the good work.

I do have a question though.

Is PGP 2.6 available for the Macintosh??
If so, where can I find it?

Thank You,

Michael Ragan
michaelRgn at aol.com






From dichro at tartarus.uwa.edu.au  Thu Jun  9 03:17:20 1994
From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn)
Date: Thu, 9 Jun 94 03:17:20 PDT
Subject: macpgp
Message-ID: <199406091017.SAA18201@lethe.uwa.edu.au>


What is the most recent version of macpgp - 2.2 or 2.3?

--





From ravage at bga.com  Thu Jun  9 06:53:12 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 9 Jun 94 06:53:12 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
In-Reply-To: <9406082131.AA10760@bilbo.suite.com>
Message-ID: <199406091352.IAA25911@zoom.bga.com>


> 
> 
> > The concept of "rights" is really only meaningful in the
> > context of a group  of people, a society which has agreed to
> > band together for some  purpose.  But since it can't be
> > guaranteed that anyone would be educated on the matter of
> > observing the delineated rights, or that having been
> > educated they would respect them and observe limits upon 
>
Rights are the items of a citizens characteristic which are outside
the ability of that government to control within its charter. Rights
come before a government forms. If they didn't then you would not be 
able to give it a charter.

> Rather than spending effort developing technology for self-protection,  
> wouldn't it be better to spend effort developing a society in which  
> self-protection is unnecessary?  Think of all the energy and resources  
>
Self protection is a requirement in general against another individual and
not a society.

> behavior.  Better people make a better world.  A committee should be  
>
Truly a eugenic concept, by change do you listen to Wagner?

> Citizen-Unit Miller
>
Ravage (a blank)




From ravage at bga.com  Thu Jun  9 06:55:00 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 9 Jun 94 06:55:00 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
In-Reply-To: <9406082156.AA19192@netmail2.microsoft.com>
Message-ID: <199406091348.IAA25833@zoom.bga.com>


> 
> From: Jim Miller
> 
> Better people make a better world.  A committee should be
> formed to develop specifications describing a good person.  The committee
> could then launch a program to guide society to a future where everyone
> met or exceeded the recommended specifications.
> ...............................
> 
> Better yet, why not build your own!
>
Why, I am already alive....:)
> 
> And there would be no protests or rants regarding privacy, since there 
> would be no need, since everyone would be alike and predictable in 
> their "values" & "ambitions".
>
Not if we build our own...each would be differenty.






From darklord+ at CMU.EDU  Thu Jun  9 07:13:28 1994
From: darklord+ at CMU.EDU (Jeremiah A Blatz)
Date: Thu, 9 Jun 94 07:13:28 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
In-Reply-To: <199406081817.LAA10664@netcom.com>
Message-ID: <chxmBTa00iV1I1hN1n@andrew.cmu.edu>


Excerpts from internet.cypherpunks: 8-Jun-94 Re: Crime and punishment
in.. by Timothy C. May at netcom.co 
> So, do we argue for "rights" of privacy? Or do we monkeywrench such
> technologies? Or do we develop tools and systems to protect our own
> privacy as best we can?
> 
> Tough choices.

No, easy choices. I choose D: All of the above. "We" are not a unified
hive-mind. There is room for those who belive in government and who try
to make it more bengin, and for those who don't participate in
government and spray-paint camera lenses.

Jer

darklord at cmu.edu | "it's not a matter of rights  / it's just a matter of war
finger me for my |  don't have a reason to fight / they never had one before"
   Geek Code and |                                    -Ministry, "Hero"
  PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/





From jthomas at access.digex.net  Thu Jun  9 07:32:46 1994
From: jthomas at access.digex.net (Joe Thomas)
Date: Thu, 9 Jun 94 07:32:46 PDT
Subject: PGP in Australia
In-Reply-To: <9406090204.AA26833@acacia.itd.uts.EDU.AU>
Message-ID: <Pine.3.89.9406091015.A27243-0100000@access3.digex.net>


On Thu, 9 Jun 1994, Matthew Gream wrote:

> "rishab at dxm.ernet.in" wrote:
> 
> > Unless Australia forbids _importing_ crypto, not a crime. PGP 6 is the MIT 
> 
> There are no restrictions on importing crypto into Australia, there are
> some on export (hardware only) due to COCOM. 

I thought COCOM was dead as of last March or thereabouts.  Did a replacement 
committee ever get formed?

Joe





From darklord+ at CMU.EDU  Thu Jun  9 07:32:52 1994
From: darklord+ at CMU.EDU (Jeremiah A Blatz)
Date: Thu, 9 Jun 94 07:32:52 PDT
Subject: Censoring the Internet
In-Reply-To: <199406090855.AA01082@panix.com>
Message-ID: <ohxmTq200iV1M1hTUg@andrew.cmu.edu>


Excerpts from internet.cypherpunks: 9-Jun-94 Censoring the Internet   
by Duncan Frissell at panix.co 
> There won't be a "Waco in Cyberspace" until the feds can figure out how
> to  stuff a couple of hundred BATF and FBI agents with tanks down a
> strand of  glass fiber.

You forgot "and then let the whole thing get leaked to the press and get
said agents get cut to pieced by a bunch of untrained flakes."

Wait, this is starting to sound like Sundevil...

Waco, the Steve Jackson Games for the '90s :-)

Jer

darklord at cmu.edu | "it's not a matter of rights  / it's just a matter of war
finger me for my |  don't have a reason to fight / they never had one before"
   Geek Code and |                                    -Ministry, "Hero"
  PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/





From nobody at shell.portal.com  Thu Jun  9 09:17:00 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Thu, 9 Jun 94 09:17:00 PDT
Subject: No Subject
Message-ID: <199406091618.JAA23715@jobe.shell.portal.com>


What sort of encryption is used for the Global Positioning System (GPS),
operating in the Precise Positioning Service (PPS) mode?  Is it one of the 
military "KY-xx/KG-xx" modes, or "something else"?

=====





From hughes at ah.com  Thu Jun  9 09:55:15 1994
From: hughes at ah.com (Eric Hughes)
Date: Thu, 9 Jun 94 09:55:15 PDT
Subject: Regulatory Arbitrage
Message-ID: <9406091702.AA18831@ah.com>


Here a quotation from a book I've been reading:

    "The eurocurrency markets represent a type of regulatory
    arbitrage.  Eurobanking is a managed financial package that
    combines the currency of one country (one regulatory environment)
    with the banking regulations and competitive efficiencies of
    another country.  This repackaging was made possible by
    improvements in worldwide communications links and information
    technology.  If the regulatory burden becomes too high in one area
    of the world, the bundle of eurobanking services can be
    reassembled in another.  Hence, national regulators must compete
    to maintain their respective shares of the eurocurrency business.
    Competition with respect to lending quotas, reserve requirements,
    capital requirements, deposit insurance, the taxing and reporting
    of interest payments, and the taxing of profits, dividends, and
    capital gains, all measured against any perceived positive
    benefits of local regulation, governs the geographical
    distribution of eurocurrency market shares."

>From _International Financial Markets_, by J. Orlin Grabbe, formerly
of the Wharton School.  

Regulatory arbitrage is an Important concept, as well as a great phrase.

The writer is square in the middle of the mainstream in the business
world, and note how effortlessly he speaks of avoiding governments and
playing them off against each other.  There is a lesson to be learned
here--that speaking of internationalization as if it were somehow
disapproved of, as if it were not absolutely matter-of-fact, is a
mistake.  If I refer to the internationalization of retail funds
transfer systems, for example, as if someone might not like that, I
also ask the hearer an implicit question: "Might you also disapprove?"

In a similar vein, exhibiting, with repsect to cryptography, the
analogue of teenaged glee in smashing mailboxes, somehow thinking that
you've also struck a blow against authority, is another mistake.  We
need not show up the NSA, we simply want them to lose.

Regarding the subject of the quotation, it is vitally important that
the residents of the USA who are on this list remember that the key to
strategic victory in cryptography lies internationally, not only for
the USA, but for every other country as well.  If remailers are
outlawed or supressed out of one country, the same functionality can
be made in another.  And so forth.

Arbitrage is smuggling, or rather, the transport of one good or
service purchased cheap in one place and sold dear in another.
Arbitrage always has one of two effects, either a transfer of real
wealth to the place more advantageous the buyer (as well as enriching
the middleman), or an equalization of advantage.  For financial
markets, the equalization always happens sooner or later, and the
price may either rise or fall in either the source or destination.

Arbitrage of regulation almost always leads to equalization, although
the time scales are much longer.  When equalization happens, it's
almost never that the advantage decreases for the destination buyer.
Rather, because there are many more than two markets available, any
tighter regulation invariably puts those two markets on an even
footing in disadvantage with respect to the rest of the world.  So the
arbitrage of regulation usually leads to a relaxtion of regulation.

We need to remember to make it possible for regulatory arbitrage to
occur.  If it can happen, it likely will, but only if the choice is
available.

Eric





From nobody at shell.portal.com  Thu Jun  9 10:15:59 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Thu, 9 Jun 94 10:15:59 PDT
Subject: cripple quest
Message-ID: <199406091717.KAA28634@jobe.shell.portal.com>


re cripple; i was told that if law enforcement cannot determine which key
will unlock the message prior to the message actually being sent over the 
net, the message will not be decodable is there any truth to this? 





From juola at bruno.cs.colorado.edu  Thu Jun  9 10:35:11 1994
From: juola at bruno.cs.colorado.edu (Patrick Juola)
Date: Thu, 9 Jun 94 10:35:11 PDT
Subject: cripple quest
Message-ID: <199406091734.LAA00456@bruno.cs.colorado.edu>


Nobody asks :
  re cripple; i was told that if law enforcement cannot determine which key
  will unlock the message prior to the message actually being sent over the 
  net, the message will not be decodable is there any truth to this? 

I don't think so.  I can certainly download a message onto my disk and
decypher it at my leisure, by brute force if necessary.

Patrick






From blancw at microsoft.com  Thu Jun  9 10:36:51 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Thu, 9 Jun 94 10:36:51 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
Message-ID: <9406091638.AA24624@netmail2.microsoft.com>


From: Jim choate

"Rights are the items of a citizens characteristic which are outside
the ability of that government to control within its charter. Rights
come before a government forms. If they didn't then you would not be
able to give it a charter."

	This is true in the sense that one has the right to exist and to 
function and in general to be oneself independent of artificial 
government  operations.

In Nature, you have a "right" to anything you like, but there may be no 
one besides yourself there to appreciate that fact and to deliver it.  
When a group of individuals associate and create agreements/charters, 
the delineation of rights serves to protect their separateness -  their 
property,   their privacy, their character - against encroachments from 
the group, by defining consciously where the boundary lines are to be 
drawn  -   what the individual can expect to keep, in exception to what 
everyone expects to share.

Once a group considers itself an official "society" of like-minded 
individuals, they often begin to demand "rights" which do not naturally 
belong to them or their society - or which they have not explicity 
agreed to share:

.  the right to have what others have created/produced
(like a service which nature does not automatically arrange for 
delivery  -  ex:  optical cables & the internet at 3200 bps)

.  the right to access what is not their own
(outside of what nature has naturally endowed them with  -   ex: computers)

"Self protection is a requirement in general against another individual and
not a society."

	A society of like-minded individuals can also be a threat to the 
safety of non-conformists, depending on how the group decides to 
respond to those who are not exactly like the others.

Blanc






From peb at netcom.com  Thu Jun  9 11:14:08 1994
From: peb at netcom.com (Paul E. Baclace)
Date: Thu, 9 Jun 94 11:14:08 PDT
Subject: GPS encryption of low order bits
Message-ID: <199406091814.LAA04479@netcom.com>


I don't know how they encrypt the "low order bits", but I do know that
it isn't a show-stopper.  Trimble Navigation makes GPS devices
that, once calibrated by a known position, are centimeter accurate.
This is done *without* a ground signal (an older technique around 
the GPS crippling).

Paul E. Baclace
peb at netcom.com





From shipley at merde.dis.org  Thu Jun  9 11:39:38 1994
From: shipley at merde.dis.org (Evil Pete)
Date: Thu, 9 Jun 94 11:39:38 PDT
Subject: party (in the SF/bayarea)
Message-ID: <199406091839.LAA29957@merde.dis.org>

-----BEGIN PGP SIGNED MESSAGE-----


 I have leftover drink and supplies from last list party a month ago
 so I am inviting people to come by and help me finish it off.

 there is no theme just show up and be social and help us drink




Saturday June 11th starting sometime after 9 (unless you
want to join me and my roomates for a BBQ around 7 or 8)

call first...


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQBVAgUBLfdht3ynuL1gkffFAQGN4gH+LbRQ1bNG6bF96i9jUVX7XjdR9Hj/T3aQ
A4qvw/nmEG5CQmPO/ikMXp5mng5NaxXoypRmtIK4U11q4x3wGZgC6g==
=G+0O
-----END PGP SIGNATURE-----



Please call if you have any questions


    2341 Spaulding Ave
    Berkeley Ca 94703-1627


the cross street is Channing
Spaulding is one block above Sacramento Ave. and only gos between Dwight
and Allston (it does not connect to Univ. Ave)


                                   ^
   MLK way/Telegraph/Shattuck ave  |

<- university ave


               |  |              |  |              |  |
               |  |              |  |              |  |
               |  |              |  |              |  |
               |  |              |  |      /-------+  +---
       --------+  +--------------+  +-----+   _ _ _    
                      California -  - - -             +---
       --------+  +--------------+  +--------------+  |
               |  |              |  |              |  |
               |  |              |  |              |  |
               |  |              |  |              |  |
               |  |              |  |              |  |
               |  |        2341  |  |              |  |
               |  |          X   |C |              |  |
       --------+B +--------------+h +--------------+D |
                a      Spaulding  a                 w |
       --------+n +--------------+n +--------------+i |
               |c |              |n |              |g |
               |r |              |i |              |h |
               |o |              |n |              |t |
               |f |              |g |              |  |
               |t |              |  |              |w |
               |  |              |w |              |a |
       --------+w +-------------- a +--------------+y +----------
        _ _ _   a   _ _ _ _ _ _   y  _ _ _ _ _ _ _     _ _ _ _ _
                y    Sacramento                                
       --------+  +--------------+  +--------------+  +----------
               |  |              |  |              |  |
               |  |              |  |              |  |
               |  |              |  |              |  |




               |  .  |
    ^          |  .  |  My Place ->	Take your favorite freeway to
    |          |  .  |			580/Berkeley and get off at the
  U.C.         |  .  |			University ave off ramp and drive 
  Campus       |  .  |			up toward U.C. Campus (stay in the 
               |  .  | Gas		right lane to be safe).
         7/11  |  .  | Station		
+--------------+     +--------------	The Second major intersection should
  _ _ _ _ _ _         _ _ _ _ _ _ _  	be Sacramento ave (~1 mile). Take a 
    Sacramento                          right on to Sacramento and get into
+--------------+     +--------------	the left lane (see map to the left)
       Gas     |U .  |  Video
       Station |n .  |  Store		At the next light take a left and
               |i .  |			drive one block then make a right
<-- North      |v .  |			onto Spaulding ave.
    Berkeley   |e .  |
    Bart       |r .  |			I live at 2341 Spaulding, it is the
    Station    |s .  |	580     	third house from Channing way, with
               |i .  |	 |		a red cracked driveway. (see other map)
               |t .  |   V
               |y .  |			In case you get lost my home number
               |  .  |			is (510) 849-2230








From fnerd at smds.com  Thu Jun  9 11:57:33 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Thu, 9 Jun 94 11:57:33 PDT
Subject: Signatures for Credit Cards?
Message-ID: <9406091839.AA27463@smds.com>


c'punx-

Stuart Baker, of all people, (in his recent Wired article) mentions
that digital signatures will mean never having to give out your credit
card number over the phone or the net.

Did we go over this one?  Were any of those recent press releases about
acceptable(*) crypto, over-the-phone credit cards?

(*)By acceptable, I mean, okay, it's not cash and I still have to trust the
issuing bank, but at least it's secure otherwise.

-fnerd

- - - - - - - - - - - - - - -
the snack that eats like a food
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From sameer at soda.berkeley.edu  Thu Jun  9 13:06:32 1994
From: sameer at soda.berkeley.edu (Sameer)
Date: Thu, 9 Jun 94 13:06:32 PDT
Subject: Regarding my 500/1 Lurk/Post ratio
In-Reply-To: <199406090450.AA04878@sugar.NeoSoft.COM>
Message-ID: <199406092006.NAA03399@soda.berkeley.edu>


> 
> an anonymous poster says:
> 
>    funny think about garcia, his first time ever post on c'punx was about
>    larry too......  strange times indeed when a newbie bursts on the scene
>    knowing all about us
> 
>    [deleted: A January post of mine.  Ah, a fellow completist archiver...]
> 
> I got on Cypherpunks last year when Clipper was first announced; I'd
> been aware of it before then due to Tim May's crossposts to the
> Extropians list.  I've been lurking here since then.  I don't post
> much, mainly because I don't have the time.  My offhand remark about
> LD was due to having been recently watching his strange self-flaming
> behavior in various newsgroups; I'd thought I'd throw out some bait to

	I'll vouch for the fact that Tony Garcia has been on the list since
at least last May or so of 1993. I had the opportunity to meet him in
Missouri around that time.






From collins at newton.apple.com  Thu Jun  9 14:44:31 1994
From: collins at newton.apple.com (Scott Collins)
Date: Thu, 9 Jun 94 14:44:31 PDT
Subject: I will be in Detroit/Cleveland/Akron area this weekend
Message-ID: <9406092144.AA20309@newton.apple.com>


...and cities between.  I could also stop in Ann Arbor.  Any cypherpunks in
these towns who want to sign keys, etc, email asap; I might not be able to
retrieve it after I depart.

Be seeing you,



Scott Collins   | "That's not fair!"                         -- Sarah
                | "You say that so often.  I wonder what your basis
   408.862.0540 |  for comparison is."                 -- Goblin King
................|....................................................
BUSINESS.    fax:974.6094    R254(IL5-2N)    collins at newton.apple.com
Apple Computer, Inc.  5 Infinite Loop, MS 305-2D  Cupertino, CA 95014
.....................................................................
PERSONAL.    408.257.1746       1024:669687       catalyst at netcom.com







From jamiel at sybase.com  Thu Jun  9 14:49:06 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Thu, 9 Jun 94 14:49:06 PDT
Subject: Regarding my 500/1 Lurk/Post ratio
Message-ID: <9406092148.AB25703@ralph.sybgate.sybase.com>


>    funny think about garcia, his first time ever post on c'punx was about
>    larry too......  strange times indeed when a newbie bursts on the scene
>    knowing all about us


My question is why it even matters. Does anyone out there
really think this is some sort of safe space? I know _I'd_
never post anything I didn't want to see in WiReD magazine
a few months down the road...

-j






From rah at shipwright.com  Thu Jun  9 15:18:21 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Thu, 9 Jun 94 15:18:21 PDT
Subject: Regulatory Arbitrage
Message-ID: <199406092217.SAA29718@zork.tiac.net>


Excuse me while gush...

As usual, Eric is right.

[great discussion about how regulation only creates markets elsewhere...]

Arguably (only arguably...) some economic regulation is good for us: like a
*few* pharmaceutical and food regulations, maybe.

Eric points out that internet commerce and e-money, e$ for short, reminds
one of something that has been going on for a long time with another E$,
this time Eurodollars. (Kind of like AOL, eh?)  Eurodollars were invented
to get around American tax and currency regulations, and those of other
countries. You had all these American corporations funding themselves
through subsidiaries in Carribbean countries like the Netherlands Antilles.
(Any time you see "Companyname, N.V.", the "NV" is Dutch for "we funded
this with offshore dollars" ;-).

George Soros, who founded Quantum Fund, N.V., is evidently happy with the
results of this knowlege.  He recently made the fastest billion dollars in
history pointing out the folly of the European currency exchange rate
mechanism, much to the chagrin of the Bank of England and other central
banks whose money he pocketed.

I remember a Milton Friedman quote, something to the effect that
regulations only benefit a market's producers, not its consumers.  Current
day Japan, states with barber and bartender "licences", and Smoot/Hawley
America in the 1930's might be good examples of that.  If there's a market
for those goods/services elsewhere, people *will* buy there.

With internet commerce and e$ ,"elsewhere" is everywhere... But we know
that already, don't we?  I can't wait until the rest of the information, or
the software, or the intellectual services buying public figure that out.

The only way to prevent that is to regulate economic commerce on the
internet, which makes me shudder to think about.  Although, if the paradigm
holds, it won't make much difference.  It'll be like stopping capitalism
itself.

Cheers,
Bob Hettinga

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From paul at hawksbill.sprintmrn.com  Thu Jun  9 15:53:02 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Thu, 9 Jun 94 15:53:02 PDT
Subject: NIST to propose cryptographic APIs
Message-ID: <9406092355.AA13693@hawksbill.sprintmrn.com>



extracted from:
 
Network World
volume 11, number 23
June 6, 1994
 
page 3
 
 
NIST to propose cryptographic APIs
by Ellen Messmer
 
  Washington, D.C. -- The National Institute of Standards and Technology
(NIST) will soon issue a set of application program interfaces (API)
that would enable vendors to integrate their products with the
cryptography systems used by the federal government.
  Federal security managers are supporting the idea because it will
simplify purchasing and bring some interoperability to cryptography
products. But the move will mean more work for vendors.
  Once the APIs are approved as a federal mandatory purchasing
standard, software and hardware vendors that want to sell to the
government would have to modify any products they sell with
cryptographic functions to support the government-required APIs.
  Several vendors, including Apple Computer, Inc., Lotus Development
Corp., Novell, Inc. and WordPerfect Corp., have already integrated
functions for digital signatures, encryption and decryption into the
latest versions of their products.
  They have licensed cryptography technology from RSA Data Security,
Inc., and the APIs used in their products are based on an open
specification called the Public Key Cryptography Standard. In spite of
the work on these industry-standard APIs, vendors may have to revamp
their products to suit the government.
  NIST said it will detail how the government wants vendors to change
their products to support a high-level API in all products sold to
federal agencies.
  "There would be an advantage to having a common set of services
calls," said Miles Smid, manager of the security technology group at
NIST. "You wouldn't be locked into a single vendor. In the future, if
you added more equipment or changed it, the software would still be
compatible."
  Smid said the API service calls will include commands to sign or
verify a message electronically, and encrypt or decrypt it. The calls
would invoke the functions from a PCMCIA card, a smart card, software
or other means. With the APIs, the user's application could make use
of any cryptographic algorithm, regardless or whether it's Digital
Encryption Standard, Skipjack or RSA, Smid said.
  "It's a great idea," said Jim Robinette, security manager at the
Internal Revenue Service, which makes considerable use of both
private- and public-key technology. "It's a necessity for us. From
the user's perspective, it would make life very simple."
  A high-level API would still allow vendors free rein in how they
implement their systems at a lower level, Robinette said. But he added
that it may not necessarily be easy for vendors to implement the APIs.
  RSA President James Bidzos criticized the cryptography API plan as
another swipe at his firm, which has been battling the government on
patent rights issues for years. "They're not trying to work with
industry on this," he said.
  NIST plans to unveil the APIs in about a month.
 
 






From renegag at eis.calstate.edu  Thu Jun  9 16:00:21 1994
From: renegag at eis.calstate.edu (Richard D. Enegage)
Date: Thu, 9 Jun 94 16:00:21 PDT
Subject: digital world
Message-ID: <Pine.3.89.9406091529.A27592-0100000@eis.calstate.edu>


Please send me info about your group or whatever the hell it is. I saw 
people wearing the "cypherpunk criminal" shirts at digital world, and 
recognized it from my Windows background .BMP.

See ya around the datasphere-
-reneGage
renegag at eis.calstate.edu








From bshantz at spry.com  Thu Jun  9 16:26:55 1994
From: bshantz at spry.com (Brad Shantz)
Date: Thu, 9 Jun 94 16:26:55 PDT
Subject: NIST to propose cryptographic APIs
Message-ID: <9406092326.AA28619@homer.spry.com>



In regards to the NIST API's

>  RSA President James Bidzos criticized the cryptography API plan as
>another swipe at his firm, which has been battling the government on
>patent rights issues for years. "They're not trying to work with
>industry on this," he said.

As usual, Bidzos has a stick up his butt.  There is nothing in the NIST plan
that is a slam at RSA. (as such...Bidzo's seems to think that everyone hates
RSA.  Everyone's out to get them.)

>  NIST plans to unveil the APIs in about a month.
>With the APIs, the user's application could make use
>of any cryptographic algorithm, regardless or whether it's Digital
>Encryption Standard, Skipjack or RSA, Smid said.

I'd be more interested in what kind of an API they have for SkipJack.
Are they real API's or are we talking BlackBox programming?


 :::::::::::::::::<<< NETWORKING THE DESKTOP >>>:::::::::::::::::
 Brad Shantz                          Internet : bshantz at spry.com
 SPRY Inc                             Ph# (206) 447-0300
 316 Occidental Avenue S. 2nd Floor   FAX (206) 447-9008
 Seattle, WA  98104
 ----------------------------------------------------------------
 "In gopherspace no one can hear you scream."
 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::





From p.v.mcmahon.rea0803 at oasis.icl.co.uk  Thu Jun  9 17:45:03 1994
From: p.v.mcmahon.rea0803 at oasis.icl.co.uk (p.v.mcmahon.rea0803 at oasis.icl.co.uk)
Date: Thu, 9 Jun 94 17:45:03 PDT
Subject: NIST to propose cryptographic APIs
Message-ID: <9406100045.AA28704@getafix.oasis.icl.co.uk>








> NIST to propose cryptographic APIs
 
> patent rights issues for years. "They're not trying to work with
> industry on this," he said.

This is unfair. NIST have made efforts to work in both US, and international
industry groups on crypto APIs. For example NIST are represented this week
(here) along with IBM, HP, Novell, Olivetti, Bull, ICL, Amdahl, SCO, Sun,
SNI, Andersens etc at the X/Open Security Working Group.

>  NIST plans to unveil the APIs in about a month.

The NIST draft FIPS has already been contributed, along with other inputs 
from industry and government such as the draft X.9 Layered API for
Cryptographic Modules, IBM crypto APIs, Mosaic Interface Control
document, SESAME Basic Cryptographic APIs, Olivetti Cryptographic
APIs (etc), as input to X/Open.

I recall that the NIST crypto APIs work was also presented to IEEE POSIX
last year.


> >With the APIs, the user's application could make use
> >of any cryptographic algorithm, regardless or whether it's Digital
> >Encryption Standard, Skipjack or RSA, Smid said.
> 
> I'd be more interested in what kind of an API they have for SkipJack.
> Are they real API's or are we talking BlackBox programming?

I guess more black than "real".


Example:

The following are the main paremeters for the Encipher primitive:

 identifier   1 selects DES, 2 selects Skipjack
 mode         ECB, CBC, cipher feedback, output feedback
 plaintext
 key
 iv
 feedback     number of bits
 chain        whether chaining required, if so: where in chain
 status



- pvm
 







From diseased at panix.com  Thu Jun  9 22:15:07 1994
From: diseased at panix.com (Edward Hirsch)
Date: Thu, 9 Jun 94 22:15:07 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
In-Reply-To: <199406091352.IAA25911@zoom.bga.com>
Message-ID: <Pine.3.87.9406100107.A4199-0100000@panix.com>




On Thu, 9 Jun 1994, Jim choate wrote:

> > 
> > 
> > > The concept of "rights" is really only meaningful in the
> > > context of a group  of people, a society which has agreed to
> > > band together for some  purpose.  But since it can't be
> > > guaranteed that anyone would be educated on the matter of
> > > observing the delineated rights, or that having been
> > > educated they would respect them and observe limits upon 
> >
> Rights are the items of a citizens characteristic which are outside
> the ability of that government to control within its charter. Rights
> come before a government forms. If they didn't then you would not be 
> able to [draft a charter]

Well, that's one view of rights.  However, most attempts to base so 
called natural rights (i.e. rights that are somehow intrinsic to human 
existence) have been largely unsuccesful.  It's a tough argument to make.

Rights are entities that are granted to individuals by 
governments/agencies in a position to do so.  They exist only after a 
charter is drafted, because it is their existence in the charter that 
gives them their power.  The most obvious response when a right is 
asserted is to ask where it comes from, e.g. to ask "why do you have a 
right to privacy?"  An answer that makes sense is to say that it is 
implied in this country's constitution, and therefore is applicable in 
this country.  

To suggest that such a right exists independent of a legal context gets 
you into some pretty tricky territory.  You now have to make some claim 
about rights that are instrinsic to human existence, which implies that 
these rights must be common to all forms of social organization, a claim 
that is real tough to make about such "rights" as privacy and property.

A value can exist prior to a charter... I might say, "gee, I value 
privacy, and I think this value ought to be legitamized by my new 
charter," but until that charter has been accepted, the right doesn't exist.









From warlord at MIT.EDU  Thu Jun  9 23:19:25 1994
From: warlord at MIT.EDU (Derek Atkins)
Date: Thu, 9 Jun 94 23:19:25 PDT
Subject: macpgp
In-Reply-To: <199406091017.SAA18201@lethe.uwa.edu.au>
Message-ID: <9406100619.AA04954@squeamish-ossifrage.mit.edu>


> What is the most recent version of macpgp - 2.2 or 2.3?

2.3 is the most recent version released.

-derek





From jdwilson at gold.chem.hawaii.edu  Thu Jun  9 23:42:24 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Thu, 9 Jun 94 23:42:24 PDT
Subject: Cop On The Net - Watch Your ***
Message-ID: <Pine.3.07.9406092005.b20232-b100000@gold.chem.hawaii.edu>



Just when you thought it was safe to surf in the sunlight...


-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |finger for key / Viacrypt Reseller  >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

---------- Forwarded message ----------
Date: Fri, 10 Jun 1994 00:13:43 -0400
From: E-d-u-p-a-g-e <info at ivory.educom.edu>
Subject: E-d-u-p-a-g-e 06/09/94

CYBERCOP 
        A former New Jersey police officer now spends his time cruising for
suspects in cyberspace and has been involved in dozens of criminal
investigations, including a sting operation that nabbed a pedophile who
lured young rape victims via a bulletin board service.  (Tampa Tribune
6/8/94 BayLife 5)

E-MAIL PRIVACY 
        A survey of 301 companies by Macworld Magazine showed that 78.4% of
the firms do not spy on employee e-mail or search their electronic files. 
Sen. Paul Simon (D-Ill.) has drafted legislation requiring that companies
tell their workers that their e-mail might be monitored. (Tampa Tribune
6/8/94 BayLife 5)

PAT ROBERTSON EYES VIETNAMESE CABLE TV  
        Religious broadcaster Pat Robertson wants to build a cable-TV
system in Vietnam and is confident a deal can be struck after meeting with
government and TV officials in Hanoi. The proposed system will use
microwave technology to beam dozens of channels to homes. (Investor's
Business Daily 6/8/94 A9)









From nobody at shell.portal.com  Thu Jun  9 23:54:14 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Thu, 9 Jun 94 23:54:14 PDT
Subject: Remailer Chaining Security?
Message-ID: <199406100655.XAA06700@jobe.shell.portal.com>


What level of security is achieved by the practice of "chaining"
messages through various "anonymous remailers"?  Do these servers 
not keeps logs by which a post could be traced back through the 
chain to the source?  If there is a REAL level of security 
afforded, then the question arises "how much is enough"?

=======





From lile at netcom.com  Thu Jun  9 23:58:56 1994
From: lile at netcom.com (Lile Elam)
Date: Thu, 9 Jun 94 23:58:56 PDT
Subject: hi
Message-ID: <199406100659.XAA17669@netcom.com>



Just thought I'd say hi... :)

-lile






From bart at netcom.com  Fri Jun 10 00:26:58 1994
From: bart at netcom.com (Harry Bartholomew)
Date: Fri, 10 Jun 94 00:26:58 PDT
Subject: Hum, 100 - 78.4 = 21.6 % spying
Message-ID: <199406100727.AAA09543@netcom.com>


    As Netsurfer posted without comment, from Edupage 06/09/94:

E-MAIL PRIVACY
        A survey of 301 companies by Macworld Magazine showed that 78.4% of
the firms do not spy on employee e-mail or search their electronic files.
Sen. Paul Simon (D-Ill.) has drafted legislation requiring that companies
tell their workers that their e-mail might be monitored. (Tampa Tribune
6/8/94 BayLife 5) 

    If anyone has Macworld perhaps we might contact the author for
    further details.  It seems to me a startling point to be told
    that one in five email users IS being spied on.  How many more
    encryption buffs might emerge if this were common knowledge?




From wcs at anchor.ho.att.com  Fri Jun 10 00:39:49 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 10 Jun 94 00:39:49 PDT
Subject: COCOM is dead (Was: PGP in Australia)
Message-ID: <9406100738.AA08518@anchor.ho.att.com>


Joe writes:
> > There are no restrictions on importing crypto into Australia, there are
> > some on export (hardware only) due to COCOM. 
> 
> I thought COCOM was dead as of last March or thereabouts.  
> Did a replacement committee ever get formed?

I was surprised not to see any discussion of this on the net,
by my newspaper had found its way into the recycle bin before
I got around to typing in the article or seeing if the Times or 
Wall St. Journal had an article with genuine details.

What I remember seeing was that COCOM was disbanded, but the member
governments were going to maintain the rules for a while on their own
until they're sure the Commies are really gone and not just hiding
under the bed somewhere and there aren't any other convenient enemies
on the horizon.  So it's a good start, but doesn't change any laws directly.
On the other hand, with countries like Germany and Colombia legalizing
or decriminalizing marijuana, who knows?

		Bill
		





From wcs at anchor.ho.att.com  Fri Jun 10 00:51:58 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 10 Jun 94 00:51:58 PDT
Subject: Regulatory Arbitrage
Message-ID: <9406100750.AA08589@anchor.ho.att.com>


Eric writes:
> Regulatory arbitrage is an Important concept, as well as a great phrase.
> The writer is square in the middle of the mainstream in the business
> world, and note how effortlessly he speaks of avoiding governments and
> playing them off against each other.

I'm not surprised, though my perspective has perhaps been enhanced
by growing up in the land of the Delaware Corporation -
part of the advantage of Delaware was that corporate taxes were low,
but additionally the regulatory climate was friendly and there was
almost 200 years of corporate relationships with the local government,
so most disputes could be expected to be resolved reasonably fairly.

It seems that business, like the net, regards censorship and other 
interference as damage, and routes around it....

> Arbitrage of regulation almost always leads to equalization, although
> the time scales are much longer.  When equalization happens, it's
> almost never that the advantage decreases for the destination buyer.

No surprise here - as transportation and communication improve,
it becomes easier for buyers to buy things anywhere, from anyone,
and the pool of available suppliers increases.  And buyers are stuck
with their local regulatory stupidity, but they can shop around for
sellers with less stupid regulations.  Meanwhile, the leverage of
sellers with government-supported monopoly markets is decreased,
because their local markets are less captive, and foreign markets
aren't forced to buy from them; it becomes increasingly to their advantage
to leverage on their current size to outcompete external competition
while decreasing instead of increasing regulations on their businesses.

Sometimes the only way to level the playing field is to get rid
of the walls you built around it....

		Bill





From ghio at cmu.edu  Fri Jun 10 01:49:48 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Fri, 10 Jun 94 01:49:48 PDT
Subject: Remailer Chaining Security?
Message-ID: <9406100847.AA20331@toad.com>


nobody at shell.portal.com wrote >>>

 | What level of security is achieved by the practice of "chaining"  |
 | messages through various "anonymous remailers"?  Do these servers |
 | not keeps logs by which a post could be traced back through the   |
 | chain to the source?  If there is a REAL level of security        |
 | afforded, then the question arises "how much is enough"?          |


Yes.  If you use only one remailer, and that remailer keeps logs, then it
makes it trivial for the remailer operator to find out who sent the message.
If you chain remailers, then it makes it more difficult to trace it back,
but the first remailer can see the source and destination, which means someone
could find out if they looked.  However, if you chain and use PGP, it requires
the cooperation of all remailer operators involved.  If someone really tried to
get a lot of remailer operators to cooperate in tracing a message, someone's
going to make a stink about it.

Now there is the traffic analysis problem, and the time-correlation problem.
This can be solved by using the slower (UUCP) remailers.

"How much is enough" is something you must decide for yourself.


BTW: Which remailers keep logs?  Mine does...  I think Chael Hall and Hal
Finney do.  And catalyst doesn't (or didn't awhile ago).  What about the rest?





From nobody at cyberspace.org  Fri Jun 10 02:03:28 1994
From: nobody at cyberspace.org (nobody at cyberspace.org)
Date: Fri, 10 Jun 94 02:03:28 PDT
Subject: Remailer Chaining Security?
Message-ID: <m0qC2Uf-0001alC@grex.cyberspace.org>


I don't have the disk space to use PGP or to keep logs. Feel free to use me...






From usura at vox.hacktic.nl  Fri Jun 10 02:20:49 1994
From: usura at vox.hacktic.nl (Usura)
Date: Fri, 10 Jun 94 02:20:49 PDT
Subject: Remailer Chaining Security?
Message-ID: <s39oNc1w165w@vox.hacktic.nl>



nobody at shell.portal.com writes:

: What level of security is achieved by the practice of "chaining"
: messages through various "anonymous remailers"?  

To find out your "real" identity, those who want to find out need to
have cooperation of all remailer involved. If one link cannot/doesnot
cooperate the chain is broken and so your ID remains hidden.

: Do these servers not keeps logs by which a post could be traced back 
: through the chain to the source?  If there is a REAL level of security 
: afforded, then the question arises "how much is enough"?

My remailers keep no sendlogs, and they are out-side US jurisdiction. Only
anon at vox.hacktic.nl has a database to match the allocated ID to an email
adress. remail & remailer do not keep logs at all. 

My remailers also support PGP and changing Subjects, you can send a 
PGPencrypted message to VoX and it will be decypted, if the recipiant has
a PGPpubKEY in my KEYring [with matching adress] mail send to him/her will
also be encrypted using that KEY.

If you want more info send a msg to HELP at vox.hacktic.nl

But remember it is up to you to decide whether you trust the remail 
operator or not. Sending mail in a chain of remailers who support PGP
will give the following :

remailer 1 : recieves an ecnrypted message, the system decrypts and
             gives a R-R-To: remailer 2 + an "new" encrypted msg.
             Only remailer 1 could know the real ID of the sender
             but he doesnot know the contents of the remailed msg.
             
remailer 2 : receives an encrypted message from remailer 1, the system
             decrypts and gives a R-R-To: remailer 3 + an "new" encrpted
             message. Remailer 2 only could find out that the message came
             from remailer 1 the real ID an contents of the message is
             being kept secret for remailer 2.
             
remailer 3 : reciever an encrypted message from remailer 2, the system
             decrypts and gives an R-R-To: the recipiant and the decrypted
             message. Remailer 3 only could find out what the contents and
             the recipiant are, the originator will be kept hidden.
             
             
Note that the encrypted messages are "enveloped" in the previous encrypted
message. 

[The msg to rem 1 is encrypted and contains the encrypted mesg for rem 2,
 which does contain the encrypted message for rem 3] 
 
Regz,             
             
--
Exit! Stage Left.
Alex de Joode                                 <usura at vox.hacktic.nl>





From bmorris at netcom.com  Fri Jun 10 03:26:08 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Fri, 10 Jun 94 03:26:08 PDT
Subject: CYBERSPACE IS BY NAT
Message-ID: <199406101026.DAA13004@netcom14.netcom.com>


To: cypherpunks at toad.com

ZZ>    Something which is as legalistically demented as ITAR not allowing
ZZ>    PGP EXE to be exported but which does allow the source and detailed
ZZ>    format changes to be exported!

ZZ> Ah, but it doesn't.  Not in any online and useful format.  Submitting

Hmmm, I thought the MIT FTP site had the source and file formats
available for anyone to download, regardless of geographical location.

 * RM 1.4 B0037 * 
                                                                   





From popetwo at interaccess.com  Fri Jun 10 04:54:38 1994
From: popetwo at interaccess.com (Rev. B. Sanders)
Date: Fri, 10 Jun 94 04:54:38 PDT
Subject: Remailer Chaining Security?
In-Reply-To: <9406100847.AA20331@toad.com>
Message-ID: <Pine.3.89.9406100619.A4621-0100000@flowbee.interaccess.com>


But how does one go about chaining through the remailers? I tried this 
and the message got lost. If indeed you can, does it just involve using 
more than one (anon-to) line in the header?

__________________________________________________________________
Rev. St. Pope Two of the Attachment | Finger me for PGP Public Key
(Secret Masters of Godzilla)        | Pope Two CofA CHILhq 
HAIL ERIS! ALL HAIL DISCORDIA!      | popetwo at interaccess.com
__________________________________________________________________

         






From ravage at bga.com  Fri Jun 10 06:13:17 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 10 Jun 94 06:13:17 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
In-Reply-To: <Pine.3.87.9406100107.A4199-0100000@panix.com>
Message-ID: <199406101313.IAA16876@zoom.bga.com>


> > >
> > Rights are the items of a citizens characteristic which are outside
> > the ability of that government to control within its charter. Rights
> > come before a government forms. If they didn't then you would not be 
> > able to [draft a charter]
> 
> Well, that's one view of rights.  However, most attempts to base so 
> called natural rights (i.e. rights that are somehow intrinsic to human 
> existence) have been largely unsuccesful.  It's a tough argument to make.
>
Seems to me the 'inalienable rights' that are mentioned in our founding 
charter carry this argument quite well. I suspect they also 'prove' them
as well. I am really not saying anything about 'natural' rights though.
The point I am making is that a government is defined by what it can and
can't do. This distinction is made at its creation through its charter.

> Rights are entities that are granted to individuals by 
> governments/agencies in a position to do so.  They exist only after a 
> charter is drafted, because it is their existence in the charter that 
> gives them their power.  The most obvious response when a right is 
> asserted is to ask where it comes from, e.g. to ask "why do you have a 
> right to privacy?"  An answer that makes sense is to say that it is 
> implied in this country's constitution, and therefore is applicable in 
> this country.  
> 
> To suggest that such a right exists independent of a legal context gets 
> you into some pretty tricky territory.  You now have to make some claim 
> about rights that are instrinsic to human existence, which implies that 
> these rights must be common to all forms of social organization, a claim 
> that is real tough to make about such "rights" as privacy and property.
>
Since when isn't the Constitution a legal context?

> A value can exist prior to a charter... I might say, "gee, I value 
> privacy, and I think this value ought to be legitamized by my new 
> charter," but until that charter has been accepted, the right doesn't exist.
> 





From ravage at bga.com  Fri Jun 10 06:37:07 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 10 Jun 94 06:37:07 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
In-Reply-To: <9406091638.AA24624@netmail2.microsoft.com>
Message-ID: <199406101336.IAA17729@zoom.bga.com>


> 
> "Rights are the items of a citizens characteristic which are outside
> the ability of that government to control within its charter. Rights
> come before a government forms. If they didn't then you would not be
> able to give it a charter."
> 
> 	This is true in the sense that one has the right to exist and to 
> function and in general to be oneself independent of artificial 
> government  operations.
> 
> In Nature, you have a "right" to anything you like, but there may be no 
> one besides yourself there to appreciate that fact and to deliver it.  
> When a group of individuals associate and create agreements/charters, 
> the delineation of rights serves to protect their separateness -  their 
> property,   their privacy, their character - against encroachments from 
> the group, by defining consciously where the boundary lines are to be 
> drawn  -   what the individual can expect to keep, in exception to what 
> everyone expects to share.
>
Would you pray tell why these are not 'rights' under that government and
why they are not as 'natural' as any other right?

> Once a group considers itself an official "society" of like-minded 
> individuals, they often begin to demand "rights" which do not naturally 
> belong to them or their society - or which they have not explicity 
> agreed to share:
> 
> .  the right to have what others have created/produced
> (like a service which nature does not automatically arrange for 
> delivery  -  ex:  optical cables & the internet at 3200 bps)
> 
> .  the right to access what is not their own
> (outside of what nature has naturally endowed them with  -   ex: computers)
> 
 Seems to me these are all results of recognizing that property is a possesion
since even optical cables and such are property, either intellectual or 
otherwise. If a government, when formed, is given a charter which limits
the ability of others to access these possessions then I hold their is an
implied 'natural' right.
> not a society."
> 
> 	A society of like-minded individuals can also be a threat to the 
> safety of non-conformists, depending on how the group decides to 
> respond to those who are not exactly like the others.
>     
Only if the charter allows it. I refer you to Santyana.

> Blanc
> 
> 





From jamesd at netcom.com  Fri Jun 10 07:25:09 1994
From: jamesd at netcom.com (James A. Donald)
Date: Fri, 10 Jun 94 07:25:09 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
In-Reply-To: <Pine.3.87.9406100107.A4199-0100000@panix.com>
Message-ID: <199406101425.HAA07044@netcom.com>


Edward Hirsch writes
> Well, that's one view of rights.  However, most attempts to base so 
> called natural rights (i.e. rights that are somehow intrinsic to human 
> existence) have been largely unsuccesful.  It's a tough argument to make.

Not so: In some matters it is a very easy to make.

While I am very interested in this topic, we have drifted away from
direct relevance to the cypherpunks mailing list.

My WWW page is primarily about this and related matters.  I urge those
interested in this topic to access

ftp://ftp.netcom.com/pub/jamesd/index.html

For example if you have a text interface to the internet o
you could type

lynx ftp://ftp.netcom.com/pub/jamesd/index.html

If you have a graphical interface to the internet you could type

mosaic ftp://ftp.netcom.com/pub/jamesd/index.html


 ---------------------------------------------------------------------
We have the right to defend ourselves and our    |
property, because of the kind of animals that we |         James A. Donald
are.  True law derives from this right, not from |
the arbitrary power of the omnipotent state.     |         jamesd at netcom.com





From habs at warwick.com  Fri Jun 10 07:37:06 1994
From: habs at warwick.com (Harry S. Hawk)
Date: Fri, 10 Jun 94 07:37:06 PDT
Subject: Regarding my 500/1 Lurk/Post ratio
In-Reply-To: <199406092006.NAA03399@soda.berkeley.edu>
Message-ID: <9406101723.AA15078@cmyk.warwick.com>



> 	I'll vouch for the fact that Tony Garcia has been on the list since
> at least last May or so of 1993. I had the opportunity to meet him in
> Missouri around that time.

I will also vouch for Tony, I have meet him several times, twice
in the company of Perry Metzger, also with other Extropians...





From ravage at bga.com  Fri Jun 10 07:59:51 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 10 Jun 94 07:59:51 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
In-Reply-To: <199406101425.HAA07044@netcom.com>
Message-ID: <199406101457.JAA20805@zoom.bga.com>


> 
> Edward Hirsch writes
> > Well, that's one view of rights.  However, most attempts to base so 
> > called natural rights (i.e. rights that are somehow intrinsic to human 
> > existence) have been largely unsuccesful.  It's a tough argument to make.
> 
> Not so: In some matters it is a very easy to make.
> 
> While I am very interested in this topic, we have drifted away from
> direct relevance to the cypherpunks mailing list.
>
I disagree strongly with this view. A implicit assumption with the
entire c-punks/crypto discussion is that we have a right under our
charter to use this technology through our rights to privacy, etc.
While it may not address the technical aspects of crypto it does address
the environment it exists in.  

No man is an island, and neither is crypto...

> My WWW page is primarily about this and related matters.  I urge those
> interested in this topic to access
>
Nice advertising...

> ftp://ftp.netcom.com/pub/jamesd/index.html
> 
> For example if you have a text interface to the internet o
> you could type
> 
> lynx ftp://ftp.netcom.com/pub/jamesd/index.html
> 
> If you have a graphical interface to the internet you could type
> 
> mosaic ftp://ftp.netcom.com/pub/jamesd/index.html
> 
> 
>  ---------------------------------------------------------------------
> We have the right to defend ourselves and our    |
> property, because of the kind of animals that we |         James A. Donald
> are.  True law derives from this right, not from |
> the arbitrary power of the omnipotent state.     |         jamesd at netcom.com
> 
> 





From hughes at ah.com  Fri Jun 10 08:10:34 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 10 Jun 94 08:10:34 PDT
Subject: Regulatory Arbitrage
In-Reply-To: <199406092217.SAA29718@zork.tiac.net>
Message-ID: <9406101521.AA20520@ah.com>


   Eurodollars were invented
   to get around American tax and currency regulations, and those of other
   countries. 

Eurocurrency and eurobond markets started about thirty years ago, as
the Bretton Woods monetary agreement was breaking down, which
officially happened in 1973.  So for a good clear twenty years there's
been this mediated market which uses regulatory arbitrage to provide
it's services.  It's been there _longer_than_modern_cryptography_.

One of the reasons eurodollars got created was that at that time a
London bank could offer higher interest rates on dollars than an
American bank could.  They offered better service than the
competition.  They could do so, in part, because neither the USA nor
UK governments put reserve requirements on dollar deposits held in
England banks.

There are real strong lessons here about how a private retail money
system will have to operate long term in order to be immune from local
government interference.

Suppose Bank of the X open a deposit account with, say, Barclay's, a
UK bank.  Barclay's can hold dollars at an account at, say, Citibank
in NY.  Citibank holds it's dollars at the Federal Reserve Bank, where
the buck stops (ahem).  The dollar account at Barclay's is a
eurodollar deposit, a deposit denominated in the currency of the USA
but not held in a bank under the regulation of the USA.  This is a
totally standard arrangement.

Now, suppose I tell you that part of that Barclay's deposit is yours,
after, of course, you give me some US dollars in the same amount.
Suppose, further, that the USA gov't decides they disapprove of you,
and want to take your money.  If they order Citibank to freeze the
Barclay's account, they risk international trade retaliation, because
only a small fraction of that money in Citibank is relevant.  And even
this presumes they know that Citibank is the USA depository bank--and
it likely won't even be the only one.

They might ask Barclay's, "pretty please, would you help us with this
bad person?"  And Barclay's will say (should say, if they still want
X's business) "I'm sorry, you'll have to go talk to X."

And X will say "Who's that?  I don't know who any of my customers
are."

The same internationalization that will limit government action with
repsect to remailers _already_ happens with eurodollars.  I'd suggest
that those who want to know more about this hit the library at this
point.

Did I mention that most eurobond issues are still bearer bonds?

Eric





From usura at vox.hacktic.nl  Fri Jun 10 08:22:57 1994
From: usura at vox.hacktic.nl (Usura)
Date: Fri, 10 Jun 94 08:22:57 PDT
Subject: Remailer Chaining Security? [LONG]
Message-ID: <7VPPNc1w165w@vox.hacktic.nl>



:But how does one go about chaining through the remailers? I tried this 
:and the message got lost. If indeed you can, does it just involve using 
:more than one (anon-to) line in the header?

Note-1: [R-R-T: stands for Request-Remailing-To: ]
Note-2: [You is in this doc abraxas at cyberspace.org, 
         substitute that adress for own if you want 
         to receive the test message yourself]


First you should test only one remailer:

you > remailer 1 > RRT- you


This is what you send:
--
    TO: remailer at jpunix.com
    
    ::
    Request-Remailing-To: abraxas at cyberspace.org
    
    Test of remailer at jpunix.com
------------------------------------------------
        

This is what you receive:
--
        You will receive this message from jpunix.com
        
        From: remailer at jpunix.com
        To: abraxas at cyberspace.org
        
        Test of remailer at jpunix.com
--

If this is succesful you add another remailer:

you > remailer 2 > RRT- rem 2 >> RRT you


This is what you send:
---
    TO: remailer at jpunix.com
    
    ::
    Request-Remailing-To: nobody at kaiwan.com
    
    ::
    Request-Remailing-To: abraxas at cyberspace.org
    
    Test of remailer at jpunix.com and RRT kaiwan.com
-----------------------------------------------------


        Remailer nobody at kaiwan.com will receive this message from
        remailer at jpunix.com
------    
        From: remailer at jpunix.com
        To: nobody at kaiwan.com
        
        ::
        Request-Remailing-To: abraxas at cyberspace.org
        
        Test of remailer at jpunix.com and RRT kaiwan.com
------

    Because the message has the header pasting tokens [::] 
    the remailer at kaiwan.com knows where to send it to.
    
        You will receive this message from kaiwan.com
        
        From: nobody at kaiwan.com
        To: abraxas at cyberspace.org
        
        Test of remailer at jpunix.com and RRT kaiwan.com
---------------------------------------------------------
You can keep adding remailer this way, everytime you receive
a test message back you add another remailer: if you stop receiving
test messages, the last remailer added is most likely "down". You can
check that by using that remailer directly.

---------------------------------------------------------

The above is simple unencrypted remailing. If you want to have an
encrypted chained remailing, you first have to "design" the chain.

    1] send to jpunix.com there RRT kaiwan.com
    2] at kaiwan.com RRT vox.hacktic.nl
    3] at vox.hacktic.nl RRT abraxas at cyberspace.org
    

First you make the 3rd stage:


--
    ::
    Request-Remailing-To: abraxas at cyberspace.org
    
    Test of PGP'ed remailing trough jpunix, kaiwan and vox.
--

The above is encrypted whit the PGPpubKEY of VoX.hacktic.nl and will
result in this:

-----BEGIN PGP MESSAGE-----
Version: 2.6 for VoX Labz.

hIwCWd90FI1WkT0BA/9I6ILVhl5ZpsgKgHye+ng9CokwzdW1pMgcd0ecigppAODe
53LlyVw/hl1ERYIzWW9W4vnuh7sLgu9XjxB515FtT5VSyZLZrhKIF7XtACga2On+
1NmsecLTrgXYcc4k0Y+l66Hs06z92yhFvjXruDBS2Pame0VDtgZo+4aPntioDaYA
AABJsVIWRaJkCib+uek9Pr6GqFP7lwaMqq8XFnFxY42h3Wn3c5DikrzmwKGK5xVs
hmiZnEhJgXvR7jS2cNNOk/geG4SnUqvMTzpq6w==
=b0bT
-----END PGP MESSAGE-----

--    
    
Then you than proceed to the 2nd stage the message wich has to leave
kaiwan.com:

::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: 2.6 for VoX Labz.

hIwCWd90FI1WkT0BA/9I6ILVhl5ZpsgKgHye+ng9CokwzdW1pMgcd0ecigppAODe
53LlyVw/hl1ERYIzWW9W4vnuh7sLgu9XjxB515FtT5VSyZLZrhKIF7XtACga2On+
1NmsecLTrgXYcc4k0Y+l66Hs06z92yhFvjXruDBS2Pame0VDtgZo+4aPntioDaYA
AABJsVIWRaJkCib+uek9Pr6GqFP7lwaMqq8XFnFxY42h3Wn3c5DikrzmwKGK5xVs
hmiZnEhJgXvR7jS2cNNOk/geG4SnUqvMTzpq6w==
=b0bT
-----END PGP MESSAGE-----


But kaiwan.com has to know where to send it to, so the 2nd stage msg is:


::
Request-Remailing-To: remail at vox.hacktic.nl

::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: 2.6 for VoX Labz.

hIwCWd90FI1WkT0BA/9I6ILVhl5ZpsgKgHye+ng9CokwzdW1pMgcd0ecigppAODe
53LlyVw/hl1ERYIzWW9W4vnuh7sLgu9XjxB515FtT5VSyZLZrhKIF7XtACga2On+
1NmsecLTrgXYcc4k0Y+l66Hs06z92yhFvjXruDBS2Pame0VDtgZo+4aPntioDaYA
AABJsVIWRaJkCib+uek9Pr6GqFP7lwaMqq8XFnFxY42h3Wn3c5DikrzmwKGK5xVs
hmiZnEhJgXvR7jS2cNNOk/geG4SnUqvMTzpq6w==
=b0bT
-----END PGP MESSAGE-----

    
The above is then encrypted whit the PGPpubKEY of kaiwan.com:

--
Stage 1:

This new encrypted message gets the headers for jpunix to remail:


::
Request-Remailing-To: nobody at kaiwan.com

::
Encrypted: PGP

-----BEGIN PGG MESSAGE-----

and the PGP encrypted message from stage 2

-----END PGP MESSAGE-----

---

Stage 0: the message you send to jpunix.com

is the encrypted message [with the PGPpubKEY of jpunix.com] of
stage 1 plus a Encrypted: PGP header.


To: remail at jpunix.com

::
Encrypted: PGP

-----BEGIN PGG MESSAGE-----

and the PGP encrypted message from stage 1

-----END PGP MESSAGE-----


--
Exit! Stage Left.
Alex de Joode                                 <usura at vox.hacktic.nl>





From hughes at ah.com  Fri Jun 10 08:45:21 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 10 Jun 94 08:45:21 PDT
Subject: ANNOUNCE: June SF Bay Area physical meeting
Message-ID: <9406101551.AA20596@ah.com>


ANNOUNCEMENT
------------

The June meeting will be held tommorrow, Saturday, June 11, at Silicon
Graphics.  This will be our second meeting at SGI.  We're no longer at
Cygnus; thanks again to John Gilmore for the use of Cygnus facilities.
Thanks to Katy Kislitzin for arranging the use of SGI facilities.

This month's meeting will be about "Keys and Key Distribution."
Contributions are always welcomed; on-topic will have priority, but
off-topic will be fine if we have time.  This month's meeting will be
mostly roundtable discussion.

There will be no MBONE this month.  Look for it next time.

Date: Saturday, June 11, 1994
Time: 12:00 noon - 6:00 p.m.
Place: Cafe Iris, Building 5
       Silicon Graphics
       Mt. View, CA, USA
Theme: "Keys and Key Distribution"

Eric

-----------------------------------------------------------------------------
DIRECTIONS:

  Silicon Graphics, Inc.
  Building 5 (SGI Cafeteria)
  2025 North Shoreline Boulevard
  Mountain View, CA

>From 101 take Shoreline East.  This is towards Shoreline Amphitheatre.
It's also "logical east", and points more north that east.  (That is,
it's east with respect to 101 North, which points west near the exit.)
If you're coming in on 101 South, you'll cross over the bridge.

Continue on Shoreline and go past a whole bunch of other SGI
buildings.  Turn right onto Steirlin Court at the big red metal
sculpture.  There will be even more SGI buildings surrounding
you--take note of the building numbers.  Go almost to the end of this
street.  Building 5 is on the right.





From juola at suod.cs.colorado.edu  Fri Jun 10 08:45:57 1994
From: juola at suod.cs.colorado.edu (Patrick Juola)
Date: Fri, 10 Jun 94 08:45:57 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
Message-ID: <199406101545.JAA29420@suod.cs.colorado.edu>


  > 
  > Well, that's one view of rights.  However, most attempts to base so 
  > called natural rights (i.e. rights that are somehow intrinsic to human 
  > existence) have been largely unsuccesful.  It's a tough argument to make.
  >
  Seems to me the 'inalienable rights' that are mentioned in our founding 
  charter carry this argument quite well. I suspect they also 'prove' them
  as well.

Proof by declaration of self-evidence?  ``We hold these truths to
be self-evident.... that [all humans] are endowed by their creator
with certain inalienable rights."  If, for some reason, I claim that
the right to liberty is *not* self-evident, it can be very difficult
to convince me otherwise.

This is one of the difficulties of natural-rights arguments; that they
tend to assert certain rights (right to privacy, right to property,
right to personal space, right to free speech, &c) axiomatically when they
are often the subject of the discussion.

Patrick





From frissell at panix.com  Fri Jun 10 09:16:57 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 10 Jun 94 09:16:57 PDT
Subject: Regulatory Arbitrage
In-Reply-To: <9406101521.AA20520@ah.com>
Message-ID: <Pine.3.87.9406101205.A24654-0100000@panix.com>




On Fri, 10 Jun 1994, Eric Hughes wrote:

> One of the reasons eurodollars got created was that at that time a
> London bank could offer higher interest rates on dollars than an
> American bank could.  They offered better service than the
> competition.  They could do so, in part, because neither the USA nor
> UK governments put reserve requirements on dollar deposits held in
> England banks.

Another reason was the tax consequences.  If you were a US bank with 
money to lend and you lent it from the US, you owed taxes on the 
earnings.  If you formed a Netherlands Antilles subsidiary and lent money 
the earnings on those loans could be accumulated tax free "forever."  If 
the parent bank in the US could use some of this dough, no need to 
repatriate it, just lend it to the parent -- then the tax-deductible 
interest payments flow from the high-tax parent to the zero-tax 
subsidiary getting more money forever out of the hands of the tax man.

The next time you go to the cinema, read *all* the credits.  Chances are 
you will see a line towards the end like:  "Financing provided by 
SomeBank, NV" indicating a Netherlands Antilles corporation.

The NA became popular because they were covered by the US-Netherlands Tax 
Treaty and thus no tax withholding applied to payments made to the NA.

DCF








From jamiel at sybase.com  Fri Jun 10 10:29:25 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Fri, 10 Jun 94 10:29:25 PDT
Subject: NIST to propose cryptographic APIs
Message-ID: <9406101529.AD20984@ralph.sybgate.sybase.com>


At  4:26 PM 06/09/94 -0700, Brad Shantz wrote:

>that is a slam at RSA. (as such...Bidzo's seems to think that everyone hates
>RSA.  Everyone's out to get them.)

I believe that tends to happen when one thinks about crypto a lot...

-j






From sandfort at crl.com  Fri Jun 10 10:29:53 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Fri, 10 Jun 94 10:29:53 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
In-Reply-To: <199406101336.IAA17729@zoom.bga.com>
Message-ID: <Pine.3.87.9406100949.A19030-0100000@crl.crl.com>


C'punks,

Well, I think we've beaten the "natural rights vs. legislated rights" 
horse too long.  Since Eric raised my consciousness about the purpose of 
this list, hopefully I can help put this old nag to merciful death.

For the purposes of this list, it is *irrelevant* whence right arise.  
Whether "privacy" is a right, a privilege or whatever, Cypherpunks 
want it.  We are in the business of securing privacy by whatever means 
are practical.  To a large degree this means via technology, but we'll 
graciously accept political solutions if they work.

No matter what side you of the "natural rights" question you are on, as a
Cypherpunk, you still want privacy.  Please let's drop this divisive,
time-consuming debate and get back to the code-writing work at hand.  
With courage and technology, we can have the privacy we want irrespective 
of what "they" have in mind for us.


 S a n d y









From bshantz at spry.com  Fri Jun 10 10:44:52 1994
From: bshantz at spry.com (Brad Shantz)
Date: Fri, 10 Jun 94 10:44:52 PDT
Subject: NIST to propose cryptographic APIs
Message-ID: <9406101744.AA02990@homer.spry.com>


Excellent point.

From: jamiel at sybase.com (Jamie Lawrence)
Subject: Re: NIST to propose cryptographic APIs

>>that is a slam at RSA. (as such...Bidzo's seems to think that everyone hates
>>RSA.  Everyone's out to get them.)

>I believe that tends to happen when one thinks about crypto a lot...

 :::::::::::::::::<<< NETWORKING THE DESKTOP >>>:::::::::::::::::
 Brad Shantz                          Internet : bshantz at spry.com
 SPRY Inc                             Ph# (206) 447-0300
 316 Occidental Avenue S. 2nd Floor   FAX (206) 447-9008
 Seattle, WA  98104
 ----------------------------------------------------------------
 "In gopherspace no one can hear you scream."
 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::





From greg at ideath.goldenbear.com  Fri Jun 10 11:17:03 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Fri, 10 Jun 94 11:17:03 PDT
Subject: Hum, 100 - 78.4 = 21.6 % spying
Message-ID: <m0qCAfr-0005HEC@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----

Harry Bartholomew writes:

>     If anyone has Macworld perhaps we might contact the author for
>     further details.  It seems to me a startling point to be told
>     that one in five email users IS being spied on.  How many more
>     encryption buffs might emerge if this were common knowledge?

The Macword survey is old news - about six months, if I remember right.
I'll see if I can dig up my copy.

I think we'd all turn into encryption buffs if the real extent of E-mail
surveillance was known; there are plenty of curious or nosy folks out there
with legitimate (or otherwise) access to root, or the local equivalent.
I'm not thinking of policy-oriented systematic plans of oversight, but the
occasional fishing expedition on a Friday night when everyone else is off
of the machine, and [..]. I've run into too many folks who admit to a once-in
a-while exploration of /usr/spool/mail to think that anything in there is
really secret. It's educational to see what happens to traditional notions
of ethics when paychecks are a week late, the managers are locked in the
conference room, and people are starting to wonder about who gets laid off
next. 
 

-----BEGIN PGP SIGNATURE-----
Version: 2.5

iQCVAgUBLfinEH3YhjZY3fMNAQHsuQP/U9+TNjmkKrwDGzrG1xcEyrIpyFSJZkBX
2jcZqlyxzm+MR2QJ0hUiBaTyFjdy862Ro6Mc9RkGldswdM5PB8iJVrxZwaoA9dMj
VOF4pPQjt0HzmFnjolhjK7+O1Gvx8zKxlUZtyCPftULCublFeTuQpRYg81FSOn9U
xp0GDcNKUnc=
=64Dg
-----END PGP SIGNATURE-----




From thumper at kaiwan.com  Fri Jun 10 11:28:21 1994
From: thumper at kaiwan.com (thumper)
Date: Fri, 10 Jun 94 11:28:21 PDT
Subject: Windows PGP and remailer list
In-Reply-To: <199406081647.AA25161@xs4all.hacktic.nl>
Message-ID: <Pine.3.89.9406101147.A26017-0100000@kaiwan.kaiwan.com>


On Thu, 8 Jun 1994 an49 at desert.hacktic.nl wrote:

> 1.  What is the best implementation of a Windows GUI for
> PGP out there?

My personal favorite is PGP Front. I sent it to soda.berkeley.edu awhile 
back but I never checked if they put it up. The filename should be

pfw11.zip

> 
> 2.  Where do I 'finger' to get the latest remailer list?

ghio at andrews.cmu.edu


Thumper (yeah, just Thumper) =-=-=-=-=-=-=-=-=- GREP THIS NSA! =-=-=-=-=-=-=-
thumper at kaiwan.com           - PGP NSA ViaCrypt 2600 Phrack EFF #hack LOD/H =
Finger for PGP 2.6 Pub Key   = 950 FBI MindVox ESN KC NUA QSD Hacker DEFCON -
Big Brother *IS* watching!   - SprintNet MCI AT&T HoHoCon DNIC TRW CBI 5ESS =





From jamesh at netcom.com  Fri Jun 10 11:46:03 1994
From: jamesh at netcom.com (James Hightower)
Date: Fri, 10 Jun 94 11:46:03 PDT
Subject: Cop On The Net - Watch Your ***
Message-ID: <199406101845.LAA28722@netcom.com>


Forwarded message:
> From owner-cypherpunks at toad.com Thu Jun  9 23:51:13 1994
> Date: Thu, 9 Jun 1994 20:38:05 -1000 (HST)
> From: NetSurfer <jdwilson at gold.chem.hawaii.edu>
> Subject: Cop On The Net - Watch Your ***
> To: cypherpunks at toad.com
> Message-Id: <Pine.3.07.9406092005.b20232-b100000 at gold.chem.hawaii.edu>
> Mime-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Sender: owner-cypherpunks at toad.com
> Precedence: bulk
> 
> 
> Just when you thought it was safe to surf in the sunlight...
> 
> 
> -NetSurfer
> 
> #include standard.disclaimer
> 
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> ==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
>  "  "    " |P. O. Box 15432        |finger for key / Viacrypt Reseller  >
>  "  " /\ " |Honolulu, HI  96830    |====================================>
> \"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> 
> ---------- Forwarded message ----------
> Date: Fri, 10 Jun 1994 00:13:43 -0400
> From: E-d-u-p-a-g-e <info at ivory.educom.edu>
> Subject: E-d-u-p-a-g-e 06/09/94
> 
> CYBERCOP 
>         A former New Jersey police officer now spends his time cruising for
> suspects in cyberspace and has been involved in dozens of criminal
> investigations, including a sting operation that nabbed a pedophile who
> lured young rape victims via a bulletin board service.  (Tampa Tribune
> 6/8/94 BayLife 5)
> 
> E-MAIL PRIVACY 
>         A survey of 301 companies by Macworld Magazine showed that 78.4% of
> the firms do not spy on employee e-mail or search their electronic files. 
> Sen. Paul Simon (D-Ill.) has drafted legislation requiring that companies
> tell their workers that their e-mail might be monitored. (Tampa Tribune
> 6/8/94 BayLife 5)
> 
> PAT ROBERTSON EYES VIETNAMESE CABLE TV  
>         Religious broadcaster Pat Robertson wants to build a cable-TV
> system in Vietnam and is confident a deal can be struck after meeting with
> government and TV officials in Hanoi. The proposed system will use
> microwave technology to beam dozens of channels to homes. (Investor's
> Business Daily 6/8/94 A9)
> 
> 
> 
> 
> 


-- 
JJH
--
My loathings are simple: 
stupidity, oppression, crime, cruelty, soft music.      -Vladimir Nabokov




From bwallet at mason1.gmu.edu  Fri Jun 10 11:52:06 1994
From: bwallet at mason1.gmu.edu (Bradley C Wallet)
Date: Fri, 10 Jun 94 11:52:06 PDT
Subject: Windows PGP and remailer list
In-Reply-To: <Pine.3.89.9406101147.A26017-0100000@kaiwan.kaiwan.com>
Message-ID: <Pine.3.89.9406101402.A5861-0100000@mason1.gmu.edu>


> > 1.  What is the best implementation of a Windows GUI for
> > PGP out there?
> 
> My personal favorite is PGP Front. I sent it to soda.berkeley.edu awhile 
> back but I never checked if they put it up. The filename should be
> 
> pfw11.zip

cool program...it is pwf20.zip actually...archie 4 that...u look for pfw, 
and u will get a neat little wargame...

brad





From ravage at bga.com  Fri Jun 10 12:08:07 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 10 Jun 94 12:08:07 PDT
Subject: back to programming projects...
Message-ID: <199406101907.OAA00539@zoom.bga.com>


I have recently come into the possession of 3 working Ridge 3200 super-mini's
running Unix. I intend to place all 3 on a ethernet hooked into my inet feed
and have one as a re-mailer.

On the remialer front what I intend is sorta the following:

1. all messages sent out will be sent encrypted. This will require both
   sender and reciever to have a public key on record w/ the mailer.

2. messages will be cached and re-transmitted after a random delay. I intend
   to generate a random number between 0 and 24. When the appropriate hour
   arrives all messages with that time stamp will be sent encrypted.

3. We intend to support anonymous as well as explicit addressing.

Anyone got any experience w/ Ridge products? I have contacted the designer
and he is willing to help us out (Ridge is out of business) with support
on the 3 machines.

Just for info, of the remaining two - one will be used as a remote ray-trace
engine and the third there just as backup and for playing with. These macnines
are pretty quick from what little experience I have with them.

The Wired Society - Dedicated to a global VR network and taco's...






From Eric_Weaver at avtc.sel.sony.com  Fri Jun 10 12:27:01 1994
From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver)
Date: Fri, 10 Jun 94 12:27:01 PDT
Subject: back to programming projects...
In-Reply-To: <199406101907.OAA00539@zoom.bga.com>
Message-ID: <9406101926.AA01298@sosfc.avtc.sel.sony.com>


   From: Jim choate <ravage at bga.com>
   Date: Fri, 10 Jun 1994 14:07:49 -0500 (CDT)

   I have recently come into the possession of 3 working Ridge 3200
   super-mini's running Unix. I intend to place all 3 on a ethernet
   hooked into my inet feed and have one as a re-mailer.

   On the remialer front what I intend is sorta the following:

   1. all messages sent out will be sent encrypted. This will require
   both sender and reciever to have a public key on record w/ the
   mailer.

How about the sender encrypting with the REMAILER'S public key, and
the remailer sending out encrypted with its own private key?  That way
no registry is necessary.  If a sender doesn't trust the remailer,
let the sender sub-encrypt the message inside the remail headers.

   2. messages will be cached and re-transmitted after a random delay.
   I intend to generate a random number between 0 and 24. When the
   appropriate hour arrives all messages with that time stamp will be
   sent encrypted.

I hope some header field can be defined to specify a maximum delay,
and perhaps use the random number as a proportion of that maximum.

   3. We intend to support anonymous as well as explicit addressing.

Could you amplify on this?

   Anyone got any experience w/ Ridge products? I have contacted the
   designer and he is willing to help us out (Ridge is out of
   business) with support on the 3 machines.

Pretty snappy, but make sure they're well cooled.






From gnu at eff.org  Fri Jun 10 12:30:33 1994
From: gnu at eff.org (John Gilmore)
Date: Fri, 10 Jun 94 12:30:33 PDT
Subject: URGENT:  Please Tell Congress to Allow Encryption Export
Message-ID: <199406101926.PAA28586@eff.org>


        House Intelligence Committee holds key to Crypto Export
         ask at eff.org     June 9, 1994      *DISTRIBUTE WIDELY*

Today, the U.S. State Department controls the export of most
encryption, working closely with the National Security Agency (NSA) to
limit products that provide real privacy, from cell-phones to PC
software.  A bill introduced by Rep. Maria Cantwell would instead give
authority over non-military crypto exports to the Commerce Department.
Commerce has much more reasonable regulations, with "First
Amendment"-style unlimited publishing of publicly available software,
including PGP, Kerberos, RIPEM, RSAREF, and mass-market commercial
software.  The bill also prevents the Commerce Dept. from tightening
the regulations even if NSA somehow gets its tentacles into Commerce.

A few months ago, you-all sent over 5600 messages to Rep. Cantwell in
support of her bill, H.R. 3627.  As a result, on May 18, the bill
passed the House Foreign Affairs Committee by being incorporated into
the Export Administration Act of 1994, H.R. 3937.

Now the battle has become more intense.  This portion of H.R. 3937 has
been referred to the House Intelligence Committee with the intent to
kill or severely maim it.  We need your help again, to urge the
Intelligence Committee to keep crypto export liberalization intact.

The House and Senate Intelligence Committees, the only watchdogs for
the NSA, tend to follow the agency's wishes when they wave the magic
"national security" wand.  They need plenty of input from the public
that tells them that the nation will be *more* secure with good
encryption, even though the NSA will be less happy.

Not just computer users, but all users of telephones, cable TV, health
care, and credit information systems would benefit from this change.
The security of these applications is built on the foundation laid by
the operating systems and network protocols on which they run.  If
this bill is passed, you will see high quality encryption built into
Microsoft Windows, into the MacOS, into major Unix workstations, into
the Internet, into cellular phones, into interactive television.  The
software already exists for confidentiality, privacy, and security of
local and networked information, but it's not built-in to these
systems because of the export ban.  Today, each company could build
two operating systems, one gutted for international use, but this
would be costly and confusing for them and their customers, and would
not allow international networks such as the Internet or telephones to
be made secure and private.  With this bill, these limits disappear.

Furthermore, the Clinton Administration plans to permit high volume
exports of Clipper products, while continuing to require tedious
paperwork for truly secure encryption products.  The bill would give
Clipper and other crypto software more even-handed treatment.

The bill also eliminates a senseless situation on the Internet.
Today, crypto software can only be freely distributed from non-U.S.
archive sites.  It would eliminate that problem as well as the threat
of prosecution against U.S. freeware authors of crypto software.

This is the dream we've all been working toward.  Here's how you can
help to make this dream a reality.  The Intelligence Committee must
make its decision on the bill before June 17, so time is critical:

1) Fax a short letter TODAY to the chair of the Intelligence
Committee, Representative Dan Glickman (D-KS).  Ask him in your own
words to leave the encryption provisions of H.R. 3937 intact.  Use a
positive tone ("Please support...") rather than a flame or a rant.
One paragraph is fine.  State your title and organization if you will
look more important or better informed than the average citizen.  Rep.
Glickman's committee fax number is +1 202 225 1991.  This is the best
option, since individual letters are given the most weight by members
of Congress, particularly when sent on letterhead paper.

2) If you are unable to fax a letter, send an e-mail message to Rep.
Glickman at glickman at eff.org.  Software or staff at the Electronic
Frontier Foundation will either fax it in, or print it out and
hand-deliver it for you.

3) Send a copy of this message to everyone you know in Kansas, and
personally urge them to write to Rep. Glickman today.  Letters from
constituents get a lot more weight, since they are from people who
could actually vote for or against him in the next election.

4) If your own Representative is on the Intelligence Committee, send
him or her a copy of what you sent Rep. Glickman.  There's a list of all
such Reps. below.  Even if we lose this battle, you will have started
educating your own Rep. about crypto policy.

5) Become a member of EFF.  Our strength comes from our members' strength.
Send a note to membership at eff.org asking how to join.

Thanks again for your help!  You can check at any time on the current
status of the campaign at the location below.  Send any comments on
this campaign to campaign at eff.org.


John Gilmore
Chairman, EFF Crypto Committee
EFF Board of Directors
Member of Computer Professionals for Social Responsibility
Member of International Association for Cryptologic Research


House Intelligence Committee Members
------------------------------------

Subcommittee phone:  +1 202 225 4121
Subcommittee fax:    +1 202 225 1991    <== send your fax HERE <==

p st name                     phone             fax
___________________________________________________________________________
D KS Glickman, Daniel         +1 202 225 6216   private            Chair 
D WA Dicks, Norman D.         +1 202 225 5916   +1 202 226 1176
D CA Dixon, Julian C.         +1 202 225 7084   +1 202 225 4091
D NJ Torricelli, Robert       +1 202 224 5061   +1 202 225 0843
D TX Coleman, Ronald D.       +1 202 225 4831   +1 202 225 4831
D CO Skaggs, David E.         +1 202 225 2161   +1 202 225 9127
D NV Bilbray, James H.        +1 202 225 5965   +1 202 225 8808
D CA Pelosi, Nancy            +1 202 225 4965   +1 202 225 8259
D TX Laughlin, Gregory H.     +1 202 225 2831   +1 202 225 1108
D AL Cramer Jr, Robert (Bud)  +1 202 225 4801   private
D RI Reed, John F.            +1 202 225 2735   +1 202 225 9580
D MO Gephardt, Richard A.     +1 202 225 2671   +1 202 225 7452
R TX Combest, Larry           +1 202 225 4005   +1 202 225 9615
R NE Bereuter, Douglas        +1 202 225 4806   +1 202 226 1148
R CA Dornan, Robert K.        +1 202 225 2965   +1 202 225 3694
R FL Young, C. W. (Bill)      +1 202 225 5961   +1 202 225 9764
R PA Gekas, George W.         +1 202 225 4315   +1 202 225 8440
R UT Hansen, James V.         +1 202 225 0453   +1 202 225 5857
R CA Lewis, Jerry             +1 202 225 5861   +1 202 225 6498
R IL Michel, Robert H.        +1 202 225 6201   +1 202 225 9461

The full text of this alert is stored at:

  ftp.eff.org, /pub/Alerts/export.alert
  gopher.eff.org, 1/Alerts, export.alert
  http://www.eff.org/pub/Alerts/export.alert
  BBS (+1 202 638 6120, 8N1): "Alerts" file area, export.alt

The actual text of this part of H.R. 3937 is at:

  ftp: ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt
  gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export, hr3937_crypto.excerpt
  http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt
  BBS: "Privacy--Crypto" file area, hr3937.crp

For current status on the bill:

  ftp.eff.org, /pub/Alerts/export_alert.update
  gopher.eff.org, 1/Alerts, export_alert.update
  http://www.eff.org/pub/Alerts/export_alert.update
  BBS: "Alerts" file area, export.upd

A general Web page on crypto export policy is at:

  http://www.cygnus.com/~gnu/export.html






From kentborg at world.std.com  Fri Jun 10 12:45:33 1994
From: kentborg at world.std.com (Kent Borg)
Date: Fri, 10 Jun 94 12:45:33 PDT
Subject: New Yorker First Flame Author on TotN
Message-ID: <199406101945.AA02805@world.std.com>


I forget his name, but the guy who wrote the New Yorker article about
being flamed will be on National Public Radio program "Talk of the
Nation" on Monday.  I don't know which hour, but the live feed (and
live is important for a phone-in program) is 2 PM through 4 PM ES/DT.

Let's not all start phoning just yet, and when we do let's all be calm
and not flame him without listening to him first.  For example, the
excerpts of the original article posted here on c'punks wasn't the
best example of editing that I have ever seen (slight flame there...),
it seemed to attribute to him things I don't think he said.

The subject is flaming, we will be in public, let's all be calm...

-kb

--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 28:15 hours of TV viewing so far in 1994!





From pls at crl.com  Fri Jun 10 13:04:07 1994
From: pls at crl.com (Paul Schauble)
Date: Fri, 10 Jun 1994 13:04:07 -0700
Subject: Delayed self-encrypting messages
Message-ID: <mailman.229.1576007180.31620.cypherpunks-legacy@lists.cpunks.org>

I have a need to distribute some information fairly widely, but it's 
critical that it not be openly revealed before a certain date. Consider the 
model of an embargoed press release.

Can I do this with crypto technology? Can I send someone a message, and 
possible a program, such that the message can only be decrypted after a 
predetermined date?



    ++PLS



----- End Included Message -----

You could do the simple way, distribute the message, then a key at the
later date.  To make sure the encrypted message is genuine, sign the message
encrypt it, then sign it again, to ensure that people know that the
encrypted text is okay.






From pls at crl.com  Fri Jun 10 13:06:16 1994
From: pls at crl.com (Paul Schauble)
Date: Fri, 10 Jun 94 13:06:16 PDT
Subject: Delayed self-encrypting messages
Message-ID: <199406102004.AA12160@crl.crl.com>


I have a need to distribute some information fairly widely, but it's 
critical that it not be openly revealed before a certain date. Consider the 
model of an embargoed press release.

Can I do this with crypto technology? Can I send someone a message, and 
possible a program, such that the message can only be decrypted after a 
predetermined date?



    ++PLS



From dfloyd at runner.utsa.edu  Fri Jun 10 13:29:00 1994
From: dfloyd at runner.utsa.edu (Douglas R. Floyd)
Date: Fri, 10 Jun 94 13:29:00 PDT
Subject: Delayed self-encrypting messages
Message-ID: <9406102029.AA05948@runner.utsa.edu>



----- Begin Included Message -----


From jim at rand.org  Fri Jun 10 13:32:34 1994
From: jim at rand.org (Jim Gillogly)
Date: Fri, 10 Jun 94 13:32:34 PDT
Subject: Delayed self-encrypting messages
In-Reply-To: <199406102004.AA12160@crl.crl.com>
Message-ID: <9406102032.AA14793@mycroft.rand.org>



> Paul Schauble <pls at crl.com> writes:
> Can I do this with crypto technology? Can I send someone a message, and 
> possible a program, such that the message can only be decrypted after a 
> predetermined date?

I think you would need a trusted time server that sends out signed
timestamps... you can't trust other time sources, including WWV (just
broadcast a signal locally to swamp the signal).





From sidney at taurus.apple.com  Fri Jun 10 13:44:16 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Fri, 10 Jun 94 13:44:16 PDT
Subject: New Yorker First Flame Author on TotN
Message-ID: <9406102043.AA11389@federal-excess.apple.com>


He was interviewed by Terry Gross on "Fresh Air", also a nationally
syndicated public radio show, though not with call in, earlier this week, I
think Wednesday. He came across as a very naive, "sensitive" guy, who was
enamored over the possibility of an electronic academic utopian community
and was rudely shocked when he first discovered the phenomenum of flaming
there in his mailbox. The interview was focused on his feelings during his
introduction to cyberspace and to flaming, what the world of e-mail and
bulletin boards is like for technological newbies, and did not at all get
into issues of pornography, anonymity, encryption, etc. He did not seem as
if he would be competent to talk about those issues and he did not try to.



 -- sidney markowitz <sidney at apple.com>
    SK8board Punk Rocket Scientist      [not speaking for Apple!]
    Advanced Technology Group           voice: (408) 862-4319
    Apple Computer, Inc., M/S 301-3D    fax: (408) 974-8414
    1 Infinite Loop                     AppleLink: SIDNEY
    Cupertino, CA 95014                 Internet: sidney at apple.com








From Eric_Weaver at avtc.sel.sony.com  Fri Jun 10 13:47:38 1994
From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver)
Date: Fri, 10 Jun 94 13:47:38 PDT
Subject: back to programming projects...
In-Reply-To: <199406102033.PAA04147@zoom.bga.com>
Message-ID: <9406102047.AA01923@sosfc.avtc.sel.sony.com>


   From: Jim choate <ravage at bga.com>
   Date: Fri, 10 Jun 1994 15:33:44 -0500 (CDT)

   [Sez Weaver:]
   > How about the sender encrypting with the REMAILER'S public key, and
   > the remailer sending out encrypted with its own private key?  That way
   > no registry is necessary.  If a sender doesn't trust the remailer,
   > let the sender sub-encrypt the message inside the remail headers.
   >

   I am not worried about their trusting me, I *don't* trust them...

   If the sender wants to encrypt that is fine. I will encrypt ALL outgoing
   with the recievers public key. Assuming the original reciever wants to
   reply the original sender will need a key in order for me to encrypt to
   them.

Please excuse my density, but against what are you defending by this
measure?  What don't you trust them about?

   > 
   > I hope some header field can be defined to specify a maximum delay,
   > and perhaps use the random number as a proportion of that maximum.
   >

   All messages will recieve a time stamp for transmission that will be no
   more than 24hrs away. The time stamp will be random. Until the clock 
   matches the stamp it sits encrypted w/ the recipients keys in a cache.
   Submitters will have no say in how long the message waits. If you want
   encryption and security you have to give something up. Besides if a user
   don't like the way I run it they don't have to use it.

True.  Then again, if it's your goal to provide something useful
that'll be used, well, a fixed 12-hour-average delay places a pretty
tight upper bound on usefulness.

   >    3. We intend to support anonymous as well as explicit addressing.
   > 
   > Could you amplify on this?
   >

   Yes, a sender will be able to designate whether they wish their return 
   accdress to be hidden behind an anon system or else we leave it on there
   relying on the encryption for security.

Cool.  Will it employ "anon handles" like some of the personals
remailers use?

   On the issue of traffic analysis:

   It occurs to me that simply monitoring a remailers feeds and their traffic
   analysis will provide enough information to determine the difference between
   bogus (ie random generated) and real traffic. While it may be possible for
   a sysadmin to make their systems traffic appear confusing *if* they don't 
   factor in their feeds traffic when a spook looks at not only the target 
   system but the feed systems and the traffic analysis on them you could
   determine to some degree of precision the amount and possible the actual
   bogus packets v the real traffic. Just a thought...

If I understood this properly, maybe you could scale back the
"Potemkin" traffic to level out the load.





From pcw at access.digex.net  Fri Jun 10 14:00:06 1994
From: pcw at access.digex.net (Peter Wayner)
Date: Fri, 10 Jun 94 14:00:06 PDT
Subject: Time Locks-- Re: Delayed self-encrypting messages
Message-ID: <199406102059.AA08073@access3.digex.net>


>----- Begin Included Message -----
>
>>From owner-cypherpunks at toad.com Fri Jun 10 15:13 CDT 1994
>Date: Fri, 10 Jun 1994 13:04:07 -0700
>From: Paul Schauble <pls at crl.com>
>To: Cypherpunks at toad.com
>Subject: Delayed self-encrypting messages
>Precedence: bulk
>
>I have a need to distribute some information fairly widely, but it's 
>critical that it not be openly revealed before a certain date. Consider the 
>model of an embargoed press release.
>
>Can I do this with crypto technology? Can I send someone a message, and 
>possible a program, such that the message can only be decrypted after a 
>predetermined date?
>
>
>
>    ++PLS
>
>
>
>----- End Included Message -----
>
>You could do the simple way, distribute the message, then a key at the
>later date.  To make sure the encrypted message is genuine, sign the message
>encrypt it, then sign it again, to ensure that people know that the
>encrypted text is okay.


This is a good method, but let's say that you die in between? What happens?
I wrote a paper on Crypto Time Locks that is a fair to okay solution. It was
a loose extension on a scheme from Crypto 92 for reducing Junk Mail. 

Here's a summary:

What you want is an encryption function f and its inverse f' such that 
computing f' takes some factor of n times longer than f. 
So if you want to lock things up for 128 days and you're willing to 
put in 1 day of computation time, then you look for a pair of f and f' 
such that n=128. 

One example of such a pair is DES with 48 bits of the key fixed. The locker
chooses the extra 8 bits at random. The unlocker tries all 256 combinations
until the correct answer is found. 

Actually, you want to don't want to use DES, you want to use a variant
that I'll call k-DES for lack of a better name at this time. k-DES is
DES with more than 16 rounds. It is DES with enough rounds to make it
run for k units of time on the fastest, commonly available RISC chip. 
Note that this is an inherently serial computation. 

A better approach would probably be to use some sort of triple DES variation
with more fixed bits to prevent birthday attacks. 

This simple version is succeptable to attacks by parallel machines. There
are better versions that I don't have time to describe at this moment.

You can also construct pairs of f and f' using public key functions. When
you need to choose one of the two keys, set one to be 3 or 5 or some small
number. That means that exponentiation for locking (encryption) will only
take log(3) steps. But decryption could take log(X) steps where X is the 
other key. Note that the "strength" of RSA is not being used in this case.
Everyone knows both keys. But decrypting with one is still a factor of
n times longer. 

Copies of the extended paper are available to anyone curious.

-Peter Wayner
  







From dfloyd at runner.utsa.edu  Fri Jun 10 14:12:58 1994
From: dfloyd at runner.utsa.edu (Douglas R. Floyd)
Date: Fri, 10 Jun 94 14:12:58 PDT
Subject: Time Locks-- Re: Delayed self-encrypting messages
Message-ID: <9406102113.AA07419@runner.utsa.edu>



(Timelock algorithm deleted)

---

That is a good way for locking it up for a while, but if it is really
time sensitive, the use of parallel key guessing machines would stick a
sock in this method.

Here are some (non crypto) alternatives that you can use if you want to
delay giving out the key after posting the cyphertext of the message:

1:  Give the key to a trusted party, like your attorney to give out.
2:  Find some way of getting the key lost via transport via SMTP daemons.  If
    a host gets mail regularly via a UUCP connection, bounce it X times off
    that host.
3:  Get the key "lost" in snail mail by this route.  Mail it to a friend or
    a neutral party (Many copies if you may be snuffed in the process, to
    many people, and make "smokescreen" mails too).  This would only work
    for messages with a short delay (24-48 hours).
4:  (Very farfetched, but I am running out of ideas)  Use a laser to bounce
    the key off a far planet or some body and the light travelling to there
    and back may give a decent delay.  I do not know how you would get a
    coherent message back though.

BTW:  The time-lock idea sounds good, the mail list driver echoed it twice :)

PS:  Anyone have any better ideas for a secure crypto way of doing this? ;)






From ravage at bga.com  Fri Jun 10 14:34:20 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 10 Jun 94 14:34:20 PDT
Subject: back to programming projects...
In-Reply-To: <9406102047.AA01923@sosfc.avtc.sel.sony.com>
Message-ID: <199406102134.QAA06628@zoom.bga.com>


> 
>    From: Jim choate <ravage at bga.com>
>    Date: Fri, 10 Jun 1994 15:33:44 -0500 (CDT)
> 
>    [Sez Weaver:]
>    > How about the sender encrypting with the REMAILER'S public key, and
>    > the remailer sending out encrypted with its own private key?  That way
>    > no registry is necessary.  If a sender doesn't trust the remailer,
>    > let the sender sub-encrypt the message inside the remail headers.
>    >
> 
>    I am not worried about their trusting me, I *don't* trust them...
> 
>    If the sender wants to encrypt that is fine. I will encrypt ALL outgoing
>    with the recievers public key. Assuming the original reciever wants to
>    reply the original sender will need a key in order for me to encrypt to
>    them.
> 
> Please excuse my density, but against what are you defending by this
> measure?  What don't you trust them about?
>
Why should I trust them at all? Why should I willingy become an occomplice
in any of their activities? I don't anyone, including me, being able to 
figure out what is going on. But more importantly you seem to assume that
these pair of communicators are not trying to determine something about me
with their traffice. By encrypting the outgoing the reciever is shure that
it came from my re-mailer and not somebody else. If the sender wants to 
be shure the reciever can verify it is from them they can use their own set
of keys to pass the encrypted traffic. With this technique they can be shure
that the remailer they intended to handle it did so correctly as well as the
original source.

>    > 
>    > I hope some header field can be defined to specify a maximum delay,
>    > and perhaps use the random number as a proportion of that maximum.
>    >
> 
>    All messages will recieve a time stamp for transmission that will be no
>    more than 24hrs away. The time stamp will be random. Until the clock 
>    matches the stamp it sits encrypted w/ the recipients keys in a cache.
>    Submitters will have no say in how long the message waits. If you want
>    encryption and security you have to give something up. Besides if a user
>    don't like the way I run it they don't have to use it.
> 
> True.  Then again, if it's your goal to provide something useful
> that'll be used, well, a fixed 12-hour-average delay places a pretty
> tight upper bound on usefulness.
>
Really? Exactly what are you sending that 24 hrs makes a damn as far as the
reciever getting it? If it is that time critical you aren't going to use a 
public re-mailer anyway, too unreliable. With a public re-mailer there is
no guarantee that I don't keep a image of the original and go ahead and
pass along a image. I think usefulness is something we each have to decide 
on. If it works for me and not for you that means absolutely nothing.
If others won't use it, fine by me. I run my system for me and a close
group of associates, if other callers (it is open to the public) find it
inconvenient or strange, too bad. Let them spend their own money and time
and build something exactly like they want. 

>    >    3. We intend to support anonymous as well as explicit addressing.
>    > 
>    > Could you amplify on this?
>    >
> 
>    Yes, a sender will be able to designate whether they wish their return 
>    accdress to be hidden behind an anon system or else we leave it on there
>    relying on the encryption for security.
> 
> Cool.  Will it employ "anon handles" like some of the personals
> remailers use?
>
Well I intend for it to use pseudonyms (ie ravage) for this sort of stuff.
I will create a libary of rules (probably in REXX) that will generate a 
list of names on demand. I really don't find 'anonxxxxx' that interesting.
The users will be able to either select their 'nym or else can generate it
for them.

>    On the issue of traffic analysis:
> 
>    It occurs to me that simply monitoring a remailers feeds and their traffic
>    analysis will provide enough information to determine the difference between
>    bogus (ie random generated) and real traffic. While it may be possible for
>    a sysadmin to make their systems traffic appear confusing *if* they don't 
>    factor in their feeds traffic when a spook looks at not only the target 
>    system but the feed systems and the traffic analysis on them you could
>    determine to some degree of precision the amount and possible the actual
>    bogus packets v the real traffic. Just a thought...
> 
> If I understood this properly, maybe you could scale back the
> "Potemkin" traffic to level out the load.
> 
Unfortunately I don't have control over the traffic on these other systems,
and I suspect most other sysadmins don't either. The bottem line is that
if all a spook looks at is my system I can hide the traffic. If they 
include in their analysis the 'surrounding' systems then I am out of luch
unless they also take active measures to hide their traffic patterns. The 
problem I see with this is who pays for it? I spend a couple hundred a 
month on my systems feeds and such, this is a tidy chunk of change out of
my pocket (I work at a community college) and I suspect few people will
find such expenses worth the effort. Also since my feed is a SLIP bandwidth
is at a premium, bogus packets are not something I will spend a lot of time
generating. In a network of mailers like I envision the layers of encryption
is what provides the protection along w/ the 'nyms.





From mech at eff.org  Fri Jun 10 14:41:12 1994
From: mech at eff.org (Stanton McCandlish)
Date: Fri, 10 Jun 94 14:41:12 PDT
Subject: UPDATE to "Please Tell Congress to Allow Encryption Export"
Message-ID: <199406102139.RAA03374@eff.org>


R-IL Rep. Robert H. Michel's fax number has been changed.  The current
number is +1 202 225 9249.  If Rep. Michel is your Congressman, please
IMMEDIATELY ask him to help ensure that the Cantwell bill HR3627's crypto
export provisions remain in the current Export Administration Act of 1994,
HR 3937, and send a copy of your fax to the Chair of the House
Intelligence Committee, Rep. Dan Glickman (D-KS), at +1 202 225 1991.
If unable to fax, you can send your letter to glickman at eff.org, and it
will be faxed or delivered by hand to Rep. Glickman by EFF.

See ftp.eff.org, /pub/Alerts/export.alert for more information.

-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From ravage at bga.com  Fri Jun 10 14:42:58 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 10 Jun 94 14:42:58 PDT
Subject: Delayed self-encrypting messages
In-Reply-To: <9406102032.AA14793@mycroft.rand.org>
Message-ID: <199406102142.QAA06951@zoom.bga.com>


> 
> 
> > Paul Schauble <pls at crl.com> writes:
> > Can I do this with crypto technology? Can I send someone a message, and 
> > possible a program, such that the message can only be decrypted after a 
> > predetermined date?
> 
> I think you would need a trusted time server that sends out signed
> timestamps... you can't trust other time sources, including WWV (just
> broadcast a signal locally to swamp the signal).
> 
Use the GPS systems. They are synced to the NITS (or whatever they call it 
now) and have time stamps coded in them. As to swamping out a sat or two,
yeah could be done but they would have to be mighty high above you in
a airplane or blimp or something...






From pls at crl.com  Fri Jun 10 14:43:12 1994
From: pls at crl.com (Paul Schauble)
Date: Fri, 10 Jun 94 14:43:12 PDT
Subject: Delayed self-decrypting message
Message-ID: <Pine.3.87.9406101400.A16475-0100000@crl.crl.com>



I have a need to give several people an information file that is secured 
until a given date. Think of an embargoed press release for a model.

Can I do this with crypto technology? Is there a way I can send out a 
file and perhaps a tool such that the file can be decrypted only after a 
given date?

    ++PLS






From jgostin at eternal.pha.pa.us  Fri Jun 10 14:50:51 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Fri, 10 Jun 94 14:50:51 PDT
Subject: (None)
Message-ID: <940610164900W2Wjgostin@eternal.pha.pa.us>


Paul Schauble <pls at crl.com> writes:

> Can I do this with crypto technology? Can I send someone a message, and 
> possible a program, such that the message can only be decrypted after a 
> predetermined date?
     Easy to do! Send out encrypted text, along with a plaintext note
explaining that the information is time sensitive. Further explain that
the key needed to undo the encryption will be sent out at the appropriate
time. Then, just sit tight, and wait for the time to come.

                                        --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From jgostin at eternal.pha.pa.us  Fri Jun 10 14:51:24 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Fri, 10 Jun 94 14:51:24 PDT
Subject: back to programming projects...
Message-ID: <940610164321E4ijgostin@eternal.pha.pa.us>


Jim choate <ravage at bga.com> writes:

> 2. messages will be cached and re-transmitted after a random delay. I intend
>    to generate a random number between 0 and 24. When the appropriate hour
>    arrives all messages with that time stamp will be sent encrypted.
     I would suggest getting a random number between 0 and 1440. This will
allow messages to be sent out every minute. Of course, you could just make
it once every 15 minutes (0-360) or every half hour (0-180). The idea is
that there could be a rather large delay introduced to the process, and
might make the remailer unpopular as a result. Mind you, I appreciate the
effort and generosity. I'm just making suggestions. :-)

                                        --jeff





From dfloyd at runner.utsa.edu  Fri Jun 10 15:02:00 1994
From: dfloyd at runner.utsa.edu (Douglas R. Floyd)
Date: Fri, 10 Jun 94 15:02:00 PDT
Subject: PGP mailer for Xwindows
Message-ID: <9406102202.AA08510@runner.utsa.edu>



Is there such a thing as a PGP X mailer?  Something like mailtool on Suns
or MediaMail on SGI's that supports PGP signing/encryption?

Thanks in advance,





From janzen at idacom.hp.com  Fri Jun 10 15:06:54 1994
From: janzen at idacom.hp.com (Martin Janzen)
Date: Fri, 10 Jun 94 15:06:54 PDT
Subject: Anyone going to Xhibition '94?
Message-ID: <9406102206.AA14239@dunbar.idacom.hp.com>



Speaking of physical meetings...

The annual X Window System show, Xhibition '94, is at the San Jose
Convention Center from June 20-24 this year.  Is anyone else from this
list planning to attend?  If you are, or if you are in the Bay Area already,
and would be interested in an informal get-together during that week,
send me a note or (on or after the 18th) leave a message at the San Jose
Hilton.  Maybe we can put together a C-Punks dinner or a pub night or
something...

--
Martin Janzen           janzen at idacom.hp.com
Pegasus Systems Group   c/o Hewlett-Packard, IDACOM Telecom Operation





From ravage at bga.com  Fri Jun 10 13:33:44 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 10 Jun 1994 15:33:44 -0500 (CDT)
Subject: back to programming projects...
In-Reply-To: <9406101926.AA01298@sosfc.avtc.sel.sony.com> from "Eric Weaver" at Jun 10, 94 12:26:48 pm
Message-ID: <199406102033.PAA04147@zoom.bga.com>

> 
>    From: Jim choate <ravage at bga.com>
>    Date: Fri, 10 Jun 1994 14:07:49 -0500 (CDT)




From 74172.314 at CompuServe.COM  Fri Jun 10 17:00:45 1994
From: 74172.314 at CompuServe.COM (ss)
Date: Fri, 10 Jun 94 17:00:45 PDT
Subject: SLACKER JOB
Message-ID: <940610235738_74172.314_GHA39-1@CompuServe.COM>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  SANDY SANDFORT                    Reply to:  sandfort at crl.com
401 Merrydale Road * San Rafael, CA 94903 * USA * +1 415 472 6525
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Would you and your SO like a great slacker job in the San
Francisco Bay Area?  Yes?  Well, have I got a deal for you!

I will be leaving for Hongkong (by way of Madison, Wisc., it
would now appear) in the latter part of July.  I'm looking for
someone to take over my slacker job managing a self-storage
facility in lovely Marin county.  Here's the deal:

WHAT YOU GET

    -- Two bedroom, two bath, 1200 sq.ft. house (rent free)
       with large living and dining rooms, porch, covered
       carport, big backyard and garden, in a fenced compound.

    -- Washer and dryer, dishwasher, disposal, gas range and
       electric oven.

    -- Free electricity(!), water and garbage pick-up, plus
       $25/mo. towards gas.

    -- All of the above, is within a short walking distance
       of shopping centers, supermarkets, restaurants, parks,
       government offices and public transportation.

WHAT YOU HAVE TO DO

    -- Be on site from 8:00am to 6:00pm, M-F.

    -- Walk the self-storage yard several times per day.

    -- Answer the phone and give information about storage
       (averages less than 10 calls per day).

    -- Assist potential and current customers (averages about
       once per day).

    -- Misc. duties (averages less than 20 minutes per day).

Most of the time in this position is your own.  You can read,
watch TV, eat, work on your computer--whatever.  Of course
because there is no pay, you much have another source of income.
This could mean having an SO with an outside job, you doing shift
work, telecommuting or running your own at-home business.  In
addition, this is a stealth position.  It has an extremely low
profile if you manage things properly.

If you're interested, call, write or e-mail me at the address at
the top of this message.


 S a n d y  S a n d f o r t          Reply to:  sandfort at crl.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From hughes at ah.com  Fri Jun 10 17:01:50 1994
From: hughes at ah.com (Eric Hughes)
Date: Fri, 10 Jun 94 17:01:50 PDT
Subject: Delayed self-encrypting messages
In-Reply-To: <199406102004.AA12160@crl.crl.com>
Message-ID: <9406110012.AA21394@ah.com>


   I have a need to distribute some information fairly widely, but it's 
   critical that it not be openly revealed before a certain date.  

The problem is underspecified.  What is the threat model?  That is,
what are to trying to prevent from happening, and what are you trying
to ensure will happen?

If you're just worried that the information will get suppressed if it
sits in one place, encrypting with symmetric cipher and a random key
and publishing the ciphertext does quite well.  You can then give
trusted parties the key.  This has been suggested.

If you want to make sure the message can be decrypted without further
intervention on your part, you need to farm that job out to someone
else.  Use another person, or a public key beacon, but some
other party will be involved.  If you can make that party a public
service (like a beacon), then you've depersonalized the problem.

The simplest public key beacon works as follows.  The operators of the
beacon publish a list of public keys, one per time period--let's say
days here.  The beacon is programmed to give out any particulare
private key at the beginning of its day.  To use this, simply encrypt
with the public key of the date you want the message to be revealed.
The message will be decryptable on that date, when the beacon's key is
revealed.

An interesting research project would be to construct one of these to
sit in orbit.

Eric






From Eric_Weaver at avtc.sel.sony.com  Fri Jun 10 17:02:30 1994
From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver)
Date: Fri, 10 Jun 94 17:02:30 PDT
Subject: back to programming projects...
In-Reply-To: <199406102134.QAA06628@zoom.bga.com>
Message-ID: <9406110002.AA03441@sosfc.avtc.sel.sony.com>


   From: Jim choate <ravage at bga.com>
   Date: Fri, 10 Jun 1994 16:34:05 -0500 (CDT)

   Why should I trust them at all? Why should I willingy become an
   occomplice in any of their activities? I don't [want?] anyone,
   including me, being able to figure out what is going on. But more
   importantly you seem to assume that these pair of communicators are
   not trying to determine something about me with their traffice.

So you're trying to prevent the users from finding something out about
you?  What, exactly?  Trying to understand the issue here.

   By encrypting the outgoing the reciever is
   shure that it came from my re-mailer and not somebody else.

If you encrypt it with the remailer's private key, yeah.  I thought
you were saying earlier that you'd encrypt the outgoing messages with
the recipient's public key.  Did I misunderstand?





From rfb at lehman.com  Fri Jun 10 17:15:36 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Fri, 10 Jun 94 17:15:36 PDT
Subject: Time Locks-- Re: Delayed self-encrypting messages
In-Reply-To: <9406102113.AA07419@runner.utsa.edu>
Message-ID: <9406110014.AA22981@fnord.lehman.com>


    Date: Fri, 10 Jun 94 16:13:03 CDT
    From: dfloyd at runner.jpl.utsa.edu (Douglas R. Floyd)
    
    Anyone have any better ideas for a secure crypto way of doing this? ;)
    
Create your message.  Using PGP, generate a new key pair.  Use the
public key to encrypt the message, then throw it away.  Send the
secret key along with the message.  Have the signature for the secret
key be the NYT headline for the day on which you want the data to be
available :-)

Stepping back from the details of various crypto approaches, I think
that the problem is that you want a locking mechanism to be based on
data.  Since you want a time lock, the data has to be directly
associated with time.  For this to work, you need to create data that
is unknowable until a certain time.  If the data is known to you,
you've come full circle: you're new goal is your original goal.  If
the data is not known to you, it needs to be something which the other
party cannot deduce prior to the expiration of your time lock.  To be
confident that no one could deduce this information, a prerequisite
would have to be that you couldn't deduce it, that is, it wouldn't be
something that you could use as part of an encryption.

I think that this problem ultimately requires a trust based mechanism.

			Rick





From fnerd at smds.com  Fri Jun 10 17:30:47 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Fri, 10 Jun 94 17:30:47 PDT
Subject: Remailer REORDER not DELAY
Message-ID: <9406110028.AA05143@smds.com>


Jim choate <ravage at bga.com> writes:

> 2. messages will be cached and re-transmitted after a random delay. I intend
>    to generate a random number between 0 and 24. When the appropriate hour
>    arrives all messages with that time stamp will be sent encrypted.
>    I would suggest getting a random number between 0 and 1440. This will

I waited for a good reply to this and didn't see one.  Smart people have 
commented on this before and no one in this round seems to be remembering.

Delay--time--isn't what matters.  It's confusion about which message is
which that matters.  So if I get 10 messages in one minute, I can scramble
the order and send them out the next minute, and I've done my job--at
least the order-scrambling part.  (You also need to pad or packetize
messages.)

So use serial numbers, not times!  Send a message for every one you get, 
keep a fixed number of messages queued, and add dummies if necessary
to keep things moving.

> On the issue of traffic analysis:
>
> It occurs to me that simply monitoring a remailers feeds and their traffic
> analysis will provide enough information to determine the difference between
> bogus (ie random generated) and real traffic...

Why not have the dummy message forwarded in a long enough chain and back to 
you?  Then you could swallow it or turn it into another dummy, depending on
whether you need to hurry your queue right now.

I don't think the amount of dummy traffic is a big problem.  You only need
enough to keep your queue flowing.  Plus, if the remailers only generate
dummies when necessary, the total dummy traffic is self-regulating, since
multi-hop dummies are x-lax for every remailer they pass through.

I like thinking about the traffic pattern with get-one-send-one remailers:
A user sends a message, and it seems to bounce from remailer to remailer
to remailer...to a final recipient--but no, it was all a shell game!

-fnerd




- - - - - - - - - - - - - - -
the snack that eats like a food
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From rfb at lehman.com  Fri Jun 10 17:51:06 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Fri, 10 Jun 94 17:51:06 PDT
Subject: Time Locks-- Re: Delayed self-encrypting messages
In-Reply-To: <9406110014.AA22981@fnord.lehman.com>
Message-ID: <9406110050.AA23467@fnord.lehman.com>


    From: Rick Busdiecker <rfb at lehman.com>
    Date: Fri, 10 Jun 1994 20:14:58 -0400
    
    . . .
        
    Have the signature for the secret key . . . .
	     ^^^^^^^^^

Er, I meant passphrase of course.  Sigh.

			Rick





From huntting at glarp.com  Fri Jun 10 17:53:36 1994
From: huntting at glarp.com (Brad Huntting)
Date: Fri, 10 Jun 94 17:53:36 PDT
Subject: SLACKER JOB
In-Reply-To: <940610235738_74172.314_GHA39-1@CompuServe.COM>
Message-ID: <199406110053.SAA10185@misc.glarp.com>



> I will be leaving for Hongkong (by way of Madison, Wisc., it
> would now appear) in the latter part of July.[...]

Cool beans dude!  (Well, actually, last July and it was anything
but "cool")

Say hi to Coggs <Bob.Coggeshal at hk.super.net> and Vincent for me.


brad





From karn at qualcomm.com  Fri Jun 10 18:52:17 1994
From: karn at qualcomm.com (Phil Karn)
Date: Fri, 10 Jun 94 18:52:17 PDT
Subject: The Crypto Home Shopping Network
In-Reply-To: <199406062335.AAA27342@an-teallach.com>
Message-ID: <199406110152.SAA21313@servo.qualcomm.com>


>I think RC4 is the 32 bit cypher used in cellular phones throughout
>Europe.  Rumour has it it can be cracked in realtime.  The actual
>cypher is secret though, which makes it *very* interesting that
>it'll be available in a software product.  The phones use custom
>chips...

No, RC4 is not the European cellular phone encryption algorithm, but
that 32-bit figure *has* come up in discussions of what NSA will allow
the carriers to put into next-generation digital cellular telephones.

The fact that NSA lets out RC2/RC4 with 40 bit keys, but is limiting
new algorithms for cellular to 32 bits may or may not say something
about the strength of RC2/RC4.

I believe the current context for the discussions is data services, as
opposed to voice services.  This is of course a tempest in a teapot
since cellular data users will be in a much better position to encrypt
for themselves using whatever algorithms and protocols they like.

The battle for digital cellular voice privacy, on the other hand, was
lost several years ago. And most cellular users will not be in a
position to add their own strong encryption, especially since it
usually requires the cooperation of the carrier.

Phil






From jamesh at netcom.com  Fri Jun 10 19:00:27 1994
From: jamesh at netcom.com (James Hightower)
Date: Fri, 10 Jun 94 19:00:27 PDT
Subject: Cops on the net
Message-ID: <199406110200.TAA22779@netcom.com>



Let's try this again...

> CYBERCOP 
>         A former New Jersey police officer now spends his time cruising for
> suspects in cyberspace and has been involved in dozens of criminal
> investigations, including a sting operation that nabbed a pedophile who
> lured young rape victims via a bulletin board service.  (Tampa Tribune
> 6/8/94 BayLife 5)

And the pedophile was named Craig Shergold?

Seriously, this "Pedophile uses net to lure rape victims" is reaching
the status of some kind of Law Enforcement/Urban Legend. Sort of the
Willie Horton of the nineties.

And as you'll remember, (at least those of you who follow US politics,)
Willie Horton was some kind of convicted bad guy that then-governor
Mike Dukakis released from prison on some kind of early-release program
who then went on a crime (rape? murder?) spree. This was used as a 
rallying point by Dukakis' opponents when he ran for president some
years later, and was arguably the one thing that insured his defeat.
(The above was from memory -- feel free to flame^H^H^H^H^Hcorrect me
if the facts aren't straight.)

Now the same technique is being used against the proponents of strong
crypto. And why not? It worked so well last time...

We need our own Willie Horton, some blatant example of why strong
crypto is a Good Thing. It would be nice to be able to pull a few
examples of Gov. wiretap abuse or mail tampering (electronic or 
otherwise) out of the hat whenever that pedophile story gets an airing.

Can anyone point me to something along these lines?

JJH
--
My loathings are simple: 
stupidity, oppression, crime, cruelty, soft music.      -Vladimir Nabokov




From sameer at soda.berkeley.edu  Fri Jun 10 19:32:22 1994
From: sameer at soda.berkeley.edu (Sameer)
Date: Fri, 10 Jun 94 19:32:22 PDT
Subject: PERSONAL: Address change
Message-ID: <199406110228.TAA06217@infinity.c2.org>


This is just an announcement that my preferred email address is changing from
sameer at soda.berkeley.edu 

to

sameer at c2.org

thank you

-sameer




From rah at shipwright.com  Fri Jun 10 19:38:37 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Fri, 10 Jun 94 19:38:37 PDT
Subject: Regulatory Arbitrage
Message-ID: <199406110237.WAA15282@zork.tiac.net>


>   Eurodollars were invented
>   to get around American tax and currency regulations, and those of other
>   countries.
>
>Eurocurrency and eurobond markets started about thirty years ago, as
>the Bretton Woods monetary agreement was breaking down, which
>officially happened in 1973.  So for a good clear twenty years there's
>been this mediated market which uses regulatory arbitrage to provide
>it's services.  It's been there _longer_than_modern_cryptography_.

I went to University of Chicago for a while.  I went back to school to
learn things they didn't teach a Philosophy major at the University of
Missouri in the late '70s, like math.  One of my cronies from Chicago, a
finance type named Mark McCarren, was lurking over my shoulder this
afternoon while I was showing him the Wonders of Cyberspace (TM).  He saw
this post and muttered, "it started with the Soviets in the 50's..."  So, I
weaseled the story out of him, and then he produces this dusty old textbook
to back it up...

Loosely Plagiarized from Modern International Economics, (1983)
by Wilfred Ethier
ISBN 0-393-952-50-9
Pages: 419-423

The eurocurrency market developed for three reasons (all forms of
regulatory arbitrage):

1. Geopolitics:  In the 50's,  the Soviet Union got dollars in trade with
the US and others, and wanted to keep them out of US banks.  It seems that
US had frozen Chinese assets during the Korean war, and for some reason,
the USSR didn't want the same thing to happen to *their* stash....  It
turns out the cable address of Parisian bank where this particular money
was stashed was "EUROBANK".  Hence the origin of the term "eurodollars".

2. National controls.  From 1963 to 1974, US exchange controls limited the
ability foreigners to borrow dollars in US.  If they wanted to borrow lots
of dollars, they had to do it in foreign countries.

3.  A country doesn't regulate other countries' currencies within it's own
borders.  Nations don't regulate foreign currencies in their own banks
because that money doesn't affect their own domestic monetary policy.
(Except in high-inflation economies, like Israel in the late 80's, where
governments "dollarize" savings accounts to increase domestic savings.
There's a thread going on now about this about this in sci.econ, if
anyone's interested.)

As regards Bretton Woods, it's not clear whether the Bretton Woods collapse
had much to do with the popularity of the eurocurrency markets.  Remember
from previous discussions here, Bretton Woods broke down because the
"dollar as good as gold" policy of the post war economic order eventually
caused a massive US  trade deficit with the rest of the world.  We talked
before about De Gaulle cashing in dollars for gold, and various presidents
decoupling the dollar from gold and floating the dollar, etc.  Coupled with
the above structural reasons, the popularity of eurocurencies in late 70's
seems to have  came a lot from the oil shocks, which caused a), inflation
and higher interest rates, and b), lots of Arab oil money, which had to be
put somewhere.  Since US banking regulation Q put a ceiling on the interest
rates US banks could pay depositors, most of that money stayed out of the
US.  (Even though Muslim law forbids interest ;-))

Think of the eurocurrency markets in terms of the old "bowling-ball on a
waterbed" analogy of gravity.  Regulation increases the mass of the bowling
ball and its escape velocity, or the depth of the hole the bowling ball
sits in.  In other words, the more regulation there is out there, the more
the money runs down the hill to the euromarket.  Assuming a frictionless
waterbed, of course;-).  Nassau, Panama, the Caymans, Luxembourg, Bahrain,
Zurich, Paris, Amsterdam, Hong Kong, Singapore are all down at the bottom
of the monetary gravity well.  The most important is London.  But we knew
this already, from a list of spiffy places to put your money published here
a few weeks ago.

A more concrete example of Regulatory Arbitrage, using a pretty sensible
regulation, domestic monetary policy (reason 3, above), is this one:

Fredonian Bank A has a 25% reserve requirement in it's own currency, call
them "tokens", mandated by the government's own monetary policy board, "the
Fred".  Thus, Bank A can lend 75%.  They have a 100 "token" liability on a
75 "token" asset.  If the interest rate paid on deposits is 5%, break even
point is 5/75 = 6.25% .  But the 1.25% doesn't cover its operating costs.
It's just its cost of capital to loan out.  If assume a 1.75% operating
margin, and you get an 8% loan rate.

With eurodollars, there's no reserve requirement, and the Bank can pay more
on deposits and charge less on loans.  Thus, it can pay the old deposit
rate plus a little more, say 5.5%, and it can loan money at 7.5% for the
same operating costs, because that 1.25% caused by the reserve requirement
disappears....

By the way, I lent McCarren my copy of Schneier in exchange.  I think he
got the better end of the deal, but that's a cost of e$vangelizing <hyuk!>
to the financial community...

Cheers,
-bob



-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From rarachel at prism.poly.edu  Fri Jun 10 19:39:50 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Fri, 10 Jun 94 19:39:50 PDT
Subject: Announcement RE: Lobbying...
In-Reply-To: <9405040314.AA08217@bilbo.suite.com>
Message-ID: <9405050147.AA19462@prism.poly.edu>


<<My hypothesis:  The TLAs could shut down the cypherpunks mailing list
(as it now exists) by dragging all the U.S. list members into court.
The TLAs would probably lose the case, but they would still do a lot
of damage to the lives of the U.S. list members.
>>

If they want to waste their money on this, let'em.  I'd be perfectly happy
to wind up in court to defend the cypherpunks.  (No I'm not a lawyer, but
I certainly won't be a sucker witness.)  Compared to what the DA's, and
judges make, my paycheck is peanuts, and I could do with a vacation.

If they want to fine me, fine, they won't be able to take much away from
me as I haven't got much.  They'll have to get in line with Visa as I owe
my cards about $3K :-)

Bottom line: it'll never happen.  there's 700 cypherpunks on this list.  Good
luck getting all of the US members in court.  It could drag on for years.
By that time we should have enough pressure applied to Clipper's juggular
veins to make it go the way of the Edsel.





From jpb at gate.net  Fri Jun 10 20:43:49 1994
From: jpb at gate.net (Joseph Block)
Date: Fri, 10 Jun 94 20:43:49 PDT
Subject: Privacy Postage
Message-ID: <199406110343.XAA61714@inca.gate.net>


Here's a suggestion for the remailer operators who log usage.  When it comes
time to create a dummy message for traffic spoofing, loop it N steps through
the remailer web and have it end up at a randomly selected message sender's
address.  I suggest weighting the selection according to the number of messages
the sender has sent.  Since the dummy is encrypted anyway, this will also help
the people using the remailers to spoof traffic analysis attempts as well.

Combined with random delay, this should make life a little more hellish for
anyone analyzing the traffic, as the dummies will no longer be distinguishable
by being eventually swallowed by a remailer.

The minor inconvenience of occasionally having an unwanted postage stamp
clutter one's mailbox is just the price of doing business with the remailer.

Hell, I'll even design a nice ascii postage stamp file for anyone who decides
to implement this.

jpb




From harmon at tenet.edu  Fri Jun 10 20:51:37 1994
From: harmon at tenet.edu (Dan Harmon)
Date: Fri, 10 Jun 94 20:51:37 PDT
Subject: Regulatory Arbitrage
In-Reply-To: <199406110237.WAA15282@zork.tiac.net>
Message-ID: <Pine.3.89.9406102225.A5194-0100000@Joyce-Perkins.tenet.edu>




On Fri, 10 Jun 1994, Robert Hettinga wrote:

alot deleted
> waterbed" analogy of gravity.  Regulation increases the mass of the bowling
> ball and its escape velocity, or the depth of the hole the bowling ball
> sits in.  In other words, the more regulation there is out there, the more
> the money runs down the hill to the euromarket.  Assuming a frictionless
> waterbed, of course;-).  Nassau, Panama, the Caymans, Luxembourg, Bahrain,
> Zurich, Paris, Amsterdam, Hong Kong, Singapore are all down at the bottom
> of the monetary gravity well.  The most important is London.  But we knew
> this already, from a list of spiffy places to put your money published here
> a few weeks ago.

Maybe we could get the list republished?

Dan






From kentborg at world.std.com  Fri Jun 10 21:03:26 1994
From: kentborg at world.std.com (Kent Borg)
Date: Fri, 10 Jun 94 21:03:26 PDT
Subject: Delayed self-encrypting messages
Message-ID: <199406110402.AA13528@world.std.com>


>An interesting research project would be to construct one of these to
>sit in orbit.

And I would even trust it to be pretty safe from physical tampering.
The cost would be so high and the exposure from various space watchers
rather certain.  Good enough for me.


Seems there are two ways so far mentioned to do this "embargo" trick:

1) Have a trusted and secure party hold your key until time.

2) Hide a key inside an expensive computation and then figure out how
to get the NSA *really* interested in finding and publishing their
crack of your code.  If you estimated their abilities correctly your
fuse will burn at the right speed, the time delay will be as you
intended.  (Gosh, is there a thriller novel in here some place?)

I think I see a third:

3) Kinda "security through obscurity", but a dollop of "trusted" third
party too.  

  a) Encrypt the key and instructions for its distribution with
Trent's public key.  

  b) Add a message asking him not to open 'til Christmas.  Encrypt
again with his public key.  

  c) Send it off on a remailer-goose chase to delay and further
confuse the TLAs.

Hell, maybe just skip "c".  


Or...

Split the key into a n-of-m set of sharing fragments.  Send each off
to each of m Trent's.  Hope that no more than m-n get lost, hope that
the TLAs can't find/turn n of your Trents.


-kb, the Kent who isn't as devious as he would like to be--but he is
still reading cypherpunks.


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 28:15 hours of TV viewing so far in 1994!





From an60011 at anon.penet.fi  Fri Jun 10 21:25:14 1994
From: an60011 at anon.penet.fi (Ezekial Palmer)
Date: Fri, 10 Jun 94 21:25:14 PDT
Subject: back to programming projects...
In-Reply-To: <199406102134.QAA06628@zoom.bga.com>
Message-ID: <199406110406.AA21883@xtropia>


-----BEGIN PGP SIGNED MESSAGE-----

    From: Jim choate <ravage at bga.com>
    Subject: Re: back to programming projects...
    Date: Fri, 10 Jun 1994 16:34:05 -0500 (CDT)
    
    Why should I trust them at all?

I think that this is a very reasonable question.  Clearly, you
shouldn't.  If you let just anyone use it, your trust level is zilcho.

On a related note, should encrypting remailers have the keys changed
regularly?  The RSA-IDEA combination isn't very suspectible to known
plaintext attacks, right?

Zeke

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLfkHBRVg/9j67wWxAQEDEQQAsPWAPfzlDTwuARm6cJMAtp056KhP135X
RE4BVW3xAsuS3oXsWYuMWOortRJcdE0XdJCqAYFS+ULu842Cj6s/P+dKS/vmMptH
mrky+KPvWEKCnV0aD5L5nlj1KaiFJCn7ZtXZi5Zxn3+JpNxIIW2oASaHL9hk7Xnd
sqiHNzWgjw4=
=TMio
-----END PGP SIGNATURE-----





From werner at mc.ab.com  Fri Jun 10 21:44:19 1994
From: werner at mc.ab.com (tim werner)
Date: Fri, 10 Jun 94 21:44:19 PDT
Subject: Announcement RE: Lobbying...
Message-ID: <199406110443.AAA03353@sparcserver.mc.ab.com>


>Date: Wed, 4 May 1994 21:47:35 -0400 (EDT)
>
><<My hypothesis:  The TLAs could shut down the cypherpunks mailing list
>(as it now exists) by dragging all the U.S. list members into court.
>The TLAs would probably lose the case, but they would still do a lot
>of damage to the lives of the U.S. list members.
>>>

OK, I'm lost.  I thought TLA stood for Three Letter Acronym.  It's obviously
overloaded, but I can't think of anything else.  Can someone clue me in?

tw





From jis at mit.edu  Fri Jun 10 21:46:24 1994
From: jis at mit.edu (Jeffrey I. Schiller)
Date: Fri, 10 Jun 94 21:46:24 PDT
Subject: MacPGP 2.6 now available from MIT
Message-ID: <9406110446.AA10878@big-screw>


-----BEGIN PGP SIGNED MESSAGE-----

MacPGP 2.6 is now available from the MIT ftp site (net-dist.mit.edu).
It is stored in the hidden distribution directory. Two files are
available. MacPGP2.6.sea.hqx contains a binhex'd self extracting archive
(which contains a Readme file, a detached signature and another archive).
This is the binary distribution.

MacPGP2.6.src.sea.hqx is a similar (signed)archive within an archive.
This file contains the source used to build MacPGP 2.6.

Note: All archives are self extracting. As such they are Macintosh
Applications which contain both a data "fork" and a resource "fork".
To verify the detached signatures on the internal archives you need
to first use the MacBinarize (command-B) option of MacPGP to create
a macbinary style copy of the internal archive prior to verifying the
detached signature. The exact steps to do this are documented in the
Readme file in the MacPGP2.6.sea.hqx distribution.

Bugs should be sent to pgp-bugs at mit.edu.

                         -Jeff

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAgUBLflPH1UFZvpNDE7hAQFjfAH+NqPiK4mHf/vocE+Fv8dUfnWow/AY6Huh
huAfKgseyn0yd+Dv7KWIAXQ+v3CG5ZtHaprsemaUU6pXoSH0Wv9UAg==
=9To6
-----END PGP SIGNATURE-----





From diseased at panix.com  Fri Jun 10 21:49:09 1994
From: diseased at panix.com (Edward Hirsch)
Date: Fri, 10 Jun 94 21:49:09 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
In-Reply-To: <199406101313.IAA16876@zoom.bga.com>
Message-ID: <Pine.3.87.9406110009.A14159-0100000@panix.com>




On Fri, 10 Jun 1994, Jim choate wrote:
> > 
> >
> Seems to me the 'inalienable rights' that are mentioned in our founding 
> charter carry this argument quite well. I suspect they also 'prove' them
> as well. 

Claiming that certain rights are inalieable is hardly the same as 
"carrying the arguement" of their inalienablility.  I hold that man has 
an inalienable right to free and 
unlimited supplies of cheesecake... does the fact that I say so "prove" that this is an inalienable right?

>I am really not saying anything about 
>'natural' rights though.

Well, by claiming that rights exist prior to the formation of the state 
or charter, you are claiming that they come from the state of nature, or 
are inherent to the human condition.  This is what is meant by the phrase 
"natural rights."

> The point I am making is that a government is defined by what it can and
> can't do. This distinction is made at its creation through its charter.> 

Exactly.  Which is why rights come into existence only *after* the 
charter which declares them is accepted, not before.  

> Since when isn't the Constitution a legal context?

The Constitution is a "legal context," that's why we can use it to 
justify the existence of a right... we can say, for example, freedom of 
the press is a right because the Constitution says so.  However, freedom 
of the press became a right only when the Constitution declared it, and 
not before.  This is why, for example, housing is not at present a right, 
no matter how much some people think it should be. Housing will become a 
right only if and when the state decides to declare it a right. 






From ebrandt at jarthur.cs.hmc.edu  Fri Jun 10 21:55:40 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Fri, 10 Jun 94 21:55:40 PDT
Subject: timed-release messages
Message-ID: <9406110455.AA14968@toad.com>


Note also that Tim May wrote a fairly lengthy tract on this point about
a year, year and a half ago.  It and the resulting discussion might be of
interest... fire up them archives.

   Eli   ebrandt at hmc.edu






From tcmay at netcom.com  Fri Jun 10 22:02:42 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 10 Jun 94 22:02:42 PDT
Subject: timed-release messages
In-Reply-To: <9406110455.AA14968@toad.com>
Message-ID: <199406110502.WAA25356@netcom.com>


> 
> Note also that Tim May wrote a fairly lengthy tract on this point about
> a year, year and a half ago.  It and the resulting discussion might be of
> interest... fire up them archives.
> 
>    Eli   ebrandt at hmc.edu

Thanks for remembering, Eli! 

Actually, I'm reading the list but not posting much (trying to finish
the Document Whose Name May Not be Spoken). As Steve Witham said
earlier tonight, not many old-timers are commenting on this thread.

I've found that posting comments about early work generates
ill-tempered "you old-timers have no respect for the enthusiasm of
newbies" posts. (Well, a slight exaggeration, perhaps.)

Yes, there were many posts a while back on "Timed-Release Crypto." I
can repost some of these articles, if there's interest.

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Fri Jun 10 22:11:45 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 10 Jun 94 22:11:45 PDT
Subject: Timed-Release Crypto
Message-ID: <199406110511.WAA28899@netcom.netcom.com>


Eli Brandt mentioned that the thread on timed-release crypto came up last
year. Here is a post I did on the subject.


>Date: Wed, 10 Feb 93 11:55:45 -0800
>To: cypherpunks at toad.com
>From: tcmay at netcom.com (Timothy C. May)
>Subject: Timed-Release Crypto
>
>
>Cypherpunks,
>
>I want to share with you folks some preliminary ideas on "timed-release
>cryptographic protocols," that is, methods for sending encrypted messages
>into the future.
>
>These ideas need more work, but since I have recently mentioned them to Hal
>Finney, Max More, Mark Miller, and perhaps others, I guess it's time to say
>something here.
>
>Why would anyone want to send encrypted (sealed) messages into the future?
>
>1. Foremost, to send money into the future, while protecting it in the
>meantime from seizure, taxation, etc. This might be of interest to cryonics
>folks who want to arrange for their own revival/reanimation at some time in
>the future. (Existing systems have relied on creating endowments, insurance
>contracts, trust funds, and the like. The trust of the agent is the means
>for sending funds into the future--clearly this agent could be compromised,
>raided, taxed, put out of business, etc. Though I am personally not a
>cryonics client, I began thinking about this problem in 1989 and talked it
>over with Phil Salin, who, ironically, is now himself in cryonic
>suspension.)
>
>2. To fulfill contracts with long payoff dates. One might wish to deliver
>money at some future date, or to supply information at some future date.
>
>3. "In the event of my death"-type messages, with guaranteed delivery of
>some message or text in the event that something happens (or, of course,
>that the message is not "countermanded" by the sender).
>
>4. A software publisher might place source code in a timed-release escrow,
>agreeing to release the code in 10 years, for whatever reason. (Of course,
>he may lie, but that's another issue. Possibly the digital time-stamping
>work of Haber and Stornetta can be used.)
>
>I'm sure you can think of other uses. I argue that this timed-release
>message is a kind of cryptographic primitive...though it may be argued that
>it's just a variant of an ordinary message transmission, albeit one through
>time instead of through space.
>
>Diving right in, some approaches:
>
>A message is encrypted (standard public key means, though private key
>methods work the same way) and "sent out." Perhaps into a network of
>remailers or a Cuperman-style "pool" (BTW, my compliments to Miron C. for
>deploying such a thing..the first of many, I suspect). The encrypted
>message is just a "passive" item in this scheme...it stays encrypted, is
>available to all, etc. (in other words, the security of the message being
>time-released does not in any way depend on hiding the existence or
>location of the encrypted message, though of course it is important that
>the encrypted message be widely distributed and not explicitly advertised
>or tagged as being a timed-release message.
>
>(Detail note: Why not? Because some governments may see timed-release
>messages as automatically being tax-avoiding, cryonics-supporting,
>seditious, etc., messages and may attempt to hunt down and erase any such
>messages...perhaps via "hunter-killer crypto viruses" or somesuch.)
>
>Let us suppose the encrypted message is to be unlocked in 30 years. (It
>could also be when some recognized event occurs, such as a Mars landing or
>the death of the sender, or whatever...you'll see how this works). How can
>the decryption key be prevented from being used in the meantime?
>
>(To make this clear: both the encryted message _and_ the decryption key are
>"in circulation" during all of those 30 years. Any scheme that relies on
>the sender himself keeping the decryption key "secret" for those 30 years
>is of course no fun at all...it's just what we have today and involved no
>new cryptographic primitives, just ordinary human-mediated secrecy.)
>
>But if the encrypted message and the decryption key are both in circulation
>for all of those 30 years, what's to keep someone from decrypting the
>message in _one_ year, for example?
>
>The answer: independent escrow agents who handle large volumes of messages
>and agree to hold them for various amounts of time. Because they have no
>idea of what's insided the encrypted messages they hold--and some may be
>"test" messages deposited deliberately by reputation-rating or
>credentialling agencies, such as "Consumers Crypto Guide"--and because
>their business is holding things in escrow, they will not generally open
>messages before the time specified.
>
>"Aha!," I hear you exclaim, "Tim's scheme depends solely on the trust of
>these escrow agents, and that's no different from depositing a sealed
>envelope with your friendly lawyer and asking him to promise not to peek."
>
>Here's how crypto and reputation-based sytems make my scenario different
>(and stronger, I am arguing):
>
>- an ecology of many escrow services, many pools, many encrypted-message
>senders makes for a more robust system against subversion of any single
>agent.
>
>- no escrow agent knows what is contained in a sealed message, hence the
>tempation to peek is reduced. (A wrinkle: escrow agents, like remailers,
>will probably go to automatic hardware that is tamper-resistant (cf.
>discussion of tamper-resistant or tamper-responding, modules in the Crypto
>Glossary distributed at the first physical Cypherpunks meeting and
>available in the archives). Thus, the hardware will automatically execute
>certain protocols and make peeking a pain.)
>
>- the best escrow agents (someday) may in turn increase security and their
>own reputations by in turn using secondary contracts, i.e., by contracting
>with _other_ escrow agents to seal parts or all of their messages.
>
>- what results is that the original message is scattered around in various
>publicly available locations (perhaps paid-for by dribbles of cryto-money
>from crypto escrow agents, but this is a detail easily worked out in
>various ways). The decryption key to the original message is itself broken
>up into several or many pieces and scattered to a network of
>"remailer"-like agents (they are essentially "remailers into the future,"
>by agreeing as part of their protocol to hold messages for some amount of
>time). As time passes, these various messages (pieces, remember) are
>retrieved, forwarded, and generally bounced around the network.
>
>- some escrow agents may be just "fixed delay" nodes. For example, "Alice's
>Rest Stop" remailer node widely advertises that it will take in messages
>and simply delay them for some fixed time, e.g., for a year. For some fee
>based on message size. (Clearly the fixed time delay is a crufty approach,
>much less flexible than variable delays negotiated by the messages
>themselves, but it makes the idea clearer in some ways: a network of many
>such one-year delays could thus "send" a message into the future in
>one-year jumps.)
>
>(It is important to remember that these messages are "first-class objects,"
>to borrow a phrase, and that all messages essentially look the same and
>have the same "rights" (Dean Tribble is probably barfing at my
>appropriation of object-oriented lingo, but it seems appropriate). That is,
>inspection of the bytes will not reveal to someone whether the message is a
>$2 message, a simple love letter, a business contract, a remailed item, a
>$100K cryonics payment, etc. Thus, the "authorities" cannot simply target
>some class of messages and ban them or launch "hunter-killer crypto
>viruses" against them, at least not without shutting down the whole
>system!)
>
>- the individual pieces may have instructions attached, such as "You will
>be paid 10 crypto credits if you hold me for one year and then decrypt me."
>(Not to belabor the point, but the means by which this "contract" can be
>enforced are that the escrow agents never know when they're being tested,
>when they're being monitored by rating services. This kind of "trust" is
>what allows ordinary deposit banks to work...their business is talking
>deposits and lending money, not repudiating the honest claims of
>customers.)
>
>- thus, I envision a swarm of messages being stored-and-forwarded in space
>and time, with an observor seeing only  bits flowing around. Nobody except
>the original "launcher" (who needs to be fairly careful about the path he
>selects, about robustness against some fraction of the escrow/remailer
>agents going out of business, etc.) knows what's going on.
>
>- and as the end of the 30 years period approaches, to continue with the
>example I started with, the decryption key gets "reconstituted" in various
>ways (depends on what is desired, and how protocols evolve...I don't claim
>to have the details already worked out). For example, after 30 years the
>various messages stored in escrow accounts are forwarded separately to "The
>Immortalist Foundation," which may in fact be a digital pseudonym (as we
>have discussed so many times here). This entity puts the pieces together,
>sort of like combining the missing pieces of a text and reconstituting a
>genie or demon, and finds it can now unlock the original encrypted message.
>It finds, say, a million crypto credits, or the location of some physical
>treasure, or whatever.
>
>(Needless to say, there are some obvious questions about what long-term
>money will be stable, what banks will still exist after 30 years, and so
>on. I expect new forms of time deposits to evolve. Can the original sender
>be expected to know what will evolve before he seals his original message?
>Some obvious issues to work on--I never claimed it would be trivial, or
>static. One approach is to allow some human intervention, where an
>"investment agent" opens a digital money message, redeems it, and reinvests
>it in some new instrument. As usual, he would not know who the original
>investor was and would be "tested" by reputation-rating agencies. It _does_
>get complicated, I know.)
>
>The Key Point: Messages sent into this network of remailers, escrow
>accounts, pools, and investment agents are untraceable to the sender and
>are generally unidentifiable. To break a single message involves breaking
>the entire system (or colluding with enough remailer nodes, as in any
>DC-Net sort of system). As with remailer networks, the expectation is that
>they will become sufficiently pervasive and trans-nationalized that
>breaking the entire system is just too painful and difficult (much the way
>the Net is already too pervasive to easily shut down, even if some uses of
>it are undesirable to various national authorities).
>
>Timed-release messages are objects that can be transmitted, encrypted, and
>can carry further instructions on where to mail them next, on how much
>digital money to pay to this next link, and various other instructions or
>protocols.
>
>(In other words, they are "agents" that can negotiate various contracts,
>for remailing , for storage, etc. Since they are "powerless" in a human
>sense, their security is provided by double-checks--perhaps by other agents
>who are watching and waiting--and by the general "shell-game" system of
>reputations, credentialling, and so on.)
>
>To make this scheme clearer in a simple way, I could publicly post an
>encrypted message to this list, or in one of the "pools," and then scatter
>the decryption key in several pieces with several members of this list,
>paying them $1 each to "hold" their piece for, say, a month. At the end of
>the month, they would fulfill their end of the bargain by forwarding the
>piece they hold to some public place or pool and the decryption key would
>be reconstituted (don't press me for exact details....PGP doesn't support
>this directly, but could). For robustness against loss of some of the
>messages, an n-out-of-m voting scheme could be used (e.g., any 5 of 8
>pieces are sufficient to reconstruct the decryption key).
>
>The result is a message from the past, a timed-release message.
>
>I'm anxious to hear your comments. I think such a cryptographic primitive
>could be useful for a lot of purposes.
>
>-Tim May
>
>--
>
>Timothy C. May               | Crypto Anarchy: encryption, digital money,
>tcmay at netcom.com        | anonymous networks, digital pseudonyms, zero
>408-688-5409               | knowledge, reputations, information markets,
>W.A.S.T.E.: Aptos, CA       | black markets, collapse of governments.
>Higher Power: 2^756839 | Public Key: waiting for the dust to settle.
>
>
>
>

..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."









From sameer at c2.org  Fri Jun 10 22:15:16 1994
From: sameer at c2.org (sameer)
Date: Fri, 10 Jun 94 22:15:16 PDT
Subject: new remailer remail@c2.org
Message-ID: <199406110513.WAA10580@infinity.c2.org>


There is a new remailer, remail at c2.org

The remailer is running a slightly modified version of the
remailer at soda.berkeley.edu code.


finger remail at c2.org for a list of active remailers and instructions.

The key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6
 
mQCNAi35KJAAAAEEALwgQD6LN+XzSd5K0soe2sc1soMV0Yrjjm6JpqKZeyvrz4SN
nss0mDqcUgUKtb7Hl5vN4gf6zTiAsqJ5AlZWGn+U096h4oUwswX1DCByaqr15psS
y8A8V4dUlawvOYEbLnbfVAFhRbmvarpQwc6uP0BiUkisoRQ6A02Bean+V8xhAAUR
tCdORVhVUy1CZXJrZWxleSBSZW1haWxlciA8cmVtYWlsQGMyLm9yZz6JAJUCBRAt
+TvgeLt40V1eml0BAWPaA/9Ly4d98VhNoBbfWXKJ1SgIuauvs/slVe/WNhUKY4D1
Z6A8Pht865CHfKQTWMSGQN/L/KEAyJTLMP3yjMpvU8u40wb9kVDqZKzln9k2pmaT
yg3PG/x2B7jQW9QsYxLSPcxEG0B0xQr03GKo8Evb9eQVXAGnwFgJkcTVGV702Old
Bg==
=YDgO
-----END PGP PUBLIC KEY BLOCK-----






From sameer at c2.org  Fri Jun 10 22:23:54 1994
From: sameer at c2.org (sameer)
Date: Fri, 10 Jun 94 22:23:54 PDT
Subject: remailer-operators@c2.org created
Message-ID: <199406110521.WAA10734@infinity.c2.org>


I created the list remailer-operators at c2.org.

The intent of this list is so that remailer-operators who don't have
enough time to keep up with the list can keep up with remailer news
and updates, and maybe discussion.

There has been some discussion on the list about how this may have
been tried before. If it has been I must've missed it. But it was said
that in the earlier attempt it didn't work because there was no need
for such a list. In such case, the list remailer-operators will not be
used, but I have created it, so that if it may be useful, then it will
be.

Subscribe by sending mail to majordomo at c2.org

--
sameer at c2.org
Community ConneXion: The NEXUS-Berkeley






From tcmay at netcom.com  Fri Jun 10 22:25:42 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 10 Jun 94 22:25:42 PDT
Subject: Timed-Release Crypto
Message-ID: <199406110525.WAA00438@netcom.netcom.com>



The timed-release crypto message I just forwarded (in a kind of
timed-release fashion) generated some interesting comments from Karl
Barrus, Marc Ringuette, Robin Hanson, Eric Hughes, and even Larry
Detweiler--back when he was not so antipathetic (he's pathetic _and_
antipathetic, paradoxically) to our group.

For historical reasons, and because he makes some good points, here's his post:


>To: cypherpunks at toad.com
>Cc: ld231782 at longs.lance.colostate.edu
>Subject: Re: Timed-Release Crypto
>Date: Wed, 10 Feb 93 15:11:35 -0700
>From: ld231782 at longs.lance.colostate.edu
>X-Mts: smtp
>
>This is neat idea, T.C. May. Here are some things that popped into my
>head thinking of it.
>
>I think the idea of multiple encryption of the time-delay message would
>be extremely useful here. Imagine this. You encrypt a message with as
>many layers as there are intermediate escrows.  In other words, a
>message is encrypted with layer1 pw, then reencrypted with layer2 pw,
>then layer3, etc.  In the decryption message (separate) there is a long
>sequence of keys.  The lower-level keys closer to the actual message
>are also encrypted by the higher-level keys.  Now, suppose that the way
>the message is held is this: after 1 level of protection has elapsed,
>the password message and the encryption message are recombined to a
>single escrow agent. That agent uses the top-level information (one key
>is plaintext (maybe not), or encrypted with that agent's public key, or
>whatever) to decode the top-level of encryption.  Then, he again
>redistributes the next-lower-level of encryption password message and
>actual message to unique escrow agents.
>
>The beauty of this is that a given escrow agent, even once he gets a
>password, can only strip off "his" topmost level of encryption (at
>least, that's the intent). He is powerless to decrypt all the lower
>levels and hence the message itself. Therefore to actually decrypt a
>message ahead of time would require the collusion of many operators.
>The message should have some kind of indications at each level when it
>is to be "reconstituted" (just add water), and escrow agents of course
>should hold or reject messages that are sent to them for premature
>decryption.  There is also the distinction of "joiners" and "storers"
>although the two could be combined in some way (both are "forwarders").
>
>The final destination should be the destination the original owner
>intended, so that there is no final escrow agent that can decrypt the
>message.  He only has an encoded message he can pass along, and another
>agent only has a meaningless key and the final address as well.  When
>the final destination is reached, the last layer of decryption can be
>removed by the intended recipient (the money is in -X- account,
>password -Y- or whatever).  I.e., the recipient is the final "joiner".
>
>The idea of separating keys and the encoded messages is really
>ingenious, and I'd guess this "disassociation" has other uses as well.
>An encrypted message with a password *existing* but *inaccessable* is
>just as secure as a message using conventional encryption. In fact,
>there is probably an added dimension of security---in most systems
>*somebody* knows the key, but here, if it is generated automatically,
>even the *key* is unknown for awhile!
>
>Another possibility is to have some kind of standard protocol for time
>encrypted messages (this is interesting and seems feasible). Let's say
>I want a message [x] to be unencrypted on date [y].  I call a "time
>encryption server" and ask for the secret key associated with my
>message and date [y].  I encrypt the message and publicize that
>version.  The time server is constantly spewing out the daily code for
>messages that expire on that date. Anybody just listens to the
>broadcast and decrypts the messages in their possession using the key.
>Note however that it is crucial that somehow the key depend on the
>message itself (via the hashing approaches), otherwise everybody knows
>everybody else's keys ahead of time just by submitting messages to the
>server for the particular date.  I suppose public-key encryption could
>be used here but I'm hazy on the details.
>
>P.S. this is a really tricky situation compared to above, but it might
>be possible to make messages with "insecure" passwords that can be
>broken in a few lifetimes from searches. Of course, this depends very
>crucially on the pace of technology and the resources devoted to the
>cracking, two highly variable factors.
>
>Also, keep in mind that every message in existence relying on
>complexity of algorithms is encrypted based on the time-delayed release
>of revolutionary and unforeseen computer techniques in cracking... or,
>more specifically, the gamble that they will not occur...
>
>

..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."









From tcmay at netcom.com  Fri Jun 10 22:26:00 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 10 Jun 94 22:26:00 PDT
Subject: Timed-Release Crypto
Message-ID: <199406110525.WAA00543@netcom.netcom.com>



Eric Hughes was one of several others who made good comments. Here, Eric
mentions the "beacon" idea he brought up recently.

(I have 20 or so posts in this thread, which I won't mail to the List as a
whole, but which I'll be happy to mail to a _few_ people who are _really_
interested in our thinking at this time. As you may know, I have archives
of about 50 MB of Cypherpunks traffic, sorted by threads (in Eudora) and
ready for mailing. No, I can't make it available for ftp, for various
reasons which should be obvious.)

--Tim

>Date: Mon, 22 Feb 93 18:05:49 -0800
>From: Eric Hughes <hughes at soda.berkeley.edu>
>To: cypherpunks at toad.com
>Subject: Timed-Release Crypto
>
>By coincidence, I was thinking about time-release protocols the other
>day.  I've got most of a system worked out, but I need to write it up
>and look at it for a while to make sure it works.  what I think I have
>is a system in which the sender is given a key by a beacon which he
>can verify, at issuance time, will be revealed by the beacon at some
>future time.  The implementation (but not the basic idea) relies on
>using multiple public RSA keys with the same modulus.  I know there
>are some attacks against this, but I don't know their nature.  If
>someone who knows about this (or knows where to find out) could
>contact me I would be most appreciative.
>
>As far as sending money into the future goes, there are some tradeoffs
>between anonymity of payment, length of time in the future, and
>message size.  Anonymity of payment is difficult, since digital cash
>has to expire in order for the bank not have to keep ever huger lists
>of deposited numbers.  Large payments are less frequent anyway, and
>provide less covering traffic.  If you continuously rotate your money
>into the future, therefore, all the steps must be encapsulated, making
>the size of the message grow linearly with the number of hops.  One
>might be able to use a financial intermediary for anonymity, though.
>It's not obvious to me that this will work.
>
>Eric
>
>

..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."









From tcmay at netcom.com  Fri Jun 10 22:48:59 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 10 Jun 94 22:48:59 PDT
Subject: "Persistent Institutions" (Re: Timed-Release Crypto)
Message-ID: <199406110549.WAA02906@netcom.netcom.com>



Here's the last of these articles I plan to forward. This one mentions the
"persistent institutions" idea (based on timed-release crypto mediated by
mutually suspicious agents) I have mentioned at times. (I need to do a
major piece on this, as my comments are mainly scattered in various
places.)

Dave Deltorto was asking about hardware failure of the host machines as a
practical concern and this is what I was initially responding to.

--Tim


>Date: Wed, 17 Feb 93 12:16:30 -0800
>To: cypherpunks at toad.com
>From: tcmay at netcom.com (Timothy C. May)
>Subject: Re: Timed-Release Crypto
>
>Dave Deltorto writes (about my idea for timed-release crypto):
>
>>Well, yes, Tim, but what about the MTBF rating fo disk drives and or other
>>storage media? Any such message would also be relying on the turst that the
>>disk it's stored on, the mail system and or the organization it was sent to
>>for storgae are still going to be around. Now, if there were dedicated places
>
>Loss of hardware over the years due to unreliability is unlikely to be the
>main issue, for several reasons:
>
>1. Modern MTBFs for large disk drives are approaching 100,000 hours, or
>well over 10 years. The drives are likelier to be voluntarily retired
>first. And newer drives, including archival optical drives, are even more
>reliable (the  drives may crash, but optical media survive). For the drives
>that _do_ fail, backup strategies exist, as with all storage of critical
>files. To wit, if your point is correct, then the failures of some disk
>drives at banks, insurance companies, etc., should be producing some
>fraction of "unrecoverable losses" each year. That they are not, because of
>robust backup and redundant storage methods, is evidence that crypto time
>vaults will also be reasonably secure. (Granted, you wouldn't want to trust
>your $100,000 deposit for 20 years on Joe Random's aging Amiga 1000.)
>
>2. A relatively large file by today's standards, e.g., 10 megabytes, will
>be a very small file by the standards of 10 years from now. The upshot is
>that new and more reliable storage methods (and transmission methods) will
>make storage of such small files quite trivial. (And remember that since
>the pieces are encrypted, physical duplication for backups, redundant
>storage, etc., is not a compromise of security.)
>
>3. The most reputatable crypto time vaults will of course be careful not to
>lose client files, especially not for such mundane reasons as disk drive
>failures.
>
>4. M-out-of-n voting strategies are likely in any case, to deal with
>collusion of some of the nodes. That is, a file will be split into pieces
>such that any 8 out of 12 pieces, for example, are sufficient to recover
>the original file. (Encryption is a separate issue, though obviously
>related.)
>
>5. The files are likely to be moved around a lot, anyway, making hardware
>failures manageable on an instantaneous basis (that is, bad nodes, etc.,
>can be compensated for when the time comes to reroute the files). Thus, a
>critical file does not just get "parked" at one site for 30 years.
>
>>where such t-r crypto msgs could be stored, such as a digital "bank" (where
>>they would no doubt charge a storage fee, possibly necessitating that each
>>such msg would be able to "peel off" digicredits from itself every year to
>>guarantee paying for it's own upkeep in case you were no longer aropund to
>>sign checks), the question of whether or not it would BE there in 30 years
>>might be moot, but that's a whole 'nother discussion.
>
>"Persistent institutions" is what I call these systems or trusts that last
>for many decades. If such systems can be built, using some of the ideas
>discussed here in this group, then interesting new financial and political
>structures are possible. Imagine an anonymous, distributed trust that has
>$10 billion in crypto-assets and a "goal" of funding nanotech or cryonics
>research. (Lots of complicated stuff yet to be considered in enough detail
>on how such "goals" might be stored, acted on, etc. For the sake of
>simplicity, think of it as a kind of Howard Hughes Medical Foundation,
>which once owned the Hughes Corporation, but which is not located in any
>one single country....)
>
>>Still, I find your idea very compelling and full of merit.
>
>Thanks. Lots more work is needed.
>
>-Tim May
>
>
>--
>Timothy C. May               | Crypto Anarchy: encryption, digital money,
>tcmay at netcom.com        | anonymous networks, digital pseudonyms, zero
>408-688-5409               | knowledge, reputations, information markets,
>W.A.S.T.E.: Aptos, CA       | black markets, collapse of governments.
>Higher Power: 2^756839 | Public Key: MailSafe and PGP available.
>
>

..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."









From blancw at microsoft.com  Fri Jun 10 23:05:39 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Fri, 10 Jun 94 23:05:39 PDT
Subject: Crime and punishment in cyberspace - 3 of 3
Message-ID: <9406110507.AA21866@netmail2.microsoft.com>


Edward, didn't you get the message......stop haggling over 
righteousness & get back to WORK!

:>)
Blanc





From dacey at crl.com  Fri Jun 10 23:43:50 1994
From: dacey at crl.com (Peter Campbell)
Date: Fri, 10 Jun 94 23:43:50 PDT
Subject: Hello
Message-ID: <Pine.3.87.9406102341.A7856-0100000@crl2.crl.com>


::
Request Remailing-To:  dacey at crl.com

Hi.....drop me a line when you get this.

c-ya








From jgostin at eternal.pha.pa.us  Sat Jun 11 00:17:49 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Sat, 11 Jun 94 00:17:49 PDT
Subject: *&^%#@! Old-timers... NOT.
Message-ID: <940611014526w7Pjgostin@eternal.pha.pa.us>


tcmay at netcom.com (Timothy C. May) writes:

> I've found that posting comments about early work generates
> ill-tempered "you old-timers have no respect for the enthusiasm of
> newbies" posts. (Well, a slight exaggeration, perhaps.)
     Let me be the first to comment that anyone who says this is a fool,
and is too arrogant to realize the value of an informed opinion. Unless
the post takes the tone of "If you were around as long as I was", or
something similiar, an informed, experienced, opinion is always
appreciated -- at least by me.

     Hey, I don't know everything (don't let that leak out... *smirk*), so
I'm happy to learn from those who know more than I do. Everyone learned
from someone, and it's their net.obligation to pass on that knowledge.
It's the way the net works, with everyone helping someone less
experienced. It worked for me, and I'm happy to share information with
people who know less than I do. All I ask for is patience and a genuine
interest in learning what I have to teach. I try to show that same
interest when dealing with those who know more than I.

                                             --Jeff






From r6788 at hopi.dtcc.edu  Sat Jun 11 01:06:15 1994
From: r6788 at hopi.dtcc.edu (Joe Rach)
Date: Sat, 11 Jun 94 01:06:15 PDT
Subject: Hello
Message-ID: <9406110806.AA09350@hopi.dtcc.edu>


Hi! Did you want me to call you or just send you e-mail???

>Hi.....drop me a line when you get this.

                                 c-ya
                                 ;>






From bart at netcom.com  Sat Jun 11 04:44:31 1994
From: bart at netcom.com (Harry Bartholomew)
Date: Sat, 11 Jun 94 04:44:31 PDT
Subject: Announce: Secure HTTP Draft Specification (fwd)
Message-ID: <199406111144.EAA27655@netcom14.netcom.com>


Forwarded message:
> From commercenet-request at commerce.NET Sat Jun 11 02:32:46 1994
> Date: Sat, 11 Jun 94 01:17:50 PDT
> From: wtwong at eitech.eit.com (William Tao-Yang Wong)
> Message-Id: <9406110817.AA22886 at eit.COM>
> To: commercenet at ibs.eit.COM, network-wg at ibs.eit.COM
> Cc: heathman at commerce.net
> Subject: Announce: Secure HTTP Draft Specification
> 
> A draft specification for Secure HTTP has been released.  You may retrieve it
> via any of the following methods:
> 
> WWW: http://www.commerce.net/information/standards/drafts/shttp.txt
> Email: shttp-info at commerce.net (Automatic response)
> Anonymous FTP: ftp.commerce.net/pub/standards/drafts/shttp.txt
> 
> 
> William
> 

   Secure HTTP (S-HTTP) provides secure communication mechanisms between
   an HTTP client-server pair.  Our design intent is to provide a flexi-
   ble protocol that supports multiple operation modes and cryptographic
   algorithms and formats through option negotiation between the tran-
   saction parties.

1.1.  Summary of Features

   Secure HTTP has been designed to enable incorporation of various
   cryptographic message format standards into Web clients and servers,
   including, but not limited to, PKCS-7, PEM, and PGP. S-HTTP supports
   interoperation among a variety of implementations, and is backward
   compatible with HTTP.  ...




From smb at research.att.com  Sat Jun 11 07:46:41 1994
From: smb at research.att.com (smb at research.att.com)
Date: Sat, 11 Jun 94 07:46:41 PDT
Subject: crypto in the NY Times
Message-ID: <9406111446.AA23625@toad.com>


The magazine section of tomorrow's N.Y. Times has a good story on
cypherpunks, Clipper, crypto, etc.  Whit Diffie adorns the cover.





From m5 at vail.tivoli.com  Sat Jun 11 08:37:57 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Sat, 11 Jun 94 08:37:57 PDT
Subject: crypto in the NY Times
In-Reply-To: <9406111446.AA23625@toad.com>
Message-ID: <9406111537.AA13182@vail.tivoli.com>



smb at research.att.com writes:
 > The magazine section of tomorrow's N.Y.From owner-cypherpunks  Sat Jun 11 15:37:34 1994
Return-Path: <owner-cypherpunks>
Received: by toad.com id AA00210; Sat, 11 Jun 94 15:37:34 PDT
Received: from zoom.bga.com by toad.com id AA00197; Sat, 11 Jun 94 15:37:24 PDT
Received: (from ravage at localhost) by zoom.bga.com (8.6.9/8.6.9) id RAA04770; Sat, 11 Jun 1994 17:37:03 -0500
From: Jim choate <ravage at bga.com>
Message-Id: <199406112237.RAA04770 at zoom.bga.com>
Subject: Re: Crime and punishment in cyberspace - 3 of 3
To: diseased at panix.com (Edward Hirsch)
Date: Sat, 11 Jun 1994 17:37:03 -0500 (CDT)
Cc: cypherpunks at toad.com
In-Reply-To: <Pine.3.87.9406110009.A14159-0100000 at panix.com> from "Edward Hirsch" at Jun 11, 94 00:29:09 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 3273      
Sender: owner-cypherpunks at toad.com
Precedence: bulk

> 
> 
> 
> On Fri, 10 Jun 1994, Jim choate wrote:
> > > 
> > >
> > Seems to me the 'inalienable rights' that are mentioned in our founding 
> > charter carry this argument quite well. I suspect they also 'prove' them
> > as well. 
> 
> Claiming that certain rights are inalieable is hardly the same as 
> "carrying the arguement" of their inalienablility.  I hold that man has 
> an inalienable right to free and 
> unlimited supplies of cheesecake... does the fact that I say so "prove" that this is an inalienable right?
>
If eating cheesecake makes you happppy then the Constitution says you have
an inalienable right to it. This of course implies that  your expression of 
that right does not infringe on others.

> >I am really not saying anything about 
> >'natural' rights though.
> 
> Well, by claiming that rights exist prior to the formation of the state 
> or charter, you are claiming that they come from the state of nature, or 
> are inherent to the human condition.  This is what is meant by the phrase 
> "natural rights."
>
All rights are natural rights. Your assumptio that governments arent natural
(for people) is cleary one based in unclear thinking. People are social animals
and their creation of governments is a natural expression of this. All rights
are natural.

> > The point I am making is that a government is defined by what it can and
> > can't do. This distinction is made at its creation through its charter.> 
> 
> Exactly.  Which is why rights come into existence only *after* the 
> charter which declares them is accepted, not before.  
>
Wrong, one has to be able to clearly define those rights prior to writing
them down. At least for me I have the thought and then write it down, not
the other way around. 

> > Since when isn't the Constitution a legal context?
> 
> The Constitution is a "legal context," that's why we can use it to 
> justify the existence of a right... we can say, for example, freedom of 
> the press is a right because the Constitution says so.  However, freedom 
> of the press became a right only when the Constitution declared it, and 
> not before.  This is why, for example, housing is not at present a right, 
> no matter how much some people think it should be. Housing will become a 
> right only if and when the state decides to declare it a right. 
> 
>
Wrong again, the right will happen when people decide to include it in the
Constitution, The document does not change under its own volition. The 
state can be changed under the constitution if enough people say they 
wanted it changed to cover a particular right. This is why the states
have the right to change the Constitution w/o Congressional approval. You
simply need to get the requisite number of states to agree to it.

As to freedom of the press, it was free until the English started trying
to regulate it. The people here felt that was an untold intrusion of 
any government into the actions of men.

Seems to me that a implicit assumption in  your argument is that the
actions of governments supercede the rights of man. I ask  you to explain
whey the Constitution goes to great expense to detail and explain the
rights of men and how they are decided (see Article  9, 10) and the fact
that the state is given NO rights at all...







From ravage at bga.com  Sat Jun 11 15:39:20 1994
From: ravage at bga.com (Jim choate)
Date: Sat, 11 Jun 94 15:39:20 PDT
Subject: back to programming projects...
In-Reply-To: <199406110406.AA21883@xtropia>
Message-ID: <199406112239.RAA04848@zoom.bga.com>


> 
> On a related note, should encrypting remailers have the keys changed
> regularly?  The RSA-IDEA combination isn't very suspectible to known
> plaintext attacks, right?
> 
> Zeke
Personaly I think that is up to the individuals who are transmitting
the messages. If they for some reason feel it is prudent then do it.
Otherwise there are probably other more interesting things to  work on.






From ravage at bga.com  Sat Jun 11 15:45:38 1994
From: ravage at bga.com (Jim choate)
Date: Sat, 11 Jun 94 15:45:38 PDT
Subject: Delayed self-encrypting messages
In-Reply-To: <199406110402.AA13528@world.std.com>
Message-ID: <199406112245.RAA04963@zoom.bga.com>


I would look at monitoring some large scale system that is not easily
modelled so it can't be predicted faster than it actualy occurs.

This way when the appropriate condition occurs its digitized state
could be used as a key.






From ravage at bga.com  Sat Jun 11 15:54:02 1994
From: ravage at bga.com (Jim choate)
Date: Sat, 11 Jun 94 15:54:02 PDT
Subject: Remailer REORDER not DELAY
In-Reply-To: <9406110028.AA05143@smds.com>
Message-ID: <199406112253.RAA05183@zoom.bga.com>


> 
> Jim choate <ravage at bga.com> writes:
> 
> > 2. messages will be cached and re-transmitted after a random delay. I intend
> >    to generate a random number between 0 and 24. When the appropriate hour
> >    arrives all messages with that time stamp will be sent encrypted.
> >    I would suggest getting a random number between 0 and 1440. This will
> 
> I waited for a good reply to this and didn't see one.  Smart people have 
> commented on this before and no one in this round seems to be remembering.
> 
> Delay--time--isn't what matters.  It's confusion about which message is
> which that matters.  So if I get 10 messages in one minute, I can scramble
> the order and send them out the next minute, and I've done my job--at
> least the order-scrambling part.  (You also need to pad or packetize
> messages.)
> 
> So use serial numbers, not times!  Send a message for every one you get, 
> keep a fixed number of messages queued, and add dummies if necessary
> to keep things moving.
>
Wrongo...the random time stamp does randomly re-order then. As to bogus
messages, not on my system you won't....

I have a system which runs of a SLIP feed and bandwidth is sacrosanct.
If you would like to pay for an additional line to handle the added 
load then fine but my pocket book won't support it. And when one makes
the consideration of the future where there will be many small systems
with minimal bandwidth and monetary resources then I realy doubt they 
will be interested in any system which slows down or otherwise wastes
a precious and critical resource.

I also oppose the implied synchronicity of your methods as well. I am 
looking at a resonably secure asynchronouse method of making the 
traffic analysis difficult (the real reason for all this mumbo jumbo
in the first place). Why should I provide a potential monitor with the
information that a certain amount of information going out will be 
bogus? This also relates to my comments concerning the use of the other
'feed' systems around me.

> > On the issue of traffic analysis:
> >
> > It occurs to me that simply monitoring a remailers feeds and their traffic
> > analysis will provide enough information to determine the difference between
> > bogus (ie random generated) and real traffic...
> 
> Why not have the dummy message forwarded in a long enough chain and back to 
> you?  Then you could swallow it or turn it into another dummy, depending on
> whether you need to hurry your queue right now.
> 
> I don't think the amount of dummy traffic is a big problem.  You only need
> enough to keep your queue flowing.  Plus, if the remailers only generate
> dummies when necessary, the total dummy traffic is self-regulating, since
> multi-hop dummies are x-lax for every remailer they pass through.
> 
> I like thinking about the traffic pattern with get-one-send-one remailers:
> A user sends a message, and it seems to bounce from remailer to remailer
> to remailer...to a final recipient--but no, it was all a shell game!
>
You obviously don't pay all the costs for your feed or else you are very 
rich...


> -fnerd
> 
> 
> 
> 
> - - - - - - - - - - - - - - -
> the snack that eats like a food
> -----BEGIN PGP SIGNATURE-----
> Version: 2.3a
> 
> aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
> ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
> 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
> sRjLQs4iVVM=
> =9wqs
> -----END PGP SIGNATURE-----
> 





From ravage at bga.com  Sat Jun 11 15:56:44 1994
From: ravage at bga.com (Jim choate)
Date: Sat, 11 Jun 94 15:56:44 PDT
Subject: back to programming projects...
In-Reply-To: <9406110002.AA03441@sosfc.avtc.sel.sony.com>
Message-ID: <199406112256.RAA05271@zoom.bga.com>


> 
>    From: Jim choate <ravage at bga.com>
>    Date: Fri, 10 Jun 1994 16:34:05 -0500 (CDT)
> 
>    Why should I trust them at all? Why should I willingy become an
>    occomplice in any of their activities? I don't [want?] anyone,
>    including me, being able to figure out what is going on. But more
>    importantly you seem to assume that these pair of communicators are
>    not trying to determine something about me with their traffice.
> 
> So you're trying to prevent the users from finding something out about
> you?  What, exactly?  Trying to understand the issue here.
>
There is no issue. I simply do not choose to trust those who use my 
system. Seems prudent to me. If  you would like to trust total strangers
that is your perogative.

>    By encrypting the outgoing the reciever is
>    shure that it came from my re-mailer and not somebody else.
> 
> If you encrypt it with the remailer's private key, yeah.  I thought
> you were saying earlier that you'd encrypt the outgoing messages with
> the recipient's public key.  Did I misunderstand?
> 
I have to encrypt  w/ my private key and their public key. All they have
access to is my public key.
The point is to verify where the packet came from, not what is in it.





From mpd at netcom.com  Sat Jun 11 16:16:16 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sat, 11 Jun 94 16:16:16 PDT
Subject: Protocol Wanted!!
Message-ID: <199406112316.QAA15142@netcom.com>


Here is a simple problem.

Late one night, Bob discovers a clever new method of factoring
large products of distinct odd primes.  Bob may now perform such
factorizations in only a few hours for numbers up to 1024 bits on
his trusty old 486.

Bob spent a lot of time coding and testing his new algorithm, and
wishes to recover some of his expenses by factoring a few RSA
keys for well-to-do clients. Bob wants to do this without
disclosing his identity, so a certain evil three-letter agency
will not cover him with rubber hose marks trying to learn how his
algorithm works.

Alice is the CEO of a company who suspects PGP-encrypted mail is
being used by an employee to transfer trade secrets to a foreign
competitor.  Alice would pay any amount of money to read this
mail and confirm her suspicions.

Alice is a potential client for Bob.  Now for the hard part...

How does Bob make Alice, and other potential clients, aware of
the service he wishes to offer?

How do Bob and Alice conduct business anonymously while making
absolutely sure that neither is spoofing the other?  Alice needs
to know Bob isn't lying about being able to factor.  Bob needs to
know Alice has the means to pay him before he cracks a key.  Bob
and Alice need to exchange a factored key for money with no
chance that either will back out at the last moment and try to
steal from the other.

How much work should Bob expect to come his way if he charges $10
a bit for his factoring service?  $100 a bit?  $1000 a bit?

Comments anyone?

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From nobody at shell.portal.com  Sat Jun 11 16:44:36 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sat, 11 Jun 94 16:44:36 PDT
Subject: No Subject
Message-ID: <199406112345.QAA14028@jobe.shell.portal.com>


I just read an interesting product announcement:

 "The RF-5151DE digital encryption option is designed for all 
  RF-5000 FALCOM Series HF-SSB radio systems.  The module provides 
  an embedded voice-data encryption system which can be programmed 
  with up to six of 1 X 10^52 key codes.  The encryption algorithm 
  is driven by a pseudo-random key generator possessing a key 
  stream length requiring millions of years for recursion. [Harris 
  RF Communications Group, Rochester, NY, (716) 244-5830.]

This was in one of those military hardware magazines.  Does this 
sound like a piece of military gear?  Is this key length adequate 
for that?  If it were approved for the protection of classified 
information, which was never mentioned one way or the other, 
would a detail like the key length be allowed to be disclosed 
publicly?






From koontzd at lrcs.loral.com  Sat Jun 11 17:28:06 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Sat, 11 Jun 94 17:28:06 PDT
Subject: The RF-5151DE digital encryption option
Message-ID: <9406120027.AA25371@io.lrcs.loral.com>



>From the size of the key space, it sounds like a big shift register and
preset.  While Harris has manufactured shift register based secure voice
specified by NSA, it doesn't sound like it is military.  As a guess it
would be intended for export to friendly nations.  A lot of military
radios have board slots for a COMSEC board with whats called a trigraph
designator (E-ABC).  While I don't recall the actual trigraph designator,
it shows us in recent advertisements.  At least one foreign radio 
manufacturer (Israeli) also provides their own encryption module for
sale to friendly nations.  It used to be popular to supply DES.

Quite a few corporations offer their own encryption algorithms.  AT&T
offers at least two, one of which is exportable.   They advertise a
112 bit key, I think.






From pkm at maths.uq.oz.au  Sat Jun 11 19:45:12 1994
From: pkm at maths.uq.oz.au (Peter Murphy)
Date: Sat, 11 Jun 94 19:45:12 PDT
Subject: Protocol Wanted!!
In-Reply-To: <199406112316.QAA15142@netcom.com>
Message-ID: <9406120244.AA15736@axiom.maths.uq.oz.au>


Commenting on Mike Duvos's original article:

> 
> Here is a simple problem.
> 
> Late one night, Bob discovers a clever new method of factoring
> large products of distinct odd primes.  Bob may now perform such
> factorizations in only a few hours for numbers up to 1024 bits on
> his trusty old 486.
> 
> Bob spent a lot of time coding and testing his new algorithm, and
> wishes to recover some of his expenses by factoring a few RSA
> keys for well-to-do clients. Bob wants to do this without
> disclosing his identity, so a certain evil three-letter agency
> will not cover him with rubber hose marks trying to learn how his
> algorithm works.
> 
> Alice is the CEO of a company who suspects PGP-encrypted mail is
> being used by an employee to transfer trade secrets to a foreign
> competitor.  Alice would pay any amount of money to read this
> mail and confirm her suspicions.
> 
> Alice is a potential client for Bob.  Now for the hard part...
> 
> How does Bob make Alice, and other potential clients, aware of
> the service he wishes to offer?
> 
> How do Bob and Alice conduct business anonymously while making
> absolutely sure that neither is spoofing the other?  Alice needs
> to know Bob isn't lying about being able to factor.  Bob needs to
> know Alice has the means to pay him before he cracks a key.  Bob
> and Alice need to exchange a factored key for money with no
> chance that either will back out at the last moment and try to
> steal from the other.
> 
> How much work should Bob expect to come his way if he charges $10
> a bit for his factoring service?  $100 a bit?  $1000 a bit?
> 
> Comments anyone?
> 
> -- 
>      Mike Duvos         $    PGP 2.6 Public Key available     $
>      mpd at netcom.com     $    via Finger.                      $
> 
> 

Of the several problems stated above, I find the pricing protocol
the easiest to deal with. There are a few things that need to be
known. For example, what is the complexity of Bob's algorithm? Does
it do it in polynomial time or (even better) some variant of logarithmic
time? The cost should bear relation to this fact. The cost should also
be related to the number of bytes in the message. If Bob was canny
enough, he probably would set the price P (in $ or DM or Magic Money or
any other currency I'm grouping under the title "cypherbucks") to be:

			P = F(KB) * L * D

where K (in bits) is the length of the key, L (in bytes) is the length of
the message, D (in cypherbucks/bytes) is the "decoding" cost, B (in
cypherbucks/bits) is the "factoring" cost for the key, and F is a function
from the set of cypherbucks amounts to itself that is proportional to
the complexity of Bob's algorithm. If the algorithm is logarithmic, F should
be logarithmic. If the algorithm takes O(n^2) time, F should be O(n^2); and
so on.

	There are other choices for deriving P; one such is:

			P = F(KB) + (L * D)

and of course others can make their own up. Of course, it is assumed that
Bob is operating as a monopoly, and can set whatever pricing policy he
pleases. For example, 20% discount for students and unemployed. He could
even barter for goods ("I'll decode this 100K message for one of your 
Cray computers.") If the monopoly disappears, the price would be driven
down.

	Alas, I can't say anymore at the moment. Study beckons. :-(
I hope this was of some help.

=======================================================
| Peter Murphy. <pkm at maths.uq.oz.au>.  Department of  |
| Mathematics - University of Queensland, Australia.  |
-------------------------------------------------------
| "What will you do? What will you do? When a hundred |
| thousand Morriseys come rushing over the hill?"     |
|                                       - Mr. Floppy. |
=======================================================





From mpd at netcom.com  Sat Jun 11 20:35:16 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sat, 11 Jun 94 20:35:16 PDT
Subject: Protocol Wanted!!
In-Reply-To: <9406120244.AA15736@axiom.maths.uq.oz.au>
Message-ID: <199406120335.UAA12917@netcom.com>


Peter Murphy <pkm at maths.uq.oz.au> writes:

 > Of the several problems stated above, I find the pricing
 > protocol the easiest to deal with. There are a few things
 > that need to be known. For example, what is the complexity
 > of Bob's algorithm? Does it do it in polynomial time or
 > (even better) some variant of logarithmic time? The cost
 > should bear relation to this fact.

[Thud](Sound of Bruce Henderson fainting) This is an interesting
perspective.  I would find myself arguing almost the opposite. It
would seem to me that the price one charges for a product or
service should depend only on its value to ones clients.  Not
upon ones cost to produce it.

If the value of your product to your customers is $100,000, then
the price should be $100,000 regardless of whether it costs you
$1 or $10,000 to make.

 > The cost should also be related to the number of bytes in
 > the message.

I'm not sure about this either.  A short message about a hidden
bomb which reads "under your chair" is infinitely more valuable
than a lengthy message containing the last six months of postings
to rec.pets.cats.

Once Bob gives Alice the factors, all messages encrypted with
that RSA public key can be decrypted, so the number of messages
and the length of each aren't really an issue. Bob could keep the
factors and sell Alice the plaintext of individual messages, but
this requires a continuing business relationship which the
anonymous Bob may not want.

If the messages contain confidential information, Alice may not
want Bob to see them.  Since Alice is paying Bob big bucks to
factor the key, it is unlikely Alice would agree to let Bob keep
the factors to himself.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Sat Jun 11 21:28:02 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Sat, 11 Jun 94 21:28:02 PDT
Subject: Loompanics is online
Message-ID: <771394999/vac@FURMINT.NECTAR.CS.CMU.EDU>



Looking at some old cypherpunks mail from Tim May:

>Enjoy finding and reading these. But your first priority should be to
>get the Loompanics catalog...other books may spark your interest more.
>I think the catalog is still $5 (well worth it), unless you order
>another book first, as described below.

I thought it might be worth pointing out that most of their catalog is
now online as:

       gopher://gopher.well.sf.ca.us/00/Business/catalog.asc

And you can send mail to them at:

       loompanx at pt.olympus.net

   -- Vince






From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Sat Jun 11 21:35:40 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Sat, 11 Jun 94 21:35:40 PDT
Subject: Cypherpunks mail database does exist
Message-ID: <771395277/vac@FURMINT.NECTAR.CS.CMU.EDU>



Several times people have made comments about there not being an
archive of old mail, or that it was not practical to index it.  For the
record, again, there is a database, it is indexed, and it is fast.

Eric Johnson has put one together as:

   http://pmip.maricopa.edu/crypt/cypherpunks/Cypherpunks.src


Please don't think that you used to be safe doing something illegal on
this list and that you no longer are.  That would be foolish.

  -- Vince






From pkm at maths.uq.oz.au  Sat Jun 11 21:41:13 1994
From: pkm at maths.uq.oz.au (Peter Murphy)
Date: Sat, 11 Jun 94 21:41:13 PDT
Subject: Protocol Wanted!!
In-Reply-To: <199406120335.UAA12917@netcom.com>
Message-ID: <9406120440.AA16993@axiom.maths.uq.oz.au>


> 
> Peter Murphy <pkm at maths.uq.oz.au> writes:
> 
>  > Of the several problems stated above, I find the pricing
>  > protocol the easiest to deal with. There are a few things
>  > that need to be known. For example, what is the complexity
>  > of Bob's algorithm? Does it do it in polynomial time or
>  > (even better) some variant of logarithmic time? The cost
>  > should bear relation to this fact.
> 
> [Thud](Sound of Bruce Henderson fainting) This is an interesting
> perspective.  I would find myself arguing almost the opposite. It
> would seem to me that the price one charges for a product or
> service should depend only on its value to ones clients.  Not
> upon ones cost to produce it.

Not quite. I thought that the price that Bob would set would be as
high as he could get away with, without alienating the clients. If
Alice sends Bob a message to be decrypted, and shells out $100,000,
then Bob (assuming he's honest) will decrypt it. It's too bad if it
turns out to be just a juicy love letter - Bob's purpose was there
to decrypt it, and not to work out the value to the customer. After
all, if it turns out that the file was actually a design to some
FTL vehicle, then setting a flat price in the negotiation phase
prevents Bob from going around and upping the price to $10,000,000.

> 
> If the value of your product to your customers is $100,000, then
> the price should be $100,000 regardless of whether it costs you
> $1 or $10,000 to make.

I'm sorry - we seem to be thinking differently. The way I was thinking
was that Alice was actually giving Bob the message only, and that
Charlie (our suspected criminal) was smart enough to keep his public
key away from the office (or on a floppy disk). Of course, if Charlie
is stupid enough to leave his public key around, then Alice can send
only this key to Bob, and leave the 'naughty' message at the office.
Otherwise, Bob has only the ciphertext to go on - or possibly a bit
of plaintext, although Alice probably won't do that either.

> 
>  > The cost should also be related to the number of bytes in
>  > the message.
> 
> I'm not sure about this either.  A short message about a hidden
> bomb which reads "under your chair" is infinitely more valuable
> than a lengthy message containing the last six months of postings
> to rec.pets.cats.

But again, that's assuming that Alice does know what is in the
encrypted file. She (rightly) suspects that Charlie is giving stolen
goods away.... but she doesn't know that. See above. Anyway, Bob may
have other clients, and the time on his 486 is fairly precious.

> 
> Once Bob gives Alice the factors, all messages encrypted with
> that RSA public key can be decrypted, so the number of messages
> and the length of each aren't really an issue. Bob could keep the
> factors and sell Alice the plaintext of individual messages, but
> this requires a continuing business relationship which the
> anonymous Bob may not want.
> 
> If the messages contain confidential information, Alice may not
> want Bob to see them.  Since Alice is paying Bob big bucks to
> factor the key, it is unlikely Alice would agree to let Bob keep
> the factors to himself.

Ooh.. this is a tough subject to police. It is possible that we have
a company rep (Denise - isn't alphabetical naming beautiful :-)) looking
over Bob's shoulders while he's doing his stuff, and checking that he's
not saving the information to a private file. Possibly, Bob would do the
encrypting in Denise's office. After all, he may have built in an option
that saves all information acquired to a "key ring". Denise does not want
him to do this, and makes sure that he only bring the executable file
with him. She also makes sure that no suspicious files are created .
Remember that Bob does not want to give the program to Denise - it contains
his secret special recipe for factorization, and doesn't want anyone else
to examine the program too closely.

> 
> -- 
>      Mike Duvos         $    PGP 2.6 Public Key available     $
>      mpd at netcom.com     $    via Finger.                      $
> 
> 

=======================================================
| Peter Murphy. <pkm at maths.uq.oz.au>.  Department of  |
| Mathematics - University of Queensland, Australia.  |
-------------------------------------------------------
| "What will you do? What will you do? When a hundred |
| thousand Morriseys come rushing over the hill?"     |
|                                       - Mr. Floppy. |
=======================================================





From nobody at shell.portal.com  Sun Jun 12 00:14:16 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sun, 12 Jun 94 00:14:16 PDT
Subject: Encrypted Military Information Broadcasts
Message-ID: <199406120715.AAA27076@jobe.shell.portal.com>


>From reading unclassified literature related to a device called a
"Commanders' Tactical Terminal/Hybrid-Receive Only" (CTT/H-R) manufactured
by E-Systems, I've heard of such things as:

    Tactical Information Broadcasting Service (TIBS)
    Tactical Reconnaissance Equipment and Related Applications (TRAP)
    Tactical Data Information Exchange System Broadcast (TADIXS-B)
    CONSTANT SOURCE
    SENIOR SPAN

It also mentions "embedded COMSEC modules based on CTIC and Ricebird
crypto chips".

Reading between the lines, it seems to be some sort of encrypted
information distribution system.  Is there an UNclassified (and brief)
description of the function and usage of each of these available
somewhere, hopefully that could be posted here?  Thanks.

My job situation is such that it wouldn't be prudent or me to ask these
questions openly, hence my use of an anon server.

PLEASE NOTE: This is not a solicitation of classified information.

-----------





From nobody at c2.org  Sun Jun 12 04:41:41 1994
From: nobody at c2.org (Random H0Z3R)
Date: Sun, 12 Jun 94 04:41:41 PDT
Subject: NSA influence over cellular phone crypto
Message-ID: <199406121137.EAA05066@infinity.c2.org>


Phil Karn:
>No, RC4 is not the European cellular phone encryption algorithm, but
>that 32-bit figure *has* come up in discussions of what NSA will allow
>the carriers to put into next-generation digital cellular telephones.    

This is an interesting comment.  How, specifically, is the NSA
influencing these decisions?  Does it have any official 
say in the matter?









From banisar at epic.org  Sun Jun 12 06:19:32 1994
From: banisar at epic.org (Dave Banisar)
Date: Sun, 12 Jun 94 06:19:32 PDT
Subject: NY Times Clipper Editorial 6/12/94
Message-ID: <9406110918.AA09604@Hacker2.cpsr.digex.net>


6/12:EDITORIAL: A CLOSER LOOK ON WIRETAPPING

c.1994 N.Y. Times News Service

The New York Times said in an editorial on Sunday, June 12:

The government's ability to tap private phone calls is under
siege. Newly developed encryption systems allow callers to
mathematically scramble their messages so that no one, including
the government, can eavesdrop. And digital technology - from
cellular phones to call-forwarding - makes wiretapping
increasingly difficult.

The Clinton administration is running scared and proposes two
fixes, neither satisfactory. Government needs to wiretap under
legally restricted circumstances. Though used sparingly during the
1980s (1,000 a year), taps helped convict more than 20,000 felons.
But before tampering with existing arrangements, the
administration must show that its proposals are workable and will
not trample on existing rights to conduct private phone
conversations. So far it has cleared neither hurdle.

To overcome private encryption, the administration will encourage
people who plan to encode calls to buy phones with a
government-designed encryption system, known as Clipper, built
into the hardware; the government, with judicial approval, would
be able to unscramble the messages. But the policy is unlikely to
work because Clipper phones are unlikely to dominate the market -
leaving Washington the choice of admitting defeat or turning Big
Brotherish and outlawing non-Clipper encryption systems.

To overcome technological barriers, the Federal Bureau of
Investigation proposes a second fix: legislation that would
require phone companies to adopt only those technologies that
preserve the government's ability to wiretap. The problem with
this plan is that its sweeping prohibitions threaten to stop
telecommunication innovations before anyone calculates the
consequences.

The administration would like to begin by encouraging the IRS and
other agencies to buy Clipper phones; it might then require
private parties that wish to send the government encoded messages
to do so only with Clipper phones. The government hopes that in
time Clipper phones would become standard equipment everywhere.
Callers using other encryption systems would have to plan ahead
and acquire compatible software, a big task for run-of-the-mill
criminals.

But many experts predict that Clipper phones will not become
standard. There are easy-to-use encryption systems that require no
special phones, no shared secret passwords. And, unlike Clipper,
they cannot be intercepted by the government. Because un-tappable
systems will prove attractive the private market is likely to make
them as readily available as Clipper.

Clipper uses a secret mathematical formula for scrambling calls.
But there are flaws in the formula, as The New York Times recently
revealed. The danger with secret formulas is that someone in or
outside government could discover a new flaw and exploit it to tap
encoded calls without a court order.

Another bad feature concerns the passwords (actually, numbers) the
government needs to unscramble calls from Clipper phones. The
passwords would be held in escrow by two federal agencies (and
released to the FBI upon presentation of a court order). A better
way to protect against government abuse would be to entrust
passwords to the courts or designated non-government
organizations.

The FBI's fix - requiring phone companies to build easily tappable
systems - raises the unsettling image of forcing a phone company
to design its "home" so that the police can easily enter. And the
fix is unnecessarily blunt. The government could compel phone
companies to solve specific problems, like making call-forwarding
tappable.

The administration is right to worry about its ability to tap
phones for legitimate law enforcement. So far, its suggestions for
safeguarding that ability seem unworkable and potentially
intrusive.







From frissell at panix.com  Sun Jun 12 07:29:57 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sun, 12 Jun 94 07:29:57 PDT
Subject: crypto in the NY Times
Message-ID: <199406121429.AA02324@panix.com>


The New York Times Magazine

Sunday 12 June 1994

Whitfield Diffie on the cover.

Cover text:

"Whitfield Diffie's
Amazing breakthrough
could guarrantee
computer privacy.
But the Government,
fearing crime and
terror, wants to co-opt
his magic key and
listen in.  Now it's
crypto-war on the
electronic frontier.

THE
CYPHERPUNKS
VS.
UNCLE
SAM

by Steven Levy

Inside title:

Battle of the Clipper Chip

Photos:

Phil Zimmermann vs Jim Kallstrom
D. James Bidzos vs F. Lynn McNulty
John Gilmore, Eric Hughes vs Dorothy E. Denning
Vice Adm. John M. McConnell vs Whitfield Diffie

Good read.

DCF





--- WinQwk 2.0b#1165
                      





From frissell at panix.com  Sun Jun 12 07:49:33 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sun, 12 Jun 94 07:49:33 PDT
Subject: crypto in the NY Times
Message-ID: <199406121449.AA04218@panix.com>


Once and for all we have to squaush the stupid question that leads the 
last paragraph of the NYT Magazine article:

"What if the [VoicePGP] static shielded the murderous plans of a terrorist 
or kidnapper?  Phil Zimmermann would feel terrible."  

Presumably because he is "of the Left".  Phil goes on to talk about 
tradeoffs.

The real answer is:

That's a real stupid question.  Right now in my head I could be a psycho 
killer planning all sorts of terrible stuff, does that mean that you 
should use the techniques of the Inquisition to fight crime by peeling 
back the layers of my mind?  Computers and communications are just 
extensions of the minds of individuals.  If I can keep my mind private, I 
can keep my computer private.

DCF



--- WinQwk 2.0b#1165
                                                                                                                               





From mpd at netcom.com  Sun Jun 12 08:31:47 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sun, 12 Jun 94 08:31:47 PDT
Subject: Protocol Wanted!!
Message-ID: <199406121531.IAA22622@netcom.com>


greg at ideath.goldenbear.com (Greg Broiles) writes:

 > If Alice wants proof that Bob can factor large numbers,
 > Alice should generate many of them - say, 1,000,000 of them.
 > She sends them to Bob and says "Hey, factor one and send me
 > the results as soon as you're done." The chances are 1 in
 > 1,000,000 that Bob is giving away a useful service for free

Bob is now doing at least twice as much work as before.  He is
factoring a random key and a real one for each customer he does
business with.  Since the existance of a breakthrough in
factorization is certainly of interest to people who do not want
keys factored, Bob will get lots of requests from the curious,
who have no interest in buying his services.  Should he prove to
someone in the academic community that he can indeed factor keys,
people would simply stop using RSA and Bob's economic future
would be bleak indeed.

Bob needs to charge a lot for his services, and not give free
demos.  The protocol needs to require that the customers commit
to the fee before Bob demonstrates his talent.  This will
discourage enquiries by the frivilous.

 > What they both need are trusted friends, attorneys, or
 > agents - Bob puts an ad in the newspaper, saying "I can
 > factor big numbers. Contact me through my attorney - her
 > name is [...]."

Gaaak!  All these people.  You are making Bob paranoid.  Bob is
definitely not going to put an ad in the paper.  His customers
are foreign and domestic law enforcement and intelligence
services and corporate security folks.  Bob wants to keep an
extremely low profile with the Great Unwashed.

Isn't there some way for Bob to conduct business using the
remailer at Hacktic and anonymous DigiCash(TM)?  Bob does not
wish to find himself at the bottom of a large body of water
wearing concrete galoshes.  Bob wishes to factor a few numbers,
transfer the money offshore, and retire without the general
public being aware that RSA has been compromised.

 > I don't have a damn thing to do with either law enforcement
 > or the intelligence community, but I bet that folks would
 > be willing, upon occasion, to pay between $100K and $1M for
 > factorizations of other folks' RSA private keys. The trend
 > towards civil forfeiture of "drug money" will probably lead
 > to higher prices for key factoring - folks who could factor
 > big numbers might even be able to negotiate for "points" of
 > the gross take, rather like big-name actors/directors or
 > sports figures.

I agree.  I think that $100 a bit would be an extremely
reasonable price for factoring a 1024 bit modulus.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From frissell at panix.com  Sun Jun 12 08:31:47 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sun, 12 Jun 94 08:31:47 PDT
Subject: crypto in the NY Times
Message-ID: <199406121531.AA09149@panix.com>


And yet again:

Attention - Steven Levy - The most common use of crypto from the dawn of 
time to the present has been to protect commercial information.  There 
were always more traders than governors and they had more need to read or 
count.  Writing was a commercial invention and coding is just another form 
of writing.

How much are we paying these guys department:

Attention - Jim Kallstrom, Fibbie - who argues (correctly) that strong 
crypto is just the same thing as if a criminal gang could build an 
unbreakable fortress in the Bronx and stash Polly Klass inside and the 
government could do nothing...

If the bad guys have an unbreakable wall, the *victims* have an 
unbreakable wall too.  The criminals gain nothing.  They are, in fact, 
worse off since it becomes *harder* to 'break the close.'

DCF

There'll be more I'm sure.

--- WinQwk 2.0b#1165
                             





From rfb at lehman.com  Sun Jun 12 09:57:20 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Sun, 12 Jun 94 09:57:20 PDT
Subject: Protocol Wanted!!
In-Reply-To: <9406120440.AA16993@axiom.maths.uq.oz.au>
Message-ID: <9406121656.AA24066@fnord.lehman.com>


    From: Peter Murphy <pkm at maths.uq.oz.au>
    Date: Sun, 12 Jun 1994 14:40:54 +1000 (EST)

    > It would seem to me that the price one charges for a product or
    > service should depend only on its value to ones clients.
    
    Not quite. I thought that the price that Bob would set would be as
    high as he could get away with, without alienating the clients.

Value can be reasonably defined in terms of what the market will bear.

			Rick





From hkhenson at cup.portal.com  Sun Jun 12 10:14:20 1994
From: hkhenson at cup.portal.com (hkhenson at cup.portal.com)
Date: Sun, 12 Jun 94 10:14:20 PDT
Subject: NAFTA and crypto
Message-ID: <9406121015.1.22691@cup.portal.com>


An amusing possibility has cropped up.  While looking at a motion
to dismiss the AA BBS (porn) case, it dawned on me that the same
aggument might apply to exporting crypto.  Namely NAFTA seems to
have negated laws which interfear with free trade (with some minor
exceptions).  I will post the full text of the motion to the list
later today or tomarrow.  Keith





From rarachel at prism.poly.edu  Sun Jun 12 10:21:16 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Sun, 12 Jun 94 10:21:16 PDT
Subject: Announcement RE: Lobbying...
In-Reply-To: <9405050147.AA19462@prism.poly.edu>
Message-ID: <9406121708.AA04125@prism.poly.edu>


This is most weird... the previous message of the same subject just appeared
now??  Did someone forward this old message to the list?  I wrote that a month
ago!

Is there a mailer problem?





From rfb at lehman.com  Sun Jun 12 10:29:27 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Sun, 12 Jun 94 10:29:27 PDT
Subject: Remailer REORDER not DELAY
In-Reply-To: <199406112253.RAA05183@zoom.bga.com>
Message-ID: <9406121728.AA24306@fnord.lehman.com>


I think that there's a reasonable compromise in here somewhere.  It
might even address some other concerns that people could have about
the costs of running remailers, e. g. storing a zillion messages for
24 hours.

How about something like this:
   
 - The remailer is configured by its maintener with a maximum
   desireable time delay and a maximum desireable message queue size.
   People who do not like the values selected are free to shop
   elsewhere :-)
 - When a message arrives, it is assigned a latest output time based
   on the time that it is received, the remailers maximum desireable
   time delay and a random factor.
 - When the remailer's message queue size is greater its maximum
   desireable size, the message due to be sent next is sent regardless
   of its latest output time.
 - When a message's latest output time arrives, it is sent regardless
   of the remailers message queue size.

You might even want to have some other remailer configuration
parameters, like:
 - a maximum number of messages sent out during some arbitrary time
   interval (message/minute, e. g.)
 - a minimum interval between messages being sent.
These two examples might force the queue size to be considerably
larger than its maximum desired size during usage peaks.

None of this addresses a situation where a single message is received
during an arbitrarily long time period, although none of the other
proposals addresses that situation.  Although I can imagine how Mallet
might abuse this if he coudl control the remailer's net connection,
personally, I don't think that it's a problem that merits much
consideration.  In the absense of a suitably powerful Mallet or other
serious networking problems, it's likely that such a situation is just
an indication that the remailer isn't very popular.

BTW, what possible benefit is there to knowing that a particular
message was sent by a particular remailer?  As a recipient, should I
`trust' a remailer more than I trust, say, a digitial signature from
the sender?  Could someone describe a situation where this would
provide useful information?  In other words, why *not* simply encode
with the recepient's public key and restrict the usage of the
remailer's private to decoding incoming messages?

			Rick





From werewolf at io.org  Sun Jun 12 10:34:02 1994
From: werewolf at io.org (Mark Terka)
Date: Sun, 12 Jun 94 10:34:02 PDT
Subject: Remailer List & Numbers Request
Message-ID: <Pine.3.89.9406121309.B16128-0100000@nudge.io.org>


Could someone tellme where I can find a current list of the remailers
and their related numbers? Any help would be greatly appreciated!


*************************************************************************
Mark Terka     | werewolf at io.org             | public key (werewolf) at
Toronto,Canada | dg507 at cleveland.freenet.edu | pgp-public-keys at demon.co.uk
*************************************************************************






From frissell at panix.com  Sun Jun 12 10:48:34 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sun, 12 Jun 94 10:48:34 PDT
Subject: crypto in the NY Times
Message-ID: <199406121748.AA23372@panix.com>


Control freaks - yah gotta love 'em.

DD in today's Times - "I was exposed to cases where wiretaps had actually 
stopped crimes in the making...If they didn't have this tool, some of 
these things might have happened."

I have been exposed to cases where torture actually stopped crimes in the 
making...

I have been exposed to cases in which locking the entire population of a 
nation into a totalitarian control regime with internal passports and 
everything has actually stopped crimes in the making...

I have been exposed to cases in which decimating the inhabitants of a 
village actually stopped crimes in the making.

Guess what control freaks:  The guy next door may have strong crypto, a 
gun, and a car with a tank full of gasoline with enough energy in it to 
blow up your house.  There's not a goddamned thing on this good green 
earth that you can do about it.  Get used to it.  Learn to trust people 
until proven otherwise. 

DCF


--- WinQwk 2.0b#1165
                                                      





From Ben.Goren at asu.edu  Sun Jun 12 11:09:53 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Sun, 12 Jun 94 11:09:53 PDT
Subject: Protocol Wanted!!
Message-ID: <9406121810.AA01329@Tux.Music.ASU.Edu>


I'm surprised nobody's mentioned yet that Bruce Schneier solves this
problem in chapters five and six of _Applied Cryptography._ See especially
page 90, "Noninteractive Zer-Knowledge Proofs."

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From VACCINIA at UNCVX1.OIT.UNC.EDU  Sun Jun 12 11:56:38 1994
From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU)
Date: Sun, 12 Jun 94 11:56:38 PDT
Subject: Remailer Chaining Security
Message-ID: <01HDGJ04MSB6005BAW@UNCVX1.OIT.UNC.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

::
Request-Remailing-To: rperkins at nyx.cs.du.edu

::
Request-Remailing-To: nowhere at bsu-cs.bsu.edu

::
Request-Remailing-To: vaccinia at uncvx1.oit.unc.edu

The preceding remailer message path was generated using Hal's Chain utility. 
One can find this program at soda.berkeley.edu pub/cypherpunks/remailer, get 
Chain.zip. It automates alot of the drudge in chaining remailers. It will 
even encode messages using PGP if you have the remailers public key on your 
ring and your PGP directory in your path statement. For instance, to get the 
above remailer path I typed the following:

chain vaccinia at uncvx1.oit.unc.edu vox rperkins nowhere <foo.let> foo.vox

Thus my address will be the final destination, the message file (foo.let) 
is converted to the remail ready file, foo.vox. The remail ready file must 
then be manually sent to the first remailer in the chain, in this case 
remail at vox.hacktic.nl. It will then go to rperkins at nyx.cs.du.edu and then to
nowhere at bsu-cs.bsu.edu, finally being sent to vaccinia at uncvx1.oit.unc.edu. 
The Chain.ini file (from the chain.zip file) contains the remailer addresses 
and whether a PGP public key for the remailer is available on your public key 
ring. Remailers for which you have keys will automatically be encoded and 
begin thusly:

::
Encrypted: PGP

N.B., It may be neccesary to edit the chain.ini file (it is merely an ASCII 
file) to update the list of remailers. I recommend this utility for chaining
to most remailers. Remember that remailer at soda.berkeley.edu does not support 
the format,     ::
                Request-Remailing-To:

Even so it is a handy program to have if you want to avail yourself of the 
cypherpunks remailer system.

Scott G. Morham            !The First,
Vaccinia at uncvx1.oit.unc.edu!          Second
PGP Public Keys by Request !                and Third Levels
                           !       of Information Storage and Retrieval
                           !DNA,
                           !    Biological Neural Nets,
                           !                           Cyberspace

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLfoGvz2paOMjHHAhAQFSoQP+IELwswIrLk6B0W1nXDQJysqjYl7GGQg8
6gO38xSI7CzbqFFneM8YMNQG7U/PKIjs5Kw89lFZNHAYk6NzDGvVUbOepvIjQ9F3
xIO/TsTYASFAz5WcGNHKVR2ceq4juubDkBd9O5r+mEcj9c34Nhsbs9QxWC1T1l64
+YSyP9DBxHE=
=hDW4
-----END PGP SIGNATURE-----





From rslau at ucs.usc.edu  Sun Jun 12 12:24:24 1994
From: rslau at ucs.usc.edu (Robert Lau)
Date: Sun, 12 Jun 94 12:24:24 PDT
Subject: test... please ignore.
Message-ID: <199406121924.MAA06327@tarazed.usc.edu>


this is only a test.
if this had been a real emergency,
this message would have been crypted.

Robert Lau - Systems Programmer, Unix Systems     213-740-2866
--  University Computing Services                 Internet: rslau at usc.edu
--  University of Southern California             Bitnet:   rslau at uscvm
--  1020 W Jefferson, LA, CA  USA, 90089-0251     UUCP:     ...!uunet!usc!rslau





From rslau at ucs.usc.edu  Sun Jun 12 12:36:27 1994
From: rslau at ucs.usc.edu (Robert Lau)
Date: Sun, 12 Jun 94 12:36:27 PDT
Subject: test 2... please ignore.
Message-ID: <199406121936.MAA06369@tarazed.usc.edu>


<test 2>

this is only a test.
if this had been a real emergency,
this message would have been crypted.

Robert Lau - Systems Programmer, Unix Systems     213-740-2866
--  University Computing Services                 Internet: rslau at usc.edu
--  University of Southern California             Bitnet:   rslau at uscvm
--  1020 W Jefferson, LA, CA  USA, 90089-0251     UUCP:     ...!uunet!usc!rslau





From an60011 at anon.penet.fi  Sun Jun 12 13:39:30 1994
From: an60011 at anon.penet.fi (Ezekial Palmer)
Date: Sun, 12 Jun 94 13:39:30 PDT
Subject: back to programming projects...
In-Reply-To: <199406112239.RAA04848@zoom.bga.com>
Message-ID: <199406122021.AA01205@xtropia>


-----BEGIN PGP SIGNED MESSAGE-----

    From: Jim choate <ravage at bga.com>
    Subject: Re: back to programming projects...
    Date: Sat, 11 Jun 1994 17:39:05 -0500 (CDT)
    
    > On a related note, should encrypting remailers have the keys changed
    > regularly?  The RSA-IDEA combination isn't very suspectible to known
    > plaintext attacks, right?
    > 
    > Zeke
    Personaly I think that is up to the individuals who are transmitting
    the messages. If they for some reason feel it is prudent then do it.
    Otherwise there are probably other more interesting things to  work on.

I wasn't asking about anything to do with what projects were interesting to
anyone in particular.  If I want to know what you're interested in working
on, I'll ask directly.  I was asking about something that might be equally
interesting to users and maintainers.

Is the RSA-IDEA combination known to be suspectible to any known/chosen
plaintext attacks?  Has anybody published a known/chosen plaintext attack
that works against what PGP does better than a brute force attack?

If a known/chosen plaintext attack works against PGP, then a PGP remailer's
keys aren't as secure as other keys cuz an attacker can encrypt arbitrary
text with them.  If nobody's figured out a known/chosen plaintext attack,
then remailer's keys are as good as anybody else's.

Zeke

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLftKjhVg/9j67wWxAQHiSwP/dop6udnScpvG6BfAG4Btn3ggGVxZ8DGO
kJNEOpNYEEbhjqDjsnPq9ApXqcWaOIF+L6yO2nxleEwHQ8g9uE/YCSPzubr1WP6C
priCJGeCB/vgjcMQul6/k13T97vHF3UkPlcVPwt0hqP/DV158wwnZMfwIOcMS3r5
5RyRWOCKxck=
=LEN+
-----END PGP SIGNATURE-----





From kentborg at world.std.com  Sun Jun 12 15:00:52 1994
From: kentborg at world.std.com (Kent Borg)
Date: Sun, 12 Jun 94 15:00:52 PDT
Subject: Protocol Wanted!!
Message-ID: <199406122200.AA03953@world.std.com>


Oh, am I stupid.  Someone mentioned having lent his Schneier to
someone.  Hmmm.  I wondered what book that would be, maybe I
would want to buy a copy.

So I charged off to look in the bibliography in Applied Cryptography.
Strange, there are some articles listed by him, but nothing seems
to fit, yet this book is so new...

In any event, I really am enjoying Applied Cryptography, by Bruce
Schneier.  You could have lent your copy of it...

-kb, the Kent who can be so slow

--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 28:15 hours of TV viewing so far in 1994!





From catalyst-remailer at netcom.com  Sun Jun 12 15:17:13 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Sun, 12 Jun 94 15:17:13 PDT
Subject: Massive ITAR Violation.
Message-ID: <199406122217.PAA28716@mail.netcom.com>


-----BEGIN ROT13 SIGNED MESSAGE-----

Fellow citizens of the United States of America, I wish to inform you of a
great and ongoing catastrophe of most serious consequence.

It is organized crime, by definition. Below is the header for the MacPGP2.2
file on sumex-aim.stanford.edu, archived with dozens of other utilities, as
/info-mac/util/pgp.hqx, which has been there for *over a year*, many times
a week being *exported* onto info-mac mirrors around the world. This is the
most massive and organized absolute violation of the USA's ITAR munitions
export laws (regulations) we have ever witnessed. For an entire year,
weekly if not daily, the notorious encryptor PGP, right under our eyes,
exported!

I hope this is cleared up as soon as humanly possible, but we are all of us
left with the guilt of not having noticed this before. All this talk of
ITAR and there you are, your largest communal Mac ftp site pumping out PGP
across the border like a huge demonic machine bent on destroying our
beloved society. If the moderators cannot be contacted immediately, I
suggest military force be used. Or cooperative shutdown of the US internet
connections. Please begin this at once, as it *must* be stressed that PGP
is classified as a MUNITION, right along with rocket launchers and
tanks!!!!!!!! This is as serious as it gets.

I didn't even know what the internet *was* back in April of '93, and I am
but one in a million (literally) who has access to sumex-aim.stanford.edu
and all its mirror sites. It must have been my destiny to save the world,
for none of *you* seem interested in doing so. It has only been an hour
since I discovered this NATIONAL SECURITY DISASTER, and I immediately
set myself in action to save my country from destruction.

*I*YoU*mE*We*OiwIE*wE*yOU*Me*I*

P.S. Here is the evidence:

>From: macmod at SUMEX-AIM.Stanford.EDU (Info-Mac Moderator)
>Date: Sun, 25 Apr 1993 23:22:58 PDT
>
>PGP (Pretty Good Privacy) ver 2.2 - RSA public-key encryption freeware
>for MSDOS, protects E-mail.  Lets you communicate securely with people
>you've never met, with no secure channels needed for prior exchange of
>keys.  Well featured and fast!  Excellent user documentation.
>
>PGP has sophisticated key management, an RSA/conventional hybrid
>encryption scheme, message digests for digital signatures, data
>compression before encryption, and good ergonomic design.  Source
>code is free.
>
>Keywords:   PGP, Pretty Good Privacy, RSA, public key, encryption,
>            privacy, authentication, signatures, email
>
>(This file must be converted with BinHex 4.0)
>
>:$8eKBe"(8$)Z-LjcC@%!39"36'&eFh3J!!!$@3X!!%DFIea6593K!!%!!eN,FNa
....

And upon downloading it and starting it up, the console window faithfully
displays:

>Pretty Good Privacy 2.2 - Public-key encryption for the masses.
>(c) 1990-1993 Philip Zimmermann, Phil's Pretty Good Software. 6 Mar 93
>Date: 1994/06/12 16:10 GMT

I further suggest that all of the following sites (but a sample)
immediately remove this file from their archives and stop mirroring
sumex-aim till they too remove the file.

To keep this from happening again, I suggest *all of us* in the USA delete
our copies of PGP from our hard disks, lest our children export it into the
hands of such enemy nations as these. It is time we put an end to this
scourge, for look what will happen if we do not. Pornographers and
terrorists are coming for our children if we do not act. Death to PGP
users!!!!!!!!!!!!!!! Where is our government in all of this? Our tax
dollars are not being used to protect us from the EXPORT OF MUNITIONS TO
ENEMY NATIONS!!!!!

I suggest full prosecution of all users and maintainers of sumex-aim, as
they have all obviously conspired to maintain this treachery. I suggest
they all be searched for other weapons as well including land mines,
automatic machine guns, poison gases, biological weaponry and mind control
devices of all sorts, as it is my firm belief that the only reason they are
interested in PGP is to forward their agenda to export other munitions,
drugs pushed on *our* children to pay for them!!! This will culminate in
the obvious acquisition of *nuclear bombs* by every Tom Dick and Harry
gangster. Little boys and girls in the getto with *neutron bombs* and
*poison gas missiles*! I shutter to think we could have stopped it but,
alas, we may have failed ourselves. Here are the target sites. I suggest
immediate offensive attacks to destroy these evil ports of death and
destruction....

Australia (Melbourne): archie.au//micros/mac/info-mac/util/pgp.hqx

Austria (Vienna): ftp.univie.ac.at//mac/info-mac/util/pgp.hqx

Canada (Vancouver): ftp.ucs.ubc.ca//pub/mac/info-mac/util/pgp.hqx

Finland (Espoo): ftp.funet.fi// pub/mac/info-mac/util/pgp.hqx

Finland (Jyvaskyla): ftp.jyu.fi//info-mac/util/MacPGP2.2.sea

Germany (Hannover): ftp.rrzn.uni-hannover.de//pub/info-mac/util/pgp.hqx

Japan (Tokyo): ftp.center.osaka-u.ac.jp//info-mac/util/pgp.hqx

Japan (Tokyo): ftp.iij.ad.jp//pub/info-mac/util/pgp.hqx

Japan (Tokyo): ftp.u-tokyo.ac.jp//pub/info-mac/util/pgp.hqx

Netherlands (Wageningen): ftp.fenk.wau.nl//pub/mac/info-mac/util/pgp.hqx

Republic of Singapore (Singapore): ftp.nus.sg//pub/mac/util/pgp.hqx

Sweden (Lund): ftp.lth.se//mac/info-mac/util/pgp.hqx.Z

Sweden (Uppsala): ftp.sunet.se//pub/mac/info-mac/util/pgp.hqx

Switzerland (Zurich): nic.switch.ch//mirror/info-mac/util/pgp.hqx

Taiwan (Hsinchu): ftp.edu.tw//Macintosh/info-mac/util/pgp.hqx

UK (London): src.doc.ic.ac.uk//packages/info-mac/util/pgp.hqx.gz

-----END ROT13 SIGNED MESSAGE-----

-----BEGIN ROT13 SIGNATURE-----
Whar fvkgu avargrra uhaqerq avargl sbhe. Sbhegubhfnaqgra punenpgref va
frirauhaqerqrvtuglrvtug jbeqf bs baruhaqerq yvarf.
-----END ROT13 SIGNATURE-----





From frissell at panix.com  Sun Jun 12 15:23:27 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sun, 12 Jun 94 15:23:27 PDT
Subject: Test
Message-ID: <199406122223.AA28615@panix.com>


Dead or alive?

--- WinQwk 2.0b#1165
                                                                                           





From harmon at tenet.edu  Sun Jun 12 15:36:53 1994
From: harmon at tenet.edu (Dan Harmon)
Date: Sun, 12 Jun 94 15:36:53 PDT
Subject: MacPGP 2.6 (fwd)
Message-ID: <Pine.3.89.9406121741.B273-0100000@Joyce-Perkins.tenet.edu>



Just food for thought!


---------- Forwarded message ----------
Date: Sun, 12 Jun 1994 12:44:52 -0700
From: Eric Bear Albrecht <ebear at presto.com>
To: Dan Harmon <harmon at tenet.edu>
Subject: MacPGP 2.6

That signature block in your message seemed awfully short -- does that
indicate a wimpy system?  Read the following excerpt and cogitate on it:

------

Computer underground Digest    Sun  June 5, 1994   Volume 6 : Issue 49
                           ISSN  1004-042X

...

CONTENTS, #6.49 (June 5, 1994)

File 1--AT&T Lab Scientist Discovers Flaw in Clipper Chip
File 2--Jacking in from the SNAFU Port (Clipper Snafu update)
File 3--Jacking in from the "We Knew It All Along" Port (Clipper)
File 4--Crackdown on Italian BBSes Continues
File 5--Norwegian BBS Busts / BitPeace
File 6--BSA: Software Piracy  Problem Shows no Sign of Easing
File 7--Re: "Problems at TCOE" (CuD 6.47)
File 8--Is there an MIT/NSA link-up for PGP 2.6? Some Info

...


------------------------------

Date: Mon, 30 May 1994 18:04:50 -0500 (CDT)
From: tlawless at WHALE.ST.USM.EDU(Timothy Mark Lawless)
Subject: File 8--Is there an MIT/NSA link-up for PGP 2.6? Some Info

For the past week our Unix machine has been down (Might have gotten
some mail bounces) because of a security violation. Durring that week
i re-discovered bbs's. One peice of info i found (And also got the
authors's permission to reprint (At the end) relevent to pgp I thought
i would pass on.

D Area: CypherMail DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
  Msg#: 19                                           Date: 05-24-94  19:47
  From: Leland Ray                                   Read: Yes    Replied: No
    To: All                                          Mark:
  Subj: More on PGP 2.5 & 2.6
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
-----BEGIN PGP SIGNED MESSAGE-----

The following is the complete, unedited plaintext of a message I
received via CompuServe from Christopher W. Geib, a software developer
who spent several years as a military intelligence officer.  Chris has
written a very fine Windows interface for PGP which I'll be uploading
as soon as I get the newest release (with Chris's permission, of
course).  I trust his judgment on this one.

 ~~~ =====(Begin plaintext)=====

Leland,

I sent this to Mich Kabay of the NCSA Forum.  Thought you might find it of
interest. Note that 2.5 is also a MIT/NSA concoction.

Chris
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Mich,

As I reflected on more and more on this posting, it occurred to me
that I was smelling a rat.  The NCSA Forum members and others who
visit here should give thought to this issue.  A puzzle of sorts seems
to be developing regarding PGP in general, and private possession of
crypto in particular.  Let me provide some pieces to this puzzle, and
perhaps you and others may begin to see the bigger picture that seems
to be unfolding.

Piece #1:  As you may already know, MIT is the single largest ($'s)
outside contractor to the NSA.

Piece #2:  MIT is frustrated they feel that they have been somehow
cheated financially by the proliferation of PGP 2.3a as freeware. (I
still think that is insane as RSA was developed using public funding)

Piece #3:  NSA is frustrated because of the apparent strength of the
imported Idea(tm) cipher.

Piece #4:  NSA is pushing the Clipper crypto technology so that Big
Brother can have a free and easy backdoor to violate the privacy of
Americans.  Note too, that Clipper technology was assisted along by
MIT.

Piece #5:  PGP 2.6 will *not* be compatible with 2.3a after Sept 1994
for 2-way encryption.  This accomplishes reduced international secure
traffic by private individuals and businesses.  This is exactly the
same problem that Clipper has.

Have you begun to see the big Puzzle Palace picture yet?  Unless my
eyes deceive me, I would say this, MIT and NSA have teamed up together
on PGP 2.6!  This version, until proven otherwise (through examination
of the source code, etc.), is likely to contain a backdoor big enough
to drive a Mack truck through it.  The back door is likely similar to
Clipper and for the same intent.  Given how much flak NSA has gotten
over Clipper, NSA will very likely stay very mum about the whole
issue.  The big winners are NSA and MIT.  They both get exactly what
each has wanted all along.  MIT gets royalties they think they
deserve, NSA gets what they intend to have anyway, a means to continue
listening into citizens private conversations.  NSA also wins on the
international front by reducing it's workload of analyzing
international encrypted traffic.  Business and the citizens lose
because it isolates the US from Europe and the international
marketplace.

I strongly recommend that anyone who acquires PGP 2.6 do so with a
jaundiced eye.  Until the private sector can review, and analyze this
new MIT/NSA system, one *must* assume that it is as if it contained a
virus, one you may never know it has.  I for one will continue with
the present version as it's inventors have no reason to capture
private communications.

If you think appropriate, please upload to Internet Risks with my
blessings.

Respectfully,

Christopher W. Geib

 ~~~ =====(End of plaintext)=====

So you decide, guys.  Is it worth the risk?  Again, just some
thoughts, but remember this:  if you go to either ver. 2.5 or 2.6,
you'll probably have to revoke your ver. 2.3 keys and start afresh
with new ones, which might not be secure in the first place.

LR

... If the Pope's phones weren't secure, PGP would be a sacrament.

((Post obtaining reprint permission deleted))

...



               **      The wonderful thing about standards      **
               **   is that there are so many to choose from.   **

        Eric Bear Albrecht   ebear at presto.com    W5VZB      Box 6040
        505-758-0579         fax 505-758-5079            Taos, NM 87571








From norm at netcom.com  Sun Jun 12 16:18:57 1994
From: norm at netcom.com (Norman Hardy)
Date: Sun, 12 Jun 94 16:18:57 PDT
Subject: Patent Numbers
Message-ID: <199406122318.QAA28192@netcom.netcom.com>


Does anyone have the US Patents numbers for Chaum's DigiCash scheme?







From jis at mit.edu  Sun Jun 12 16:34:22 1994
From: jis at mit.edu (Jeffrey I. Schiller)
Date: Sun, 12 Jun 94 16:34:22 PDT
Subject: Warning: Don't run MacPGP 2.6 on a 68000 based Macintosh
Message-ID: <9406122333.AA12030@big-screw>


-----BEGIN PGP SIGNED MESSAGE-----

Warning. MacPGP 2.6 (1.1.1) will *not* work on a 68000 based
Macintosh. It will bomb. I was unaware of the nasty hack you have to
do when compiling MacPGP in order to get it to be 68000 aware.

People who have the source distribution can compile it for either
machine.

                        -Jeff

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAgUBLfupN1UFZvpNDE7hAQHY7QH5AWxYbjgSGhV45R6MTWQ43HytC7ZdlPdQ
E9dCNnmKK2NvPdJOOq/ZLEbSE0jjmcMzKDT3crL5yulYTAAcgfojFQ==
=IVv2
-----END PGP SIGNATURE-----





From shabbir at panix.com  Sun Jun 12 18:06:31 1994
From: shabbir at panix.com (Shabbir J. Safdar)
Date: Sun, 12 Jun 94 18:06:31 PDT
Subject: URGENT Action required (NJ folks only)
Message-ID: <199406130055.AA07966@panix3.panix.com>


Estimated time for this good deed: Two minutes

Do you live in one of the following zip codes in New Jersey?

07010 07014(part) 07020 07022 07024 07026 07029(part) 07031 07032(part)
07047(part) 07057 07070 07071 07072 07073 07074 07075 07087(part) 07094
07096 07306(part) 07307 07308 07310(part) 07407 07410(part) 07452(part)
07601 07602 07603 07604 07605 07606 07607 07608 07631 07632 07643 07644
07646 07649(part) 07650 07657 07660 07661 07662(part) 07666 07670(part)

If your zip code is listed above then you are one of Rep.  Torricelli's
constitutents.  "part" means your zip code is split between two
districts, one of them Rep. Torricelli's.  Rep. Torricelli is on the
House Intelligence Committee and needs to hear from you about HR 3627,
which would permit cryptography exports.  The attached file explains
all about the bill and why you should support it.

Call Rep. Torricelli today and ask him to send Rep. Maria Cantwell's
bill, HR 3627, to the House Floor!

   Dist ST Name, Address, and Party       Phone            Fax
   ==== == ========================       ==============   ==============
      9 NJ Torricelli, Robert (D)         1-202-224-5061   1-202-225-0843
             2159 RHOB

Here is a sample communique you might use:

	Dear Representative Torricelli,

	Please report Maria Cantwell's Cryptography export bill (HR
	3627) out of committee.  Its passage will both assist American
	industries competing globally, as well as allow American
	consumers to purchase products to enhance their privacy.

	Sincerely,
			______________



Table of contents:
	Introduction & Alert
	Status of the bill
	What you can do right now
	List of legislators supporting HR 3627
	List of legislators wavering on HR 3627
	List of legislators opposing HR 3627
	What is the Cantwell bill?

-------------------------------------------------------------------------------
INTRODUCTION & ALERT

The Cantwell cryptography export bill has entered a critical stage in its
travels through Congress. The bill, which would loosen controls on the export
of encryption software, has been referred to the House Select Committee on
Intelligence, and must be be reported back from committee by June 16th or
it will die. This alert details the provisions of the bill, its history,
and what you can do to show your support. 

Voters Telecomm Watch keeps scorecards on legislators' positions on 
legislation that affects telecommunications and civil liberties.
If you have updates to a legislator's positions, from either:

	-public testimony,
	-reply letters from the legislator,
	-stated positions from their office,

please send them to vtw at panix.com so they can be added to this list.

General questions: 	vtw at panix.com
Mailing List Requests: 	vtw-list-request at panix.com
Press Contact: 		stc at panix.com
Gopher URL: 		gopher://gopher.panix.com:70/1/1/vtw
WWW URL:		Be patient; we're working on it. :-)
-------------------------------------------------------------------------------
STATUS OF THE BILL (updated 6/3/94)

The office of the House Select Committee on Intelligence reports that
HR 3627 has been referred to the the committee and must be reported out by
June 16th or it will die in committee for the year. 

May 20, 94  Referred to the House Select Committee on Intelligence 
May 18, 94  Passed out of the House Foreign Affairs Committee on May 18
Dec  6, 93  Referred to the Subcommittee on Economic Policy, Trade and
Nov 22, 93  Referred to the House Committee on Foreign Affairs.

-------------------------------------------------------------------------------
WHAT YOU CAN DO RIGHT NOW

Estimated time to do this good deed: Two minutes

Show your support for HR 3627 by contacting a member of the House
Select Committee on Intelligence, especially if your one of your state's
representatives is on the committee. The end of this alert contains a
sample message on which you can base your contact. The following list,
sorted by state, shows the full membership of the committee and how to
reach them.

Remember, the deadline for the bill to pass out of committee is
June 16th, so it is important to act quickly!

If you live in one of the states listed below call your legislator.
Otherwise, call Rep. Glickman.  Here's a sample communication:

	Dear Representative ___________,

	Please report Maria Cantwell's Cryptography export bill (HR
	3627) out of committee.  Its passage will both assist American
	industries competing globally, as well as allow American
	consumers to purchase products to enhance their privacy.

	Sincerely,
			______________


All addresses are Washington, D.C. 20515

   Dist ST Name, Address, and Party       Phone            Fax
   ==== == ========================       ==============   ==============
      5 AL Cramer Jr, Robert E. (D)       1-202-225-4801   1-202-225-4392
             1318 LHOB
      8 CA Pelosi, Nancy (D)              1-202-225-4965   1-202-225-8259
             240 Cannon
     32 CA Dixon, Julian C. (D)           1-202-225-7084   1-202-225-4091
             2400 RHOB
     40 CA Lewis, Jerry (R)               1-202-225-5861   1-202-225-6498
             2312 RHOB
     46 CA Dornan, Robert K. (R)          1-202-225-2965   1-202-225-3694
             2402 RHOB
      2 CO Skaggs, David E. (D)           1-202-225-2161   1-202-225-9127
             1124 LHOB
     10 FL Young, C. W. (R)               1-202-225-5961   1-202-225-9764 
             2407 RHOB
      4 KS Glickman, Daniel (D)           1-202-225-6216   1-202-225-5398
             2371 RHOB
      1 NE Bereuter, Douglas (R)          1-202-225-4806   1-202-226-1148 
             2348 RHOB
      9 NJ Torricelli, Robert (D)         1-202-224-5061   1-202-225-0843
             2159 RHOB
      3 NM Richardson, William (D)        1-202-225-6190   1-202-225-1950
             2349 RHOB
      1 NV Bilbray, James H. (D)          1-202-225-5965   1-202-225-8808
             2431 RHOB
     17 PA Gekas, George W. (R)           1-202-225-4315   1-202-225-8440
             2410 RHOB
      2 RI Reed, John F. (D)              1-202-225-2735   1-202-225-9580
             1510 LHOB
     14 TX Laughlin, Gregory H. (D)       1-202-225-2831   1-202-225-1108 
             236 Cannon 
     16 TX Coleman, Ronald D. (D)         1-202-225-4831   None
             440 Cannon
     19 TX Combest, Larry (R)             1-202-225-4005   1-202-225-9615
             1511 LHOB
      1 UT Hansen, James V. (R)           1-202-225-0453   1-202-225-5857
             2466 RHOB
      6 WA Dicks, Norman D. (D)           1-202-225-5916   1-202-226-1176
             2467 RHOB

-------------------------------------------------------------------------

LIST OF LEGISLATORS SUPPORTING HR 3627

The following legislators have formally registered support for the Cantwell
cryptography export bill, HR 3627.  Call them with your cheers.

All addresses are Washington, D.C. 20515

   Dist ST Name, Address, and Party       Phone            Fax
   ==== == ========================       ==============   ==============
      1 WA Cantwell, Maria (D)            1-202-225-6311   1-202-225-2286
             1520 LHOB
	HR 3627's sponsor; thank her for her work!

     16 IL Manzullo, Donald (R)           1-202-225-5676   1-202-225-5284
             506 Cannon
	Cosponsored on 11/22/93
 
      3 UT Orton, William H. (D)          1-202-225-7751   1-202-226-1223
             1122 LHOB
	Cosponsored on 03/22/94

      3 OR Wyden, Ronald (D)              1-202-225-4811   1-202-225-8941
             1111 LHOB
	Cosponsored on 03/22/94

     16 CA Edwards, Donald (D)            1-202-225-3072   1-202-225-9460
             2307 RHOB
	Cosponsored on 03/22/94

     19 OH Fingerhut, Eric D. (D)         1-202-225-5731   1-202-225-9114
             431 Cannon
	Cosponsored on 03/22/94

      4 MA Frank, Barney (D)              1-202-225-5931   1-202-225-0182
             2404 RHOB
	Cosponsored on 03/22/94

      2 UT Shepherd, Karen (D)            1-202-225-3011   1-202-226-0354
             414 Cannon
	Cosponsored on 03/22/94

      3 WA Unsoeld, Jolene (D)            1-202-225-3536   1-202-225-9095
             1527 LHOB
	Cosponsored on 03/22/94

     19 FL Johnston II, Harry (D)         1-202-225-3001   1-202-225-8791
             204 Cannon
	Cosponsored on 03/22/94

      9 WA Kreidler, Mike (D)             1-202-225-8901   1-202-226-2361
             1535 LHOB
	Cosponsored on 03/22/94

      4 WA Inslee, Jay (D)                1-202-225-5816   1-202-226-1137
             1431 LHOB
	Cosponsored on 03/22/94

      7 WA McDermott, James A. (D)        1-202-225-3106   1-202-225-9212
             1707 LHOB
	Cosponsored on 03/22/94

      8 IN McCloskey, Frank (D)           1-202-225-4636   1-202-225-4688
             306 Cannon
	Cosponsored on 03/22/94

     14 CA Eshoo, Anna G. (D)             1-202-225-8104   1-202-225-8890
             1505 LHOB
	Cosponsored on 03/22/94

     10 NC Ballenger, Thomas C. (R)       1-202-225-2576   1-202-225-0316
             2238 RHOB
	Cosponsored on 05/04/94

      2 WA Swift, Al (D)                  1-202-225-2605   1-202-225-2608
             1502 LHOB
	Cosponsored on 05/04/94

-------------------------------------------------------------------------------
LIST OF LEGISLATORS WAVERING ON HR 3627
[Feel free to use the sample communique at the end of the FAQ when calling
 or writing a legislator.]

     26 NY Hinchey, Maurice D. (D)        1-202-225-6335   1-202-226-0774
             1313 LHOB
	Recently told a constituent that he is taking the Cantwell bill
	under consideration, but has "national security concerns" about
	allowing encryption to be exported outside the United States.

      1 IA Leach, James (R)               1-202-225-6576   1-202-226-1278
             2186 RHOB
	Has yet to answer a constituent letter with a stated position.

     13 NY Molinari, Susan (D)            1-202-225-3371   1-202-226-1272
             123 Cannon
	Has yet to answer a constituent letter with a stated position.
	(has taken inordinately long)

      8 NY Nadler, Jerrold (D)            1-202-225-5635   1-202-225-6923
             424 Cannon
	Met with lobbying constituent in April '94; no position taken yet

     25 CA McKeon, Howard P. (R)          1-202-225-1956   1-202-226-0683 
             307 Cannon
	Responded to a constituent with a "non-position", May '94

-------------------------------------------------------------------------------
LIST OF LEGISLATORS OPPOSING HR 3627
[Feel free to use the sample communique at the end of the FAQ when calling
 or writing a legislator.]

None on file yet.

-------------------------------------------------------------------------------
What is the Cantwell bill?

The Cantwell bill would permit companies to export products with
encryption technology in them.  US companies are currently
not permitted to export products (hardware or software) with this
technology in them.


What is encryption technology?

Encryption technology, or cryptography, is the art of scrambling 
a conversation so that only the people communicating can decode
it.  Other people (such as eavesdroppers) cannot learn about
the conversation.


Where is cryptography being used?

Cryptography is used to encrypt electronic mail to protect its confidentiality
in transit.  It's used by bank automatic teller machines to protect
sensitive data (such as your account number, your Personal Identification
Number, and your bank balance).  It can be implemented into software
(such as electronic mail programs and word processors) as well as hardware
(such as telephones and "walkie-talkies") to ensure your privacy.


Why is there a restriction on exporting products with technology
in them?

For many years the United States was a leading researcher in
cryptography.  High quality cryptographic technology was available only
within the United States.  The US government thought that if they did
not let this technology be exported, foreign individuals would not be able
to obtain it and use it against us (by keeping US intelligence agencies
from eavesdropping on their communications)

Since then, cryptography research has been published in international
journals.  Companies have been created throughout the world who
export cryptographic technology from countries that do not have
these restrictions.  You can now buy the same, high-quality cryptographic
technology from many international firms.  Although the marketplace
has changed, the regulations have not.


Why should the regulations be changed?

US companies compete in a global marketplace.  Because of the export
regulations, they often compete alongside products with superior
cryptographic capabilities built into them.

The result is that US companies build their products with
an inferior encryption technology.  The result of this is that
you, as an American consumer, have great difficulty obtaining
products with strong encryption in them.

Because US products cannot compete against products with better 
privacy features, and because the laws are outdated, the regulations
should be changed.  The Cantwell bill fixes these regulations to more
accurately resemble the current situation of the world marketplace.


How can I help encourage more privacy-enhanced products and
pass the Cantwell bill?

Call or write your representative and ask them to support or cosponsor the
Cantwell bill, HR 3627.  You can base your letter on the sample
communication below.


SAMPLE LETTER OR PHONE CALL

The Honorable ____________
address
Washington DC, 20515

Dear Congressman or Congresswoman,

As a citizen concerned for my privacy, as well as a supporter of
American business, I urge you to cosponsor the Cantwell cryptographic
export bill, HR 3627.

The bill would allow US companies to produce and export products with
cryptographic privacy-enhancing technology in them.  These products
are already available from firms throughout the world.  US companies
lose nearly $100 million per year in exports to them.

By encouraging this industry, ordinary citizens like you and me would
be able to purchase products with better privacy features.

Please support or co-sponsor HR 3627.

Sincerely,

___________________________________ 

[updated May 28, 1994, shabbir at panix.com]
-------------------------------------------------------------------------------






From adwestro at ouray.Denver.Colorado.EDU  Sun Jun 12 18:54:25 1994
From: adwestro at ouray.Denver.Colorado.EDU (Alan Westrope)
Date: Sun, 12 Jun 94 18:54:25 PDT
Subject: CERT warning about majordomo
Message-ID: <jex-jaa0iIw9065yn@ouray.denver.colorado.edu>


-----BEGIN PGP SIGNED MESSAGE-----

Regarding the list going down again:  I was just informed that CERT
has issued a warning about a security hole in majordomo.  Anyone have
any info on this?


Alan Westrope                  <awestrop at nyx.cs.du.edu>
__________/|-,                 <adwestro at ouray.denver.colorado.edu>
   (_)    \|-'                  finger for pgp 2.6 public key
"Silent, We the Empire Await, Trystero!" -- Pynchon (sorta...)
S,W.E.A,T!  --  graffito at Moe's Pretty Good Gym

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLfu61lRRFMq4NZY5AQESBQP/fn0lhPeUgVk+abGqQzNSOG+7895AvWFQ
oWguun145cEB93NxL4vZyHOg5OgtEod7M33uvOGCVssEj3ux8iv8aW96LJOmc6ph
kWIlXieNnvsR9WUXk2mapoYsakwz0VkwL4rsCLQhHcbQbFhlnJbKXOtw9n1h7Q8V
Fas0G695ZyE=
=C8+V
-----END PGP SIGNATURE-----





From nelson at crynwr.com  Sun Jun 12 20:26:31 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Sun, 12 Jun 94 20:26:31 PDT
Subject: Online/offline transactions
Message-ID: <m0qD1m2-000IBfC@crynwr.com>


Don't worry about online vs offline transactions.  The credit card
companies are moving toward all online transactions.  A company down
in NJ called RAM Mobile Data is helping them on this.  They have base
stations in 90% of urban business areas.  The radios are fairly cheap
(even though they need an appropriate thing to plug them into) and the
per-transaction charges are about a dime.

So I would say that the important problem to solve is "how do we make
accounts anonymous?" rather than "how do we avoid double-spending?"

-russ <nelson at crynwr.com>      ftp.msen.com:pub/vendor/crynwr/crynwr.wav
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)    | Quakers do it in the light
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From nelson at crynwr.com  Sun Jun 12 20:41:34 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Sun, 12 Jun 94 20:41:34 PDT
Subject: crypto in the NY Times
In-Reply-To: <199406121531.AA09149@panix.com>
Message-ID: <m0qD20X-000IBfC@crynwr.com>


   Date: Sun, 12 Jun 1994 11:31:34 -0400
   From: Duncan Frissell <frissell at panix.com>

   If the bad guys have an unbreakable wall, the *victims* have an 
   unbreakable wall too.  The criminals gain nothing.  They are, in fact, 
   worse off since it becomes *harder* to 'break the close.'

Yup.  And the NSA seeks to deny it to us.  I see it as the best reason
to encourage open, real crypto.

-russ <nelson at crynwr.com>      ftp.msen.com:pub/vendor/crynwr/crynwr.wav
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)    | Quakers do it in the light
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From shabbir at panix.com  Sun Jun 12 17:55:24 1994
From: shabbir at panix.com (Shabbir J. Safdar)
Date: Sun, 12 Jun 1994 20:55:24 -0400 (EDT)
Subject: URGENT Action required (NJ folks only)
Message-ID: <199406130055.AA07966@panix3.panix.com>

Estimated time for this good deed: Two minutes

Do you live in one of the following zip codes in New Jersey?

07010 07014(part) 07020 07022 07024 07026 07029(part) 07031 07032(part)
07047(part) 07057 07070 07071 07072 07073 07074 07075 07087(part) 07094
07096 07306(part) 07307 07308 07310(part) 07407 07410(part) 07452(part)
07601 07602 07603 07604 07605 07606 07607 07608 07631 07632 07643 07644
07646 07649(part) 07650 07657 07660 07661 07662(part) 07666 07670(part)

If your zip code is listed above then you are one of Rep.  Torricelli's
constitutents.  "part" means your zip code is split between two
districts, one of them Rep. Torricelli's.  Rep. Torricelli is on the
House Intelligence Committee and needs to hear from you about HR 3627,
which would permit cryptography exports.  The attached file explains
all about the bill and why you should support it.

Call Rep. Torricelli today and ask him to send Rep. Maria Cantwell's
bill, HR 3627, to the House Floor!

   Dist ST Name, Address, and Party       Phone            Fax
   ==== == ========================       ==============   ==============
      9 NJ Torricelli, Robert (D)         1-202-224-5061   1-202-225-0843
             2159 RHOB

Here is a sample communique you might use:

	Dear Representative Torricelli,

	Please report Maria Cantwell's Cryptography export bill (HR
	3627) out of committee.  Its passage will both assist American
	industries competing globally, as well as allow American
	consumers to purchase products to enhance their privacy.

	Sincerely,
			______________



Table of contents:
	Introduction & Alert
	Status of the bill
	What you can do right now
	List of legislators supporting HR 3627
	List of legislators wavering on HR 3627
	List of legislators opposing HR 3627
	What is the Cantwell bill?

-------------------------------------------------------------------------------
INTRODUCTION & ALERT

The Cantwell cryptography export bill has entered a critical stage in its
travels through Congress. The bill, which would loosen controls on the export
of encryption software, has been referred to the House Select Committee on
Intelligence, and must be be reported back from committee by June 16th or
it will die. This alert details the provisions of the bill, its history,
and what you can do to show your support. 

Voters Telecomm Watch keeps scorecards on legislators' positions on 
legislation that affects telecommunications and civil liberties.
If you have updates to a legislator's positions, from either:

	-public testimony,
	-reply letters from the legislator,
	-stated positions from their office,

please send them to vtw at panix.com so they can be added to this list.

General questions: 	vtw at panix.com
Mailing List Requests: 	vtw-list-request at panix.com
Press Contact: 		stc at panix.com
Gopher URL: 		gopher://gopher.panix.com:70/1/1/vtw
WWW URL:		Be patient; we're working on it. :-)
-------------------------------------------------------------------------------
STATUS OF THE BILL (updated 6/3/94)

The office of the House Select Committee on Intelligence reports that
HR 3627 has been referred to the the committee and must be reported out by
June 16th or it will die in committee for the year. 

May 20, 94  Referred to the House Select Committee on Intelligence 
May 18, 94  Passed out of the House Foreign Affairs Committee on May 18
Dec  6, 93  Referred to the Subcommittee on Economic Policy, Trade and
Nov 22, 93  Referred to the House Committee on Foreign Affairs.

-------------------------------------------------------------------------------
WHAT YOU CAN DO RIGHT NOW

Estimated time to do this good deed: Two minutes

Show your support for HR 3627 by contacting a member of the House
Select Committee on Intelligence, especially if your one of your state's
representatives is on the committee. The end of this alert contains a
sample message on which you can base your contact. The following list,
sorted by state, shows the full membership of the committee and how to
reach them.

Remember, the deadline for the bill to pass out of committee is
June 16th, so it is important to act quickly!

If you live in one of the states listed below call your legislator.
Otherwise, call Rep. Glickman.  Here's a sample communication:

	Dear Representative ___________,

	Please report Maria Cantwell's Cryptography export bill (HR
	3627) out of committee.  Its passage will both assist American
	industries competing globally, as well as allow American
	consumers to purchase products to enhance their privacy.

	Sincerely,
			______________


All addresses are Washington, D.C. 20515

   Dist ST Name, Address, and Party       Phone            Fax
   ==== == ========================       ==============   ==============
      5 AL Cramer Jr, Robert E. (D)       1-202-225-4801   1-202-225-4392
             1318 LHOB
      8 CA Pelosi, Nancy (D)              1-202-225-4965   1-202-225-8259
             240 Cannon
     32 CA Dixon, Julian C. (D)           1-202-225-7084   1-202-225-4091
             2400 RHOB
     40 CA Lewis, Jerry (R)               1-202-225-5861   1-202-225-6498
             2312 RHOB
     46 CA Dornan, Robert K. (R)          1-202-225-2965   1-202-225-3694
             2402 RHOB
      2 CO Skaggs, David E. (D)           1-202-225-2161   1-202-225-9127
             1124 LHOB
     10 FL Young, C. W. (R)               1-202-225-5961   1-202-225-9764 
             2407 RHOB
      4 KS Glickman, Daniel (D)           1-202-225-6216   1-202-225-5398
             2371 RHOB
      1 NE Bereuter, Douglas (R)          1-202-225-4806   1-202-226-1148 
             2348 RHOB
      9 NJ Torricelli, Robert (D)         1-202-224-5061   1-202-225-0843
             2159 RHOB
      3 NM Richardson, William (D)        1-202-225-6190   1-202-225-1950
             2349 RHOB
      1 NV Bilbray, James H. (D)          1-202-225-5965   1-202-225-8808
             2431 RHOB
     17 PA Gekas, George W. (R)           1-202-225-4315   1-202-225-8440
             2410 RHOB
      2 RI Reed, John F. (D)              1-202-225-2735   1-202-225-9580
             1510 LHOB
     14 TX Laughlin, Gregory H. (D)       1-202-225-2831   1-202-225-1108 
             236 Cannon 
     16 TX Coleman, Ronald D. (D)         1-202-225-4831   None
             440 Cannon
     19 TX Combest, Larry (R)             1-202-225-4005   1-202-225-9615
             1511 LHOB
      1 UT Hansen, James V. (R)           1-202-225-0453   1-202-225-5857
             2466 RHOB
      6 WA Dicks, Norman D. (D)           1-202-225-5916   1-202-226-1176
             2467 RHOB

-------------------------------------------------------------------------

LIST OF LEGISLATORS SUPPORTING HR 3627

The following legislators have formally registered support for the Cantwell
cryptography export bill, HR 3627.  Call them with your cheers.

All addresses are Washington, D.C. 20515

   Dist ST Name, Address, and Party       Phone            Fax
   ==== == ========================       ==============   ==============
      1 WA Cantwell, Maria (D)            1-202-225-6311   1-202-225-2286
             1520 LHOB
	HR 3627's sponsor; thank her for her work!

     16 IL Manzullo, Donald (R)           1-202-225-5676   1-202-225-5284
             506 Cannon
	Cosponsored on 11/22/93
 
      3 UT Orton, William H. (D)          1-202-225-7751   1-202-226-1223
             1122 LHOB
	Cosponsored on 03/22/94

      3 OR Wyden, Ronald (D)              1-202-225-4811   1-202-225-8941
             1111 LHOB
	Cosponsored on 03/22/94

     16 CA Edwards, Donald (D)            1-202-225-3072   1-202-225-9460
             2307 RHOB
	Cosponsored on 03/22/94

     19 OH Fingerhut, Eric D. (D)         1-202-225-5731   1-202-225-9114
             431 Cannon
	Cosponsored on 03/22/94

      4 MA Frank, Barney (D)              1-202-225-5931   1-202-225-0182
             2404 RHOB
	Cosponsored on 03/22/94

      2 UT Shepherd, Karen (D)            1-202-225-3011   1-202-226-0354
             414 Cannon
	Cosponsored on 03/22/94

      3 WA Unsoeld, Jolene (D)            1-202-225-3536   1-202-225-9095
             1527 LHOB
	Cosponsored on 03/22/94

     19 FL Johnston II, Harry (D)         1-202-225-3001   1-202-225-8791
             204 Cannon
	Cosponsored on 03/22/94

      9 WA Kreidler, Mike (D)             1-202-225-8901   1-202-226-2361
             1535 LHOB
	Cosponsored on 03/22/94

      4 WA Inslee, Jay (D)                1-202-225-5816   1-202-226-1137
             1431 LHOB
	Cosponsored on 03/22/94

      7 WA McDermott, James A. (D)        1-202-225-3106   1-202-225-9212
             1707 LHOB
	Cosponsored on 03/22/94

      8 IN McCloskey, Frank (D)           1-202-225-4636   1-202-225-4688
             306 Cannon
	Cosponsored on 03/22/94

     14 CA Eshoo, Anna G. (D)             1-202-225-8104   1-202-225-8890
             1505 LHOB
	Cosponsored on 03/22/94

     10 NC Ballenger, Thomas C. (R)       1-202-225-2576   1-202-225-0316
             2238 RHOB
	Cosponsored on 05/04/94

      2 WA Swift, Al (D)                  1-202-225-2605   1-202-225-2608
             1502 LHOB
	Cosponsored on 05/04/94

-------------------------------------------------------------------------------
LIST OF LEGISLATORS WAVERING ON HR 3627
[Feel free to use the sample communique at the end of the FAQ when calling
 or writing a legislator.]

     26 NY Hinchey, Maurice D. (D)        1-202-225-6335   1-202-226-0774
             1313 LHOB
	Recently told a constituent that he is taking the Cantwell bill
	under consideration, but has "national security concerns" about
	allowing encryption to be exported outside the United States.

      1 IA Leach, James (R)               1-202-225-6576   1-202-226-1278
             2186 RHOB
	Has yet to answer a constituent letter with a stated position.

     13 NY Molinari, Susan (D)            1-202-225-3371   1-202-226-1272
             123 Cannon
	Has yet to answer a constituent letter with a stated position.
	(has taken inordinately long)

      8 NY Nadler, Jerrold (D)            1-202-225-5635   1-202-225-6923
             424 Cannon
	Met with lobbying constituent in April '94; no position taken yet

     25 CA McKeon, Howard P. (R)          1-202-225-1956   1-202-226-0683 
             307 Cannon
	Responded to a constituent with a "non-position", May '94

-------------------------------------------------------------------------------
LIST OF LEGISLATORS OPPOSING HR 3627
[Feel free to use the sample communique at the end of the FAQ when calling
 or writing a legislator.]

None on file yet.

-------------------------------------------------------------------------------
What is the Cantwell bill?

The Cantwell bill would permit companies to export products with
encryption technology in them.  US companies are currently
not permitted to export products (hardware or software) with this
technology in them.


What is encryption technology?

Encryption technology, or cryptography, is the art of scrambling 
a conversation so that only the people communicating can decode
it.  Other people (such as eavesdroppers) cannot learn about
the conversation.


Where is cryptography being used?

Cryptography is used to encrypt electronic mail to protect its confidentiality
in transit.  It's used by bank automatic teller machines to protect
sensitive data (such as your account number, your Personal Identification
Number, and your bank balance).  It can be implemented into software
(such as electronic mail programs and word processors) as well as hardware
(such as telephones and "walkie-talkies") to ensure your privacy.


Why is there a restriction on exporting products with technology
in them?

For many years the United States was a leading researcher in
cryptography.  High quality cryptographic technology was available only
within the United States.  The US government thought that if they did
not let this technology be exported, foreign individuals would not be able
to obtain it and use it against us (by keeping US intelligence agencies
from eavesdropping on their communications)

Since then, cryptography research has been published in international
journals.  Companies have been created throughout the world who
export cryptographic technology from countries that do not have
these restrictions.  You can now buy the same, high-quality cryptographic
technology from many international firms.  Although the marketplace
has changed, the regulations have not.


Why should the regulations be changed?

US companies compete in a global marketplace.  Because of the export
regulations, they often compete alongside products with superior
cryptographic capabilities built into them.

The result is that US companies build their products with
an inferior encryption technology.  The result of this is that
you, as an American consumer, have great difficulty obtaining
products with strong encryption in them.

Because US products cannot compete against products with better 
privacy features, and because the laws are outdated, the regulations
should be changed.  The Cantwell bill fixes these regulations to more
accurately resemble the current situation of the world marketplace.


How can I help encourage more privacy-enhanced products and
pass the Cantwell bill?

Call or write your representative and ask them to support or cosponsor the
Cantwell bill, HR 3627.  You can base your letter on the sample
communication below.


SAMPLE LETTER OR PHONE CALL

The Honorable ____________
address
Washington DC, 20515

Dear Congressman or Congresswoman,

As a citizen concerned for my privacy, as well as a supporter of
American business, I urge you to cosponsor the Cantwell cryptographic
export bill, HR 3627.

The bill would allow US companies to produce and export products with
cryptographic privacy-enhancing technology in them.  These products
are already available from firms throughout the world.  US companies
lose nearly $100 million per year in exports to them.

By encouraging this industry, ordinary citizens like you and me would
be able to purchase products with better privacy features.

Please support or co-sponsor HR 3627.

Sincerely,

___________________________________ 

[updated May 28, 1994, shabbir at panix.com]
-------------------------------------------------------------------------------




-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Sun Jun 12 21:18:23 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Sun, 12 Jun 94 21:18:23 PDT
Subject: list of spiffy places to put your money
Message-ID: <771480974/vac@FURMINT.NECTAR.CS.CMU.EDU>



Dan Harmon:
>Robert Hettinga wrote:
>> [...] But we knew this already, from a list of spiffy places 
>> to put your money published here a few weeks ago.
>
>Maybe we could get the list republished?

The list is in:

   ftp://furmint.nectar.cs.cmu.edu/security/banks


And for easy access to all sorts of fun stuff, try mosaic on:

   ftp://alex.sp.cs.cmu.edu/links/security/vac-security.html

   -- Vince





From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Sun Jun 12 21:55:15 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Sun, 12 Jun 94 21:55:15 PDT
Subject: list of spiffy places to put your money
Message-ID: <771483199/vac@FURMINT.NECTAR.CS.CMU.EDU>



I wrote:
>And for easy access to all sorts of fun stuff, try mosaic on:
>
>   ftp://alex.sp.cs.cmu.edu/links/security/vac-security.html

But I really meant to give the following URL (more fun):

    ftp://furmint.nectar.cs.cmu.edu/security/README.html

  -- Vince






From wcs at anchor.ho.att.com  Sun Jun 12 22:30:40 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 12 Jun 94 22:30:40 PDT
Subject: back to programming projects...
Message-ID: <9406130529.AA28458@anchor.ho.att.com>


> > On a related note, should encrypting remailers have the keys changed
> > regularly?  The RSA-IDEA combination isn't very suspectible to known
> > plaintext attacks, right?

Right.  There are two sets of encryption used in the RSA-IDEA combo:

1) RSA, encrypting a random session key with a public-key algorithm.
By definition, RSA-like public key algorithms can easily have known 
or chosen plaintext generated, since you can encrypt anything you like.
RSA isn't susceptible to known-plaintext (except for verifying that
a (presumably stolen) private key is correct, or by factoring very 
large numbers of very large prime numbers and checking them,
which is computationally infeasible), and any other public key system
that *were* susceptible to known-plaintext attacks wouldn't be very useful.

Major breakthroughs in factoring theory could always change this,
earning mathematical fame and fortune for the discoverer.
Short RSA keys can be factored; you're better off with 1024-bit keys
or longer for anything you're real serious about.

2) IDEA, encrypting the message itself using the session key.
IDEA is not known to be susceptible to anything better than brute force,
so known-plaintext attacks require trying 2**128 keys, which is
computationally infeasible.  Perhaps someone can find a hole in IDEA,
but there's nothing major at present.

3) There's a third component that might use encryption - generating
the "random" session key.  Obviously, if you use the same session
key to send different messages to different people, they might notice.
If you use different session keys to send messages to people,
but the session keys are easily derived from each other,
and one recipient notices the pattern from several messages sent to him,
he might try guessing the key for the next messages you send to
other people.  So use a genuine high-quality random number generator.

There is one more special case, which is sending the same message
to multiple recipients, with the message encrypted once with the session 
key, and multiple versions of the session key encrypted with
each different recipient's public key.  I've forgotten the details,
but if there are more than e recipients, it's possible to crack this.
(e is the encryption exponent, typically 3 or 17.)
That's why PGP and other well-designed systems will pad the session
key with random stuff before encrypting with RSA (which is an essentially
free operation, since the RSA blocksize is much larger than the
session key for IDEA.)

		Bill
		





From wcs at anchor.ho.att.com  Sun Jun 12 22:58:27 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sun, 12 Jun 94 22:58:27 PDT
Subject: Protocol Wanted!
Message-ID: <9406130557.AA28588@anchor.ho.att.com>


> How does Bob make Alice aware that he can factor RSA keys
> and make sure that he and Alice can do business without
> either one of them getting ripped off or the NSA catching him.

Sounds like a job for Blacknet, or similar anonymous-broadcast systems.
He can't easily hide the fact that *somebody* is in the business from the NSA,
since he can't easily tell that Alice doesn't work for the NSA
and isn't planning to publish his business's existence to the net.
But if he and Alice are both remailer-users able to post to the
Blacknet broadcast (using whatever mechanism, like alt.waste),
Bob can post a note to Alice saying he is able to crack RSA keys for money,
and Alice can post replies saying she doesn't believe him and
here's a message to crack.  There are cut-and-choose protocols
described in Schneier that can handle (awkwardly) the mechanics
of getting Bob to recode and return the message, and Alice to
hand over the digicash, without either of them feeling too ripped off,
assuming there's a digicash system in place that gives sufficient
anonymity.

Bob has a bit of an advantage in convincing Alice,
since he can probably read her encrypted posts to the net -
he can start teh conversation by posting to her on Blacknet
with some keywords from messages she's posted to other people.
That doesn't directly tell her that he's cracking RSA rather than IDEA/3DES,
but he could also include a note that the first n bits of her
private key are .......

Alternatively, he can go on a political rant about Too Many Secrets,
but having seen that movie he can announce the details of his
decryptor on sci.crypt *before* announcing that he's giving a
lecture at Stanford...
:-)

Somebody, in the discussion about pricing, said that some of the
proposed protocols would take too much CPU time, cracking lots
of keys just to demonstrate that he can do it, and that
he should always charge money to avoid overloading his 486 box.
If he's going to go into the business of factoring RSA keys for money,
he'll probably make enough to afford a few *new* computers
once he hits up a couple of wealthy customers,
if he's not spending it all on air travel and bodyguards.

		"Bob"





From nobody at shell.portal.com  Sun Jun 12 23:50:38 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sun, 12 Jun 94 23:50:38 PDT
Subject: cypherpunks list wiped out again... (duplicate)
Message-ID: <199406130651.XAA20683@jobe.shell.portal.com>


================

> From:   IN%"rslau at usc.edu" 12-JUN-1994 17:57:04.72
> To:     IN%"cypherpunks at usc.edu"
> Subj:   cypherpunks list wiped out again... (duplicate)

> It looks like the cypherpunks list was wiped out again this afternoon...
> I think I may have found the bug in majordomo that caused this or maybe
> it's just coincidence since the last time this happened was also on a
> sunday afternoon, i believe.  there must be a timebomb in majordomo ala
> pgp 2.6 :)
> 
> Resubscribe by sending the following in the body of the message to
> majordomo at toad.com:
> 
>   subscribe cypherpunks
> 
> Robert Lau - Systems Programmer, Unix Systems     213-740-2866
> --  University Computing Services                 Internet: rslau at usc.edu
> --  University of Southern California             Bitnet:   rslau at uscvm
> --  1020 W Jefferson, LA, CA  USA, 90089-0251     UUCP:
>    ...!uunet!usc!rsla> 

This may sound like a "dumb" question, but if the list was "wiped 
out", why did I receive this?

====================





From hugh at ecotone.toad.com  Sun Jun 12 23:57:57 1994
From: hugh at ecotone.toad.com (Hugh Daniel)
Date: Sun, 12 Jun 94 23:57:57 PDT
Subject: List Maintenance
Message-ID: <9406130655.AA04410@ ecotone.toad.com>



  Today the disk that the cypherpunks list lives on filled up, and
then someone try to join the list and the list got zeroed again.
  I am currently installing a new version of MajorDomo and making
changes to prevent this happening (at least we caught it in the act
this time).
  The list will likely be up and down a little bit for the next few
hours or day (hey, I have to sleep sometime! :r) but should be fully
stable again by Tuesday in any case.
  This time I do plan to install a recent backup of the list.
  If you have any questions please email mail, this list it's self
does not need any more crud on it.

		||ugh Daniel
		Sometimes Postmaster
		hugh at toad.com





From dichro at tartarus.uwa.edu.au  Mon Jun 13 02:21:10 1994
From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn)
Date: Mon, 13 Jun 94 02:21:10 PDT
Subject: MacPGP 2.6 now available from MIT
In-Reply-To: <9406110446.AA10878@big-screw>
Message-ID: <199406130920.RAA11048@lethe.uwa.edu.au>


> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> MacPGP 2.6 is now available from the MIT ftp site (net-dist.mit.edu).
> It is stored in the hidden distribution directory. Two files are
> available. MacPGP2.6.sea.hqx contains a binhex'd self extracting archive
> (which contains a Readme file, a detached signature and another archive).
> This is the binary distribution.
> 

	That's nice. Is it available outside the US yet?

--
*       *       Mikolaj J. Habryn
                dichro at tartarus.uwa.edu.au
    *           "I'm just another sniper on the information super-highway."
                PGP Public key available by finger
    *           #include <standard-disclaimer.h>





From gtoal at an-teallach.com  Mon Jun 13 04:26:09 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Mon, 13 Jun 94 04:26:09 PDT
Subject: CERT warning about majordomo
Message-ID: <199406131126.MAA10002@an-teallach.com>


	Regarding the list going down again:  I was just informed that CERT
	has issued a warning about a security hole in majordomo.  Anyone have
	any info on this?

Yes.  The list owner will if he's on the majordomo list.  He's presumably
upgraded his copy of majordomo about a week ago.  If he hasn't, he should.

G
PS Was a 22 line message for 3 lines of content really necessary?





From paul at poboy.b17c.ingr.com  Mon Jun 13 06:10:52 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Mon, 13 Jun 94 06:10:52 PDT
Subject: Friends in high places
Message-ID: <199406131312.AA05645@poboy.b17c.ingr.com>


-----BEGIN PGP SIGNED MESSAGE-----

On Friday, I got a message from Intergraph's chief counsel. "Great," I
thought. "I'm about to get my peepee whacked for making PGP available
over our internal software delivery network."

Nope. He wanted to discuss the finer points of its use. He'd read the
documentation and the _WSJ_ article about Zimmermann. He believes
e-mail isn't secure enough for his purposes but that PGP will make it
usable for him.

Where'd he get the software? From one of the 4 executive
vice-presidents here. Where'd he get it? No word yet, but I think I
know :)

It speaks well of our efforts that executives at a Fortune 400 firm
are not only aware of PGP but that they approve its use. Keep up the
evangelism. Keep talking to people. Keep answering questions. Keep
writing code.

If we build it, they will come.

- -Paul

- -- 
Paul Robichaux, KD4JZG      | Catch the wave with Mosaic for CLIX! 
perobich at ingr.com           | newprod -n newprod at poboy.b17c.ingr.com
	       Of course I don't speak for Intergraph.

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLfxbH6fb4pLe9tolAQH2SQQAl6/PWNY2b19qOVsWn75eG6mRoYYNcZL2
gD28z7eIYlehtKMPH7AdZvPG8X8nj3WQXIid1yWkeT+Hccp3gNNRIfXPwV/ZO3m9
kxuf0NiNo7j8hkFPDVMubeqRASJyMRi3fufyV9jMrvktjd8J/r/8rG21No27zrhP
nsklqVfatk0=
=XGl2
-----END PGP SIGNATURE-----





From perry at imsi.com  Mon Jun 13 06:55:33 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 13 Jun 94 06:55:33 PDT
Subject: Regarding my 500/1 Lurk/Post ratio
In-Reply-To: <9406101723.AA15078@cmyk.warwick.com>
Message-ID: <9406131355.AA16253@snark.imsi.com>



Several days late (I've been away), I'll note that I have indeed met
Anthony Garcia on several occassions.

Perry

Harry S. Hawk says:
> 
> > 	I'll vouch for the fact that Tony Garcia has been on the list since
> > at least last May or so of 1993. I had the opportunity to meet him in
> > Missouri around that time.
> 
> I will also vouch for Tony, I have meet him several times, twice
> in the company of Perry Metzger, also with other Extropians...





From ravage at bga.com  Mon Jun 13 08:18:47 1994
From: ravage at bga.com (Jim choate)
Date: Mon, 13 Jun 94 08:18:47 PDT
Subject: back to programming projects...
In-Reply-To: <9406130447.AA28053@anchor.ho.att.com>
Message-ID: <199406131518.KAA17946@zoom.bga.com>


> 
> Hmmm - looks like you need a mechanism for setting up keys other than
> for registered users - after all, one thing they will presumably want
> to do is send anonymous mail to other remailers, with the mail
> to those systems going out encrypted.
> 
> 		Bill
> 
What I envision here is that the user will have to setup the keys for the
various accounts on other re-mailers. The only other option I have is to
make a header switch such that the outgoing is clear-text. 

I am not shure if I want to support this feature or not. What I had intended 
was to build it to support person to person transmissions w/ the anon built
in to make traffic analysis by address harder. I will have to look at
chaining.

Thanks for the input...






From dfloyd at runner.utsa.edu  Mon Jun 13 08:27:08 1994
From: dfloyd at runner.utsa.edu (Douglas R. Floyd)
Date: Mon, 13 Jun 94 08:27:08 PDT
Subject: How irritating are anon encrypted pgp messages
Message-ID: <9406131527.AA07007@runner.utsa.edu>


-----BEGIN PGP SIGNED MESSAGE-----


This is something I have been wondering about for a while:

How rude is it for people to post (or mail to a mailing list) anon messages
encrypted with someone's PGP key?  It makes it easy for the receiver to
obtain it, but how irritating is it to people?


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLfx6cXDkimqwdwa5AQE5PgQAr7vFwaMiKhAcdUqQW1B85W+nehSYUp47
iyL1cREjD2yypC9XnAkzucCAAie9so1fY74KQwQhWS99h9oMn/QWEUT50OBhVX8+
Mt98Tpr2/9pf2ovlvmqTtkyEC7DY38tsBmbYcRvwyZ1/6Dlvs4gJtmwtwwhW3UDj
+pQFp+GSv+4=
=jGCF
-----END PGP SIGNATURE-----




From jim at acm.org  Mon Jun 13 09:16:09 1994
From: jim at acm.org (Jim Gillogly)
Date: Mon, 13 Jun 94 09:16:09 PDT
Subject: My 1984 t-shirt arrived
Message-ID: <9406131615.AA18234@mycroft.rand.org>


Looks great: "1984 [eye]  we're behind schedule...  NSA" on the front and the
Cyber Rights Now fist on the back.

Thanks, John -- it's worth the wait.

	Jim Gillogly
	Mersday, 23 Forelithe S.R. 1994, 16:13





From ua532 at freenet.victoria.bc.ca  Mon Jun 13 09:51:00 1994
From: ua532 at freenet.victoria.bc.ca (David Snook)
Date: Mon, 13 Jun 94 09:51 PDT
Subject: Crytography - Solution (long)
Message-ID: <m0qDFEY-0000eFa@hip-hop.hh.sbay.org>



Iams Post. June 12/94


	The plaintext messsage was "Leonard Euler Pi", which was deciphered
by David Wagner of Princeton. It is Euler's Totient Function that is the
mathematical basis for the RSA Cryptographic System, hence the message. The
trailing "Pi" was included to minimize the possibility of a "lucky guess".

The 'cheap' scientific calculator, referred to in the original posting, was
an old Radio Shack EC-4024, programmable. The problem itself, however, was
set up on a 386DX using MathCAD and Qbasic.
   
Below, is a detailed method for deciphering the encrypted message, a brief
explanation of some of the how's and why's,  and a copy of the original
problem posting. Thanx.


David




*------------------------------------------------------------------------*
A Cryptographic Problem  ---------------------------------> The Solution:
*------------------------------------------------------------------------*

        N = p*q               (p) and (q) both prime        PUBLIC
   Phi(N) = (p-1)(q-1)        Totient function (Euler)
        E = Integer           (E)nciphering Key             PUBLIC

             -1
        D = E   mod Phi(N)    (D)eciphering key             PRIVATE

*-------*
STEP #1:
*------------------------------------------------------------------------*

You're given:      E = 2683

                   N = 83323
                   N = p*q     (p) & (q) both prime
By factoring:     
                   p = 97
                   q = 859

Then:        Phi(N)  = (97-1)(859-1)   
             Phi(N)  = 82368

*-------*
STEP #2:
*------------------------------------------------------------------------*

                        -1
You're given:      D = E   mod Phi(N)
                  DE = 1   mod Phi(N)
                   1 = DE  mod Phi(N)

Then:              1 = DE - (k * Phi(N))    Algebraic form of equation
                  DE =  1 + (k * Phi(N))

                   D = 1 + (k * 82368)      Where D must be integer
                       ---------------
                             E

                   D = 1 + (k * 82368)      
                       ---------------
                            2683

Set k = 1,2,3, ... i                        Trial and error .. k = 10


                   D = 1 + (10 * 82368)
                       ----------------
                            2683

                   D = 307                  !THIS IS THE DECIPHERING KEY!
                       
*------------------------------------------------------------------------*

*-------*
STEP #3:
*------------------------------------------------------------------------*
To recover the plaintext:

                        D
                   P = C  mod N
                    1   1

                            307
                   P = 48284    mod 83323                  See NOTE 1 
                    1

                   P = 3805
                    1

Look up (38) and (05) in the encoding alphabet:

                   M =  L e
                    1

Repeat STEP #3 for the remaining (C)iphertext blocks to obtain:  
 
 Message   =      L e   o n   a r   d     E u   l e   r     P i

 Plaintext =     3805  1514  0118  0463  3121  1205  1863  4209

 Ciphertext=    48284 65276 34353 19422 26879 31970 31567 52773

*-------*
NOTE 1:
*------------------------------------------------------------------------*
                 307
The number  48284    is very large,  so break up the process and handle
it piece meal as follows.

             1         1                 2
           (C  mod N)(C  mod N) mod N = C    mod N
             2         1                 3 
           (C  mod N)(C  mod N) mod N = C    mod N
             3         1                 4
           (C  mod N)(C  mod N) mod N = C    mod N

             etc.

             4         4                 8  
           (C  mod N)(C  mod N) mod N = C    mod N
             8         8                 16
           (C  mod N)(C  mod N) mod N = C    mod N
             16        16                32
           (C  mod N)(C  mod N) mod N = C    mod N

             etc.

Hint: (256+32+16+3) = 307
                                             2
The largest number to be processed is then  C , (11 digits) max. 
*------------------------------------------------------------------------*

*------------------------------------------------------------------------*
How it all works ........... and why!
*------------------------------------------------------------------------*

        N = p*q               (p) and (q) both prime        PUBLIC
   Phi(N) = (p-1)(q-1)        Totient function (Euler)
        E = Integer           (E)nciphering Key             PUBLIC

             -1
        D = E   mod Phi(N)    (D)eciphering key             PRIVATE
        1 = ED  mod Phi(N)    See below !!!


The sender enciphers her/his (P)laintext message, P, into (C)iphertext
blocks using the published, public keys E and N, as follows,

            E                                          E
       C = P  mod N     --------->       C  mod N  =  P   mod N

The receiver deciphers the (C)iphertext blocks by using her/his private
key D, and the public key N, as follows,

            D                             D            ED
       P = C  mod N     --------->       C  mod N  =  P   mod N

This is possible because the arithmetic performed in the exponent is
done Phi(N), such that,
                           Y           (Y mod Phi(Z))
                          X  mod Z  = X

*------------------------------------------------------------------------*

        D          ED         (ED mod Phi(N))
So:    C  mod N = P  mod N = P


But:   ED mod Phi(N) = 1                                    See above !!!

        D          ED         1
So:    C  mod N = P  mod N = P              The Original Plaintext Block!

*------------------------------------------------------------------------*

It is Euler's Totient Function that makes it all work. Hence the message.

*------------------------------------------------------------------------*

*------------------------------------------------------------------------*
A Crytographic Problem            May 22, 1994             David J. Snook
*------------------------------------------------------------------------*

	There has been a great deal of media discussion, about Clipper
Chips, information privacy, and the "cracking" of RSA-129. This problem
is designed around the underlying mathematics of modern crytographic
systems: RSA, in this particular case. (Rivest, Shamir, Adleman)

	The security of these systems is based on the fact that very
large numbers (200 digits) are very difficult and time consuming to
factor. The numbers associated with this problem are very small, in
crytographic terms, and therefore provide little or no security from
the amateur crypt-analyst. In fact, this problem can be solved with
paper, pencil and a "cheap" scientific calculator.

	Below, is a line of ciphertext, two(2) public keys, followed
by the procedures and equations used to encipher and decipher the message.

The problem ........ What was the original message?  


                  C     C     C     C     C     C     C     C   
                   1     2     3     4     5     6     7     8     

 Ciphertext=    48284 65276 34353 19422 26879 31970 31567 52773


 Key #1  N= 83323
 Key #2  E=  2683

*--------------------*
Procedures & Equations
*------------------------------------------------------------------------*

        N = p*q               (p) and (q) both prime        PUBLIC
   Phi(N) = (p-1)(q-1)        Totient function (Euler)
        E = Integer           (E)nciphering Key             PUBLIC

             -1
        D = E   mod Phi(N)    (D)eciphering key             PRIVATE

Enciphering was done, two(2) characters at a time, using the encoding
alphabet listed below to form (P)laintext blocks. Each block was then
raised to the power of E modulo N to produce the blocks of (C)iphertext.
There are eight(8) blocks of (C)iphertext with each containing exactly
two(2) characters.

             E                E                        E
        C = P  mod N ,   C = P  mod N ,  ........ C = P  mod N
         1   1            2   2                    8   8 

Deciphering is accomplished by raising each (C)iphertext block to the
power of D modulo N. This recovers the (P)laintext blocks and hence the
original message text. 

             D                D                        D
        P = C  mod N ,   P = C  mod N ,  ........ P = C  mod N
         1   1            2   2                    8   8 
*-------------------------------------------------------------------------*

*---------------*
Encoding alphabet
*-------------------------------------------------------------------------*
  a = 01    b = 02    c = 03    d = 04    e = 05    f = 06    g = 07
  h = 08    i = 09    j = 10    k = 11    l = 12    m = 13    n = 14 
  o = 15    p = 16    q = 17    r = 18    s = 19    t = 20    u = 21
  v = 22    w = 23    x = 24    y = 25    z = 26    A = 27    B = 28
  C = 29    D = 30    E = 31    F = 32    G = 33    H = 34    I = 35
  J = 36    K = 37    L = 38    M = 39    N = 40    O = 41    P = 42
  Q = 43    R = 44    S = 45    T = 46    U = 47    V = 48    W = 49
  X = 50    Y = 51    Z = 52    0 = 53    1 = 54    2 = 55    3 = 56
  4 = 57    5 = 58    6 = 59    7 = 60    8 = 61    9 = 62      = 63
  . = 64    , = 65    ; = 66    ? = 67
*-------------------------------------------------------------------------*
Plaintext example
*---------------*

 Message   =      S i   r     I s   a a   c     N e   w t   o n 

 Plaintext =     4509  1863  3519  0101  0363  4005  2320  1514

                   P     P     P     P     P     P     P     P    ... P
                    11    12    13    14    15    16    17    18        k 
*-------------------------------------------------------------------------*

--
David J. Snook.................................ua532 at freenet.victoria.bc.ca






From kentborg at world.std.com  Mon Jun 13 10:12:14 1994
From: kentborg at world.std.com (Kent Borg)
Date: Mon, 13 Jun 94 10:12:14 PDT
Subject: Messages in Time
Message-ID: <199406131711.AA15232@world.std.com>


It just occured to me.  Duh!  Squeemish and ossifrage were effectively
messages in time.

Sure, the NSA probably got the message sooner than the rest of us, and
the amount of time for the message to be received was grossly
mispredicted, but a whole bunch of us saw that original Scientific
American article and years later saw the contents.

Given our familiarity with the whole event I think it is pretty clear
how impractical this technique is for info time traveling.

-kb


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 28:15 hours of TV viewing so far in 1994!





From matsb at sos.sll.se  Mon Jun 13 10:18:15 1994
From: matsb at sos.sll.se (Mats Bergstrom)
Date: Mon, 13 Jun 94 10:18:15 PDT
Subject: DNA
Message-ID: <Pine.3.85.9406131137.A7527-0100000@cor.sos.sll.se>


Databases of fingerprints and retina-images might still have a future
for specialized applications but DNA-typing (why not on a simple blood
sample at birth) combined with a fixed social security number valid for
life will probably become a widely used method for governments to control
the identity of their serfs. Even without legislation stating compulsory
testing of all citizens there are great possibilities with this method.
Serologic tests for various reasons (i.e. HIV, rubella in pregnancy etc)
are routinely performed on a majority of the population in developed
countries. These samples are usually frozen and saved for decades (for
the purpose of comparison if the individual should fall ill; and for
research if something might get interesting) at most laboratries. DNA-
analysis efter thawing is no big deal with modern techniques. So if one
is planning to commit hideous crimes in the future, or if one has other
reasons to maintain DNA privacy, one should demand that blood samples
taken from oneself are destroyed after testing (alternatively take the
tests under a pseudonym).

Unfortunately there is no known method of encrypting one's DNA code
in situ but hopefully they will safely (in escrow?) encrypt it in
the databanks. For most purposes a cheapish imprint (sort of a hash
function) of an individual's DNA code will suffice, i.e. for secure
identification. Longer strains of code will give additional information
on the person's genetic dispositions of course (until now only for physical
diseases and risk factors but coding relating to schizophrenia and
psychopathy are expected Real Soon - the science of molecular biology
is in an exponential phase). For such an extended analysis it is, at
least for some more years, not enough with a frozen blood sample for
serologic testing or a blood/semen-stain from the clothes of a victim
but culturable cell-lines are necessary.

These observations were provoked by the following forwarded letter:
//mb

Date: Thu, 09 Jun 94 05:06:29 MST
From: mednews (HICNet Medical News)
To: hicnews
Subject: Course: DNA Databanks and Repositories
Message-ID: <iHJNNc7w165w at stat.com>

     DNA DATABANKS & REPOSITORIES will be presented 4-5 November 1994 at
     the Sheraton Inn Midway, St Paul Minnesota, USA.

     SPONSORS: Armed Forces Institute of Pathology and the American
     Registry of Pathology.

     GENERAL INFORMATION: AFIP Education Dept. (INT), 14th & Alaska Avenue,
     NW, Washington, DC, 20306-6000 USA; (301)427-5231; FAX (301)427-5001;
     or INTERNET: LOWTHER at email.afip.osd.mil

     CONTENT: DNA typing of biologic tissues and fluids has revolutionized
     criminalistics.  This technology is so powerful that over one half of
     all states have legislatively mandated the creation of DNA databanks
     and repositories for law enforcement purposes with other states
     considerating the same.  The passage of the federal DNA Identification
     Act will bolster the growth of these databanks.  DNA repositories also
     have been established for military remains identification, for
     scientific human geneic diversity studies, and for numerous public
     health reasons.  This is the third national conference devoted
     strictly to the establishment of DNA databanks and repositories.

        This conference is designed to be a practical discussion on the
     creation and the set-up of DNA databanks/repositories, focusing on
     forensic identification.  It is intended for DNA repository directors,
     policy makers, and administrators considerating establishment of a DNA
     collections program, and other interested persons.  Lectures will be
     presented on current state sex offender databanks, the FBI's National
     DNA Index, the DNA Identification Act, practical aspects of databank
     setup and administration, and the associated legal and ethical issues.
     Convictions based on the Minnesota State DNA Database will be featured
     and a tour of the Minnesota Bureau of Criminal Apprehension's facility
     will be conducted.         (English)

     COURSE DIRECTOR:
      Victor W. Weedn, LTC, MC, USC

     TUITION:  $220.










From jgostin at eternal.pha.pa.us  Mon Jun 13 10:50:45 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Mon, 13 Jun 94 10:50:45 PDT
Subject: (None)
Message-ID: <940613125019i9Bjgostin@eternal.pha.pa.us>


dfloyd at runner.utsa.edu (Douglas R. Floyd) writes:

> How rude is it for people to post (or mail to a mailing list) anon messages
> encrypted with someone's PGP key?  It makes it easy for the receiver to
> obtain it, but how irritating is it to people?
     Fairly. In fact, it's considered downright rude. It's like sitting
around a table of, say, 3 people, and whispering with someone next to you.
The first person is you -- you're sending the message. The second person
is your friend -- he's recieving it. The third is me -- I'm just watching
two people whispering. Further, newsgroups are a very inappropriate place
to send private mail for propogation.

                                      --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From frissell at panix.com  Mon Jun 13 11:19:36 1994
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 13 Jun 94 11:19:36 PDT
Subject: DNA
In-Reply-To: <Pine.3.85.9406131137.A7527-0100000@cor.sos.sll.se>
Message-ID: <Pine.3.87.9406131412.A17525-0100000@panix.com>




On Mon, 13 Jun 1994, Mats Bergstrom wrote:

> Databases of fingerprints and retina-images might still have a future
> for specialized applications but DNA-typing (why not on a simple blood
> sample at birth) combined with a fixed social security number valid for
> life will probably become a widely used method for governments to control
> the identity of their serfs. Even without legislation stating compulsory

Charles Osgood was also talking in his CBS Sunday Morning lead yesterday 
about the Infobahn that we will soon all be issued 1 "telephone" number 
at birth.  The Christians are also going on about these control measures 
because they match the "number of the beast" prophecy.

The problem with all of these control fears are that they are based on 
old technology.  THe authorities can try and work with identity control 
but software agents are people too.  Ever since the Trust was invented in 
England under common law, entities have been created and become "human" 
actors.  (On my "some day" list is an article on Trusts - The First 
Software Agents.)  Likewise corporations.

What good does it do to control (some) meat people if each person can 
spawn a hundred agents (often outside the jurisdiction) which can 
perfectly legally act on their behalf.  

I know it will be possible to force these agents to be linked to humans 
but that would only be at birth.  No control is possible over who has the 
codes to control the software agents of the future.  Additionally, all 
government controls on software agents are dependent upon businesses 
willingly turning away (unregistered) willing customers.  Hard to enforce 
on the nets.

DCF








From eb at sr.hp.com  Mon Jun 13 11:25:58 1994
From: eb at sr.hp.com (Eric Blossom)
Date: Mon, 13 Jun 94 11:25:58 PDT
Subject: The Crypto Home Shopping Network
In-Reply-To: <199406110152.SAA21313@servo.qualcomm.com>
Message-ID: <9406131825.AA14353@srlr14.sr.hp.com>


Phil Karn writes:

   No, RC4 is not the European cellular phone encryption algorithm, but
   that 32-bit figure *has* come up in discussions of what NSA will allow
   the carriers to put into next-generation digital cellular telephones.

By "allow", I'm assuming that you mean "allow for export".

Or, are you saying that they won't allow strong crypto in *domestic*
next-generation cellular phones?

What forms have the "incentives" or "disincentives" taken?

Eric Blossom





From ravage at bga.com  Mon Jun 13 11:59:14 1994
From: ravage at bga.com (Jim choate)
Date: Mon, 13 Jun 94 11:59:14 PDT
Subject: Crytography - Solution (long) (fwd)
Message-ID: <199406131859.NAA26946@zoom.bga.com>


Forwarded message:


From Ben.Goren at asu.edu  Mon Jun 13 12:15:55 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Mon, 13 Jun 94 12:15:55 PDT
Subject: (None)
Message-ID: <9406131916.AA01890@Tux.Music.ASU.Edu>


At 12:50 PM 6/13/94 -0500, Jeff Gostin wrote:
>dfloyd at runner.utsa.edu (Douglas R. Floyd) writes:
>
>> How rude is it for people to post (or mail to a mailing list) anon messages
>> encrypted with someone's PGP key?  It makes it easy for the receiver to
>> obtain it, but how irritating is it to people?
>     Fairly. In fact, it's considered downright rude. It's like sitting
>around a table of, say, 3 people, and whispering with someone next to you.
>The first person is you -- you're sending the message. The second person
>is your friend -- he's recieving it. The third is me -- I'm just watching
>two people whispering. Further, newsgroups are a very inappropriate place
>to send private mail for propogation.

Might it be appropriate, though, to create an alt group for that purpose?
Sort of the digital equivalent of putting "coded" messages in the personals
section of your favorite newspaper's classified section. You know--"John,
you have five days to pay up" means to meet at the Ritz for dinner next
Thursday, and "I love you, Sally" means to run for the border.

But far, far more effective digitally.

Could be especailly useful for people "in the field," considering how many
universities and other places permit Usenet posting without an account, so
long as your IP is considered local--easier to get access.

>                                      --Jeff

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From dfloyd at runner.utsa.edu  Mon Jun 13 12:34:41 1994
From: dfloyd at runner.utsa.edu (Douglas R. Floyd)
Date: Mon, 13 Jun 94 12:34:41 PDT
Subject: Anon posts (was irritating posts...)
Message-ID: <9406131934.AA14320@runner.utsa.edu>



> From owner-cypherpunks at toad.com Mon Jun 13 14:23 CDT 1994
> X-Sender: ben at localhost
> Mime-Version: 1.0
> Date: Mon, 13 Jun 1994 12:17:00 -0700
> To: cypherpunks at toad.com
> From: Ben.Goren at asu.edu
> Subject: Re: (None)
> Precedence: bulk
> 
> At 12:50 PM 6/13/94 -0500, Jeff Gostin wrote:
> >dfloyd at runner.utsa.edu (Douglas R. Floyd) writes:
> >
> >> How rude is it for people to post (or mail to a mailing list) anon messages
> >> encrypted with someone's PGP key?  It makes it easy for the receiver to
> >> obtain it, but how irritating is it to people?
> >     Fairly. In fact, it's considered downright rude. It's like sitting
> >around a table of, say, 3 people, and whispering with someone next to you.
> >The first person is you -- you're sending the message. The second person
> >is your friend -- he's recieving it. The third is me -- I'm just watching
> >two people whispering. Further, newsgroups are a very inappropriate place
> >to send private mail for propogation.
> 
> Might it be appropriate, though, to create an alt group for that purpose?
> Sort of the digital equivalent of putting "coded" messages in the personals
> section of your favorite newspaper's classified section. You know--"John,
> you have five days to pay up" means to meet at the Ritz for dinner next
> Thursday, and "I love you, Sally" means to run for the border.
> 
> But far, far more effective digitally.
> 
> Could be especailly useful for people "in the field," considering how many
> universities and other places permit Usenet posting without an account, so
> long as your IP is considered local--easier to get access.
> 
> >                                      --Jeff
> 
> b&
> 
> --
> Ben.Goren at asu.edu, Arizona State University School of Music
>  net.proselytizing (write for info): Protect your privacy; oppose Clipper.
>  Voice concern over proposed Internet pricing schemes. Stamp out spamming.
>  Finger ben at tux.music.asu.edu for PGP 2.3a public key.
> 
> 

That is a good idea, creating a special USENET group for coded messages.
Alt.security.coded.messages would be a good moniker.

Personally, I am not familar with gopherholes or message havens, so I do not
know how good they are, and can log telnets in.  It is harder to log nntp
reads of alt.security.coded.messages or such.  If an admin is very nosy, they
could be snooping your terminal and packets as well, though...

Another idea could be an anonymous FTP site, but someone can go and delete
all the messages on there, and ftps are logged as well...

Any better ideas on being able to anon-post and anon-read with as few
ways for a third party to log as possible?

(This is for my curiosity only, as I rarely have anything worth saying that
needs this much protection.)





From whitaker at dpair.csd.sgi.com  Mon Jun 13 12:59:19 1994
From: whitaker at dpair.csd.sgi.com (Russell Whitaker)
Date: Mon, 13 Jun 94 12:59:19 PDT
Subject: Test; please ignore
Message-ID: <9406131259.ZM18177@dpair.csd.sgi.com>


Test; please ignore

TEST Mon Jun 13 12:58:52 PDT 1994

--
Russell Earl Whitaker			    whitaker at csd.sgi.com
Silicon Graphics Inc.
Technical Assistance Center / Centre D'Assistance Technique /
  Tekunikaru Ashisutansu Sentaa
Mountain View CA     			    (415) 390-2250
================================================================
#include <std_disclaimer.h>









From analyst at Onramp.NET  Mon Jun 13 13:00:36 1994
From: analyst at Onramp.NET (Benjamin McLemore)
Date: Mon, 13 Jun 94 13:00:36 PDT
Subject: Anon posts (was irritating posts...)
Message-ID: <199406132001.PAA23241@ns.onramp.net>


Why not just use alt.test (with appropriate IGNORE subject line),
alt.binaries.pictures.erotica with your data steagonograpically hidden in a
JPEG or any other agreed upon group. Many anon posts would be quite
irritating, esp. on a high volume list such as this one.

--
Benjamin McLemore
analyst at onramp.net







From mech at eff.org  Mon Jun 13 13:11:36 1994
From: mech at eff.org (Stanton McCandlish)
Date: Mon, 13 Jun 94 13:11:36 PDT
Subject: Telco snooping ... (fwd) "every time you fire up a modem" ??
Message-ID: <199406132010.QAA23058@eff.org>


[Sounds like a load to me, but what the heck might as well pass it on,
just in case.  :]


Forwarded message:
From: c.zeps at genie.geis.com
Date: Sun, 12 Jun 94 11:34:00 UTC
Subject: Telco snooping ...

[...]

 
>From    : ROGER CRAVENS                          Number    : 296 of 296
To      : ALL                                    Date      : 06/06/94 18:46
Subject : Big Brother Still Listeni              Reference : NONE
Read    : [N/A]                                  Private   : NO
Conf    : 048 - GN - RadioTalk
 
  *********************************************************************
========================================================================
As someone involved in the telephone industry on the level of security
and data integrity... I would like to inform everyone that uses modems
and/or are bbs operators of some information.
 
The first thing that everyone that uses a modem should know is that
every time you fire up your modem your activating monitoring equipment
somewhere in the U.S.  I have worked for several large telephone
networks that routinely monitor and reroute modem and fax transmissions
through devices that allow them to view what is being transmitted and
even decodes encrypted data and fax packets used by major corporations
and governmental agencies.  This is allowed under the heading of
"Maintenance Monitoring" and may be continued for up to 6 months without
the need of any legal paperwork being generated.  Under an obscure
pre-WWII ruling by the agency that is now the FCC... "No information may
be encoded or transmitted over PUBLIC or PRIVATE forms of telephony or
radio with the exception of those agencies involved in the National
Security" a further designation goes on to say "with the exception of
the MORSE system of 'transmittal', any communication that is not
interpretable by the human ear is forbidden and unlawful."  The
information gathered goes to 3 seperate database facilities...1 is
codenamed Diana and is located in Brussels, the 2nd is named Fredrick
and is located somewhere in Malaysia, the 3rd is named Elizabeth and is
located in Boulder, Colorado.  The information stored in these systems
is accessable by the US Government, Interpol, Scotland Yard and various
other such agencies.  Your credit rating is also affected by your modem
usage... if you ever get a copy of your credit history and find a
listing that has HN06443 <--= this is a negative risk rating. or a code
87AT4 <---= an even more negative risk rating.... these will usually
have no description on them... and if you inquire about them they will
tell you that it just comes from the system that way. I am currently
working for another major carrier as a consultant and have been able to
watch these systems operate...at one unnamed long distance carrier here
in Columbus Ohio in their NCC, Network Control Center, you can see
several rows of computer terminals which have approximately 30 to 40
separate windows in each... these windows have data transmissions that
are being monitored... banks of 9 track tapes are going constantly to
record everything.  Everyone should realize that even if a sysop posts a
disclaimer at the beginning of his bbs about no access to governmental
agencies or law enforcement...that it isn't worth the time it takes to
type it in... looking forward to hearing reactions to this.
--- * SLMR 2.0 * * My Castle BBS 614-236-4015 10pm to 10am M-F 6pm-6pm S-S


-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From fnerd at smds.com  Mon Jun 13 14:12:21 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Mon, 13 Jun 94 14:12:21 PDT
Subject: Remailer REORDER not DELAY
Message-ID: <9406132058.AA15661@smds.com>


i wrote-

> > Delay--time--isn't what matters.  It's confusion about which message is
> > which that matters.  So if I get 10 messages in one minute, I can scramble
> > the order and send them out the next minute, and I've done my job--at
> > least the order-scrambling part.  (You also need to pad or packetize
> > messages.)
> > 
> > So use serial numbers, not times!  Send a message for every one you get, 
> > keep a fixed number of messages queued, and add dummies if necessary
> > to keep things moving.

Jim replies.
> Wrongo...the random time stamp does randomly re-order then. As to bogus
> messages, not on my system you won't....

Okay, first I'll go over the case where delay without dummies does NOT
reorder.  Then I'll go over the case where delay simply adds needless,
well, delay.  Then I'll talk about the cost of dummy messages.

Assumption: Your remailer assigns each message a number from 0 to 59 and 
            remails it at that minute of the hour.  Whether it's hours in 
            the day, minutes in the hour or seconds in the minute only 
            changes which of the following two cases is more likely:

Case 1: The remailer receives no messages for 61 minutes, then one message,
        then no messages for 61 minutes.
Result: In the hour following receipt of that one message, only one 
        message is sent.  Guess which message it was.

Case 2: 60 messages arrive in one minute.
Result: The last one(s) go out about an hour later.  They could have
        all been sent in the next minute with equivalent reordering.
        P.s., if 60 messages arrive *every* minute, under the assumption
        above, you have to save an average of 3600 messages.

So, with this method, you can adjust the delay time down to guarantee
delivery time, or up to make reordering *more likely*, but you can't
guarantee reordering.  If you want 1/N reordering to be likely, you need 
to set the response time to N times the inter-arrival time for the 
*quietest* traffic periods.

To guarantee reordering you have to either wait indefinitely for enough
messages, or after a while insert some of your own.  To get over the
problem of needless delay, you either need to invent some kind of 
tricky variable-delay scheme, or turn your attention away from clock 
time and focus on ordering.

> I have a system which runs of a SLIP feed and bandwidth is sacrosanct.
> If you would like to pay for an additional line to handle the added 
> load then fine but my pocket book won't support it. 

Say the worst turnaround you want is 24 hours, and you want to get 1-out-
of-10 reordering.  Then on a day where you receive only one message (for 
this you got a SLIP connection?) you would need to generate 9 dummies.
Assuming 10Kbyte messages, the bandwidth required is... 10.4 baud.

For a turnaround of 2.4 hours ... 104 baud.
                   15 minutes ... 1040 baud.

And remember, you generate only enough dummies to keep up the minimum
*total* traffic, so in reasonable-traffic periods, you generate no
dummies and the amount of real traffic you can handle isn't affected.

> the consideration of the future where there will be many small systems
> with minimal bandwidth and monetary resources then I realy doubt they 
> will be interested in any system which slows down or otherwise wastes
> a precious and critical resource.

I guess this sentence, which you quote, wasn't clear:

> > Plus, if the remailers only generate
> > dummies when necessary, the total dummy traffic is self-regulating, since
> > multi-hop dummies are x-lax for every remailer they pass through.

In other words, in a world of communicating forwarders, a dummy message
from one just looks like regular traffic to any others it goes through,
and serves to keep their traffic levels up--the more remailers the
fewer dummy messages each remailer has to generate.

> I also oppose the implied synchronicity of your methods as well. I am 
> looking at a resonably secure asynchronouse method of making the 
> traffic analysis difficult (the real reason for all this mumbo jumbo
> in the first place).

Traffic analysis is difficult when the order of messages is sufficiently
scrambled.  If you don't reorder, then delay doesn't help.  If you do
reorder, then added delay doesn't help.  Whether one message is
"synchronized" or not with a random other message isn't useful 
information to an outsider.

> Why should I provide a potential monitor with the
> information that a certain amount of information going out will be 
> bogus?

How might this information help analyze traffic?

Also, as I mentioned, if you send your dummies to yourself indirectly,
then pretty soon the level of input will match the level of output,
and the ratio of bogus to real messages *won't* be visible.

As far as I can see, dummy messages are simply necessary if you want to
guarantee both reordering and response time.  Please explain if you
believe differently.

> You obviously don't pay all the costs for your feed or else you are very 
> rich...

Are you  charged per byte or just a flat rate?

-fnerd
- - - - - - - - - - - - - - -
the snack that eats like a food
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From tcmay at netcom.com  Mon Jun 13 14:34:19 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 13 Jun 94 14:34:19 PDT
Subject: Anon posts (was irritating posts...)
In-Reply-To: <9406131934.AA14320@runner.utsa.edu>
Message-ID: <199406132134.OAA22174@netcom.com>


Douglas Floyd wrote:
> 
> That is a good idea, creating a special USENET group for coded messages.
> Alt.security.coded.messages would be a good moniker.

Cf. Miron Cuperman's "pool" system. Subscribers get _all_ messages in
pools, decrypting only the ones they can. Others who also subscribe
can only tell that all messages went to all subscribers...ironically,
more "loggers" help increase the identity diffusity.

> Personally, I am not familar with gopherholes or message havens, so I do not
> know how good they are, and can log telnets in.  It is harder to log nntp
> reads of alt.security.coded.messages or such.  If an admin is very nosy, they
> could be snooping your terminal and packets as well, though...

As above, it doesn't matter. End to end encryption makes such logging
fruitless (unless the number of pool subscribers is very small, for
obvious reasons).

> Another idea could be an anonymous FTP site, but someone can go and delete
> all the messages on there, and ftps are logged as well...

A bad idea. Pools have major diffusivity advantages over any scheme
involving requested access. (Unless requestor takes _all_ messages, in
which case the ftp access is merely a wrinkle on how the pool is
subscribed to.)

> Any better ideas on being able to anon-post and anon-read with as few
> ways for a third party to log as possible?

Not an issue. Anon remailer chains make posting to a pool secure and
untraceable (usual caveats). Likewise, subscription to all messages
hides which are being decrypted.

To see this, think of the Cypherpunks list as one large (by today's
standards) message pool. (This is the proximate cause of this thread,
as someone is complaining about this group being used as a pool to
send anon messages to others.)

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From kentborg at world.std.com  Mon Jun 13 14:40:34 1994
From: kentborg at world.std.com (Kent Borg)
Date: Mon, 13 Jun 94 14:40:34 PDT
Subject: Economist Clipper Article
Message-ID: <199406132140.AA24004@world.std.com>


Lead article in the Science and Technology section of this week's
Economist is about Clipper.

As usual for the Economist, it is really quite good.  Good description
of the LEAF and Blaze's hack.  Mentions the 47,000 CPSR signatures,
Wired, and makes a good case for how a "voluntary" standard might not
be, and the export issues.  Wish all general-interest publications
were so well done.

The profile of Clipper is rising, and the press is not too shiny for
the NSA.


-kb, the Economist-reading Kent


P.S.  In the middle of the page is a great line-drawing of a
evil-looking cloaked spy in hat and dark glasses, poised with a dagger
and skeleton key at a key-hole equipped computer.  Wish I had a
high-res scanner, Postscript-ized those with fast RIPs could get it in
its full copyright-breaking glory.





From Ben.Goren at asu.edu  Mon Jun 13 15:07:38 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Mon, 13 Jun 94 15:07:38 PDT
Subject: Anon posts (was irritating posts...)
Message-ID: <9406132205.AA02556@Tux.Music.ASU.Edu>


At  2:34 PM 6/13/94 -0700, Timothy C. May wrote:
>[. . .]
>To see this, think of the Cypherpunks list as one large (by today's
>standards) message pool [. . . .]

Just out of curiousity, how large *is* Cypherpunks?

I've been subscribed just about a week now, but I've been quite pleasantly
shocked by the S/N ratio, after getting completely turned off by the
Sternlight wars on Usenet. Ironic that a group calling themselves "punks"
should be civilized, intelligent, scholarly, altruistic, and basic good
'net citizens, while sci.crypt is often little more than a bunch of people
playing "did so!" games. And the PGP group!

>--Tim May
>
>
>--
>..........................................................................
>Timothy C. May         | Crypto Anarchy: encryption, digital money,
>tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
>408-688-5409           | knowledge, reputations, information markets,
>W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
>Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
>"National borders are just speed bumps on the information superhighway."

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From paul at hawksbill.sprintmrn.com  Mon Jun 13 15:12:42 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Mon, 13 Jun 94 15:12:42 PDT
Subject: Cypherpunk signal/noise ration
In-Reply-To: <9406132205.AA02556@Tux.Music.ASU.Edu>
Message-ID: <9406132314.AA26059@hawksbill.sprintmrn.com>



> 
> I've been subscribed just about a week now, but I've been quite pleasantly
> shocked by the S/N ratio, after getting completely turned off by the
> Sternlight wars on Usenet. Ironic that a group calling themselves "punks"
> should be civilized, intelligent, scholarly, altruistic, and basic good
> 'net citizens, while sci.crypt is often little more than a bunch of people
> playing "did so!" games. And the PGP group!
>

It also helps weed out the list when the subscription list gets vaporized
every so often. 

,-)  (smiley for the humor-impaired)

 




From peb at netcom.com  Mon Jun 13 15:14:13 1994
From: peb at netcom.com (Paul E. Baclace)
Date: Mon, 13 Jun 94 15:14:13 PDT
Subject: Traffic Analysis papers, where?
Message-ID: <199406132214.PAA24828@netcom.com>


The pointer to oml at eloka.demon.co.uk died due to bounced mail (bounced 
after 32 days!).  Does anyone have other pointers to papers on
traffic analysis?

Paul E. Baclace
peb at netcom.com





From mech at eff.org  Mon Jun 13 15:15:48 1994
From: mech at eff.org (Stanton McCandlish)
Date: Mon, 13 Jun 94 15:15:48 PDT
Subject: URGENT Action required (NJ folks only) (fwd)
Message-ID: <199406132211.SAA26517@eff.org>


Forwarded message:


From m5 at vail.tivoli.com  Mon Jun 13 15:22:42 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Mon, 13 Jun 94 15:22:42 PDT
Subject: Anon posts (was irritating posts...)
In-Reply-To: <9406132205.AA02556@Tux.Music.ASU.Edu>
Message-ID: <9406132222.AA24897@vail.tivoli.com>



Ben.Goren at asu.edu writes:
 > Ironic that a group calling themselves "punks" should be civilized,
 > intelligent, scholarly, altruistic, and basic good 'net citizens...

Newbie.



:-)

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From mech at eff.org  Mon Jun 13 15:40:05 1994
From: mech at eff.org (Stanton McCandlish)
Date: Mon, 13 Jun 94 15:40:05 PDT
Subject: UPDATE 2: Crypto export campaign - more fax numbers
Message-ID: <199406132238.SAA27160@eff.org>


YOUR letters, faxes and calls are needed now to ensure that the
cryptography, privacy and security provisions of the Cantwell Export
Administration Act are preserved in bill HR3837 - help strike a blow
against Clipper and for freely distributable software like PGP and RIPEM.
If you can't fax directly, you can send your message to glickman at eff.org. 
EFF will fax or hand-deliver it for you to the Committee Chair, Rep. Dan
Glickman.


Updates on the Fax numbers of the House Intelligence Committee.

 Subcommittee fax:    +1 202 225 1991   
Sometimes does not answer. Keep trying!  it IS a working fax number.
 
        Rep                       phone           fax

 D KS Glickman, Daniel         +1 202 225 6216   +1 202 225 5398    Chair
Rep. Glickman's staff has finally released his fax number.


 D TX Coleman, Ronald D.       +1 202 225 4831   +1 202 225 4831 
This fax number is also a voice line.  Staff manually switch to fax if they
hear fax tones.  You may wish to call by voice to make sure they do this
if your fax attempts fail.   If you don't get thru, call the Committee, and
ask for the voice number, it may have been changed.

 D AL Cramer Jr, Robert (Bud)  +1 202 225 4801   +1 202 225 4392
Rep. Cramer's staff has finally released his fax number.

 D MO Gephardt, Richard A.     +1 202 225 2671   +1 202 225 7414
Rep. Gephardt has changed his fax number.  The correct one is given here.

 R NE Bereuter, Douglas        +1 202 225 4806   +1 202 226 1148 
Sometimes does not answer.  This IS a valid fax #, keep trying.

 R CA Dornan, Robert K.        +1 202 225 2965   
Rep. Dornan has disconnected this fax number.  His office does have a fax,
but it has been made non-public.  Constituents may wish to describe to Rep.
Dornan how they feel about such manouvers.

 R IL Michel, Robert H.        +1 202 225 6201   +1 202 225 9249 
Try again if you don't get an answer.  This is a working fax number.


Many thanks to Janet E. Harrison <tat at well.sf.ca.us> for doing the footwork
for this update.

-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From tcmay at netcom.com  Mon Jun 13 16:00:37 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 13 Jun 94 16:00:37 PDT
Subject: How big is Cypherpunks?
In-Reply-To: <9406132205.AA02556@Tux.Music.ASU.Edu>
Message-ID: <199406132235.PAA29975@netcom.com>


Ben Goren wrote:

> Just out of curiousity, how large *is* Cypherpunks?

It was at about 700 subscribers for several months, then the first big
"outage" a month or so ago caused the number to drop way off. Last I
checked (send the message "who cypherpunks" to majordomo at toad.com),
there were about 400 subscribers. (It is likely that many of the
original "700 Club" were casual subscriber, dormant accounts,
gateways, whatever.)

And the list just suffered a second wipe-out of the subscriber list,
so I don't know right now how many are even seeing this.

> I've been subscribed just about a week now, but I've been quite pleasantly
> shocked by the S/N ratio, after getting completely turned off by the
> Sternlight wars on Usenet. Ironic that a group calling themselves "punks"
> should be civilized, intelligent, scholarly, altruistic, and basic good
> 'net citizens, while sci.crypt is often little more than a bunch of people
> playing "did so!" games. And the PGP group!

Well, you missed the Detweiler War here in October-January! Be glad
you did.

Many of the leading lights of crypto are here on Cypherpunks. To name
a few: Ellison, Bellovin, Blaze, Stewart, Gilmore, Karn, Hughes,
Finney, Atkins, Toal, Metzger, Wayner, Johnson, and lots of others. A
perusal of the most insightful posts to sci.crypt usually shows that
most of the insightful folks are Cypherpunks.

(I shouldn't even try to list names, as I've probably forgotten a few
obvious names and have doubtless hurt someone's feelings. Me culpa if
I left your name off here.)

And sometimes others, such as Zimmermann, Plumb, etc. There are also
several digital pseudonyms, such as Pr0duct Cypher and Lady Ada, who
appear to be crypto experts of some talent....we might be surprised to
learn who they are.

Though flames do crop up here, there is more of a _commitment_ to get
on the list, and hence more of a reputation-based sense of community.
Part of what we think is important for the crypto anarchic world of
strong crypto, untraceable communications, etc.

Usenet suffers from casual posters making clueless comments and
shooting from the hip. A mailing list, despite certain logistical and
other problems, has some advantages....even if the screening of new
members is nonexistent. 

Glad you are enjoying the list.

--Tim May





-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From paul at hawksbill.sprintmrn.com  Mon Jun 13 16:32:09 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Mon, 13 Jun 94 16:32:09 PDT
Subject: RSADSI "Terisa" venture
Message-ID: <9406140034.AA27735@hawksbill.sprintmrn.com>



A (very) brief blurb on the inside cover of Network Worl this week
(p.2, June 13, 1994; vol. 11, number 24):


"That secure feeling. RSA Data Security, Inc., which sells public-key
cryptograpgy software, and Enterprise Integration Technologies Corp.,
product manager for a $12 million Internet marketplace, are teaming up
to sell tools that build secure Internet applications. Their joint
venture, Terisa Systems, will market tools for creating World-Wide
Web clients and servers that incorporate cryptography and digital
signatures for ensuring the privacy and validity of transactions over
the Internet. Shipping is scheduled for late 1994.

Terisa: (415) 617-1836"



_______________________________________________________________________________
Paul Ferguson                         
US Sprint 
Managed Network Engineering                        tel: 703.904.2437 
Herndon, Virginia  USA                        internet: paul at hawk.sprintmrn.com





From pfarrell at netcom.com  Mon Jun 13 17:15:49 1994
From: pfarrell at netcom.com (Pat Farrell)
Date: Mon, 13 Jun 94 17:15:49 PDT
Subject: DNA
Message-ID: <72713.pfarrell@netcom.com>


In message Mon, 13 Jun 1994 18:54:10 +0200 (METDST),
  Mats Bergstrom <matsb at sos.sll.se>  writes:

> Databases of fingerprints and retina-images might still have a future
> for specialized applications but DNA-typing (why not on a simple blood
> sample at birth) combined with a fixed social security number valid for
> life will probably become a widely used method for governments to control
> the identity of their serfs.
> [good stuff elided]
>
> Unfortunately there is no known method of encrypting one's DNA code
> in situ but hopefully they will safely (in escrow?) encrypt it in
> the databanks.

This issue came up at the CFP-2 conference (Computers Freedom and Privacy,
March 92 edition). There were speakers there claiming that the audience,
when getting up from their chairs, would leave sufficient hair, skin
flakes, sweat, etc. behind that DNA mapping would be easy. Of course, this
mapping would be without the "suspect" having any knowledge of when the map
material was gathered.

I don't know if this was factual then, but no one rose up to claim that the
speaker was in error, and there were lots of folks in the audience that
could have challenged it. None did.

This speach was a major motivation in my interest in these topics.

That, and a chance to listen to Bruce Stirling, DED, and Jim Bidzos...

Pat

Pat Farrell      Grad Student                 pfarrell at cs.gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>





From paul at hawksbill.sprintmrn.com  Mon Jun 13 17:37:40 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Mon, 13 Jun 94 17:37:40 PDT
Subject: Big Brother wants the shirt off your back
Message-ID: <9406140139.AA29082@hawksbill.sprintmrn.com>




Although not exactly crypto-related, I couldn't forego the opportunity
to pass this along - 


From: risks at CSL.SRI.COM (RISKS Forum)
Newsgroups: comp.risks
Subject: RISKS DIGEST 16.14
Message-ID: <CMM.0.90.1.771548444.risks at chiron.csl.sri.com>
Date: 13 Jun 94 23:00:44 GMT
Sender: daemon at ucbvax.BERKELEY.EDU
Reply-To: risks at csl.sri.com
Distribution: world
Organization: The Internet
Lines: 644
Approved: risks at csl.sri.com


------------------------------

Date:  Mon, 13 Jun 94 16:16 EDT
From: Lynn R Grant <Grant at DOCKMASTER.NCSC.MIL>
Subject:  Big brother wants the shirt off your back

Here's another risk on the horizon.  We may have to wait a few
years, though.  From the June 1994 issue of Bobbin, "The premier
news and information source of the global sewn products industry":

     Groups such as the American Textile Partnership (AMTEX), a
     research consortium that links the sewn products industry with
     the Department of Energy's national laboratories, also are looking
     at RF technology as a means to improve the production process.  In a
     research project called the Embedded Electronic Fingerprint, long-term
     work is underway to develop a computer-type device the size of a grain
     of wheat that could be attached to a garment and used through the
     entire product life cycle.

     "A manufacturer could program into the device information unique to
     a garment, such as the size, color, style, line, or plant of
     manufacture, care instructions, etc.," explains Jud Early, director
     of research and development for the Textile/Clothing Technology
     Corp, [TC]**2.  "There also would be a large amount of blank memory
     that could be used for anti-counterfeit tracking and more."

     Since each tag would have a unique identity, in-process inventory
     could be tracked easily using RF units--without ever touching garments
     or having to open shipping boxes.  For example, a carton could be
     passed through a reading system, which would verify the contents
     against the packing list.

So, all that is needed is for the clerk at the store to capture the
identity of the shirt, perhaps through a barcode on the tag (so they
wouldn't have to install the special shirt readers), and they already
know your identity from your credit card number (unless someone else
buys your shirts for you), so they can track your movements by setting
up shirt readers in various places.

But that might take more collusion between government and the stores
than we want to speculate.  So try this: a crime is committed.  A few
days later, you walk past a hidden shirt reader, and are immediately
approached by an officer of the law, who arrests you for the crime.
"But I was nowhere near the scene of the crime," you protest.
"On the contrary," the officer counters, "one of our hidden shirt
readers detected you shirt in the vicinity of the crime.  You must
be guilty."

One would hope that the manufacturers of these devices don't accidentally
program duplicate serial numbers in them.  And you should think twice
about lending your shirt to your girlfriend.

Lynn Grant  Grant at DOCKMASTER.NCSC.MIL

------------------------------






From jpb at gate.net  Mon Jun 13 18:26:08 1994
From: jpb at gate.net (Joseph Block)
Date: Mon, 13 Jun 94 18:26:08 PDT
Subject: How irritating are anon encrypted pgp messages
In-Reply-To: <9406131527.AA07007@runner.utsa.edu>
Message-ID: <199406140125.VAA73124@inca.gate.net>



Personally, I don't like them.  I can see that there are times when someone
would not want anyone to know what the recipient's email address is, but it is
just more noise to filter for everyone else.  I'm on several other mailing
lists, so I already filter through a couple of hundred messages a day.  What
makes it worse is that they are *all* downloaded to my Duo before filtration
begins.  The last thing I want is more disk space eaten up for off topic
messages, and I can't think anything more off topic than messages no one can
read.

Just my two cents worth.

jpb




From matsb at sos.sll.se  Mon Jun 13 18:47:31 1994
From: matsb at sos.sll.se (Mats Bergstrom)
Date: Mon, 13 Jun 94 18:47:31 PDT
Subject: DNA
In-Reply-To: <72713.pfarrell@netcom.com>
Message-ID: <Pine.3.85.9406140354.A14535-0100000@cor.sos.sll.se>


Pat Farrell wrote:

> when getting up from their chairs, would leave sufficient hair, skin
> flakes, sweat, etc. behind that DNA mapping would be easy. ...

There is no DNA in hair or sweat but surely in larger skin
flakes. These are mostly very dead cells though making
analysis difficult but not impossible, if lucky, with current
techniques. Corresponding hair could be used for testing
accumulated levels of recreational drugs of cource.
Fortunately there will be no remains of your crypto key
(unless you based it upon your DNA code...).

//mb 








From frissell at panix.com  Mon Jun 13 18:50:26 1994
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 13 Jun 94 18:50:26 PDT
Subject: Anon posts (was irrit
Message-ID: <199406140150.AA07997@panix.com>


To: cypherpunks at toad.com

B >Sternlight wars on Usenet. Ironic that a group calling themselves 
B >"punks" should be civilized, intelligent, scholarly, altruistic, and
B >basic good 'net citizens, while sci.crypt is often little more than a
B >bunch of people playing "did so!" games. And the PGP group!
B >
B >>--Tim May


USENET vs mailing list.

DCF

--- WinQwk 2.0b#1165
         





From sidney at taurus.apple.com  Mon Jun 13 18:51:10 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Mon, 13 Jun 94 18:51:10 PDT
Subject: Sunday NY Times anti-Clipper, FBI bill editorial
Message-ID: <9406140149.AA13176@federal-excess.apple.com>


Here's a brief quote from a NewsBytes copyrighted article. You can surmise
the rest, or go get a copy of last Sunday's NY Times. There are no new
arguments in the Times editorial, but the fact that they wrote it is what's
interesting:

 WASHINGTON, D.C., U.S.A., 1994 JUN 13 (NB) -- In a Sunday editorial,
 the influential New York Times has criticized both the Clinton
 administration's Clipper encryption scheme and the digital telephony
 legislation backed by the Federal Bureau of Investigation (FBI).

 -- sidney markowitz <sidney at taurus.apple.com>








From sonny at netcom.com  Mon Jun 13 18:56:27 1994
From: sonny at netcom.com (James Hicks)
Date: Mon, 13 Jun 94 18:56:27 PDT
Subject: DNA
In-Reply-To: <72713.pfarrell@netcom.com>
Message-ID: <199406140156.SAA26422@netcom.com>


[...]
> 
> This issue came up at the CFP-2 conference (Computers Freedom and Privacy,
> March 92 edition). There were speakers there claiming that the audience,
> when getting up from their chairs, would leave sufficient hair, skin
> flakes, sweat, etc. behind that DNA mapping would be easy. Of course, this
> mapping would be without the "suspect" having any knowledge of when the map
> material was gathered.
> 
> I don't know if this was factual then, but no one rose up to claim that the
> speaker was in error, and there were lots of folks in the audience that
> could have challenged it. None did.
> 

"Single Cell" polymerase chain reaction (PCR) is being done in the lab now.
Theoretically all you need is one cell and you can amplify any DNA
sequence from the genome that you want.

[...]
> Pat
> 
> Pat Farrell      Grad Student                 pfarrell at cs.gmu.edu
> Department of Computer Science    George Mason University, Fairfax, VA
> Public key availble via finger          #include <standard.disclaimer>
> 


>James<




From matsb at sos.sll.se  Mon Jun 13 18:58:33 1994
From: matsb at sos.sll.se (Mats Bergstrom)
Date: Mon, 13 Jun 94 18:58:33 PDT
Subject: DNA
In-Reply-To: <Pine.3.87.9406131412.A17525-0100000@panix.com>
Message-ID: <Pine.3.85.9406140029.A14535-0100000@cor.sos.sll.se>




Duncan Frissell wrote about software agents out of government control:

> I know it will be possible to force these agents to be linked to humans 
> but that would only be at birth.  No control is possible over who has the 
> codes to control the software agents of the future.

Unless we completely lose the war for privacy and will have to show our
retinas to a scanner to be able to access any net (with an identification
attached to all our communications) you are right, I hope. But flesh
agents need privacy too. Imagine Singapore collecting DNA imprints of
all their citizens (and all visitors at custom control) then sweeping
the streets for saliva every morning at 3am and whipping the flesh of all
offenders.

In my country we are all issued a unique software agent at birth i the
format: YYMMDDxxxy where y is a check for authenticity (to make it
harder faking a number I guess) in the following way: YYMMDDxxx are
alternately multiplied by 2 or 1 such as 2xY,1xY,2xX,... A result of
10 or more is treated like 1+0 to get a number not higher than 9. Then
all the results are added and the sum is subtracted from the nearest
higher power of 10 to get y (if the sum is an even power of 10 you get
10 transforming to 1+0=0). xxx are chosen so as to identify a male by
y=even and a female by y=odd (y=0 identifies...eh, I forgot, not a
hermaphrodite though). Hope this helps if you would ever like to use
a 'personal' agent in this jurisdiction! Take care not to use one which
is already occupied since that could cause great trouble for the original
holder (or make him rich?). Plenty of clercs have access to some
database where this can be checked though, no problem, but I don't
know how long it would take for a particular database to find out
that your agent has no former history. Disregarding the trivial task
of faking another true identity the system is not easy to beat on this
level. So I look forward to making my transactions in digicash over
a phantom node on the net, through a free anonymous agent. For reasons
of privacy.

//mb




 









From smb at research.att.com  Mon Jun 13 19:08:33 1994
From: smb at research.att.com (smb at research.att.com)
Date: Mon, 13 Jun 94 19:08:33 PDT
Subject: DNA
Message-ID: <9406140208.AA02572@toad.com>


	 In my country we are all issued a unique software agent at birth i the
	 format: YYMMDDxxxy where y is a check for authenticity (to make it
	 harder faking a number I guess)

No.  The purpose of check digits like that is to detect innocent errors in
data entry.





From MINITERS at Citadel.edu  Mon Jun 13 19:42:16 1994
From: MINITERS at Citadel.edu (Syl Miniter 803-768-3759)
Date: Mon, 13 Jun 94 19:42:16 PDT
Subject: Was the list"wiped" Sunday afternoon
Message-ID: <01HDIDGPSNBY90NSG0@citadel.edu>


I saw a note and havent received any e-mail today






From tcmay at netcom.com  Mon Jun 13 20:15:27 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 13 Jun 94 20:15:27 PDT
Subject: How irritating are anon encrypted pgp messages
In-Reply-To: <199406140125.VAA73124@inca.gate.net>
Message-ID: <199406140315.UAA01032@netcom.com>


Joseph Block writes:

> Personally, I don't like them.  I can see that there are times when someone
> would not want anyone to know what the recipient's email address is, but it is
> just more noise to filter for everyone else.  I'm on several other mailing

The situation here is that _sender_ does not know the e-mail address
of the recipient!

Whether these messages are a good thing or not is a different issue,
but the fact is that what are seeing here is the use of the
Cypherpunks mailing list as a "message pool."

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From VACCINIA at UNCVX1.OIT.UNC.EDU  Mon Jun 13 20:15:55 1994
From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU)
Date: Mon, 13 Jun 94 20:15:55 PDT
Subject: DNA
Message-ID: <01HDIESL0K1U005JUQ@UNCVX1.OIT.UNC.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

Along the lines of Big Brother and your genomic heritage:

No, the few cells left on your chair are not enough to provide a genomic map.
Hair does, indeed, contain cells capable of being analyzed, in the follicles.
PCR (polymerase chain reaction) is capable of analyzing a variety of genetic
polymorphisms (genes that vary among the general population) from only a 
single cell. Thus you could be typed in a limited fashion and identified but 
not mapped. Small comfort, however, and PCR is becoming easier every day.
For escaping DNA typing tests, I suggest carrying along some HeLa cell DNA 
(that will really screw up the test ;->.

Scott G. Morham            !The First,
VACCINIA at uncvx1.oit.unc.edu!          Second  
PGP Public Keys by Request !                and Third Levels 
                           !      of Information Storage and Retrieval
                           !DNA,
                           !    Biological Neural Nets,
                           !                           Cyberspace


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLfvO9j2paOMjHHAhAQElBAQA2Q+NCsYT/RxcFzIaDyWh6jRpP1672BZW
MvmRccSGKUyhIz54mC19cAaS6LuB1CxyMd2L52hn3eFwaxGbg1J/G3hIrJyCJ+Da
ocJGG0cmdnl1Pg7coA3vT3IWDvv58/UHeZeKYgCEbckIQEGCmvKqqMdHd6yxz+K3
TYH75tQW6bU=
=HWaa
-----END PGP SIGNATURE-----





From roy at sendai.cybrspc.mn.org  Mon Jun 13 20:18:54 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Mon, 13 Jun 94 20:18:54 PDT
Subject: As I delurk, a question... (Clipper)
Message-ID: <Rm9DRcvcwapi@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

The thought occurs... the NSA doesn't seem particularly distressed that
Clipper's LEAF can be spoofed and rendered unusable.  Could this
indicate that the LEAF isn't really necessary to retrieve the session
key after all?
- -- 
Roy M. Silvernail --  roy at sendai.cybrspc.mn.org will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
        PGP 2.3a public key available upon request (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.3c

iQCVAgUBLf0dkRvikii9febJAQFEGQP+JUs/Z67WyE2Xgd6dwwcarHrGUqN7Gl5l
IlypdV2dX1McvuREj4WT6w13ljwe8kstLanyZxc2vHxiiEx+49D/wXG985pVNKRr
ylJVWYremrtPz4/p4Ibcdy/9Cvh7V0GYtIIVCDzTCsaF8LVXzWQeqlcEiwG5G57D
sC/4Ylwhp/U=
=b7h/
-----END PGP SIGNATURE-----






From VACCINIA at UNCVX1.OIT.UNC.EDU  Mon Jun 13 20:35:41 1994
From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU)
Date: Mon, 13 Jun 94 20:35:41 PDT
Subject: Current Remailers
Message-ID: <01HDIFGW780Y005JUQ@UNCVX1.OIT.UNC.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

After testing several remailers this weekend, three have given no reply. 
remail at c2.org (does this remailer support Request-Remailing-To:?) has not 
gotten back to me, nor has catalyst at netcom.com or remailer at rebma.mn.org.
anon at cyberspace.org mailed me back from its mail daemon to tell me no such 
account, as did nowhere at bsu-cs.bsu.edu.

The following worked:
remailer at ds1.wu-wien.ac.at    very fast
remailer at chaos.bsu.edu        very fast
rperkins at nyx.cs.du.edu        very fast
hal at alumni.caltech.edu        very fast
hfinney at shell.portal.com      very fast
remail at extropia.wimsey.com    took a couple of hrs.
ghio at kaiwan.com               very fast
remail at vox.hacktic.nl         took overnight but it's not in this country :-)

Does anyone know if catalyst and rebma are still on line?

Scott G. Morham            !The First,
VACCINIA at uncvx1.oit.unc.edu!          Second  
PGP Public Keys by Request !                and Third Levels 
                           !      of Information Storage and Retrieval
                           !DNA,
                           !    Biological Neural Nets,
                           !                           Cyberspace


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLfvT4z2paOMjHHAhAQEwiQQA1o9hj0Ip/pWYRcOnveS54Qigfx/cuSKb
uLJNW/8qvBCvmWvBabnL8Y3612HCkhyqajgiziQa4cglB/ALALyIZYkJH23xNwfp
dv/o/Cn22RQvcFITRxPaMCcjZJUdJZGpDdP11vP1UboNdQHPMIFN54Nq/5XdFFgL
6AE3/hkjG+E=
=UBu2
-----END PGP SIGNATURE-----





From sidney at taurus.apple.com  Mon Jun 13 21:03:45 1994
From: sidney at taurus.apple.com (Sidney Markowitz)
Date: Mon, 13 Jun 94 21:03:45 PDT
Subject: As I delurk, a question... (Clipper)
Message-ID: <9406140402.AA15052@federal-excess.apple.com>


>NSA doesn't seem particularly distressed that
>Clipper's LEAF can be spoofed and rendered unusable.  Could this
>indicate that the LEAF isn't really necessary to retrieve the session
>key after all?

Not necessarily. First of all, why would the NSA let it be known if they
are distressed? I'm amazed that they have started talking to the public at
all! Secondly, what do they hope to achieve with this whole Clipper thing?
Given that they are aware that strong crypto exists and is publicly
available around the world, what can they gain by pushing Clipper? Is it
some type of political influence in the U.S. that they'll get by winning
this round, or do they want the ability to spy on ordinary civilian and
U.S. government activity, or what? Whatever it is, if it isn't hurt by
people having PGP available, it isn't hurt by the small number of people
who would spoof LEAFs.

As I read the official pronouncements of representatives of the U.S.
government and especially the NSA, I can't figure out what they do hope to
achieve. Can anyone else on this list make sense of it?

 -- sidney markowitz <sidney at taurus.apple.com>









From hughes at ah.com  Mon Jun 13 21:05:57 1994
From: hughes at ah.com (Eric Hughes)
Date: Mon, 13 Jun 94 21:05:57 PDT
Subject: (None)
In-Reply-To: <9406131916.AA01890@Tux.Music.ASU.Edu>
Message-ID: <9406140418.AA26651@ah.com>


   Might it be appropriate, though, to create an alt group for that purpose?

One has already been created:  alt.numbers.random

Check it out; it's really there, and needs some traffic.  In order to
make the numbers really look random (in order to satisfy the group
charter), though, please strip off any PGP headers before posting.

You may post factorizations of peoples public keys to
alt.numbers.prime, as well.

Thanks to Eric Hollander for actually creating the group.  The two of
us have lots more in the alt.numbers.* hierarchy.

Er, software to effectively use this forum would be appreciated.

Eric





From harmon at tenet.edu  Mon Jun 13 22:21:38 1994
From: harmon at tenet.edu (Dan Harmon)
Date: Mon, 13 Jun 94 22:21:38 PDT
Subject: NSA technology transfer
Message-ID: <Pine.3.89.9406140012.E12805-0100000@Joyce-Perkins.tenet.edu>



The following was posted on the list in the middle of May.  Being 
curious I called the number list at Ft. Meade. The person on who answered
was real shaken, for lack of a better term, that I called, it seems that 
this was the second inquiry that day.  He wanted to know various things, like
where did I get the information, was my name Bruce....  After a few minutes
he finally took my name and said, to call him in a week to 10 days if I 
did not here from him.  A few day later he called and said I needed to 
send a letter to expressing my interest in the technology.  About 10 ten days
after that I called to inquire if he received my letter and what was the 
next step.  It seems that there had been quite a few requests and that they were
trying to determine whether or not they were going to allow the 
technology to be transferred to individuals. The person said to call back  
in 4 or 5 days.  I called today and they said in essence that they 
were not going to let individuals have a shot at it.  They said that they 
were going to charge stiff license fees, that you would need to show a 
plan of how you were going to develop the product.....  You get the 
point.

It is obvious that they really don't want to transfer the technology.  And if
they do it will be to someone with deep pockets and who they like.

I wonder where the fees that they want to charge will go, to the 
general treasury or to their own budget? 

More later.

Dan Harmon

On Thu, 19 May 1994, Anonymous wrote:

> 
> 
> Newsgroups: sci.crypt,alt.security,alt.privacy
> From: schneier at chinet.chinet.com (Bruce Schneier)
> Subject: "Interesting Stuff" Checkers at the NSA
> Message-ID: <Cq2934.q0 at chinet.chinet.com>
> Organization: Chinet - Public Access UNIX
> Date: Thu, 19 May 1994 17:40:15 GMT
> 
> This is from a flyer that NSA people have been distributing:
> 
>      NATIONAL SECURITY AGENCY --  TECHNOLOGY TRANSFER
> 
>      Information Sorting and Retrieval by Language or Topic
> 
>      Description:  This technique is an extremely simple, fast,
>      completely general mathod of sorting and retrieving machine-
>      readable text according to language and/or topic.  The
>      method is totally independent of the particular languages or
>      topics of interest, and relies for guidance solely upon
>      exemplars (e.g., existing documents, fragments, etc.)
>      provided by the user.  It employs no dictionaries keywords,
>      stoplists, stemmings, syntax, semantics, or grammar;
>      nevertheless, it is capable of distinguishing among closely
>      related toopics (previously considered inseparable) in any
>      language, and it can do so even in text containing a great
>      many errors (typically 10 - 15% of all characters).  The
>      technique can be quickly implemented in software on any
>      computer system, from microprocessor to supercomputer, and
>      can easily be implemented in inexpensive hardware as well. 
>      It is directly scalable to very large data sets (millions of
>      documents).
> 
>      Commercial Application:
> 
>           Language and topic-independent sorting and retieval of
>           documents satisfying dynamic criteria defined only by
>           existing documents.
> 
>           Clustering of topically related documents, with no
>           prior knowledge of the languages or topics that may be
>           present.  It desired, this activity can automatically
>           generate document selectors.
> 
>           Specializing sorting tasks, such as identification of
>           duuplicate or near-duplicate documents in a large set.
> 
>      National Security Agency
>      Research and Technology Group - R
>      Office of Research and Technology Applications (ORTA)
>      9800 Savage Road
>      Fort George G. Meade, MD  20755-6000
>      (301) 688-0606
> 
> 
> If this is the stuff they're giving out to the public, I can only
> imagine what they're keeping for themselves.
> 
> Bruce
> 
> **************************************************************************
> * Bruce Schneier
> * Counterpane Systems         For a good prime, call 391581 * 2^216193 - 1
> * schneier at chinet.com
> **************************************************************************
> 
> 






From catalyst-remailer at netcom.com  Mon Jun 13 22:46:07 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Mon, 13 Jun 94 22:46:07 PDT
Subject: Massive ITAR Violation!
Message-ID: <199406140546.WAA20065@mail2.netcom.com>


I mailed this about 5 minutes before the news of list death arrived, so
it didn't make it. Conspiracy! Anyway, I posted this to comp.org.eff.talk
and so far it has generated no interest.

The Cypherpunks have been mentioned in various articles in the mass media
as a group that would at least toy with the idea of civil disobedience
concerning ITAR violation. Imagine yourselves trying to topple ITAR
by publically exporting PGP to many countries, every day, for over a
year. Yet do any of us really want to push our luck this way? Phil
Zimmermann is out a lot of cash paying for a legal team. He can hardly
afford taking his family out for dinner.

That's why discovering this, I feel it should make *news*. As it turns
out, the internet's largest Macintosh ftp archive has been exporting
MacPGP2.2 every day for the last year! This to Singapore and China and
God knows where else. Every country on Earth with an internet connection,
likely.

Here is a satirical essay, explaining what anyone who takes ITAR at
face value might do if they discovered this situation....

-----BEGIN ROT13 SIGNED MESSAGE-----

Fellow citizens of the United States of America, I wish to inform you of a
great and ongoing catastrophe of most serious consequence.

It is organized crime, by definition. Below is the header for the MacPGP2.2
file on sumex-aim.stanford.edu, archived with dozens of other utilities, as
/info-mac/util/pgp.hqx, which has been there for *over a year*, many times
a week being *exported* onto info-mac mirrors around the world. This is the
most massive and organized absolute violation of the USA's ITAR munitions
export laws (regulations) we have ever witnessed. For an entire year,
weekly if not daily, the notorious encryptor PGP, right under our eyes,
exported!

I hope this is cleared up as soon as humanly possible, but we are all of us
left with the guilt of not having noticed this before. All this talk of
ITAR and there you are, your largest communal Mac ftp site pumping out PGP
across the border like a huge demonic machine bent on destroying our
beloved society. If the moderators cannot be contacted immediately, I
suggest military force be used. Or cooperative shutdown of the US internet
connections. Please begin this at once, as it *must* be stressed that PGP
is classified as a MUNITION, right along with rocket launchers and
tanks!!!!!!!! This is as serious as it gets.

I didn't even know what the internet *was* back in April of '93, and I am
but one in a million (literally) who has access to sumex-aim.stanford.edu
and all its mirror sites. It must have been my destiny to save the world,
for none of *you* seem interested in doing so. It has only been an hour
since I discovered this NATIONAL SECURITY DISASTER, and I immediately
set myself in action to save my country from destruction.

*I*YoU*mE*We*OiwIE*wE*yOU*Me*I*

P.S. Here is the evidence:

>From: macmod at SUMEX-AIM.Stanford.EDU (Info-Mac Moderator)
>Date: Sun, 25 Apr 1993 23:22:58 PDT
>
>PGP (Pretty Good Privacy) ver 2.2 - RSA public-key encryption freeware
>for MSDOS, protects E-mail.  Lets you communicate securely with people
>you've never met, with no secure channels needed for prior exchange of
>keys.  Well featured and fast!  Excellent user documentation.
>
>PGP has sophisticated key management, an RSA/conventional hybrid
>encryption scheme, message digests for digital signatures, data
>compression before encryption, and good ergonomic design.  Source
>code is free.
>
>Keywords:   PGP, Pretty Good Privacy, RSA, public key, encryption,
>            privacy, authentication, signatures, email
>
>(This file must be converted with BinHex 4.0)
>
>:$8eKBe"(8$)Z-LjcC@%!39"36'&eFh3J!!!$@3X!!%DFIea6593K!!%!!eN,FNa
....

And upon downloading it and starting it up, the console window faithfully
displays:

>Pretty Good Privacy 2.2 - Public-key encryption for the masses.
>(c) 1990-1993 Philip Zimmermann, Phil's Pretty Good Software. 6 Mar 93
>Date: 1994/06/12 16:10 GMT

I further suggest that all of the following sites (but a sample)
immediately remove this file from their archives and stop mirroring
sumex-aim till they too remove the file.

To keep this from happening again, I suggest *all of us* in the USA delete
our copies of PGP from our hard disks, lest our children export it into the
hands of such enemy nations as these. It is time we put an end to this
scourge, for look what will happen if we do not. Pornographers and
terrorists are coming for our children if we do not act. Death to PGP
users!!!!!!!!!!!!!!! Where is our government in all of this? Our tax
dollars are not being used to protect us from the EXPORT OF MUNITIONS TO
ENEMY NATIONS!!!!!

I suggest full prosecution of all users and maintainers of sumex-aim, as
they have all obviously conspired to maintain this treachery. I suggest
they all be searched for other weapons as well including land mines,
automatic machine guns, poison gases, biological weaponry and mind control
devices of all sorts, as it is my firm belief that the only reason they are
interested in PGP is to forward their agenda to export other munitions,
drugs pushed on *our* children to pay for them!!! This will culminate in
the obvious acquisition of *nuclear bombs* by every Tom Dick and Harry
gangster. Little boys and girls in the getto with *neutron bombs* and
*poison gas missiles*! I shutter to think we could have stopped it but,
alas, we may have failed ourselves. Here are the target sites. I suggest
immediate offensive attacks to destroy these evil ports of death and
destruction....

Australia (Melbourne): archie.au//micros/mac/info-mac/util/pgp.hqx

Austria (Vienna): ftp.univie.ac.at//mac/info-mac/util/pgp.hqx

Canada (Vancouver): ftp.ucs.ubc.ca//pub/mac/info-mac/util/pgp.hqx

Finland (Espoo): ftp.funet.fi// pub/mac/info-mac/util/pgp.hqx

Finland (Jyvaskyla): ftp.jyu.fi//info-mac/util/MacPGP2.2.sea

Germany (Hannover): ftp.rrzn.uni-hannover.de//pub/info-mac/util/pgp.hqx

Japan (Tokyo): ftp.center.osaka-u.ac.jp//info-mac/util/pgp.hqx

Japan (Tokyo): ftp.iij.ad.jp//pub/info-mac/util/pgp.hqx

Japan (Tokyo): ftp.u-tokyo.ac.jp//pub/info-mac/util/pgp.hqx

Netherlands (Wageningen): ftp.fenk.wau.nl//pub/mac/info-mac/util/pgp.hqx

Republic of Singapore (Singapore): ftp.nus.sg//pub/mac/util/pgp.hqx

Sweden (Lund): ftp.lth.se//mac/info-mac/util/pgp.hqx.Z

Sweden (Uppsala): ftp.sunet.se//pub/mac/info-mac/util/pgp.hqx

Switzerland (Zurich): nic.switch.ch//mirror/info-mac/util/pgp.hqx

Taiwan (Hsinchu): ftp.edu.tw//Macintosh/info-mac/util/pgp.hqx

UK (London): src.doc.ic.ac.uk//packages/info-mac/util/pgp.hqx.gz

-----END ROT13 SIGNED MESSAGE-----

-----BEGIN ROT13 SIGNATURE-----
Whar fvkgu avargrra uhaqerq avargl sbhe. Sbhegubhfnaqgra punenpgref va
frirauhaqerqrvtuglrvtug jbeqf bs baruhaqerq yvarf.
-----END ROT13 SIGNATURE-----





From mpd at netcom.com  Mon Jun 13 22:56:20 1994
From: mpd at netcom.com (Mike Duvos)
Date: Mon, 13 Jun 94 22:56:20 PDT
Subject: (None)
Message-ID: <199406140555.WAA10542@netcom.com>


hughes at ah.com (Eric Hughes) writes:

> One has already been created:  alt.numbers.random

> You may post factorizations of peoples public keys to
> alt.numbers.prime, as well.

I can't seem to find any newsgroups on Netcom containing "numbers"
in the name.  Should I complain?

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From sameer at c2.org  Mon Jun 13 23:19:23 1994
From: sameer at c2.org (sameer)
Date: Mon, 13 Jun 94 23:19:23 PDT
Subject: The NEXUS-Berkeley is now on-line
Message-ID: <199406140615.XAA16102@infinity.c2.org>


[Note: you haven't been subscribed to nexus-berkeley at c2.org without
your permission.. you're on a list that this message has been Bcc`d
to, if you are not subbed to nexus-berkeley at c2.org]

	-- Community ConneXion: The NEXUS-Berkeley is now on-line --

-- Please distribute widely.

	After many months of planning, thinking, frustration, and hard
work, Community ConneXion: The NEXUS-Berkeley is now on-line and ready
to begin its work.
	We've been thinking and dreaming about this for the past two
years. Finally we've made it into a reality.

	Community ConneXion (c2, c^2, or c-squared) has been founded
in order to build up a strong community in the internet both locally
and globally. We are linked into the worldwide NEXUS-Gaia movement
which is building up a worldwide community of like-minded
network-oriented individuals.

	We've realized that the internet is not about the protocols
nor the universities nor the corporations nor the politics which form
the basic infrastructure. All these things are merely the
facilitators, the parts which come together to produce the whole; the
internet is about people communicating and making connections with
each other-- forming the social infrastructure.
	We've appeared in order to facilitate these connections.

	We've setup shop here in the SF Bay Area and we will integrate
virtuality and reality. It is possible for virtual communities to
merge into, supplement, and sometimes even create "real"
flesh communities.

	In order to build up this community we've put some computers
on the internet and have started offering services. These are quality
services provided at a low cost, with an emphasis on community
involvement. We emphasize privacy because there can be no strong
community where people fear their neighbors. By allowing people to
selective reveal themselves, we make easier for them to break down the
walls of prejudice which come between people in social interactions.

	We're offering mailboxes, shell accounts, anonymous remailing
services, ftp space, domain names, mail exchanging, strong
psuedonymous identities, and more as time goes on.
	We're building up a barter-coupon system so that volunteers
who help our community can earn credits to use to buy more services
from our system or, as the NEXUS-Gaia project grows, from Nexi around
the world. The barter-coupon system is implemented using a secure and
private anonymous digital cash scheme.
	We're asking for help from people to build our community. It
can't be done with only a few people. Everyone involved can help out
to build the system. A community is a group effort. As we build the
community we improve our lives.

	For more information and to sign up, use your favorite
World-Wide-Web browser to look at http://www.c2.org or, if you don't
have access to a WWW browser, telnet to c2.org and login as
"guest". Most services are offered with an initial two week free trial
period.
	In order to subscribe to our mailing list, send the message
"subscribe nexus-berkeley" to majordomo at c2.org. (From a UNIX prompt:
"echo subscribe nexus-berkeley | mail majordomo at c2.org") If you have
any questions, send mail to info at c2.org.

-sameer
Community ConneXion: The NEXUS-Berkeley
Voice: 510-841-2014 (not yet active)
Pager: 510-321-1014
Email: info at c2.org





From sameer at c2.org  Tue Jun 14 00:30:00 1994
From: sameer at c2.org (sameer)
Date: Tue, 14 Jun 94 00:30:00 PDT
Subject: (None)
In-Reply-To: <9406140418.AA26651@ah.com>
Message-ID: <199406140727.AAA17309@infinity.c2.org>


> 
>    Might it be appropriate, though, to create an alt group for that purpose?
> 
> One has already been created:  alt.numbers.random
> 
> Check it out; it's really there, and needs some traffic.  In order to
> make the numbers really look random (in order to satisfy the group
> charter), though, please strip off any PGP headers before posting.
> 
> You may post factorizations of peoples public keys to
> alt.numbers.prime, as well.
> 
> Thanks to Eric Hollander for actually creating the group.  The two of
> us have lots more in the alt.numbers.* hierarchy.
> 
> Er, software to effectively use this forum would be appreciated.
> 
> Eric
> 

	It is possible to use the blind anonymous server running on
admin at omega.c2.org to create an identity for which posts are made to
pools. You would merely have to create a path which goes to
remailer at soda and from there the path should direct remailer at soda to
post to the pool.
	In time remail at c2.org will be able to post to newsgroups. At
this time remail at c2.org *does* have news capability, but outside
newsgroups (only a few local groups and mail->news gateways are
active) are not working yet on the Community ConneXion system.


-- 
sameer						Voice:   510-841-2014
Network Administrator				Pager:	 510-321-1014
Community ConneXion: The NEXUS-Berkeley			sameer at c2.org




From sameer at c2.org  Tue Jun 14 00:47:57 1994
From: sameer at c2.org (sameer)
Date: Tue, 14 Jun 94 00:47:57 PDT
Subject: Opportunity to Earn NexusBucks (a MagicMoney currency)
Message-ID: <199406140746.AAA17509@infinity.c2.org>


	There are a few user interfaces and client programs I'd like
to have written, but I lack the time, so I am making an offering of
NexusBucks for those who would like to write the user interfaces and
put them into the public domain (or GPL-- any freely redistributable
liscence will do.)

Terms:
	Community ConneXion: The NEXUS-Berkeley will pay a negotiated
sum of NexusBucks to identities who write software for the
NEXUS-Berkeley. The author of the software may retain full copyright
of the software as long as the software is made freely redistributable
under the GPL (GNU Public License) or a similar system.

	For more details about NexusBucks, look at
http://www.c2.org/nexbucks

	What I'd like written:

1) A client program for the blind anonymous server. I've already
written a very rudimentary client program but it lacks dynamic checks
to see which remailers are up (I'd imagine it could do this by
fingering one of the "active-remailers" lists and parsing that
output-- one such list is running on remail at c2.org) and error
checking. It's very possible that someone might just want to take my
work and improve upon it.

2) A front-end to the MagicMoney client and server. Again, I've
written a rudimentary user interface to work with the perl wrapper
that I've put around Pr0duct Cypher's server, but it is still a rather
clunky interface. It could use improvement.

	If you have any other ways you might be able to help out, by
writing code or in some other fashion, please send mail to
volunteer at c2.org. Also look at http://www.c2.org/nexbucks/earn.html


-- 
sameer						Voice:   510-841-2014
Network Administrator				Pager:	 510-321-1014
Community ConneXion: The NEXUS-Berkeley			sameer at c2.org




From rishab at dxm.ernet.in  Tue Jun 14 03:22:27 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Tue, 14 Jun 94 03:22:27 PDT
Subject: How many on cypherpunks?
Message-ID: <gate.47DXNc1w165w@dxm.ernet.in>


> It was at about 700 subscribers for several months, then the first big
> "outage" a month or so ago caused the number to drop way off. Last I
> checked (send the message "who cypherpunks" to majordomo at toad.com),
> there were about 400 subscribers. (It is likely that many of the
> original "700 Club" were casual subscriber, dormant accounts,
> gateways, whatever.)
> 
> And the list just suffered a second wipe-out of the subscriber list,
> so I don't know right now how many are even seeing this.

My week-old 'who' shows 450; yesterday's shows 180. I see this second outage
as an omen - the cypher gods want less traffic ;-)

So I'm _not_ going to send a mailer to the differential list of users I have,
this time!

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh                                    They came for the Jews,
                                    and I was silent because I was not a Jew;
rishab at dxm.ernet.in                        They came for the Trade Unionists,
                                     and I did not protest, because I did not
Voice/Fax/Data +91 11 6853410                        belong to a trade union;
Voicemail +91 11 3760335      They came for the Catholics, and I said nothing
                                                because I was not a Catholic;
H 34C Saket                                        And then they came for me.
New Delhi                            There was no one left to say anything...
INDIA                                                   ----Father Niemoeller





From jpb at gate.net  Tue Jun 14 05:23:24 1994
From: jpb at gate.net (Joseph Block)
Date: Tue, 14 Jun 94 05:23:24 PDT
Subject: How irritating are anon encrypted pgp messages
In-Reply-To: <199406140315.UAA01032@netcom.com>
Message-ID: <199406141223.IAA37169@inca.gate.net>


Tim writes:
> I wrote:
> > Personally, I don't like them.  I can see that there are times when someone
> > would not want anyone to know what the recipient's email address is, but it is
> > just more noise to filter for everyone else.  I'm on several other mailing
> 
> The situation here is that _sender_ does not know the e-mail address
> of the recipient!
> 
> Whether these messages are a good thing or not is a different issue,
> but the fact is that what are seeing here is the use of the
> Cypherpunks mailing list as a "message pool."

If there is demand for this, someone should set up a message pool list, not
use cypherpunks.  If there was a pool list, I'm sure it would get traffic.




From cardtris at umich.edu  Tue Jun 14 06:31:15 1994
From: cardtris at umich.edu (Jennifer Mansfield-Jones)
Date: Tue, 14 Jun 94 06:31:15 PDT
Subject: DNA
In-Reply-To: <Pine.3.85.9406131137.A7527-0100000@cor.sos.sll.se>
Message-ID: <Pine.3.89.9406140939.A4507-0100000@pliny.ccs.itd.umich.edu>


    For those who only look at the first screenful, a place to
go for fairly current details on gene sequencing is:

  Hillis, David M. and Moritz, Craig, eds.  1990.
     _Molecular Systematics_  Sinauer: Sunderland, MA.

    The most convenient way of keeping DNA is dried.  That, as I
understand it, is what the military are trying to do.  The idea
isn't, yet at least, actually to sequence it.  You don't need a
sequence for unambiguous identification.  The gimmick is RFLP:
restriction fragment length polymorphism.  You take a DNA sample
(in solution) from the unknown: say skeletal remains that might
be those of some MIA.  You expose that to enzymes that cut DNA in
specific locations depending on the DNA base-pair sequence of the
strands.  These enzymes are called restriction endonucleases --
hence the name of the technique.  Depending entirely on the DNA
sequence, the sample will get cut in a bunch of places giving a
bunch of DNA scraps of various different lengths.  You can get
chunks of different sizes to separate out by speed of movement
through a gel under an electric field.  According to preference,
you can then use either a stain or radioactive markers to tell
where in the gel the DNA fragments are.  If the pattern of
fragment migration is the same between the known and unknown, you
can now fit a name to the bones.  But, if the patterns aren't the
same, the DNA sequences the restriction enzymes looked for
weren't in the same places in the two samples.  That means they
couldn't have come from the same person.

    This is a bit of an oversimplification.  A lot of human DNA
has its restriction sites in the same places you'd find in apes,
never mind other humans.  Total DNA similarity between humans
and chimps is better than 90% overall.  Specific zones, called
hypervariable sequences, are the only ones really useful for
individual ID by DNA.  It also works very well for parentage
analysis.  So you might be able to identify an unknown sample
without a previous reference from that person if you could still
get samples from that individual's parents.

On Mon, 13 Jun 1994, Mats Bergstrom wrote:
> countries. These samples are usually frozen and saved for decades (for
> the purpose of comparison if the individual should fall ill; and for
> research if something might get interesting) at most laboratries. DNA-
> analysis efter thawing is no big deal with modern techniques. So if one

    The point I got a chuckle out of was the notion of freezing
blood samples as a routine thing.  To get much use at a molecular
level (either DNA or protein structure) out of frozen samples
over the long term (more than weeks) you have to keep it at -70C
or better.  People who study DNA are utterly paranoid about
freezer failure.  If they leave town, they may leave the cat
with an automatic feeder but they need someone to visit the
freezer once or twice a day and make sure it's okay.  If building
power fails (not that uncommon in old university science
buildings) you need a generator or a quick load of liquid
nitrogen to keep your frozen treasure from being ruined.  If
drying works, that's what will be used.

    I don't know, not being in that specialty myself, how good
the preservation quality of dry-stored DNA really is.  I can
easily imagine it being good enough for actual sequencing if it
had been quickly freeze-dried and stored under nitrogen instead
of air.  I'm not sure of that, though, and if preservation isn't
perfect sequencing could become a problem without making
identification impossible.  DNA is terribly sensitive to all
kinds of damage, and enzymes already present in the blood or
tissue will tear it up given half a chance.

    Re genomic analysis: yes, it's certainly true that DNA
sequencing is doable at the moment on the scales the human genome
would require, in the same sense that space flight was doable in
the fifties.  It's logical to predict that it will only get
easier as automatic sequencers get better.  The closest tome I
happened to grab quotes the length of the human genome at about
2.9 x 10^9 base pairs.  The fact that there are four possible
bases (2 bits) gives you a 5.8 billion bit storage issue.  Not
that intractable for storage and analysis, especially given that
some compression technques that wouldn't work well for most data
would be applicable.

James Hicks comments -
>"Single Cell" polymerase chain reaction (PCR) is being done in the lab now.
>Theoretically all you need is one cell and you can amplify any DNA
>sequence from the genome that you want.

    PCR makes tiny sample sizes a lot less of a problem than they
used to be, but it has the same problems any extremely sensitive
amplifier does.  It amplifies everything.  If there's the least
contamination of the sample with any other DNA, the analyst is
in trouble.  Suppose you vaccuum a chair.  You get some skin from
me, some skin from N other people, umpteen dust mites and the
foot of a crushed roach.  Given the way the enzymes in the dead
cells would have torn up the DNA, you may get nothing but if
you get anything, the bugs win.  Research labs have had terrible
trouble with contamination - some PCR amplified "human" DNA
in the big databases turns out to look suspiciously like yeast.

and //mb adds -
>the streets for saliva every morning at 3am and whipping the flesh of all
>offenders.

    Saliva would give the same problem.  Nobody's mouth is sterile,
and my normal bacterial flora is a lot better protected against
the digestive enzymes in saliva than shed cells from my mouth are.

    Given all that, if anyone is still awake, it's the step
*after* all the sequencing that's the biggie... at least for
anything beyond simple ID.  You've got a sequence: what does it
do?  A lot of the time, nothing.  Lots of animal DNA doesn't ever
get used for anything obvious and seems to be along for the ride.
You have to distinguish live data from red herrings.  Then if
you're looking for genetic predictors of disease, you can't
just say that *any* change in a particular gene is a red flag --
there's  a lot of function-neutral variation.  You'd be denying
insurance coverage to very safe risks and losing money.  But
when a change is *not* function-neutral, it may only take one
base-pair change. Sickle-cell anemia is produced by just one "typo".

    What makes it even harder is that most genetic
predispositions to disease probably aren't single, consistent,
easy to spot changes.  A lot of the ones we know about are,
but only because those are the ones it's easy to find.
Considering that interaction effects really aren't well studied
even in pharmacology where they've been known longer (What
happens when somebody mixes prozac with alcohol and marijuana?
The last time I checked Medline nobody had looked.) I think it
will take a long time to sort out problems that have something
to do with several genes plus an environmental trigger.

    The problem may not be big enough to be formally called
intractable, in the cryptographic sense, particularly if one
makes the customary (sensible) assumptions about processing
power increases, but it still looks big enough to be interesting.

    Sequencing is necessary for some of the 1984ish outcomes
predicted, but not sufficient.  Conversely you can do a lot of
unpleasant discriminatory things to people on the insurance front
without knowing their DNA sequence -- Down's Syndrome is
extremely obvious and a clear indicator of a bunch of expensive
problems not to mention an early death.

    It looks to me like the issue is worth keeping an eye on,
but contagious diseases in the waiting room are still a better
justification for avoiding the medical profession than a DNA
registry is.
                   regards...

                                      -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Dept. of Biology                             Jennifer Mansfield-Jones
University of Michigan                             cardtris at umich.edu






From mech at eff.org  Tue Jun 14 07:43:24 1994
From: mech at eff.org (Stanton McCandlish)
Date: Tue, 14 Jun 94 07:43:24 PDT
Subject: ALERT!  *one day* to save crypto-privacy provisions of export bill!
Message-ID: <199406141436.KAA17515@eff.org>


ONE DAY DEADLINE!  The House Intelligence Committee will probably make their
decision on this vital issue tomorrow afternoon, Wed. June 15, 1994.  If
you've not had your say on whether the State Dept. & NSA will be allowed to 
continue to restrict the flow of public cryptographic products, write, call
and fax *today*.  Updated fax information for the entire Intelligence Cmte.
is below.  

The Committee seems receptive to hearing alternatives to the extreme position
held by the National Security Agency - what you have to say does matter!


From: gnu at eff.org (John Gilmore)
Subject:  URGENT:  Please Tell Congress to Allow Encryption Export
Reply-To: ask at eff.org (rather than send us email please fax +1 202 225 1991)

        House Intelligence Committee holds key to Crypto Export
         ask at eff.org     June 14, 1994      *DISTRIBUTE WIDELY*

Today, the U.S. State Department controls the export of most
encryption, working closely with the National Security Agency (NSA) to
limit products that provide real privacy, from cell-phones to PC
software.  A bill introduced by Rep. Maria Cantwell would instead give
authority over non-military crypto exports to the Commerce Department.
Commerce has much more reasonable regulations, with "First
Amendment"-style unlimited publishing of publicly available software,
including PGP, Kerberos, RIPEM, RSAREF, and mass-market commercial
software.  The bill also prevents the Commerce Dept. from tightening
the regulations even if NSA somehow gets its tentacles into Commerce.

A few months ago, you-all sent over 5600 messages to Rep. Cantwell in
support of her bill, H.R. 3627.  As a result, on May 18, the bill
passed the House Foreign Affairs Committee by being incorporated into
the Export Administration Act of 1994, H.R. 3937.

Now the battle has become more intense.  This portion of H.R. 3937 has
been referred to the House Intelligence Committee with the intent to
kill or severely maim it.  We need your help again, to urge the
Intelligence Committee to keep crypto export liberalization intact.

The House and Senate Intelligence Committees, the only watchdogs for
the NSA, tend to follow the agency's wishes when they wave the magic
"national security" wand.  They need plenty of input from the public
that tells them that the nation will be *more* secure with good
encryption, even though the NSA will be less happy.

Not just computer users, but all users of telephones, cable TV, health
care, and credit information systems would benefit from this change.
The security of these applications is built on the foundation laid by
the operating systems and network protocols on which they run.  If
this bill is passed, you will see high quality encryption built into
Microsoft Windows, into the MacOS, into major Unix workstations, into
the Internet, into cellular phones, into interactive television.  The
software already exists for confidentiality, privacy, and security of
local and networked information, but it's not built-in to these
systems because of the export ban.  Today, each company could build
two operating systems, one gutted for international use, but this
would be costly and confusing for them and their customers, and would
not allow international networks such as the Internet or telephones to
be made secure and private.  With this bill, these limits disappear.

Furthermore, the Clinton Administration plans to permit high volume
exports of Clipper products, while continuing to require tedious
paperwork for truly secure encryption products.  The bill would give
Clipper and other crypto software more even-handed treatment.

The bill also eliminates a senseless situation on the Internet.
Today, crypto software can only be freely distributed from non-U.S.
archive sites.  It would eliminate that problem as well as the threat
of prosecution against U.S. freeware authors of crypto software.

This is the dream we've all been working toward.  Here's how you can
help to make this dream a reality.  The Intelligence Committee must
make its decision on the bill before June 17, so time is critical:

1) Fax a short letter TODAY to the chair of the Intelligence
Committee, Representative Dan Glickman (D-KS).  Ask him in your own
words to leave the encryption provisions of H.R. 3937 intact.  Use a
positive tone ("Please support...") rather than a flame or a rant.
One paragraph is fine.  State your title and organization if you will
look more important or better informed than the average citizen.  Rep.
Glickman's committee fax number is +1 202 225 1991.  This is the best
option, since individual letters are given the most weight by members
of Congress, particularly when sent on letterhead paper.

2) If you are unable to fax a letter, send an e-mail message to Rep.
Glickman at glickman at eff.org.  Software or staff at the Electronic
Frontier Foundation will either fax it in, or print it out and
hand-deliver it for you.

3) Send a copy of this message to everyone you know in Kansas, and
personally urge them to write to Rep. Glickman today.  Letters from
constituents get a lot more weight, since they are from people who
could actually vote for or against him in the next election.

4) If your own Representative is on the Intelligence Committee, send
him or her a copy of what you sent Rep. Glickman.  There's a list of all
such Reps. below.  Even if we lose this battle, you will have started
educating your own Rep. about crypto policy.

5) Become a member of EFF.  Our strength comes from our members' strength.
Send a note to membership at eff.org asking how to join.

Thanks again for your help!  You can check at any time on the current
status of the campaign at the location below.  Send any comments on
this campaign to campaign at eff.org.


John Gilmore
Chairman, EFF Crypto Committee
EFF Board of Directors
Member of Computer Professionals for Social Responsibility
Member of International Association for Cryptologic Research


House Intelligence Committee Members
------------------------------------

Subcommittee phone:  +1 202 225 4121
Subcommittee fax:    +1 202 225 1991    <== send your fax HERE <==


p st name                     phone             fax
___________________________________________________________________________
D KS Glickman, Daniel         +1 202 225 6216   +1 202 225 5398    Chair 
 [Glickman fax number just released]
D WA Dicks, Norman D.         +1 202 225 5916   +1 202 226 1176
D CA Dixon, Julian C.         +1 202 225 7084   +1 202 225 4091
D NJ Torricelli, Robert       +1 202 224 5061   +1 202 225 0843
D TX Coleman, Ronald D.       +1 202 225 4831   +1 202 225 4831
 [Coleman's staff manually switch line to fax if they hear fax tones.
 Preceeding your fax with a voice call might help]
D CO Skaggs, David E.         +1 202 225 2161   +1 202 225 9127
D NV Bilbray, James H.        +1 202 225 5965   +1 202 225 8808
D CA Pelosi, Nancy            +1 202 225 4965   +1 202 225 8259
D TX Laughlin, Gregory H.     +1 202 225 2831   +1 202 225 1108
D AL Cramer Jr, Robert (Bud)  +1 202 225 4801   private
 [Cramer's fax number just released]
D RI Reed, John F.            +1 202 225 2735   +1 202 225 9580
D MO Gephardt, Richard A.     +1 202 225 2671   +1 202 225 7452
R TX Combest, Larry           +1 202 225 4005   +1 202 225 9615
R NE Bereuter, Douglas        +1 202 225 4806   +1 202 226 1148
R CA Dornan, Robert K.        +1 202 225 2965   private
 [Dornan's public fax disconnected; office refuses to divulge a fax number]
R FL Young, C. W. (Bill)      +1 202 225 5961   +1 202 225 9764
R PA Gekas, George W.         +1 202 225 4315   +1 202 225 8440
R UT Hansen, James V.         +1 202 225 0453   +1 202 225 5857
R CA Lewis, Jerry             +1 202 225 5861   +1 202 225 6498
R IL Michel, Robert H.        +1 202 225 6201   +1 202 225 9461

The full text of this alert is stored at:

  ftp.eff.org, /pub/Alerts/export.alert
  gopher.eff.org, 1/Alerts, export.alert
  http://www.eff.org/pub/Alerts/export.alert
  BBS (+1 202 638 6120, 8N1): "Alerts" file area, export.alt

The actual text of this part of H.R. 3937 is at:

  ftp: ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt
  gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export, hr3937_crypto.excerpt
  http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt
  BBS: "Privacy--Crypto" file area, hr3937.crp

For current status on the bill:

  ftp.eff.org, /pub/Alerts/export_alert.update
  gopher.eff.org, 1/Alerts, export_alert.update
  http://www.eff.org/pub/Alerts/export_alert.update
  BBS: "Alerts" file area, export.upd

A general Web page on crypto export policy is at:

  http://www.cygnus.com/~gnu/export.html

*****************************************************************************


-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From perry at imsi.com  Tue Jun 14 07:56:02 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 14 Jun 94 07:56:02 PDT
Subject: As I delurk, a question... (Clipper)
In-Reply-To: <Rm9DRcvcwapi@sendai.cybrspc.mn.org>
Message-ID: <9406141455.AA20440@snark.imsi.com>



Roy M. Silvernail says:
> The thought occurs... the NSA doesn't seem particularly distressed that
> Clipper's LEAF can be spoofed and rendered unusable.  Could this
> indicate that the LEAF isn't really necessary to retrieve the session
> key after all?

Anything is possible. I'd say that it is more likely that this
indicates that the NSA is embarrassed by the entire episode, and that
they are planning on releasing a fix to the EES. Each of these,
seperately or together, is sufficient explanation.

I don't think they'd deliberately weaken the system. Doing so would be
too politically damaging to them in the long run. I believe they have
honestly built the best system they can. That does not mean it is
acceptable. Their honesty does not make the plan something that free
people should allow to be imposed upon them. However, I believe that
they are being reasonably honest. Even assuming honesty, the whole
thing reeks.

Perry





From perry at imsi.com  Tue Jun 14 09:01:02 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 14 Jun 94 09:01:02 PDT
Subject: Cantwell Bill
Message-ID: <9406141600.AA27248@webster.imsi.com>


For those who haven't been paying attention, the Cantwell Bill could
die in the intelligence committee. Please pay attention to Stanton
McCandlish's alert from EFF and act on it TODAY. Call up those
congressmen! When I called, most of them indicated they hadn't heard
from people. Make the phone ring off the hook with concern that this
measure pass!

As always...

Be polite when speaking to congressional staff. Realize that they
don't know anything about what you are talking about and are just
going to record names, addresses, and "supports HR XXXX" when you
call. Be clear and fairly quick and always be nice to them.

Perry





From catalyst-remailer at netcom.com  Tue Jun 14 09:17:14 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Tue, 14 Jun 94 09:17:14 PDT
Subject: Cantwell Bill
Message-ID: <199406141617.JAA06889@mail2.netcom.com>


Perry wrote,

>For those who haven't been paying attention, the Cantwell Bill could
>die in the intelligence committee. Please pay attention to Stanton
>McCandlish's alert from EFF and act on it TODAY. Call up those
>congressmen! When I called, most of them indicated they hadn't heard
>from people. Make the phone ring off the hook with concern that this
>measure pass!

I *cannot* figure out why nobody has responded in a week to this
new revelation, as it has total relevance to the Cantwell Bill!
Once again,

Sumex-aim.stanford.edu, the internet's biggest Mac ftp archive has
been *EXPORTING* MacPGP2.2, many times a day, every day for over
a YEAR. This is automatic, since there are mirror sites in most
countries on the internet, including Singapore and China. *Had*
someone picked up on this sooner, there would still be time to spread
the word to the point where congresscritters would know this was
going on.

I don't care any more. Y'all deserve what y'git. I send my fax.






From fhalper at pilot.njin.net  Tue Jun 14 09:31:08 1994
From: fhalper at pilot.njin.net (Frederic Halper)
Date: Tue, 14 Jun 94 09:31:08 PDT
Subject: Matt Blazes paper
Message-ID: <9406141630.AA11739@pilot.njin.net>


Can anyone tell me where the apaper Matt Blaze wrote on Tessera can be found?
preferably in a non postscript form.
Thanks,
Reuben Halper





From sandfort at crl.com  Tue Jun 14 09:46:41 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 14 Jun 94 09:46:41 PDT
Subject: As I delurk, a question... (Clipper)
In-Reply-To: <9406140402.AA15052@federal-excess.apple.com>
Message-ID: <Pine.3.87.9406140914.A12250-0100000@crl2.crl.com>


C'punks,

On Mon, 13 Jun 1994, Sidney Markowitz wrote:

> . . .
> As I read the official pronouncements of representatives of the U.S.
> government and especially the NSA, I can't figure out what they do hope to
> achieve. Can anyone else on this list make sense of it?

Remember the instructions for cooking a live frog.  The government does 
not intend to stop until they have effectively eliminated your privacy.

STEP 1:  Clipper becomes the de facto encryption standard.

STEP 2:  When Cypherpunks and other "criminals" eschew Clipper in favor
	 of trusted strong crypto, the government is "forced" to ban 
	 non-escrowed encryption systems.  (Gotta catch those pedophiles, 
	 drug dealers and terrorists, after all.)

STEP 3:  When Cypherpunks and other criminals use superencryption with 
	 Clipper or spoof LEAFs, the government will regretably be forced 
	 to engage in random message monitoring to detect these illegal 
	 techniques.

Each of these steps will be taken because we wouldn't passively accept 
such things as unrestricted wiretaps and reasonable precautions like 
digital telephony.  It will portrayed as our fault.  Count on it.

Will such a scenario come about?  Yes, if the government has its way.  No,
if Cypherpunks do their job.  I know the government will do its damnest,
but I'm betting on the Cypherpunks.  It's only us against all the
governments of the world.  (They haven't got a chance!)


 S a n d y













From perry at imsi.com  Tue Jun 14 09:53:08 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 14 Jun 94 09:53:08 PDT
Subject: Matt Blazes paper
In-Reply-To: <9406141630.AA11739@pilot.njin.net>
Message-ID: <9406141652.AA20695@snark.imsi.com>



Frederic Halper says:
> Can anyone tell me where the apaper Matt Blaze wrote on Tessera can be found?
> preferably in a non postscript form.

Its not available in non-postscript form.

The postscript version is in the directory ftp://research.att.com/dist/mab

Perry





From darklord+ at CMU.EDU  Tue Jun 14 09:53:37 1994
From: darklord+ at CMU.EDU (Jeremiah A Blatz)
Date: Tue, 14 Jun 94 09:53:37 PDT
Subject: Remailer REORDER not DELAY
In-Reply-To: <9406121728.AA24306@fnord.lehman.com>
Message-ID: <QhzS1SG00iV0I3ap9f@andrew.cmu.edu>


Excerpts from internet.cypherpunks: 12-Jun-94 Re: Remailer REORDER not
DE.. by Rick Busdiecker at lehman.c 
> I think that there's a reasonable compromise in here somewhere.  It
> might even address some other concerns that people could have about
> the costs of running remailers, e. g. storing a zillion messages for
> 24 hours.

[scheme to send out messages in pseud0-randon spurts deleted]

I belive the problem is that you can trace a message back to its source
by anazyzing when the messages are sent. Let's say you're watching
Angie's net connection because you think she is guilty of Thoughtcrime.
At 12:34, Andie sends an encrypted message to soda. Say that soda hasn't
received any messages for 5 hours before 10:14, then receives 4 between
10:15 and the time Angie's mailer connects to port 25 of soda's
remailer. You wait until soda spits out 4 messages, then the 5th is
Angie's. You do this through the entire remailer chani, and when Angie's
message gets to its destination, you can see it, and trace it back to
her.

This is bad.

Now, if soda had queued a few messages, then spit them out in random
order in random chuinks, traffic analysis would be much less effective.

For examples of how evil traffic analysis can be, just watch a few
episodes of Deep Space Nine. I shudder whenever Otto says "Quark, you
have sent 5 messages to the Romulan high command this week." or whatever.

Jer

darklord at cmu.edu | "it's not a matter of rights  / it's just a matter of war
finger me for my |  don't have a reason to fight / they never had one before"
   Geek Code and |                                    -Ministry, "Hero"
  PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/





From mpj at netcom.com  Tue Jun 14 10:21:07 1994
From: mpj at netcom.com (Michael Paul Johnson)
Date: Tue, 14 Jun 94 10:21:07 PDT
Subject: Where to get the latest PGP
Message-ID: <Pine.3.89.9406141015.A369-0100000@netcom14>



-----BEGIN PGP SIGNED MESSAGE-----


WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP)
(Last modified: 13 June 1994 by Mike Johnson)


WHAT IS THE LATEST VERSION?

Platforms  | Released   | Version  | Notes & restrictions
           | by and for |          | Other restrictions may apply.
- -----------------------------------------------------------------------------
DOS & Unix | Viacrypt   | 2.4      | 100% Legal for both personal and 
           | for use in |          | commercial use.  Not for export from
           | North      |          | the USA and Canada.  It is commercial
           | America    |          | copyrighted software, prices below.
           |            |          | Source code not available.
           |            |          | Viacrypt will soon release version 2.7
           |            |          | that will be compatible with MIT's 2.6
           |            |          | Max RSA key: 1264 bits.
- -----------------------------------------------------------------------------
Dos, Unix, | MIT        | 2.6      | Uses RSAREF.  Not for use in any
Macintosh  | for use in |          | application that you get paid for.
           | North      |          | FREE.  Complete source code available.
           | America    |          | Patents licensed for personal use only.
           |            |          | Not for export from the USA or Canada.
           |            |          | Not fully compatible with PGP 2.3a or
           |            |          | Viacrypt PGP 2.4.
           |            |          | Max RSA key: 1024 bits.
- -----------------------------------------------------------------------------
Dos & Unix | mathew@    | 2.6ui    | Does NOT use RSAREF.  No RSA patent
           | mantis.co  |          | problems outside the USA.
           | .uk for use|          | FREE.  Complete source code available.
           | outside    |          | IDEA licensed for personal use only in
           | the USA    |          | countries where the IDEA patent holds.
           |            |          | RSADSI claims this product would
           |            |          | infringe on its patents if used in the
           |            |          | USA.  Compatible with all current PGPs.
           |            |          | Contact mathew at mantis.co.uk if you have
           |            |          | contributions or suggestions for the
           |            |          | coming version 2.7ui, which will feature
           |            |          | a longer RSA key length limit.
           |            |          | If imported to the USA, don't export.
           |            |          | Max RSA key: 1264 bits.
- -----------------------------------------------------------------------------
Macintosh  |            | 2.3aV1.1 | Use extremely limited by patents in USA.
           |            | or       | 
           |            | 2.3aV1.2 | 
- -----------------------------------------------------------------------------
DOS & Unix | David      | 2.3b     | Use extremely limited by patents in USA.
           | Cosenza    |          | RSA key modulus lengths up to 4080 bits
           |            |          | supported.  Compatible with PGP 2.3a and
           |            |          | PGP 2.6.  Not for export from the USA
           |            |          | and Canada.  Max RSA key: 4080 bits.
- -----------------------------------------------------------------------------
Amiga      |            | 2.3a3    | Use extremely limited by patents in USA.
- -----------------------------------------------------------------------------
Note:  there are other version numbers floating around on the net from code
that has been altered by individuals for their own use.


WHERE CAN I GET VIACRYPT PGP?

If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in
Phoenix, Arizona, USA.  The commecial version of PGP is fully licensed to use
the patented RSA and IDEA encryption algorithms in commercial applications,
and may be used in corporate environments in the USA and Canada.  It is fully
compatible with, functionally the same as, and just as strong as the freeware
version of PGP. Due to limitations on ViaCrypt's RSA distribution license,
ViaCrypt only distributes executable code and documentation for it, but they
are working on making PGP available for a variety of platforms.  Call or
write to them for the latest information.  The latest version number for
their version of PGP is 2.4.  Prices shown include release of version 2.7
if you buy your copy after May 27, 1994 (otherwise the upgrade will be about
US$10).

Viacrypt's licensing and price information is as follows:

ViaCrypt PGP for MS-DOS             1 user        $  99.98
ViaCrypt PGP for MS-DOS             5 users       $ 299.98
ViaCrypt PGP for MS-DOS       20 users or more, call ViaCrypt


ViaCrypt PGP for UNIX               1 user        $ 149.98
ViaCrypt PGP for UNIX               5 users       $ 449.98
ViaCrypt PGP for UNIX         20 users or more, call ViaCrypt

ViaCrypt PGP for WinCIM/CSNav       1 user        $ 119.98
ViaCrypt PGP for WinCIM/CSNav       5 user        $ 359.98
ViaCrypt PGP for WinCIM/CSNav 20 users or more, call ViaCrypt


If you wish to place an order please call 800-536-2664 during the
hours of 8:30am to 5:00pm MST, Monday - Friday.  They accept VISA,
MasterCard, AMEX and Discover credit cards.

If you have further questions, please feel free to contact:

Paul E. Uhlhorn
Director of Marketing, ViaCrypt Products
Mail:          2104 W. Peoria Ave
               Phoenix AZ 85029
Phone:         (602) 944-0773
Fax:           (602) 943-2601
Internet:      viacrypt at acm.org
Compuserve:    70304.41


WHERE CAN I GET THE FREEWARE PGP FOR USE IN THE USA AND CANADA?

MIT-PGP is for U. S. and Canadian use only, but MIT is only distributing it
within the USA (due to some archaic export control laws). 

1.  Read ftp://net-dist.mit.edu/pub/PGP/mitlicen.txt and agree to it.
2.  Read ftp://net-dist.mit.edu/pub/PGP/rsalicen.txt and agree to it.
3.  Telnet to net-dist.mit.edu and log in as getpgp.
4.  Answer the questions and write down the directory name listed.
5.  QUICKLY end the telnet session with ^C and ftp to the indicated directory
    on net-dist.mit.edu (something like /pub/PGP/dist/U.S.-only-????) and get
    the distribution files (pgp26.zip, pgp26doc.zip, pgp26src.tar.gz,
    MacPGP2.6.sea.hqx, and MacPGP2.6.src.sea.hqx).
    If the hidden directory name is invalid, start over at step 3, above.

You can also get PGP 2.6 from:

ftp.csn.net/mpj
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26.zip
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26src.tar
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/
        mac/MacPGP2.6.sea.hqx
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/
        mac/MacPGP2.6.src.sea.hqx
    See ftp://ftp.csn.net/mpj/README.MPJ for the ???????
    See ftp://ftp.csn.net/mpj/help for more help on negotiating this site's
    export control methods.

ftp.netcom.com/pub/mpj
    ftp://ftp.netcom.com/mpj//I_will_not_export/crypto_???????/pgp/pgp26.zip
    ftp://ftp.netcom.com/mpj//I_will_not_export/crypto_???????/pgp/pgp26src.tar
    ftp://ftp.netcom.com/pub/mpj/I_will_not_export/crypto_???????/pgp/
        MacPGP2.6.sea.hqx
    ftp://ftp.netcom.com/pub/mpj/I_will_not_export/crypto_???????/pgp/
        MacPGP2.6.src.sea.hqx
    See ftp://ftp.netcom.com/pub/mpj/README.MPJ for the ???????
    See ftp://ftp.netcom.com/pub/mpj/help for more help on negotiating this 
    site's export control methods.
    TO GET THESE FILES BY EMAIL, send mail to ftp-request at netcom.com
    containing the word HELP in the body of the message for instructions.  
    You will have to work quickly to get README.MPJ then the files before 
    the ??????? part of the path name changes again (several times a day).

ftp.eff.org
    Follow the instructions found in README.Dist that you get from one of:
    ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/README.Dist
    gopher.eff.org, 1/Net_info/Tools/Crypto
    gopher://gopher.eff.org/11/Net_info/Tools/Crypto
    http://www.eff.org/pub/Net_info/Tools/Crypto/

Colorado Catacombs BBS
    Mike Johnson, sysop
    Mac and DOS versions of PGP, PGP shells, and some other crypto stuff.
    Also the home of some good Bible search files and some shareware written
    by Mike Johnson, including DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP, MDIR,
    DELETE, PROVERB, SPLIT, ONEPAD, etc.
    v.FAST/v.32bis/v.42bis, speeds up to 28,800 bps
    8 data bits, 1 stop, no parity, as fast as your modem will go.
    Use ANSI terminal emulation, of if you can't, try VT-100.
    Free access to PGP.  If busy or no answer, try again later.
    Log in with your own name, or if someone else already used that, try
    a variation on your name or pseudonym.  You can request access to 
    crypto software on line, and if you qualify legally under the ITAR,
    you can download on the first call.
    Download file names:  pgp26.zip (DOS version with documentation)
                          pgp26src.tar (Unix version and source code)
                          pgp26doc.zip (Documentation only -- exportable)
                          macpgp26.hqx (MacPGP executables, binhexed .sea)
                          macpgp26.src (MacPGP source, binhexed .sea)
    (303) 772-1062  Longmont, Colorado number - 2 lines.
    (303) 938-9654  Boulder, Colorado number forwarded to Longmont number
                    intended for use by people in the Denver, Colorado area.
    Verified: This morning.

Other BBS and ftp sites do have these files, as well.  I noticed that
PGP26.ZIP is being distributed on FIDONET.


WHERE TO GET THE FREEWARE PGP FOR USE OUTSIDE OF THE USA

The freeware version of PGP is intended for noncommercial, experimental, and
scholarly use.  It is available on thousands of BBSes, commercial information
services, and Internet anonymous-ftp archive sites on the planet called
Earth.  This list cannot be comprehensive, but it should give you plenty of
pointers to places to find PGP.  Although the latest freeware version of PGP
was released from outside the USA (England), it is not supposed to be
exported from the USA under a strange law called the International Traffic in
Arms Regulations (ITAR).  Because of this, please get PGP from a site outside
the USA if you are outside of the USA and Canada.  Even though the RSAREF
license associated with PGP 2.6 from MIT no longer prohibits use outside the
USA, it still carries the not-for-profit restriction that the original RSA
code in PGP 2.6ui doesn't have.  On the other hand, patents on the IDEA
cipher may limit PGP use in your country to nonprofit applications, anyway. 
Indeed, I understand that there are some countries where private electronic
mail is not legal, anyway.

These listings are subject to change without notice.  If you find that PGP has
been removed from any of these sites, please let me know so that I can update
this list.  Likewise, if you find PGP on a good site elsewhere (especially on
any BBS that allows first time callers to access PGP for free), please let me
know so that I can update this list.

Source code (gzipped tar format):
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26ui-src.tar.gz
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26ui-src.tar.gz.sig
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp26ui-src.tar.gz
     * _IT:_
      ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp26ui-src.tar.gz.sig.gz
     * _TW:_ ftp://nctuccca.edu.tw/PC/wuarchive/pgp/pgp26ui-src.tar.gz
     * _TW:_ ftp://nctuccca.edu.tw/PC/wuarchive/pgp/pgp26ui-src.tar.gz.sig.gz

Source code (zip format):
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uis.sig
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uis.zip
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp26uis.sig
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp26uis.zip
     * _TW:_ ftp://nctuccca.edu.tw/PC/wuarchive/pgp/pgp26uis.zip

Executable for DOS (zip format):
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uix.sig
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uix.zip
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp26uix.sig
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp26uix.zip

Other sites to look for the above mentioned files at:

    ftp.informatik.uni-hamburg.de
      /pub/virus/crypto
    ftp.ee.und.ac.za
      /pub/crypto/pgp
    soda.berkeley.edu
      /pub/cypherpunks/pgp (DOS, MAC)
    ftp.demon.co.uk
      /pub/amiga/pgp
      /pub/archimedes
      /pub/pgp
      /pub/mac/MacPGP
    ftp.informatik.tu-muenchen.de
    ftp.funet.fi
    ftp.dsi.unimi.it
      /pub/security
    ftp.tu-clausthal.de (139.174.2.10)
    wuarchive.wustl.edu
      /pub/aminet/util/crypt
    src.doc.ic.ac.uk (Amiga)
      /aminet
      /amiga-boing
    ftp.informatik.tu-muenchen.de
      /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2)
    black.ox.ac.uk  (129.67.1.165)
        /src/security/pgp23A.zip     (MS-DOS executables & docs)
        /src/security/pgp23srcA.zip  (Unix, MS-DOS, VMS, Amiga sources,
                                      docs, info on building PGP into
                                      mailers, editors, etc.)
        /src/security/pgp23A.tar.Z   (Same as PGP22SRC.ZIP, in Unix tar
                                      format)
        /src/security/macpgp2.3.cpt.hqx     (Macintosh version)

    iswuarchive.wustl.edu
      pub/aminet/util/crypt (Amiga)

    ftp.csn.net
      /mpj/public/pgp/ contains PGP shells, faq documentation, language kits.

    ftp.netcom.com
      /pub/dcosenza -- PGP 2.3a and PGP 2.3b (pgp23b.zip)
      /pub/gbe/pgpfaq.asc -- frequently asked questions answered.
      /pub/qwerty -- How to MacPGP Guide, largest steganography ftp site as
                     well.  PGP FAQ, crypto FAQ, US Crypto Policy FAQ,
                     Steganograpy software list. MacUtilites for use with 
                     MacPGP.  Stealth1.1 + other steganography programs.
                     Send mail to qwerty at netcom.com with the subject
                     "Bomb me!" to get the PGP FAQ and MacPGP guide if you
                     don't have ftp access.

    nic.funet.fi  (128.214.6.100)
        /pub/crypt/pgp23A.zip
        /pub/crypt/pgp23srcA.zip
        /pub/crypt/pgp23A.tar.Z

    van-bc.wimsey.bc.ca  (192.48.234.1)
        /m/ftp2/crypto/RSA/PGP/2.3a/pgp23A.zip
        /m/ftp2/crypto/RSA/PGP/2.3a/pgp23srcA.zip

    ftp.uni-kl.de (131.246.9.95)
    qiclab.scn.rain.com (147.28.0.97)
    pc.usl.edu (130.70.40.3)
    leif.thep.lu.se (130.235.92.55)
    goya.dit.upm.es (138.4.2.2)
    tupac-amaru.informatik.rwth-aachen.de (137.226.112.31)
    ftp.etsu.edu (192.43.199.20)
    princeton.edu (128.112.228.1)
    pencil.cs.missouri.edu (128.206.100.207)

StealthPGP:

    The Amiga version can be FTP'ed from the Aminet in 
    /pub/aminet/util/crypt/ as StealthPGP1_0.lha.

Also, try an archie search for PGP using the command:

    archie -s pgp26  (DOS & Unix Versions)
    archie -s pgp2.6 (MAC Versions)

ftpmail:

For those individuals who do not have access to FTP, but do have access
to e-mail, you can get FTP files mailed to you.  For information on
this service, send a message saying "Help" to ftpmail at decwrl.dec.com.
You will be sent an instruction sheet on how to use the ftpmail
service.

Another e-mail service is from nic.funet.fi. Send the following mail message
to mailserv at nic.funet.fi:

    ENCODER uuencode
    SEND pub/crypt/pgp23srcA.zip
    SEND pub/crypt/pgp23A.zip

This will deposit the two zipfiles, as 15 batched messages, in your mailbox
with about 24 hours.  Save and uudecode.

For the ftp sites on netcom, send mail to ftp-request at netcom.com containing
the word HELP in the body of the message.


World Wide Web URLs:

(Thanks to mathew at mantis.co.uk)

  UNIX PGP 2.3a
  
   Compiles best with GCC 2.4.x or higher. A straight port from DOS, so
   hardened UNIX users find it a bit chatty.
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23A.tar.Z
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp23A.tar.Z
     * _NL:_ ftp://svin02.info.win.tue.nl/pub/misc/pgp23A.tar.gz
     * _SE:_ ftp://ftp.sunet.se/pub/security/tools/crypt/pgp23A.tar.gz
     * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/pgp23A.tar.Z
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/pgp23A.tar.Z
     * _FI:_ ftp://ftp.funet.fi/pub/crypt/pgp23A.tar.Z
     * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp23A.tar.Z
       
   
     _________________________________________________________________
   
  MS-DOS PGP 2.3
  
    Program
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23A.zip
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp23A.zip
     * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/pgp23A.zip
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/pgp23A.zip
     * _FI:_ ftp://ftp.funet.fi/pub/crypt/pgp23A.zip
     * _IT:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp23A.zip
       
    Source code
    
   Designed to compile with Turbo C; compiles fine with Microsoft Visual
   C++ also.
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23srcA.zip
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp23srcA.zip
     * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/pgp23srcA.zip
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/pgp23srcA.zip
     * _FI:_ ftp://ftp.funet.fi/pub/crypt/pgp23srcA.zip
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp23srcA.zip
       
   
     _________________________________________________________________
   
  MACPGP 2.3
  
    Program
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.3.cpt.hqx
     * _UK:_ ftp://black.ox.ac.uk/src/security/macpgp2.3.cpt.hqx
     * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/macpgp2.3.cpt.hqx
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/macpgp2.3.cpt.hqx
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3.cpt.hqx
     * _US:_
       ftp://soda.berkeley.edu/pub/cypherpunks/pgp/macpgp2.3.cpt.hqx.gz
       
    Source code
    
   Requires Think C.
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.2src.sea.hqx --
       version 2.2 only
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/macpgp2.3src.sea.hqx.pgp
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3src.sea.h
       qx.pgp
       
    Documentation
    
   PGP is rather counter-intuitive to a Mac user. Luckily, there's a
   guide to using MacPGP in
   ftp://ftp.netcom.com/pub/qwerty/Here.is.How.to.MacPGP.
     _________________________________________________________________
   
  OS/2 PGP
  
   You can, of course, run the DOS version of PGP under OS/2.
   
    Program
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp22os2.zip -- version 2.2
       only, native binaries
     * _DE:_
       ftp://ftp.informatik.tu-muenchen.de/pub/comp/os/os2/crypt/pgp23os2
       A.zip
       
    Source code
     * _DE:_
       ftp://ftp.informatik.tu-muenchen.de/pub/comp/os/os2/crypt/pgp23src
       A.zip
       
   
     _________________________________________________________________
   
  AMIGA PGP
     * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a_3.lha
     * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a_3.lha
       
    Source
     * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a3_src.lha
     * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a3_src.lha
       
   
     _________________________________________________________________
   
  ARCHIMEDES PGP
     * _UK:_ ftp://ftp.demon.co.uk/pub/archimedes/ArcPGP23a
       
   
     _________________________________________________________________
   
  DOCUMENTATION ONLY
  
     * _US:_ ftp://net-dist.mit.edu/pub/PGP/pgp26doc.zip
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26doc.zip
     * _US:_ ftp://ftp.netcom.com/pub/mpj/public/pgp/pgp26doc.zip
     * _US:_ ftp://ftp.ftp.csn.net/mpj/public/pgp/pgp26doc.zip
     * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/pgp23docA.zip
       
   
     _________________________________________________________________
   
  LANGUAGE MODULES
  
   These are suitable for most PGP versions.  I am not aware of any
   export/import restrictions on these files.
   
    German
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_german.txt
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_german.txt
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/PGP_german_docs.lha
 
    Italian
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp-lang.italian.tar.gz
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.italian.tar.gz
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.italian.tar.gz
     
    Japanese
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-msgs-japanese.tar.gz

    Lithuanian
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp23ltk.zip

    Russian
     * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26ru.zip (MIT version)
     * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26uir.zip (ui version)
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp26ru.zip
 
    Spanish
     * _IT:_ ftp://ftp.dsi.umimi.it/pub/security/crypt/pgp-lang.spanish.tar.gz
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.tar.gz
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.spanish.tar.gz
      
    Swedish
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_swedish.txt
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_swedish.txt

  
     _________________________________________________________________
   
  OTHER SITES
  
   Some cryptographic software is available from
   ftp://van-bc.wimsey.bc.ca/pub/crypto/software/. 
   Read the README file and proceed from there.
 

BBS sites:

    Colorado Catacombs BBS
    (See also the entry above for PGP 2.6)
    (303) 772-1062 Longmont, Colorado (2 lines)
    (303) 938-9654 Boulder, Colorado (free call from Denver CO, but 1 line)
    For free access: log in with your own name, answer the questions, then
    select [Q]uestionaire 3 from the [M]ain menu.
    Verified: This morning.

    Hieroglyphics Voodoo Machine (Colorado)
    DOS, OS2, and Mac versions.
    (303) 443-2457
    Verified: 5-2-94
    For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO"
    with the password "NEW" (good for 30 minutes access to free files).

    Exec-Net (New York)
    Host BBS for the ILink net.
    (914) 667-4567

    The Ferret BBS (North Little Rock, Arkansas)
    (501) 791-0124   also   (501) 791-0125
    Special PGP users account:
    login name: PGP USER
    password:   PGP
    This information from: Jim Wenzel <jim.wenzel at grapevine.lrk.ar.us>

If you find a version of the PGP package on a BBS or FTP site and it does not
include the PGP User's Guide, something is wrong.  The manual should always
be included in the package.  If it isn't, the package is suspect and should
not be used or distributed.  The site you found it on should remove it so
that it does no further harm to others.


ARCHIE WHO?

There are many more sites.  You can use archie and/or other "net-surfing"
tools to find a more up-to-date listing, if desired.


- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.4

mQCNAi0aFSUAAAEEAOCOKpaLepvJCFgIR4m+UvZe0IN8g7Guwc+6GH4u6UGTPxQO
iAhk/MJ7E8LE4c55A1G8to2W4y3aKAHvi9QCYKnsLV8Ag0BYWo3bGGTPEfkS7NAI
N+Zy6vSjuF1D6MUnbvrQJ5p4efz7a28iYRKoAdan2bfnvIYWUD9nBjyFM+vFAAUR
tDdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajQgW2V4cCAz
MSBEZWMgOTRdiQCVAgUQLTqfXj9nBjyFM+vFAQGU7wP/ZuuHfdAnCIblNCtbLLG8
39CSg6JIVa3KWfe0WIz6dXFU3cvl2Wt094kJgZ+Nmq01INWlib2lTOznbkA9sV1W
q0aJSBHFWQH29qGmIdEqThs7A5ES2w8eRjJD80lxHodRIkBcC5KI6x4Mxo8cib5V
BrwsvtG0+81HD6Mrpvc+a0GJAJUCBRAtJc2rZXmEuMepZt0BAe4hA/9YANYPY4Z3
1pXv2mT6ReC09cZS5U3+xxC5brQdLsQGKuH6QVs/b5oc6NV84sh8A9tZyHG2067o
3XIEyN7PPQzRm2UUnHHqw9lBCNhMiFQsAJi4W+m8zXrVrpJWK0Wv61eV2/XIQl0V
d4lxu0r+MNRP6ID6FBzA4C9rO+RYEZmwOIkAlQIFEC0aGRzb/VZRBVJGuQEBfaUD
/3c2h//kg843OIcYHG4gMDqdeeZLzGlp3RVvh0Rs3/T0YylJZGjPL2L/BF/vfLlB
9E2Urh9mDG/7hiB5FncrUnkmN63IkSj+K9YyfPyYxBVx06Srj8ZzYynh0N+zledd
6cnwxRXhaD3Wc4EfSNR7BH9M2rjkGzyb5to9cgBb0ng+
=BLg5
- -----END PGP PUBLIC KEY BLOCK-----

                  ___________________________________________________________
 |\  /| |        |                                                           |
 | \/ |o|        | Michael Paul Johnson  Colorado Catacombs BBS 303-772-1062 |
 |    | | /  _   | mpj at csn.org aka mpj at netcom.com m.p.johnson at ieee.org       |
 |    |||/  /_\  | ftp://ftp.csn.net/mpj/README.MPJ          CIS: 71331,2332 |
 |    |||\  (    | ftp://ftp.netcom.com/pub/mpj/README.MPJ  -. --- ----- ....|
 |    ||| \ \_/  |___________________________________________________________|

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQCVAgUBLfzSNT9nBjyFM+vFAQGndQQAkJsi8jX29qyLlEJV8IyIP9UTyYLKvGMq
mRDXSymke0kEyV1oc/bjNQT2GQJ7bBWKV0FpC2toNuKyRo+oXKkkOfW4+0A34U65
HKuL+lybezhaTt4CR9MUD4W8MfMA5W8uHl5r0kPMiejdt9DjP6O3tCZl6SNZI8N5
fFCHPWUOnR4=
=0EQB
-----END PGP SIGNATURE-----






From Ben.Goren at asu.edu  Tue Jun 14 10:41:33 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Tue, 14 Jun 94 10:41:33 PDT
Subject: NSA technology transfer
Message-ID: <9406141742.AA04478@Tux.Music.ASU.Edu>


At 12:21 AM 6/14/94 -0500, Dan Harmon wrote:
>The following was posted on the list in the middle of May.  Being
>curious I called the number list at Ft. Meade. The person on who answered
>was real shaken, for lack of a better term, that I called [. . . .]

That's a lot better than I got when I just tried to call: no answer, not
even a machine. "No Such Agency"?

>Dan Harmon

b&

PS--Sorry for posting that last note, about the S/N ratio; it was meant to
go just to Tim May, and I *do* know better...*sigh*

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From ravage at bga.com  Tue Jun 14 11:57:39 1994
From: ravage at bga.com (Jim choate)
Date: Tue, 14 Jun 94 11:57:39 PDT
Subject: Remailer REORDER not DELAY
In-Reply-To: <QhzS1SG00iV0I3ap9f@andrew.cmu.edu>
Message-ID: <199406141856.NAA16253@zoom.bga.com>


> I belive the problem is that you can trace a message back to its source
> by anazyzing when the messages are sent. Let's say you're watching
> Angie's net connection because you think she is guilty of Thoughtcrime.
> At 12:34, Andie sends an encrypted message to soda. Say that soda hasn't
> received any messages for 5 hours before 10:14, then receives 4 between
> 10:15 and the time Angie's mailer connects to port 25 of soda's
> remailer. You wait until soda spits out 4 messages, then the 5th is
> Angie's. You do this through the entire remailer chani, and when Angie's
> message gets to its destination, you can see it, and trace it back to
> her.
>
You can also tell it comes from the remailer because it is encrypted to
allow you to verify exactly this. I am not interested in hiding the path
information, I *want* to certify where it came from - *not* who(!) is
sending it or *what* is in it. I can see not knowing or being able to
prove the pathway as a possible hole for interjecting bogus packets.

Now, about this re-sending issue. If I rcv. a packet at 10am and it
gets a random time-stamp there is no guarantee when it will be sent
other than within 24hrs. It may or may not be sent in the 5 hr. gap in
your example, no way to know really.

> This is bad.
> 
> Now, if soda had queued a few messages, then spit them out in random
> order in random chuinks, traffic analysis would be much less effective.
>
The random order is what does it, not the # of packets sent out. the
randomness in leaving the site is more important than how many.

> For examples of how evil traffic analysis can be, just watch a few
> episodes of Deep Space Nine. I shudder whenever Otto says "Quark, you
> have sent 5 messages to the Romulan high command this week." or whatever.
>
Excuse me?.....DS9?...

> Jer
> 
> darklord at cmu.edu | "it's not a matter of rights  / it's just a matter of war
> finger me for my |  don't have a reason to fight / they never had one before"
>    Geek Code and |                                    -Ministry, "Hero"
>   PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/
> 





From ravage at bga.com  Tue Jun 14 12:17:17 1994
From: ravage at bga.com (Jim choate)
Date: Tue, 14 Jun 94 12:17:17 PDT
Subject: crypto-remailer traffic...
Message-ID: <199406141917.OAA17426@zoom.bga.com>


Hi all,

Sorry, due to a crash I lost the sender and original message but I did 
build a reply and will now post it. Hope this isn't too confusing.

On the baud rate issue:

The original position was that 10ea. 10k packets over 24hrs was 10 baud.
This is incorrect. The actual baud rate is:

    100k bits (10 10k packets)/5,184,000 sec. (1 day) = .02 baud
  
While the original assumption of no other activiy makes this seem like
a low cost method it is flawed. My system is intended to support a full
range of resources (and quite a few developed in-house) and it will have
more than this. Assuming that it was fully active we are actually looking
at paying for x bandwidth but only getting 1/10 x of useable bandwidth.
This is not economical to me when in the context of a SLIP (personaly I
would hesitate on a T1 or T3) feed. How many organizations can support a 
outlay of this amount? I suspect none.

Now on the packet count front:

Seems to me that if we are looking at a moderate to fully bandwidth limited
feed then what we are actually seeing is a small number of packets interspersed
with lots of other packets of all type. The simple re-order of the packets
on the out-going side should be sufficient since Mallet will have to look
at every packet anyway. With the above example we are looking at quite a 
signal to noise ratio (ie encrypted packet v all packets). I calculate it to
be on the order of-

     10k bits (1 packet)/ 74,649,600 bits (14.4k @ 24hrs) = 1.34E-4

This is a pretty small ratio and would stop most attacks unless one were using
a lot of Cray-acres...

As to the 24hr delay:

I understand and respect that some folks want instant access, I just see the
security as more important. By expanding the delay packet over 24hrs and not
a shorter period increases the amount of sheer data Mallet has to dig through.
I also suspect that if the sender can influence the delay, or if it is short,
they are looking at a reduced data set to analyze. I am attempting to use the
amount of information going out to hide the crypto-mail packets in a sheer
tide of info. 

Now for something completely different --

I will be using RX/V (A Unix SVR? clone) and was wondering if anyone has
used this OS? The users manual states it uses some form of DES for crypt().
Since I got the manuals today it may be a couple of days before I can really
answer in depth questions...

Thanks for all the input, much appreciated!

Take care all!

=




From jim at rand.org  Tue Jun 14 12:38:44 1994
From: jim at rand.org (Jim Gillogly)
Date: Tue, 14 Jun 94 12:38:44 PDT
Subject: Cantwell Bill
In-Reply-To: <199406141617.JAA06889@mail2.netcom.com>
Message-ID: <9406141938.AA21471@mycroft.rand.org>



Somebody writes:
> Sumex-aim.stanford.edu, the internet's biggest Mac ftp archive has
> been *EXPORTING* MacPGP2.2, many times a day, every day for over

The reason I don't consider your Stunning Revelation an important news
flash is that it's just one example of the many ways crypto is actually
exported.  For example, PGP 2.6 was overseas within hours of its release.

A more direct comparison is with DES: NIST has DES code available in
soft copy in Appendix A of its publication fips181.txt, accessible in
their public FTP directory with no warnings about export restrictions.

The Cantwell stuff is extremely important for commercial products, but
for private crypto (e.g. non-profit and non-infringing PGP
implementations) it simply decriminalizes the existing vigorous export
activity; rather like decriminalizing the use of marijuana.

	Jim Gillogly
	Highday, 24 Forelithe S.R. 1994, 19:35





From nobody at kaiwan.com  Tue Jun 14 12:39:19 1994
From: nobody at kaiwan.com (Anonymous)
Date: Tue, 14 Jun 94 12:39:19 PDT
Subject: Remailers?
Message-ID: <199406141938.MAA20464@kaiwan.kaiwan.com>


I fingered mg5n+ at andrew.cmu.edu and got this list:

> remailer at chaos.bsu.edu      Tue Jun 14 02:18:41 EDT 1994  + 0:00:34
> nowhere at bsu-cs.bsu.edu      Tue Jun 7 03:06:43 EDT 1994  error/mailbounce
> hal at alumni.caltech.edu      Sun Jun 12 00:36:18 EDT 1994 no response
> catalyst at netcom.com         Tue Jun 14 02:18:40 EDT 1994  + 0:01:32
> anon at cyberspace.org         Thu Jun 9 16:40:54 EDT 1994  error/mailbounce
> ghio at kaiwan.com             Tue Jun 14 02:19:01 EDT 1994  + 0:02:30
> hfinney at shell.portal.com    Sun Jun 12 00:36:11 EDT 1994 no response
> remailer at rebma.mn.org       Tue Jun 14 02:18:52 EDT 1994  + 2:51:28
> rperkins at nyx.cs.du.edu      Tue Jun 14 02:19:06 EDT 1994  + 0:00:34
> remail at vox.hacktic.nl       Tue Jun 14 02:18:57 EDT 1994  + 3:15:37
> remailer at ds1.wu-wien.ac.at  Tue Jun 14 02:19:05 EDT 1994  + 0:00:50
>
> remail at extropia.wimsey.com  Tue Jun 14 02:19:09 EDT 1994  + 0:20:35
> remailer at soda.berkeley.edu  Tue Jun 14 02:19:07 EDT 1994  + 2:18:38


Why so many remailers down???





From talon57 at well.sf.ca.us  Tue Jun 14 12:54:11 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Tue, 14 Jun 94 12:54:11 PDT
Subject: H.R. 3937
Message-ID: <199406141953.MAA06721@well.sf.ca.us>



To: Representative Dan Glickman (D-KS)
    House Intelligence Committee


Subject: H.R. 3937


 Sir,

 I am writing to ask you to support the encryption provisions of
H.R. 3937. The use of encryption is essential not only from a
personnal privacy standpoint, it is essential to effective economic
competitiveness. There are many companies around the world today
who defeat American companies on contracts solely because they are
able to provide more effective encryption in their products.



                                      Sincerly,



                                      Brian D Williams
                                      Ameritech Data Center
                                      425 w Randolph
                                      Chicago, Il 60606
                                      (312)669-2373
                                      talon57 at well.sf.ca.us





From ghio at cmu.edu  Tue Jun 14 13:14:21 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Tue, 14 Jun 94 13:14:21 PDT
Subject: alt.random.*
Message-ID: <9406142012.AA14817@toad.com>


hughes at ah.com (Eric Hughes) wrote:

|    Might it be appropriate, though, to create an alt group for that purpose?
|
| One has already been created:  alt.numbers.random
|
|
| Check it out; it's really there, and needs some traffic.  In order to
| make the numbers really look random (in order to satisfy the group
| charter), though, please strip off any PGP headers before posting.
|
| You may post factorizations of peoples public keys to
| alt.numbers.prime, as well.
|
| Thanks to Eric Hollander for actually creating the group.  The two of
| us have lots more in the alt.numbers.* hierarchy.
|
| Er, software to effectively use this forum would be appreciated.
|
| Eric

I couldn't find alt.numbers.random, or any alt.numbers.* groups, on any of the
news-servers that I tried.  Perhaps you need to newgroup it again.

Yes, I really did look.  I tried all of the following NNTP servers.  None of
them had it.  I don't know where else I could look...


news.belwue.de, 129.143.2.4
news.fu-berlin.de, 130.133.4.250
news.uni-stuttgart.de, 129.69.8.13
newsserver.rrzn.uni-hannover.de 130.75.2.1
shakti.ncst.ernet.in 144.16.1.1
lsi.lsil.com 147.145.40.2
kaiwan.com 192.215.30.2
oaklabs01.apl.com 155.14.8.3
nntp.gmd.de 129.26.8.84
ccvax.ucd.ie 137.43.1.4
toads.pgh.pa.us 136.142.79.244
nntp.club.cc.cmu.edu 128.2.232.127
newserv.ksu.ksu.edu 129.130.12.21
news.demon.co.uk 158.152.254.254
news.wetware.com 192.216.52.2
ub.com 128.203.254.11
europa.eng.gtefsd.com 131.131.17.50
sol.ctr.columbia.edu 128.59.64.40






From trollins at debbie.telos.com  Tue Jun 14 13:36:25 1994
From: trollins at debbie.telos.com (Tom Rollins)
Date: Tue, 14 Jun 94 13:36:25 PDT
Subject: remailer exposing sender
Message-ID: <9406142031.AA21960@debbie.telos.com>


I am concerned about a the security of using a remailer
such as remailer at soda.berkeley.edu. My concern is that
after an anonymous message has been sent or posted.
Someone could then send a message to the sender using
the encrypted address supplied by the remailer. This
message which is sent back through the remailer could
be composed of known text which then could be traced
back to the originator system of the anonymous sender.
Any comments would be appreciated.
				thanks, tom





From greg at ideath.goldenbear.com  Tue Jun 14 14:25:25 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Tue, 14 Jun 94 14:25:25 PDT
Subject: Word for Windows table of Intel committee members
Message-ID: <m0qDfee-0005MaC@ideath.goldenbear.com>



Sorry if this seems like a horrible waste of resources, but I thought it
might prove useful to some folks. What follows is a PGP-armored .ZIP
of a Word for Windows table with the last name, full name, and FAX 
number of the folks on the House Intelligence committee; to use it
yourself, run WfW, pick "File/Print Merge", "Attach Data File", and
give it the enclosed file. Now write your letter - when you want to
insert one of the field members, just use the "Insert Merge Field"
button. Bob Dornan isn't included since he's not accepting FAXes; 
I couldn't get through to Robert Michel or William Richardson, but
they're still on the list (ok, so I'm lazy.)

It took me about an hour to type these names, type a letter, and 
feed the letters to my FAX machine - hopefully it can be more like 
30 mins for someone else with the enclosed table. Here's to hoping that
letters from folks are interesting even if we aren't in their district.
At least they can't say that nobody cares.

This message won't be PGP-signed, as that would hose the markers
for the included message. Maybe this is really Detweiler. Ha, ha.

-----BEGIN PGP MESSAGE-----
Version: 2.4
 
rQSnYglpbnRlbC56aXAAAAAAUEsDBBQAAgAIAFmZzRz4CR92HgQAAP8KAAAMAAAA
SFMtSU5URUwuRE9D7ZZbiBtVGMe/XLazCY61VcouXjhKW4SlQy6T25u57MW2myy7
6e72RTtJDtkhk4xMEmvEh15E8PLmitqnIngBa7H4pggF2RcfRFgfxFKr4ApSlL7J
YnH9n8lMMrVBUQQf9Ay/M2f+3zfnnPm+MzPnypuHKPpIKEgoh2hYTvmIrkHdCdNt
5fEA/XnBffuder/dx+j6Toqh3ksFWxldh6lo131lFfXDdMpu/7XaT2fs9h/VD9B5
1Cp9gXrKbruz7Ze+ct5RAhQkH46/X4pak8vSTHZVlgyt3WnZl7K0aFa41WHTCstb
kCx22FJkKRaJsVgswdR4JiZLfYvwLmqtao8tcMNs60OvdCyRkSVXlaXDXUPXWiyv
sIL+lNnydBfJRGXJEeHHLavHjvKTenvok1QzaVlyRDhrT+o1Mb2lhlave/wy0VhK
llwVk1RWFHbc7LbqHp9UUpUlRxR9tXRusFlDrzaammdeibgYc6jD1ezWESaW4xbv
dsTD932TLBpV4TvUByEsm5alV7lheCITSatxWfJaZGlFR0NrskW9uqZZtbY3QNFM
IoIOPRZECcFvszmF5XSjYmk9T9zTETEVV8YTcNOqc4ZAzPKG5glWWlUjwmyL6NJc
a7EZhS1yXvNEK5EWg9sanC1eN5EeDHxU69bXDN07z6gYeaiLtshl3mxWeLvj6TMZ
TSA3ruw+zbLC5rRWm3tzkE4gn66KpWZayAUriEVUbbS9CUglxSKyRRH9lmbUhF/e
NPgtaVXT8agY3JEHgWVZEaAnRNMz1ZQaVUWMXH2QWERgHjdyw7NIYxH07Ko4wpQ9
Vi5Nr07nc9kjbPjW7Tqduu/j3T1833KlUrlQWmK5bNljpxOBe8dpQerbVx4tjrCH
6Bm8+PnS/Hy2WGA4/87+Fv38IVEpNz87z9gI+wWaXvn333/xnX/Z+db/Sv+X/1Lx
+cgv8v8ceBG8Al4F74GPwCdgA2yCb8EP4Dq4CcJ+oj3gbsCAAhIgBebAMngMnAAG
eBqcBmfBOngDXAAXwWXwGfgSfAV+BL8ACfuMELgfTIEUyIAj4DiogBrogrPgBfAS
OAfeARfB+2ADbIKr4Br4CdwEY1jzEpgAB4ECIiALSmAZrIIGEN+KM+BZ8Dp4G1wC
H4ANsAmugKvB/ru0vb19fWtr6x/lmxE5xFC+yw/eQGsMrdekGzSB7MiOdcI36Vs3
6FyYAus7wfHOXd9N0C7Hb8wHz2NiD0N7sA2jGfjfY98VCoZJctcI0dfunm+SdlDc
q3G/aPs8e8XAoBXEDm3vPirr4q9S5CfZoolvPYX2+Zd6zYpp0PhBylq6ZuDu3bgp
i7MgRAdwZKm/t4pjlIewawsEnsf151gRa/ZW613j+wOfgv7zT94WkynnfIf4WbKc
ZeoGb99yMXD9DVBLAQIUABQAAgAIAFmZzRz4CR92HgQAAP8KAAAMAAAAAAAAAAAA
IAAAAAAAAABIUy1JTlRFTC5ET0NQSwUGAAAAAAEAAQA6AAAASAQAAAAA
=5/Lf
-----END PGP MESSAGE-----




From roy at sendai.cybrspc.mn.org  Tue Jun 14 16:03:38 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Tue, 14 Jun 94 16:03:38 PDT
Subject: As I delurk, a question... (Clipper)
In-Reply-To: <9406140402.AA15052@federal-excess.apple.com>
Message-ID: <940614.064644.5X3.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, sidney at taurus.apple.com writes:

>>NSA doesn't seem particularly distressed that
>>Clipper's LEAF can be spoofed and rendered unusable.  Could this
>>indicate that the LEAF isn't really necessary to retrieve the session
>>key after all?
> 
> Not necessarily. First of all, why would the NSA let it be known if they
> are distressed? I'm amazed that they have started talking to the public at
> all!

Good point, that.

> Secondly, what do they hope to achieve with this whole Clipper thing?
> Given that they are aware that strong crypto exists and is publicly
> available around the world, what can they gain by pushing Clipper?

That's the nagging question, isn't it?  If they admit that Clipper's
back door can be circumvented, and they admit that black hats will use
something else, then just whose mail do they want to read, anyway?

> As I read the official pronouncements of representatives of the U.S.
> government and especially the NSA, I can't figure out what they do hope to
> achieve. Can anyone else on this list make sense of it?

Not me, that's for sure.
- -- 
Roy M. Silvernail, writing from roy at sendai.cybrspc.mn.org
        "Anything but Nixon, man... a blender.  Anything!"
                       -- National Lampoon, when they were funny

-----BEGIN PGP SIGNATURE-----
Version: 2.3c

iQCVAgUBLf2Z4hvikii9febJAQGLZwP/WFdMik6jBUB9BlXxNzvzC0s/aZRfu4iR
iXxWLEpXSD3oyb3jGL7kvuZaKg0H4Mfr+DJqxMSJT0ILTFdQoY9mK99rQyHff2fH
ZxSOWWMsNSW7sEyFD32rweJnAOD/EJD7mWkInjIXamVO/DtpO/7YtqqoD+0TfjaE
0ESw+s6jgbg=
=meOZ
-----END PGP SIGNATURE-----






From usura at vox.hacktic.nl  Tue Jun 14 16:07:50 1994
From: usura at vox.hacktic.nl (Usura)
Date: Tue, 14 Jun 94 16:07:50 PDT
Subject: remailer exposing sender
Message-ID: <061594004647Rnf0.78@vox.hacktic.nl >


trollins at debbie.telos.com (Tom Rollins) writes:

>I am concerned about a the security of using a remailer
>such as remailer at soda.berkeley.edu. My concern is that
>after an anonymous message has been sent or posted.
>Someone could then send a message to the sender using
>the encrypted address supplied by the remailer. This
>message which is sent back through the remailer could
>be composed of known text which then could be traced
>back to the originator system of the anonymous sender.
>Any comments would be appreciated.

If you use the vox remailers, and you have added your PGP key tho my 
keyring, all mail send to a key [adress] wich is in my keyring will be 
encrypted using that key. Since vox is an UUCP site, time correlation is
less of a problem. Of course if your message is the only one that has been
encrypted, then ....

>				thanks, tom

Youre welcome

--
Exit! Stage Left.
Alex de Joode                                 <usura at vox.hacktic.nl>





From perry at imsi.com  Tue Jun 14 16:16:10 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 14 Jun 94 16:16:10 PDT
Subject: As I delurk, a question... (Clipper)
In-Reply-To: <940614.064644.5X3.rusnews.w165w@sendai.cybrspc.mn.org>
Message-ID: <9406142315.AA21523@snark.imsi.com>



Roy M. Silvernail says:
> > Secondly, what do they hope to achieve with this whole Clipper thing?
> > Given that they are aware that strong crypto exists and is publicly
> > available around the world, what can they gain by pushing Clipper?
> 
> That's the nagging question, isn't it?

The motive seems obvious to me. Although they know they can't get
everyone, they hope to stop alternate standards and to get as much of
the traffic as they can. Its what I'd do in their shoes -- not that
I'd be in their shoes.

Perry





From klbarrus at owlnet.rice.edu  Tue Jun 14 16:41:27 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Tue, 14 Jun 94 16:41:27 PDT
Subject: Timed Released Crypto
Message-ID: <9406142341.AA06027@flammulated.owlnet.rice.edu>


(been absent from the list for a long time since Rice disabled remote
dialups AGAIN)

I see there was a question on how to encrypt something to be read in
the future.  Several months ago Tim May sent a post covering this very
topic - "Timed Released Crypto", which is at the gopher site

chaos.bsu.edu

in the Protocols directory.  The archive is now a menu item from the
top level directory which is called something like "Cypherpunks Gopher
Archive" 

I just mention this since I don't see any followups which mention
this.  But then I have very few messages from the list given I haven't
been able to check mail in a week and a half.

-- 
Karl L. Barrus: klbarrus at owlnet.rice.edu         
keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5  3D F3 93 7E 81 B5 CC 32 

"One man's mnemonic is another man's cryptography" 
  - my compilers prof discussing file naming in public directories




From sameer at c2.org  Tue Jun 14 17:09:43 1994
From: sameer at c2.org (sameer)
Date: Tue, 14 Jun 94 17:09:43 PDT
Subject: swipte on ftp.csua.berkeley.edu
Message-ID: <199406150007.RAA29144@infinity.c2.org>


	swipe is now available on ftp.csua.berkeley.edu:/pub/cypherpunks/swIPe

Not for export outside of the US & Canada.

-- 
sameer						Voice:   510-841-2014
Network Administrator				Pager:	 510-321-1014
Community ConneXion: The NEXUS-Berkeley			sameer at c2.org




From jgostin at eternal.pha.pa.us  Tue Jun 14 17:50:22 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Tue, 14 Jun 94 17:50:22 PDT
Subject: (None)
Message-ID: <940614192510i8Ljgostin@eternal.pha.pa.us>


ghio at cmu.edu (Matthew Ghio) writes:

> I couldn't find alt.numbers.random, or any alt.numbers.* groups, on any of 
> the news-servers that I tried.  Perhaps you need to newgroup it again.
     According to David Lawrence's Usenet listing, alt.numbers.* doesn't
exist. Unless it was created in the last two months, officially it doesn't
exist. But since when did "officially not existing" mean something
actually didn't exist?

                                        --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From rfb at lehman.com  Tue Jun 14 19:11:36 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Tue, 14 Jun 94 19:11:36 PDT
Subject: Remailer REORDER not DELAY
In-Reply-To: <QhzS1SG00iV0I3ap9f@andrew.cmu.edu>
Message-ID: <9406150211.AA26508@fnord.lehman.com>


    Date: Tue, 14 Jun 1994 12:52:46 -0400 (EDT)
    From: Jeremiah A Blatz <darklord+ at cmu.edu>
    
    Say that soda hasn't received any messages for 5 hours before
    10:14, then receives 4 between 10:15 and the time Angie's mailer
    connects to port 25 of soda's remailer. You wait until soda spits
    out 4 messages, then the 5th is Angie's.

If the messages are been randomly ordered, you do not know this.
Angie's message could be the first message sent out after it is
received.  I was attempting to address the possibility of
unnecessarily long delays and message queue build up during a period
of high use.  During a low usage period, the scheme that I outlined
should act like the one that Jim choate outlined.

If there are long enough delays between messages, none of the proposed
schemes interferes with traffic monitoring.

			Rick





From mech at eff.org  Tue Jun 14 19:15:09 1994
From: mech at eff.org (Stanton McCandlish)
Date: Tue, 14 Jun 94 19:15:09 PDT
Subject: EFFector Online 07.10 - Action needed *immediately* for crypto bill!
Message-ID: <199406150214.WAA06044@eff.org>


=========================================================================
  ________________             _______________          _______________
 /_______________/\           /_______________\        /\______________\
 \\\\\\\\\\\\\\\\\ \          |||||||||||||||||       / ////////////////  
  \\\\\\\\\\\\\\\\\/          |||||||||||||||||      / ////////////////
   \\\\\\_______/\            ||||||_______\        / //////_____\  
    \\\\\\\\\\\\\ \           ||||||||||||||       / /////////////
     \\\\\\\\\\\\\/____       ||||||||||||||      / ///////////// 
      \\\\\___________/\      |||||              / ////   
       \\\\\\\\\\\\\\\\ \     |||||             / ////  
        \\\\\\\\\\\\\\\\/     |||||             \////

=========================================================================
EFFector Online Volume 07 No. 10      June 14, 1994       editors at eff.org
A Publication of the Electronic Frontier Foundation        ISSN 1062-9424

In This Issue:

ALERT: Crypto Export Provisions - One Day Left to Make or Break
FOIA Documents Reveal Even OLA and OLC Know ITAR Is Unconstitutional
Blaze Paper Details Hole In Clipper/Capstone/EES Scheme
Karn Files Crypto Export CJ Appeal for _Applied_Cryptography_ Disk
EFF's Godwin at Cyberspace Censorship Event on CompuServe
A New Face at EFF - Doug Craven, Office Manager/Bookkeeper
PGP 2.6 Available from Electronic Frontier Foundation FTP Site
USENIX Address of EFF's Barlow's Available on Cassette from O'Reilly
Note About our FTP Site
What YOU Can Do

----------------------------------------------------------------------


Subject: ALERT: Crypto Export Provisions - One Day Left to Make or Break
------------------------------------------------------------------------

*DISTRIBUTE WIDELY AND QUICKLY*


ONE DAY DEADLINE!  The House Intelligence Committee will probably make their
decision on the vital issue of cryptography export tomorrow afternoon, Wed.
June 15, 1994.  If you've not had your say on whether the State Dept. & NSA
will be allowed to continue to restrict the flow of public cryptographic
products, write, call and fax *today*.  Updated fax information for the
entire Intelligence Cmte. is below, as is a sample letter, and background
information on this important legislative action.  If you don't get
through on your first fax attempt, keep trying.  All of these numbers
have been tested and are working as of June 14.


******* What You Can Do

1) Fax a short letter TODAY to the chair of the Intelligence
Committee, Representative Dan Glickman (D-KS).  Ask him in your own
words to leave the encryption provisions of H.R. 3937 intact. 
You may wish to send a copy of this to the committee itself also.
Fax number: +1 202 225 5398      Committee fax: +1 202 225 1991

2) If you are unable to fax a letter, send an e-mail message to Rep.
Glickman at glickman at eff.org.  We'll deliver it for you, provide it
arrives before noon, at which point all such messages must be delivered.

3) Personally urge everyone you know to send a similar fax to
Rep. Glickman TODAY, especially if they are among Glickman's Kansas
constituents.

4) If your own Representative is on the Intelligence Committee, send
him or her a copy of what you sent Rep. Glickman.


******* Phone and Fax Numbers 

House Intelligence Committee 
----------------------------
Subcommittee phone:  +1 202 225 4121
Subcommittee fax:    +1 202 225 1991    <== send your fax HERE <==

p st name                     phone             fax
___________________________________________________________________________
D KS Glickman, Daniel         +1 202 225 6216   +1 202 225 5398    Chair
D WA Dicks, Norman D.         +1 202 225 5916   +1 202 226 1176
D CA Dixon, Julian C.         +1 202 225 7084   +1 202 225 4091
D NJ Torricelli, Robert       +1 202 224 5061   +1 202 225 0843
D TX Coleman, Ronald D.       +1 202 225 4831   +1 202 225 4831
 [Coleman's staff manually switch line to fax if they hear fax tones.
 Preceeding your fax with a voice call might help]
D CO Skaggs, David E.         +1 202 225 2161   +1 202 225 9127
D NV Bilbray, James H.        +1 202 225 5965   +1 202 225 8808
D CA Pelosi, Nancy            +1 202 225 4965   +1 202 225 8259
D TX Laughlin, Gregory H.     +1 202 225 2831   +1 202 225 1108
D AL Cramer Jr, Robert (Bud)  +1 202 225 4801   private
D RI Reed, John F.            +1 202 225 2735   +1 202 225 9580
D MO Gephardt, Richard A.     +1 202 225 2671   +1 202 225 7452
R TX Combest, Larry           +1 202 225 4005   +1 202 225 9615
R NE Bereuter, Douglas        +1 202 225 4806   +1 202 226 1148
R CA Dornan, Robert K.        +1 202 225 2965   private
 [Dornan's public fax disconnected; office refuses to divulge a fax number]
R FL Young, C. W. (Bill)      +1 202 225 5961   +1 202 225 9764
R PA Gekas, George W.         +1 202 225 4315   +1 202 225 8440
R UT Hansen, James V.         +1 202 225 0453   +1 202 225 5857
R CA Lewis, Jerry             +1 202 225 5861   +1 202 225 6498
R IL Michel, Robert H.        +1 202 225 6201   +1 202 225 9461


****** Sample Fax

FAX to:  202-225-1991 and 202-225-5398


Representative Daniel Glickman
Chair
House Intelligence Committee
U.S House of Representatives

Dear Representative Glickman:

I realize that tomorrow your committee will probably act on the encryption
provisions of H.R. 3937, the Export Administration Act of 1994.  I urge
that you allow them to remain as they were introduced in Rep. Cantwell's 
H.R. 3627, and subsequently incorporated into H.R. 3937. Privacy is the
basis for my concern, and I support the ability to use secure encryption. 
Additionally, prohibiting the export of secure cryptography from the United
States puts the U.S. at a competitive disadvantage internationally, for who
would choose to use crypography known to be insecure (such as the "Clipper
Chip", or products intentionally weakened to pass excessively stringent
export restrictions)?  Please, support privacy and security by preserving
the cryptography export language of H.R. 3937.

<signed>


****** More Information

The actual text of this part of H.R. 3937 is at:

  ftp: ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt
  gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export, hr3937_crypto.excerpt
  http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt
  BBS: "Privacy--Crypto" file area, hr3937.crp

For current status on the bill:

  ftp.eff.org, /pub/Alerts/export_alert.update
  gopher.eff.org, 1/Alerts, export_alert.update
  http://www.eff.org/pub/Alerts/export_alert.update
  BBS: "Alerts" file area, export.upd

A general Web page on crypto export policy is at:

  http://www.cygnus.com/~gnu/export.html


****** Background (from John Gilmore <gnu at eff.org>, EFF Board of Directors)

Today, the U.S. State Department controls the export of most
encryption, working closely with the National Security Agency (NSA) to
limit products that provide real privacy, from cell-phones to PC
software.  A bill introduced by Rep. Maria Cantwell would instead give
authority over non-military crypto exports to the Commerce Department.
Commerce has much more reasonable regulations, with "First Amendment"-
style unlimited publishing of publicly available software, including PGP,
Kerberos, RIPEM, RSAREF, and mass-market commercial software.  The bill
also prevents the Commerce Dept. from tightening the regulations even if
NSA somehow gets its tentacles into Commerce.

A few months ago, you-all sent over 5600 messages to Rep. Cantwell in
support of her bill, H.R. 3627.  As a result, on May 18, the bill
passed the House Foreign Affairs Committee by being incorporated into
the Export Administration Act of 1994, H.R. 3937.

Now the battle has become more intense.  This portion of H.R. 3937 has
been referred to the House Intelligence Committee with the intent to
kill or severely maim it.  We need your help again, to urge the
Intelligence Committee to keep crypto export liberalization intact.

The House and Senate Intelligence Committees, the only watchdogs for
the NSA, tend to follow the agency's wishes when they wave the magic
"national security" wand.  They need plenty of input from the public
that tells them that the nation will be *more* secure with good
encryption, even though the NSA will be less happy.

Not just computer users, but all users of telephones, cable TV, health
care, and credit information systems would benefit from this change.
The security of these applications is built on the foundation laid by
the operating systems and network protocols on which they run.  If
this bill is passed, you will see high quality encryption built into
Microsoft Windows, into the MacOS, into major Unix workstations, into
the Internet, into cellular phones, into interactive television.  The
software already exists for confidentiality, privacy, and security of
local and networked information, but it's not built-in to these
systems because of the export ban.  Today, each company could build
two operating systems, one gutted for international use, but this
would be costly and confusing for them and their customers, and would
not allow international networks such as the Internet or telephones to
be made secure and private.  With this bill, these limits disappear.

Furthermore, the Clinton Administration plans to permit high volume
exports of Clipper products, while continuing to require tedious
paperwork for truly secure encryption products.  The bill would give
Clipper and other crypto software more even-handed treatment.

The bill also eliminates a senseless situation on the Internet.
Today, crypto software can only be freely distributed from non-U.S.
archive sites.  It would eliminate that problem as well as the threat
of prosecution against U.S. freeware authors of crypto software.

This is the dream we've all been working toward.  The Intelligence
Committee must make its decision on the bill before June 16, so time is
critical. Thanks again for your help!  You can check at any time on the
current status of the campaign at the location mentioned above.  Send any
comments on this campaign to campaign at eff.org.


John Gilmore
Chairman, EFF Crypto Committee
EFF Board of Directors
Member of Computer Professionals for Social Responsibility
Member of International Association for Cryptologic Research

------------------------------



------------------------------

Subject: FOIA Documents Reveal Even OLA and OLC Know ITAR Is Unconstitutional
-----------------------------------------------------------------------------

The documents detailed below were obtained by Freedom of Information Act
requests.  They reveal that the Office of Legal Counsel and Office of
Legislative Affairs have determined that portions of the ITAR export
restrictions, which cover the export of cryptographic products, infringe
the First Amendment, and also indicated that several Congressional
committees, the President, and the Departement of State have been made
aware of the constitutional problem of the International Traffic in Arms
Regulations.  Despite these facts, the cryptography export provisions of
H.R. 3937 are still in danger of being removed or rendered worthless in
committee tomorrow.

For details on how to do your own FOIA submissions,
get documents at ftp.eff.org, /pub/EFF/Issues/FOIA/ via anonymous ftp.

These documents were obtained by Lee Tien, an attorney for EFF
Boardmember John Gilmore.  Each document was scanned and edited for
obvious mistakes.

The full documents are available at:

ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/ITAR_FOIA/
gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export/ITAR_FOIA
gopher://gopher.eff.org/11/EFF/Policy/Crypto/ITAR_export/ITAR_FOIA
http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/ITAR_FOIA/
BBS: +1 202 638 6119, 6120 (8-N-1, 14.4k), "Privacy--Clipper/ITAR" file area

A brief description of the content of each of the documents

[file names in brackets are the BBS filenames]

itar_hr_govop_hearing.transcript [ITARHEAR.TRN]

	This is the transcript of a series of hearings held before a 
	subcommittee of the House Comittee on Government 
	Operations.  It is especially interesting for the two items it 
	includes in the report; one memo shows that the Office of Legal 
	Counsel concluded that ITAR was unconstitutional, and some 
	testimony indicates that the State Department and the 
	President may have ignored possibly binding legal advice from 
	the OLC.

mcconnell_garn.letter [ITAR1.LTR]

	This is a letter from Robert McConnell, Assistant Attorney 
	General for Legal and Intergovernmental affairs to Jake Garn, 
	the Chairman of the Senate Committee on Banking, Housing, 
	and Urban Affairs.  This letter highlights the position that the 
	term "technology" as defined by the ITAR is overly broad and 
	presents a probable violation of the First Amendment.

mcconnell_zablocki.letter [ITAR2.LTR]

	Clement Zablocki was the Chairman of the House Committee on 
	Foreign Affairs.  This letter is a review of a bill that would 
	amend the Arms Export Control Act (AECA).  It is particularly 
	good in that it makes a compelling argument for why the ITAR 
	establishes a system of prior restraint.

olson_mcconnell.letter [ITAR3.LTR]

	This is a follow-up letter to Robert McConnell from Theodore 
	Olson, Assistant Attorney General for the Office of Legal 
	Counsel.  It reaffirms the OLC position that the ITAR establishes 
	a regulatory scheme that "extends too broadly into an area of 
	protected First Amendment speech."

shiffren_tien.letter [ITAR4.LTR]

	The cover letter/reply to Lee Tien's FOIA request.  Notable for 
	the fact that there are other documents (specifically from the 
	FBI and NSA) that could be relevant.

simms_mcconnell.memo [ITAR5.MEM]

	A brief note acknowledging that the ITAR is overly broad, from
        Simms of OLA to McConnell.

simms_robinson.memo [ITAR6.MEM]

	This is a memo prepared for Davis Robinson, then the Legal 
	Adviser for the Department of State.  This is a very well-
	documented paper on the various unconstitutional provisions 
	of ITAR.  The two areas this memo concentrates on are the 
	"technical data"  definition as well as the definition of "export."    
	Near the conclusion, Simms states: "We remain of the opinion, 
	however, that ... the ITAR still present some areas of 
	potentially unconstitutional application.  ...The best legal 
	solution ... is for the Department of State, not the courts, to 
	narrow the regulations."

------------------------------


Subject: Blaze Paper Details Hole In Clipper/Capstone/EES Scheme
----------------------------------------------------------------

Dr. Matthew Blaze, an AT&T Bell Labs researcher, recently discovered a 
fundamental flaw in the Administration/NSA Escrowed Encryption Standard
cryptographic chips, particularly those known originally as Capstone.  

The EES Capstone chips, used in PCMCIA cards for data encryption on laptop
computers, use the same cryptographic algorithm (Skipjack) and key "escrow"
system as the infamous Clipper chips, though according to AT&T, the
misfeature does not directly apply to Clipper, since it is intended for use
in telephone equipment rather than computers.  More importantly, however,
is the fact that Blaze's discovery indicates a deep flaw in the entire EES
scheme. Clipper's "immunity" is only accidental, and questionable  - the
flaw is also present in the Clipper EES system, just not as easy to exploit.

Both Clipper and Capstone rely on a series of numbers referred to as the
LEAF (Law Enforcement Access Field).  The LEAF is used to verify chip
serial numbers, create a session key for encryption, and validate the
session key.  Law enforcement or intelligence agents could use a recording
of a Clipper conversation, or a copy of Capstone-encoded data, to identify
the chip serial number, and obtain copies of the keys held by the "escrow"
agents.  Using these keys, they may decrypt the message or data at will - 
and the idea of the government holding the keys to personal privacy has
been the primary objection to the EES scheme.

The flaw Blaze has unearthed is another objection among many: anyone with
"sufficient" computer skills can alter the LEAF to verify validity of a
session key with an fake serial number, thereby defeating the entire
purpose behind the EES - agents would have no idea which Clipper/Capstone
chip produced the encrypted information, and thus would be unable to get the
decryption keys.

According to a June 2 article by John Markoff in the _New_York_Times_, NSA
officials do not deny the existence of the flaw, though both NSA and AT&T
maintain that Clipper is still useful.

The full text of Dr. Blaze's report, "Protocol Failure in the Escrowed
Encryption Standard", is available from:

ftp.eff.org, /pub/EFF/Policy/Crypto/Clipper/
gopher.eff.org, 1/EFF/Policy/Crypto/Clipper
gopher://gopher.eff.org/11/EFF/Policy/Crypto/Clipper
http://www.eff.org/pub/EFF/Policy/Crypto/Clipper/
BBS: +1 202 638 6119, 6120 (8-N-1, 14.4k), "Privacy--Clipper/ITAR" file area

[Filenames in brackets are BBS filenames.  ZIP-compressed copies are also
available on the BBS.]

ASCII version: ees_flaw_blaze.paper  [EESFLAW.PPR]
PostScript version: ees_flaw_blaze_paper.ps.gz  [EESFLAW.PS]

Also of interest:

ees_nist_senate.answers [EES_NIST.ANS] - answers from NIST to the Senate
Technology and Law Subcommittee's 30 pointed questions regarding the
EES/Clipper.  Some of the answers are literally astounding.

------------------------------


Subject: Karn Files Crypto Export CJ Appeal for _Applied_Cryptography_ Disk
---------------------------------------------------------------------------
From: Phil Karn <karn at unix.ka9q.ampr.org>

[Background: Beginning in Jan. 1994, Phil Karn attempted to have Commodity
Jurisdiction over Bruce Scheier's _Applied_Cryptography_ and a related
diskette - containing the *same* source code as the book - shifted from
the State Dept., notorious for refusing the export of cryptographic
material, to the Commerce Dept., which regularly approved such export.
The State Dept. aknowledged that they did not have jurisdiction over the
book, but illogically maintain that the diskette is within their
jurisdiction, and is not to be exported.  Karn's appeal, and his own
letter regarding the crypto export provisions of H.R. 3937 follow. - ed.]

I just filed my appeal by fax; I will follow up with a mailed copy.
[...]

Note that the "Center for Defense Trade" mentioned in the ITARs as the
address for administrative appeals no longer exists. I got
Dr. Harris's name and address from Tom Denners of ODTC.

******

Dr. Martha C. Harris
Deputy Assistant Secretary For Export Controls
United States Department of State
Room 7325A
Washington DC 20522
202-647-1346 (fax)


Subject: Appeal in CJ Case 081-94, "Applied Cryptography Source Code Disk"

Also references: CJ Case 038-94, "Applied Cryptography", a book by
Bruce Schneier


                APPEAL OF COMMODITY CLASSIFICATION


This is an appeal under 22 CFR 120.4(g) of an adverse decision by the
Office of Defense Trade Controls (ODTC) in the above cited case.  It
is also a request for ODTC to justify their decision and to respond to
the points made here.

INTRODUCTION

In its May 11, 1994 reply in CJ Case 081-94, ("the Response") ODTC
classified the subject of this appeal, the "Applied Cryptography
Source Code Disk", ("the Diskette") as a defense article under
category XIII(b)(1) of the United States Munitions List. I hereby
formally appeal this determination on several grounds:

1) The information included on the Diskette is, for all practical
purposes and contrary to ODTC's claim, identical to that printed in
the book "Applied Cryptography" ("the Book"), which ODTC previously
ruled was in the public domain and outside their licensing
jurisdiction;

2) Even if the information on the Diskette had not already appeared in
a publicly available book, by ODTC's own prior interpretation of the
ITAR in CJ Case 038-94 it should nonetheless have qualified for the
very same "public domain" exemption; and

3) The First Amendment protects the freedom of speech and of the press
regardless of the medium of expression (diskette or printed textbook).
Therefore, the dissemination of the publicly available Diskette is not
within the licensing jurisdiction of your office.


DISCUSSION

1. The Diskette Should Qualify For The ITAR Public Domain Exemption 
   As A Result of ODTC's Decision in CJ Case 038-94

In its Response, ODTC said:

        The text files on the subject disk are not an exact
        representation of what is found in "Applied Cryptography."
        Each source code listing has been partitioned into its own
        file and has the capability of being easily compiled into
        an executable subroutine.

This appears to be the basic rationale for ODTC's decision in this
matter.  I respectfully submit that the statement presents an
arbitrary and capricious distinction, but no meaningful difference,
between the information which is found in the Book and the
Diskette. That characterization of the Diskette provides no basis in
either law, regulations, or logic for ODTC's decision.

The Diskette is as close to Part Five of the Book as one could make
it.  The typographic layout of the Book makes it absolutely clear,
even to the non-programmer, where each cryptographic subroutine begins
and ends.  The name of each routine appears in bold font before the
routine itself and in the header of each page.  Moreover, the Diskette
uses these same names for its files.

The Response goes on to list the cryptographic routines included in
the Diskette and says that they would not be exportable if they were
incorporated into a product. But this is irrelevant to the present
matter, since all of these routines appear in the Book, which ODTC had
already ruled in CJ Case 038-94 to be outside its licensing
jurisdiction and therefore exportable.  The decision in this case must
be based on a comparison to the Book, which is functionally identical
to the Diskette, not to some hypothetical product.

The only real difference between the Book and the Diskette is the one
stated in my original request: the medium on which the information is
recorded.

Presumably, ODTC's phrase "added value" referred to the easy
machine-readability of the Diskette.  But "machine-readability" is no
longer well defined; it cannot be limited to information stored on
computer disks.  With the widespread availability of optical character
recognition (OCR) equipment and software, even printed information
such as the Book is easily turned into "machine readable" disk files
equivalent to those on the Diskette. Moreover, this only need be done
once.  It is then absolutely trivial to duplicate and disseminate the
resulting files by telephone modem or over the Internet.

And even without OCR capabilities, anyone with typing skills could
easily type in the routines from the Book, again producing machine
readable disk files.

2. The Diskette Should Qualify For The ITAR Public Domain Exemption 
   Regardless of the Decision in CJ Case 038-94 Because the Diskette Is
   Itself Already in the Public Domain

The issue of whether or not the Diskette is an exact representation of
the Book is really a red herring. Even if the Diskette contained
source code not in the Book, or even if the Book did not exist at all,
the Diskette itself is in the public domain.

The ITAR at 120.10(5) exempts from the definition of controlled
"technical data" "information in the 'public domain' as defined in
120.11", and 120.11 defines "public domain" as "information which is
published and which is generally accessible or available to the
public" from libraries or through subscription, among other means.  Of
particular interest is the lack of any mention of the allowable media
or medium on which the information must be recorded to qualify for
"public domain" status. This is hardly surprising in that any such
restriction would be at once illogical and offensive to the First
Amendment.

This Diskette is obviously within the "public domain".  Anyone may
obtain it by mail order from the author for a nominal charge to cover
duplication and mailing.  (The restriction to US and Canadian
addresses exists only because of uncertainty about US export
regulations.) Furthermore, much of the source code contained on the
disk is in the public domain, in the even broader sense of the
original authors having granted blanket copying and use permission, or
relinquished copyright altogether.

The software on this Diskette is also readily available to the public
from many "anonymous FTP" repositories on the Internet, several of
which are outside the United States and Canada. These repositories
clearly qualify as "libraries open to the public" under 120.11(4).
Indeed, it seems that the subject software is even more strongly
"public domain" (in the ITAR sense) in machine readable form than in
book form, precisely because the machine readable form is so much more
readily obtainable.

3. The First Amendment Protects Absolutely the Freedom of Speech
   and the Press, Regardless of the Medium of Expression

The export of publicly available cryptographic information, including
software, is protected by the First Amendment to the Constitution.

The US Supreme Court has written that "[t]he liberty of the press is
not confined to newspapers and periodicals.  It necessarily embraces
pamphlets and leaflets.... The press in its historic connotation
comprehends every sort of publication which affords a vehicle of
information and opinion" (Lovell v. City of Griffin, 1938).  Freedom
of the press, says the Court, includes "the right of the lonely
pamphleteer who uses carbon paper or a mimeograph as much as of the
large metropolitan publisher who utilizes the latest photocomposition
methods" (Branzburg v. Hayes, 1972).

The computer network, the bulletin board system (BBS) and even
"sneakernet" (the manual exchange of diskettes) are clearly the modern
successors to the mimeograph machine. Users of these systems have just
as much First Amendment protection, including the right to export
their works, as John Wiley & Sons, publishers of "Applied
Cryptography".

There is opinion that the power to control exports is a Presidential
national security and foreign policy function that deserves wide
deference by the courts.  But the national security power, "like every
other governmental power, must be exercised in subordination to the
applicable provisions of the Constitution" (US v Curtiss-Wright Corp,
1936).  In Baker v Carr (1962), the Supreme Court said "[I]t is error
to suppose that every case or controversy which touches foreign
relations lies beyond judicial cognizance".

In Bullfrog Films, Inc. vs Wick (1988) the Federal Court of
Appeals for the 9th Circuit said "We ... reject ... the suggestion
that the First Amendment's protection is lessened when the expression
is directed abroad. The cases cited by the government do not support
its contention that otherwise protected free speech interests may be
routinely subordinated to foreign policy concerns".

And in New York Times Co v US, 1970, popularly known as the "Pentagon
Papers" case, the Supreme Court said, "[A]ny system of prior
restraints of expressions comes to this Court bearing a heavy
presumption against its constitutional validity" and the government
"thus carries a heavy burden of showing justification for the
imposition of such a restraint".

It thus seems impossible to argue that export controls on information,
including software, widely available in the United States, and even
already available in published form outside the US (such as the
Diskette) are necessary to prevent a "substantial likelihood of
serious damage to national security or foreign policy" (Haig v Agee,
1981).  Ordinary common sense says that ODTC's ruling in CJ Case
081-94 is arbitrary, capricious and wholly indefensible.

Indeed, in the most celebrated prior restraint case (United States vs
The Progressive, 1979), the government gave up all further attempts to
control the dissemination of the information in question (design
principles for thermonuclear weapons) once the Department of Justice
became aware that the information it sought to ban had been published
in the United States. Trying to ban further dissemination of that
publication would have been both unconstitutional and futile, as are
current attempts to control the export of public domain cryptographic
software.

Even an Assistant Attorney General of the Department of Justice has
expressed the opinion that export controls on publicly available
cryptographic information are unconstitutional:

"It is our view that the existing provisions of the ITAR are
unconstitutional insofar as they establish a prior restraint on
disclosure of cryptographic ideas and information developed by
scientists and mathematicians in the private sector". (Memorandum from
J. Harmon, Department of Justice, to F. Press, Science Advisor to the
President dated May 11, 1978, reprinted in "The Government's
Classification of Private Ideas: Hearings Before a Subcommittee of the
House Committee on Government Operations", 96th Congress, 2nd Session,
1980.)

This opinion is entitled to special weight because Mr. Harmon was, at
that time, in charge of the Office of Legal Counsel, the office which
is responsible for preparing all the official opinions of the Attorney
General.

CONCLUSION

I seek a favorable ruling that would recognize the "public domain"
exemption for publicly available cryptographic software, such as the
subject diskette, regardless of the medium on which it is recorded.

I hope this will be possible through administrative appeal.  Should it
become necessary, however, I am fully determined to seek judicial
relief.

                                        Sincerely,
                                        Philip R. Karn, Jr


******

Rep. Dan Glickman
Chairman, House Intelligence Committee
US House of Representatives
Washington, DC
202-225-1991 (fax)

Dear Representative Glickman:

I am writing to urge you and your committee to leave intact the
encryption provisions of Rep. Cantwell's bill, HR3627, as they amend
the Export Administration Act of 1994, HR 3937.

Rep. Cantwell's reforms are sorely needed. The US State Department,
acting on behalf of the National Security Agency, stubbornly treats
even widely available public domain encryption software as a
"munition" that cannot be exported without a license -- which is
invariably denied.

I personally have been denied authorization to export a floppy disk
containing exactly the same encryption software that has already been
published in a book -- even though State agreed that the book itself
was outside their jurisdiction, presumably because of the First
Amendment guarantee of freedom of the press. This situation is
offensive to the Constitution and to common sense. It is completely
intolerable.

Once again, I urge you to retain the provisions of Rep. Cantwell's
bill in full as your committee considers the Export Administration Act
of 1994.

                                        Sincerely,
                                        Philip R. Karn, Jr.

------------------------------


Subject: EFF's Godwin at Cyberspace Censorship Conference on CompuServe

Mike Godwin, EFF Online Counsel, will be part of a "virtual panel" at CIS's
"The Cyberconference: Censorship", Thursday, June 16.  CompuServe's
announcement states:

"Playboy magazine and the Graphics forums are hosting a "Censorship in 
Cyberspace" conference to discuss the heated media controversy surrounding 
the questions: can and should cyberspace be censored? The conference will 
feature a dialogue with highly esteemed First Amendment experts and will be 
held in the CompuServe Convention Center on 16-Jun at 10 p.m. EDT (04:00 
CET). Members can send questions in advance to User ID 75300,1610. Title >
your message's subject "Playboy Conference" to ensure that your questions> 
are registered.

"To attend the conference in the Convention Center, GO CONVENTION. For 
more information about graphics and your computer, GO GRAPHICS [or GO
GRAPHNEWS].  The CompuServe Convention Center and the Graphics forums are
each a part of CompuServe's extended services."

CIS members with Internet access can reach the service by using telnet to
connect to compuserve.com.

------------------------------


Subject: A New Face at EFF - Doug Craven, Office Manager/Bookkeeper
-------------------------------------------------------------------

Originally from Miami Florida, Doug came to EFF in May 1994 to take over
office management duties, having served as Senior Office Manager for four
years and accounting positions for another four years with previous
employers as diverse as academic institution, commercial enterprises, a
water company and the FBI.

Doug graduated from Thomas Stone H.S. in Waldorf Maryland in June 1986, a
2 year National Honor Society member, and moved on to Charles County
Community College, Chesapeake College, and Anne Arundel Community College,
as a Microcomputer Operations student.

Doug enjoys music and video production, biking, and swimming.  He says,
"my #1 love is my dog Katie."

------------------------------


Subject: PGP 2.6 Available from Electronic Frontier Foundation FTP Site
-----------------------------------------------------------------------

The latest DOS, Unix and Mac implementations of PGP (Pretty Good Privacy)
2.6, a freeware encryption program that has rapidly become the defacto
standard for Internet email, is now available from ftp.eff.org via
anonymous ftp.

PGP and similar material are available from EFF's ftp site in a hidden
directory, but only to Americans and Canadians, due to U.S. ITAR export
restrictions on cryptographic products.  Access to this directory
can be obtained by reading and following the instructions in the README.Dist
file at:

ftp.eff.org, /pub/Net_info/Tools/Crypto/
gopher.eff.org, 1/Net_info/Tools/Crypto
gopher://gopher.eff.org/11/Net_info/Tools/Crypto
http://www.eff.org/pub/Net_info/Tools/Crypto/

PGP can only be obtained from EFF via ftp currently.  Gopher and WWW
access to the material itself is not supported at this time.

If you would like to see US export restrictions on cryptography removed,
please send a message supporting the retention of Rep. Cantwell's export
reform language (originally bill HR3627) in bill HR3937, to Rep. Glickman's
fax number or glickman at eff.org - TODAY.  See lead article for details.
Please ask your Representatives to co-sponsor this bill if it includes Rep.
Cantwell's export provisions, and ask your Senators to co-sponsor Sen.
Murray's companion bill (S1846) in the US Senate.  Congress contact
information is available from:
ftp.eff.org, /pub/EFF/Issues/Activism/govt_contact.list

------------------------------


Subject: USENIX Address of EFF's Barlow's Available on Cassette from O'Reilly
-----------------------------------------------------------------------------
From: brian at ora.com (Brian Erwin)

     The globalization of the Internet, satellite-based Internet
Protocol multicasting, and strategies for dealing with Internet 
address allocation are just three of the subjects discussed by 
leading Internet developers on four new audiotapes we just released. 

  "Notable Speeches of the Information Age, John Perry Barlow"
                USENIX Conference Keynote Address
               January 17, 1994; San Francisco, CA
          Duration: 90 minutes, ISBN: 1-56592-992-6, $9.95 (US)

          John Perry Barlow is a retired Wyoming cattle rancher, a 
lyricist since 1971 for the Grateful Dead who holds a degree in 
comparative religion from Wesleyan University. In 1990, Barlow 
co-founded the Electronic Frontier Foundation with Mitch Kapor, 
and currently serves as chair of its executive committee. 
          In his keynote address to the Winter 1994 USENIX Conference,
Barlow talks of recent developments in the national information
infrastructure, telecommunications regulation, cryptography,
globalization of the Internet, intellectual property, and the settlement 
of Cyberspace. This talk explores the premise that "architecture is 
politics"--that the technology adopted for the coming "information 
superhighway" will help to determine what is carried on it. If the 
electronic frontier of the Internet is not to be replaced by electronic 
strip malls controlled by the old broadcast content providers, we need 
to make sure that our technological choices favor bi-directional 
communication and open platforms. Side A contains the keynote; Side B 
contains a question and answer period.

This and other O'Reilly products are available in the Americas 
and Japan through bookstores, or directly from the publisher 
(credit card orders 800-889-8969; email order at ora.com). 

For information: telephone 707-829-0515 (800-998-9938 in US & 
Canada); FAX 707-829-0104; email nuts at ora.com; or write O'Reilly & 
Associates, 103A Morris St., Sebastopol, CA, 95472, USA.  
GSA # GS-02F-6095A.  Access our online gopher catalog via "telnet 
gopher.ora.com" (log in as "gopher" -- no password needed).

Our international distributors:
* EUROPE (except German-speaking countries), MIDDLE EAST, AFRICA 
International Thomson Publishing, Berkshire House, 168-173 High 
Holborn, London WC1V 7AA, UK.  Telephone 44-71-497-1422;
FAX 44-71-497-1426; or email danni.dolbear at itpuk.co.uk
* GERMAN-SPEAKING COUNTRIES.  International Thomson Publishing,
Konigswinterer Strasse 418, 53227 Bonn, Germany. Telephone 49-228-445171;
FAX 49-228-441342; or email 100272.2422 at compuserve.com
* ASIA. International Thomson Publishing, 221 Henderson Rd.,
#05-10 Henderson Building, Singapore 0315. Telephone 65-272-6496;
FAX 65-272-6498
 * AUSTRALIA AND NEW ZEALAND.  WoodsLane, Unit 8, 101 Darley Street,
Mona Vale, NSW 2103, Australia. Telephone 61-2-979-5944;
FAX 61-2-997-3348; or email woods at tmx.mhs.oz.au

------------------------------


Subject: Note About our Internet Sites
--------------------------------------

To clarify a potential confusion, please note that eff.org is our staff
machine - where we get our email, etc.  EFF's public services are available
from specific services:

ftp:       ftp.eff.org
gopher:    gopher.eff.org
WWW:       http://www.eff.org/
WAIS:      wais.eff.org [when available]
telnet:    n/a

Attempting to telnet, ftp, or gopher to eff.org will result in an error
message.

------------------------------


Subject: What YOU Can Do
------------------------

"Cryptography is an enormously powerful tool that needs to be controlled,
just as we control bombs and rockets."
  - David A. Lytel, President's Office of Science and Technology Policy

Who will decide how much privacy is "enough"?

The Electronic Frontier Foundation believes that individuals should be
able to ensure the privacy of their personal communications through any
technological means they choose.  However, the government's current
restrictions on the export of encrytion software have stifled the
development and commercial availability of strong encryption in the U.S. 
Now, more than ever, EFF is working to make sure that you are the one that
makes these decisions for yourself.  Our members are making themselves heard
on the whole range of issues.  To date, EFF has collected over 5000 letters
of support for Rep. Cantwell's bill (HR3627 - Sen. Murray's companion bill
is S1846) to liberalize restrictions on cryptography.  The bill's
provisions, now part of the more general HR3937, will need your
immediate and vocal support to succeed.  We also gathered over 1400 letters
supporting Sen. Leahy's open hearings on the proposed Clipper encryption
scheme, which were held in May 1994.

If you'd like to add your voice in support of the Cantwell bill's
language, which is in danger of being stripped from HR3627, fax the House
Intelligence Committee Chair, Rep. Dan Glickman at +1 202 225 5398, or the
Committee at +1 202 225 1991, or send email to glickman at eff.org
IMMEDIATELY (letters received at the glickman alias will be
printed and delivered to Rep. Glickman before noon [EDT], June 15.)

You KNOW privacy is important. You have probably participated in our online
campaigns.  Have you become a member of EFF yet?  The best way to protect
your online rights is to be fully informed and to make your opinions heard.
EFF members are informed and are making a difference.  Join EFF today!

For EFF membership info, send queries to membership at eff.org, or send any
message to info at eff.org for basic EFF info, and a membership form.

------------------------------


Administrivia
=============

EFFector Online is published by:

The Electronic Frontier Foundation
1001 G Street NW, Suite 950 E
Washington DC 20001 USA
+1 202 347 5400 (voice)
+1 202 393 5509 (fax)
+1 202 638 6119 (BBS - 16.8k ZyXEL)
+1 202 638 6120 (BBS - 14.4k V.32bis)
Internet: ask at eff.org
Internet fax gate: remote-printer.EFF at 9.0.5.5.3.9.3.2.0.2.1.tpc.int

     Coordination, production and shipping by:
     Stanton McCandlish, Online Activist/SysOp/Archivist <mech at eff.org>

Reproduction of this publication in electronic media is encouraged.  Signed
articles do not necessarily represent the views of EFF.  To reproduce
signed articles individually, please contact the authors for their express
permission.

To subscribe to EFFector via email, send message body of "subscribe
effector-online" (no quotes) to listserve at eff.org, which will add you a
subscription to the EFFector mailing list.


------------------------------


Internet Contact Addresses
--------------------------

Membership & donations: membership at eff.org
Legal services: ssteele at eff.org
Hardcopy publications: pubs at eff.org
Technical questions/problems, access to mailing lists: eff at eff.org
General EFF, legal, policy or online resources queries: ask at eff.org





End of EFFector Online v07 #10
******************************

$$




From mech at eff.org  Tue Jun 14 20:08:31 1994
From: mech at eff.org (Stanton McCandlish)
Date: Tue, 14 Jun 94 20:08:31 PDT
Subject: LAST CALL: Crypto export bill - one day left to make or break!
Message-ID: <199406150304.XAA07676@eff.org>


*DISTRIBUTE WIDELY AND QUICKLY*


ONE DAY DEADLINE!  The House Intelligence Committee will probably make their
decision on the vital issue of cryptography export tomorrow afternoon, Wed.
June 15, 1994.  If you've not had your say on whether the State Dept. & NSA
will be allowed to continue to restrict the flow of public cryptographic
products, write, call and fax *today*.  Updated fax information for the
entire Intelligence Cmte. is below, as is a sample letter, and background
information on this important legislative action.  If you don't get
through on your first fax attempt, keep trying.  All of these numbers
have been tested and are working as of June 14.


******* What You Can Do

1) Fax a short letter TODAY to the chair of the Intelligence
Committee, Representative Dan Glickman (D-KS).  Ask him in your own
words to leave the encryption provisions of H.R. 3937 intact. 
You may wish to send a copy of this to the committee itself also.
Fax number: +1 202 225 5398      Committee fax: +1 202 225 1991

2) If you are unable to fax a letter, send an e-mail message to Rep.
Glickman at glickman at eff.org.  We'll deliver it for you, provide it
arrives before noon, at which point all such messages must be delivered.

3) Personally urge everyone you know to send a similar fax to
Rep. Glickman TODAY, especially if they are among Glickman's Kansas
constituents.

4) If your own Representative is on the Intelligence Committee, send
him or her a copy of what you sent Rep. Glickman.


******* Phone and Fax Numbers 

House Intelligence Committee 
----------------------------
Subcommittee phone:  +1 202 225 4121
Subcommittee fax:    +1 202 225 1991    <== send your fax HERE <==

p st name                     phone             fax
___________________________________________________________________________
D KS Glickman, Daniel         +1 202 225 6216   +1 202 225 5398    Chair
D WA Dicks, Norman D.         +1 202 225 5916   +1 202 226 1176
D CA Dixon, Julian C.         +1 202 225 7084   +1 202 225 4091
D NJ Torricelli, Robert       +1 202 224 5061   +1 202 225 0843
D TX Coleman, Ronald D.       +1 202 225 4831   +1 202 225 4831
 [Coleman's staff manually switch line to fax if they hear fax tones.
 Preceeding your fax with a voice call might help]
D CO Skaggs, David E.         +1 202 225 2161   +1 202 225 9127
D NV Bilbray, James H.        +1 202 225 5965   +1 202 225 8808
D CA Pelosi, Nancy            +1 202 225 4965   +1 202 225 8259
D TX Laughlin, Gregory H.     +1 202 225 2831   +1 202 225 1108
D AL Cramer Jr, Robert (Bud)  +1 202 225 4801   private
D RI Reed, John F.            +1 202 225 2735   +1 202 225 9580
D MO Gephardt, Richard A.     +1 202 225 2671   +1 202 225 7452
R TX Combest, Larry           +1 202 225 4005   +1 202 225 9615
R NE Bereuter, Douglas        +1 202 225 4806   +1 202 226 1148
R CA Dornan, Robert K.        +1 202 225 2965   private
 [Dornan's public fax disconnected; office refuses to divulge a fax number]
R FL Young, C. W. (Bill)      +1 202 225 5961   +1 202 225 9764
R PA Gekas, George W.         +1 202 225 4315   +1 202 225 8440
R UT Hansen, James V.         +1 202 225 0453   +1 202 225 5857
R CA Lewis, Jerry             +1 202 225 5861   +1 202 225 6498
R IL Michel, Robert H.        +1 202 225 6201   +1 202 225 9461


****** Sample Fax

FAX to:  202-225-1991 and 202-225-5398


Representative Daniel Glickman
Chair
House Intelligence Committee
U.S House of Representatives

Dear Representative Glickman:

I realize that tomorrow your committee will probably act on the encryption
provisions of H.R. 3937, the Export Administration Act of 1994.  I urge
that you allow them to remain as they were introduced in Rep. Cantwell's 
H.R. 3627, and subsequently incorporated into H.R. 3937. Privacy is the
basis for my concern, and I support the ability to use secure encryption. 
Additionally, prohibiting the export of secure cryptography from the United
States puts the U.S. at a competitive disadvantage internationally, for who
would choose to use crypography known to be insecure (such as the "Clipper
Chip", or products intentionally weakened to pass excessively stringent
export restrictions)?  Please, support privacy and security by preserving
the cryptography export language of H.R. 3937.

<signed>


****** More Information

Detailed background information on this alert:

  ftp.eff.org, /pub/Alerts/export.alert
  gopher.eff.org, 1/Alerts, export.alert
  http://www.eff.org/pub/Alerts/export.alert.html
  BBS (+1 202 638 6119, 6120; 8N1): "Alerts" file area, export.alt


The actual text of this part of H.R. 3937 is at:

  ftp: ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt
  gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export, hr3937_crypto.excerpt
  http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt
  BBS: "Privacy--Crypto" file area, hr3937.crp

For current status on the bill:

  ftp.eff.org, /pub/Alerts/export_alert.update
  gopher.eff.org, 1/Alerts, export_alert.update
  http://www.eff.org/pub/Alerts/export_alert.update
  BBS: "Alerts" file area, export.upd

A general Web page on crypto export policy is at:

  http://www.cygnus.com/~gnu/export.html


-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From banisar at epic.org  Tue Jun 14 20:10:50 1994
From: banisar at epic.org (Dave Banisar)
Date: Tue, 14 Jun 94 20:10:50 PDT
Subject: Clipper on C-Span/CNN 6/15
Message-ID: <9406132308.AA28182@Hacker2.cpsr.digex.net>



I just heard that Rep. Jack Brooks, Chairman of the House
Judiciary Committee and one of the authors of the Computer
Security Act of 1987 is planning to make a floor statement on
Clipper tomorrow morning. Rep. Brooks has been a long-time
critic of government encryption policy. The floor statement
should be carried on C-Span.


Also, Vice President Gore, Andy Grove from Intel and Vic Sussman
of US News and World Report will be on the Larry King Show tomorrow
at 9pm EST to discuss the "Information Infrastructure." Clipper
will most likely be one of the topics, especially if some of the 
calls ask some hard questions of the Vice-President.


Dave Banisar
Electronic Privacy Information Center







From grendel at netaxs.com  Tue Jun 14 20:18:13 1994
From: grendel at netaxs.com (Michael Handler)
Date: Tue, 14 Jun 94 20:18:13 PDT
Subject: HR 3627: The day after?
Message-ID: <Pine.3.89.9406142330.A10413-0100000@access.netaxs.com>



	So: if we get HR 3627 out of the House Select Committee on 
Intelligence intact, what's the next step? If the resolution passes the 
House, does there have to be a Senate debate as well?

	And, of course, will there be a live broadcast of the vote on CNN 
so we can watch it like we did with NAFTA? ;-)

--
Michael Brandt Handler                                <grendel at netaxs.com> 
Philadelphia, PA                            PGP v2.6 public key on request
WARNING: I have built the first quantum computer, and I am factoring your
          public key at the speed of light as you read this.





From catalyst-remailer at netcom.com  Tue Jun 14 20:48:45 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Tue, 14 Jun 94 20:48:45 PDT
Subject: Massive ITAR Violation!
Message-ID: <199406150348.UAA18177@mail2.netcom.com>


I mailed this about 5 minutes before the news of list death arrived, so
it didn't make it. Conspiracy! Anyway, I posted this to comp.org.eff.talk
and so far it has generated no interest.

The Cypherpunks have been mentioned in various articles in the mass media
as a group that would at least toy with the idea of civil disobedience
concerning ITAR violation. Imagine yourselves trying to topple ITAR
by publically exporting PGP to many countries, every day, for over a
year. Yet do any of us really want to push our luck this way? Phil
Zimmermann is out a lot of cash paying for a legal team. He can hardly
afford taking his family out for dinner.

That's why discovering this, I feel it should make *news*. As it turns
out, the internet's largest Macintosh ftp archive has been exporting
MacPGP2.2 every day for the last year! This to Singapore and China and
God knows where else. Every country on Earth with an internet connection,
likely.

Here is a satirical essay, explaining what anyone who takes ITAR at
face value might do if they discovered this situation....

-----BEGIN ROT13 SIGNED MESSAGE-----

Fellow citizens of the United States of America, I wish to inform you of a
great and ongoing catastrophe of most serious consequence.

It is organized crime, by definition. Below is the header for the MacPGP2.2
file on sumex-aim.stanford.edu, archived with dozens of other utilities, as
/info-mac/util/pgp.hqx, which has been there for *over a year*, many times
a week being *exported* onto info-mac mirrors around the world. This is the
most massive and organized absolute violation of the USA's ITAR munitions
export laws (regulations) we have ever witnessed. For an entire year,
weekly if not daily, the notorious encryptor PGP, right under our eyes,
exported!

I hope this is cleared up as soon as humanly possible, but we are all of us
left with the guilt of not having noticed this before. All this talk of
ITAR and there you are, your largest communal Mac ftp site pumping out PGP
across the border like a huge demonic machine bent on destroying our
beloved society. If the moderators cannot be contacted immediately, I
suggest military force be used. Or cooperative shutdown of the US internet
connections. Please begin this at once, as it *must* be stressed that PGP
is classified as a MUNITION, right along with rocket launchers and
tanks!!!!!!!! This is as serious as it gets.

I didn't even know what the internet *was* back in April of '93, and I am
but one in a million (literally) who has access to sumex-aim.stanford.edu
and all its mirror sites. It must have been my destiny to save the world,
for none of *you* seem interested in doing so. It has only been an hour
since I discovered this NATIONAL SECURITY DISASTER, and I immediately
set myself in action to save my country from destruction.

*I*YoU*mE*We*OiwIE*wE*yOU*Me*I*

P.S. Here is the evidence:

>From: macmod at SUMEX-AIM.Stanford.EDU (Info-Mac Moderator)
>Date: Sun, 25 Apr 1993 23:22:58 PDT
>
>PGP (Pretty Good Privacy) ver 2.2 - RSA public-key encryption freeware
>for MSDOS, protects E-mail.  Lets you communicate securely with people
>you've never met, with no secure channels needed for prior exchange of
>keys.  Well featured and fast!  Excellent user documentation.
>
>PGP has sophisticated key management, an RSA/conventional hybrid
>encryption scheme, message digests for digital signatures, data
>compression before encryption, and good ergonomic design.  Source
>code is free.
>
>Keywords:   PGP, Pretty Good Privacy, RSA, public key, encryption,
>            privacy, authentication, signatures, email
>
>(This file must be converted with BinHex 4.0)
>
>:$8eKBe"(8$)Z-LjcC@%!39"36'&eFh3J!!!$@3X!!%DFIea6593K!!%!!eN,FNa
....

And upon downloading it and starting it up, the console window faithfully
displays:

>Pretty Good Privacy 2.2 - Public-key encryption for the masses.
>(c) 1990-1993 Philip Zimmermann, Phil's Pretty Good Software. 6 Mar 93
>Date: 1994/06/12 16:10 GMT

I further suggest that all of the following sites (but a sample)
immediately remove this file from their archives and stop mirroring
sumex-aim till they too remove the file.

To keep this from happening again, I suggest *all of us* in the USA delete
our copies of PGP from our hard disks, lest our children export it into the
hands of such enemy nations as these. It is time we put an end to this
scourge, for look what will happen if we do not. Pornographers and
terrorists are coming for our children if we do not act. Death to PGP
users!!!!!!!!!!!!!!! Where is our government in all of this? Our tax
dollars are not being used to protect us from the EXPORT OF MUNITIONS TO
ENEMY NATIONS!!!!!

I suggest full prosecution of all users and maintainers of sumex-aim, as
they have all obviously conspired to maintain this treachery. I suggest
they all be searched for other weapons as well including land mines,
automatic machine guns, poison gases, biological weaponry and mind control
devices of all sorts, as it is my firm belief that the only reason they are
interested in PGP is to forward their agenda to export other munitions,
drugs pushed on *our* children to pay for them!!! This will culminate in
the obvious acquisition of *nuclear bombs* by every Tom Dick and Harry
gangster. Little boys and girls in the getto with *neutron bombs* and
*poison gas missiles*! I shutter to think we could have stopped it but,
alas, we may have failed ourselves. Here are the target sites. I suggest
immediate offensive attacks to destroy these evil ports of death and
destruction....

Australia (Melbourne): archie.au//micros/mac/info-mac/util/pgp.hqx

Austria (Vienna): ftp.univie.ac.at//mac/info-mac/util/pgp.hqx

Canada (Vancouver): ftp.ucs.ubc.ca//pub/mac/info-mac/util/pgp.hqx

Finland (Espoo): ftp.funet.fi// pub/mac/info-mac/util/pgp.hqx

Finland (Jyvaskyla): ftp.jyu.fi//info-mac/util/MacPGP2.2.sea

Germany (Hannover): ftp.rrzn.uni-hannover.de//pub/info-mac/util/pgp.hqx

Japan (Tokyo): ftp.center.osaka-u.ac.jp//info-mac/util/pgp.hqx

Japan (Tokyo): ftp.iij.ad.jp//pub/info-mac/util/pgp.hqx

Japan (Tokyo): ftp.u-tokyo.ac.jp//pub/info-mac/util/pgp.hqx

Netherlands (Wageningen): ftp.fenk.wau.nl//pub/mac/info-mac/util/pgp.hqx

Republic of Singapore (Singapore): ftp.nus.sg//pub/mac/util/pgp.hqx

Sweden (Lund): ftp.lth.se//mac/info-mac/util/pgp.hqx.Z

Sweden (Uppsala): ftp.sunet.se//pub/mac/info-mac/util/pgp.hqx

Switzerland (Zurich): nic.switch.ch//mirror/info-mac/util/pgp.hqx

Taiwan (Hsinchu): ftp.edu.tw//Macintosh/info-mac/util/pgp.hqx

UK (London): src.doc.ic.ac.uk//packages/info-mac/util/pgp.hqx.gz

-----END ROT13 SIGNED MESSAGE-----

-----BEGIN ROT13 SIGNATURE-----
Whar fvkgu avargrra uhaqerq avargl sbhe. Sbhegubhfnaqgra punenpgref va
frirauhaqerqrvtuglrvtug jbeqf bs baruhaqerq yvarf.
-----END ROT13 SIGNATURE-----





From roy at sendai.cybrspc.mn.org  Tue Jun 14 21:02:30 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Tue, 14 Jun 94 21:02:30 PDT
Subject: (None)
In-Reply-To: <940614192510i8Ljgostin@eternal.pha.pa.us>
Message-ID: <940614.220133.1F2.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

jgostin at eternal.pha.pa.us writes:

> ghio at cmu.edu (Matthew Ghio) writes:
> 
>> I couldn't find alt.numbers.random, or any alt.numbers.* groups, on any of 
>> the news-servers that I tried.  Perhaps you need to newgroup it again.
>      According to David Lawrence's Usenet listing, alt.numbers.* doesn't
> exist. Unless it was created in the last two months, officially it doesn't
> exist. But since when did "officially not existing" mean something
> actually didn't exist?

I remember that little dustup in alt.config.  A single newgroup was
barraged with 9 or 8 rmgroups, along with an extra helping of flame.
FWIW, alt.numbers.random wasn't the first group proposed... it was
something like alt.numbers.interesting (followed by suggestions for
alt.numbers.odd, alt.numbers.even and so on).

Sending another newgroup will probably have as much effect as the first
one did. :-(

I suppose alt.is.doomed could be used for a pool.  I can set an
automoderator daemon on it.

OBcypherpunk:  Matt Blaze's paper (_Protocol Failure in the Escrowed
Encryption Standard_) is only available in Postscript format.  But at
my local Kinko's, the fascist session logging utility doesn't seem to
notice that 'copy /b a:eesproto.ps prn' in a DOS Prompt window causes
printing to happen. ;-)
- -- 
Roy M. Silvernail --  roy at sendai.cybrspc.mn.org
                   "I'm a family man, model citizen."
                                      -- Warren Zevon

-----BEGIN PGP SIGNATURE-----
Version: 2.3c

iQCVAgUBLf5xcxvikii9febJAQFkOgP/aSg00dUiAH5vNkZwBkGRnG+KtR8Yt2UC
diA4WrqOETDx77PG3PXJmlgfd3F6OdiJNEq175n3XcV9F0ksb9KMIFOQPB+69IDg
wTXrql7cv6K/p3muIu4t51i0ZkOCzLOadosOIowEhUW0UX/NEAdBnx77Fem0jtnW
JFMY5nFUQag=
=9nDX
-----END PGP SIGNATURE-----






From remailer-admin at chaos.bsu.edu  Tue Jun 14 21:06:16 1994
From: remailer-admin at chaos.bsu.edu (Anonymous)
Date: Tue, 14 Jun 94 21:06:16 PDT
Subject: No Subject
Message-ID: <199406150401.XAA09819@chaos.bsu.edu>


I mailed this about 5 minutes before the news of list death arrived, so
it didn't make it. Conspiracy! Anyway, I posted this to comp.org.eff.talk
and so far it has generated no interest.

The Cypherpunks have been mentioned in various articles in the mass media
as a group that would at least toy with the idea of civil disobedience
concerning ITAR violation. Imagine yourselves trying to topple ITAR
by publically exporting PGP to many countries, every day, for over a
year. Yet do any of us really want to push our luck this way? Phil
Zimmermann is out a lot of cash paying for a legal team. He can hardly
afford taking his family out for dinner.

That's why discovering this, I feel it should make *news*. As it turns
out, the internet's largest Macintosh ftp archive has been exporting
MacPGP2.2 every day for the last year! This to Singapore and China and
God knows where else. Every country on Earth with an internet connection,
likely.

Here is a satirical essay, explaining what anyone who takes ITAR at
face value might do if they discovered this situation....

-----BEGIN ROT13 SIGNED MESSAGE-----

Fellow citizens of the United States of America, I wish to inform you of a
great and ongoing catastrophe of most serious consequence.

It is organized crime, by definition. Below is the header for the MacPGP2.2
file on sumex-aim.stanford.edu, archived with dozens of other utilities, as
/info-mac/util/pgp.hqx, which has been there for *over a year*, many times
a week being *exported* onto info-mac mirrors around the world. This is the
most massive and organized absolute violation of the USA's ITAR munitions
export laws (regulations) we have ever witnessed. For an entire year,
weekly if not daily, the notorious encryptor PGP, right under our eyes,
exported!

I hope this is cleared up as soon as humanly possible, but we are all of us
left with the guilt of not having noticed this before. All this talk of
ITAR and there you are, your largest communal Mac ftp site pumping out PGP
across the border like a huge demonic machine bent on destroying our
beloved society. If the moderators cannot be contacted immediately, I
suggest military force be used. Or cooperative shutdown of the US internet
connections. Please begin this at once, as it *must* be stressed that PGP
is classified as a MUNITION, right along with rocket launchers and
tanks!!!!!!!! This is as serious as it gets.

I didn't even know what the internet *was* back in April of '93, and I am
but one in a million (literally) who has access to sumex-aim.stanford.edu
and all its mirror sites. It must have been my destiny to save the world,
for none of *you* seem interested in doing so. It has only been an hour
since I discovered this NATIONAL SECURITY DISASTER, and I immediately
set myself in action to save my country from destruction.

*I*YoU*mE*We*OiwIE*wE*yOU*Me*I*

P.S. Here is the evidence:

>From: macmod at SUMEX-AIM.Stanford.EDU (Info-Mac Moderator)
>Date: Sun, 25 Apr 1993 23:22:58 PDT
>
>PGP (Pretty Good Privacy) ver 2.2 - RSA public-key encryption freeware
>for MSDOS, protects E-mail.  Lets you communicate securely with people
>you've never met, with no secure channels needed for prior exchange of
>keys.  Well featured and fast!  Excellent user documentation.
>
>PGP has sophisticated key management, an RSA/conventional hybrid
>encryption scheme, message digests for digital signatures, data
>compression before encryption, and good ergonomic design.  Source
>code is free.
>
>Keywords:   PGP, Pretty Good Privacy, RSA, public key, encryption,
>            privacy, authentication, signatures, email
>
>(This file must be converted with BinHex 4.0)
>
>:$8eKBe"(8$)Z-LjcC@%!39"36'&eFh3J!!!$@3X!!%DFIea6593K!!%!!eN,FNa
....

A-1993 Philip Zimmermann, Phil's Pretty Good Software. 6 Mar 93
>Date: 1994/06/12 16:10 GMT

I further suggest that all of the following sites (but a sample)
immediately remove this file from their archives and stop mirroring
sumex-aim till they too remove the file.

To keep this from happening again, I suggest *all of us* in the USA delete
our copies of PGP from our hard disks, lest our children export it into the
hands of such enemy nations as these. It is time we put an end to this
scourge, for look what will happen if we do not. Pornographers and
terrorists are coming for our children if we do not act. Death to PGP
users!!!!!!!!!!!!!!! Where is our government in all of this? Our tax
dollars are not being used to protect us from the EXPORT OF MUNITIONS TO
ENEMY NATIONS!!!!!

I suggest full prosecution of all users and maintainers of sumex-aim, as
they have all obviously conspired to maintain this treachery. I suggest
they all be searched for other weapons as well including land mines,
automatic machine guns, poison gases, biological weaponry and mind control
devices of all sorts, as it is my firm belief that the only reason they are
interested in PGP is to forward their agenda to export other munitions,
drugs pushed on *our* children to pay for them!!! This will culminate in
the obvious acquisition of *nuclear bombs* by every Tom Dick and Harry
gangster. Little boys and girls in the getto with *neutron bombs* and
*poison gas missiles*! I shutter to think we could have stopped it but,
alas, we may have failed ourselves. Here are the target sites. I suggest
immediate offensive attacks to destroy these evil ports of death and
destruction....

Australia (Melbourne): archie.au//micros/mac/info-mac/util/pgp.hqx

Austria (Vienna): ftp.univie.ac.at//mac/info-mac/util/pgp.hqx

Canada (Vancouver): ftp.ucs.ubc.ca//pub/mac/info-mac/util/pgp.hqx

Finland (Espoo): ftp.funet.fi// pub/mac/info-mac/util/pgp.hqx

Finland (Jyvaskyla): ftp.jyu.fi//info-mac/util/MacPGP2.2.sea

Germany (Hannover): ftp.rrzn.uni-hannover.de//pub/info-mac/util/pgp.hqx

Japan (Tokyo): ftp.center.osaka-u.ac.jp//info-mac/util/pgp.hqx

Japan (Tokyo): ftp.iij.ad.jp//pub/info-mac/util/pgp.hqx

Japan (Tokyo): ftp.u-tokyo.ac.jp//pub/info-mac/util/pgp.hqx

Netherlands (Wageningen): ftp.fenk.wau.nl//pub/mac/info-mac/util/pgp.hqx

Republic of Singapore (Singapore): ftp.nus.sg//pub/mac/util/pgp.hqx

Sweden (Lund): ftp.lth.se//mac/info-mac/util/pgp.hqx.Z

Sweden (Uppsala): ftp.sunet.se//pub/mac/info-mac/util/pgp.hqx

Switzerland (Zurich): nic.switch.ch//mirror/info-mac/util/pgp.hqx

Taiwan (Hsinchu): ftp.edu.tw//Macintosh/info-mac/util/pgp.hqx

UK (London): src.doc.ic.ac.uk//packages/info-mac/util/pgp.hqx.gz

-----END ROT13 SIGNED MESSAGE-----

-----BEGIN ROT13 SIGNATURE-----
Whar fvkgu avargrra uhaqerq avargl sbhe. Sbhegubhfnaqgra punenpgref va
frirauhaqerqrvtuglrvtug jbeqf bs baruhaqerq yvarf.
-----END ROT13 SIGNATURE-----





From koontzd at lrcs.loral.com  Tue Jun 14 21:16:58 1994
From: koontzd at lrcs.loral.com (David Koontz )
Date: Tue, 14 Jun 94 21:16:58 PDT
Subject: (None)
Message-ID: <9406150416.AA00333@io.lrcs.loral.com>


>OBcypherpunk:  Matt Blaze's paper (_Protocol Failure in the Escrowed
>Encryption Standard_) is only available in Postscript format.  But at
>my local Kinko's, the fascist session logging utility doesn't seem to
>notice that 'copy /b a:eesproto.ps prn' in a DOS Prompt window causes
>printing to happen. ;-)

An ascii version of the paper is available on:

ftp.eff.org:/pub/EFF/Policy/Crypto/Clipper,

the filename is ees_flaw_blaze.paper 

around 35K bytes





From an60011 at anon.penet.fi  Tue Jun 14 22:10:36 1994
From: an60011 at anon.penet.fi (Ezekial Palmer)
Date: Tue, 14 Jun 94 22:10:36 PDT
Subject: How many on cypherpunks?
In-Reply-To: <gate.47DXNc1w165w@dxm.ernet.in>
Message-ID: <199406150451.AA14626@xtropia>


-----BEGIN PGP SIGNED MESSAGE-----

    From: rishab at dxm.ernet.in
    Date: Tue, 14 Jun 94 15:48:14 +0530
    Subject: How many on cypherpunks?
    
    They came for the Jews,
    and I was silent because I was not a Jew;
    They came for the Trade Unionists,
    and I did not protest, because I did not
    belong to a trade union;
    They came for the Catholics, and I said nothing
    because I was not a Catholic;
    And then they came for me.
    There was no one left to say anything...

    ----Father Niemoeller

So, why'd you "forget" the start of the quote??

Zeke


In Germany they first came for the Communists, and I didn't speak up because I
wasn't a Communist. Then they came for the Jews, and I didn't speak up because
I wasn't a Jew.  Then they came for the trade unionists, and I didn't speak up
because I wasn't a trade unionist.  Then they came for the Catholics, and I
didn't speak up because I was a Protestant.  Then they came for me -- and by
that time no one was left to speak up.

Pastor Martin Niemoller

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLf5e/BVg/9j67wWxAQFhegP+OSa9YOou6rJZHCiyMkc4ZAEUSf7NicYo
SPJnkkKJZQq/x/mhggb/x8uXKXwYefK/JwI9ZhOaGxDefG4psaV0/2AlgQgZXjdf
82QQVlYwsfOoG8f+xnZWWguR/8QgpsEfMTp2uXIQX46opZg0FYTtU5GvSjXPZoZ2
U4KgWwrig6M=
=Ynhj
-----END PGP SIGNATURE-----





From catalyst-remailer at netcom.com  Tue Jun 14 22:20:18 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Tue, 14 Jun 94 22:20:18 PDT
Subject: Cantwell Bill
Message-ID: <199406150520.WAA29391@mail.netcom.com>


Mr. Gillogly wrote,

>The reason I don't consider your Stunning Revelation an important news
>flash is that it's just one example of the many ways crypto is actually
>exported.  For example, PGP 2.6 was overseas within hours of its release.

That was a single ITAR violation. This is thousands.

>A more direct comparison is with DES: NIST has DES code available in
>soft copy in Appendix A of its publication fips181.txt, accessible in
>their public FTP directory with no warnings about export restrictions.

Huh? Who would want to export DES? That wont have any influence on people's
politics. PGP is a hot topic. *It's* export is all that people think about.

>The Cantwell stuff is extremely important for commercial products, but
>for private crypto (e.g. non-profit and non-infringing PGP
>implementations) it simply decriminalizes the existing vigorous export
>activity; rather like decriminalizing the use of marijuana.

The sumex case is like a huge year-long "smoke-in", the sort of thing
that might lead to *legalization* of hemp, if the lay public were aware
of it. "Private crypto" (PGP in all its guises) is becoming a standard,
yet its future development has been and still is being severely crippled
by ITAR worries among many who would otherwise be active core PGP
developers. Cantwell, in my eyes, is about *PGP*. I'm all for commercial
RSA, but unless I can send a friend a free copy of it, the hell with it.

Also remember commercial crypto hardly ever comes with source code!
Colin found a serious bug in PGP2.6 where one character was left out
in the crypto code. I believe it was someone else who pointed this out
to him. Had this happened with ViaCrypt PGP or "Microsoft Encrypt",
would you expect it to be found? How can you *trust* a commercial
crypto routine if the exact and compilable source code is not available?

And if PGP does become a standard, why do you want to pay for it 8-) ?
So you wont have to waste the time looking for backdoors in the source?

P.S. Sorry for the multiple posting, but I figured the remailer I used
was dead, since it was, for a day.





From crame001 at hio.tem.nhl.nl  Wed Jun 15 00:33:47 1994
From: crame001 at hio.tem.nhl.nl (ER CRAMER)
Date: Wed, 15 Jun 94 00:33:47 PDT
Subject: Dead list???
Message-ID: <9406150827.AA01862@hio.tem.nhl.nl>


-----BEGIN PGP SIGNED MESSAGE-----

Is this list dead or isn't nobody writing on it??? Or ain't I subscribed
anymore???

... If you outlaw Privacy, only Outlaws will have Privacy!

Eelco Cramer <crame001 at hio.tem.nhl.nl> ------
- --------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLf67RIDAdPKe9hHLAQF6xwQAuK3c/+gEKuws22S2Qh9qXveCKHSUw5WE
tCrRpMUU2zcKGbZMRaGGF2UOuElT0v5jxfENYL1XQlSvlNTPMSLOFkFQ0T3XV1oh
DnDl0tctgU8dwSxTqGKRuAfYQ5cuyqWPLc9TBMk6mMz7xCJJwIb3oGDtSvTlX0/L
0k8KyObm8yI=
=um6V
-----END PGP SIGNATURE-----




From chongo at ncd.com  Wed Jun 15 02:14:03 1994
From: chongo at ncd.com (Landon Curt Noll)
Date: Wed, 15 Jun 94 02:14:03 PDT
Subject: LAST CALL: Crypto export bill - one day left to make or break!
In-Reply-To: <199406150304.XAA07676@eff.org>
Message-ID: <9406150130.ZM2228@hansen.ncd.com>


Subject: LAST CALL: Crypto export bill - one day left to make or break!
*DISTRIBUTE WIDELY AND QUICKLY*

ONE DAY DEADLINE!  The House Intelligence Committee will probably make their
decision on the vital issue of cryptography export tomorrow afternoon, Wed.
June 15, 1994.  If you've not had your say on whether the State Dept. & NSA
will be allowed to continue to restrict the flow of public cryptographic
products, write, call and fax *today*.  Updated fax information for the
entire Intelligence Cmte. is below, as is a sample letter, and background
information on this important legislative action.  If you don't get
through on your first fax attempt, keep trying.  All of these numbers
have been tested and are working as of June 14.

******* What You Can Do

1) Fax a short letter TODAY to the chair of the Intelligence
Committee, Representative Dan Glickman (D-KS).  Ask him in your own
words to leave the encryption provisions of H.R. 3937 intact. 
You may wish to send a copy of this to the committee itself also.
Fax number: +1 202 225 5398      Committee fax: +1 202 225 1991

2) If you are unable to fax a letter, send an e-mail message to Rep.
Glickman at glickman at eff.org.  We'll deliver it for you, provide it
arrives before noon, at which point all such messages must be delivered.

3) Personally urge everyone you know to send a similar fax to
Rep. Glickman TODAY, especially if they are among Glickman's Kansas
constituents.

4) If your own Representative is on the Intelligence Committee, send
him or her a copy of what you sent Rep. Glickman.

******* Phone and Fax Numbers 

House Intelligence Committee 
----------------------------
Subcommittee phone:  +1 202 225 4121
Subcommittee fax:    +1 202 225 1991    <== send your fax HERE <==

p st name                     phone             fax
___________________________________________________________________________
D KS Glickman, Daniel         +1 202 225 6216   +1 202 225 5398    Chair
D WA Dicks, Norman D.         +1 202 225 5916   +1 202 226 1176
D CA Dixon, Julian C.         +1 202 225 7084   +1 202 225 4091
D NJ Torricelli, Robert       +1 202 224 5061   +1 202 225 0843
D TX Coleman, Ronald D.       +1 202 225 4831   +1 202 225 4831
 [Coleman's staff manually switch line to fax if they hear fax tones.
 Preceeding your fax with a voice call might help]
D CO Skaggs, David E.         +1 202 225 2161   +1 202 225 9127
D NV Bilbray, James H.        +1 202 225 5965   +1 202 225 8808
D CA Pelosi, Nancy            +1 202 225 4965   +1 202 225 8259
D TX Laughlin, Gregory H.     +1 202 225 2831   +1 202 225 1108
D AL Cramer Jr, Robert (Bud)  +1 202 225 4801   private
D RI Reed, John F.            +1 202 225 2735   +1 202 225 9580
D MO Gephardt, Richard A.     +1 202 225 2671   +1 202 225 7452
R TX Combest, Larry           +1 202 225 4005   +1 202 225 9615
R NE Bereuter, Douglas        +1 202 225 4806   +1 202 226 1148
R CA Dornan, Robert K.        +1 202 225 2965   private
 [Dornan's public fax disconnected; office refuses to divulge a fax number]
R FL Young, C. W. (Bill)      +1 202 225 5961   +1 202 225 9764
R PA Gekas, George W.         +1 202 225 4315   +1 202 225 8440
R UT Hansen, James V.         +1 202 225 0453   +1 202 225 5857
R CA Lewis, Jerry             +1 202 225 5861   +1 202 225 6498
R IL Michel, Robert H.        +1 202 225 6201   +1 202 225 9461

****** Sample Fax

FAX to:  202-225-1991 and 202-225-5398

Representative Daniel Glickman
Chair
House Intelligence Committee
U.S House of Representatives

Dear Representative Glickman:

I realize that tomorrow your committee will probably act on the encryption
provisions of H.R. 3937, the Export Administration Act of 1994.  I urge
that you allow them to remain as they were introduced in Rep. Cantwell's 
H.R. 3627, and subsequently incorporated into H.R. 3937. Privacy is the
basis for my concern, and I support the ability to use secure encryption. 
Additionally, prohibiting the export of secure cryptography from the United
States puts the U.S. at a competitive disadvantage internationally, for who
would choose to use crypography known to be insecure (such as the "Clipper
Chip", or products intentionally weakened to pass excessively stringent
export restrictions)?  Please, support privacy and security by preserving
the cryptography export language of H.R. 3937.

<signed>

****** More Information

Detailed background information on this alert:

  ftp.eff.org, /pub/Alerts/export.alert
  gopher.eff.org, 1/Alerts, export.alert
  http://www.eff.org/pub/Alerts/export.alert.html
  BBS (+1 202 638 6119, 6120; 8N1): "Alerts" file area, export.alt

The actual text of this part of H.R. 3937 is at:

  ftp: ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt
  gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export, hr3937_crypto.excerpt
  http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt
  BBS: "Privacy--Crypto" file area, hr3937.crp

For current status on the bill:

  ftp.eff.org, /pub/Alerts/export_alert.update
  gopher.eff.org, 1/Alerts, export_alert.update
  http://www.eff.org/pub/Alerts/export_alert.update
  BBS: "Alerts" file area, export.upd

A general Web page on crypto export policy is at:

  http://www.cygnus.com/~gnu/export.html


-- 
Sunnyvale City Councilmember and Employee of Network Computing Devices.






From whitaker at dpair.csd.sgi.com  Wed Jun 15 05:39:30 1994
From: whitaker at dpair.csd.sgi.com (Russell Whitaker)
Date: Wed, 15 Jun 94 05:39:30 PDT
Subject: Dead list???
In-Reply-To: <9406150827.AA01862@hio.tem.nhl.nl>
Message-ID: <9406150537.ZM22610@dpair.csd.sgi.com>


On Jun 15,  9:27am, ER CRAMER wrote:
> Subject: Dead list???
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Is this list dead or isn't nobody writing on it??? Or ain't I subscribed
> anymore???
>

PING

If you see this, ain't dead.

> ... If you outlaw Privacy, only Outlaws will have Privacy!
>
> Eelco Cramer <crame001 at hio.tem.nhl.nl> ------
> - --------------------------------------------------
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6
>
> iQCVAgUBLf67RIDAdPKe9hHLAQF6xwQAuK3c/+gEKuws22S2Qh9qXveCKHSUw5WE
> tCrRpMUU2zcKGbZMRaGGF2UOuElT0v5jxfENYL1XQlSvlNTPMSLOFkFQ0T3XV1oh
> DnDl0tctgU8dwSxTqGKRuAfYQ5cuyqWPLc9TBMk6mMz7xCJJwIb3oGDtSvTlX0/L
> 0k8KyObm8yI=
> =um6V
> -----END PGP SIGNATURE-----
>
>-- End of excerpt from ER CRAMER



--
Russell Earl Whitaker			    whitaker at csd.sgi.com
Silicon Graphics Inc.
Technical Assistance Center / Centre D'Assistance Technique /
  Tekunikaru Ashisutansu Sentaa
Mountain View CA     			    (415) 390-2250
================================================================
#include <std_disclaimer.h>









From hugh at ecotone.toad.com  Wed Jun 15 06:11:05 1994
From: hugh at ecotone.toad.com (Hugh Daniel)
Date: Wed, 15 Jun 94 06:11:05 PDT
Subject: LIST: List Maintenance
Message-ID: <9406151308.AA08731@ ecotone.toad.com>


  I have restored the backup of the list from June 11th, and merged it
with the list as of a few minutes ago.
  Some list users who signed up again in the last three days are now
signed up twice for the list (due to signing up from a different
machine or having changed your name).  If you are getting two copyies
of the posting to the list, send majordomo at toad.com a "unsubscribe
cypherpunks" command from the machine that you don't want the list
going to.
  If you still have problems after trying that, please contact us via
cypherpunks-owner at toad.com or majordomo-owner at toad.com and we will fix
it by hand.
  Enjor, and write code and doc!

		||ugh Daniel
		Sometimes Postmaster
		hugh at toad.com





From whitaker at dpair.csd.sgi.com  Wed Jun 15 06:27:01 1994
From: whitaker at dpair.csd.sgi.com (Russell Whitaker)
Date: Wed, 15 Jun 94 06:27:01 PDT
Subject: LAST CALL: Crypto export bill - one day left to make or break!
In-Reply-To: <199406150304.XAA07676@eff.org>
Message-ID: <9406150625.ZM22745@dpair.csd.sgi.com>


On Jun 15,  1:30am, Landon Curt Noll wrote:
> Subject: Re: LAST CALL: Crypto export bill - one day left to make or break
> Subject: LAST CALL: Crypto export bill - one day left to make or break!
> *DISTRIBUTE WIDELY AND QUICKLY*
>
[text elided for brevity]

> House Intelligence Committee
> ----------------------------
> Subcommittee phone:  +1 202 225 4121
> Subcommittee fax:    +1 202 225 1991    <== send your fax HERE <==
>

If you call the above telephone (voice) number, a woman will answer and take a
message for delivery to the chairman's office.  I assume mine (I called a few
minutes ago) was added to the "oh my, lots of calls" pile.

Call now.  Mention H.R. 3937 explicitly, and your *reasons* for supporting
leaving in the encryption provisions (e.g. "harms American competitiveness
abroad", etc.; language they might understand).

--
Russell Earl Whitaker			    whitaker at csd.sgi.com
Silicon Graphics Inc.
Technical Assistance Center / Centre D'Assistance Technique /
  Tekunikaru Ashisutansu Sentaa
Mountain View CA     			    (415) 390-2250
================================================================
#include <std_disclaimer.h>









From bchappe%sunoco at relay.nswc.navy.mil  Wed Jun 15 06:53:58 1994
From: bchappe%sunoco at relay.nswc.navy.mil (Brett Chappell)
Date: Wed, 15 Jun 94 06:53:58 PDT
Subject: Waco in cyberspace
Message-ID: <9406151353.AA00626@sillyputty.b35ita.sunoco>


>
>In the June 6 issue of the New Yorker is an interesting story by  
>John Seabrook (who did the email interview with Bill Gates) about  
>getting flamed and how violated and uspset it made him. Lots of not 
>explicitly stated suggestion that maybe somebody will need to control 
>all this, and some very confusing material suggesting to the non-technical
>that viruses or worms may be sent via email messages. "Is this free speech?".
>But the chilling passage in the article is on page 77 where the writer says
> 
>>Dr. Clinton C. Brooks, the N.S.A.'s lead scientist on the Clipper Chip 
>>told me, "You won't have a Waco in Texas, you'll have a Waco in cyberspace.
>>You could have a cult, spaeking to each other through encyrption, that 
>>suddenly erupts in society - well programmed, well organized - and then
>>suddenly disappears again."
> 
>Getting scared yet? 
> 
>-Steve




From landmann at facstaff.wisc.edu  Wed Jun 15 08:16:15 1994
From: landmann at facstaff.wisc.edu (Thomas Landmann)
Date: Wed, 15 Jun 94 08:16:15 PDT
Subject: Waco in cyberspace
Message-ID: <199406151513.KAA01664@audumla.students.wisc.edu>


At 09:53 6/15/94 +0500, Brett Chappell wrote:
>>>Dr. Clinton C. Brooks, the N.S.A.'s lead scientist on the Clipper Chip
>>>told me, "You won't have a Waco in Texas, you'll have a Waco in cyberspace.
>>>You could have a cult, spaeking to each other through encyrption, that
>>>suddenly erupts in society - well programmed, well organized - and then
>>>suddenly disappears again."

The folks in Waco hadn't committed any great crime, and would have
continued in their secluded existence for quite some time had the ATF not
seen fit to provide a catalyst.

I suppose that cyberspace, with its potential anonymity and privacy, would
be the stuff ATF nightmares are made of..  NO DOORS TO KICK DOWN, and GUNS
are PRETTY USELESS in CYBERSPACE!! :-)

-Tom


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Thomas Landmann                       E-mail: landmann at facstaff.wisc.edu
DoIT Network Systems Technology       Compuserve: 76020,2055
1210 W Dayton Street, Rm 4220         AX.25: N9UDL @ WD9ESU.#SCWI.WI.NOAM
Office: 608.263.1650                  Home: 608.277.1115
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
>>>         Waiting for "Chicago"?  Try Linux *NOW* instead!          <<<







From ecarp at netcom.com  Wed Jun 15 08:27:55 1994
From: ecarp at netcom.com (Ed Carp)
Date: Wed, 15 Jun 94 08:27:55 PDT
Subject: instructions on how to get PGP 2.6
Message-ID: <199406151528.IAA16693@netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Could someone email me the directions on how and where to get PGP 2.6?  I have
the directions, but they're sitting at home in my mailbox, and I'm 2 hour away
from home. :(

Thanks in advance... :)
- -- 
Ed Carp, N7EKG/VE3			Ed.Carp at linux.org, ecarp at netcom.com
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi
If you want magic, let go of your armor.  Magic is so much stronger than
steel!        -- Richard Bach, "The Bridge Across Forever"

-----BEGIN PGP SIGNATURE-----
Version: 2.5

iQCVAgUBLf8d8SS9AwzY9LDxAQGMrgP/UobsKNKlYJgJDJJkgM1I9JF5P4jnXaYW
QD4/3WzMkMdnI0+hxWTMRfgFru3gXoG7gCeE8qXyhzr0s2VkK4VJOD0t1fEMar6D
Sxwbwj847ecymIEIc+lFTVPalEOmpQfYILJ/RKQzlZ2weMKh1hzbL9681LDiedIa
VtUtZE20TmA=
=LcB6
-----END PGP SIGNATURE-----




From ecarp at netcom.com  Wed Jun 15 09:03:15 1994
From: ecarp at netcom.com (Ed Carp)
Date: Wed, 15 Jun 94 09:03:15 PDT
Subject: instructions on how to get PGP 2.6
Message-ID: <199406151602.JAA21043@netcom.com>


Thanks to the folks who responded to this - I got the instructions, and
retrieved pgp 2.6.

Thanks again for the very swift responses! :)
-- 
Ed Carp, N7EKG/VE3			Ed.Carp at linux.org, ecarp at netcom.com
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi
If you want magic, let go of your armor.  Magic is so much stronger than
steel!        -- Richard Bach, "The Bridge Across Forever"




From jim at bilbo.suite.com  Wed Jun 15 09:52:04 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Wed, 15 Jun 94 09:52:04 PDT
Subject: NIST's ftp site
Message-ID: <9406151650.AA23394@bilbo.suite.com>



A couple of days ago, somebody mentioned that NIST's public ftp site  
contained the FIPS for DES in text form (I think the post was in a reply  
to "Massive ITAR Violation!").  Could somebody mail me a copy of that  
post, I deleted it and now I wish I hadn't.  Also, what is the Internet  
address of NIST's ftp site?

Thanks,

Jim_Miller at suite.com





From lstanton at sten.lehman.com  Wed Jun 15 10:59:32 1994
From: lstanton at sten.lehman.com (Linn Stanton)
Date: Wed, 15 Jun 94 10:59:32 PDT
Subject: Waco in cyberspace
In-Reply-To: <199406151513.KAA01664@audumla.students.wisc.edu>
Message-ID: <9406151800.AA02080@sten.lehman.com>


In message <199406151513.KAA01664 at audumla.students.wisc.edu>you write:
  > I suppose that cyberspace, with its potential anonymity and privacy, would
  > be the stuff ATF nightmares are made of..  NO DOORS TO KICK DOWN, and GUNS
  > are PRETTY USELESS in CYBERSPACE!! :-)

I think what really upsets the ATF/FBI is that people sitting at computers
simply doesn't make good footage for TV.

An agent typing "HALT!! Hit enter and I'll flame you!" just won't cut it on
the six o`clock news.

No press, no promotion.

"Bad cop! No keyboard!"?




From paul at hawksbill.sprintmrn.com  Wed Jun 15 11:10:38 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Wed, 15 Jun 94 11:10:38 PDT
Subject: NIST's ftp site
In-Reply-To: <9406151650.AA23394@bilbo.suite.com>
Message-ID: <9406151912.AA16428@hawksbill.sprintmrn.com>



> 
> A couple of days ago, somebody mentioned that NIST's public ftp site  
> contained the FIPS for DES in text form (I think the post was in a reply  
> to "Massive ITAR Violation!").  Could somebody mail me a copy of that  
> post, I deleted it and now I wish I hadn't.  Also, what is the Internet  
> address of NIST's ftp site?
>

cs-bbs.ncsl.nist.gov or 129.6.54.30


Cheers,

 
_______________________________________________________________________________
Paul Ferguson                         
US Sprint 
Managed Network Engineering                        tel: 703.904.2437 
Herndon, Virginia  USA                        internet: paul at hawk.sprintmrn.com




From Banisar at epic.org  Wed Jun 15 11:36:19 1994
From: Banisar at epic.org (David Banisar)
Date: Wed, 15 Jun 94 11:36:19 PDT
Subject: Brooks Statement on Crypto
Message-ID: <9406141420.AA25852@Hacker2.cpsr.digex.net>


  The following statement by Rep. Jack Brooks (D-TX) was today 
  entered in the Congressional Record and transmitted to the 
  House Intelligence Committee.  Rep. Brooks is Chairman of the 
  House Judiciary Committee and played a key role in the 
  passage of the Computer Security Act of 1987 when he served 
  as Chairman of the House Government Operations Committee.
  
  David Sobel <sobel at epic.org>
  Legal Counsel
  Electronic Privacy Information Center
  
  
  =============================================================
  
                 ENCRYPTION POLICY ENDANGERS U.S. 
              COMPETITIVENESS IN GLOBAL MARKETPLACE
  
  
       For some time now, a debate has been raging in the media 
  and in the halls of Congress over the Administration's 
  intention to require U.S. corporations to use and market the 
  Clipper Chip, an encryption device developed in secret by the 
  National Security Agency.
  
       The Clipper Chip will provide industry and others with 
  the ability to encode telephone and computer communications.  
  The use of the Clipper Chip as the U.S. encryption standard 
  is a concept promoted by both the intelligence and law 
  enforcement communities because it is designed with a back 
  door to make it relatively easy for these agencies to listen 
  in on these communications.
  
       The law enforcement and intelligence communities have a 
  legitimate concern that advances in technology will make 
  their jobs more difficult.  But the issue here is whether 
  attempts to restrict the development, use and export of 
  encryption amounts to closing the barn door after the horse 
  has already escaped.
  
       The notion that we can limit encryption is just plain 
  fanciful.  Encryption technology is available worldwide -- 
  and will become more available as time goes on.
  
       First, generally available software with encryption 
  capabilities is sold within the U.S. at thousands of retail 
  outlets, by mail, even, over the phone.  These programs may 
  be transferred abroad in minutes by anyone using a public 
  telephone line and a computer modem.
  
       Second, it is estimated that over 200 products from  
  some 22 countries -- including Great Britain, France, 
  Germany, Russia, Japan, India, and South Africa -- use some 
  form of the encryption that the Government currently 
  prohibits U.S. companies from exporting.  According to the 
  May 16, 1994 issue of _Fortune_, not only are U.S. companies 
  willing to purchase foreign encryption devices, American 
  producers of encrypted software are also moving production 
  overseas to escape the current export controls.
  
       Third, encryption techniques and technology are well 
  understood throughout the world.  Encryption is routinely 
  taught in computer science programs.  Text books explain the 
  underlying encryption technology.  International 
  organizations have published protocols for implementing high 
  level encryption.  Actual implementations of encryption -- 
  programs ready to use by even computer novices -- are on the 
  Internet.
  
       The only result of continued U.S. export controls is   
  to threaten the continued preeminence of America's computer 
  software and hardware companies in world markets.  These 
  restrictive policies jeopardize the health of American 
  companies, and the jobs and revenues they generate.
  
       I support, therefore, the immediate revision of current 
  export controls over encryption devices to comport with the 
  reality of worldwide encryption availability.
  
       I believe law enforcement and the intelligence community 
  would be better served by finding real, and targeted ways to 
  deal with international terrorists and criminals rather than 
  promoting scattershot policies, which restrict American 
  industries' ability to design, produce and market technology.
  
       Now -- more than ever -- we cannot afford to harm our 
  economic competitiveness and justify it in the name of 
  national security.
  







From jim at bilbo.suite.com  Wed Jun 15 12:26:41 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Wed, 15 Jun 94 12:26:41 PDT
Subject: [ANSWER] NIST's ftp site
Message-ID: <9406151925.AA25875@bilbo.suite.com>



Thanks to all who responded to my question.

The answer is:  csrc.ncsl.nist.gov

Also, apparently, source for DES was in Appendix A of the file  
"/pub/nistpubs/fips181.txt".  However, it was removed and replaced with  
the following:

                                                 Appendix A

This section contained a listing of the source code referenced in the
Automated Password Generator Standard.  This section is not available
in electronic form.

Complete copies of FIPS 181, including this appendix, may be purchased
in hardcopy from the National Technical Information Service (NTIS) via
mail or telephone.

	National Technical Information Service
	U.S. Department of Commerce
	5285 Port Royal Road 

	Springfield, VA 22161
	(703) 487-4650

	Order by FIPSPUB181
	Price: $22.50

(Same address and phone number for discount prices on quantity orders.)

--------------

I wonder if they'll ship to an address outside of the US or Canada?  I  
wonder if the people who package and mail the stuff even look at it?

Jim_Miller at suite.com






From frissell at panix.com  Wed Jun 15 12:32:04 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 15 Jun 94 12:32:04 PDT
Subject: Decline and Fall
Message-ID: <199406151931.AA11812@panix.com>


Decline and Fall of the Nation State:

Tuesday's WSJ had an article on how private money market funds are 
starting to jawbone foreign governments just like the World Bank used to.

Case cited was Fidelity Investments calling Mexican bank officials during 
the Peso crisis after the recent assasination.  They said "we'll invest 
another $18 billion (of ours and other fund's money) if you do what we say 
and if not..."

DCF

"If they hadn't killed quite so many people, you'd almost have to feel 
sorry for them."

--- WinQwk 2.0b#1165
                                                                                                      





From CCGARY at MIZZOU1.missouri.edu  Wed Jun 15 12:53:38 1994
From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers)
Date: Wed, 15 Jun 94 12:53:38 PDT
Subject: Cypherpunks' mail database does exist
Message-ID: <9406151953.AA03754@toad.com>


   Vincent, you  state that a fully archived, indexed cypherpunks
mailing list exists as:
http://pmip.maricopa.edu/crypt/cypherpunks/cypherpunks.src
Ok, so I ftp'ed to pmip.maricopa.edu & tried to get to cypherpunks.src,
but even the subdirectories weren't there. I suspect that http does
not imply that we ftp. What communication method is this called & how
do we use it? I send this public instead of private as I suspect that
a lot of lurkers don't know what is going on either.
                                                       Yours Truly,
                                                       Gary Jeffers





From mech at eff.org  Wed Jun 15 13:25:12 1994
From: mech at eff.org (Stanton McCandlish)
Date: Wed, 15 Jun 94 13:25:12 PDT
Subject: Rep. Brooks speaks out against export controls -- DO NOT DIST
Message-ID: <199406152019.QAA05407@eff.org>


Rep. Brooks submitted the following statment on encryption export controls
today.  You may with to send a "thanks" or "great statement" note of kudos
to Rep. Brooks (Chair of the House Judiciary Cmte., and longtime detractor
of Clipper. He's involved in these issues on several fronts.)

NOTE: Even after today, keep faxing, calling, writing.  It DOES make a
difference.  If the bill is butchered, express your opinion on that.  It
won't get changed otherwise.  If it passes the Intell. Cmte. with flying
colors, send notes of thanks and approval.  GET INVOLVED, otherwise
politics control the people instead of vice versa.


*****************************************************************************

Floor Statement of Congressman Jack Brooks
U.S. House of Representatives
re:  Encryption Export Controls
June 15, 1994

ENCRYPTION POLICY ENDANGERS U.S. COMPETITIVENESS
IN GLOBAL MARKETPLACE


        For some time now, a debate has been raging in the media and in the
halls of Congress over the Administration's intention to require U.S.
corporations to use and market the Clipper Chip, an encryption device
developed in secret by the National Security Agency.

        The Clipper Chip will provide industry and others with the ability
to encode telephone and computer communications.  The use of the Clipper
Chip as the U.S. encryption standard is a concept promoted by both the
intelligence and law enforcement communities because it is designed with a
back door to make it relatively easy for these agencies to listen in on
these communications.

        The law enforcement and intelligence communities have a legitimate
concern that advances in technology will make their jobs more difficult. 
But the issue here is whether attempts to restrict the development, use and
export of encryption amounts to closing the barn door after the horse has
already escaped.

        The notion that we can limit encryption is just plain fanciful. 
Encryption technology is available worldwide -- and will become more
available as time goes on.

        First, generally available software with encryption capabilities is
sold within the U.S. at thousands of retail outlets, by mail, even over the
phone.  These programs may be transferred abroad in minutes by anyone using
a public telephone line and a computer modem.

        Second, it is estimated that over 200 programs from some 22
countries -- including Great Britain, France, Germany, Russia, Japan,
India, and South Africa -- use some form of encryption that the government
currently prohibits U.S. companies from exporting.  And this is just the
beginning.  According to the May 16, 1994 issue of _Fortune_ , not only
are U.S. companies willing to purchase foreign encryption devices, American
produces of encrypted software are also moving production overseas to
escape the current U.S. export controls.

        Third, encryption techniques and technology are well understood
throughout the world.  Encryption is routinely taught in computer science
programs.  Text books explain the underlying encryption technology. 
International organizations have published protocols for implementing high
level encryption.  Actual implementations of encryption -- programs ready
to use by even computer novices -- are on the Internet.

        The only result of continued U.S. export controls is to threaten
the continued preeminence of America's computer software and hardware
companies in the world markets.  These restrictive policies jeopardize the
health of American companies, and the jobs and revenues they generate.

        I support, therefore, the immediate revision of current export
controls over encryption devices to comport with the reality of worldwide
encryption availability.

        I believe law enforcement and the intelligence community would be
better served by finding real, and targeted ways to deal with international
terrorists and criminals rather than promoting scattershot policies, which
restrict American industries' ability to design, produce, and market
technology.

        Now -- more than ever -- we cannot afford to harm our economic
competitiveness and justify it in the name of National Security.


*****************************************************************************

-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From whitaker at dpair.csd.sgi.com  Wed Jun 15 13:38:06 1994
From: whitaker at dpair.csd.sgi.com (Russell Whitaker)
Date: Wed, 15 Jun 94 13:38:06 PDT
Subject: Cypherpunks' mail database does exist
In-Reply-To: <9406151953.AA03754@toad.com>
Message-ID: <9406151335.ZM23855@dpair.csd.sgi.com>


On Jun 15,  2:51pm, Gary Jeffers wrote:
> Subject: Cypherpunks' mail database does exist
>    Vincent, you  state that a fully archived, indexed cypherpunks
> mailing list exists as:
> http://pmip.maricopa.edu/crypt/cypherpunks/cypherpunks.src
> Ok, so I ftp'ed to pmip.maricopa.edu & tried to get to cypherpunks.src,
> but even the subdirectories weren't there. I suspect that http does
> not imply that we ftp. What communication method is this called & how
> do we use it? I send this public instead of private as I suspect that
> a lot of lurkers don't know what is going on either.

This access method uses httpd, which listens at a different port (tcp 80) on
the server than ftpd.  What this *means* is that ftp is not likely to work with
this address.  Depending upon the local setup, you may/may not be able to ftp
into this site, by way of a different site mapping, and be able to root around
for the file.

However, bear in mind (you need to hack html to grok this issue) that the above
pathname is often relative, rather than absolute.  That is, the httpd daemon
knows where to look to serve you, but may hide the absolute pathname from you,
which may really be something like:
		/var/httpd/foo/foo_files
... which may itself be symlinked elsewhere.

The upshot of this is that you need to get a web browser, like Lynx (sp? I
don't use it; line mode) or xmosaic (which I use and get along with).

Hope this starts to help.

Russell


--
Russell Earl Whitaker			    whitaker at csd.sgi.com
Silicon Graphics Inc.
Technical Assistance Center / Centre D'Assistance Technique /
  Tekunikaru Ashisutansu Sentaa
Mountain View CA     			    (415) 390-2250
================================================================
#include <std_disclaimer.h>









From paul at hawksbill.sprintmrn.com  Wed Jun 15 13:57:47 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Wed, 15 Jun 94 13:57:47 PDT
Subject: Cypherpunks' mail database does exist
In-Reply-To: <9406151335.ZM23855@dpair.csd.sgi.com>
Message-ID: <9406152200.AA17375@hawksbill.sprintmrn.com>



> 
> However, bear in mind (you need to hack html to grok this issue) that the 
> above pathname is often relative, rather than absolute.  That is, the 
> httpd daemon knows where to look to serve you, but may hide the absolute 
> pathname from you, which may really be something like:
> 		/var/httpd/foo/foo_files
> ... which may itself be symlinked elsewhere.
>


It does my heart good to hear someone use the term 'grok' -- I don't
hear many folks use that term very much anymore.   ,-)

- paul
 




From grendel at netaxs.com  Wed Jun 15 14:00:18 1994
From: grendel at netaxs.com (Michael Handler)
Date: Wed, 15 Jun 94 14:00:18 PDT
Subject: HR 3627? Success or failure?
Message-ID: <Pine.3.89.9406151607.A3682-0100000@access.netaxs.com>



	So? Did the good guys win this time, or were we just tilting at 
windmills again?

--
Michael Brandt Handler                                <grendel at netaxs.com> 
Philadelphia, PA                            PGP v2.6 public key on request






From mech at eff.org  Wed Jun 15 14:01:02 1994
From: mech at eff.org (Stanton McCandlish)
Date: Wed, 15 Jun 94 14:01:02 PDT
Subject: Rep. Brooks speaks out against export controls
In-Reply-To: <199406152019.QAA05407@eff.org>
Message-ID: <199406152055.QAA06670@eff.org>


Oops, please pardon the "DO NOT DIST" at the end of the subject line on
previous message, that does not belong there.   <blush>

Please DO distribute Rep. Brooks' statements from the Intelligence Committee.
If you'd like to give some feedback, Rep. Brooks' office can be (voice)
called at +1 202 225 6565.

-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From osten at hurricane.seas.ucla.edu  Wed Jun 15 15:04:24 1994
From: osten at hurricane.seas.ucla.edu (osten at hurricane.seas.ucla.edu)
Date: Wed, 15 Jun 94 15:04:24 PDT
Subject: Cypherpunks' mail database does exist (fwd)
Message-ID: <9406152204.AA18271@hurricane.seas.ucla.edu>


> 
> It does my heart good to hear someone use the term 'grok' -- I don't
> hear many folks use that term very much anymore.   ,-)
> 
> - paul
>  
> 
What does it mean?




From perry at imsi.com  Wed Jun 15 15:12:12 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 15 Jun 94 15:12:12 PDT
Subject: Cypherpunks' mail database does exist (fwd)
In-Reply-To: <9406152204.AA18271@hurricane.seas.ucla.edu>
Message-ID: <9406152211.AA23477@snark.imsi.com>



osten at hurricane.seas.ucla.edu says:
> > It does my heart good to hear someone use the term 'grok' -- I don't
> > hear many folks use that term very much anymore.   ,-)

> What does it mean?

Its the martian word for the verb "to drink".

.pm





From bill at kean.ucs.mun.ca  Wed Jun 15 15:53:12 1994
From: bill at kean.ucs.mun.ca (Bill Garland)
Date: Wed, 15 Jun 94 15:53:12 PDT
Subject: You know you're getting old when...
Message-ID: <00980014.A7E26E00.7581@Leif.ucs.mun.ca>


When a cypherpunk posts this:

>> It does my heart good to hear someone use the term 'grok' -- I don't
>> hear many folks use that term very much anymore.   ,-)
>> 
>> - paul

>What does it mean?

Then I guess redundancy takes on a new meaning.

	Bill Garland,
		whose .sig is
		whose .sig is





From jdwilson at gold.chem.hawaii.edu  Wed Jun 15 16:28:15 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Wed, 15 Jun 94 16:28:15 PDT
Subject: Cypherpunks' mail database does exist
In-Reply-To: <9406151953.AA03754@toad.com>
Message-ID: <Pine.3.07.9406151325.B8863-b100000@gold.chem.hawaii.edu>



On Wed, 15 Jun 1994, Gary Jeffers wrote:

> Date: Wed, 15 Jun 94 14:51:46 CDT
> From: Gary Jeffers <CCGARY at MIZZOU1.missouri.edu>
> To: cypherpunks at toad.com
> Subject: Cypherpunks' mail database does exist
> 
>    Vincent, you  state that a fully archived, indexed cypherpunks
> mailing list exists as:
> http://pmip.maricopa.edu/crypt/cypherpunks/cypherpunks.src
> Ok, so I ftp'ed to pmip.maricopa.edu & tried to get to cypherpunks.src,
> but even the subdirectories weren't there. I suspect that http does
> not imply that we ftp. What communication method is this called & how
> do we use it? I send this public instead of private as I suspect that
> a lot of lurkers don't know what is going on either.
>                                                        Yours Truly,
>                                                        Gary Jeffers


Try using Mosaic or Gopher.


-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |finger for key / Viacrypt Reseller  >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>













From sglass at netcom.com  Wed Jun 15 16:31:02 1994
From: sglass at netcom.com (Sheldon Glass)
Date: Wed, 15 Jun 94 16:31:02 PDT
Subject: C'punks mail database
Message-ID: <199406152330.QAA10304@netcom.netcom.com>


Operating System: SunOS 4.1.3
Site: netcom
X-Mailer: ELM [version 2.4 PL23]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 798       

-----BEGIN PGP SIGNED MESSAGE-----

C'punks,

I've used lynx to connect to PMIP to see the c'punx list like:
     lynx http://pmip.maricopa.edu/crypt/cypherpunks

I connect okay, but get the message that the requested URL isn't on the
server if I want to see anything but the Parent Directory selection.

Maybe this is an "under construction" effect?

Sheldon
- -- 
sheldon glass             |                        Plauger's Dogma
sglass at netcom.com         |                No program may leave its sanity
#include <std.disclaimer> |                   at the mercy of its input.
finger for PGP

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQBVAgUBLf+PA7GlKhzDiFoxAQHhyQH/bKgtyhhfWHKjXiJNpcY+9KSBnKooQsYf
t3vlKY+UdaaWzducsorPp2tTTQ0Eum/OxHDnXejGC3phHNur1oN9Zw==
=G/Th
-----END PGP SIGNATURE-----





From michael.shiplett at umich.edu  Wed Jun 15 17:04:40 1994
From: michael.shiplett at umich.edu (michael shiplett)
Date: Wed, 15 Jun 94 17:04:40 PDT
Subject: Cypherpunks' mail database does exist
In-Reply-To: <9406151953.AA03754@toad.com>
Message-ID: <199406160004.UAA15360@totalrecall.rs.itd.umich.edu>


"gj" == "Gary Jeffers" <CCGARY at MIZZOU1.missouri.edu> writes:

gj>   Vincent, you state that a fully archived, indexed cypherpunks
gj> mailing list exists as:
gj>   http://pmip.maricopa.edu/crypt/cypherpunks/cypherpunks.src

  It appears that the correct URL is
      http://pmip.maricopa.edu/crypt/cypherpunks/Cypherpunks.src which
I think is a WAIS document. Since I don't--to jump on the stranger's
bandwagon--grok WAIS, I do not know how one makes effective use of
this.  For those wanting to know more about WAIS, ftp to think.com and
look under wais/.

michael






From adam at bwh.harvard.edu  Wed Jun 15 17:20:07 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Wed, 15 Jun 94 17:20:07 PDT
Subject: Cypherpunks' mail database does exist (fwd)
In-Reply-To: <9406152204.AA18271@hurricane.seas.ucla.edu>
Message-ID: <199406160019.UAA26518@duke.bwh.harvard.edu>


You wrote:

| > It does my heart good to hear someone use the term 'grok' -- I don't
| > hear many folks use that term very much anymore.   ,-)
| > 
| > - paul
| >  
| > 
| What does it mean?

To drink. :)

	(Actually, it means to understand something fully &
completely, but the literal translation is 'to drink.'  See Robert
Hienlien's Stranger in a Strange Land for its origins.)

Adam



-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From Ben.Goren at asu.edu  Wed Jun 15 17:31:19 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Wed, 15 Jun 94 17:31:19 PDT
Subject: Encrypted databases
Message-ID: <9406160032.AA07949@Tux.Music.ASU.Edu>


In _Applied Cryptography,_ Bruce Schneier describes a method of encrypting
a database in such a way that it's easy to get individual entries but
"impossible" to get the whole database. Basically, the first field is a
hash of the individual's last name, the second is encrypted (symmentrical
algorithm) w/ that name and contains the rest of the info.

Are there any readily available implementations of this or anything
equivalent? I've a use for such, but I'm not likely to have the time to
start writing anything like that for a month or two.

Thanks,

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From Ben.Goren at asu.edu  Wed Jun 15 17:31:25 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Wed, 15 Jun 94 17:31:25 PDT
Subject: DES w/ variable S-boxes
Message-ID: <9406160032.AA07946@Tux.Music.ASU.Edu>


Are there any implementations of DES-variants that use variable S-boxes?
I've not seen any, and it seems to me that such an algorithm could be quite
strong, considering the continuing strength of DES (i.e., only the rich or
large gov'ts are likely to be able to break it today, and only by brute
force).

If not, is there likely to be enough demand that I should start coding?

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From paul at hawksbill.sprintmrn.com  Wed Jun 15 17:31:33 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Wed, 15 Jun 94 17:31:33 PDT
Subject: Cypherpunks' mail database does exist (fwd)
In-Reply-To: <9406152204.AA18271@hurricane.seas.ucla.edu>
Message-ID: <9406160133.AA20985@hawksbill.sprintmrn.com>



> 
> > 
> > It does my heart good to hear someone use the term 'grok' -- I don't
> > hear many folks use that term very much anymore.   ,-)
> > 
> > - paul
> >  
> > 
> What does it mean?
> 

You _would_ ask.   

grok  /grok/, var. /grohk/ [from the novel _Stranger_in_a_Strange_Land_,
by Robert A. Heinlein, where it is a Martian word meaning literally
'to drink' and metaphorically 'to be one with'] vt. 1. To understand,
usually in a global sense. Connotes intimate and exhaustive knowledge.
Contrast zen, similar supernal understanding as a single brief flash.
See also glark. 2. Used of programs, may connote merely sufficient
understanding. "Almost all C compilers grok the void type these days."


(From "The New Hackers Dictionary," edited by Eric Raymond, adapted
from the original Internet "jargon file")

- paul







From Ben.Goren at asu.edu  Wed Jun 15 17:37:31 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Wed, 15 Jun 94 17:37:31 PDT
Subject: Cypherpunks' mail database does exist (fwd)
Message-ID: <9406160038.AA07966@Tux.Music.ASU.Edu>


Actually, this has nothing to do with the mail database or RAH.

Just wanted to let you know that your .sig made me smile.

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From ruf at osiris.cs.uow.edu.au  Wed Jun 15 18:06:48 1994
From: ruf at osiris.cs.uow.edu.au (Justin Lister)
Date: Wed, 15 Jun 94 18:06:48 PDT
Subject: [ANSWER] NIST's ftp site
In-Reply-To: <9406151925.AA25875@bilbo.suite.com>
Message-ID: <199406160057.AA20925@osiris.cs.uow.edu.au>



> Thanks to all who responded to my question.

> The answer is:  csrc.ncsl.nist.gov

> Also, apparently, source for DES was in Appendix A of the file  
> "/pub/nistpubs/fips181.txt".  However, it was removed and replaced with  
> the following:

It wasn't/isn't the only ftp site in US that has fips181.txt available.
There are other sites that still have the information.
Besides I doubt that anyone would having problems finding sources of DES
they are all over the net (in and out of US). Clearly ITAR fails so be
happy.

[stuff deleted]

> I wonder if they'll ship to an address outside of the US or Canada?  I  
> wonder if the people who package and mail the stuff even look at it?

Why bother just find it on another site, there are plenty out there.

> Jim_Miller at suite.com

-- 
+---------------------+--------------------------------------------------+
|  ____       ___     | Justin Lister                 ruf at cs.uow.edu.au  |
| |    \\   /\ __\    |     Center for Computer Security Research        |
| | |) / \_/ / |_     | Dept. Computer Science      voice: 61-42-835-114 |
| |  _ \\   /| _/     | University of Wollongong      fax: 61-42-214-329 |
| |_/ \/ \_/ |_| (tm) |     Computer Security a utopian dream...         |
|                     |  LiNuX - the only justification for using iNTeL  |
+---------------------+--------------------------------------------------+





From roy at sendai.cybrspc.mn.org  Wed Jun 15 18:07:19 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Wed, 15 Jun 94 18:07:19 PDT
Subject: [ANSWER] NIST's ftp site
In-Reply-To: <9406151925.AA25875@bilbo.suite.com>
Message-ID: <940615.191612.2c9.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks you write:

> Thanks to all who responded to my question.
> 
> The answer is:  csrc.ncsl.nist.gov
> 
> Also, apparently, source for DES was in Appendix A of the file  
> "/pub/nistpubs/fips181.txt".  However, it was removed and replaced with  
> the following:

I have a copy of FIPS181 with Appendix A intact.  I can mail a copy if
you like.

(as an aside to the Cypherpunks list, if there's a demand, I'll make it
available on my mail server)
- -- 
Roy M. Silvernail, writing from roy at sendai.cybrspc.mn.org
        "Anything but Nixon, man... a blender.  Anything!"
                       -- National Lampoon, when they were funny

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLf+afRvikii9febJAQEVOgP8D+90S/w5qsf8KCLvlx3ryjo8VT+1mtXL
3dm3nmGBPEthnVOlka2Xgms++TeBbt4zErTXhXXQOnwykFhEDqSrG6++pWgc3BNV
RMGZi1yOpGCE+82Kp990NltUGK/5AiQmlZAerpYUPIczwgg/YwWyOQHylwXGClKE
kp3qn6mkAkQ=
=JKho
-----END PGP SIGNATURE-----






From nelson at crynwr.com  Wed Jun 15 18:37:06 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Wed, 15 Jun 94 18:37:06 PDT
Subject: Cypherpunks' mail database does exist (fwd)
In-Reply-To: <9406152204.AA18271@hurricane.seas.ucla.edu>
Message-ID: <m0qE5Uc-000I9hC@crynwr.com>


   From: osten at hurricane.seas.ucla.edu
   Date: Wed, 15 Jun 1994 15:04:09 -0800 (PDT)

   > 
   > It does my heart good to hear someone use the term 'grok' -- I don't
   > hear many folks use that term very much anymore.   ,-)
   > 
   > - paul
   >  
   > 
   What does it mean?

Hmmm...  Someone who doesn't grok ``grok''.  How interesting!

-russ <nelson at crynwr.com>      ftp.msen.com:pub/vendor/crynwr/crynwr.wav
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)    | Quakers do it in the light
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From ruf at osiris.cs.uow.edu.au  Wed Jun 15 19:23:30 1994
From: ruf at osiris.cs.uow.edu.au (Justin Lister)
Date: Wed, 15 Jun 94 19:23:30 PDT
Subject: [ANSWER] NIST's ftp site
In-Reply-To: <199406160057.AA20925@osiris.cs.uow.edu.au>
Message-ID: <199406160222.AA21898@osiris.cs.uow.edu.au>


> It wasn't/isn't the only ftp site in US that has fips181.txt available.
> There are other sites that still have the information.
> Besides I doubt that anyone would having problems finding sources of DES
> they are all over the net (in and out of US). 
> Clearly ITAR fails so be happy.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - blatant statements tend to get flamed so
I thought I should follow up a little.

What I mean is it clear that ITAR fails to stop the exporting of crypto (for
the individual). We have seen many examples when code has already found its
way outside the US, before it even becomes availiable to many machines in
the US (PGP,RSAREF,...). Also *most* algorithms developed in the US are 
documented extensively in text that is also available outside (with conference
proceedings, journals, etc), it is just a matter of writting the code.

Clearly if ITAR was to work it would require text exports to be banned as well.

>From what I see, ITAR is only slight inconvience to the non-US individual, 
whereas it is also a major thorn to US software developers that can't 
release single versions of software containing crypto, in that they have to 
have US and Rest-of-World versions, ala PGP (unless they develop the software
outside of the US ?).

-- 
+---------------------+--------------------------------------------------+
|  ____       ___     | Justin Lister                 ruf at cs.uow.edu.au  |
| |    \\   /\ __\    |     Center for Computer Security Research        |
| | |) / \_/ / |_     | Dept. Computer Science      voice: 61-42-835-114 |
| |  _ \\   /| _/     | University of Wollongong      fax: 61-42-214-329 |
| |_/ \/ \_/ |_| (tm) |     Computer Security a utopian dream...         |
|                     |  LiNuX - the only justification for using iNTeL  |
+---------------------+--------------------------------------------------+





From dichro at tartarus.uwa.edu.au  Wed Jun 15 19:25:27 1994
From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn)
Date: Wed, 15 Jun 94 19:25:27 PDT
Subject: [ANSWER] NIST's ftp site
In-Reply-To: <9406151925.AA25875@bilbo.suite.com>
Message-ID: <199406160224.KAA02976@lethe.uwa.edu.au>


> 
> 
> Thanks to all who responded to my question.
> 
> The answer is:  csrc.ncsl.nist.gov
> 
> Also, apparently, source for DES was in Appendix A of the file  
> "/pub/nistpubs/fips181.txt".  However, it was removed and replaced with  
> the following:

	Did anyone actually grab it while it was around? If it's still 
available anywhere, i'd appreciate a tip-off...

--
*       *       Mikolaj J. Habryn
                dichro at tartarus.uwa.edu.au
    *           "I'm just another sniper on the information super-highway."
                PGP Public key available by finger
    *           #include <standard-disclaimer.h>





From rfb at lehman.com  Wed Jun 15 19:32:30 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Wed, 15 Jun 94 19:32:30 PDT
Subject: DES w/ variable S-boxes
In-Reply-To: <9406160032.AA07946@Tux.Music.ASU.Edu>
Message-ID: <9406160232.AA11710@fnord.lehman.com>


    Date: Wed, 15 Jun 1994 17:32:24 -0700
    From: Ben.Goren at asu.edu

    Are there any implementations of DES-variants that use variable S-boxes?

Well, if you don't use the DES S-boxes then it isn't DES :-)

Variable boxes tend to weaken DES.  The DES S-boxes were chosen to
make differential cryptanalysis difficult.  Random S-boxes don't tend
to have this desirable property.  Use IDEA.

			Rick





From ghio at cmu.edu  Wed Jun 15 21:28:45 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Wed, 15 Jun 94 21:28:45 PDT
Subject: Remailer reorder and delay
Message-ID: <9406160427.AA11767@toad.com>


I added a reorder and delay feature to my remailer <ghio at kaiwan.com>

Here's how to use it.  Add a header Latent-Time: with the time (in HH:MM:SS
format).  You must 24 hour time, no AM/PM accepted.  The seconds are optional
and may be omitted.  Example:

> To: ghio at kaiwan.com
> Subject: Anonymous Mail
> From: punk at crypto.com
>
> ::
> Anon-To: cypherpunks at toad.com
> Latent-Time: 00:00:00
>
> This message will be sent to cypherpunks at midnite pacific daylight time.

You can also have it delayed a certain amount of time.  To do this, put a plus
before the time.  Example:

> To: ghio at kaiwan.com
> Subject: Anonymous Mail
> From: me at my.domain.com
>
> ::
> Anon-To: recipient at site
> Latent-Time: +01:30
>
> This message will be delivered one hour and thirty minutes after it is
> received by ghio at kaiwan.com.

Random reordering is possible by adding r to the time.

> To: ghio at kaiwan.com
> Subject: Hello tentacle
> From: detweiler at tmp.com
>
> ::
> Anon-To: medusa at pseudospoof.com
> Latent-Time: 18:00:00r
>
> This message will be delivered at random, but no later than 6 PM pacific
> standard time.


> To: ghio at kaiwan.com
> Subject: Exterminate PGP
> From: sternlight at netcom.com
>
> ::
> Anon-To: alt.security.pgp at nic.funet.fi
> Latent-Time: +04:00:00r
>
> This meaningless drivel will be delivered at random, sometime within the
> next four hours.


The longest delay time possible is 24 hours.  Don't expect on the minute
delivery - there are many things beyond my control which can delay mail.
"Anon-To" and "Latent-Time" do not need to go in the body of the message;
they may be placed in the headers if your mailer supports it.
Let me know if you have any questions or problems.





From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Wed Jun 15 22:01:34 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Wed, 15 Jun 94 22:01:34 PDT
Subject: WWW Acronyms (was Re: Cypherpunks' mail database does exist)
Message-ID: <771739927/vac@FURMINT.NECTAR.CS.CMU.EDU>


Gary Jeffers:
>   Vincent, you  state that a fully archived, indexed cypherpunks
>mailing list exists as:
>http://pmip.maricopa.edu/crypt/cypherpunks/cypherpunks.src
>Ok, so I ftp'ed to pmip.maricopa.edu & tried to get to cypherpunks.src,
>but even the subdirectories weren't there. 

The "http" is for "Hyper-Text Transport Protocol".  This is not FTP,
though it is a protocol similar in function to FTP.  It is used by
"WWW" (World Wide Web) of which Mosaic is the most popular
implementation.  If you have Mosaic, you can just give the above path.
If you do not have mosaic, you should spend some time trying to get it.
Mosaic makes it really easy to quickly move through lots of information
on the net.  Mosaic is a point and click hypertext interface.  You
can FTP to ftp.ncsa.uiuc.edu and go into Mosaic.

You also have a typo, it is "Cypherpunks.src" with a capital C.

WWW has a simple language for writting your own hypertext documents -
"HTML" (Hyper Text Markup Language).  You can think of this as sort of
like Troff, LaTeX or Postscript, but for hypertext documents.  One page
of HTML can make dozens of normal files easy to access. For example, my
README.html security page points to many normal files:

     ftp://furmint.nectar.cs.cmu.edu/security/README.html

It turns out that the mail database is really in "WAIS" (Wide Area
Information Server).  You can use WAIS directly, though I think it is
easier to use through mosaic.  To use WAIS you would do:

 ws -h pmip.maricopa.edu -d cpindex/Cypherpunks <keyword>

The "ws" may be "waissearch" on your system.  You can get lots of info
on WAIS from ftp://wais.think.com/comp.infosystems.wais-FAQ

As someone pointed out, this "http" method does not yet work with
"lynx" (a text only implementation of WWW) on the cypherpunks mail
database.  It seems it will take a new version of lynx or WAIS for this
to work.  But the Unix "xmosaic" works fine. :-)

This form of global filename starting with something like "ftp://",
"http://", "gopher://" etc is also part of the WWW architecture.
These names are called "URLs" for Universal Resource Locator.

Well, that is probably enough acronyms for today.  :-)

   -- Vince

PS  I only read cypherpunks once a day, some time after midnight when my
    collection for the day is done.  






From sameer at c2.org  Wed Jun 15 22:56:22 1994
From: sameer at c2.org (sameer)
Date: Wed, 15 Jun 94 22:56:22 PDT
Subject: remail@c2.org key
Message-ID: <199406160554.WAA19245@infinity.c2.org>



The previous posting of the remail at c2.org key was wrong.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6
 
mQCNAi3/6FIAAAEEANggWtLprhvPDAdv503F5vChmF5jadD16dBke2yuP5iJwt0i
X0eJC7dFoimNp03Cm7pkn5SkGr3i3hjtKLQGtneKNfdp29ELisOc9wMLiBMP46q3
Sr/9RseAt5Nnt4fW2Efi6xO8QLiMVG837gd5pEpXOqJ2FMCikEMvwOz0/VotAAUR
tCtUaGUgTkVYVVMtQmVya2VsZXkgUmVtYWlsZXIgPHJlbWFpbEBjMi5vcmc+iQCV
AgUQLf/owHi7eNFdXppdAQEctAP/aK+rTQxs5J8ev1ZtnYpGZPIEezQeC8z8kRdN
jUKF7CutVLy09izYDSdonuHFyWoHtLb1RUj5fGUFhOzwmJTMlTRzEx8i2a1bKdmQ
qPGNu2iVKIitkSSVZvz7vHXM+ZUFTSC4LGWsECukEONEeyGy+ehG3ON0vx1ATqY5
/ATzPpo=
=N0yt
-----END PGP PUBLIC KEY BLOCK-----





From rishab at dxm.ernet.in  Thu Jun 16 04:13:55 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 16 Jun 94 04:13:55 PDT
Subject: Niemoeller and remailer chaining
Message-ID: <gate.5g41Nc1w165w@dxm.ernet.in>


> From: Ezekial Palmer <vikram!an60011 at anon.penet.fi>
> Reply-To: Ezekial Palmer <vikram!na60011 at anon.penet.fi>
>
>     ----Father Niemoeller
> 
> So, why'd you "forget" the start of the quote??
> 
> Zeke
> 
> In Germany they first came for the Communists, and I didn't speak up because I
> wasn't a Communist. Then they came for the Jews, and I didn't speak up because
> I wasn't a Jew.  Then they came for the trade unionists, and I didn't speak up

Actually I didn't have a written reference, so I really _did_ forget the first
line. Though I think the quote is a appropriate for all of us, particularly in
this forum, I'll probably excise it from my .sig. I find other people's 20 line sigs
irritating, so...

PS. Why do you remail through extropia when you advertise your penet ID? Isn't
the advantage of chaining that only the final remailer is known?
-----------------------------------------------------------------------------
Rishab Aiyer Ghosh                  First they came for the communists, and I
                                         did not speak out, for I was not one
                                                      They came for the Jews,
                                    and I was silent because I was not a Jew;
rishab at dxm.ernet.in                        They came for the Trade Unionists,
                                     and I did not protest, because I did not
Voice/Fax/Data +91 11 6853410                        belong to a trade union;
Voicemail +91 11 3760335      They came for the Catholics, and I said nothing
                                                because I was not a Catholic;
H 34C Saket                                        And then they came for me.
New Delhi                            There was no one left to say anything...
INDIA                                                   ----Father Niemoeller





From rishab at dxm.ernet.in  Thu Jun 16 04:14:27 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 16 Jun 94 04:14:27 PDT
Subject: Deja vu...
Message-ID: <gate.cL51Nc1w165w@dxm.ernet.in>


> Date: Wed, 15 Jun 1994 09:53:36 +0500
> From: vikram!bchappe%sunoco at relay.nswc.navy.mil (Brett Chappell)
> >In the June 6 issue of the New Yorker is an interesting story by  
> >John Seabrook (who did the email interview with Bill Gates) about  
> >getting flamed and how violated and uspset it made him. Lots of not 
>
> [Waco in cyberspace etc]

Deja vu, anyone? Maybe Brett didn't see this and the long thread that followed
it on this list. Maybe whoever it was who posted a second copy of the latest
EFFector hadn't caught it the first time. Since I, and probably most of us, 
subscribe to EFFector, this was the _third_ copy that appeared in two days.

This sort of thing keeps happening. Now I'm not complaining ;) and would be
the last to want some centralized distribution of such material. But since
Stanton posts everything from the EFF anyway, why don't we leave it to him?
Ideally we'd have one poster for each of these publications (EFF, CPSR, 
WIRED...)

Another thing: when I archive posts or forward them elsewhere, I keep the
Subject, From, To, Cc, and Date lines in the header intact. That way, when a 
cpunk post migrates to alt.abuse.recovery, no one will repost it here.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh                  First they came for the communists, and I
                                         did not speak out, for I was not one
                                                      They came for the Jews,
                                    and I was silent because I was not a Jew;
rishab at dxm.ernet.in                        They came for the Trade Unionists,
                                     and I did not protest, because I did not
Voice/Fax/Data +91 11 6853410                        belong to a trade union;
Voicemail +91 11 3760335      They came for the Catholics, and I said nothing
                                                because I was not a Catholic;
H 34C Saket                                        And then they came for me.
New Delhi                            There was no one left to say anything...
INDIA                                                   ----Father Niemoeller





From rishab at dxm.ernet.in  Thu Jun 16 04:14:49 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 16 Jun 94 04:14:49 PDT
Subject: NIST DES source
Message-ID: <gate.1o51Nc1w165w@dxm.ernet.in>


jim at bilbo.suite.com (Jim Miller):
> I wonder if [NIST will] ship [hard copies of DES source code] to an address 
> outside of the US or Canada?  I wonder if the people who package and mail 
> the stuff even look at it?

Doesn't really matter, does it? Printed source code is available in hundreds
of places, and doesn't require a CJR for export. Schneier's _book_ never had 
trouble; just the disk.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh                  First they came for the communists, and I
                                         did not speak out, for I was not one
                                                      They came for the Jews,
                                    and I was silent because I was not a Jew;
rishab at dxm.ernet.in                        They came for the Trade Unionists,
                                     and I did not protest, because I did not
Voice/Fax/Data +91 11 6853410                        belong to a trade union;
Voicemail +91 11 3760335      They came for the Catholics, and I said nothing
                                                because I was not a Catholic;
H 34C Saket                                        And then they came for me.
New Delhi                            There was no one left to say anything...
INDIA                                                   ----Father Niemoeller





From tabe at newsdesk.hacktic.nl  Thu Jun 16 05:29:45 1994
From: tabe at newsdesk.hacktic.nl (Tabe Kooistra)
Date: Thu, 16 Jun 94 05:29:45 PDT
Subject: NYT Article about Clipper (fwd)
Message-ID: <061594041308Rnf0.78@newsdesk.hacktic.nl>


kafka at desert.hacktic.nl (3133+ |>00|>) writes:
>
>- -----BEGIN PGP SIGNATURE-----
>Version: 2.3a
>
>iQCVAgUBLe4igxVg/9j67wWxAQGV3AP7BYrXK/G1YKwwCwzgjSsMDXaDiG6s8oY9
>jCKKOGNKNX5X5EhpuzrdNDOEEjGTEvQEONZR9scc77Fx1ZSaR629QlykRIzAY3WA
>hd1mbgYcfwznY/oAPgoLkTWamMSpuyYK1fIPU/RMVh4RQypfcbUzcZDf42Ho25tI
>WL1l1isAFio=
>=aID9
>- -----END PGP SIGNATURE-----
>
>
>== kafka at desert.hacktic.nl: Cryptoanarchy, MDMA, Tekkkno, SL-1200  ==
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.5
>
>iQBVAgUBLe/1fpRymF15lPcFAQHLrwIAmu78WNJkjMfRgxECOtkcU+AhpU3wpSI/
>mkfarK1DtOBbdw9P6y3VkuO8HmIcYhU6NBVxLCVRNnS7GKH5gf3uVQ==
>=k7c1
>-----END PGP SIGNATURE-----


Very interesting (again







From frissell at panix.com  Thu Jun 16 05:49:55 1994
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 16 Jun 94 05:49:55 PDT
Subject: Cypherpunks on WWW
Message-ID: <Pine.3.87.9406160836.A8967-0100000@panix.com>


	
V.>
V.>As someone pointed out, this "http" method does not yet work with
V.>"lynx" (a text only implementation of WWW) on the cypherpunks mail
V.>database.  It seems it will take a new version of lynx or WAIS for 
V.>this
V.>to work.  But the Unix "xmosaic" works fine. :-)
V.>

I've been trying to get this to work for weeks with Mosaic for Windows 
(the latest Alpha version).  I don't get it to display as an .html 
document.  I see it as an ordinary text file just like I used to with 
Lynx.  I wonder why?

DCF 

--- WinQwk 2.0b#1165
                                                                                                    







From dfloyd at runner.utsa.edu  Thu Jun 16 07:03:43 1994
From: dfloyd at runner.utsa.edu (Douglas R. Floyd)
Date: Thu, 16 Jun 94 07:03:43 PDT
Subject: Another dumb question... proving dates
Message-ID: <9406161403.AA25202@runner.utsa.edu>



I could not find this anywhere, so I will torture you all again...

In the RSA FAQ, it states how one can set up a server to do time and date
stamping of documents, but I know of no Internet service that will
do this.

Is there a way I can send a document to some agency/server and have it
time and date stamped with their public key?

Thanks in advance,





From bchappe%sunoco at relay.nswc.navy.mil  Thu Jun 16 07:24:46 1994
From: bchappe%sunoco at relay.nswc.navy.mil (Brett Chappell)
Date: Thu, 16 Jun 94 07:24:46 PDT
Subject: Larry King show
Message-ID: <9406161424.AA01052@sillyputty.b35ita.sunoco>


Did anybody see the Larry King Live show last night (6/15)?
He had Al Gore & others on, talking about the nations future
information infrastructure. There were a few words about the
Clipper. 

Gore said something like, "There are people out there who think
that it's o.k. to do away with the FBI's ability to tap the
communications of terrorists & drug lords." He went on to
describe a future scenario where a terrorist group is able to
detonate a nuclear device in an urban area because they can
have secure communications.

The show was pretty one-sided.


Brett




From rishab at dxm.ernet.in  Thu Jun 16 08:17:38 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 16 Jun 94 08:17:38 PDT
Subject: Maricopa archive is WAIS indexed
Message-ID: <gate.Ng61Nc1w165w@dxm.ernet.in>


whitaker at dpair.csd.sgi.com (Russell Whitaker):
> On Jun 15,  2:51pm, Gary Jeffers wrote:
> > Subject: Cypherpunks' mail database does exist
> >    Vincent, you  state that a fully archived, indexed cypherpunks
> > mailing list exists as:
> > http://pmip.maricopa.edu/crypt/cypherpunks/cypherpunks.src

As Russell says, this is a web site. Actually, it isn't. The archive is not
a web, in that it isn't the ideal hypertexted dream we all have. But it does
have an extensive index, through wais. If you want to search for something
in particular, you can try (with a URL browser, like lynx/mosaic)
  wais://pmipii.dist.maricopa.edu:210/crypt/Cypherpunks.src?remailer

I forget the path, it'll show up when you try the http; the ? after the 
filename is followed by a wais search string, such as 'remailer'. You should
be able to use a wais client to access this.

I don't know how _old_ the archive is...

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Thu Jun 16 08:19:36 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 16 Jun 94 08:19:36 PDT
Subject: Where to ftp fips181.txt
Message-ID: <gate.iZg2Nc1w165w@dxm.ernet.in>


Mikolaj Habryn <dichro at tartarus.uwa.edu.au>:
Subject: Re: [ANSWER] NIST's ftp site
> Also, apparently, source for DES was in Appendix A of the file  
> "/pub/nistpubs/fips181.txt".  However, it was removed and replaced with  
> the following:
> 
>         Did anyone actually grab it while it was around? If it's still 
> available anywhere, i'd appreciate a tip-off...

ftp.eff.org/pub/EFF/Policy/Crypto/Newin/New_nist/fips181.txt

I haven't seen it but it's a 127k file dated March 6th.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Thu Jun 16 08:25:56 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 16 Jun 94 08:25:56 PDT
Subject: Cpunks mail database
Message-ID: <gate.0Ng2Nc1w165w@dxm.ernet.in>


sglass at netcom.com (Sheldon Glass):
> Subject: C'punks mail database
> I've used lynx to connect to PMIP to see the c'punx list like:
>     lynx http://pmip.maricopa.edu/crypt/cypherpunks

Thats /crypt/cypherpunks/Cypherpunks.src, and it's a WAIS searchable archive,
with what appears to be a huge index.

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From werner at mc.ab.com  Thu Jun 16 08:27:09 1994
From: werner at mc.ab.com (tim werner)
Date: Thu, 16 Jun 94 08:27:09 PDT
Subject: Larry King show
Message-ID: <199406161526.LAA29841@sparcserver.mc.ab.com>


>Date: Thu, 16 Jun 1994 10:24:33 +0500
>From: bchappe%sunoco at relay.nswc.navy.mil (Brett Chappell)
>
>Gore said something like, "There are people out there who think
>that it's o.k. to do away with the FBI's ability to tap the
>communications of terrorists & drug lords."
                                     ~~~~~

They must be moving up.  They used to be just king-pins.

tw





From harmon at tenet.edu  Thu Jun 16 08:39:08 1994
From: harmon at tenet.edu (Dan Harmon)
Date: Thu, 16 Jun 94 08:39:08 PDT
Subject: nsa museum
Message-ID: <Pine.3.89.9406161033.A3981-0100000@Joyce-Perkins.tenet.edu>


It seems that NSA now has a museum outside DC.  It even has an Enigma on 
display.  For more info seem today's Wall Street Journal.

Dan Harmon







From grendel at netaxs.com  Thu Jun 16 08:39:53 1994
From: grendel at netaxs.com (Michael Handler)
Date: Thu, 16 Jun 94 08:39:53 PDT
Subject: Time Stamp Server (Was: Re: Another dumb question... proving dates)
In-Reply-To: <9406161403.AA25202@runner.utsa.edu>
Message-ID: <Pine.3.89.9406161155.A229-0100000@access.netaxs.com>


On Thu, 16 Jun 1994, Douglas R. Floyd wrote:

> In the RSA FAQ, it states how one can set up a server to do time and date
> stamping of documents, but I know of no Internet service that will
> do this.
> 
> Is there a way I can send a document to some agency/server and have it
> time and date stamped with their public key?

	This appeared on alt.security.pgp a while ago. The server works 
quite nicely... Getting the key for the timestamp server is left as an 
exercise for the reader. ;)

----- BEGIN INCLUDED FILE: /usr/users/grendel/timestam.ser -----





From jim at bilbo.suite.com  Thu Jun 16 08:40:11 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Thu, 16 Jun 94 08:40:11 PDT
Subject: [ANSWER] NIST's ftp site
Message-ID: <9406161539.AA14340@bilbo.suite.com>



> I have a copy of FIPS181 with Appendix A intact.  I can mail a copy if
> you like.
> 


> Why bother just find it on another site, there are plenty out there.
> 


The point of my NIST ftp site question was not to find a place to get DES  
source, I know I can get DES source in lots of places.  I was just trying  
to find out if the NIST site still had FIPS-181 with DES code.  Its  
presence on a internationally accessible *US government* site would be an  
embarrassment to the anti-export camp.


> > I wonder if [NIST will] ship [hard copies of DES source
> > code] to an address outside of the US or Canada?  I wonder if
> > the people who package and mail the stuff even look at it? 

> > 

> 

> Doesn't really matter, does it? Printed source code is
> available in hundreds of places, and doesn't require a
> CJR for export. Schneier's _book_ never had trouble;
> just the disk. 

> 


I know, but I thought it would be kind of ironic if anyone could get DES  
source directly from the federal government.


Jim_Miller at suite.com





From dfloyd at runner.utsa.edu  Thu Jun 16 08:44:21 1994
From: dfloyd at runner.utsa.edu (Douglas R. Floyd)
Date: Thu, 16 Jun 94 08:44:21 PDT
Subject: Time Stamp Server (Was: Re: Another dumb question... proving dates)
Message-ID: <9406161544.AA26785@runner.utsa.edu>



> From grendel at netaxs.com Thu Jun 16 10:40 CDT 1994
> Date: Thu, 16 Jun 1994 11:38:55 -0400 (EDT)
> From: Michael Handler <grendel at netaxs.com>
> Subject: Time Stamp Server (Was: Re: Another dumb question... proving dates)
> To: "Douglas R. Floyd" <dfloyd at runner.utsa.edu>
> Cc: cypherpunks at toad.com
> Mime-Version: 1.0
> 
> On Thu, 16 Jun 1994, Douglas R. Floyd wrote:
> 
> > In the RSA FAQ, it states how one can set up a server to do time and date
> > stamping of documents, but I know of no Internet service that will
> > do this.
> > 
> > Is there a way I can send a document to some agency/server and have it
> > time and date stamped with their public key?
> 
> 	This appeared on alt.security.pgp a while ago. The server works 
> quite nicely... Getting the key for the timestamp server is left as an 
> exercise for the reader. ;)
> 
> ----- BEGIN INCLUDED FILE: /usr/users/grendel/timestam.ser -----
[Burp-o-rama]
> ----- END INCLUDED FILE -----
> 
> --
> Michael Brandt Handler                                <grendel at netaxs.com> 
> Philadelphia, PA                            PGP v2.6 public key on request
> 

Thanks for this... I could not find any information on a time stamper site.

BTW:  Would a timestamp like this stand up in US court assuming that the
lawyers were equal in their BS ratios?

(Kinda-smiley for the humor impaired ;)





From bwallet at mason1.gmu.edu  Thu Jun 16 08:52:40 1994
From: bwallet at mason1.gmu.edu (Bradley C Wallet)
Date: Thu, 16 Jun 94 08:52:40 PDT
Subject: nsa museum
In-Reply-To: <Pine.3.89.9406161033.A3981-0100000@Joyce-Perkins.tenet.edu>
Message-ID: <Pine.3.89.9406161109.A15359-0100000@mason1.gmu.edu>


> It seems that NSA now has a museum outside DC.  It even has an Enigma on 
> display.  For more info seem today's Wall Street Journal.

i haven't heard about that, but i do know that there is an Enigma on 
display in the Nation Museum of American History in the Information Age 
exhibit (an extremely cool show, and if u r in DC, i would call it a must 
c...

brad





From Ben.Goren at asu.edu  Thu Jun 16 09:09:30 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Thu, 16 Jun 94 09:09:30 PDT
Subject: DES w/ variable S-boxes
Message-ID: <9406161609.AA01225@Tux.Music.ASU.Edu>


At 10:32 PM 6/15/94 -0400, Rick Busdiecker wrote:
>    Date: Wed, 15 Jun 1994 17:32:24 -0700
>    From: Ben.Goren at asu.edu
>
>    Are there any implementations of DES-variants that use variable S-boxes?
>
>Well, if you don't use the DES S-boxes then it isn't DES :-)

Well...yeah....

>Variable boxes tend to weaken DES.  The DES S-boxes were chosen to
>make differential cryptanalysis difficult.  Random S-boxes don't tend
>to have this desirable property.

Perhaps I should clarify: not DES with randomly-chosen fixed S-boxes; I'm
well aware that those that DES uses are the best for differential
cryptanalysis.

However, as Bruce Schneier points out (p. 242), *variable* S-boxes make
differential cryptanalysis impossilbe, as such an adaptive plaintext attack
relies on knowledge of the composition of the S-boxes. If the boxes and
their contents change with both keys used and plaintext--probably with the
help of a strong RNG--then the only way such an attack could work would be
by first figuring out what causes the changes in the S-boxes; in that case,
the attack is probably already finished, by other means. Perhaps, even, the
S-boxes could change with so many chunks of text--again, variable, of
course.

Most, if not all, of the actual S-box designs used would be much weaker
than the original design of DES for differential cryptanalysis. However,
each different plaintext (and key) would use different s-boxes, so that
particular attack isn't possible.

So, I guess part of my question should be, does this open up other attacks?
Or, for that matter, am I completely wrong? And, like I said before, has
this been done?

>Use IDEA.

Certainly, until there's something better. I'm just hoping this might be,
or that I can learn more along the way.

>                        Rick

And thanks to Bill and Lyman, who also responded similarly.

b&

PS Hopefully, I'll learn to check the Cc: line more carefully in the
future. Apologies again for the noise. b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From bmorris at netcom.com  Thu Jun 16 09:19:16 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Thu, 16 Jun 94 09:19:16 PDT
Subject: AUTOPGP 2.1
Message-ID: <199406161619.JAA07573@netcom.com>


To: cypherpunks at toad.com

Anyone know a FTP site for AutoPGP 2.1?

 * RM 1.4 B0037 *
                                           





From cei at access.digex.net  Thu Jun 16 09:51:22 1994
From: cei at access.digex.net (Competitive Enterprise Institute)
Date: Thu, 16 Jun 94 09:51:22 PDT
Subject: Electronic distribution of op-eds from the Competitive Enterprise Institute!
Message-ID: <Pine.3.89.9406161224.A18731-0100000@access3.digex.net>


[Please distribute this as widely as you see fit.  Thanks.  -- Sasha Volokh]

The Competitive Enterprise Institute is pleased to announce

	the CEI list!

Established in May, the CEI list already has over 250 subscribers.  The
CEI list distributes our op-ed pieces, and perhaps other items of
interest.  To subscribe, drop a note to: 

	Alexander "Sasha" Volokh at cei at digex.com

But first, a little bit about CEI: 


		"In today's political climate of higher taxes and the
		expansion of government, the need for free market voices
		like CEI is critical to the survival of America's free
		enterprise system."
					- The Honorable Dick Armey
					  U.S. House of Representatives


Founded in March of 1984, the Competitive Enterprise Institute is 
committed to advancing the principles of free enterprise and limited 
government.  The Institute is founded on the belief that free markets and 
individual liberty best serve the public interest by providing freedom of 
choice and equal opportunity.  The Institute's articles on key policy 
issues appear regularly in major media publications such as *The Wall 
Street Journal*, *The Washington Post*, and *USA Today*.  The Institute's 
analysts also appear on international and national television programs 
such as *The MacNeil/Lehrer News Hour*, *Good Morning America*, CNN's 
*Crossfire* and *Larry King Live*.  CEI analysts can also be heard on 
numerous national and local radio shows across the country.

The Institute's policy analysts concentrate on the following issue areas:

	ECONOMIC REGULATION
	We analyze the human and economic costs of government tax and
	regulatory policies.

	ENVIRONMENTAL STUDIES
	The Institute's work emphasizes the reinstatement of private
	incentive and accountability centering on enforcement of property
	rights and targeted liability for pollution.

		Environmental Education Project
		Production and distribution of materials that examine
		environmental issues based on the latest scientific and
		economic research.

	FREE MARKET LEGAL PROGRAM
	Launched in 1986, this program seeks to carry the battle for
	economic rights into the legal arena.  Issues and cases are
	selected on the basis of their importance as policy and precedent
	and on the likelihood that the Institute can make a significant
	contribution.  Some recent activities have addressed FDA reform,
	rent control, and Corporate Average Fuel Economy standards (CAFE).

		"Death by Regulation" project
		Aimed at shifting the policy debate toward market-based
		approaches to risk management.  It attempts to do so not
		through conventional policy analysis, but by focusing on
		previously unrecognized victims of regulatory failure.  In
		particular, the project demonstrates that risk management
		by government can often have lethal effects.






From cei at access.digex.net  Thu Jun 16 09:56:17 1994
From: cei at access.digex.net (Competitive Enterprise Institute)
Date: Thu, 16 Jun 94 09:56:17 PDT
Subject: "The Virtual Hand": Free-market Internet guide
Message-ID: <Pine.3.89.9406161256.A18731-0100000@access3.digex.net>


[Please distribute this as widely as you see fit.  Thanks -- Sasha Volokh]

The Competitive Enterprise Institute is pleased to announce:

		THE VIRTUAL HAND

		CEI'S FREE-MARKET GUIDE TO THE
		INFORMATION SUPERHIGHWAY

Now, under one cover (over 50 pages!), all the Internet places of interest
to free-marketeers.  Do you want to find the complete electronic text of
"The Wealth of Nations"?  How many places can *you* list where you can
discuss the words of Ayn Rand?  (The Virtual Hand can name five.) Do you
want to know the latest in conservative or libertarian politics, or would
you rather sit around griping about gun control? 

All this -- and more! -- is available from the Competitive Enterprise 
Institute.


	TABLE OF CONTENTS
	1. Policy chatter (mainly Republican and Libertarian politics)
	2. Cultural and philosophical (Objectivism, free-market literary
	   journals, "fan" newsgroups, electronic books)
	3. Student-oriented (college groups)
	4. Single-issue forums (taxes, land rights, firearms, 
	   telecommunications policy, education, health care, feminism,
	   law, Congressional reform, kids' rights)
	5. Of local interest (statewide free-market groups)
	6. Internet addresses of free-market groups
	7. Miscellaneous
	8. Other computer systems (BBS'es)
	9. Government resources (how to get White House press releases,
	   text of legislation, Federal Register, C-SPAN schedules, etc.)


To find out how you can get your very own copy of "The Virtual Hand," 
drop a line to Alexander "Sasha" Volokh at cei at digex.com.






From jdwilson at gold.chem.hawaii.edu  Thu Jun 16 10:21:10 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Thu, 16 Jun 94 10:21:10 PDT
Subject: Unofficial Excerpt from InfoSecurity News
Message-ID: <Pine.3.07.9406160746.A10963-e100000@gold.chem.hawaii.edu>




To: Cypherpunks:

The following is unofficially extracted
from the Infosecurity News, May/June 1994.

 * Please forward this on to EFF and CPSR, *

 * but please strip out all info remaining to me *

   (I don't want to lose my subscription.  
    Know thy enemy and all that.)

Avoid Encryption Anarchy

=======================Tim:  like the title? -NS

BY DONN B. PARKER

Encryption is a powerful tool for protecting
data stored in workstations, LANs and
mainframe systems and in transit between
systems. In fact, it is so powerful that its misuse
may cause great damage to tomorrow's informa-
tion owners and users. Unfortunately, this "en-
cryption anarchy" may come very soon if work-
station and network encrYPtion is allowed to
proliferate unchecked in its present form.

What is encryption anarchy
and how might it happen in
your organization? Here are
some examples:

Hidden by voice encryp-
tion, an employee could leak
valuable information over
phone lines, without worry-
ing about wire taps or call
monitoring/recording. Also,
Privacy-Enhanced Mail is
increasing on the Internet.
But its encryption-based cer-
tificates protect individual
end-users by shielding their
activities from managers. En-
cryption technologies such as
these could reduce or elimi-
nate management control
over voice and data communi-
cations with the outside world.

Large amounts of worksta-
tion, LAN and mainframe in-
formation may be lost if it is
encrypted incorrectly, if de-
cryption fails or if encryption
keys are lost. As a result,
many users may adopt less-
secure practices. These in-
clude backing up copies of
files in cleartext or storing
encryption keys where they
can be compromised. Both
practices can result in more
exposure of information to
unauthorized parties.

Corporate deception also
could become easier. If false
information is given to audi-
tors, for example, the true
data could be hidden behind an
encryption barricade. 

In one company, an ex-execu-
tive's alleged theft of trade se-
crets only after the company
reviewed his e-mail.

The executive's actions
might never have been known
if he had encrypted his e-mail
and kept the key.
An employee could leave a
company and take copies of
valuable data. If no one else
knows the encryption
keys, the remaining en-
crypted data will be lost.

As international
companies turn to en-
cryption to protect
communications with
trading partners, sup-
pliers, contractors and
customers in different
countries, it will be-
come increasingly diffi-
cult to manage and
control the many dif-
ferent algorithms and
keys that will be used in
the organizations'
workstations, LANs
and mainframe sys-
tems. Countries'differ-
ing import/export
controls, encryption laws 
and restrictions on
data exchange will cre-
ate both operational and man
agement headaches.
Without centralized, en-
forced encryption standards,
workstations, LANs and wide-
area networks will include
varying products,technolo-
gies and key-management ap-
proaches. Today's transitory
data will be encrypted in dif-
ferent ways, as will critical 
databack-ups and archives. Years
from now, however, these files
could become unavailable if
encryption algorithms and key
changes are not carefully
tracked and controlled.

A matter of control.

These examples reveal that
encryption anarchy may occur
when the people who control
and use information are not
accountable for it or have no
jurisdiction over it, or when
people who rightfully own in-
formation lose control over it.
Encryption anarchy may also
occur through the indiscrimi-
nate use of encryption without
standardized key manage-
ment or managerial oversight.
But even the proper use of
encryption could, in
the future, create unan-
ticipated technical
problems in network
settings. For example,
LAN maintenance and
diagnosis often requires
that information be
checked for authentici-
ty and integrity. This is
done by comparing in-
formation sent with in-
formation received. If
ny a this is done in real time
on an encrypted net-
work, special testing
systems and additional
network encryption/de-
cryption operations
may be required.
Similarly, LAN
managers may have to
install special back-up
and recovery products
tabdlty as LANs become in-
creasingly encrypted. These
could add unexpected operat-
ing costs, and the additional
key management may intro-
duce new security exposures.
How can infosecurity man-
agers avoid encryption anar-
chy in the coming years? First,
make sure that information
(whether encrypted or not) re-
mains accessible to all man-
agers, boards of directors,
reg llators and auditors who
are held accountable for it or
have jurisdiction over it. No
one person should possess ex-
clusive encrypted access to an
information asset.
Encryption also should be
managed using a hierarchy of
override decryption keys cor-
responding to information
ownership and accountability
in the organization. This over-
ride hierarchy should extend
beyond the organization--
under careful control--to any
government or regulatory
body overseeing the enter-
prise The U.S. government's
Clipper escrowed-key propos-
al, although a step in that di-
rection, does not go far
enough in providing these hi-
erarchical override capabili-
ties. Encryption keys must be
escrowed in business organiza-
tions as well.

Infosecurity managers also
could avoid encryption anar-
chy by enforcing related poli-
cies and standards, choosing
technologies with assured
Iongevity and training users to
handle encryption properly.

When not to encrypt.

In some cases, encryption may
even be inadvisable. Much
business information may be
adequately protected with
commercially available data-
compression utilities, and not
full-fledged encryption. Other
information may be accessed
so often that encryption or
compression is imprac-
tical due to its cost, in-
convenience and
processing time. If in-
formation is ubiquitous,
it makes no sense to
protect it in one place
and not in another.
There also may be
valid business reasons to
not encrypt. A newspa-
per, for example, may
deliberately exchange
cleartext messages with
correspondents in a for-
eign country, to avoid
any impression that
these individuals are
spying or otherwise
working against the
country.

Even if encryption is im-
plemented and managed
properly, infosecurity man-
agers should assume that their
adversaries--industrial spies,
thieves, burglars and even kid-
nappers and murderers--
will try to obtain information
through the easiest possible
route. If they encounter en-
cryption, an easier route may
be through inside informants,
human engineering or dump-
ster diving. In fact, interviews
with more than 200 computer
criminals reveal that the most
vulnerable form of
information is spoken,
followed by printed/
dlsplayed, removable
media, and finally
information that is
communicated elec-
tronically or stored
in computers. In the
coming years, do not
overlook the many
such ways in which
information can be
compromised.

Donn B. Parker is senior
consultant for SRI inter-
national, Menlo Park, Calif. 
He can be reached at Internet ad-
dress dparker at sri.com.

Also by the author:
Which crypto to use?

Most encryption products using 
the Data Encryption Standard (DES) 
will be acceptable for
at least thc next five years. 
After that time, DES will be 
discontinued as a U.S. federal
standard and will no longer have 
the same strong due-care status 
it enjoys today. This is
because increasing computing speeds 
will make the algorithm too weak for 
some applications.
Many claim that DES and Rivest-
Shamir-Adleman (RSA) algorithms will 
remain acceptable indefinitely. 
New encryption products and technologies, 
however, probably will encour-
age a migration to new algorithms 
beyond the next five years.
For example, in spite of recent protests, 
Clipper/Skipjack, Digital Signature Algorithm
and their hardware implementations will 
see greater acceptance, but only in the U.S. govern-
ment and among government Contractors. 
Other methods, such as DES triple encryption,
will provide alternatives in commercial settings.
However, international acceptance of 
Clipper/Skipjack may take longer, due to various
countries' import export restrictions and 
U.S. control of the technology's algorithm and es-
crowed keys. The underlying purpose of this 
control is not just to facilitate court-approved
wire taps, but also to discourage criminals 
and foreign entities from using Clipper/Skipjack
technology. This control mechanism would force 
them to use other, less powerful, algorithms
and key management.

Over time, the effectiveness, change frequency 
and management of encryption keys
probably will prove more important than the 
specific algorithms chosen. New encryption
products that automate these activities and 
make them transparent to users may help
strengthen encryption management, even though
fhey may introduce more opportunities for
technical compromise.

Infosecurity managers would be wise to delay 
the use of any of these new encryption
technologies. This would allow time for products 
to fully develop and early adopters to report
their experiences.

Donn B. Parker.
dparker at sri.com










From t-vinodv at microsoft.com  Thu Jun 16 10:33:07 1994
From: t-vinodv at microsoft.com (Vinod Valloppillil)
Date: Thu, 16 Jun 94 10:33:07 PDT
Subject: I'm getting all the mail twice!
Message-ID: <9406161634.AA09169@netmail2.microsoft.com>


	For some reason, I'm getting all cypherpunks mail twice.  I'm posting 
to the general group address in case there's anyone else who might be 
getting hit twice as well.

Vinod





From willhoek at halcyon.com  Thu Jun 16 10:34:41 1994
From: willhoek at halcyon.com (Will Parker)
Date: Thu, 16 Jun 94 10:34:41 PDT
Subject: "The Virtual Hand": Free-market Internet guide
Message-ID: <199406161731.AA17434@halcyon.com>


>[Please distribute this as widely as you see fit.  Thanks -- Sasha Volokh]
>
>The Competitive Enterprise Institute is pleased to announce:
>
>                THE VIRTUAL HAND
>
>                CEI'S FREE-MARKET GUIDE TO THE
>                INFORMATION SUPERHIGHWAY
>...

Alright, who let the spammer in? I subscribe to net-resources for this
sorta crud; I don't need to see it here in cypherpunks.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Parker's Third Rule of Tech Support:
            If you can't navigate a one-level, five-item phone tree,
            you didn't need a computer anyway.
                                    willhoek at halcyon.com
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=







From t-vinodv at microsoft.com  Thu Jun 16 10:45:31 1994
From: t-vinodv at microsoft.com (Vinod Valloppillil)
Date: Thu, 16 Jun 94 10:45:31 PDT
Subject: Andy Grove on Clipper
Message-ID: <9406161647.AA09890@netmail2.microsoft.com>


	I saw Larry King Live last night on CNN and the guests were Al Gore, 
Andy Grove (CEO/Intel), Dan Sussman (? -- I think that's his name, he 
was an editor at Newsweek), and Reed Hundt from the FCC.  As can be 
expected, it was another talk show about the "Data Superhighway".  It 
got interesting on two points:

	First, Larry King asked Andy Grove what he thought Intel should do for 
the Data Superhighway and he told Larry that since Al Gore was on the 
show, he'd rather get into what he thought the Feds _shouldn't_ do and 
discussed the path towards universal access to PC's without any federal 
involvement.  Al Gore tried to get involved by arguing that the Fed's 
were originally responsible for the computer revolution b/c of the 
Apollo program.  The two hit back and forth a couple of times on the 
issue.  At this point, I was patting Andy on the back for being a non-statist.

	Then, the editor from Newsweek said that in any show about the "Data 
Superhighway" the Clipper chip had to be discussed.  He then went on to 
say (and occasionally apologizing to Gore for being blunt) how the chip 
and the whole program were "loathed" by the industry and privacy 
advocates.  Larry asked Groves what he thought about it and he went off 
talking about the govt's legitimate right to tap analog media and how 
all this chip did was to extend that right into the digital realm.  I 
was shocked.  Even worse, Al Gore supported Andy's position and then 
when Larry King got back to the editor, he backed off saying "well, I 
just heard that people in the industry didn't like it." Larry asked for 
his opinion on it as a provider of information services and he said, 
"we just report on public opinions in our magazine and don't try to 
take positions on the issues.


	Yuck.





From rishab at dxm.ernet.in  Thu Jun 16 10:53:47 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 16 Jun 94 10:53:47 PDT
Subject: Cpunks archive works with lynx
Message-ID: <gate.wkH2Nc1w165w@dxm.ernet.in>


Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU:
> As someone pointed out, this "http" method does not yet work with
> "lynx" (a text only implementation of WWW) on the cypherpunks mail
> database.  It seems it will take a new version of lynx or WAIS for this
> to work.  But the Unix "xmosaic" works fine. :-)

Though I prefer Mosaic, this one worked when I tried it with lynx. You can 
get the latest version of lynx at ftp://ftp.cc.ukans.edu/pub/lynx/
(maybe it's ftp2.cc...)


-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From tcmay at netcom.com  Thu Jun 16 10:59:03 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 16 Jun 94 10:59:03 PDT
Subject: Digital Timestamping
In-Reply-To: <9406161403.AA25202@runner.utsa.edu>
Message-ID: <199406161758.KAA14663@netcom.com>


Douglas Floyd writes:

> In the RSA FAQ, it states how one can set up a server to do time and date
> stamping of documents, but I know of no Internet service that will
> do this.
> 
> Is there a way I can send a document to some agency/server and have it
> time and date stamped with their public key?
> 
> Thanks in advance,

The canonical reference for digital timestamping is the work of Stu
Haber and Scott Stornetta, of Bellcore. Papers presented at various
Crypto conferences. 

Their work involves having the user compute a hash of the document he
wishes to be stamped and sending the hash to them, where they merge
this hash with other hashes (and all previous hashes, via a tree
system) and then they *publish* the resultant hash in a very public
and hard-to-alter forum, such as in an ad in the Sunday New York
Times.

In their parlance, such an ad is a "widely witnessed event," and
attempts to alter all or even many copies of the newspaper would be
very difficult. (In a sense, this WWE is similar to the "beacon" term
Eric Hughes used recently in connection with timed-release crypto.)

Haber and Stornetta plan some sort of commercial operation to do this,
and, last I heard, Stornetta was moving to the Bay Area (where else?)
to get it started.

This service has not yet been tested in court, so far as I know.

The MIT server is an experiment, and is probably useful for
experimenting. But it is undoubtedly even less legally significant, of
course.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From jamiel at sybase.com  Thu Jun 16 11:26:13 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Thu, 16 Jun 94 11:26:13 PDT
Subject: Andy Grove on Clipper
Message-ID: <9406161825.AA22521@ralph.sybgate.sybase.com>


At 10:41 AM 06/16/94 -0700, Vinod Valloppillil wrote:

>        Then, the editor from Newsweek said that in any show about the "Data 
>Superhighway" the Clipper chip had to be discussed.  He then went on to 
>say (and occasionally apologizing to Gore for being blunt) how the chip 
>and the whole program were "loathed" by the industry and privacy 
>advocates.  Larry asked Groves what he thought about it and he went off 
>talking about the govt's legitimate right to tap analog media and how 
>all this chip did was to extend that right into the digital realm.  I 
>was shocked.  Even worse, Al Gore supported Andy's position and then 
>when Larry King got back to the editor, he backed off saying "well, I 
>just heard that people in the industry didn't like it." Larry asked for 
>his opinion on it as a provider of information services and he said, 
>"we just report on public opinions in our magazine and don't try to 
>take positions on the issues.

That was Vic Sussman, from US News and World Report. I didn't see the
Larry King Piece, but I have talked with Sussman before. He is very
old school journalist, and was asked what he thinks 'as a provider of
information services.' He gave the partyline, 'as a provider of information
services.' When I am asked about something 'as a small magazine publisher,'
for instance (one of the few things that gets me questioned like that
:), I respond as one. No publisher is gonna let people talk about touchy
issues in an official capacity- it isn't professional and cause _tons_ of
problems for no good reason. Yes, that can be used as a lame excuse,
but there are many times it isn't. 

Grove, on the other hand, has no place making statements like that,
unless Intel has a political science wing I haven't heard of.

>        Yuck.

I do agree with you on this.
:)
-j






From tcmay at netcom.com  Thu Jun 16 11:30:02 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 16 Jun 94 11:30:02 PDT
Subject: I'm getting all the mail twice!
In-Reply-To: <9406161634.AA09169@netmail2.microsoft.com>
Message-ID: <199406161829.LAA19250@netcom.com>


> 
> 	For some reason, I'm getting all cypherpunks mail twice.  I'm posting 
> to the general group address in case there's anyone else who might be 
> getting hit twice as well.
> 
> Vinod

And I'm answering in public for the same reason. (I'm also seeing a
delay in getting mail, at NaughtCom, so I apologize if others have
already answered this.)

Eric Hughes described this scenario a few days ago: you may be
subscribed twice to the Cypherpunks list if you manually subbed and
then were also subbed when the old sub list was restored, and you used
two different addresses.

Vinod should see if the duplicate messages are being sent to two
different addresses, etc. The unsub via majordomo from the one he
doesn't want to see.

If this is not the case, then my explanation here is not the right
one.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From m5 at vail.tivoli.com  Thu Jun 16 11:52:14 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Thu, 16 Jun 94 11:52:14 PDT
Subject: Andy Grove on Clipper
In-Reply-To: <9406161825.AA22521@ralph.sybgate.sybase.com>
Message-ID: <9406161852.AA03084@vail.tivoli.com>



Jamie Lawrence writes:
 > Grove, on the other hand, has no place making statements like that,
 > unless Intel has a political science wing I haven't heard of.

My recollections from a brief stint with Intel in the early 80's is
that the company is quite conservative, and that Mr. Grove's personal
outlook is largely responsible.  Before I get torched, I hasten to
point out that "conservative" does not of course necessarily imply
"Clipper supporter"; there are certain statist philosophies that do so
imply, however, and some of those can be lumped into the category
"conservative".

I could be way wrong.  Perhaps Mr. May could add more.  It is
distressing (though not surprising) to know that there are individuals
in positions of power in cyberspace-related industries who hold
opinions antithetical to "ours".

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From Ben.Goren at asu.edu  Thu Jun 16 12:21:09 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Thu, 16 Jun 94 12:21:09 PDT
Subject: Unofficial Excerpt from InfoSecurity News
Message-ID: <9406161906.AA03059@Tux.Music.ASU.Edu>


>[. . .]
>The underlying purpose of this
>control is not just to facilitate court-approved
>wire taps, but also to discourage criminals
>and foreign entities from using Clipper/Skipjack
>technology. This control mechanism would force
>them to use other, less powerful, algorithms
>and key management.
>[. . . .]
>Donn B. Parker.
>dparker at sri.com

How can he breathe when his head is so far in the sand?

I've not seen one shred of evidence that Skipjack is strong--Ms. Denning's
statements are not evidence--and there're plenty of indications that triple
DES and IDEA are both unbreakable for the near future, at least.

That's an awfully arrogant position for code that's already leaking before
widespread dissemination (LEAF attack), let alone real analysis.

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From jgostin at eternal.pha.pa.us  Thu Jun 16 12:50:59 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Thu, 16 Jun 94 12:50:59 PDT
Subject: (None)
Message-ID: <940616143858T5Gjgostin@eternal.pha.pa.us>


paul at hawksbill.sprintmrn.com (Paul Ferguson) writes:

> It does my heart good to hear someone use the term 'grok' -- I don't
> hear many folks use that term very much anymore.   ,-)
     I'll admit, I first ran into this term about 6 months ago, straight
from the "source". Since then, I've been using it rather frequently.
Sometimes, it's the only word that'll fit, y'know? :-)

                                        --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From jgostin at eternal.pha.pa.us  Thu Jun 16 12:51:26 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Thu, 16 Jun 94 12:51:26 PDT
Subject: (None)
Message-ID: <940616145000R3bjgostin@eternal.pha.pa.us>


osten at hurricane.seas.ucla.edu writes:

>> It does my heart good to hear someone use the term 'grok' -- I don't
>> hear many folks use that term very much anymore.   ,-)
> What does it mean?
     Well, it comes from the book Stranger In A Strange Land. It's a
martian word that implies an understanding of something. The main
character was right when he said that there is no human word for it.

     At the risk of starting a whole philosophical debate, here goes the
longer version:

     When you Grok something, you understand its purpose and existance
instinctually, spiritually, and intellectually. It's not something you can
explain concretely, it's just something who's concept is so thoroughly
understandable as to be outside the realms of that which is explanable. A
good example is this: A child groks that his parents will take care of
him, and that they will protect him and keep him safe.  He couldn't
explain to you why he feels that way. He just groks the meaning of the
relationship. That, IMHO, is GROK. It's an understanding that lies so
deeply within you that it is inseperable from your state of being.


                                        --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From ghio at cmu.edu  Thu Jun 16 13:16:25 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Thu, 16 Jun 94 13:16:25 PDT
Subject: DES w/ variable S-boxes
Message-ID: <9406162014.AA25892@toad.com>


Ben.Goren at asu.edu wrote:

| However, as Bruce Schneier points out (p. 242), *variable* S-boxes make     |
| differential cryptanalysis impossilbe, as such an adaptive plaintext attack |
| relies on knowledge of the composition of the S-boxes. If the boxes and     |
| their contents change with both keys used and plaintext--probably with the  |
| help of a strong RNG--then the only way such an attack could work would be  |
| by first figuring out what causes the changes in the S-boxes; in that case, |
| the attack is probably already finished, by other means. Perhaps, even, the |
| S-boxes could change with so many chunks of text--again, variable, of       |
| course.                                                                     |

You should take a look at Michael Paul Johnson's Diamond Encryption Algorithm.
It uses variable S-boxes as you describe.  Source code and documentation is
availiable on ftp csn.org.  /pub/mpj/...





From markh at wimsey.com  Thu Jun 16 13:19:07 1994
From: markh at wimsey.com (Mark C. Henderson)
Date: Thu, 16 Jun 94 13:19:07 PDT
Subject: [ANSWER] NIST's ftp site
In-Reply-To: <9406151925.AA25875@bilbo.suite.com>
Message-ID: <m0qE3Y6-0000GVc@vanbc.wimsey.com>


> Thanks to all who responded to my question.
> 
> The answer is:  csrc.ncsl.nist.gov
> 
> Also, apparently, source for DES was in Appendix A of the file  
> "/pub/nistpubs/fips181.txt".  However, it was removed and replaced with  
> the following:
>... 

-----BEGIN PGP SIGNED MESSAGE-----

If you are in the U.S. or Canada you can get the unexpurgated version
from ftp.wimsey.bc.ca:

/pub/crypto//software/dist/US_or_Canada_only_XXXXXXXX/FIPS181/

- -rw-r--r--   1 markh    user       28214 Mar 01 14:23 fips181.txt.gz
- -rw-r--r--   1 markh    user       28184 Apr 14 14:40 word.c.gz

get the following two files.

word.c is a version that actually compiles. The original code in 
FIPS 181 needed a few cosmetic changes to actually compile correctly.

(usual mechanism with the XXXXXXXX, cd /pub/crypto/software and get
the file README. If you agree to the terms, follow the instructions)

Mark

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQBVAgUBLf+CDmrJdmD9QWqxAQFafQH/dcemKhwZwNbPprQ+MGRr5omo9yBrvdR3
gZR7Hczy7L1JYBH+OdoDDgvEbNs8o3e99dpaE5v61pUJT2VVRa00jg==
=iXvu
-----END PGP SIGNATURE-----




From nobody at shell.portal.com  Thu Jun 16 14:09:50 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Thu, 16 Jun 94 14:09:50 PDT
Subject: Jus Curious
Message-ID: <199406162110.OAA20068@jobe.shell.portal.com>


Pardon me--

  So ViaCrypt sells PGP for $98.00 big ones huh, how much of that does 
Philip get??





From mpd at netcom.com  Thu Jun 16 14:20:58 1994
From: mpd at netcom.com (Mike Duvos)
Date: Thu, 16 Jun 94 14:20:58 PDT
Subject: Did anyone see...
Message-ID: <199406162120.OAA04627@netcom.com>


I was reading Usenet this morning before breakfast and came
across a very interesting series of messages to the effect that a
polynomial exists which generates exactly the prime numbers as
its set of positive values.

Such polynomials exist, the article argued, not only for the
property of primeness but for any computable property on the
natural numbers and stem from some deep result involving the
Riemann Zeta function and Hilbert's 10th problem.

I wanted to save this thread but now I can't find it again.  If
someone else read the same thread, could they drop me some Email
with the subject of the thread and the name of the newsgroup.

Thanks.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From Ben.Goren at asu.edu  Thu Jun 16 14:46:08 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Thu, 16 Jun 94 14:46:08 PDT
Subject: DES w/ variable S-boxes
Message-ID: <9406162142.AA04008@Tux.Music.ASU.Edu>


At  1:13 PM 6/16/94 -0700, Matthew Ghio wrote:
>You should take a look at Michael Paul Johnson's Diamond Encryption Algorithm.
>It uses variable S-boxes as you describe.  Source code and documentation is
>availiable on ftp csn.org.  /pub/mpj/...

Thanks for the info. For those who wish to look, the actual path is now:

ftp.csn.net:/mpj/I_will_not_export/crypto_???????/mpj/dlock.tar.gz.

Note that you'll have to read the file /mpj/README.MPJ to find the real
name of the "crypto_???????" part.

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From karn at qualcomm.com  Thu Jun 16 16:27:08 1994
From: karn at qualcomm.com (Phil Karn)
Date: Thu, 16 Jun 94 16:27:08 PDT
Subject: The Crypto Home Shopping Network
In-Reply-To: <9406131825.AA14353@srlr14.sr.hp.com>
Message-ID: <199406162326.QAA21079@servo.qualcomm.com>


>By "allow", I'm assuming that you mean "allow for export".

Technically, yes.

>Or, are you saying that they won't allow strong crypto in *domestic*
>next-generation cellular phones?

De facto, if not de jure. As has been the case for several years, the
NSA publicly maintains that it is not interested in controlling the
domestic use of strong cryptography. But the standards committee that
controls this stuff (the TIA TR45.0.A "Ad Hoc Authentication Group")
is made up largely of the technically incompetent and/or "spook
wannabees" sympathetic to the government.  With a single exception,
the members all represent cellular vendors and carriers, not end
users. The single exception is a NSA R&D employee legitimately
representing the US government as a potential end user of digital
cellular.

>What forms have the "incentives" or "disincentives" taken?

It is clear that without a strong, organized demand by the US public
as a whole for meaningful cell phone privacy, the cellular industry
has no real incentive to provide it. NSA only had to suggest very
quietly that the lack of meaningful cryptographic privacy would make
it much easier to export digital cellular technology, and the industry
quickly got the hint. After all, they were really only concerned about
cellular fraud in the first place (hence the use of "authentication"
in the group name) and they'll care about end-user privacy only if it
hits them in the bottom line. So far it hasn't.

Indeed, we're now starting to see protests and demands for real
privacy from some of our potential non-US customers; how we could ever
meet it under the ITARs is a good question.

Phil











From pgf at srl.cacs.usl.edu  Thu Jun 16 16:51:39 1994
From: pgf at srl.cacs.usl.edu (Phil G. Fraering)
Date: Thu, 16 Jun 94 16:51:39 PDT
Subject: Digital timestamping...
Message-ID: <199406162351.AA14452@srl03.cacs.usl.edu>



Just checking, Tim, but you said earlier that Bellcore currently
holds the patent rights to the setup described by Haber and Stornetta,
I think in email, right?

(Please note: I'm not currently trying to say anything about software patents
or the like; just checking some factual data that might be useful to the
list).

Phil





From mpd at netcom.com  Thu Jun 16 17:53:33 1994
From: mpd at netcom.com (Mike Duvos)
Date: Thu, 16 Jun 94 17:53:33 PDT
Subject: Did anyone see...
In-Reply-To: <Pine.3.89.9406161705.C27205-0100000@Joyce-Perkins.tenet.edu>
Message-ID: <199406170053.RAA21246@netcom.com>


Dan Harmon <harmon at tenet.edu> writes:

 > If you find out anything would you please post it to the
 > list?  This is very curious.

D.C. Williams remembered the thread and Emailed me a copy.
(Thanks D.C.) It was in alt.security.pgp which is why I couldn't
find it.  I was looking in sci.math for something with the word
"prime" in the title. :)

I quote the interesting sections below.

Nick Gilling begins by asking:

 > Is there a formula for calculating primes?

Gareth McCaughan responds:

 > Well... yes, actually, but not a useful one.

 > For instance: "Wilson's theorem" says that if p is prime
 > then (p-1)! is congruent to -1, modulo p. And you can check
 > that if p isn't prime then (p-1)! is congruent to 0 modulo p
 > (i.e., is a multiple of p).

 > So, writing [x] for "integer part of x", ((p-1)! -
 > [(p-1)!/p].p)/(p-1) is 1 if p is prime and 0 if p is
 > composite. So summing this thing will give you a formula for
 > the number of primes <= any given number; and I'm sure
 > there's a "formulaic" way to invert this to give you the
 > n'th prime for any n.

 > Alternatively, there is a polynomial of degree
 > something-very-large in about 26 variables with the
 > property that when you plug integers into it you get either
 > a negative number or a prime; and every prime arises as some
 > value of it. (In fact, for any computable property of
 > positive integers, there is a polynomial in lots of
 > variables such that the values it takes are {some load of
 > negative numbers} together with {positive integers with the
 > required property}. This is a Deep Theorem.)

 > Alternatively, I suspect there is some sort of thing
 > involving contour integrals and the Riemann zeta function.

James Kilfiger then expands:

 > Actually it a little more interesting than this. First a
 > disclaimer, I'm writing from memory and may be wrong on
 > details If you want to see more a truly wonderful book is
 > "The Little book of BIG primes" By Riemboiem (I've spelt
 > this wrong) published by Springer-Verlag.

 > This book as a section on prime number formulae, There is a
 > famous class of polynomials {P(x)}, tend to be large (the
 > classic one has 26 variables and has degree 25) With the
 > exellent property of {all positive values taken by
 > P(x)}={all positive primes}. The existance of such
 > polynomials is gaurrenteed by results stemming from
 > Hilbert's 10th. Also There is a number \theta with
 > 3^\theta^n (or some similar formula, remeber I'm quoting
 > from memory) being prime for all values of n, unfortuantly
 > we can't calculate \theta, but its quite small. (if somebody
 > can correct me on the formula I'd be grateful)

Gareth McCaughan then cites the following reference:

 > By an amusing coincidence, when I went into our
 > departmental library to look for a reference, there on the
 > "new accessions" shelf was a book all about Hilbert's tenth
 > problem. So, here's a reference.

 > Matiyasevich, Yuri V. "Hilbert's 10th Problem" (MIT Press,
 > 1993; in their "Foundations of Computing" series) section
 > 3.4, at end.

 > For those who are wondering how on earth it's done, here's
 > a *very* brief sketch. In everything that follows
 > polynomials have integer coefficients, and variables range
 > over non-negative integers, which I shall call "natural
 > numbers".

 > Observation number 1: Suppose we have a set A of natural
 > numbers, and a polynomial P such that: there exist
 > x1,x2,..,xm with P(a,x1,..,xm)=0 iff a is in A. Then there
 > is a polynomial Q such that the natural number values of
 > Q(x0,..,xm) are just the elements of A. PROOF: put
 > Q(x0,..,xm) = (x0+1)(1-P(x0,..,xm)^2)-1 and notice that if P
 > isn't zero there, we get something negative, and if P is
 > zero we get x0.

 > Difficult Theorem number 1: There is a polynomial E such
 > that there exist x1,x2,..,xm with E(a,b,c,x1,..,xm)=0 if and
 > only if a^b=c.

 > Observation number 2: So it's enough to find an
 > "exponential polynomial" (i.e., we allow variables as
 > exponents) such that there exist x1,..,xm with
 > P(a,x1,..,xm)=0 if and only if a is prime.

 > Difficult Theorem number 2: We can "do" the operations
 > "factorial" and "greatest common divisor" with exponential
 > polynomials.

 > Easier Theorem: p is prime iff the greatest common divisor
 > of p and (p-1)! is 1. (See a posting I made earlier in this
 > thread.)

 > Conclusion: We can "do" primality with an exponential
 > polynomial, and hence with a normal polynomial.

 > Annoying Fact: The numbers do get *very* large. I do not
 > recommend trying to generate primes with this method. I
 > haven't done the calculations, but I suspect that getting
 > the prime 5 might require more computing resources than you
 > have available.

 > More details are in Matiyasevich's book. (Matiyasevich did
 > a large fraction of the work required to prove all this and
 > much more. He knows what he is talking about.)

Victor S. Miller, [who I suspect is the same Victor S. Miller I
knew at UMass Boston many years ago], published a nifty little
paper in the mid 1980's on the computation of the function Pi(n)
which gives the Nth prime as a function of N.  He had a table
giving the (10^N)th prime for n={3,6,9,12,15,18,...} which was
quite impressive.  Calculating the correct value for the
zillionth prime directly is a cute bit of mathematics.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From tcmay at netcom.com  Thu Jun 16 18:00:10 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Thu, 16 Jun 94 18:00:10 PDT
Subject: Andy Grove on Clipper
In-Reply-To: <9406161852.AA03084@vail.tivoli.com>
Message-ID: <199406170059.RAA17223@netcom2.netcom.com>


Mike McNally wrote:

> Jamie Lawrence writes:
>  > Grove, on the other hand, has no place making statements like that,
>  > unless Intel has a political science wing I haven't heard of.
> 
> My recollections from a brief stint with Intel in the early 80's is
> that the company is quite conservative, and that Mr. Grove's personal
> outlook is largely responsible.  Before I get torched, I hasten to
> point out that "conservative" does not of course necessarily imply
> "Clipper supporter"; there are certain statist philosophies that do so
> imply, however, and some of those can be lumped into the category
> "conservative".
> 
> I could be way wrong.  Perhaps Mr. May could add more.  It is
> distressing (though not surprising) to know that there are individuals
> in positions of power in cyberspace-related industries who hold
> opinions antithetical to "ours".
 
Caveats: I knew Grove moderately well when I was at Intel. I didn't
see the CNN episode mentioned here. 

Yes, Grove is probably a conservative--he's at least a Republican
(supported Bush). However, such terms are misleading. Clipper comes
out of a "liberal" administration, not Reagan/Bush (though it no doubt
started there...).
     
Support or non-support for the crypto issue is complicated. Many of
those being asked what they think have not given the issue much deep
thought, and the phrasing of questions is key. 

What is more accurate to say is that the "power structure" in general
is, as it usually is, worried by loss of its power and its ability to
instill fear, uncertainty, and doubt. Whether it's claims of         
terrorism, child pornographers, or tax evaders, the national security
state will push for any and all laws that preserve and enhance its
power.                                                              
                                                                        
I expect nothing from politicians, nor from corporate executives asked
to comment on public policy. Would we expect them to endorse crypto
anarchy? Tools that undermine their own corporate cultures?  Doesn't
mean they're "right," to the extent "right" and "wrong" has anything
to do with things. (I've written extensively about this, and won't
here.)
  
As for Grove, he escaped from Hungary as a teenager, excelled in
school (incl. CUNY, Berkeley), became the leading MOS researcher
(making MOS stable was a very big deal in the mid-60s and enabled
Intel to begin its course to the top of the heap in ICs). He's
personally liberal in a lot of areas, fiscally conservative, and
things like crypto are complicated issues.

The debate is being presented--cf. the recent articles and comments
by Denning, Parker, Gore, etc.--as an issue of keeping "fortress-like"
crypto out of the hands of criminals and terrorists. This even while
Clipper advocates cheerfully admit it won't cause criminals and such
to use Clipper! Anyway, when the debate is couched this way, I'm not
at all surprised that folks like Grove would adopt the party line.

I never have thought we can win the hearts and minds of voteres. Too
many of them have shown a demonstrated willingness to use the State to
steal my property, to invade my home, to tell me I have to have some
permission slip to do something, etc. I don't have  time to elaborate
on this point here, but what strong crypto allows is and end-run
around democracy. And that's why many of us support strong crypto.


--Tim May
  


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From schneier at chinet.chinet.com  Thu Jun 16 18:56:27 1994
From: schneier at chinet.chinet.com (Bruce Schneier)
Date: Thu, 16 Jun 94 18:56:27 PDT
Subject: no subject (file transmission)
Message-ID: <m0qESRh-0006QaC@chinet>


                  APPLIED CRYPTOGRAPHY

                         ERRATA
              Version 1.5.9 - June 15, 1994


This errata includes all errors I have found in the book,
including minor spelling and grammatical errors.  Please
distribute this errata sheet to anyone else who owns a copy of
the book.


Page xvii:  Third paragraph, first line:  "Part IV" should be
"Part III".

Page xviii:  "Xuija" should be "Xuejia".  "Mark Markowitz" should
be "Mike Markowitz".

Page 1:  First paragraph, fourth line:  "receiver cannot
intercept" should be "intermediary cannot intercept".

*****Page 2:  Third line:  "Outside the historical chapter"
should be "Outside the Classical Cryptography chapter".

*****Page 3:  Figure 1.2:  "with key" should be "with one key".

*****Page 4:  Eleventh line:  Delete the sentence which begins: 
"In instances where...."

*****Page 5:  "Chosen-plaintext attack":  "but they also choose
the encrypted plaintext" should be "but they choose the
plaintexts to encrypt".

Page 6:  Sixth and seventh lines:  "against symmetric" should be
"against a symmetric".

Page 8:  Second paragraph, first line:  "q code" should be "a
code".

Page 10:  Second paragraph, fifth line:  Reference "[744]" should
be "[774]".

Page 11:  Second paragraph:  "The rotations of the rotors are a
Caesar Cipher" should be "Each rotor is an arbitrary permutation
of the alphabet".

*****Page 13:  Third paragraph:  Delete parenthetical remark. 
Fourth paragraph, second line:  "the key against" should be "the
ciphertext against".  Fifth paragraph:  "Shift the key" should be
"shift the ciphertext".  And:  "with text XORed with itself"
should be "with the plaintext XORed with itself shifted by the
key length."

*****Page 14:  Third line:  "to be any possible" should be "to
correspond to any possible".

Page 15:  Section 1.3, first line:  "Throughout this book use"
should be "Throughout this book I use".

*****Page 22:  Step (4): "gives the title" should be "gives the
title and keys".

Page 25:  "Attacks Against Protocols," first paragraph:  "the
protocol iself" should be "the protocol itself".

*****Page 27:  "One-Way Functions," second paragraph:  "millions
of years to compute this function" should be "millions of years
to compute the reverse function."  Fourth paragraph: "For
example, x^2" should be "For example, in a finite field x^2."

Page 28:  Third paragraph, third and fourth sentences should be
"How to put mail in a mailbox is public knowledge.  How to open
the mailbox is not public knowledge."

Page 29:  Third paragraph:  "If you only want" should be "If you
want only".

Page 30:  Fourth line:  "symmetric cryptosystems: by distributing
the key" should be "symmetric cryptosystems: distributing the
key".

*****Page 30:  "Attacks Against Public Key Cryptography," first
sentence:  "In all these public-key digital signature protocols"
should be "In all these public-key protocols".  Second
paragraph:  "The obvious way to exchange" should be "The obvious
way to get".  And: "The database also has to be protected from
access by anyone" should be "The database also has to be
protected from write access by anyone".  Last paragraph:
"substitute a key of his choosing for Alice's" should be
"substitute a key of his own choosing for Bob's".

Page 30:  Last line:  "substitute that key for his own public
key" should be "substitute his own key for that public key".

Page 32:  Ninth line:  Delete the word "encrypted".

Page 34:  "Signing Documents with..."  First sentence:  "too
inefficient to encrypt long documents" should be "too inefficient
to sign long documents".

*****Page 35:  Step (4), second sentence should be:  "He then,
using the digital signature algorithm, verifies the signed hash
with Alice's public key."

Page 36:  Second line:  "document encrypted with" should be
"document signed with".  "Multiple Signatures," step (4):  "Alice
or Bob sends" should be "Alice sends".

Page 38:  Fifth paragraph:  "V_X = E_X and that S_X = D_X" should
be "V_X = E_X and S_X = D_X".

Page 40:  Third line:  "computer can exist" should be "computer
can be".  Second paragraph:  Delete "should be runs of zeros and
the other half should be runs of ones; half the runs".  At the
end of the sentence, add "The distribution of run lengths for
zeros and ones should be the same."

*****Page 41:  Second paragraph:  At the end of the paragraph,
add:  "Cryptographically secure pseudo-random sequence generators
can only be compressed if you know the secret."  Last paragraph
should be: "The output of a generator satisfying these three
properties will be good enough for a one-time pad, key
generation, and any other cryptographic features that require a
truly random sequence generator."

Page 44:  Ninth line: "for Alice's" should be "for Bob's".

*****Page 46:  "Key and Message Transmission":  Second steps (1)
and (2) should be (5) and (6).

*****Page 49:  Second line:  "the user" should be "Alice".  First
protocol, steps (1) and (3):  "secret key" should be "private
key".

Page 50:  First step (3):  "With Alice's public key" should be
"with "Alice's" public key."

Page 51:  Step 5:  "with what he received from Bob" should be
"with what he received from Alice".

Page 55:  First step (2):  At the end of the step, add:  "He
sends both encrypted messages to Alice."

Page 58:  Last line: "Alice, Bob, and Carol" should be "Alice,
Bob, Carol, and Dave".

*****Page 59:  First line: "Alice, Bob, and Carol" should be
"Alice, Bob, Carol, and Dave".  Second paragraph:  "All Alice,
Bob, and Dave, combined, know" should be "All Alice, Bob, and
Dave, each, know".

*****Page 63:  Tenth line:  "signed timestamp" should be "signed
timestamped hash".  Step (3) is actually part of step (2), and
step (4) should be step (3).

*****Page 66:  Second line from bottom:  "identity" should be
"content".

Page 69:  Last line:  "tried to recover her private key" should
be "tries to recover Alice's private key".

*****Page 72:  The second set of steps (1) and (2) should be step
(3) and step (4)

*****Page 73:  "Bit Commitment Using One-Way Functions":  The
general class of one-way functions is suitable for this protocol,
not only one-way hash functions.  Last paragraph:  Second and
third sentences should be "Alice cannot cheat and find another
message (R_1,R_2',b'), such that H(R_1,R_2',b') = H(R_1,R_2,b). 
If Alice didn't send Bob R_1, then she could change the value of
both R_1 and R_2 and then the value of the bit."

Page 75:  First paragraph after quotation:  "over modem" should
be "over a modem".

Page 76:  First paragraph of text, third sentence: "Additionally,
f(x) must produce even and odd numbers with equal probability"
should be "Additionally, Alice should ensure that the random
number x takes even and odd values with equal probability". 
Fifth sentence: " For example, if f(x) produces even numbers 70%
of the time" should be "For example, if x takes even values 75%
of the time".

*****Page 77:  "Flipping Coins into a Well," first line: 
"neither party learns the result" should be "Alice and Bob don't
learn the result".  Third line:  parenthetical remark should be: 
"Alice in the first two protocls and Bob in the last one".

Page 78:  Step (1):  "Alice, Bob, and Carol all generate" should
be "Alice, Bob, and Carol each generate".

Page 80:  Second paragraph, second sentence.  It should read: "A
general n-player poker protocol that eliminates the problem of
information leakage was developed in [228]."

*****Page 81:  Last sentence:  delete it.

*****Page 83:  Fourth line:  "five" should be "n", twice.  Step
(2):  "This message must" should be "These messages must". 
Second sentence after protocol:  "Neither the KDC" should be
"Before this surerendering, neither the KDC".

*****Page 87:  Second sentence after protocol:  "so that Bob"
should be "so that Victor".  "Hamilton Cycles":  "Alice" should
be "Peggy".

*****Page 88:  "Graph Isomorphism", second sentence:  "Peggy
knows that two graphs, G_1 and G_2, are isomorphic" should be
"Peggy knows the isomorphism between two graphs, G_1 and G_2."

Page 90:  Last paragraph:  "step (3)" should be "step (4)".

Page 91:  Second line:  "step (3)" should be "step (4)".

Page 93:  "Blind Signatures," first line:  "An essential in all"
should be "An essential feature of all".

Page 98:  First paragraph after protocol, fourth line:  "to
determine the DES key with the other encrypted message" should be
"to determine the DES key that the other encrypted message was
encrypted in."

Page 115:  "Protocol #2," third paragraph:  "together determine
if f(a,b)" should be "together determine f(a,b)".

*****Page 121:  Second paragraph: Delete the colon in the third
line.  Step (11), sixth line:  "a diferent identity string"
should be "a different selector string".

Page 131:  Fifth paragraph:  "each capable of checking 265
million keys" should be "each capable of checking 256 million
keys".

Page 133:  Table 7.2:  Third number in third column, "1.2308"
should be "0.2308".

Page 134:  Table 7.3:  "1027" should be "10^27".

*****Page 135:  table 7.4:  "Cost-per-Period of Breaking a 56-bit
Key" should be "Cost-per-Period of Breaking a Given Length Key".

Page 139:  Indented paragraph:  "could break the system" should
be "could break the system within one year".

Page 141:  "Reduced Keyspaces," last sentence:  "don't expect
your keys to stand up" should be "don't expect short keys to
stand up".

Page 148:  Eighth line:  "2^24" should be "2^32".

Page 156:  Second paragraph:  "blocks 5 through 10" should be
"blocks 5 through 12".

Page 157:  Figure 8.2:  "IO" should be "IV".

Page 158:  Fifth line:  "P_i" and "D_K" should be in italics.

Page 159:  Figure 8.3:  "IO" should be "IV".

Page 161:  Figure 8.5:  "Decrypt" should be "Encrypt".

Page 162:  Figure 8.6:  "Encipherment" diagram: Input should be
"p_i" instead of "b_i", and output should be "c_i" instead of
"p_i".  "Decipherment" diagram:  "Decrypt" should be "Encrypt".

Page 164:  Figure 8.7:  "IO" should be "IV".

Page 165:  Last equation:  There should be a "(P)" at the end of
that equation.

Page 167:  Second paragraph, last line:  "2^(2n-4)" should be
"2^(2n-14)".

Page 168:  Figure 8.8:  This figure is wrong.  The encryption
blocks in the second row should be off-centered from the
encryption blocks in the first and third row by half a block
length.  The pads are half a block length.

Page 174:  Middle of page:  Equations should be:
   k_2 = c'_2 XOR p', and then p_2 = c_2 XOR k_2
   k_3 = c'_3 XOR p_2, and then p_3 = c_3 XOR k_3
   k_4 = c'_4 XOR p_3, and then p_4 = c_4 XOR k_4

Page 175:  Last paragraph, second line:  "acting as the output
function" should be "acting as the next-state function".

Page 177:  Diffie's quote, second to last line:  "proposal to
built" should be "proposal to build".

Page 178:  Figure 8.20:  In "Node 2", the subscripts should be
"D_2" and "E_3".

Page 190:  Fourth paragraph, last line:  "to determine M" should
be "to determine P".

Page 191:  First paragraph:  "3.5" should be "6.8" in fourth
line.  "0.56" should be "0.15".  "EBCDIC (Extended Binary-Coded
Decimal Interchange Code)" should be "BAUDOT".  "0.30" should be
"0.76".  "0.70" should be "0.24".

Page 193:  Second sentence:  "but does guarantee security if it's
high" should be "but does not guarantee security if it's high."

Page 197:  Second paragraph, second sentence:  "it has never been
proven that P = NP" should be "it has never been proven that P =
NP or that P <> NP".  Third paragraph, fifth sentence:  "Thus
SATISFIABILITY is the hardest problem in NP" should be "Thus,
there is no problem harder than SATISFIABILITY in NP".

Page 198:  Fourth paragraph from bottom, second sentence:  "If a
and b are positive and a is less than n, you can think of a as
the remainder of b when divided by n" should be "If a and b are
positive and b is less than n, you can think of b as the
remainder of a when divided by n".

*****Page 199:  Middle of the page:  In the sentence "Calculating
the power of a number modulo a number", "a" should not be
italicized.  Fourth line from bottom:  "expresses n as a sum"
should be "expresses x as a sum".

Page 201:  First line of code:  Remove "assuming x and y are >
0".

*****Page 202:  Ninth line:  "The modular reduction" should be
"the modular inverse".  Middle of the page:  In the sentence
"Now, how do you go about finding the inverse of a modulo n?" "a"
should be italicized.

*****Page 206:  Legendre Symbol:  "L(a,p) = 0 if a divides p"
should be "L(a,p) = 0 if a is divisible by p".  "L(a,p) = -1 if a
is a nonresidue mod p" should be "L(a,p) = -1 if a is a quadratic
nonresidue mod p".

Page 207:  "Jacobi Symbol," formula:  Variable "h" should be "a".
Also, J(0,n) = 0.

*****Page 208:  Thirteenth line: "If a = 1, then J(a/p) = 1"
should be "If a = 1, then J(a,p) = 1".  Third line from the
bottom:  "for each n from 0 to p-1" should be "for each n from 1
to p-1".

Page 209:  Fourth paragraph:  "If that value does not equal q"
should be "If that value does not equal 1".

Page 210:  Fifth line:  "age 21" should be "age 20".

Page 213:  Second to last paragraph:  "10^150" should be
"10^151", "one in log N" should be "one in ln N", and "would
still be 10^110 primes left over" should be "would still be
enough for 10^34 other universes".

Page 214: Solovay-Strassen, second sentence:  "Jacobi function"
should be "Jacobi symbol".  Last line:  "n" should be "p".  Lines
29, 30, and 31: "r" should be "a", and "gcd(p,r)" should be
gcd(a,p)".

Page 215:  Lehman test, step 5:  All three "(n-1)/2" should be
exponents.

Page 217:  There should be an open parenthesis in front of the
second "ln" in both exponents.  Sixth paragraph:  "Guassian"
should be "Gaussian".

Page 222:  "Validation and Certification of DES Equipment," first
line:  "As part of the standard, the DES NIST" should be "As part
of DES, NIST".

Page 223:  Second to last paragraph, last line.  Reference
"[472]" should be "[473]".

Page 225:  Figure 10.2:  L_i is taken from R_(i-1) before the
expansion permutation, not after.  And "L_(i)-1" should be
"L_(i-1)".

Page 226:  Third sentence: "bit 1 to bit 58, bit 2 to bit 50, bit
3 to bit 42, etc." should be "bit 58 to bit 1, bit 50 to bit 2,
bit 42 to bit 3, etc."

Page 227:  Fourth line from bottom: "output positions that
correspond" should be "output positions correspond".

Page 228:  Fourth paragraph, last line:  "0 to 16" should be 0 to
15".

Page 228:  Fifth paragraph should read:  "For example, assume
that the input to the sixth S-box (that is, bits 31 through 36 of
the XOR function) are 110010.  The first and last bits combine to
form 10, which corresponds to row 2 of the sixth S-box.  The
middle four bits combine to form 1001, which corresponds to
column 9 of the same S-box.  The entry under row 2, column 9 of
S-box 6 is 0.  (Remember, we count rows and columns from 0, and
not from 1.)  The value 0000 is substituted for 110010.

Page 230:  Fifth sentence:  "bit 4 moves to bit 21, while bit 23
moves to bit 4" should be "bit 21 moves to bit 4, while bit 4
moves to bit 31".  Second to last line:  delete "The key shift is
a right shift".

Page 231:  Table 10.9, sixth line:  "80286" should be "80386".

Page 233:  The second two weak keys should be:
   1F1F 1F1F 0E0E 0E0E     00000000 FFFFFFFF
   E0E0 E0E0 F1F1 F1F1     FFFFFFFF 00000000

Page 236:  Fifth paragraph: "would never be low enough" should be
"would never be high enough".

Page 238:  Next to last line before "Additional Results": 
"NSA's" should be "IBM's".

Page 238:  "Differential Cryptanalysis," third paragraph: 
"(1/16)^2" should be "(14/64)^2".

Page 239:  Figure 10.4:  "14/16" should be "14/64".

Page 242:  Table 10.14:  In "XORs by additions" line, "2^39,2^3"
should be "2^39,2^31".  In "Random" line, "2^21" should be"2^18-
2^20".  In "Random permutations" line, "2^44-2^48" should
be"2^33-2^41".

Page 245:  Line 11"  "8 bits is" should be "8 bits was".

Page 247:  Section heading, "Cryptanalysis of the Madryga" should
be "Cryptanalysis of Madryga".

Page 250:  The two functions should be:
   S_0(a,b) = rotate left 2 bits ((a+b) mod 256)
   S_1(a,b) = rotate left 2 bits ((a+b+1) mod 256)
Note the difference in parentheses.

Page 250:  Figure 11.4:  Note that a is broken up into four 8-bit
substrings, a_0, a_1, a_2, and a_3.

Page 251:  Figure 11.6:  The definitions for S_0 and S_1 are
incorrect ("Y = S_0" and "Y = S_1").  See corrections from
previous page.  Also, "S1" should be "S_1".

Page 254:  "REDOC III," second sentence: "64-bit" should be "80-
bit".  "Security of REDOC III," second sentence:  Delete
clause after comma:  "even though it looks fairly weak."

Page 259:  First line:  "made the former algorithm slower" should
be "made Khafre slower".

Page 262:  Figure 11.9:  There is a line missing.  It should run
from the symbol where Z_5 is multiplied with the intermediate
result to the addition symbol directly to the right.

Page 263:  Table 11.1:  The decryption key sub-blocks that are
Z_n^(m)-1 should be Z_n^((m)-1).  Also, the second and third
column of decryption key sub-blocks in rounds 2 through 8 should
be switched.

Page 264:  First line:  "107.8 mm on a side" should be "107.8
square mm".

Page 265:  Figure 11.10:  There is a line missing.  It should run
from the symbol where Z_5 is multiplied with the intermediate
result to the addition symbol directly to the right.

Pages 266-7:  Since the publication of this book, MMB has been
broken.  Do not use this algorithm.

Page 267:  Sixth line from bottom:  Reference should be "[256]".

Page 269:  "Skipjack."  First paragraph.  Reference should be
"[654]".

Page 270:  "Karn."  Third paragraph.  Last sentence:  "append C_r
to C to produce" should be "append C_r to C_l to produce".

Page 270-1:  "Luby-Rackoff."  Step (4), equation should be:
     "L_1 = L_0 XOR H(K_r,R_1)"
In step (6), equation should be:
     "L_2 = L_1 XOR H(K_r,R_2)"

Page 271:  Middle of the page:  "(for example, MD2, MD5, Snefru"
should be "(for example, MD2, MD4, Snefru".

Page 272:  Second to last line:  "But it is be analyzed" should
be "but it is being analyzed".

Page 275:  Second to last paragraph:  "Using 1028 bits" should be
"using 1024 bits".

Page 277:  First lines:  The correct street address is "310 N
Mary Avenue" and the correct telephone number is "(408)
735-5893".

Page 278:  Second to last line: "greater than the largest number
in the sequence" should be "greater than the sum of all the
numbers in the sequence".  The example on page 279 is also wrong.

Page 281:  Third paragraph:  The correct street address is "310 N
Mary Avenue" and the correct telephone number is "(408)
735-5893".

Page 283:  Table 12.2:  "PRIVATE KEY: d e^(-1)" should be
"PRIVATE KEY: d = e^(-1)".

Page 284:  Fifth line should be:
   "c = 1570 2756 2091 2276 2423 158".

Page 286:  Third paragraph:  "Eve gets Alice to sign y," "y"
should be italicized.  Second to last line:  "Eve wants to Alice
to" should be "Eve wants Alice to".

Page 287:  Last line:  Wiener's attack is misstated.  If d is
less than one-quarter the length of the modulus, then the attack
can use e and n to find d quickly.

Page 288:  The correct street address is "310 N Mary Avenue" and
the correct telephone number is "(408) 735-5893".

Page 289:  The correct street address is "310 N Mary Avenue" and
the correct telephone number is "(408) 735-5893".

Page 291:  Fourth line:  "factoring, and it" should be
"factoring.  However, it".  "Feige-Fiat-Shamir," second
paragraph: "all foreign nationals" should be "all foreign
citizens".

Page 292:  Fifth line:  "sqrt(x/v)" should be "sqrt(1/v)".

Page 294:  Second and third lines:  "Bob" should be "Victor."

Page 295:  First line:  "t random integers fewer than n" should
be "t random numbers less than n".

Page 297:  Last line:  "when" should be "where".

Page 301:  Middle of the page:  Delete the sentence "Since the
math is all correct, they do this step."

Page 302:  Fourth line from bottom:  "a" should be in italics.

Page 303:  "Authentication Protocol," step (1):  Add "She sends x
to Victor."

Page 305:  Third paragraph, parenthetical remark:  "NIST claimed
that having DES meant that both that both the algorithm and the
standard were too confusing" should be "NIST claimed that having
DES mean both the algorithm and the standard was too confusing".

Page 306:  Eighth line:  "cryptographers' paranoia" should be
"paranoia".

Page 307:  "Description of the Algorithm":  "p = a prime number
2^L bits long" should be "p = a prime number L bits long".  "g =
h^((p-1)/q)" should be "g = h^((p-1)/q) mod p".

Page 309:  Third line:  "random k values and then precompute r
values" should be "random k-values and then precompute r-values".

Page 313:  "Subliminal Channel in DSS":  "see Section 16.7"
should be "see Section 16.6".

Page 314:  Protocol, step (1):  "when" should be "where".

*****Page 316:  Third and fourth paragraphs:  "k'" and "n'"
should be "k" and "n".

Page 318:  "Other Public-Key Algorithms," third paragraph: 
"methods for factorizing polynomials was invented" should be
"methods for factoring polynomials were invented".

Page 319:  There should be a blank line before "discrete
logarithm:" and another before "factoring:".  Fourth line from
the bottom:  "depends more on the" should be "depends on more
than the".

Page 321:  Third line:  "when h" should be "where h".

Page 322:  Second paragraph:  "over 500 pairs of people" should
be "253 pairs of people".

Page 326: In the definition of h_i, "H_(i-1)" should be "h_(i-
1)".

Page 330:  Definitions of FF, GG, HH, and II are wrong.  These
are correct:
   FF:  "a = b + ((a + F(b,c,d) + M_j + t_i) <<< s)"
   GG:  "a = b + ((a + G(b,c,d) + M_j + t_i) <<< s)"
   HH:  "a = b + ((a + H(b,c,d) + M_j + t_i) <<< s)"
   II:  "a = b + ((a + I(b,c,d) + M_j + t_i) <<< s)"

*****Page 332:  Round 4, second entry:  "0x411aff97" should be
"0x411aff97".

Page 335:  Fifth line should be:
   "K_t = CA62C1D6, for the fourth 20 operations".
Eleventh line:  "represents a left shift" should be "represents a
circular left shift".

Page 336:  "HAVAL," sixth line:  "160, 92, 224" should be "160,
192, 224".

Page 339:  "LOKI Single Block":  In computation of Hi, drop final
"XOR M_i". 

Page 340:  "Modified Davies-Meyer":  In computation of H_i, "M_i"
should be subscripted.

Page 342:  "Tandem Davies-Meyer":  In computation of W_i, "M_i"
should be subscripted.

Page 345:  "Stream Cipher Mac", first line:"  "A truly elegant
MDC" should be "A truly elegant MAC".

Page 347:  Formula:  "aX_(n1)" should be "aX_(n-1)".  Second
paragraph:  "(For example, m should be chosen to be a prime
number.)" should be "(For example, b and m should be relatively
prime.)"

Page 351:  Second line of text:  "they hold current" should be
"they hold the current".

Page 353:  Third line:  ">> 7" should be ">> 31".  Fourth line: 
">> 5" should be ">> 6".  Fifth line:  ">> 3" should be ">> 4". 
Eighth line:  "(ShiftRegister)" should be "(ShiftRegister))". 
Tenth line:  "< 31" should be "<< 31".  Second paragraph:  "are
often used from stream-cipher" should be "are often used for
stream-cipher".

Page 356:  Source code:  "ShiftRegister = (ShiftRegister ^ (mask
>> 1))" should be "ShiftRegister = ((ShiftRegister ^ mask) >>
1)".

Page 360:  Equation should not be "l(2^1-1)^(n-1)", but "l(2^l-
1)^(n-1)".  (A letter, not a number.)

Page 362:  Figure 15.10:  "LFSR-B" should be "LFSR-A" and vice
versa.  The second "a(t+n-1)" should be "a(t+n-2)", and the
second "b(t+n-1)" should be "b(t+n-2)".

Page 363:  Fourth paragraph: "cellular automaton, such as an
CSPRNG" should be "cellular automaton as a CSPRNG".

Page 365:  "Blum-Micali Generator."  In the equation, "x_i"
should be an exponent of a, not a subscript.

Page 367:  Sixth paragraph:  "Ingmar" should be "Ingemar".

Page 370:  "Using "Random Noise."  Second paragraph, last line: 
"output 2 as the event" should be "output 0 as the event".

Page 371:  Sixth line:  "access/modify times of/dev/tty" should
be "access/modify times of /dev/tty".

Page 371:  "Biases and Correlations," third line:  "but there
many types" should be "but there are many types".

Page 374:  "Generating Random Permutations."  Note that the
obvious way of shuffling, using random (n-1) instead of random
(i) so that every position is swapped with a random position,
does not give a random distribution.

Page 376:  Seventh line: "send a message, M" should be "send a
message, P".

Page 380:  Step (4):  "K(R_B)" should be "K(R_A)".

Page 383 and 386:  "LaGrange" should be "Lagrange".

Page 391:  Second protocol, step (1):  "in his implementation of
DES" should be "in his implementation of DSS".  Next sentence: 
"such that r is either q quadratic" should be "such that r is
either a quadratic".

Page 401:  Second to last line:  "and x is randomly chosen"
should be "and x is secret".

Page 402:  Step (1):  "when all values of r are" should be "where
all r_i are".  Step (2):  "for all values of r" should be "for
all values of i".  Step (4):  "when j is the lowest value of i
for which b_i = 1" should be "when j is the lowest value for
which b_j = 1".  Line 18:  "2^t" should be "2^(-t)".

Page 406:  Step (5):  "i<j" should be i>j".

Page 409:  Third paragraph:  "measuring them destroys" should be
"measuring it destroys".  Fifth paragraph:  "it has no
probability" should be "it has zero probability".

*****Page 410:  Third line from bottom:  "British Telcom" should
be "British Telecom".

Page 417:  Last paragraph:  "Kerberos is a service Kerberos on
the network" should be "Kerberos is a service on the network".

Page 421:  Figure 17.2:  In the top message "C" should be lower
case.

Page 428:  "Privacy Enhanced Mail":  First line:  "adapted by the
Internet" should be "adopted by the Internet".

Page 435:  "RIPEM":  "Mark Riorden" should be "Mark Riordan".

Page 436:  "Pretty Good Privacy," third paragraph:  Delete fourth
sentence:  "After verifying the signature...."

Page 436:  Pretty Good Privacy is not in the public domain.  It
is copyrighted by Philip Zimmermann and available for free under
the "Copyleft" General Public License from the Free Software
Foundation.

Page 437:  Fifth line:  Delete "assess your own trust level". 
"Clipper," second paragraph:  reference should be
"[473]".  Fourth paragraph:  references should be
"[473,654,876,271,57]".

Page 438:  Middle of page:  reference should be "[654]". 
"Capstone," first paragraph:  reference should be "[655]".

Page 445:  The IACR is not the "International Association of
Cryptographic Research," but the "International Association for
Cryptologic Research."  This is also wrong in the table of
contents and the index.

Source Code:  The decrement operator, "--", was inadvertently
typesetted as an m-dash, "-".  This error is on pages 496, 510,
511, 523, 527, 528, 540, and 541.  There may be other places as
well.

Page 472:  Third line: "2, 18, 11" should be "22, 18, 11". 
Eighteenth line: "for( i = 0; i<<16; i++ )" should be "for( i =
0; i<16; i++ )".

Page 473:  Function "cpkey(into)". "while (from endp)" should be
"while (from < endp)".

Page 478:  Fourth line: "leftt > 4" should be "leftt >> 4". 
Seventh line: "leftt > 16" should be "leftt >> 16".  Twentieth
line: "leftt > 31" should be "leftt >> 31".

Page 508:  Line 8:  "union U_INTseed" should be "union U_INT
seed".

Page 531:  "for( i = 0; i<; i++ )" should be "for( i = 0; i<2;
i++ )".

Page 558:  "#defineBOOLEAN int" should be "#define BOOLEAN int",
"#defineFALSE0" should be "#define FALSE 0", and
"#defineTRUE(1==1)" should be "#define TRUE (1==1)".

Page 564:  "#define BOOLEANint" should be "#define BOOLEAN int",
"#define FALSE0" should be "#define FALSE 0", and
"#defineTRUE(1==1)" should be "#define TRUE (1==1)".

Page 569:  "rand() > 11" should be "rand() >> 11".

Page 569:  In "G13.H", "#define G13int" should be "#define G13
int".

*****Page 571:  Reference [14:  "Hopcraft" should be "Hopcroft".

Page 572:  Reference [45]:  "Haglen" should be "Hagelin".

Page 576:  References [136] and [137]:  "Branstead" should be
"Branstad."

Page 576:  Reference [148]:  The authors should be G. Brassard,
C. Crepeau, and J.-M. Robert.

Page 578:  Reference [184]  "Proof that DES Is Not a Group"
should be "DES Is Not a Group."  The correct page numbers are
512-520.

*****Page 582:  Reference [286]:  The article appeared CRYPTO '89
Proceedings.

Page 589:  Reference [475]:  The publisher should be E.S. Mittler
und Sohn, and the publication date should be 1863.

Page 601:  References [835] and [836]:  "Branstead" should be
"Branstad."

Page 602:  Reference [842]:  "Solvay" should be "Solovay".

Page 603:  Reference [878]:  "Weiner" should be "Wiener."


This errata is updated periodically.  For a current errata sheet,
send a self-addressed stamped envelope to:  Bruce Schneier,
Counterpane Systems, 730 Fair Oaks Ave., Oak Park, IL  60302; or
send electronic mail to: schneier at chinet.com.


From banisar at washofc.epic.org  Thu Jun 16 19:07:09 1994
From: banisar at washofc.epic.org (Dave Banisar)
Date: Thu, 16 Jun 94 19:07:09 PDT
Subject: EPIC Alert 1.02
Message-ID: <00541.2854648641.6481@washofc.epic.org>


Date	6/16/94
Subject	EPIC Alert 1.02
From	Dave Banisar
To	CPSR  Listserv

  EPIC Alert 1.02
      =============================================================
    
       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @
     
    ============================================================
    Volume 1.02                                    June 16, 1994
    ------------------------------------------------------------
    
                        Published by the
           Electronic Privacy Information Center (EPIC)
                         Washington, DC
                        (Alert at epic.org)
     
-----------------------------------------------------------------------
Table of Contents
-----------------------------------------------------------------------
 
 [1] NIST Adopts Digital Signature Standard
 [2] National Performance Review Issues Info Tech Report
 [3] Federal Telephone Transactional Surveillance Increases
 [4] IRS Issues Privacy Principles
 [5] Government Printing Office Goes Online
 [6] New Files at the Internet Library
 [7] Upcoming Conferences and Events
 
-----------------------------------------------------------------------
 [1] NIST Adopts Digital Signature Standard
-----------------------------------------------------------------------
 
On May 19, the National Institute of Standards and Technology approved
its cryptographic standard to provide digital signatures for
electronic documents. Digital signatures are used to authenticate
users and to ensure that messages are not altered. These assurances
are important for applications such as electronic commerce and virus
protection.

The DSS has been mired in controversy since its announcement in 1991.
NIST originally planned to develop an algorithm that also provided
privacy and confidentiality protection to replace the current
government Data Encryption Standard (DES). Documents obtained by CPSR
reveal that the National Security Agency pressured NIST into adopting
the DSS instead. In 1993, NIST proposed the NSA-developed Clipper Chip
to replace DES.

The DSS has also been controversial because RSA Data Security claims
that it infringes several of its patents. NIST contends that it found
no patent infringements.

-----------------------------------------------------------------------
 [2] National Performance Review Releases Info Tech Report
-----------------------------------------------------------------------

Vice President Al Gore's National Performance Review this week
released the long awaited report "Reengineering Through Information
Technology."

The report finds that the federal government lacks leadership and a
coherent plan to address information technology issues. It concludes
that "government is falling dangerously behind the private sector in
using technology to deliver services."

The privacy and security sectio
of a privacy organization within the executive branch. The
organization would advise the president, assist federal agencies,
coordinate US privacy initiatives with international organizations,
and advise state and local governments on privacy issues. The
Information Infrastructure Task Force (IITF) is directed to provide
recommendations on the creation of the organization, including its
size, authority and budget. The IITF will either propose a draft
executive order or legislation for its creation. Office of Management
and Budget official Bruce McConnell is in charge of the effort.

The IITF is also directed to create an interagency task force to
develop uniform privacy principles for information systems by July
1994, coordinated by the OMB. The task force must issue a report in
less a year.

The report calls for NIST, in consultation with the OMB and the
assistance of the NSA, to "create opportunities for industry to
develop the encryption capabilities required for protection of
networked distributed systems." A high priority is set for "finalizing
and promulgating digital encryption standards."

A copy of the full report is available from cpsr.org. See below for
details.

-----------------------------------------------------------------------
 [3] Transactional Surveillance Increased in 1993
-----------------------------------------------------------------------
 
Federal law enforcement use of telephone transactional records
increased in 1993 for the sixth straight year. Last year, the FBI, the
Drug Enforcement Administration, the Immigration and Naturalization
Service and the Marshals Service increased their use of pen registers
and trap and trace devices sharply over 1992.

Pen registers capture the telephone numbers of every phone call made
from a particular line. In 1993, 3,423 orders for pen registers
affecting the lines of 8,130 people were issued, a nine percent
increase over 1992's total. Since 1987, when the use of pen registers
became regulated under the Electronic Communications Privacy Act,
their use has increased 201 percent. While the number of telephone
numbers captured is not available, in 1987 the DEA reported that for
716 installed pen registers, over 53,000 numbers were recorded.

The use of trap and trace devices also increased sharply in 1993 (up
221 percent over 1992), to a total of 2,153 orders affecting 3,777
persons. Since 1987, the use of trap and trace devices has increased
over 2,300 percent. Trap and trace devices capture the originating
telephone numbers of incoming calls to a particular phone line. In
1987, the DEA reported that 91 trap and trace devices captured 2,886
numbers.

-----------------------------------------------------------------------
 [4] IRS Issues Privacy Guidelines
-----------------------------------------------------------------------

The Internal Revenue Service has issued Privacy Guidelines to assist
its employees in maintaining the confidentiality of taxpayer
information. The guidelines provide no additional legal authority but
are intended to remind employees of their already existing legal
obligations.

In 1993, the General Accounting Office reported that 368 IRS employees
had been caught browsing through files, inspecting the records of
relatives and celebrities.

The guidelines set out 10 principles that each employee should follow:

1. Protecting taxpayer privacy and safeguarding confidential taxpayer
information is a public trust.

2. No information will be collected or used with respect to taxpayers
that is not necessary and relevant for tax administration and other
legally mandated or authorized purposes.

3. Information will be collected, to the greatest extent practicable,
directly from the taxpayer to whom it relates.

4. Information about taxpayers collected from third parties will be
verified to the extent practicable with the taxpayers themselves
before action is taken against them.

5. Personally identifiable taxpayer information will be used only for
the purpose for which it was collected, unless other uses are
specifically authorized or mandated by law.

6. Personally identifiable taxpayer information will be disposed of at
the end of the retention period required by law or regulation.

7. Taxpayer information will be kept confidential and will not be
discussed with, nor disclosed to, any person within or outside the IRS
other than as authorized by law in the performance of official duties.

8. Browsing, or any unauthorized access of taxpayer information by any
IRS employee, constitutes a serious breach of the confidentiality of
that information and will not be tolerated.

9. Requirements governing the accuracy, reliability, completeness, and
timeliness of taxpayer information will be such as to ensure fair
treatment of all taxpayers.

10. The privacy rights of taxpayers will be respected at all times and
every taxpayer will be treated honestly, fairly, and respectfully.

Henry Philcox of the IRS told the EPIC Alert that the IRS has produced
instructional videotapes which display scenarios where the privacy
guidelines would be in effect. The IRS has also appointed Rob Veeder,
formerly with the Office of Management and Budget, as director of its
privacy project. Veeder will be on board at the IRS within a few
weeks.


-----------------------------------------------------------------------
 [5] Federal Register, Congressional Record Online	
-----------------------------------------------------------------------

The Government Printing Office has made the Federal Register, the
Congressional Record and copies of bills signed by the President
available on the Internet through its online service.

The Federal Register contains notices filed by every federal agency of
proposed rules, decisions and other operations. The Congressional
Record contains floor statements, copies of some pending legislation
and other materials from both the Senate and the House of
Representatives.

This project is the culmination of a three year effort, led by
Taxpayers Assets Project and the American Library Association, to
increase access to federal government information. Their campaign
resulted in the enactment of the GPO WINDO bill in 1993, which
mandated that the Government Printing Office offer online access to
the Federal Register and the Congressional Record and encouraged more
government agencies to make information available electronically.

However, the high costs for the services have led many to question
whether this project will improve access to government information.
For a single user, access to the Federal Register and the
Congressional Record will cost $375 per year for each publication.
Monthly access at $35 is also available. No provisions are available
for occasional searches. Taxpayers Assets Project has filed a formal
appeal with the GPO, asking it to reconsider its pricing scheme.

For more information on access, telnet to wais.access.gpo.gov, login:
newuser, press <enter> for password or call 202-512-1661, login: wais,
password: <enter>, login: newuser, password: <enter>.


-----------------------------------------------------------------------
 [6] Files Available for retrieval
-----------------------------------------------------------------------

New files on Clipper. /privacy/crypto/privacy
nist_reponse_to_blaze_paper.txt
nist_response_senate_questions_6_94.txt
nsa_response_senate_questions_6_94.txt

Vice President Gore's National Performance Review Report on
Information Technology. /privacy/communications/ 
national_performance_review_info_tech_report.txt
   
Files on the current crisis in the Italian bulletin board community
cpsr/computer_crime
italy_crackdown_may94   News reports on the police crackdown on BBSs
accused of pirating software; large-scale confiscation of equipment.
 
italy_net_politics Speech by Bernardo Parrella of Agora (a
multi-lingual Internet site in Italy: agora.stm.it) on the current
state of BBS's and networking in Italy.

The CPSR Internet Library is a free service available via
FTP/WAIS/Gopher/listserv from cpsr.org:/cpsr. Materials from
Privacy International, the Taxpayers Assets Project and the
Cypherpunks are also archived. For more information, contact
ftp-admin at cpsr.org.
  	  

-----------------------------------------------------------------------
 [7] Upcoming Privacy Related Conferences and Events
-----------------------------------------------------------------------

DEF CON ][ ("underground" computer culture) "Load up your laptop
Muffy, we're heading to Vegas!" The Sahara Hotel, Las Vegas, NV. July
22-24. Contact: dtangent at defcon.org.

Symposium on Privacy and Intelligent Vehicle-Highway Systems. Santa
Clara University, Santa Clara, California.  July 29-30.  Contact:
Professor Dorothy J. Glancy 408-554-4075 (tel), 408-554-4426 (fax),
dglancy at suacc.scu.edu.

Hackers on Planet Earth: The First US Hacker Congress. Hotel
Pennsylvania, New York City, NY. August 13-14. Sponsored by 2600
Magazine. Contact: 2600 at well.sf.ca.us.

Technologies of Surveillance; Technologies of Privacy. The Hague, The
Netherlands. September 5. Sponsored by Privacy International and EPIC.
Contact: Simon Davies (davies at privint.demon.co.uk).

16th International Conference on Data Protection. The Hague,
Netherlands.  September 6-8.  Contact: B. Crouwers 31 70 3190190 (tel),
31-70-3940460 (fax).

CPSR Annual Meeting. University of California, San Diego. October 8-9.
Contact: Phil Agre <pagre at weber.ucsd.edu>

Symposium: An Arts and Humanities Policy for the National Information
Infrastructure. Boston, Mass. October 14-16. Sponsored by the
Center for Art Research in Boston. Contact: Jay Jaroslav
(jaroslav at artdata.win.net).

Third Biannual Conference on Participatory Design, Chapel Hill, North
Carolina. October 27-28. Sponsored by CPSR. Contact:
trigg at parc.xerox.com.

Ethics in the Computer Age Conference. Gatlinburg, Tennessee. November
11-13. Sponsored by ACM. Contact: jkizza at utcvm.utc.edu
 
            (Send calendar submissions to Alert at epic.org)

=======================================================================
 
To subscribe to the EPIC Alert, send the message:
 
"subscribe cpsr-announce <your name>" (without quotes or brackets) to
listserv at cpsr.org. You may also receive the Alert by reading the
USENET newsgroup comp.org.cpsr.announce

=======================================================================

The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues relating to the
National Information Infrastructure, such as the Clipper Chip, the
Digital Telephony proposal, medical record privacy, and the sale of
consumer data.  EPIC is sponsored by the Fund for Constitutional
Government and Computer Professionals for Social Responsibility. EPIC
publishes the EPIC Alert and EPIC Reports, pursues Freedom of
Information Act litigation, and conducts policy research on emerging
privacy issues. For more information email info at epic.org, or write
EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1
202 544 9240 (tel), +1 202 547 5482 (fax).
 
The Fund for Constitutional Government is a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights. Computer Professionals for Social Responsibility is a national
membership organization of people concerned about the impact of
technology on society. For information contact: cpsr at cpsr.org
 
------------------------- END EPIC Alert 1.02 -------------------------









From sameer at c2.org  Thu Jun 16 22:06:48 1994
From: sameer at c2.org (sameer)
Date: Thu, 16 Jun 94 22:06:48 PDT
Subject: swipe working on infinity.c2.org
Message-ID: <199406170504.WAA12073@infinity.c2.org>


	I managed to get swipe into the kernel here at
infinity.c2.org-- If any sites would like to install swipe on their
systems and setup encrypted channels between our sites, and then do
some experimentation with it, maybe some development (I don't really
have time to develop stuff.. but..), please mail me.

-- 
sameer						Voice:   510-841-2014
Network Administrator				Pager:	 510-321-1014
Community ConneXion: The NEXUS-Berkeley			sameer at c2.org




From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Thu Jun 16 22:15:41 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Thu, 16 Jun 94 22:15:41 PDT
Subject: Government FTP site used to violate ITAR
Message-ID: <771826877/vac@FURMINT.NECTAR.CS.CMU.EDU>


The version of the file fips181.txt with DES code, which was FTPable
from a government machine, (I saw it there some time back myself) has
been exported.  It is now FTPable from the UK.  

I did not see a "NO-EXPORTING" warning like most of us have, so they
could have even caused someone to violate US law unintentionally.
Maybe even someone who thinks that US law applies to everyone on Earth.
So even if someone were to export something from one of our FTP sites,
we still would not be doing something as bad as the government has
done.  

   -- Vince


> dirs
/alex/edu/cmu/cs/sp/alex/links/security

> foreach FILE (`gunzip -c < Index.gz | grep fips181`)
? /bin/ls -l $FILE
? end

                                    [output reformatted for 80 columns]
/alex/uk/ac/ox/black/DOCS/security/fips181.txt.Z
-rw-r--r--  1 alexsrvr    41499 Mar  9 11:15 

/alex/org/eff/ftp/pub/EFF/Policy/Crypto/Newin/New_nist/fips181.txt 
-rw-r--r--  1 alexsrvr   127318 Mar  6 17:39

/alex/org/first/pub/nistpubs/fips181.txt
-rw-r--r--  1 alexsrvr    21021 Mar 25 17:21

/alex/gov/nist/csrc/bbs/nistpubs/fips181.txt
-rw-r--r--  1 alexsrvr    21021 Mar 25 17:21

/alex/it/unimi/dsi/ftp/pub/security/docs/first.org/pub/nistpubs/fips181.txt.gz
-rw-r--r--  1 alexsrvr     7314 Mar 25 17:51

/alex/ca/bc/wimsey/ftp/pub/crypto/Doc/FIPS/fips181.README
-rw-r--r--  1 alexsrvr      164 May 23 19:13


> zcat /alex/uk/ac/ox/black/DOCS/security/fips181.txt.Z > /tmp/fips181.txt

> ll /tmp/fips181.txt
-rw-r--r--  1 vac        127318 Jun 17 00:19 /tmp/fips181.txt

> diff /tmp/fips181.txt
/alex/org/eff/ftp/pub/EFF/Policy/Crypto/Newin/New_nist/fips181.txt
>








From mpd at netcom.com  Thu Jun 16 22:40:27 1994
From: mpd at netcom.com (Mike Duvos)
Date: Thu, 16 Jun 94 22:40:27 PDT
Subject: Did anyone see...
In-Reply-To: <199406170136.SAA28382@mail.netcom.com>
Message-ID: <199406170540.WAA13491@netcom.com>


Eli Brandt writes:

 >> Victor S. Miller, [who I suspect is the same Victor S. Miller I
 >> knew at UMass Boston many years ago], published a nifty little
 >> paper in the mid 1980's on the computation of the function Pi(n)

 > Do you have a pointer to this paper?  I'd been under the
 > impression that this function had no analytic closed form
 > (unless you cheat).

I'll also post this to the list since I need to correct a dumb
error in my previous post.

I previously stated that Pi(n) was the Nth prime.  It is of
course in reality the Prime Number Counting Function which is
equal to the number of primes <= n.  Computing the Nth prime is
trivial given a program which computes Pi(n) since Pi(n) is
asymptotic to a known smooth function and one need only evaluate
it a small number of times to refine an initial estimate of the
Nth prime into the correct value.

Miller's definitive paper on the subject is...

    Computing Pi(x): The Meissel-Lehmer method
    Mathematics of Computation, 1985, 44, no. 170, 537-560

There is another paper by this gentleman which may be of interest
to Cypherpunks.  It is on the use of elliptic curves as a basis
for cryptosystems.  He demonstrates how an analogue to the
Diffie-Hellman secure key exchange may be constructed using
groups of points on elliptic curves and conjectures that such a
system may be stronger than one based on the discrete log
problem.  Here is the citation.

    Use of elliptic curves in cryptography
    Advances in cryptology---CRYPTO 85
    1986, 417-426 ISBN: 0-387-16463-4

Happy reading.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From jdwilson at gold.chem.hawaii.edu  Fri Jun 17 00:59:33 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Fri, 17 Jun 94 00:59:33 PDT
Subject: Unofficial Excerpt from InfoSecurity News
In-Reply-To: <9406161906.AA03059@Tux.Music.ASU.Edu>
Message-ID: <Pine.3.07.9406162154.E14290-a100000@gold.chem.hawaii.edu>



On Thu, 16 Jun 1994 Ben.Goren at asu.edu wrote:

> 
> How can he breathe when his head is so far in the sand?
> 

Somehow I thought this post might prove good discussion fodder.

I wonder if the original author has received any mail about this?


<hehehe>



-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |finger for key / Viacrypt Reseller  >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

















From jgostin at eternal.pha.pa.us  Fri Jun 17 01:20:24 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Fri, 17 Jun 94 01:20:24 PDT
Subject: Primes & Miller's Paper
Message-ID: <940617030022O5wjgostin@eternal.pha.pa.us>


mpd at netcom.com (Mike Duvos) writes:

> Victor S. Miller, [who I suspect is the same Victor S. Miller I
> knew at UMass Boston many years ago], published a nifty little
> paper in the mid 1980's on the computation of the function Pi(n)
> which gives the Nth prime as a function of N.  He had a table
> giving the (10^N)th prime for n={3,6,9,12,15,18,...} which was
> quite impressive.  Calculating the correct value for the
> zillionth prime directly is a cute bit of mathematics.

     Any chance you could give us a pointer, or perhaps a summary? I'd bet
dollars to donuts that you'll give us the pointer, but in either case, I'm
sure we'd appreciate it!

                                   --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From nobody at soda.berkeley.edu  Fri Jun 17 02:31:05 1994
From: nobody at soda.berkeley.edu (Tommy the Tourist)
Date: Fri, 17 Jun 94 02:31:05 PDT
Subject: "The Virtual Hand": Free-market Internet guide
Message-ID: <199406170930.CAA09937@soda.berkeley.edu>


> >[Please distribute this as widely as you see fit.  Thanks -- Sasha Volokh]
> >
> >The Competitive Enterprise Institute is pleased to announce:
> >
> >                THE VIRTUAL HAND
> >
> >                CEI'S FREE-MARKET GUIDE TO THE
> >                INFORMATION SUPERHIGHWAY
> >...

> Alright, who let the spammer in? I subscribe to net-resources for this
> sorta crud; I don't need to see it here in cypherpunks.

   Didn't look like a spam to me. It looked like a very targeted ad
to a receptive audience. Cypherpunks contains, after all, a high
population of libertarians and free market types. All net advertising
is not bad.


------------
To respond to the sender of this message, send mail to
remailer at soda.berkeley.edu, starting your message with
the following 7 lines:
::
Response-Key: ideaclipper

====Encrypted-Sender-Begin====
MI@```$US^P;+]AB?X9TW6\8WR:^P&2':U$*B?=.'8=A+`0J*__K;`&\ER>Q$
E>G&CYW:$($=$#V1Z)#<$?PIF\;'!$C>]?$-]1&/WJA[9G%PN7```
====Encrypted-Sender-End====





From frezza at radiomail.net  Fri Jun 17 05:03:35 1994
From: frezza at radiomail.net (Bill Frezza (via RadioMail))
Date: Fri, 17 Jun 94 05:03:35 PDT
Subject: Crypto export legislation defeated in House Intelligence Cmte.
Message-ID: <199406171202.AA20056@radiomail.net>


Stanton,

<Initial news from
Intelligence Committee staffers is that the crypto provisions of H.R. 3937
were axed with an unbelievable 13-0 unanimous vote, in clear blatant
disregard for the opinion of constituents and the general public.>

So much for lobbying.

Look, something is going on here that doesn't meet the eye. Nothing is 
ever unanimous in Washington. These guys were told something by somebody
that caused them to vote like this. You can bet it had nothing to do with
terrorists, drug pushers, or pedophiles. Why don't you expend 
some effort to find out what they were told and by whom so we could learn 
what this issue is really about because it is NOT about "national security".

Bill Frezza
DigitaLiberty








From paul at hawksbill.sprintmrn.com  Fri Jun 17 05:18:28 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Fri, 17 Jun 94 05:18:28 PDT
Subject: Crypto export legislation defeated in House Intelligence Cmte.
In-Reply-To: <199406171202.AA20056@radiomail.net>
Message-ID: <9406171320.AA05846@hawksbill.sprintmrn.com>



> So much for lobbying.
> 
> Look, something is going on here that doesn't meet the eye. Nothing is 
> ever unanimous in Washington. These guys were told something by somebody
> that caused them to vote like this. You can bet it had nothing to do with
> terrorists, drug pushers, or pedophiles. Why don't you expend 
> some effort to find out what they were told and by whom so we could learn 
> what this issue is really about because it is NOT about "national security".
>

Bills right. Something's rotten to the proverbial core.

- paul
 




From snyderra at dunx1.ocs.drexel.edu  Fri Jun 17 05:36:54 1994
From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder)
Date: Fri, 17 Jun 94 05:36:54 PDT
Subject: "The Virtual Hand": Free-market Internet guide
Message-ID: <199406171235.IAA18379@dunx1.ocs.drexel.edu>


At  2:30 AM 6/17/94 -0700, Tommy the Tourist wrote:
>> >[Please distribute this as widely as you see fit.  Thanks -- Sasha Volokh]
>> >
>> >The Competitive Enterprise Institute is pleased to announce:
>> >
>> >                THE VIRTUAL HAND
>> >
>> >                CEI'S FREE-MARKET GUIDE TO THE
>> >                INFORMATION SUPERHIGHWAY
>> >...
>   Didn't look like a spam to me. It looked like a very targeted ad
>to a receptive audience. Cypherpunks contains, after all, a high
>population of libertarians and free market types. All net advertising
>is not bad.

Cypherpunks also can contains, after all, a high population of computer
users.  Does that mean that Apple or Compaq sending ads to the list
wouldn't be bad?

If it's target was libertarians, it should have been sent to one of the
various libertarian lists/groups.

Bob

--
Bob Snyder N2KGO                                     MIME, RIPEM mail accepted
snyderra at dunx1.ocs.drexel.edu                       finger for RIPEM public key
         When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.







From stu at nemesis.wimsey.com  Fri Jun 17 05:46:26 1994
From: stu at nemesis.wimsey.com (Stuart Smith)
Date: Fri, 17 Jun 94 05:46:26 PDT
Subject: New program to integrate encryption/signing with mail/news
Message-ID: <2e019887.nemesis@nemesis.wimsey.com>


-----BEGIN PGP SIGNED MESSAGE-----

I have written a new program to help integrate encryption and
signature programs such as (but not limited to) PGP.  This is
the doc file that is included.  I am going to try to upload it
to ftp.csua.berkeley.edu, the cypherpunks ftp site, in directory
/pub/cypherpunks/incoming.  The file name is mess11.zip.  Not
sure where it will end up, but if you can't find it or don't
have ftp, I will gladly mail it to you.

This is the first program of any sort, simple though it is, that
I have ever unleashed on the public at large, comments are
greatly appreciated - please be gentle :)

I'm biased of course, but I find it a rather elegant (ergonomic
is what I want to say :) way to let users encrypt or sign
messages.  Please give it a try, it is freeware and may be
distributed under the GNU Public License.


mess - automagic Mail Encryption and Signing System for mail & news

Copyright 1994 Stuart Smith
May be distributed under the terms of the GNU General Public License.


This program is meant to be run in lieu of an editor from a mail or news
program.  The editor you want to use should be the first argument on
the command line.  The article or message to be edited should be the second.

mess first starts the editor with the specified file.  If you want your
message to be encrypted or signed, place one or more of the following strings
at the beginning of a line.  (i.e. each string must start at the beginning of
its own line)

 [encrypt]
 [encrypt] <key_ID>
 [sign]
 [sign] <key_ID>

Only the first encrypt or sign string will be acted on and removed from the
text.  Further copies are ignored.  If you add a space and a key ID,
these will be added to the PGP command line so that PGP will not ask
you for them.  A key ID (any text fragment unique to a public key
description) is considered as everything from one space after 
the [encrypt]/[sign] string.

mess now also scans headers, if they are included, for To: or From: headers
and will use these as key_ID's.  If you specify a key_ID after [sign] or
 [encrypt], it will override the key_ID found in the headers.  I use trn,
which does pass headers to the editor and it seems to work great.  Elm
doesn't though so I can't test it, but I assume it would work as well.  I
had to try and make the program smart enough to figure out if there even
are headers.  To do this, it first splits the file in two at the first blank
line.  Everything above is considered header lines.  If however, it does not
match From:, To:, or Subject:, then it assumes that headers were not in fact
included in the file and that it is really just parsing the first paragraph. 
In which case it throws it out and just uses the whole file as the body,
with no headers.

If a public or secret key is not found matching the key_ID found in the
header or entered manually, PGP will fail, leaving your message intact,
including the [encrypt]/[sign] strings, if present.

I've tried not to emphasize PGP to much because I wrote the program so
that it could be used with any encryption program. PGP is of course a
natural for the job.  Right now, the defaults for the encrypt and sign
strings, encrypt and sign options, and even the encryption program to call
are in #define statements, so they're pretty easy to change.  In the
future I might add a configuration file for such things or allow them
to be specified on the command-line.

Ideas I have for the near future include somewhat better help for wrong
command-line args and such;  configuration file for some default or more
command-line options;  allow mailers or news readers that will do this to
pass sender & recipient information on the command line;  less moving
around of temp files - right now the plaintext of a message gets copied
into a temporary file before going to pgp, and while *that* temporary file
is wiped by pgp, the original file is only deleted.  I will try and
organize things better or perhaps if someone can point me to a portable
file wipe?

The executable included runs under OS/2 with the emx runtime package.
I've tried to avoid doing anything platform specific (I use OS/2),
if I messed up, let me know.

I have tested the program using Elm for OS/2 and TRN for OS/2 which I use
to read mail and news from the UUPC v1.2b program.  I got the idea for
the [encrypt] and [sign] bit from Elm_2 for OS/2 which had something
similar, but I tried to improve on it.  I would like to hear from people
using this on other computers or with other mail/news programs.  If you have
any suggestions, please forward them, thanks.

I hope you find this useful, I'd appreciate any comments & ideas.
<Stu at nemesis.wimsey.com>

- -- 
 Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister
shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba
        E7 E3 90 7E 16 2E F3 45   *   28 24 2E C6 03 02 37 5C 
   Stuart Smith                           <stu at nemesis.wimsey.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgGmhai5iP4JtEWBAQG57gP/WYN7IPhww23irASao7BRT+NWbJcxAi+K
3FGw+YZm3Q7kzFO3ASB/DghzGmpxA1s6ZjpJWZAqqmhPMMBPNHZHHBQVF4OfxAtZ
2LK9vKi+Lfv5aOX5OVddEq9MxAOH6t6W6MlPL270gzir+uBhV38apqrj4iOqLSw/
mmZ9rrjNAPA=
=Ofwa
-----END PGP SIGNATURE-----





From perry at imsi.com  Fri Jun 17 06:19:31 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 17 Jun 94 06:19:31 PDT
Subject: swipe working on infinity.c2.org
In-Reply-To: <199406170504.WAA12073@infinity.c2.org>
Message-ID: <9406171319.AA02015@snark.imsi.com>



sameer says:
> 	I managed to get swipe into the kernel here at
> infinity.c2.org-- If any sites would like to install swipe on their
> systems and setup encrypted channels between our sites, and then do
> some experimentation with it, maybe some development (I don't really
> have time to develop stuff.. but..), please mail me.

I'll point out for IETFers that a heated swIPe discussion is now
occuring on the previously morribund IP security mailing list. Looks
like we will be able to manage to get crypto into the lowest levels of
the IP stack and completely embedded within the IP security framework.

Perry





From perry at imsi.com  Fri Jun 17 06:22:35 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 17 Jun 94 06:22:35 PDT
Subject: swipe working on infinity.c2.org
In-Reply-To: <199406170504.WAA12073@infinity.c2.org>
Message-ID: <9406171322.AA02025@snark.imsi.com>



Oh, I'll also point out that yours truly distributed 150 disks with
the swIPe code on it at Usenix. Right now, I'm concentrating on the IP
stack as the most productive place to seal crypto in.

Also by the way, I've come to the conclusion that there are several
major flaws in the design of PGP that will make it impossible to scale
network wide. It is, for instance, impossible to design a reasonable
distributed key management architecture because the key IDs are
essentially random 64 bit numbers without any structure. I'm saddened
by this, but not truly horrified. PGP is a cool start to the
"encryption everywhere everyday" movement, but it is only a start, and
one can't be overly attached to any one design.

Perry





From pcw at access.digex.net  Fri Jun 17 06:59:02 1994
From: pcw at access.digex.net (Peter Wayner)
Date: Fri, 17 Jun 94 06:59:02 PDT
Subject: Digital Timestamping
Message-ID: <199406171356.AA03172@access3.digex.net>



>The canonical reference for digital timestamping is the work of Stu
>Haber and Scott Stornetta, of Bellcore. Papers presented at various
>Crypto conferences. 

More importantly, they have patented the plan. I've requested information
on licensing and received no response. Who knows what they are up
to.


>
>Their work involves having the user compute a hash of the document he
>wishes to be stamped and sending the hash to them, where they merge
>this hash with other hashes (and all previous hashes, via a tree
>system) and then they *publish* the resultant hash in a very public
>and hard-to-alter forum, such as in an ad in the Sunday New York
>Times.

Does anyone know of any definitive prior art that reads against these
patents? Hash functions are old news. Does anyone know of a published
descriptions of a system that would report hash functions of large blocks
of centralized data? 

>
>In their parlance, such an ad is a "widely witnessed event," and
>attempts to alter all or even many copies of the newspaper would be
>very difficult. (In a sense, this WWE is similar to the "beacon" term
>Eric Hughes used recently in connection with timed-release crypto.)


>
>Haber and Stornetta plan some sort of commercial operation to do this,
>and, last I heard, Stornetta was moving to the Bay Area (where else?)
>to get it started.
>
>This service has not yet been tested in court, so far as I know.
>
>The MIT server is an experiment, and is probably useful for
>experimenting. But it is undoubtedly even less legally significant, of
>course.
>
>--Tim May
>
>
>-- 
>..........................................................................
>Timothy C. May         | Crypto Anarchy: encryption, digital money,  
>tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
>408-688-5409           | knowledge, reputations, information markets, 
>W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
>Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
>"National borders are just speed bumps on the information superhighway."







From perry at imsi.com  Fri Jun 17 07:43:59 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 17 Jun 94 07:43:59 PDT
Subject: swipe working on infinity.c2.org
In-Reply-To: <9406171537.aa02661@salmon.maths.tcd.ie>
Message-ID: <9406171443.AA02156@snark.imsi.com>



Alastair McKinstry says:
> What do yo see as the problem with this (PGP keys) ? What kind of
> key management architecture would you recommend ?

Well, as I said, just as one example, its too hard to reverse map key
IDs into the entities that possess the keys. I'm thinking these days
in terms of building an infrastructure in which a large fraction of
the net can run "in black", which means you need good automated key
management. To do that, you need distributed databases. Databases like
DNS work very nicely for this purpose. Now, DNS can reverse map IP
addresses because IP addresses are structured so it is possible to
assume that if you have delegation over a set of them that you likely
have the forward maps as well. However, you can't build something like
that to handle random PGP key IDs. That means that if you want to be
able to look up key IDs automatically in a network wide DNS style
database, you lose. Key IDs need structure so you can trace them to
organizations with delegation over particular sections of the
keyspace, just as in DNS you have structure to domain names so you can
figure out who has delegation over what part of the domain name space.

Anyway, this is the sort of thing I'm thinking about these days.

Perry





From ravage at bga.com  Fri Jun 17 07:52:02 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 07:52:02 PDT
Subject: Prime magnitude and keys...a ?
Message-ID: <199406171451.JAA29719@zoom.bga.com>


Hi everybody,

I was wondering if anyone is aware of a function or test which would allow
a person to feed PGP or other RSA algorithm a test key and then look at
the result and determine if the key was greater or lesser than the 
actual key? 

I am looking through several books and so far have come up with nada. I 
was hoping that somebody more familiar w/ the field would offer a suggestion.

Thanks for you help ahead of time...






From cdodhner at indirect.com  Fri Jun 17 08:05:10 1994
From: cdodhner at indirect.com (Christian D. Odhner)
Date: Fri, 17 Jun 94 08:05:10 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171451.JAA29719@zoom.bga.com>
Message-ID: <Pine.3.89.9406170844.A8295-0100000@id1.indirect.com>


On Fri, 17 Jun 1994, Jim choate wrote:

> I was wondering if anyone is aware of a function or test which would allow
> a person to feed PGP or other RSA algorithm a test key and then look at
> the result and determine if the key was greater or lesser than the 
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> actual key? 
  ^^^^^^^^^^
What do you mean by "greater or lesser than the actual key"? If you mean 
number of bits you can do a simply file size comparison, if you mean 
binary numerical value a simple c program _should_ be able to handle that 
without any trouble I think.... although maybe you would need to include 
some of those 'big number' routines I keep hearing about... and you would 
have to strip off any header info before computing.

Happy Hunting, -Chris.

______________________________________________________________________________
Christian Douglas Odhner     | "The NSA can have my secret key when they pry
cdodhner at indirect.com	     | it from my cold, dead, hands... But they shall
pgp 2.3 public key by finger | NEVER have the password it's encrypted with!"
cypherpunks         WOw            dCD           Traskcom          Team Stupid
  Key fingerprint =  58 62 A2 84 FD 4F 56 38  82 69 6F 08 E4 F1 79 11 
------------------------------------------------------------------------------









From schneier at chinet.chinet.com  Fri Jun 17 08:06:13 1994
From: schneier at chinet.chinet.com (schneier at chinet.chinet.com)
Date: Fri, 17 Jun 94 08:06:13 PDT
Subject: Applied Cyptography, Errata 1.5.9
Message-ID: <"10361 Fri Jun 17 11:03:29 1994"@bnr.ca>


                  APPLIED CRYPTOGRAPHY

                         ERRATA
              Version 1.5.9 - June 15, 1994


This errata includes all errors I have found in the book,
including minor spelling and grammatical errors.  Please
distribute this errata sheet to anyone else who owns a copy of
the book.


Page xvii:  Third paragraph, first line:  "Part IV" should be
"Part III".

Page xviii:  "Xuija" should be "Xuejia".  "Mark Markowitz" should
be "Mike Markowitz".

Page 1:  First paragraph, fourth line:  "receiver cannot
intercept" should be "intermediary cannot intercept".

*****Page 2:  Third line:  "Outside the historical chapter"
should be "Outside the Classical Cryptography chapter".

*****Page 3:  Figure 1.2:  "with key" should be "with one key".

*****Page 4:  Eleventh line:  Delete the sentence which begins: 
"In instances where...."

*****Page 5:  "Chosen-plaintext attack":  "but they also choose
the encrypted plaintext" should be "but they choose the
plaintexts to encrypt".

Page 6:  Sixth and seventh lines:  "against symmetric" should be
"against a symmetric".

Page 8:  Second paragraph, first line:  "q code" should be "a
code".

Page 10:  Second paragraph, fifth line:  Reference "[744]" should
be "[774]".

Page 11:  Second paragraph:  "The rotations of the rotors are a
Caesar Cipher" should be "Each rotor is an arbitrary permutation
of the alphabet".

*****Page 13:  Third paragraph:  Delete parenthetical remark. 
Fourth paragraph, second line:  "the key against" should be "the
ciphertext against".  Fifth paragraph:  "Shift the key" should be
"shift the ciphertext".  And:  "with text XORed with itself"
should be "with the plaintext XORed with itself shifted by the
key length."

*****Page 14:  Third line:  "to be any possible" should be "to
correspond to any possible".

Page 15:  Section 1.3, first line:  "Throughout this book use"
should be "Throughout this book I use".

*****Page 22:  Step (4): "gives the title" should be "gives the
title and keys".

Page 25:  "Attacks Against Protocols," first paragraph:  "the
protocol iself" should be "the protocol itself".

*****Page 27:  "One-Way Functions," second paragraph:  "millions
of years to compute this function" should be "millions of years
to compute the reverse function."  Fourth paragraph: "For
example, x^2" should be "For example, in a finite field x^2."

Page 28:  Third paragraph, third and fourth sentences should be
"How to put mail in a mailbox is public knowledge.  How to open
the mailbox is not public knowledge."

Page 29:  Third paragraph:  "If you only want" should be "If you
want only".

Page 30:  Fourth line:  "symmetric cryptosystems: by distributing
the key" should be "symmetric cryptosystems: distributing the
key".

*****Page 30:  "Attacks Against Public Key Cryptography," first
sentence:  "In all these public-key digital signature protocols"
should be "In all these public-key protocols".  Second
paragraph:  "The obvious way to exchange" should be "The obvious
way to get".  And: "The database also has to be protected from
access by anyone" should be "The database also has to be
protected from write access by anyone".  Last paragraph:
"substitute a key of his choosing for Alice's" should be
"substitute a key of his own choosing for Bob's".

Page 30:  Last line:  "substitute that key for his own public
key" should be "substitute his own key for that public key".

Page 32:  Ninth line:  Delete the word "encrypted".

Page 34:  "Signing Documents with..."  First sentence:  "too
inefficient to encrypt long documents" should be "too inefficient
to sign long documents".

*****Page 35:  Step (4), second sentence should be:  "He then,
using the digital signature algorithm, verifies the signed hash
with Alice's public key."

Page 36:  Second line:  "document encrypted with" should be
"document signed with".  "Multiple Signatures," step (4):  "Alice
or Bob sends" should be "Alice sends".

Page 38:  Fifth paragraph:  "V_X = E_X and that S_X = D_X" should
be "V_X = E_X and S_X = D_X".

Page 40:  Third line:  "computer can exist" should be "computer
can be".  Second paragraph:  Delete "should be runs of zeros and
the other half should be runs of ones; half the runs".  At the
end of the sentence, add "The distribution of run lengths for
zeros and ones should be the same."

*****Page 41:  Second paragraph:  At the end of the paragraph,
add:  "Cryptographically secure pseudo-random sequence generators
can only be compressed if you know the secret."  Last paragraph
should be: "The output of a generator satisfying these three
properties will be good enough for a one-time pad, key
generation, and any other cryptographic features that require a
truly random sequence generator."

Page 44:  Ninth line: "for Alice's" should be "for Bob's".

*****Page 46:  "Key and Message Transmission":  Second steps (1)
and (2) should be (5) and (6).

*****Page 49:  Second line:  "the user" should be "Alice".  First
protocol, steps (1) and (3):  "secret key" should be "private
key".

Page 50:  First step (3):  "With Alice's public key" should be
"with "Alice's" public key."

Page 51:  Step 5:  "with what he received from Bob" should be
"with what he received from Alice".

Page 55:  First step (2):  At the end of the step, add:  "He
sends both encrypted messages to Alice."

Page 58:  Last line: "Alice, Bob, and Carol" should be "Alice,
Bob, Carol, and Dave".

*****Page 59:  First line: "Alice, Bob, and Carol" should be
"Alice, Bob, Carol, and Dave".  Second paragraph:  "All Alice,
Bob, and Dave, combined, know" should be "All Alice, Bob, and
Dave, each, know".

*****Page 63:  Tenth line:  "signed timestamp" should be "signed
timestamped hash".  Step (3) is actually part of step (2), and
step (4) should be step (3).

*****Page 66:  Second line from bottom:  "identity" should be
"content".

Page 69:  Last line:  "tried to recover her private key" should
be "tries to recover Alice's private key".

*****Page 72:  The second set of steps (1) and (2) should be step
(3) and step (4)

*****Page 73:  "Bit Commitment Using One-Way Functions":  The
general class of one-way functions is suitable for this protocol,
not only one-way hash functions.  Last paragraph:  Second and
third sentences should be "Alice cannot cheat and find another
message (R_1,R_2',b'), such that H(R_1,R_2',b') = H(R_1,R_2,b). 
If Alice didn't send Bob R_1, then she could change the value of
both R_1 and R_2 and then the value of the bit."

Page 75:  First paragraph after quotation:  "over modem" should
be "over a modem".

Page 76:  First paragraph of text, third sentence: "Additionally,
f(x) must produce even and odd numbers with equal probability"
should be "Additionally, Alice should ensure that the random
number x takes even and odd values with equal probability". 
Fifth sentence: " For example, if f(x) produces even numbers 70%
of the time" should be "For example, if x takes even values 75%
of the time".

*****Page 77:  "Flipping Coins into a Well," first line: 
"neither party learns the result" should be "Alice and Bob don't
learn the result".  Third line:  parenthetical remark should be: 
"Alice in the first two protocls and Bob in the last one".

Page 78:  Step (1):  "Alice, Bob, and Carol all generate" should
be "Alice, Bob, and Carol each generate".

Page 80:  Second paragraph, second sentence.  It should read: "A
general n-player poker protocol that eliminates the problem of
information leakage was developed in [228]."

*****Page 81:  Last sentence:  delete it.

*****Page 83:  Fourth line:  "five" should be "n", twice.  Step
(2):  "This message must" should be "These messages must". 
Second sentence after protocol:  "Neither the KDC" should be
"Before this surerendering, neither the KDC".

*****Page 87:  Second sentence after protocol:  "so that Bob"
should be "so that Victor".  "Hamilton Cycles":  "Alice" should
be "Peggy".

*****Page 88:  "Graph Isomorphism", second sentence:  "Peggy
knows that two graphs, G_1 and G_2, are isomorphic" should be
"Peggy knows the isomorphism between two graphs, G_1 and G_2."

Page 90:  Last paragraph:  "step (3)" should be "step (4)".

Page 91:  Second line:  "step (3)" should be "step (4)".

Page 93:  "Blind Signatures," first line:  "An essential in all"
should be "An essential feature of all".

Page 98:  First paragraph after protocol, fourth line:  "to
determine the DES key with the other encrypted message" should be
"to determine the DES key that the other encrypted message was
encrypted in."

Page 115:  "Protocol #2," third paragraph:  "together determine
if f(a,b)" should be "together determine f(a,b)".

*****Page 121:  Second paragraph: Delete the colon in the third
line.  Step (11), sixth line:  "a diferent identity string"
should be "a different selector string".

Page 131:  Fifth paragraph:  "each capable of checking 265
million keys" should be "each capable of checking 256 million
keys".

Page 133:  Table 7.2:  Third number in third column, "1.2308"
should be "0.2308".

Page 134:  Table 7.3:  "1027" should be "10^27".

*****Page 135:  table 7.4:  "Cost-per-Period of Breaking a 56-bit
Key" should be "Cost-per-Period of Breaking a Given Length Key".

Page 139:  Indented paragraph:  "could break the system" should
be "could break the system within one year".

Page 141:  "Reduced Keyspaces," last sentence:  "don't expect
your keys to stand up" should be "don't expect short keys to
stand up".

Page 148:  Eighth line:  "2^24" should be "2^32".

Page 156:  Second paragraph:  "blocks 5 through 10" should be
"blocks 5 through 12".

Page 157:  Figure 8.2:  "IO" should be "IV".

Page 158:  Fifth line:  "P_i" and "D_K" should be in italics.

Page 159:  Figure 8.3:  "IO" should be "IV".

Page 161:  Figure 8.5:  "Decrypt" should be "Encrypt".

Page 162:  Figure 8.6:  "Encipherment" diagram: Input should be
"p_i" instead of "b_i", and output should be "c_i" instead of
"p_i".  "Decipherment" diagram:  "Decrypt" should be "Encrypt".

Page 164:  Figure 8.7:  "IO" should be "IV".

Page 165:  Last equation:  There should be a "(P)" at the end of
that equation.

Page 167:  Second paragraph, last line:  "2^(2n-4)" should be
"2^(2n-14)".

Page 168:  Figure 8.8:  This figure is wrong.  The encryption
blocks in the second row should be off-centered from the
encryption blocks in the first and third row by half a block
length.  The pads are half a block length.

Page 174:  Middle of page:  Equations should be:
   k_2 = c'_2 XOR p', and then p_2 = c_2 XOR k_2
   k_3 = c'_3 XOR p_2, and then p_3 = c_3 XOR k_3
   k_4 = c'_4 XOR p_3, and then p_4 = c_4 XOR k_4

Page 175:  Last paragraph, second line:  "acting as the output
function" should be "acting as the next-state function".

Page 177:  Diffie's quote, second to last line:  "proposal to
built" should be "proposal to build".

Page 178:  Figure 8.20:  In "Node 2", the subscripts should be
"D_2" and "E_3".

Page 190:  Fourth paragraph, last line:  "to determine M" should
be "to determine P".

Page 191:  First paragraph:  "3.5" should be "6.8" in fourth
line.  "0.56" should be "0.15".  "EBCDIC (Extended Binary-Coded
Decimal Interchange Code)" should be "BAUDOT".  "0.30" should be
"0.76".  "0.70" should be "0.24".

Page 193:  Second sentence:  "but does guarantee security if it's
high" should be "but does not guarantee security if it's high."

Page 197:  Second paragraph, second sentence:  "it has never been
proven that P = NP" should be "it has never been proven that P =
NP or that P <> NP".  Third paragraph, fifth sentence:  "Thus
SATISFIABILITY is the hardest problem in NP" should be "Thus,
there is no problem harder than SATISFIABILITY in NP".

Page 198:  Fourth paragraph from bottom, second sentence:  "If a
and b are positive and a is less than n, you can think of a as
the remainder of b when divided by n" should be "If a and b are
positive and b is less than n, you can think of b as the
remainder of a when divided by n".

*****Page 199:  Middle of the page:  In the sentence "Calculating
the power of a number modulo a number", "a" should not be
italicized.  Fourth line from bottom:  "expresses n as a sum"
should be "expresses x as a sum".

Page 201:  First line of code:  Remove "assuming x and y are >
0".

*****Page 202:  Ninth line:  "The modular reduction" should be
"the modular inverse".  Middle of the page:  In the sentence
"Now, how do you go about finding the inverse of a modulo n?" "a"
should be italicized.

*****Page 206:  Legendre Symbol:  "L(a,p) = 0 if a divides p"
should be "L(a,p) = 0 if a is divisible by p".  "L(a,p) = -1 if a
is a nonresidue mod p" should be "L(a,p) = -1 if a is a quadratic
nonresidue mod p".

Page 207:  "Jacobi Symbol," formula:  Variable "h" should be "a".
Also, J(0,n) = 0.

*****Page 208:  Thirteenth line: "If a = 1, then J(a/p) = 1"
should be "If a = 1, then J(a,p) = 1".  Third line from the
bottom:  "for each n from 0 to p-1" should be "for each n from 1
to p-1".

Page 209:  Fourth paragraph:  "If that value does not equal q"
should be "If that value does not equal 1".

Page 210:  Fifth line:  "age 21" should be "age 20".

Page 213:  Second to last paragraph:  "10^150" should be
"10^151", "one in log N" should be "one in ln N", and "would
still be 10^110 primes left over" should be "would still be
enough for 10^34 other universes".

Page 214: Solovay-Strassen, second sentence:  "Jacobi function"
should be "Jacobi symbol".  Last line:  "n" should be "p".  Lines
29, 30, and 31: "r" should be "a", and "gcd(p,r)" should be
gcd(a,p)".

Page 215:  Lehman test, step 5:  All three "(n-1)/2" should be
exponents.

Page 217:  There should be an open parenthesis in front of the
second "ln" in both exponents.  Sixth paragraph:  "Guassian"
should be "Gaussian".

Page 222:  "Validation and Certification of DES Equipment," first
line:  "As part of the standard, the DES NIST" should be "As part
of DES, NIST".

Page 223:  Second to last paragraph, last line.  Reference
"[472]" should be "[473]".

Page 225:  Figure 10.2:  L_i is taken from R_(i-1) before the
expansion permutation, not after.  And "L_(i)-1" should be
"L_(i-1)".

Page 226:  Third sentence: "bit 1 to bit 58, bit 2 to bit 50, bit
3 to bit 42, etc." should be "bit 58 to bit 1, bit 50 to bit 2,
bit 42 to bit 3, etc."

Page 227:  Fourth line from bottom: "output positions that
correspond" should be "output positions correspond".

Page 228:  Fourth paragraph, last line:  "0 to 16" should be 0 to
15".

Page 228:  Fifth paragraph should read:  "For example, assume
that the input to the sixth S-box (that is, bits 31 through 36 of
the XOR function) are 110010.  The first and last bits combine to
form 10, which corresponds to row 2 of the sixth S-box.  The
middle four bits combine to form 1001, which corresponds to
column 9 of the same S-box.  The entry under row 2, column 9 of
S-box 6 is 0.  (Remember, we count rows and columns from 0, and
not from 1.)  The value 0000 is substituted for 110010.

Page 230:  Fifth sentence:  "bit 4 moves to bit 21, while bit 23
moves to bit 4" should be "bit 21 moves to bit 4, while bit 4
moves to bit 31".  Second to last line:  delete "The key shift is
a right shift".

Page 231:  Table 10.9, sixth line:  "80286" should be "80386".

Page 233:  The second two weak keys should be:
   1F1F 1F1F 0E0E 0E0E     00000000 FFFFFFFF
   E0E0 E0E0 F1F1 F1F1     FFFFFFFF 00000000

Page 236:  Fifth paragraph: "would never be low enough" should be
"would never be high enough".

Page 238:  Next to last line before "Additional Results": 
"NSA's" should be "IBM's".

Page 238:  "Differential Cryptanalysis," third paragraph: 
"(1/16)^2" should be "(14/64)^2".

Page 239:  Figure 10.4:  "14/16" should be "14/64".

Page 242:  Table 10.14:  In "XORs by additions" line, "2^39,2^3"
should be "2^39,2^31".  In "Random" line, "2^21" should be"2^18-
2^20".  In "Random permutations" line, "2^44-2^48" should
be"2^33-2^41".

Page 245:  Line 11"  "8 bits is" should be "8 bits was".

Page 247:  Section heading, "Cryptanalysis of the Madryga" should
be "Cryptanalysis of Madryga".

Page 250:  The two functions should be:
   S_0(a,b) = rotate left 2 bits ((a+b) mod 256)
   S_1(a,b) = rotate left 2 bits ((a+b+1) mod 256)
Note the difference in parentheses.

Page 250:  Figure 11.4:  Note that a is broken up into four 8-bit
substrings, a_0, a_1, a_2, and a_3.

Page 251:  Figure 11.6:  The definitions for S_0 and S_1 are
incorrect ("Y = S_0" and "Y = S_1").  See corrections from
previous page.  Also, "S1" should be "S_1".

Page 254:  "REDOC III," second sentence: "64-bit" should be "80-
bit".  "Security of REDOC III," second sentence:  Delete
clause after comma:  "even though it looks fairly weak."

Page 259:  First line:  "made the former algorithm slower" should
be "made Khafre slower".

Page 262:  Figure 11.9:  There is a line missing.  It should run
from the symbol where Z_5 is multiplied with the intermediate
result to the addition symbol directly to the right.

Page 263:  Table 11.1:  The decryption key sub-blocks that are
Z_n^(m)-1 should be Z_n^((m)-1).  Also, the second and third
column of decryption key sub-blocks in rounds 2 through 8 should
be switched.

Page 264:  First line:  "107.8 mm on a side" should be "107.8
square mm".

Page 265:  Figure 11.10:  There is a line missing.  It should run
from the symbol where Z_5 is multiplied with the intermediate
result to the addition symbol directly to the right.

Pages 266-7:  Since the publication of this book, MMB has been
broken.  Do not use this algorithm.

Page 267:  Sixth line from bottom:  Reference should be "[256]".

Page 269:  "Skipjack."  First paragraph.  Reference should be
"[654]".

Page 270:  "Karn."  Third paragraph.  Last sentence:  "append C_r
to C to produce" should be "append C_r to C_l to produce".

Page 270-1:  "Luby-Rackoff."  Step (4), equation should be:
     "L_1 = L_0 XOR H(K_r,R_1)"
In step (6), equation should be:
     "L_2 = L_1 XOR H(K_r,R_2)"

Page 271:  Middle of the page:  "(for example, MD2, MD5, Snefru"
should be "(for example, MD2, MD4, Snefru".

Page 272:  Second to last line:  "But it is be analyzed" should
be "but it is being analyzed".

Page 275:  Second to last paragraph:  "Using 1028 bits" should be
"using 1024 bits".

Page 277:  First lines:  The correct street address is "310 N
Mary Avenue" and the correct telephone number is "(408)
735-5893".

Page 278:  Second to last line: "greater than the largest number
in the sequence" should be "greater than the sum of all the
numbers in the sequence".  The example on page 279 is also wrong.

Page 281:  Third paragraph:  The correct street address is "310 N
Mary Avenue" and the correct telephone number is "(408)
735-5893".

Page 283:  Table 12.2:  "PRIVATE KEY: d e^(-1)" should be
"PRIVATE KEY: d = e^(-1)".

Page 284:  Fifth line should be:
   "c = 1570 2756 2091 2276 2423 158".

Page 286:  Third paragraph:  "Eve gets Alice to sign y," "y"
should be italicized.  Second to last line:  "Eve wants to Alice
to" should be "Eve wants Alice to".

Page 287:  Last line:  Wiener's attack is misstated.  If d is
less than one-quarter the length of the modulus, then the attack
can use e and n to find d quickly.

Page 288:  The correct street address is "310 N Mary Avenue" and
the correct telephone number is "(408) 735-5893".

Page 289:  The correct street address is "310 N Mary Avenue" and
the correct telephone number is "(408) 735-5893".

Page 291:  Fourth line:  "factoring, and it" should be
"factoring.  However, it".  "Feige-Fiat-Shamir," second
paragraph: "all foreign nationals" should be "all foreign
citizens".

Page 292:  Fifth line:  "sqrt(x/v)" should be "sqrt(1/v)".

Page 294:  Second and third lines:  "Bob" should be "Victor."

Page 295:  First line:  "t random integers fewer than n" should
be "t random numbers less than n".

Page 297:  Last line:  "when" should be "where".

Page 301:  Middle of the page:  Delete the sentence "Since the
math is all correct, they do this step."

Page 302:  Fourth line from bottom:  "a" should be in italics.

Page 303:  "Authentication Protocol," step (1):  Add "She sends x
to Victor."

Page 305:  Third paragraph, parenthetical remark:  "NIST claimed
that having DES meant that both that both the algorithm and the
standard were too confusing" should be "NIST claimed that having
DES mean both the algorithm and the standard was too confusing".

Page 306:  Eighth line:  "cryptographers' paranoia" should be
"paranoia".

Page 307:  "Description of the Algorithm":  "p = a prime number
2^L bits long" should be "p = a prime number L bits long".  "g =
h^((p-1)/q)" should be "g = h^((p-1)/q) mod p".

Page 309:  Third line:  "random k values and then precompute r
values" should be "random k-values and then precompute r-values".

Page 313:  "Subliminal Channel in DSS":  "see Section 16.7"
should be "see Section 16.6".

Page 314:  Protocol, step (1):  "when" should be "where".

*****Page 316:  Third and fourth paragraphs:  "k'" and "n'"
should be "k" and "n".

Page 318:  "Other Public-Key Algorithms," third paragraph: 
"methods for factorizing polynomials was invented" should be
"methods for factoring polynomials were invented".

Page 319:  There should be a blank line before "discrete
logarithm:" and another before "factoring:".  Fourth line from
the bottom:  "depends more on the" should be "depends on more
than the".

Page 321:  Third line:  "when h" should be "where h".

Page 322:  Second paragraph:  "over 500 pairs of people" should
be "253 pairs of people".

Page 326: In the definition of h_i, "H_(i-1)" should be "h_(i-
1)".

Page 330:  Definitions of FF, GG, HH, and II are wrong.  These
are correct:
   FF:  "a = b + ((a + F(b,c,d) + M_j + t_i) <<< s)"
   GG:  "a = b + ((a + G(b,c,d) + M_j + t_i) <<< s)"
   HH:  "a = b + ((a + H(b,c,d) + M_j + t_i) <<< s)"
   II:  "a = b + ((a + I(b,c,d) + M_j + t_i) <<< s)"

*****Page 332:  Round 4, second entry:  "0x411aff97" should be
"0x411aff97".

Page 335:  Fifth line should be:
   "K_t = CA62C1D6, for the fourth 20 operations".
Eleventh line:  "represents a left shift" should be "represents a
circular left shift".

Page 336:  "HAVAL," sixth line:  "160, 92, 224" should be "160,
192, 224".

Page 339:  "LOKI Single Block":  In computation of Hi, drop final
"XOR M_i". 

Page 340:  "Modified Davies-Meyer":  In computation of H_i, "M_i"
should be subscripted.

Page 342:  "Tandem Davies-Meyer":  In computation of W_i, "M_i"
should be subscripted.

Page 345:  "Stream Cipher Mac", first line:"  "A truly elegant
MDC" should be "A truly elegant MAC".

Page 347:  Formula:  "aX_(n1)" should be "aX_(n-1)".  Second
paragraph:  "(For example, m should be chosen to be a prime
number.)" should be "(For example, b and m should be relatively
prime.)"

Page 351:  Second line of text:  "they hold current" should be
"they hold the current".

Page 353:  Third line:  ">> 7" should be ">> 31".  Fourth line: 
">> 5" should be ">> 6".  Fifth line:  ">> 3" should be ">> 4". 
Eighth line:  "(ShiftRegister)" should be "(ShiftRegister))". 
Tenth line:  "< 31" should be "<< 31".  Second paragraph:  "are
often used from stream-cipher" should be "are often used for
stream-cipher".

Page 356:  Source code:  "ShiftRegister = (ShiftRegister ^ (mask
>> 1))" should be "ShiftRegister = ((ShiftRegister ^ mask) >>
1)".

Page 360:  Equation should not be "l(2^1-1)^(n-1)", but "l(2^l-
1)^(n-1)".  (A letter, not a number.)

Page 362:  Figure 15.10:  "LFSR-B" should be "LFSR-A" and vice
versa.  The second "a(t+n-1)" should be "a(t+n-2)", and the
second "b(t+n-1)" should be "b(t+n-2)".

Page 363:  Fourth paragraph: "cellular automaton, such as an
CSPRNG" should be "cellular automaton as a CSPRNG".

Page 365:  "Blum-Micali Generator."  In the equation, "x_i"
should be an exponent of a, not a subscript.

Page 367:  Sixth paragraph:  "Ingmar" should be "Ingemar".

Page 370:  "Using "Random Noise."  Second paragraph, last line: 
"output 2 as the event" should be "output 0 as the event".

Page 371:  Sixth line:  "access/modify times of/dev/tty" should
be "access/modify times of /dev/tty".

Page 371:  "Biases and Correlations," third line:  "but there
many types" should be "but there are many types".

Page 374:  "Generating Random Permutations."  Note that the
obvious way of shuffling, using random (n-1) instead of random
(i) so that every position is swapped with a random position,
does not give a random distribution.

Page 376:  Seventh line: "send a message, M" should be "send a
message, P".

Page 380:  Step (4):  "K(R_B)" should be "K(R_A)".

Page 383 and 386:  "LaGrange" should be "Lagrange".

Page 391:  Second protocol, step (1):  "in his implementation of
DES" should be "in his implementation of DSS".  Next sentence: 
"such that r is either q quadratic" should be "such that r is
either a quadratic".

Page 401:  Second to last line:  "and x is randomly chosen"
should be "and x is secret".

Page 402:  Step (1):  "when all values of r are" should be "where
all r_i are".  Step (2):  "for all values of r" should be "for
all values of i".  Step (4):  "when j is the lowest value of i
for which b_i = 1" should be "when j is the lowest value for
which b_j = 1".  Line 18:  "2^t" should be "2^(-t)".

Page 406:  Step (5):  "i<j" should be i>j".

Page 409:  Third paragraph:  "measuring them destroys" should be
"measuring it destroys".  Fifth paragraph:  "it has no
probability" should be "it has zero probability".

*****Page 410:  Third line from bottom:  "British Telcom" should
be "British Telecom".

Page 417:  Last paragraph:  "Kerberos is a service Kerberos on
the network" should be "Kerberos is a service on the network".

Page 421:  Figure 17.2:  In the top message "C" should be lower
case.

Page 428:  "Privacy Enhanced Mail":  First line:  "adapted by the
Internet" should be "adopted by the Internet".

Page 435:  "RIPEM":  "Mark Riorden" should be "Mark Riordan".

Page 436:  "Pretty Good Privacy," third paragraph:  Delete fourth
sentence:  "After verifying the signature...."

Page 436:  Pretty Good Privacy is not in the public domain.  It
is copyrighted by Philip Zimmermann and available for free under
the "Copyleft" General Public License from the Free Software
Foundation.

Page 437:  Fifth line:  Delete "assess your own trust level". 
"Clipper," second paragraph:  reference should be
"[473]".  Fourth paragraph:  references should be
"[473,654,876,271,57]".

Page 438:  Middle of page:  reference should be "[654]". 
"Capstone," first paragraph:  reference should be "[655]".

Page 445:  The IACR is not the "International Association of
Cryptographic Research," but the "International Association for
Cryptologic Research."  This is also wrong in the table of
contents and the index.

Source Code:  The decrement operator, "--", was inadvertently
typesetted as an m-dash, "-".  This error is on pages 496, 510,
511, 523, 527, 528, 540, and 541.  There may be other places as
well.

Page 472:  Third line: "2, 18, 11" should be "22, 18, 11". 
Eighteenth line: "for( i = 0; i<<16; i++ )" should be "for( i =
0; i<16; i++ )".

Page 473:  Function "cpkey(into)". "while (from endp)" should be
"while (from < endp)".

Page 478:  Fourth line: "leftt > 4" should be "leftt >> 4". 
Seventh line: "leftt > 16" should be "leftt >> 16".  Twentieth
line: "leftt > 31" should be "leftt >> 31".

Page 508:  Line 8:  "union U_INTseed" should be "union U_INT
seed".

Page 531:  "for( i = 0; i<; i++ )" should be "for( i = 0; i<2;
i++ )".

Page 558:  "#defineBOOLEAN int" should be "#define BOOLEAN int",
"#defineFALSE0" should be "#define FALSE 0", and
"#defineTRUE(1==1)" should be "#define TRUE (1==1)".

Page 564:  "#define BOOLEANint" should be "#define BOOLEAN int",
"#define FALSE0" should be "#define FALSE 0", and
"#defineTRUE(1==1)" should be "#define TRUE (1==1)".

Page 569:  "rand() > 11" should be "rand() >> 11".

Page 569:  In "G13.H", "#define G13int" should be "#define G13
int".

*****Page 571:  Reference [14:  "Hopcraft" should be "Hopcroft".

Page 572:  Reference [45]:  "Haglen" should be "Hagelin".

Page 576:  References [136] and [137]:  "Branstead" should be
"Branstad."

Page 576:  Reference [148]:  The authors should be G. Brassard,
C. Crepeau, and J.-M. Robert.

Page 578:  Reference [184]  "Proof that DES Is Not a Group"
should be "DES Is Not a Group."  The correct page numbers are
512-520.

*****Page 582:  Reference [286]:  The article appeared CRYPTO '89
Proceedings.

Page 589:  Reference [475]:  The publisher should be E.S. Mittler
und Sohn, and the publication date should be 1863.

Page 601:  References [835] and [836]:  "Branstead" should be
"Branstad."

Page 602:  Reference [842]:  "Solvay" should be "Solovay".

Page 603:  Reference [878]:  "Weiner" should be "Wiener."


This errata is updated periodically.  For a current errata sheet,
send a self-addressed stamped envelope to:  Bruce Schneier,
Counterpane Systems, 730 Fair Oaks Ave., Oak Park, IL  60302; or
send electronic mail to: schneier at chinet.com.
                          Received: from relay2.UU.net by bnr.ca id <19940617020406-0 at bnr.ca>; Thu, 16 Jun 1994 22:04:07 -0400
Received: from toad.com by relay2.UU.NET with SMTP 
	(rama) id QQwupr10908; Thu, 16 Jun 1994 21:58:35 -0400
Received: by toad.com id AA01878; Thu, 16 Jun 94 18:56:27 PDT
Received: from kitten.mcs.com by toad.com id AA01870; Thu, 16 Jun 94 18:56:17 PDT
Received: by kitten.mcs.com (/\==/\ Smail3.1.28.1 #28.7)
	id <m0qETAE-000rBZC at kitten.mcs.com>; Thu, 16 Jun 94 20:56 CDT
Received: by mercury.mcs.com (/\==/\ Smail3.1.28.1 #28.1)
	id <m0qETAD-000BcgC at mercury.mcs.com>; Thu, 16 Jun 94 20:56 CDT
Received: by chinet (/\==/\ Smail3.1.28.1 #28.1{chinet})
	id <m0qESRh-0006QaC at chinet>; Thu, 16 Jun 94 20:10 CDT
Message-Id: <m0qESRh-0006QaC at chinet>
From: schneier at chinet.chinet.com (Bruce Schneier)
Subject: no subject (file transmission)
To: cypherpunks at toad.com
Date: Thu, 16 Jun 1994 20:10:11 -0500 (CDT)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 29719     
Sender: owner-cypherpunks at toad.com
Precedence: bulk





From sinclai at ecf.toronto.edu  Fri Jun 17 08:21:38 1994
From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N)
Date: Fri, 17 Jun 94 08:21:38 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171451.JAA29719@zoom.bga.com>
Message-ID: <94Jun17.112118edt.8280@cannon.ecf.toronto.edu>


> I was wondering if anyone is aware of a function or test which would allow
> a person to feed PGP or other RSA algorithm a test key and then look at
> the result and determine if the key was greater or lesser than the 
> actual key? 

I hope not.  If such a thing existed (if I understand your description
correctly) RSA could be cracked by a binary search of keyspace.  The
search would be O(log(n)), meaning it would be directly linear with
the number of bits in the key.





From jef at ee.lbl.gov  Fri Jun 17 08:24:33 1994
From: jef at ee.lbl.gov (Jef Poskanzer)
Date: Fri, 17 Jun 94 08:24:33 PDT
Subject: swipe working on infinity.c2.org
Message-ID: <199406171524.IAA00619@hot.ee.lbl.gov>


I got one of the disks.  Amusing disclaimers on the back.  Haven't
tried reading it yet.

When I talked to Phil Karn months ago about IP encryption, he was
talking about encrypting each packet independently - I guess you have
to do that with IP since it's not a reliable protocol.  But it sounded
a little risky to me - maybe vulnerable to attack via known bits
at the start of each encrypted section.  Encrypting at the TCP
level would allow inter-packet mixing, but then you miss all the
UDP protocols such as (old) NFS.

Maybe you could post a quick summary of the encryption mode used?
---
Jef





From dfloyd at runner.utsa.edu  Fri Jun 17 08:30:09 1994
From: dfloyd at runner.utsa.edu (Douglas R. Floyd)
Date: Fri, 17 Jun 94 08:30:09 PDT
Subject: Timestamping revisited
In-Reply-To: <9406171528.AB22232@runner.utsa.edu>
Message-ID: <9406171530.AA22292@runner.utsa.edu>


I looked at that timestamper program, and hopefully this is the way that
I will timestamp items.
 
First I will create, and give out a program (after checking export and
other laws) that does MD5, MD4, CRC-32, and SHS hashing to an output
file, given input.  Then, I will publish the output file in two newspaper
ads (classifieds).  Then, later when I publish this program, people will
be able to tell the date by the date of the paper, and have a program
to do this.  Plus, I will include a public-key signed signature from PGP
if my program ever is thrown into doubt.
 
As a second measure, I will print the file out, seal it in an envelope,
put the date on it with tape, and have that and the paper with the
hash on it notarized.
 
What holes are in this scheme?
 
PS:  This is for a program  I am writing that I want to keep secret, but
     don't want it stolen if I license it to someone...





From ravage at bga.com  Fri Jun 17 08:32:58 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 08:32:58 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <94Jun17.112118edt.8280@cannon.ecf.toronto.edu>
Message-ID: <199406171531.KAA01459@zoom.bga.com>


> 
> I hope not.  If such a thing existed (if I understand your description
> correctly) RSA could be cracked by a binary search of keyspace.  The
> search would be O(log(n)), meaning it would be directly linear with
> the number of bits in the key.
> 
Exactly.

If you (or anyone else comes across anything that even looks remotely 
interesting would appreciate knowing about it).






From ravage at bga.com  Fri Jun 17 08:37:31 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 08:37:31 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <Pine.3.89.9406170844.A8295-0100000@id1.indirect.com>
Message-ID: <199406171537.KAA01766@zoom.bga.com>


> What do you mean by "greater or lesser than the actual key"? If you mean 
> number of bits you can do a simply file size comparison, if you mean 
> binary numerical value a simple c program _should_ be able to handle that 
> without any trouble I think.... although maybe you would need to include 
> some of those 'big number' routines I keep hearing about... and you would 
> have to strip off any header info before computing.
> 
> Happy Hunting, -Chris.
> 
What I am looking at is a way to do binary searches in the key space w/ a 
function that would look at a test key and the result of running RSA on 
it and then tell me the relative magnitude between the real key and the
test key. 

What this means is that I could take a cypher-text and attempt a de-crypt
w/ some conveniently large number and then go up or down from there 
till I find it. The advantage of this approach is that it allows one to
search the key-space w/o having to test each and every possibility. This
would significantly(!) reduce the time to crack...






From perry at imsi.com  Fri Jun 17 08:38:13 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 17 Jun 94 08:38:13 PDT
Subject: swipe working on infinity.c2.org
In-Reply-To: <199406171524.IAA00619@hot.ee.lbl.gov>
Message-ID: <9406171538.AA02268@snark.imsi.com>



Jef Poskanzer says:
> When I talked to Phil Karn months ago about IP encryption, he was
> talking about encrypting each packet independently - I guess you have
> to do that with IP since it's not a reliable protocol.

Well, you largely have to. In fact, swIPe doesn't necessarily require
that. swIPe in fact requires very little. :-)

> Maybe you could post a quick summary of the encryption mode used?

There isn't one per se -- at least in the sense that none is
standardized since that would be inappropriate. The kind of encryption
gets negotiated in a protocol at another level. swIPe just defines
packet formats, really.  If you want details, you ought to look at the
internet draft (on the disk, or available from
ftp://research.att.com/dist/mab), the paper (also on the disk and at
research) and the code.

I believe that the prototype on the disk is just using DES in CBC mode
for the moment, but other modes/cyphers have hooks defined for them.
Ports to new platforms, new cyphers, and new functionality are very
welcome, btw.

Perry





From dave at marvin.jta.edd.ca.gov  Fri Jun 17 08:38:44 1994
From: dave at marvin.jta.edd.ca.gov (Dave Otto)
Date: Fri, 17 Jun 94 08:38:44 PDT
Subject: Bart Nagel in Mondo
Message-ID: <9406171538.AA11713@marvin.jta.edd.ca.gov>


Check out the lead article in the "Summer 94" issue of _Mondo2000_.
It is a spoof by Bart Nagel that starts off sounding like steganography.

The article basically states that the photo-journalist-publisher industry
is proposing that all images be encoded using stego techniques to contain
unique identifiers that would prevent copy infringements.  The article
starts in a *VERY* believable fashion before trailing off into an obvious
spoof.  Very well done.

        Dave Otto -- dave at marvin.jta.edd.ca.gov -- daveotto at acm.org
    "Pay no attention to the man behind the curtain!"     [the Great Oz]
    {I *DO* have a life, it's just that my kids are using it right now!}





From mpd at netcom.com  Fri Jun 17 08:47:57 1994
From: mpd at netcom.com (Mike Duvos)
Date: Fri, 17 Jun 94 08:47:57 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171451.JAA29719@zoom.bga.com>
Message-ID: <199406171547.IAA13206@netcom.com>


Jim choate <ravage at bga.com> writes:

 > I was wondering if anyone is aware of a function or test
 > which would allow a person to feed PGP or other RSA
 > algorithm a test key and then look at the result and
 > determine if the key was greater or lesser than the actual
 > key?

This is an approach that I haven't heard of before.  If one could
determine the numerical ordering of two different keys used to
RSA-encrypt the same piece of plaintext by examining the
ciphertext, one could easily break RSA by a binary search of the
keyspace.

Given two moduli N1 and N2, and some plaintext P, and PGP's
favorite encryption exponent, 17, you need to determine if
N1 < N2 by examining P^17 MOD N1 and P^17 MOD N2.  Although this
is only a one-bit function, it clearly depends upon P in a very
complicated way.  Since P is unknown and deliberately made random
in practical RSA implementations, I am not sure such an attack
shows much promise.  I would guess that this would be at least as
complicated as solving an RSA or discrete log problem directly.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From dmandl at lehman.com  Fri Jun 17 09:05:11 1994
From: dmandl at lehman.com (David Mandl)
Date: Fri, 17 Jun 94 09:05:11 PDT
Subject: Bart Nagel in Mondo
Message-ID: <9406171604.AA13555@disvnm2.lehman.com>


> From: Dave Otto <dave at marvin.jta.edd.ca.gov>
> 
> Check out the lead article in the "Summer 94" issue of _Mondo2000_.
> It is a spoof by Bart Nagel that starts off sounding like steganography.
> 
> The article basically states that the photo-journalist-publisher industry
> is proposing that all images be encoded using stego techniques to contain
> unique identifiers that would prevent copy infringements.  The article
> starts in a *VERY* believable fashion before trailing off into an obvious
> spoof.  Very well done.

It's not that far-fetched, though.  There are filters for Adobe Photoshop
that will do this sort of thing right now--they'll imbed copyright symbols
in the image, for example (there was just a big discussion of this very
issue on the Photoshop list).  A more sophisticated technique might be hiding
an unspoofable signed message somewhere in the image.  This is just the flip
side of the LSB stego techniques cypherpunks have been talking about all
along. I wouldn't be surprised if this kind of practice becomes widespread
as electronic image manipulation becomes more universal.  It won't stop the
pirates, though.

   --Dave.





From whitaker at dpair.csd.sgi.com  Fri Jun 17 09:08:25 1994
From: whitaker at dpair.csd.sgi.com (Russell Whitaker)
Date: Fri, 17 Jun 94 09:08:25 PDT
Subject: Bart Nagel in Mondo
In-Reply-To: <9406171538.AA11713@marvin.jta.edd.ca.gov>
Message-ID: <9406170906.ZM28416@dpair.csd.sgi.com>


On Jun 17,  8:38am, Dave Otto wrote:
> Subject: Bart Nagel in Mondo
> Check out the lead article in the "Summer 94" issue of _Mondo2000_.
> It is a spoof by Bart Nagel that starts off sounding like steganography.
>
> The article basically states that the photo-journalist-publisher industry
> is proposing that all images be encoded using stego techniques to contain
> unique identifiers that would prevent copy infringements.  The article
> starts in a *VERY* believable fashion before trailing off into an obvious
> spoof.  Very well done.
>

Ummm... I haven't read the article, Dave, but there *has* been talk recently in
some photo magazines about doing just that.  I don't have the details at hand,
but I was told this by Romana Machado, the author of Stego, whose product was
mentioned recently in an industry publication.

Romana (romana at apple.com) should have details; she is being copied on this
message.

--
Russell Earl Whitaker			    whitaker at csd.sgi.com
Silicon Graphics Inc.
Technical Assistance Center / Centre D'Assistance Technique /
  Tekunikaru Ashisutansu Sentaa
Mountain View CA     			    (415) 390-2250
================================================================
#include <std_disclaimer.h>









From perry at imsi.com  Fri Jun 17 09:11:07 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 17 Jun 94 09:11:07 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171451.JAA29719@zoom.bga.com>
Message-ID: <9406171610.AA02349@snark.imsi.com>



Jim choate says:
> I was wondering if anyone is aware of a function or test which would allow
> a person to feed PGP or other RSA algorithm a test key and then look at
> the result and determine if the key was greater or lesser than the 
> actual key? 

Of course you haven't seen such a thing. If factoring RSA keys
requires exponential time, such an algorithm is obviously not
possible. Were it possible, you could factor in time proportional to
the the number of bits in the key. Anyone who had such a function
would either be famous or wouldn't be talking.

Perry





From bmorris at netcom.com  Fri Jun 17 09:12:01 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Fri, 17 Jun 94 09:12:01 PDT
Subject: CRYPTO EXPORT LEGISL
Message-ID: <199406171611.JAA15756@netcom3.netcom.com.netcom.com>


To: cypherpunks at toad.com

FF> were axed with an unbelievable 13-0 unanimous vote, in clear blatant

FF> Look, something is going on here that doesn't meet the eye. Nothing is
FF> ever unanimous in Washington. These guys were told something by somebo

The fix was in...  NSA probably broke some arms.  And that is how the
game is played and what we are up against.

 * RM 1.4 B0037 *
 





From ravage at bga.com  Fri Jun 17 09:33:43 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 09:33:43 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <9406171610.AA02349@snark.imsi.com>
Message-ID: <199406171633.LAA04621@zoom.bga.com>


> 
> 
> Of course you haven't seen such a thing. If factoring RSA keys
> requires exponential time, such an algorithm is obviously not
> possible. Were it possible, you could factor in time proportional to
> the the number of bits in the key. Anyone who had such a function
> would either be famous or wouldn't be talking.
> 
> Perry
> 
How about some evidence on it? I see no reason to compare taking a key
and determining if it is too large or too small as being necessarily
equivalent to factoring a large number. I do not need to know the number
exactly to determine its relative magnitude. 

NSA doesn't say much...

I have found no evidence so far in my search for such a methodoligy, as a 
matter of fact I have found no evidence that anyone has ever even looked
at such a scheme. If you know something I haven't been able to find then
pleas enlighten me so I can move on to other more worthy things to play
with...

Thanks for the feedback...






From nobody at shell.portal.com  Fri Jun 17 09:36:33 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Fri, 17 Jun 94 09:36:33 PDT
Subject: Self-Righteous, Self-Anointed Defenders of the Public Trust (fwd)
Message-ID: <199406171637.JAA20343@jobe.shell.portal.com>


Date: Fri, 17 Jun 1994 05:17:24 +0000
From: "Martin L. Schoffstall" <schoff at us.psi.com>
To: weber at world.std.com (Bob Weber), com-priv at psi.com
Subject: Re: Self-Righteous, Self-Anointed Defenders of the Public Trust


I'm encouraged that you support their first amendment rights!  At Internet 
world in California a couple of weeks ago during a press conference with some 
Internet luminaries under the kleig lights of CNN and the McNeil/Leher report 
I saw first amendment issues tossed out the window - by the luminaries.

I don't intend to defend either of these individuals (other than their 1st 
amendment rights, Gordon can tell you himself how we get along like oil and 
water) but I think you are lumping two very different people together with 
two very different objectives.

Gordon's role is that of an investigative reporter, he ferrets out FACTS and 
then creates surmises as to the why's.  It you read his publications and 
messages it is pretty easy to differentiate the facts from the surmises.  
This is appropriate.

Gordon reported a fact which IS interesting to many people - a "NewYork" NAP 
in NJ almost in PA very close to an infamous NSA facility.

Here is another one to add to his collection - in 1992 MFS bought a competive 
CAP in DC who's principal fiber plant connected many Federal facilities 
including all the hush hush ones.  This company had many security cleared 
staff and facilities.  These facilites are now merged with the commercial MFS 
facilities in a manner that is NOT known to the general public.

NSF has openly wiretapped the backbone of the NSFNet since day one and is 
quite proud of it.  There is a clear interest in the Federal Police Forces 
and the current administration to wiretap every communications device 
manufactured in the US, as the FBI's chief counsel, he's going to defend 
Americans through microchips.  The postal service is going to issue us all ID 
cards, and the FINCEN is all setup to take in all banking transactions in 
realtime, next step all electronic commercial financial transactions.

Historically both the NSA and the FBI have wiretapped outside of the warrant 
process and outside of the law and in the case of the NSA domestically which 
is both illegal and outside of their charter.  

How does this all fit together?  Don't know, I'm just a dirt farmer from 
upstate NY, but Gordon's got a PHD so he'll continue to work on his surmises, 
and others will too.

Having the facts is a good thing, old Jefferson would have probably agreed.

One of the requirements that every Internet service provider should put on 
their NAP contract should be that the NAP provider will not wiretap, and will 
not aid or abet any wiretap knowingly outside of a federal warrant.  Many 
people have lied for their country so this is not by any means a sure test, 
but it is a right first step.

Since you questioned both of their motivations (personal grudges), let me 
question yours - are you owned in anyway by the US government or under their 
influence (even financially) to post your message binding those two very 
different people together?  Have your or do you hold a Security clearance.

Or maybe you hold a personal grudge against Gordon?

Undoubtedly the answer is no except for the security clearance, and you can 
always lie for your country.

It just seems strange that you would think that no one is interested in 
wiretapping issues in the current enviroment where the media talks about it 
weekly.  Sitting here in the PSI Tokyo office the Japan Times has articles on 
it.

I know you don't live under a rock.

Marty







From ravage at bga.com  Fri Jun 17 09:41:42 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 09:41:42 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171547.IAA13206@netcom.com>
Message-ID: <199406171640.LAA04964@zoom.bga.com>


> 
> This is an approach that I haven't heard of before.  If one could
> determine the numerical ordering of two different keys used to
> RSA-encrypt the same piece of plaintext by examining the
> ciphertext, one could easily break RSA by a binary search of the
> keyspace.
>
I also have found no info on it, surprises me...

> Given two moduli N1 and N2, and some plaintext P, and PGP's
> favorite encryption exponent, 17, you need to determine if
> N1 < N2 by examining P^17 MOD N1 and P^17 MOD N2.  Although this
> is only a one-bit function, it clearly depends upon P in a very
> complicated way.  Since P is unknown and deliberately made random
> in practical RSA implementations, I am not sure such an attack
> shows much promise.  I would guess that this would be at least as
> complicated as solving an RSA or discrete log problem directly.
>
I would agree with you if we talk about a single P, however I suspect
that if one looks at a sequence of P's in a message that there might
be some analysis that could be done relating to the residuals. If you
take into account the regularity (periodicity?) of english text then
it seems to me that you could make some form of 1-1 mapping of the 
P's in a cypher-text to the plain-text. 

If you have any other thoughts on it would appreciate them...


> -- 
>      Mike Duvos         $    PGP 2.6 Public Key available     $
>      mpd at netcom.com     $    via Finger.                      $
> 
> 





From jschultz at bigcat.missouri.edu  Fri Jun 17 09:43:59 1994
From: jschultz at bigcat.missouri.edu (John Schultz)
Date: Fri, 17 Jun 94 09:43:59 PDT
Subject: swipe working on infinity.c2.org
In-Reply-To: <9406171319.AA02015@snark.imsi.com>
Message-ID: <Pine.3.89.9406171107.A9980-0100000@bigcat>


On Fri, 17 Jun 1994, Perry E. Metzger wrote:
> I'll point out for IETFers that a heated swIPe discussion is now
> occuring on the previously morribund IP security mailing list. Looks

What is the address for that list?  I've never heard of it before...

John Schultz
jschultz at bicat.missouri.edu






From perry at imsi.com  Fri Jun 17 09:46:56 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 17 Jun 94 09:46:56 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171633.LAA04621@zoom.bga.com>
Message-ID: <9406171646.AA02442@snark.imsi.com>



I said:
> > Of course you haven't seen such a thing. If factoring RSA keys
> > requires exponential time, such an algorithm is obviously not
> > possible. Were it possible, you could factor in time proportional to
> > the the number of bits in the key. Anyone who had such a function
> > would either be famous or wouldn't be talking.

Jim choate says:
> How about some evidence on it? I see no reason to compare taking a key
> and determining if it is too large or too small as being necessarily
> equivalent to factoring a large number.

Its called "binary search". You were supposed to learn it in your
intro to computer science class.

Lets play the guessing game, shall we? Its much like twenty questions,
only that just works for twenty bit things or less. We know that we
have a big number. If you give me a function that tells me one bit
(greater or not greater) for every guess, I can get a bit of the
number. After a short time, I'll know the number -- the time is
exactly the number of bits in the number (that is, the log base 2 of
the number.)

Perry





From mpd at ix.netcom.com  Fri Jun 17 10:23:56 1994
From: mpd at ix.netcom.com (Mike Duvos)
Date: Fri, 17 Jun 94 10:23:56 PDT
Subject: Chauming for Cash
Message-ID: <199406171723.KAA04424@ixserver.netcom.com>


Has anyone successfully obtained a copy of the software for David
Chaum's DigiCash system?  He has it for sale on his Web page at
http://digicash.support.nl/ but apparently it can only be
purchased with electronic money.

A classic chicken and egg situation. :)

I sent him some mail but so far have not gotten a reply.

	
-- 
     Mike Duvos         $    PGP 2.3a Public Key available    $
     mpd at netcom.com     $    via Finger.                      $








From jgostin at eternal.pha.pa.us  Fri Jun 17 10:50:43 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Fri, 17 Jun 94 10:50:43 PDT
Subject: (None)
Message-ID: <940617122321T9Fjgostin@eternal.pha.pa.us>


Bill Frezza (via RadioMail) <frezza at radiomail.net> writes:

> So much for lobbying.
...and, apparently, by/for/of the People.

> Look, something is going on here that doesn't meet the eye. Nothing is 
> ever unanimous in Washington. These guys were told something by somebody
> that caused them to vote like this.
     Ah, the "Deep Throat" Theory... I was waiting to see how long this
would take the surface. I agree. Something _very_ unsavory is happening
here, but I doubt we'll find out what it is. If I had to guess (and this
is VERY uninformed, as far as wild speculation), someone in the NSA with
the Power To Do So, said that they would blatantly ignore the rules, and
consider all crypto their private little hunting grounds. Being as the NSA
probably is used in some Intelligence work, and lots of other things the
Government Hopes We Don't Find Out About, Congress probably ran the other
way, as it was in Their Best Interests.

     Of course, this is wild speculation. It could just be that the
Director of the NSA makes one hell of a matzah ball soup, and they didn't
want to lose the saturday afternoon Matzah Ball 'Fests... ;-)

                                        --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From perry at imsi.com  Fri Jun 17 11:08:21 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 17 Jun 94 11:08:21 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171531.KAA01459@zoom.bga.com>
Message-ID: <9406171808.AA02606@snark.imsi.com>



Jim choate says:
> > I hope not.  If such a thing existed (if I understand your description
> > correctly) RSA could be cracked by a binary search of keyspace.  The
> > search would be O(log(n)), meaning it would be directly linear with
> > the number of bits in the key.
> > 
> Exactly.
> 
> If you (or anyone else comes across anything that even looks remotely 
> interesting would appreciate knowing about it).

I could believe some sort of amazing mathematical breakthrough that
produced a factoring algorithm that was polynomial in N. The notion
that one will show up thats not merely polynomial but actually
logarithmic in N is, I would say, in the "beyond pipe dream" state. I
might believe something like that showing up someday -- stranger
things have happened -- but I have an incredible amount of trouble
believing that one exists now and has merely been overlooked by people
smart enough to find an amazing result and too stupid to know what
their result implied.

Perry






From perry at imsi.com  Fri Jun 17 11:13:48 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 17 Jun 94 11:13:48 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171537.KAA01766@zoom.bga.com>
Message-ID: <9406171813.AA02620@snark.imsi.com>



Jim choate says:
> What I am looking at is a way to do binary searches in the key space w/ a 
> function that would look at a test key and the result of running RSA on 
> it and then tell me the relative magnitude between the real key and the
> test key. 

And you think no one would have noticed such a thing before.

I can pretty much hint to you that such a thing can't really be done
in log base 2 of n time in the sense that I believe I can prove that
any algorithm that did that would have to involve none of the basic
four arithmetic operations on the numbers in question. (Algorithms
involving no arithmetic on the numbers are still possible, but
intuitively quite unlikely.)

Perry





From ravage at bga.com  Fri Jun 17 11:30:40 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 11:30:40 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <9406171813.AA02620@snark.imsi.com>
Message-ID: <199406171830.NAA09354@zoom.bga.com>


> 
> And you think no one would have noticed such a thing before.
>
Is a possibility...especially since I can find no reference to it
or why it won't work.

> I can pretty much hint to you that such a thing can't really be done
> in log base 2 of n time in the sense that I believe I can prove that
>
This is a joke right? Why in the world should the base have a damn thing
to do with the algorithm? A number is a number last time I checked.

any algorithm that did that would have to involve none of the basic
> four arithmetic operations on the numbers in question. (Algorithms
> involving no arithmetic on the numbers are still possible, but
> intuitively quite unlikely.)
>
Sorry, I don't follow your reasoning here at all. Could you clarify?

As far as I am concerned if it could be done w/ a neural network, or
boolean algebra (course if no arithmetic ops no logic I guess), or
even a fuzzy algorithm (the original impetus to this line, I was looking
at "close enough" algorithms for a robot project I am in the middle of.
) would be ok by me. 

Seems to me though that if one looks at the results of the operation one 
could glean some sort of magnitude info out of the errors...

> Perry
> 





From ravage at bga.com  Fri Jun 17 11:36:01 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 11:36:01 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <9406171808.AA02606@snark.imsi.com>
Message-ID: <199406171835.NAA09573@zoom.bga.com>


> 
> I could believe some sort of amazing mathematical breakthrough that
> produced a factoring algorithm that was polynomial in N. The notion
> that one will show up thats not merely polynomial but actually
> logarithmic in N is, I would say, in the "beyond pipe dream" state. I
> might believe something like that showing up someday -- stranger
> things have happened -- but I have an incredible amount of trouble
> believing that one exists now and has merely been overlooked by people
> smart enough to find an amazing result and too stupid to know what
> their result implied.
> 
> Perry
> 
> 
I am *NOT* talking about factoring anything. Perhaps this is why you 
are having a problem understanding what I am asking. I don't care what
the original key is, simply am I above it or below it. I don't see this
as a 1 to 1 with factoring large digit numbers.

I am less than convinced by this line of reasoning, if somebody has looked
at it why is there no mention in the texts on number theory or crypto that
I have access to? I am no expert and have not read all the texts in their
entirety, too busy building rockets and working on my own internet feed,
which is why I asked if anyone could point me to some prior work. I myself
find it hard to believe that such could be possible but one thing is certain
about life, it isn't.

Take care...






From ravage at bga.com  Fri Jun 17 11:41:29 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 11:41:29 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <9406171646.AA02442@snark.imsi.com>
Message-ID: <199406171841.NAA09949@zoom.bga.com>


> 
> Jim choate says:
> > How about some evidence on it? I see no reason to compare taking a key
> > and determining if it is too large or too small as being necessarily
> > equivalent to factoring a large number.
> 
> Its called "binary search". You were supposed to learn it in your
> intro to computer science class.
> 
> Lets play the guessing game, shall we? Its much like twenty questions,
> only that just works for twenty bit things or less. We know that we
> have a big number. If you give me a function that tells me one bit
> (greater or not greater) for every guess, I can get a bit of the
> number. After a short time, I'll know the number -- the time is
> exactly the number of bits in the number (that is, the log base 2 of
> the number.)
> 
> Perry
> 
I am well aware of how to do a binary search. I have been programming since
'76. The question I have is not how to do the search but if there is a way
to feed a RSA fake keys in such a way that I can determine the relative 
magnitude of the difference in the key, not even the exact difference.

On another note, ad hominim resoning does not impress me. If you would like
to discuss my idea that is fine. It has no relation to me personaly.






From perry at imsi.com  Fri Jun 17 11:53:51 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 17 Jun 94 11:53:51 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171830.NAA09354@zoom.bga.com>
Message-ID: <9406171853.AA02690@snark.imsi.com>



Jim choate says:
> > 
> > And you think no one would have noticed such a thing before.
> >
> Is a possibility...especially since I can find no reference to it
> or why it won't work.

You can't find a reference in the library on why you can't build a
machine that cracks DES by repeatedly trying the digitized sound
tracks of porno films, either. Maybe you should try that -- who knows,
it might work.

> > I can pretty much hint to you that such a thing can't really be done
> > in log base 2 of n time in the sense that I believe I can prove that
> >
> This is a joke right? Why in the world should the base have a damn thing
> to do with the algorithm?

Ahem. Perhaps you should have kept awake in school. Log base 2 of a
number just means the number of bits in it.

> > any algorithm that did that would have to involve none of the basic
> > four arithmetic operations on the numbers in question. (Algorithms
> > involving no arithmetic on the numbers are still possible, but
> > intuitively quite unlikely.)
> >
> Sorry, I don't follow your reasoning here at all. Could you clarify?

It is very unlikely to me that you can factor a number in time smaller
than you can square it. Thats the point I'm trying to make. Sorry to
burst your bubble. Oh, I'm sure you'll come back with some silly
comment on "what does squaring the number have to do with anything" or
some similar crud.

> As far as I am concerned if it could be done w/ a neural network,

Oh, god. Neural networks have been invoked. As we know, neural
networks are magical. They are always the answer. After all, we have a
huge number of complex mathematical proofs out there that have been
solved with neural nets -- why, the Reiman Hypothesis was recently
proved by one, wasn't it? Or was that the exact measurement of Dan
Quayle's IQ -- its so easy to confuse them.

I tell you what, Jim. I'll pay you $10,000 if you can come up with an
algorithm that factors numbers or even just breaks RSA in O(log(n))
time or less (where n is the length of the number being factored or
the public key). I'd offer more, but it would be cruel. If you don't
know what the notation O(f(n)) means, please don't come back asking.

Perry





From lstanton at sten.lehman.com  Fri Jun 17 11:59:43 1994
From: lstanton at sten.lehman.com (Linn Stanton)
Date: Fri, 17 Jun 94 11:59:43 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171835.NAA09573@zoom.bga.com>
Message-ID: <9406171900.AA20063@sten.lehman.com>


In message <199406171835.NAA09573 at zoom.bga.com>you write:
  > I am *NOT* talking about factoring anything. Perhaps this is why you 
  > are having a problem understanding what I am asking. I don't care what
  > the original key is, simply am I above it or below it. I don't see this
  > as a 1 to 1 with factoring large digit numbers.

Lets try a game:

I'm thinking of a number, lets call it my private factor.

I tell you that it is less than some other number, which we'll call my
public key.

For any number you choose, I'll tell you whether your choice is above or
below my private factor.

How long will it take you to guess my factor?

Lets try. my public key is 24.

Is the factor above 10? No.
Is the factor above 5? Yes.
Is the factor above 7? No.
Is it 6? Yes.

And look: 24 / 6 = 4 ! You guessed my private key, and you happen to have factored
my public key at the same time! Wow!

You may not think that you are talking about factoring, but factoring is a
subset of what you are discussing.




From karn at qualcomm.com  Fri Jun 17 12:03:16 1994
From: karn at qualcomm.com (Phil Karn)
Date: Fri, 17 Jun 94 12:03:16 PDT
Subject: swipe working on infinity.c2.org
In-Reply-To: <199406171524.IAA00619@hot.ee.lbl.gov>
Message-ID: <199406171902.MAA26914@servo.qualcomm.com>


>When I talked to Phil Karn months ago about IP encryption, he was
>talking about encrypting each packet independently - I guess you have
>to do that with IP since it's not a reliable protocol.  But it sounded
>a little risky to me - maybe vulnerable to attack via known bits
>at the start of each encrypted section.  Encrypting at the TCP
>level would allow inter-packet mixing, but then you miss all the
>UDP protocols such as (old) NFS.

My unreleased KA9Q NOS version of SwIPe (I really need to converge to
ji/mab's version) adds a sequence number in the header just above IP
that is covered by the encryption (DES CBC). This acts as an IV that
ensures different ciphertext every time even when identical packets
are sent. The only part of the packet left in the clear is the IP
header. An eavesdropper has no knowledge of the application or the
transport protocol in use, or even if there's another IP datagram
buried inside the encrypted part (e.g., the swipe boxes are providing
a secure tunnel for other hosts).

These are all advantages of IP-level encryption over doing it above
TCP. The main disadvantage is overhead -- Van Jacobsen TCP/IP header
compression breaks.

Phil






From ravage at bga.com  Fri Jun 17 12:06:05 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 12:06:05 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <9406171853.AA02690@snark.imsi.com>
Message-ID: <199406171905.OAA11151@zoom.bga.com>


> 
> You can't find a reference in the library on why you can't build a
> machine that cracks DES by repeatedly trying the digitized sound
> tracks of porno films, either. Maybe you should try that -- who knows,
> it might work.
>
I see no reason to expect such a approach to work.

> > > I can pretty much hint to you that such a thing can't really be done
> > > in log base 2 of n time in the sense that I believe I can prove that
> > >
> > This is a joke right? Why in the world should the base have a damn thing
> > to do with the algorithm?
> 
> Ahem. Perhaps you should have kept awake in school. Log base 2 of a
> number just means the number of bits in it.
>
I understand what you are saying, what I am saying is that factoring is
not an issue. I am not factoring anything.

> > > any algorithm that did that would have to involve none of the basic
> > > four arithmetic operations on the numbers in question. (Algorithms
> > > involving no arithmetic on the numbers are still possible, but
> > > intuitively quite unlikely.)
> > >
> > Sorry, I don't follow your reasoning here at all. Could you clarify?
> 
> It is very unlikely to me that you can factor a number in time smaller
> than you can square it. Thats the point I'm trying to make. Sorry to
> burst your bubble. Oh, I'm sure you'll come back with some silly
> comment on "what does squaring the number have to do with anything" or
> some similar crud.
>
see comment above comment above relating to factoring...

> > As far as I am concerned if it could be done w/ a neural network,
> 
> Oh, god. Neural networks have been invoked. As we know, neural
> networks are magical. They are always the answer. After all, we have a
> huge number of complex mathematical proofs out there that have been
> solved with neural nets -- why, the Reiman Hypothesis was recently
> proved by one, wasn't it? Or was that the exact measurement of Dan
> Quayle's IQ -- its so easy to confuse them.
>
Perry, I have been using neural networks in both software and hardware
for several years now. I am well aware of what they can and can't do.
Could we please get off this personal attack shit?....

I am interested in discussing a particular idea that I had relating to
RSA and comparing keys, not what your personal opinion of me or my idea
is. If you don't like it how about not responding to any of my posts or
putting me in your kill file....

Ad hominim attacks reflect more on  you than me...

> I tell you what, Jim. I'll pay you $10,000 if you can come up with an
> algorithm that factors numbers or even just breaks RSA in O(log(n))
> time or less (where n is the length of the number being factored or
> the public key). I'd offer more, but it would be cruel. If you don't
> know what the notation O(f(n)) means, please don't come back asking.
>
Perry, see the above comments. 
> Perry
> 





From perry at imsi.com  Fri Jun 17 12:06:24 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 17 Jun 94 12:06:24 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171835.NAA09573@zoom.bga.com>
Message-ID: <9406171906.AA02710@snark.imsi.com>



Jim choate says:
> I am *NOT* talking about factoring anything.

Who cares what you think you are talking about? You haven't shown much
common sense thus far.

If I have an algorithm that will take any arbitrary RSA key and
produce the private key by a mechanism such as the one you propose,
you are (almost certainly) proposing an algorithm that will factor
arbitrary numbers that are a product of two primes. I can't prove that
right now -- not even sure that I can prove it right now. However,
there are lots of people who's intuitions likely agree with mine. Most
people believe RSA is probably equivalent to factoring.

> I don't care what the original key is, simply am I above it
> or below it.

I'm afraid that given such a function, I can derive the original key
within log[base2](n) operations.

Perry





From ravage at bga.com  Fri Jun 17 12:11:41 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 12:11:41 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <9406171900.AA20063@sten.lehman.com>
Message-ID: <199406171911.OAA11449@zoom.bga.com>


> 
> Lets try a game:
> 
> I'm thinking of a number, lets call it my private factor.
> 
> I tell you that it is less than some other number, which we'll call my
> public key.
> 
> For any number you choose, I'll tell you whether your choice is above or
> below my private factor.
> 
> How long will it take you to guess my factor?
> 
> Lets try. my public key is 24.
> 
> Is the factor above 10? No.
> Is the factor above 5? Yes.
> Is the factor above 7? No.
> Is it 6? Yes.
> 
> And look: 24 / 6 = 4 ! You guessed my private key, and you happen to have factored
> my public key at the same time! Wow!
>
You only found a single set of factors for your public key (ie 3,8 also work)
and if I had asked "is the number 6?" as my first question then I would have 
had it in 1 single guess which does *NOT* qualify as factoring your key.


> You may not think that you are talking about factoring, but factoring is a
> subset of what you are discussing.
>
the fact it is a subset of what I am talking about means that there are some
issues (and possibly an algorithm or two) that are outside of the purvue of
a discussion limited to simply factoring. The horizon has been expanded.







From ravage at bga.com  Fri Jun 17 12:15:08 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 12:15:08 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <9406171853.AA02690@snark.imsi.com>
Message-ID: <199406171915.OAA11668@zoom.bga.com>


> 
> I tell you what, Jim. I'll pay you $10,000 if you can come up with an
> algorithm that factors numbers or even just breaks RSA in O(log(n))
> time or less (where n is the length of the number being factored or
> the public key). I'd offer more, but it would be cruel. If you don't
> know what the notation O(f(n)) means, please don't come back asking.
> 
> Perry
> 

Ok Perry, you are on. When I recieve a certified letter from your lawyer 
with the appropriate paperwork detailing where the $10k is being held
in escrow I will have a certified letter sent to you aknowledeing 
receipt of it. Short of that you are blowing smoke...






From perry at imsi.com  Fri Jun 17 12:16:37 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 17 Jun 94 12:16:37 PDT
Subject: swipe working on infinity.c2.org
In-Reply-To: <199406171902.MAA26914@servo.qualcomm.com>
Message-ID: <9406171916.AA02729@snark.imsi.com>



Phil Karn says:
> These are all advantages of IP-level encryption over doing it above
> TCP. The main disadvantage is overhead -- Van Jacobsen TCP/IP header
> compression breaks.

Of course, one could simply compress the encapsulated packets -- after
all, in some sense any pair of hosts running swIPe between them have
produced an odd sort of point to point link between them.

Perry





From lstanton at sten.lehman.com  Fri Jun 17 12:23:56 1994
From: lstanton at sten.lehman.com (Linn Stanton)
Date: Fri, 17 Jun 94 12:23:56 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171911.OAA11449@zoom.bga.com>
Message-ID: <9406171924.AA20166@sten.lehman.com>


In message <199406171911.OAA11449 at zoom.bga.com>you write:
  > You only found a single set of factors for your public key (ie 3,8 also work)
  > and if I had asked "is the number 6?" as my first question then I would have 
  > had it in 1 single guess which does *NOT* qualify as factoring your key.

Of course it qualifies. No matter how a key gets broken, its
broken. The point is that if a function exists which will tell you if
a given number is larger than the RSA private key, that function can
be used as a factoring algorithm.

  > the fact it is a subset of what I am talking about means that there are some
  > issues (and possibly an algorithm or two) that are outside of the purvue of
  > a discussion limited to simply factoring. The horizon has been expanded.

No, what it means is that you would have to break most of number
theory, and common sense, before having to worry about such a
function. The risk of exploding in the vacuum caused by all of the
molecules in the air of this room suddenly moving to the far corner is
far higher than the chance of such a function existing.




From whitaker at dpair.csd.sgi.com  Fri Jun 17 12:29:19 1994
From: whitaker at dpair.csd.sgi.com (Russell Whitaker)
Date: Fri, 17 Jun 94 12:29:19 PDT
Subject: Bart Nagel in Mondo
In-Reply-To: <9406171538.AA11713@marvin.jta.edd.ca.gov>
Message-ID: <9406171227.ZM4384@dpair.csd.sgi.com>


On Jun 17,  9:06am, Russell Whitaker wrote:
> Subject: Re: Bart Nagel in Mondo
> On Jun 17,  8:38am, Dave Otto wrote:
> > Subject: Bart Nagel in Mondo
> > Check out the lead article in the "Summer 94" issue of _Mondo2000_.
> > It is a spoof by Bart Nagel that starts off sounding like steganography.
> >
> > The article basically states that the photo-journalist-publisher industry
> > is proposing that all images be encoded using stego techniques to contain
> > unique identifiers that would prevent copy infringements.  The article
> > starts in a *VERY* believable fashion before trailing off into an obvious
> > spoof.  Very well done.
> >
>
> Ummm... I haven't read the article, Dave, but there *has* been talk recently
in
> some photo magazines about doing just that.  I don't have the details at
hand,
> but I was told this by Romana Machado, the author of Stego, whose product was
> mentioned recently in an industry publication.
>
> Romana (romana at apple.com) should have details; she is being copied on this
> message.
>


[following up on the above message of mine earlier....]

Romana has asked me to pass along the following:

  In this month's issue of Photo/Electric Imaging,  Stego is featured as an
  ideal product for "watermarking" digital images.  A commerical photographer
  pointed out the article to me.   This magazine is available at major camera
  stores such as Ewert's in San Jose - I haven't  dropped by to pick up my
  own copy yet. I was polite but icy to Mondo folks when they inquired about
  Stego, sent them the same info that I send everyone else, but pointed out the
  exceedingly poor research they had done for _Mondo's Guide To The New Edge_,
    and expressed a hope that my product would not be similarly treated.

[End of excerpted forward to cypherpunks by Romana Machado (romana at apple.com)]


--
Russell Earl Whitaker			    whitaker at csd.sgi.com
Silicon Graphics Inc.
Technical Assistance Center / Centre D'Assistance Technique /
  Tekunikaru Ashisutansu Sentaa
Mountain View CA     			    (415) 390-2250
================================================================
#include <std_disclaimer.h>









From tcmay at netcom.com  Fri Jun 17 12:35:46 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 17 Jun 94 12:35:46 PDT
Subject: "Debbie Does Fort Meade" is the key
In-Reply-To: <9406171853.AA02690@snark.imsi.com>
Message-ID: <199406171934.MAA04755@netcom5.netcom.com>


(Cypherpunks added to the dist. list, against my better judgment.)


> You can't find a reference in the library on why you can't build a
> machine that cracks DES by repeatedly trying the digitized sound
> tracks of porno films, either. Maybe you should try that -- who knows,
> it might work.

Perry, please do *not* reveal more about this method. You are
"blowing" my new method. The soundtrack to "Debbie Does Fort Meade" is
apparently the "back door" to DES.

> Oh, god. Neural networks have been invoked. As we know, neural
> networks are magical. They are always the answer. After all, we have a
> huge number of complex mathematical proofs out there that have been
> solved with neural nets -- why, the Reiman Hypothesis was recently
> proved by one, wasn't it? Or was that the exact measurement of Dan
> Quayle's IQ -- its so easy to confuse them.

Riemann's Extenuating Continuation Hypothesis was actually proved with
"fractal analysis" and "genetic programming" techniques, both of which
are much more trendy than outdated charlatanism like "neural nets"
(Intel just cancelled its Ni10000 neural net chip, presumably to more
into fuzzy logic and quantum disambiguation...can aptical foddering be
the Next Big Thing?).

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From perry at imsi.com  Fri Jun 17 12:37:08 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 17 Jun 94 12:37:08 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171915.OAA11668@zoom.bga.com>
Message-ID: <9406171936.AA02752@snark.imsi.com>



Jim choate says:
> > 
> > I tell you what, Jim. I'll pay you $10,000 if you can come up with an
> > algorithm that factors numbers or even just breaks RSA in O(log(n))
> > time or less (where n is the length of the number being factored or
> > the public key). I'd offer more, but it would be cruel. If you don't
> > know what the notation O(f(n)) means, please don't come back asking.
> 
> Ok Perry, you are on. When I recieve a certified letter from your lawyer 
> with the appropriate paperwork detailing where the $10k is being held
> in escrow I will have a certified letter sent to you aknowledeing 
> receipt of it. Short of that you are blowing smoke...

Why should *I* do it? Thats time and expense for me. If you are so
sure of yourself, feel free to have your attorneys write up anything
you like. If it looks reasonable, I'll happily sign. I won't put money
in escrow, though, as "forever" is a long time to have my cash tied
up.

Perry






From t-vinodv at microsoft.com  Fri Jun 17 12:52:39 1994
From: t-vinodv at microsoft.com (Vinod Valloppillil)
Date: Fri, 17 Jun 94 12:52:39 PDT
Subject: FW: Larry King Live - you be the judge
Message-ID: <9406171854.AA21314@netmail2.microsoft.com>


	A professor at my University forwarded a transcript of the Larry King 
Live episode to
me and I thought I'd give it to the cypherpunks to chew on....

Boy, Andy Grove really let me down....

----------
From: David Farber  <farber at central.cis.upenn.edu>
To: interesting-people mailing list  <interesting-people at eff.org>
Subject: Larry King Live - you be the judge
Date: Friday, June 17, 1994 2:51PM
Subject: Larry King Live - you be the judge
Date: Fri, 17 Jun 94 12:08:32 -0400
From: Stephen Walker <steve at tis.com>

                  CNN REPORT - LARRY KING:  CLIPPER CHIP

                        June 15, 1994

        extracts from panel on Information Superhighway


PANEL INCLUDES:     Vic Sussman - U.S. News & World Report
                    Andy Grove  - Intel Corporation
                    Vice President Al Gore
                    Chairman of the FCC

Vic Sussman:   The Clipper Chip is essentially, I should let the
               Vice President tell you, but the Clipper Chip is
               essentially, the simplest way to think about it is
               it's a way of encrypting or making phone
               conversations private and they will be private for
               anyone.  Your neighbor will not be able to listen
               in on your phone conversations. However,..

Larry King:    They can now?

Vic Sussman:   They can now, but they won't with the Clipper Chip.
               However, the government that is law enforcement has
               to have a trap door so they can get in and listen
               to what, you know, legal wire taps.  The problem
               is, and I can't believe I'm sitting next the Vice
               President and saying this, the fact is this thing
               is loathed by everyone outside of government.  Now,
               I'll let Andy talk.

Larry King:    Loathed?

Vic Sussman:   Loathed and despised. Yes, the Clipper Chip.

Larry King:    First, we will get Andy before the gang up begins.
               Andy, what do you think of the Clipper Chip?

Andy Grove:    The reason I was laughing is because the issues of
               the Clipper Chip are the arcane of the arcane and
               discussing it with the respectable technical
               community that you have on your show and yourself
               is a little bit like discussing the technical
               merits of a speed trap.

Larry King:    Why the neanderthal here? Why?

Andy Grove:    Uh, the Clipper Chip is an implementation.  One
               particular implementation of the government's right
               to tap digital information.  The government has had
               the right to tap analog information.  The kind of
               information that is taking place between you and me
               and on the phone.  The government has that right.

Larry King:    Under different lines?

Andy Grove:    Pardon?

Larry King:    Under different lines and circumstances?

Andy Grove:    They have to get a warrant, but they can tap it.
               Now just because the information goes digitally, I
               don't see the difference.  The government for its
               own law enforcement needs should be able to tap
               digital information just as well as they have had
               the right to tap analog information forever.

Chairman of the FCC:     This isn't really the FCC he is talking
                         about.  This is law enforcement issues.

Larry King:    Do you believe that? (to Vic Sussman)

Vic Sussman:   Well, I'm a reporter.  I'm just reporting what
               people are saying.  What people are saying is that
               it is going to be hard to find any software
               manufacturers, any computer manufacturers, any
               telecommunication people who support this outside
               of the administration.

V.P. Al Gore:  This is a much misunderstood issue Larry, It is an
               issue that quickly becomes very emotional.  There
               are a lot of people who think that the government's
               ability to go to court and get a warrant and try to
               track down a terrorist or drug dealer, whatever,
               Uh, ought to be just shut off if communication is
               digital. Now, I'm stating the case a little
               parjodially but that really is what is at stake.
               Think of a future in which you have a world trade
               center bombing thirty years from now with a nuclear
               device or a threat of a nuclear device being
               exploded in an urban area or some other mass
               terror.  Do we want to live in a world where the
               FBI and other law enforcement agencies are
               prevented from being able to do their jobs.  Now,
               the government should not have the right (Gore
               laughs) to tap communication unless there is a
               legal proceeding in which there is a due cause, in
               which evidence is presented, in which a court says,
               "Look alright, you have presented enough evidence
               to meet the burden of proof, legally there is
               sufficient cause to allow you to conduct this
               criminal investigation."

Larry King:    We have run out of time.

------- End of Forwarded Message


These opinions are mine and do not in any way represent the opinions of 
Microsoft Corporation,
its employees, or stockholders.





From tcmay at netcom.com  Fri Jun 17 12:55:27 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 17 Jun 94 12:55:27 PDT
Subject: Bart Nagel in Mondo
In-Reply-To: <9406171227.ZM4384@dpair.csd.sgi.com>
Message-ID: <199406171954.MAA07081@netcom5.netcom.com>


Russell Whitaker writes:

> [following up on the above message of mine earlier....]
> 
> Romana has asked me to pass along the following:
> 
>   In this month's issue of Photo/Electric Imaging,  Stego is featured as an
>   ideal product for "watermarking" digital images.  A commerical photographer
>   pointed out the article to me.   This magazine is available at major camera
>   stores such as Ewert's in San Jose - I haven't  dropped by to pick up my
>   own copy yet. I was polite but icy to Mondo folks when they inquired about
>   Stego, sent them the same info that I send everyone else, but pointed out the
>   exceedingly poor research they had done for _Mondo's Guide To The New Edge_,
>     and expressed a hope that my product would not be similarly treated.
> 
> [End of excerpted forward to cypherpunks by Romana Machado (romana at apple.com)]

I've been writing about the LSB method of steganography in digital
images and sound files since 1988 (in sci.crypt, elsewhere), but I
find this "watermarking" idea extremely implausible:

- the LSB method works for digital images, but is easily defeated by
twiddling the low order bits (essentially overwriting the LSBs...if
the first set is visually undetectable, so will later overwrites).

- the most common method by far of "appropriating" images is via
scanners. These scanners will not generally pick up the LSBs, or even
the second-least significant bits. And if they do, some slight
blurring or filtering would remove them. And so on.

(This is what clued me in 3.7 seconds into reading Bart Nagel's piece
in "Mondo." His mention of "cypherpunks" was a nice touch, too.)

"Watermarking" of analog images is impractical, at least using any
variants of the LSB method I can think of. And digital images can
similarly be filtered/convolved so as smear or blur any such
signatures beyond recognition. In the final analysis, any file that
can be viewed by the eye, or heard, can be stolen.

(Higher-level issues of recognizing images may be different. For
example, the Pebble Beach Golf Course has _claimed_ that all
photographic images of the famous "lone cypress" belong to it...and it
tries to collect royalies from anyone who publishes a picture of it!)

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From mpd at netcom.com  Fri Jun 17 12:58:05 1994
From: mpd at netcom.com (Mike Duvos)
Date: Fri, 17 Jun 94 12:58:05 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <9406171936.AA02752@snark.imsi.com>
Message-ID: <199406171958.MAA07441@netcom5.netcom.com>


Perry E. Metzger, who is evidently having a bad hair day, said
the following not very nice things to Jim Choate:

 > Who cares what you think you are talking about? You haven't
 > shown much common sense thus far.

 > You can't find a reference in the library on why you can't
 > build a machine that cracks DES by repeatedly trying the
 > digitized sound tracks of porno films, either. Maybe you
 > should try that -- who knows, it might work.

 > Ahem. Perhaps you should have kept awake in school. Log
 > base 2 of a number just means the number of bits in it.

In the words of Rodney King, "Can't we all just get along?"

Perry further comments:

 > If I have an algorithm that will take any arbitrary RSA key
 > and produce the private key by a mechanism such as the one
 > you propose, you are (almost certainly) proposing an
 > algorithm that will factor arbitrary numbers that are a
 > product of two primes.

This is likely true.  However, it does not necessarily follow
that such an algorithm will be any faster than current methods of
factoring and might very well be a good deal slower.

What you seem to be overlooking is that the function Jim
proposes, which tells the numerical order of two keys from an
examination of the results of using them, is probably an
exponential time algorithm itself as a function of keysize.

Performing such an algorithm log2(n) times does not yield an
algorithm which is O(log2(n)) in computational complexity, unless
Jim's magic function happens to be hardwired into your CPU and
executes in a constant of clock cycles regardless of its
operands.

 > I'm afraid that given such a function, I can derive the
 > original key within log[base2](n) operations.

Your fears are unfounded. :)

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $




From trollins at debbie.telos.com  Fri Jun 17 13:01:23 1994
From: trollins at debbie.telos.com (Tom Rollins)
Date: Fri, 17 Jun 94 13:01:23 PDT
Subject: PGP Header
Message-ID: <9406171957.AA20965@debbie.telos.com>


With the PGP Header getting larger in the next release (4096 bits)
there is room to place a short message in this header as opposed
to just the IDEA data area.
Do you think that this might have some use ?

				-tom





From perry at imsi.com  Fri Jun 17 13:18:30 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 17 Jun 94 13:18:30 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171958.MAA07441@netcom5.netcom.com>
Message-ID: <9406172015.AA02813@snark.imsi.com>



Mike Duvos says:
>  > If I have an algorithm that will take any arbitrary RSA key
>  > and produce the private key by a mechanism such as the one
>  > you propose, you are (almost certainly) proposing an
>  > algorithm that will factor arbitrary numbers that are a
>  > product of two primes.
> 
> This is likely true.  However, it does not necessarily follow
> that such an algorithm will be any faster than current methods of
> factoring and might very well be a good deal slower.

Ahem. He was proposing a mechanism that will work in log(n) time. All
current known methods are subexponential. As you SHOULD know, a log
function will eventually be smaller than a subexponential one if you
only let N grow large enough. This is baby complexity theory. I find
it astonishing that I should even have to mention it.

> What you seem to be overlooking is that the function Jim
> proposes, which tells the numerical order of two keys from an
> examination of the results of using them, is probably an
> exponential time algorithm itself as a function of keysize.

Thats not what he was proposing. Obviously one can build such an
algorithm given a factoring algorithm, and we know of exponential
factoring algorithms. That wasn't the idea. His notion was that there
might be a CHEAP algorithm to do this.

Perry





From perry at imsi.com  Fri Jun 17 13:34:34 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 17 Jun 94 13:34:34 PDT
Subject: mathematical skills
Message-ID: <9406172034.AA05911@webster.imsi.com>


I'm giving up on trying to teach people math. Those who believe that
its possible to find Jim's magic "is the key bigger or smaller"
algorithm without being able to factor are all entitled to their
opinion. Have fun. Ignorance is its own reward.

However, I've got to say that these discussions are occuring with
increasing frequency. Between jerks proposing newer and better linear
congruential generators as stream ciphers, fools asking why they can't
use books as sources for "one-time pads" (sic), and now fools asking
(indirectly) why it isn't possible to find a function that will let
them crack any RSA key they like in logarithmic time while not having
the result applicable to factoring, I feel rather sad. Its depressing
commentary on what cypherpunks has become.

Perry





From bart at netcom.com  Fri Jun 17 13:45:50 1994
From: bart at netcom.com (Harry Bartholomew)
Date: Fri, 17 Jun 94 13:45:50 PDT
Subject: PGP in July Byte, p.193
Message-ID: <199406172045.NAA16290@netcom7.netcom.com>



    A very positive, technically astute discussion by William
    Stallings,  stallings at acm.org, who concludes:

    "PGP is young, strong, and coming on. It is already being widely
    used, and its growth is being fueled by the rapid growth in
    Internet use and the increasing reliance on E-mail for everything
    from legal documents to love letters.  It is already the practice
    of many people to include their PGP fingerprint in E-mail messages.
    Expect to see more of this and to see such fingerprints appearing
    in print, as one does with this article, in the future.




From jgostin at eternal.pha.pa.us  Fri Jun 17 13:50:36 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Fri, 17 Jun 94 13:50:36 PDT
Subject: (None)
Message-ID: <940617160624Y4Wjgostin@eternal.pha.pa.us>


"Perry E. Metzger" <perry at imsi.com> writes:

> algorithm that factors numbers or even just breaks RSA in O(log(n))
> time or less (where n is the length of the number being factored or
> the public key). I'd offer more, but it would be cruel. If you don't
> know what the notation O(f(n)) means, please don't come back asking.
     Well, I don't know what it means. If you'd care to tell me, even in
mail, I'd like to know. I've been following this thread with interest, but
I don't pretend to follow this X(f(y)) notation all the time. I understand
that it means we are applying function X to the result of f(y)... Anyone
who's passed Trig or Elem. Functions does. I don't understand what
function O(x) represents.


                                          --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From jamiel at sybase.com  Fri Jun 17 13:59:20 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Fri, 17 Jun 94 13:59:20 PDT
Subject: Prime magnitude and keys...a ?
Message-ID: <9406171954.AA22336@ralph.sybgate.sybase.com>


Feeding frenzy! Getcher teeth in now, be there or be square.







From jmdaluz at kquest.com  Fri Jun 17 14:00:33 1994
From: jmdaluz at kquest.com (Jose M. daLuz)
Date: Fri, 17 Jun 94 14:00:33 PDT
Subject: House Rules Committee Membership
Message-ID: <199406172100.RAA07286@zork.tiac.net>


Kyle Wilson (ksw at cs.odu.edu) posted the membership of the House Rules
Committee, next stop for H.R. 3937.  Here's the list with phone/fax numbers
added.

				Voice		Fax
Democrats:

Joe Moakley (MA), Chairman	1-202-225-8273	1-202-225-7304
Butler Derrick, Jr (SC)		1-202-225-5301	na
Anthony C. Beilenson (CA)	1-202-225-5911	na
Martin Frost (TX)		1-202-225-3605	1-202-225-4951
David E. Bonior (MI)		1-202-225-2106	1-202-226-1169
Tony P. Hall (OH)		1-202-225-6465	na
Alan Wheat (MO)			1-202-225-4535	1-202-225-5990
Bart Gordon (TN)		1-202-225-4231	1-202-225-6887
Louise McIntosh Slaughter (NY)	1-202-225-3615	1-202-225-7822

Republicans:

Gerald B.H. Solomon (NY)	1-202-225-5614	1-202-225-1168
James H. Quillen (TN)		1-202-225-6356	1-202-225-7812
David Dreier (CA)		1-202-225-2305	1-202-225-4745
Porter J. Goss (FL)		1-202-225-2536	1-202-225-6820

Jose M. daLuz
KnowledgeQuest Online Research
jmdaluz at kquest.com
(508) 996-6101 (vox)
(508) 996-6215 (fax)






From perry at imsi.com  Fri Jun 17 14:02:27 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Fri, 17 Jun 94 14:02:27 PDT
Subject: (None)
In-Reply-To: <940617160624Y4Wjgostin@eternal.pha.pa.us>
Message-ID: <9406172102.AA02980@snark.imsi.com>



Jeff Gostin says:
> "Perry E. Metzger" <perry at imsi.com> writes:
> 
> > algorithm that factors numbers or even just breaks RSA in O(log(n))
> > time or less (where n is the length of the number being factored or
> > the public key). I'd offer more, but it would be cruel. If you don't
> > know what the notation O(f(n)) means, please don't come back asking.
>      Well, I don't know what it means. If you'd care to tell me, even in
> mail, I'd like to know. I've been following this thread with interest, but
> I don't pretend to follow this X(f(y)) notation all the time. I understand
> that it means we are applying function X to the result of f(y)... Anyone
> who's passed Trig or Elem. Functions does. I don't understand what
> function O(x) represents.

O(x) isn't a function invocation, its a complexity theory notation --
it basically means "order of". For instance, it can be proven that a
generalized sort algorithm that relies only on compares can be written
with time complexity no greater than a constant factor plus a constant
factor times n log n, where n is the number of elements. The constants
don't really matter, so we just call it an O(n log(n)) algorithm.

This topic can get really rich and I haven't explained it terribly
well -- I suggest a book on theoretical computer science. Knuth may
have a good explanation, but I don't recall.

Perry





From sinclai at ecf.toronto.edu  Fri Jun 17 14:05:43 1994
From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N)
Date: Fri, 17 Jun 94 14:05:43 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171830.NAA09354@zoom.bga.com>
Message-ID: <94Jun17.165505edt.11416@cannon.ecf.toronto.edu>


> > I can pretty much hint to you that such a thing can't really be done
> > in log base 2 of n time in the sense that I believe I can prove that
> >
> This is a joke right? Why in the world should the base have a damn thing
> to do with the algorithm? A number is a number last time I checked.

I think you misunderstand.  Perry and I are talking about the
algormithm (If it exists) being O(log_2(n)).  That is, "log base 2 of n".
This means that the time taken is proportional to the log to the base
two of the number of keys.

Fascinating as this speculation is, I see no way to craft such
an algorithm.  The nature of the modular space makes "larger"
and "smaller" difficult to distinguish.






From mech at eff.org  Fri Jun 17 14:10:13 1994
From: mech at eff.org (Stanton McCandlish)
Date: Fri, 17 Jun 94 14:10:13 PDT
Subject: Cypherpunks Reported:
In-Reply-To: <9406051505595.DLITE.fantome@delphi.com>
Message-ID: <199406172110.RAA23076@eff.org>


In article <tmpCrIDG5.364 at netcom.com>,  <tmp at netcom.com> wrote:
>austin ziegler (fantome at delphi.com) wrote:
>
>: Again, the reporter calls cypherpunks "a largely
>: anonymous group of programmers," a "sinister" depiction.  I see cypherpunks
>: as being brazenly *open* (for the most part) about the fact that they
>: despise Clipper and Skipjack.  And while I *can* program, I am not a
>: programmer, per se ... what about those of us who are cypherpunks because we
>: value our privacy?
>
>I certainly haven't run into very many self-proclaimed cypherpunks.

[hand raised here]

>they
>are pretty dense on the cypherpunk list (cypherpunks at toad.com) but are
>far more diluted when you shine a light on them out here in Usenet. 
>sort of like running cockroaches.

Puh-lease.  Lets excerise a little basic logic here, Boxx.  If the
cypherpunks list is a list for cypherpunks, don't you think you'd find a
lot of them there?  And if, perchance, the cypherpunks are not an
overwhelming majority of the net.population, don't you think you'd expect
them to be "diluted" on the net at large?  Come now, the same dilution
argument can be made for archers, or dance instructors, or finger-painting
fanciers.  I don't think the cockroach metaphor is justified in any of
these cases.





From m5 at vail.tivoli.com  Fri Jun 17 14:29:36 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Fri, 17 Jun 94 14:29:36 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406171830.NAA09354@zoom.bga.com>
Message-ID: <9406172129.AA06502@vail.tivoli.com>



Though this is starting to get tedious, I'll do my pedantic part and
point out that O(log_2(n)) == O(log_k(n) * C) == O(log_k(n)); the log
base doesn't matter in Big O Land.

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From smb at research.att.com  Fri Jun 17 14:35:46 1994
From: smb at research.att.com (smb at research.att.com)
Date: Fri, 17 Jun 94 14:35:46 PDT
Subject: a bit more information on key escrow
Message-ID: <9406172135.AA21111@toad.com>


I and a few others sent a short list of questions to Dorothy Denning
and Steve Kent, with a request that they forward them to the other review
panel members.  Here are Denning's answers.  I do not know if they
represent the view of the other committee members, or if more details
will be forthcoming.  In particular, I do not know if anyone on the
committee will ask NSA to declassify any information relative to these
questions.  I did ask that if the answer to anything was ``it's
classified'', that a persuasive rationale for the classification
status be given.

Reposted with permission....

		--Steve Bellovin

------- Forwarded Message

Date: Fri, 17 Jun 94 16:01:43 EDT
From: denning at chair.cosc.georgetown.edu (Dorothy Denning)

Steve,

Here are answers to the questions you asked.  The answers generally
apply to the current system.  In some cases, I noted changes that will
be made in the target system that is under development.

Regards,
Dorothy

			Questions on Key Escrow

1.	How are the halves of the unit key generated?  What is
	the function?
	
	The Device Unique Key (KU) is a function of two Random Seed
	values that are brought to the chip programming facility
	by Escrow Officers from each of the Escrow Agents,
	arbitrary input from the keyboard provided by the Escrow
	Officers, and the Device Unique Identifier (UID).  The exact
	function is classified in order to avoid revealing
	cryptographic principles about generating good keys.

2.      How are the seeds generated for the unit key generation
	process?  These are extremely sensitive values, since
	their compromise could give away an entire production run.

	Each Escrow Agent generates a separate Random Seed using a PC
	and NIST-developed smart card.  The smart card implements a
	pseudorandom number generator (PRNG) approved for cryptographic
	key generation in FIPS 171.  Input from the keyboard as well as
	keystroke timing are used as input to the Secure Hash
	Algorithm.  After hashing, the result is fed to the PRNG.

	Compromise of the Random Seed values could not give away an
	entire production run since the Unique Keys are also a function
	of arbitrary input from the keyboard.  In addition, the
	algorithm for generating the KU values, being classified, is
	not generally available.

3.	How is the serial number generated?  Randomly?  With only
	32 bits, the probability of a collision is moderately high.

	The serial numbers are generated in sequence.

4.	How are the seeds destroyed after generation?

	The Escrow Officers bring the seeds on floppy disks.  These
	disks are to be destroyed or stored in the double-locked safe
	inside the programming facility (SCIF) until they can be 
        destroyed.

	The seeds and all other key data is erased from the memory and
	hard disk of the computer used for key generation at the end of
	a programming session.  The disk is then stored in the safe.

5.	How is the session key encrypted within the LEAF?

	The details of the LEAF creation method, including the exact
	modes of encryption used, are classified in order to make it
	more difficult to build an interoperable rogue product that
	produced fake LEAFs in the event the Family Key should be
	compromised, and also to avoid revealing cryptographic
	principles.

6.	How is the entire LEAF encrypted?  The LEAF/IV package use
	in Tessera?  In particular, is the family key used for
	session-level cryptographic protection of the IV?

        The IV is passed in the clear.  See 5 about how the LEAF is
        encrypted.

7.	How is the checksum in the LEAF calculated?

	See 5.

9.	What is the nature of the key exchange and key negotiation
	protocol?

	The key exchange protocol on the Capstone chip is classified to
	avoid revealing cryptographic principles of key generation and
	exchange.  However, it is not a requirement to use this
	algorithm.  Other techniques can be used instead.  The Escrowed
	Encryption Standard (EES) does not specify a key exchange
	method and the Clipper chip does not implement one.

10.	How does the Tessera card generate its random keys and IVs?
	A true random number generator?  A pseudo-random number generator?
	How is it seeded?  From a true random source?  Why not use that
	all the time?

	There is a true random number generator on the Capstone chip.
	This can be used to generate all random values including the
	IV.  The target programming device may use this random number
	generator in the generation of Device Unique Keys, but it would
	not replace the entire algorithm.

11.	How are escrowed keys protected during transport and storage?
	What about backup?
 
	Escrowed Key Components are stored in encrypted form on floppy
	disks inside double locked safes. It takes 2 Escrow Officers at
	each Escrow Agent site to open a safe, and it takes an Escrow
	Officer from each Escrow Agent to form the Key Enciphering Key
	(KCK) needed to decrypt the Encrypted Key Components.  KCK is a
	function of two Key Numbers, KN1 and KN2, each of which is held
	by one of the Escrow Agents in its safe.

	For backup, there are two copies of key escrow data in each
	safe.  In addition, each Escrow Agent has a backup safe, which
	contains an additional two copies.

	Encrypted Key Components are transported on floppy disks inside
	tamper-detecting packages.  A number is written on each
	package.  Upon arrival, the packages are checked for tampering and
	the numbers are checked.  In the target system, key escrow data
	will be transmitted electronically using cryptography for
	protection.

12.	What mechanisms will protect the key halves during transmission
	to authorized wiretap agents?

	The same methods as for 11.

13.	How will an audit trail be maintained of unit key requests
	and usage?

	Audit records are written for the following events: generation
	of keying material, storage of and access to keying material,
	request for Key Components, confirmation of a key release
	certification, and notification that a Unique Key was deleted
	in the Decrypt Processor.  These records are kept in the double
	locked safes under two person control.

14.	How will wiretap keys expire?

	When the Escrow Officers load the Key Components into the
	Decrypt Processor, they also type in the expiration date.  The
	date is stored with the Unique Key, but the person operating
	the Decrypt Processor must issue a command to delete the key.
	When that happens, the Escrow Agents are to be notified of the
	key deletion.  In the target system, the key will be deleted
	automatically when the court order expires, and the
	notification will be sent automatically from the Decrypt
	Processor.



------- End of Forwarded Message






From dave at marvin.jta.edd.ca.gov  Fri Jun 17 14:36:33 1994
From: dave at marvin.jta.edd.ca.gov (Dave Otto)
Date: Fri, 17 Jun 94 14:36:33 PDT
Subject: Cantwell bill outcome
Message-ID: <9406172135.AA26354@marvin.jta.edd.ca.gov>


The following post to 'eff.talk presents what, IMO, is one of the most
plausible explanations for the ITAR crypto restrictions.  I guess I'm
not nearly devious enough to work for a TLA.  I believe NO request for
export of the App. Crypto disk will be approved as long as this type of
(semi-hidden) agenda is driving the descisions.

However, with the (continuing) spread of PGP, even this argument is bogus:-)

---------- begin forwarded message -----------

Newsgroups: comp.org.eff.talk
From: Liudvikas Bukys  <bukys at cs.rochester.edu>
Subject: My conversation with Greg Frasier (House Intelligence Committee)
Sender: bukys at cs.rochester.edu (Liudvikas Bukys)
Organization: University of Rochester Computer Science Dept
Date: Fri, 17 Jun 1994 14:53:38 -0400

I decided to call around Washington a bit about the unanimous House
Intelligence Committee vote against relaxation of export controls on
encryption.

I ended up speaking to Greg Frasier, an aide at the House Intelligence
Committee.  He basically reiterated the case re national security and
legitimate needs of law enforcement.

FYI, reportedly, the report is due (from the President) 150 days after
the enactment of the bill.

A couple of interesting statements from Mr. Frasier (paraphrased -- I
didn't record the conversation!):

	That the arguments they are hearing about American companies
	are unproven, and that no single case of a problem has been
	documented (in his view).  In particular, US companies are
	allowed some export to the non-US subsidiaries and to financial
	institutions, so what's the problem?

!	While they are aware that software for secure encryption is
!	available from non-US, they are making a best effort to prevent
!	a standard from emerging, while hoping that some escrowed
!	encryption scheme will gain acceptance.

I was surprised by the unanimous vote, but he was not.  He says that there
has been a lot of discussion on this on the committee, but the security/enforce
  ++ment concerns generally prevail.

My impression is that the range of possible outcomes went from outright
rejection of export reform (at worst), to a request for a report from the
President (at best).  I would guess that as long as there is any hope of
promulgating government key escrow, they will do their best to discourage
the adoption of non-escrowed strong cryptography.

Liudvikas Bukys
<bukys at cs.rochester.edu>

        Dave Otto -- dave at marvin.jta.edd.ca.gov -- daveotto at acm.org
    "Pay no attention to the man behind the curtain!"     [the Great Oz]
    {I *DO* have a life, it's just that my kids are using it right now!}





From mpd at netcom.com  Fri Jun 17 14:49:50 1994
From: mpd at netcom.com (Mike Duvos)
Date: Fri, 17 Jun 94 14:49:50 PDT
Subject: Computational Complexity
Message-ID: <199406172149.OAA16165@netcom10.netcom.com>


Perry E. Metzger writes:

 > Ahem. He was proposing a mechanism that will work in log(n)
 > time. All current known methods are subexponential. As you
 > SHOULD know, a log function will eventually be smaller than
 > a subexponential one if you only let N grow large enough.
 > This is baby complexity theory. I find it astonishing that I
 > should even have to mention it.

As I read it, he simply asked (and quite nicely at that) if such
a algorithm might exist, and asked if there were any references
to it in the literature.  Now clearly he was hoping that such a
mechanism might offer the opportunity to binary search the key
space efficiently and perhaps those hopes were misplaced, but I
don't think the idea was so off the wall as to be deserving of
the ridicule you heaped upon it.  Far weirder things have been
proposed on this list.

 > Thats not what he was proposing. Obviously one can build
 > such an algorithm given a factoring algorithm, and we know
 > of exponential factoring algorithms. That wasn't the idea.
 > His notion was that there might be a CHEAP algorithm to do
 > this.

I think the key word here is "might."  Hope springs eternal, even
in cryptology. :)

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $




From MAILER-DAEMON at wuarchive.wustl.edu  Fri Jun 17 15:49:01 1994
From: MAILER-DAEMON at wuarchive.wustl.edu (Mail Delivery Subsystem)
Date: Fri, 17 Jun 94 15:49:01 PDT
Subject: Returned mail: warning: cannot send message for 4 hours
Message-ID: <199406172248.RAA21511@wuarchive.wustl.edu>

    **********************************************
    **      THIS IS A WARNING MESSAGE ONLY      **
    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
    **********************************************

The original message was received at Fri, 17 Jun 1994 13:45:53 -0500
from illuminati.io.com [198.4.60.10]

   ----- The following addresses had delivery problems -----
<cslaw at pericles.com>  (transient failure)

   ----- Transcript of session follows -----
<cslaw at pericles.com>... Deferred: Connection timed out during initial connection with pericles.com.
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old

   ----- Original message follows -----


Subject: Green card information, please.
From: cypherpunks at toad.com
Date: Fri, 17 Jun 1994 13:45:53 -0500
Apparently-To: <cslaw at pericles.com>

I am interested in your services. Please send me more information. Thank you.

-----
Thomas A. Douglas
"Just another bump on the Information Superhighway."





From ravage at bga.com  Fri Jun 17 16:06:01 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 16:06:01 PDT
Subject: Some observations on xMODn...
Message-ID: <199406172305.SAA21693@zoom.bga.com>


I propose to clarify with a little mathematics as best I can what I
was, and am, asking...

To those this material appears obvious too please feel free to delete.

As I understand it MOD is a function which returns the remainder of a 
number (x) when divided by another number (n). As an example:

5mod3=2    ie 3 will go into 5 a single time and there will be a left over
              of 2.

11mod3=2   ie 3 will go into 11 a total of 3 times and there will be 2
              left over.

I propose there is a periodicity in the mod function:

n        0  1  2  3  4  5  6  7  8  9  10  11  12

nmod5    0  1  2  3  4  0  1  2  3  4  0   1   2

this can be simplified into a generic formula for a sequence:

       rem = (kn)+i  |big #          |big #
                     |               |
                     |i=0            |k=0

What this formual does is give you the sequence of any given remainder
for xmodn.

In a generic algorithm it appears as such:

     n = some number
     for k = 0 to "some really big number"
          for i = 0 to "some really big number"
               rem=(k*n)+i
          next i
     next k

>From p.282 on Schneier the RSA encryption algorithm is given as:
           e
     c  = m (mod n)
      i    i

In my notation this reduces to:

     rem = (kn)+i  |          |
                   |          |
                   | n=0      |i=0

What I am asking is that since the numbers we are looking at are  very 
large there should (to the way I am thinking at the moment) some means
of detecting a sequence of patterns of periodicity related to the difference
between the actual key and the key we just select randomly. 

Specificaly what I am asking for is some reference to some work in this area.
I don't know what it is called, it doesn't appear in any books that I have 
looked at.  

Thanks for any help you may be able to provide...






From ravage at bga.com  Fri Jun 17 16:20:17 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 16:20:17 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <9406171924.AA20166@sten.lehman.com>
Message-ID: <199406172320.SAA22342@zoom.bga.com>


> 
> Of course it qualifies. No matter how a key gets broken, its
> broken. The point is that if a function exists which will tell you if
> a given number is larger than the RSA private key, that function can
> be used as a factoring algorithm.
>
I have to disagree. What I am asking is a binary question, not one of 
magnitude. I never care what the magnitude is. Don't want to know it.
Will give it away unopened if I do get it. If all you know is 1/0 then
you can't use it to factor the number. The other aspect of your method
is, yes it can give  you some of the factors, but it has no guarantee 
that you will find all of them. If your algorithm can'g guarantee it 
finds all of them every time then it can't be positively used to factor
number.

> No, what it means is that you would have to break most of number
> theory, and common sense, before having to worry about such a
> function. The risk of exploding in the vacuum caused by all of the
> molecules in the air of this room suddenly moving to the far corner is
> far higher than the chance of such a function existing.
> 
To each their own (opinion). I am not breaking anything, I *am* asking for
a reference. 

There seems to be a particular sub-set of prima donnas on c-punks who feel
it is their duty to stipulate what kinds of questionsss can be asked and
how much one has to know to ask them. I  have only one other question 
for these folks, do you work for the government or the church?






From ravage at bga.com  Fri Jun 17 16:25:15 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 16:25:15 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <9406171918.AA05970@vail.tivoli.com>
Message-ID: <199406172325.SAA22491@zoom.bga.com>


> 
> If you can get the sign of the difference between RSA(your number) and
> RSA(unknown key), then you can discover (unknown key) in log n time.
> That implies, due to the nature of RSA, that you can factor in log n
> time using whatever algorithm it is that makes the determination of
> the sign of the difference. 

No, again   it will allow you to find the secret key, it will not 
provide any information about the factors of that number. It might
be used for that but as you have pointed out, it takes a long time.

If I can take a cypher-text and look at the periodicity of the mod
function when several false keys are provided  I can narrow down
the guess through a binary search. I am going up, not down (ie finding
the factors which must be smaller than n). I am looking for n, not
its *@$^%# factors.

You are asking the wrong question. I am asking, since I can't factor the
keys is there some periodicity in the mod function that I can attack.






From rfb at lehman.com  Fri Jun 17 16:25:40 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Fri, 17 Jun 94 16:25:40 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <94Jun17.165505edt.11416@cannon.ecf.toronto.edu>
Message-ID: <9406172324.AA21372@fnord.lehman.com>


    From: SINCLAIR  DOUGLAS N <sinclai at ecf.toronto.edu>
    Date: 	Fri, 17 Jun 1994 11:55:01 -0400

    Perry and I are talking about the algormithm (If it exists) being
    O(log_2(n)).  That is, "log base 2 of n".  This means that the
    time taken is proportional to the log to the base two of the
    number of keys.

Actually, for a brief moment there, I thought that Jim choate might
have a partial clue, i. e. that he was pointing out that O(log2 n) is
equivalent to O(ln n), O(log10 n), or whatever base you want.

			Rick





From frezza at radiomail.net  Fri Jun 17 16:27:40 1994
From: frezza at radiomail.net (Bill Frezza (via RadioMail))
Date: Fri, 17 Jun 94 16:27:40 PDT
Subject: Crypto export legislation defeated in House Intelligence Cmte.
Message-ID: <199406172327.AA19400@radiomail.net>



On 6/17 John said:

<If you have any ideas on just how to do this, I'd sure be interested.

We've been talking to all the involved people, from NSA "special
assistant to the director" to the White House to the Justice Dept to
the Intelligence Committee staff to the senators and representatives
who are fighting this battle.  If they have something that they won't
tell us, claiming the info is classified, what do you recommend that
we do to change their minds?>

I recommend that we give up the battle and go fight the real war. We are
totally outgunned if we stick to this approach and are wasting our time.

What the entire net community should do is focus it's energies on chopping
NSA's budget, period. That's what these guys really care about after all. 
Let's go on the offense rather than play a losing defense. Make them 
squirm in appropriation committee hearings, embarrass them for their
intelligence failures, and put them on notice that we are going to hit 
back where it hurts. And don't even bother raising the "freedom of
encryption" or free trade issues. Forget it. It's going to happen 
anyway and they can't stop it. Focus on defecit reduction and downsizing 
the intelligence community in the wake of the collapse of the Soviet Union.
Keep the attack very broad and avoid specific "national security" issues.
Get the investigative journalists to write exposes on the huge spending
black hole these guys have created. Whine about all the other worthy things
taxpayer money can be spent on <gag> if we stop giving it to spooks and
weirdos.

Of course, this strategy may be tough for the EFF if you are simultaneously
urging increased government involvement in the "Information Superhighway". 

Regards,

Bill Frezza
DigitaLiberty









From nobody at shell.portal.com  Fri Jun 17 16:29:37 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Fri, 17 Jun 94 16:29:37 PDT
Subject: Bumper Sticker
Message-ID: <199406172330.QAA29649@jobe.shell.portal.com>


I saw a bumper sticker:

I love my country
but fear my government.

Rat







From ravage at bga.com  Fri Jun 17 16:34:18 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 16:34:18 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <94Jun17.165505edt.11416@cannon.ecf.toronto.edu>
Message-ID: <199406172333.SAA22749@zoom.bga.com>


> 
> I think you misunderstand.  Perry and I are talking about the
> algormithm (If it exists) being O(log_2(n)).  That is, "log base 2 of n".
> This means that the time taken is proportional to the log to the base
> two of the number of keys.
> 
> Fascinating as this speculation is, I see no way to craft such
> an algorithm.  The nature of the modular space makes "larger"
> and "smaller" difficult to distinguish.
> 
I have made submission of a short text which details my thoughts relating
to a mod function attack. 

I am under no illusion about the complexity of mounting a factor attack.
I do see the mod function as the next natural hole to look at the algorithm
through. I can find no work relating to periodicities in the mod function
and it occurs to me that such relationships might point the way...






From jgostin at eternal.pha.pa.us  Fri Jun 17 16:50:27 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Fri, 17 Jun 94 16:50:27 PDT
Subject: Perry vs. the Math Teacher
Message-ID: <940617183828g5fjgostin@eternal.pha.pa.us>


perry at imsi.com (Perry E. Metzger) writes:

> the result applicable to factoring, I feel rather sad. Its depressing
> commentary on what cypherpunks has become.
     Go figger. It's become a haven of learning, where the more learned
teach those willing to learn, instead of the self-congratulatory elitist
squad I was told it once was. That's why *I'm* here, to learn from those
who know more than I do. I am VERY willing to learn what others have to
teach. They know more than I do, and there's some very knowledgeable
people here.

     I've recieved some very nice replies to my earlier question about
what O(f(x)) meant, including one from you, Mike McNally, Bill O'Hanlon,
and Douglas Sinclair (thanx guys!! If anyone else sent anything, I haven't
recieved it yet, but you do have my thanx, in advance!). This only proves
that there are people who are only too willing to teach if someone shows
they are willing to listen, and learn.

     The moral of the story is this: Someone had to teach you at one time,
didn't they Perry? One is well-advised to remember, and be humbled by, the
fact that they weren't born knowing everything. Flames in e-mail, please.
Constructive replies always welcome.

                                   --Jeff
--
+------------------------------------+---------------------------------------+
| Jeff Gostin                                      jgostin at eternal.pha.pa.us |
+------------------------------------+---------------------------------------+
| "The risk... is that our vision is too small, our dreams not large enough" |
|                                             -Jim Seymour                   |
+------------------------------------+---------------------------------------+





From gtoal at an-teallach.com  Fri Jun 17 16:51:10 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 17 Jun 94 16:51:10 PDT
Subject: "Thomas A Douglas", do you mind?
Message-ID: <199406172351.AAA14807@an-teallach.com>


Whoever it is on illuminati.io.com forging mail to cslaw with a
return address of cypherpunks, kindly fuck off, and remember you're
not the only person from io.com who reads this group.  This sort of
trivial forgery is easy to track down if anyone could be bothered.

G

> The original message was received at Fri, 17 Jun 1994 13:45:53 -0500
> from illuminati.io.com [198.4.60.10]

>    ----- The following addresses had delivery problems -----
> <cslaw at pericles.com>  (transient failure)

> Return-Path: cypherpunks at toad.com
> Received: from  (illuminati.io.com [198.4.60.10]) by wuarchive.wustl.edu (8.6.8.1/8.6.4) with SMTP id NAA20107 for <cslaw at pericles.com>; Fri, 17 Jun 1994 13:45:53 -0500
> Date: Fri, 17 Jun 1994 13:45:53 -0500
> From: cypherpunks at toad.com
        ^
Not funny.

> Message-Id: <199406171845.NAA20107 at wuarchive.wustl.edu>
> Subject: Green card information, please.
> Apparently-To: <cslaw at pericles.com>

> I am interested in your services. Please send me more information. Thank you.

> -----
> Thomas A. Douglas
> "Just another bump on the Information Superhighway."

Perhaps he forgot to remove his sig file, on the other hand there is no-one
obviously called Douglas on illuminati.





From gtoal at an-teallach.com  Fri Jun 17 16:58:20 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Fri, 17 Jun 94 16:58:20 PDT
Subject: Crypto export legislation defeated in House Intelligence Cmte.
Message-ID: <199406172358.AAA14963@an-teallach.com>


: I recommend that we give up the battle and go fight the real war. We are
: totally outgunned if we stick to this approach and are wasting our time.

: What the entire net community should do is focus it's energies on chopping
: NSA's budget, period. That's what these guys really care about after all. 

There was quite an interesting quotation in one of the British papers
recently from Ames, the CIA spy who was caught - he said that the intelligence
infrastructure in the US was a self-serving bureaucracy. I forget the exact
wording, but it was the sort of thing you'd imagine the head of any big
organisation like that would want to say but was never in a position to
be able to - of course, now Ames can say what he likes :-)  I wonder if
he's available for interviews by the Cypherpunk Press ;-)

G





From roy at sendai.cybrspc.mn.org  Fri Jun 17 17:05:38 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Fri, 17 Jun 94 17:05:38 PDT
Subject: a bit more information on key escrow
In-Reply-To: <9406172135.AA21111@toad.com>
Message-ID: <940617.012753.2E7.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, smb at research.att.com writes:

> I and a few others sent a short list of questions to Dorothy Denning
> and Steve Kent, with a request that they forward them to the other review
> panel members.  Here are Denning's answers.  I do not know if they
> represent the view of the other committee members, or if more details
> will be forthcoming.  In particular, I do not know if anyone on the
> committee will ask NSA to declassify any information relative to these
> questions.  I did ask that if the answer to anything was ``it's
> classified'', that a persuasive rationale for the classification
> status be given.

First off, thanks for passing this along.  Ms. Denning's comments have
some, shall we say, disturbing implications in re this "target system".

> 11.     How are escrowed keys protected during transport and storage?
>         What about backup?

[...]

>         Encrypted Key Components are transported on floppy disks inside
>         tamper-detecting packages.  A number is written on each
>         package.  Upon arrival, the packages are checked for tampering and
>         the numbers are checked.  In the target system, key escrow data
>         will be transmitted electronically using cryptography for
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>         protection.

[...]

> 14.     How will wiretap keys expire?
>
>         When the Escrow Officers load the Key Components into the
>         Decrypt Processor, they also type in the expiration date.  The
>         date is stored with the Unique Key, but the person operating
>         the Decrypt Processor must issue a command to delete the key.
>         When that happens, the Escrow Agents are to be notified of the
>         key deletion.  In the target system, the key will be deleted
>         automatically when the court order expires, and the
>         notification will be sent automatically from the Decrypt
>         Processor.

Somehow, it's not surprising that the current implementation must be
told explicitly to forget a key.  I wonder how many keys a decryptor can
remember at a time, as well.

But the "target system" references are even more sinister.  They seem to
describe an online system for retrieving and using escrowed keys.  Such
a system might be viewed as the data equivalent of the FBI's Digital
Telephony initiative.  And as we all know, where there is an online
connection, there may be a vulnerability.  Remembering that escrow
release will need only an affadavit claiming that a court order exists,
how susceptible to spoofing will the system be?  And if it's on the
Internet (which is, after all, the Highway 101 of the NII), will the
promiscuous packet sniffers be able to snag Clipper Keys on their way to
the spooks?

Can I turn my telescreen down now?
- -- 
Roy M. Silvernail --  roy at sendai.cybrspc.mn.org
                "There's no government like no government!"
                                    -- stolen sig quote

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLgFEnRvikii9febJAQEO9AP9GhZ/+WCs9zAHVeAaGdEPKYyLrCNqTXyA
oQmQZ24qC0AaUawvwTjjdUy2v9UM4WIk+dHIGEzn93SUefyvQ6hbsPSle8tnIwfv
li0BROPUn0zL8JsLR/XWUV2enymhwmX3gUsSIvRxtIa+huyzR8HYXAh4rOxKsDOo
jzOKhIo4IKY=
=o9c+
-----END PGP SIGNATURE-----






From ravage at bga.com  Fri Jun 17 17:46:01 1994
From: ravage at bga.com (Jim choate)
Date: Fri, 17 Jun 94 17:46:01 PDT
Subject: Notes on xmodn...
Message-ID: <199406180045.TAA24895@zoom.bga.com>


 n                 0   1   2   3   4   5   6   7   8   9  10
 nmod5             0   1   2   3   4   0   1   2   3   4   0
 mult5             0   0   0   0   0   1   1   1   1   1   2
 mod3              0   1   2   0   1   2   0   1   2   0   1
 mult3             0   0   0   1   1   1   2   2   2   3   3
 mod3mod5          0   1   2   0   1   2   0   1   2   0   1
 mult 3/5          0   0   0   0   0   0   0   0   0   0   0
 mod5mod3          0   1   2   0   1   0   1   2   0   1   0
 mult 5/3          0   0   0   1   1   0   0   0   0   1   0

I am interested in the behaviour of the modamodb and mult a/b. I have
been unable to find any kind of work along this line...






From jgostin at eternal.pha.pa.us  Fri Jun 17 18:04:30 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Fri, 17 Jun 94 18:04:30 PDT
Subject: (None)
Message-ID: <940617205205U0cjgostin@eternal.pha.pa.us>


Dave Otto <dave at marvin.jta.edd.ca.gov> writes:

> !       While they are aware that software for secure encryption is
> !       available from non-US, they are making a best effort to prevent
> !       a standard from emerging, while hoping that some escrowed
> !       encryption scheme will gain acceptance.
     This is a critically dangerous statement of intent. What we are
seeing here the the US government running scared when they consider the
fact that they won't be able to pry into our lives without asking
permission (IE: for our keys) first. Now it all makes sense. If ever
they've sealed their own fate, now is the most damnable time. If only they
realized how zealously we will guard our encryption rights before saying
something so incriminating, perhaps they would have come up with a better
excuse.

     I don't get active in many things, but, alas, my time of complacency
is over. If the pen is mightier than the sword, perhaps a Bic will level
Congress. 

                                       --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From Ben.Goren at asu.edu  Fri Jun 17 18:58:40 1994
From: Ben.Goren at asu.edu (Ben.Goren at asu.edu)
Date: Fri, 17 Jun 94 18:58:40 PDT
Subject: Let us attack Clipper
Message-ID: <9406180159.AA08164@Tux.Music.ASU.Edu>


No, not with words, as we're all so fond of doing. Instead, I suggest that
the NSA or others provide free access to an EES system on the 'net, for any
and all to attempt attacks.

They could hook up a workstation or two with a couple Tessera cards, and
provide anonymous login access. All functions should be permitted as they
will be in a final implementation.

This is an inexpensive way that EES advocates can permit access to the
system for analysis. It would be only for research purposes--there'd be no
way to encrypt a phone conversation, and anybody would have to be stupid to
encrypt sensitive data with an NSA-owned machine, even assuming you could
get the data to the computer securely in the first place.

To the NSA agent who is surely subscribed: if Clipper is so great, prove
it. If you won't disclose the Skipjack algorithm (but why not if it's
secure?), at least provide access to test its implementation.

b&

--
Ben.Goren at asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben at tux.music.asu.edu for PGP 2.3a public key.







From bwallet at mason1.gmu.edu  Fri Jun 17 19:04:27 1994
From: bwallet at mason1.gmu.edu (Bradley C Wallet)
Date: Fri, 17 Jun 94 19:04:27 PDT
Subject: Perry vs. the Math Teacher
In-Reply-To: <940617183828g5fjgostin@eternal.pha.pa.us>
Message-ID: <Pine.3.89.9406172124.E513-0100000@mason1.gmu.edu>


>      Go figger. It's become a haven of learning, where the more learned
> teach those willing to learn, instead of the self-congratulatory elitist
> squad I was told it once was. That's why *I'm* here, to learn from those
> who know more than I do. I am VERY willing to learn what others have to
> teach. They know more than I do, and there's some very knowledgeable
> people here.
> 
>      I've recieved some very nice replies to my earlier question about
> what O(f(x)) meant, including one from you, Mike McNally, Bill O'Hanlon,
> and Douglas Sinclair (thanx guys!! If anyone else sent anything, I haven't
> recieved it yet, but you do have my thanx, in advance!). This only proves
> that there are people who are only too willing to teach if someone shows
> they are willing to listen, and learn.

but, there is a basic level of competancy that must b assumed...the big O 
is a basic undergrad concept...same for the MOD function...if u hope to 
ever study a specialty field such as cryptology, u have 2 know the basics...

u should already know undergrad math if u r gonna look at crypto 
algorithms...

brad





From frissell at panix.com  Fri Jun 17 19:11:24 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 17 Jun 94 19:11:24 PDT
Subject: Another Cellular Victim
Message-ID: <199406180211.AA29245@panix.com>


I'm watching (presumably) OJ being persued live on CNN.

They report that he was tracked via his cellphone use.  What this country 
needs is a good anonymous cellphone net.

DCF

"When entrenching tools are outlawed, only outlaws will have entrenching 
tools." 


--- WinQwk 2.0b#1165
                                                                                                   





From paul at hawksbill.sprintmrn.com  Fri Jun 17 19:24:45 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Fri, 17 Jun 94 19:24:45 PDT
Subject: Another Cellular Victim
In-Reply-To: <199406180211.AA29245@panix.com>
Message-ID: <9406180327.AA13502@hawksbill.sprintmrn.com>



> 
> I'm watching (presumably) OJ being persued live on CNN.
>

You too, huh?  ,-)

- paul
 




From jef at ee.lbl.gov  Fri Jun 17 19:25:39 1994
From: jef at ee.lbl.gov (Jef Poskanzer)
Date: Fri, 17 Jun 94 19:25:39 PDT
Subject: Another Cellular Victim
Message-ID: <199406180225.TAA03122@hot.ee.lbl.gov>


>They report that he was tracked via his cellphone use.  What this country 
>needs is a good anonymous cellphone net.

Really.  And what's more: when the Colombian drug lord was located
via his cellular use, the story was that the NSA had to bring special
equipment into the country to do the tracking.  That doesn't wash here.
It looks like at least some switches in Amerika are already equipped
to read out locations for individual phones.  They probably don't even
have to wait for you to make a call - they can call you, or even use
the phone's automatic pings.
---
Jef





From sinclai at ecf.toronto.edu  Fri Jun 17 19:26:12 1994
From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N)
Date: Fri, 17 Jun 94 19:26:12 PDT
Subject: Perry vs. the Math Teacher
In-Reply-To: <Pine.3.89.9406172124.E513-0100000@mason1.gmu.edu>
Message-ID: <94Jun17.222604edt.11284@cannon.ecf.toronto.edu>


> but, there is a basic level of competancy that must b assumed...the big O 
> is a basic undergrad concept...same for the MOD function...if u hope to 
> ever study a specialty field such as cryptology, u have 2 know the basics...
> 
> u should already know undergrad math if u r gonna look at crypto 
> algorithms...
> 
> brad

By the same token, I might say that to communicate in a scholarly manner
one must know how to spell and punctuate with marks other than ellipses.
However, I will not.  As has been pointed out, each of us learned the
basic principles of math and cryptography somewhere.  If we can, in the
course of our discussions, bring others up to that level of understanding
then we will have accomplished much.

Certainly "big O notation" and the modulo operator are studied in undergrad
computer science and mathematics.  However, many of us have never studied
these things.  There are a number of high-school students on the list.  There
are people who have never had the oportunity to study technical subjects.
IMHO, these people are all welcome on cypherpunks and have much to contribute.
When I first joined the list, I was a self taught programmer and had never
been taught the formalisms of "big O notation".  We must not become a 
self-congratulatory elite.





From tcmay at netcom.com  Fri Jun 17 20:59:38 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 17 Jun 94 20:59:38 PDT
Subject: Let us attack Clipper
In-Reply-To: <9406180159.AA08164@Tux.Music.ASU.Edu>
Message-ID: <199406180359.UAA25733@netcom8.netcom.com>


Ben Goren writes:

> No, not with words, as we're all so fond of doing. Instead, I suggest that
> the NSA or others provide free access to an EES system on the 'net, for any
> and all to attempt attacks.
...
> This is an inexpensive way that EES advocates can permit access to the
> system for analysis. It would be only for research purposes--there'd be no
> way to encrypt a phone conversation, and anybody would have to be stupid to
> encrypt sensitive data with an NSA-owned machine, even assuming you could
> get the data to the computer securely in the first place.
> 
> To the NSA agent who is surely subscribed: if Clipper is so great, prove
> it. If you won't disclose the Skipjack algorithm (but why not if it's
> secure?), at least provide access to test its implementation.

And what if they *do* prove Clipper is secure (or "great")? How would
that change the objection many of us have to the _concept_ of key
escrow? (By this I mean the likelihood of mandatory key escrow, and a
government-subsidized Clipper product family.)

In my view, any focus on the details of Clipper instead of the overall
concept of key escrow plays into their hands.

This is not to say that the work of Blaze and others is
misguided....in fact, it's very fine work. But a general focus on the
details of Skipjack does nothing to allay my concerns about
government-mandated crypto.

If it were "house key escrow" and there were missing details about the
number of teeth allowed on the keys, would be then all breathe a sigh
of relief if the details of the teeth were clarified? Of course not.

Me, I will never use a key escrow system, even if a blue ribbon panel
of hackers and Cypherpunks studies the design and declares it to be
cryptographically sound.

I say let's not lose sight of the really basic objections.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Fri Jun 17 21:10:57 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Fri, 17 Jun 94 21:10:57 PDT
Subject: Perry vs. the Math Teacher
In-Reply-To: <94Jun17.222604edt.11284@cannon.ecf.toronto.edu>
Message-ID: <199406180410.VAA26873@netcom8.netcom.com>


Douglas Sinclair writes:

> By the same token, I might say that to communicate in a scholarly manner
> one must know how to spell and punctuate with marks other than ellipses.
> However, I will not.  As has been pointed out, each of us learned the

I don't understand your use of the term "ellipse" here. You mean like
a circle? Like a big O? O, I see.

(Just kidding. Spelling flames are especially pointless on a list like this.)

> Certainly "big O notation" and the modulo operator are studied in undergrad
> computer science and mathematics.  However, many of us have never studied
> these things.  There are a number of high-school students on the list.  There
> are people who have never had the oportunity to study technical subjects.
> IMHO, these people are all welcome on cypherpunks and have much to contribute.
> When I first joined the list, I was a self taught programmer and had never
> been taught the formalisms of "big O notation".  We must not become a 
> self-congratulatory elite.

None of us knows everything. The things I know little or nothing
about, I stay out of. I think this is reasonable. The list has 500 or
so people on it, and there's no point in 500 people watchin someone
presume to speak on computational complexity without even knowing the
basic terms, such as Big O notation (for which I would recommend _any_
computer science textbook, perhaps Aho, Hopcroft, and Ullman, or even
a more basic text...the new Leiserson, Rivest, etc. text covers a lot
of such things).

On things I know little or nothing about, I just don't post. You won't
see me rambling on about swIPe, encrypted IP tunnels, algebraic number
theory, etc. (Some of these things I know just enough about to know
they are important, but I leave the inner workings for others.)

The recent unpleasantness is just a continuing pattern of someone
getting a bug in his bonnet and not letting a topic drop.

Let's just let it drop.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From cei at access.digex.net  Fri Jun 17 22:57:36 1994
From: cei at access.digex.net (Competitive Enterprise Institute)
Date: Fri, 17 Jun 94 22:57:36 PDT
Subject: O(f(x))
In-Reply-To: <940617160624Y4Wjgostin@eternal.pha.pa.us>
Message-ID: <Pine.3.89.9406180153.A7665-0100000@access1.digex.net>


On Fri, 17 Jun 1994, Jeff Gostin wrote:

>      Well, I don't know what it means. If you'd care to tell me, even in
> mail, I'd like to know. I've been following this thread with interest, but
> I don't pretend to follow this X(f(y)) notation all the time. I understand
> that it means we are applying function X to the result of f(y)... Anyone
> who's passed Trig or Elem. Functions does. I don't understand what
> function O(x) represents.

The way *I* learned it was like this:
g(x) = o(f(x)) means that g(x)/f(x) -> 0 (as x goes to some specified limit)
g(x) = O(f(x)) means that |g(x)/f(x)| is bounded (as x goes to some limit)

In other words: a function that is o(f(x)) is of lower order than f(x), 
while a function that is O(f(x)) is of no higher order than f(x).

						- Sasha Volokh





From harmon at tenet.edu  Fri Jun 17 23:08:47 1994
From: harmon at tenet.edu (Dan Harmon)
Date: Fri, 17 Jun 94 23:08:47 PDT
Subject: DSS
Message-ID: <Pine.3.89.9406180046.A13281-0100000@Joyce-Perkins.tenet.edu>



Network World of June 6, 1994 has a brief article on DSS.  In the article 
it says that "some firms do not appear worried about legal threats fron PKP.
AT&T, which sells SecretAgent - software that uses both DSS and RSA 
signatures - has not obtained a patent for DSS from PKP; neither has 
Information Security Corp., the Deerfield, Ill. bases company that 
develops SecretAgent exclusively for AT&T."  

What do they know that we do not?  Makes you wonder about all of PKP's 
claims.  Has PKP ever sued anyone over their patents or have they just 
threatened?  Very curious.

Dan Harmon
 





From 0005514706 at mcimail.com  Sat Jun 18 00:44:54 1994
From: 0005514706 at mcimail.com (Michael Wilson)
Date: Sat, 18 Jun 94 00:44:54 PDT
Subject: Tracking cellular phones (OJ reference)
Message-ID: <83940618074238/0005514706NA1EM@mcimail.com>


About the earlier note on tracking cell phones.  It isn't hard.  In fact, the 
network HAS TO do it, essentially.  A cell phone has a pager in it that signals 
when it is getting a call, what cell to go for, and frequencies (check out the 
old Bell System Technical Journals from when cell technology was a research 
project at what is now Ameritech).  Cell receiver stations are arranged in a hex
about 8 miles on a face.  When a signal gets weak (it can tell signal 
strengths), the phone is handed off to a better cell; it can go a good round of 
local cells until it actually hits a stronger receiver site.  Using this, you 
can bounce the phone around to different cell receivers, test signal strength 
(none of this actually activates the phone, it is part of the standard polling),
and get a fairly good fix on location.  After that it is simply a matter of 
flooding the area with enough black and whites to find the phone (in this case, 
the car that OJ was driving around in, which they did pick up from a helo).  No 
real need for special gear, other than what it might take to track a signal 
through triangulation on a local basis; standard FCC gear for hunting pirate 
radio and video bands, and easily available for law enforcement.  So think of 
your cell phone as a leash, 'cause that's what it is.

Anyone else notice a serious *lack* of usage of cyberpunk style journalism in 
this one?  Scanners to track police, listening in on 911 reports, hunting down 
the local cell phones to listen to them, a directional mic to hear negotiations.
The local LAPD didn't even know how to pull the number of their own cell phone.

Back to lurking...  ;)
[A special note to our friends in the intelligence community out there...
 Tag, you're it!
 With love, The Nemesis Group]





From hugh at ecotone.toad.com  Sat Jun 18 00:50:32 1994
From: hugh at ecotone.toad.com (Hugh Daniel)
Date: Sat, 18 Jun 94 00:50:32 PDT
Subject: ADMIN: List Software Upgrade Warning
Message-ID: <9406180748.AA14308@ecotone.toad.com>



  This is a "two birds with one stone" message, testing the new
version of MajorDomo that I just installed and telling you folks that
if you have any strange problems with the list to please contact me
about them.

		||ugh Daniel
		Sometimes Postmaster
		hugh at toad.com





From ghio at cmu.edu  Sat Jun 18 02:34:47 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Sat, 18 Jun 94 02:34:47 PDT
Subject: Prime magnitude and keys...a ?
Message-ID: <9406180933.AA00430@toad.com>


Jim choate <ravage at bga.com> wrote:

| No, again   it will allow you to find the secret key, it will not
| provide any information about the factors of that number. It might
| be used for that but as you have pointed out, it takes a long time.

Okay, obviously neither you or Perry know what you're talking about, or
you are too busy flaming each other to express your thoughts coherently.

Finding the secret key WILL allow you to factor the modulus (assuming you
know the public key).  Therefore, solving for the secret exponent is
equivilent to factoring.  This has been discussed before.  I thought you
have been on the list long enuff to remember it, but it is obviously
necessary to restate the explanation for those who haven't seen it before.

Assume we have:  Two (unknown) prime numbers p and q, a known modulus n,
where n is the product of p and q, and known public key exponent e.  Now,
suppose someone discovers the corresponding secret key d.

Now assuming the case where de=(p-1)(q-1)+1, we have two equations with two
unknowns:

  pq = n
  de = (p-1)(q-1) + 1

Solving for p and q is simply a matter of solving simeltaneous equations.
First, we rewrite the second equation:

  de = pq - p - q + 2

Now we substitute the known values for de and pq and do some simple algebra:

  p = n - de + 2 - q

Substitute p in the original equation:

  q(n-de+2-q) = n
  q(n-de+2) - qq = n
  -qq + q(n-de+2) - n = 0
  qq - q(n-de+2) + n = 0

Now solve for q using the quadratic formula.

  q=((n-de+2)+((n-de+2)^2-4)^(.5))/2

P can then be found (of course) by dividing n by the now-known value for q.


Now, there is the possibility that (p-1)(q-1)+1 will not equal d*e.  However,
d*e will always be equal to k(p-1)(q-1)+1 where k is an interger.  Given
PGP's fondness for using 17 for d, and since e < (p-1)(q-1) then
de < 17(p-1)(q-1), therefore k<17.  It would therefore be fairly easy to find
k, since it could only be one of sixteen possible values.


Furthermore, (and more importantly), it is not necessary to know the prime
factorization to generate key pairs.  It is only necessary to know a valid
number of the form k(p-1)(q-1).  You can find an inverse key for any public
key just by finding its multiplicative inverse modulo k(p-1)(q-1)
(k, p, & q do not need to be known.)  Therefore, if you find one keypair,
you can find them all.





From cardtris at umich.edu  Sat Jun 18 08:41:31 1994
From: cardtris at umich.edu (Jennifer Mansfield-Jones)
Date: Sat, 18 Jun 94 08:41:31 PDT
Subject: (None)
In-Reply-To: <940617205205U0cjgostin@eternal.pha.pa.us>
Message-ID: <Pine.3.89.9406181117.C23725-0100000@menander.ccs.itd.umich.edu>


On Fri, 17 Jun 1994, Jeff Gostin wrote:
> 
>      I don't get active in many things, but, alas, my time of complacency
> is over. If the pen is mightier than the sword, perhaps a Bic will level
> Congress. 
> 
     Alas, the full quote runs "Under the rule of men entirely great, the 
pen is mightier than the sword".  Pen wielders tend to omit that awkward 
preface.
                                      -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Dept. of Biology                             Jennifer Mansfield-Jones
University of Michigan                             cardtris at umich.edu






From m5 at vail.tivoli.com  Sat Jun 18 09:11:50 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Sat, 18 Jun 94 09:11:50 PDT
Subject: Another Cellular Victim
In-Reply-To: <199406180225.TAA03122@hot.ee.lbl.gov>
Message-ID: <9406181611.AA01016@vail.tivoli.com>



Jef Poskanzer writes:
 > It looks like at least some switches in Amerika are already equipped
 > to read out locations for individual phones.  

This is not actually that surprising.  All they need is to know which
phones are using a band on a cell site, and they narrow the search
down to a relatively small area.  I seriously doubt that they can do
triangulation (I mean, they *could*, but there's not much likelihood
that the cellular operators would incorporate something complicated
and expensive but useless into the system), though they could easily
track movement by noting the progess of a phone as it was handed off
from cell to cell.

 > They probably don't even have to wait for you to make a call - they
 > can call you, or even use the phone's automatic pings.

This would be a little scary, though possible.  The problem could be
dealt with by ensuring that a phone always gives off an audible alarm
when it's contacted while on-hook.  Or, of course, you just turn the
phone off.

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From grendel at netaxs.com  Sat Jun 18 09:27:10 1994
From: grendel at netaxs.com (Michael Handler)
Date: Sat, 18 Jun 94 09:27:10 PDT
Subject: "Thomas A Douglas", do you mind?
In-Reply-To: <199406172351.AAA14807@an-teallach.com>
Message-ID: <Pine.3.89.9406181224.B7341-0100000@access.netaxs.com>


On Sat, 18 Jun 1994, Graham Toal wrote:

> > The original message was received at Fri, 17 Jun 1994 13:45:53 -0500
> > from illuminati.io.com [198.4.60.10]
> 
> >    ----- The following addresses had delivery problems -----
> > <cslaw at pericles.com>  (transient failure)
> 
> > Return-Path: cypherpunks at toad.com
> > Received: from  (illuminati.io.com [198.4.60.10]) by wuarchive.wustl.edu (8.6.8.1/8.6.4) with SMTP id NAA20107 for <cslaw at pericles.com>; Fri, 17 Jun 1994 13:45:53 -0500

	It originated from wuarchive.wustl.edu....

> > Message-Id: <199406171845.NAA20107 at wuarchive.wustl.edu>

	Wuarchive again....

> > Apparently-To: <cslaw at pericles.com>

	...And to top it off, an obvious SMTP forgery. Anybody who has 
the original uncut message, please forward it to 
<postmaster at wuarchive.wustl.edu> and tell them that someone is misusing 
their SMTP server....

> > Thomas A. Douglas
> > "Just another bump on the Information Superhighway."

	Sounds like Detweiler... The whole parodying thing of TC May's 
.sig file....

--
Michael Brandt Handler                                <grendel at netaxs.com> 
Philadelphia, PA                            PGP v2.6 public key on request






From pgf at srl.cacs.usl.edu  Sat Jun 18 09:29:12 1994
From: pgf at srl.cacs.usl.edu (Phil G. Fraering)
Date: Sat, 18 Jun 94 09:29:12 PDT
Subject: Another Cellular Victim
Message-ID: <199406181628.AA06095@srl03.cacs.usl.edu>


I was on a trip out of town a while back... as soon as I crossed
into another cellular network boundary, I got a call from the
provider's sales droid, telling me how to use their service. They
_are_ tracking individual phone movement, IMHO.

pgf





From tcmay at netcom.com  Sat Jun 18 09:36:30 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sat, 18 Jun 94 09:36:30 PDT
Subject: Position Escrow System
Message-ID: <199406181636.JAA01483@netcom2.netcom.com>


Forwarded without comment, for now:

AP, Washington. In an interview on Cable News Network's "Weekend
Events," Attorney General Janet Reno said the recent O.J. Simpson case
demonstrate the need for the Administration's "position escrow
system," PES. 

With position escrow, she said, each citizen would emit unique
identifying code in the radio spectrum, whose signals could be
triangulated and then stored in a data base of positions versus time.
"This will allow us to track criminals, suspects, fugitives,
terrorists, child support deadbeats, and father rapers," she said.

Under the Administration proposal, positions would be escrowed by
"reputable" escrow agents, such as the Department of Internal Security
and the local authorities. Release of the escrow information would
require a court order, or at least a pretty good reason. National
security concerns could of course override the escrow.

"Would you want terrorists able to move freely through your city?,"
Reno asked. She acknowledged that the United States is engaged in
high-level consultations with other nations, including North Korea,
Cuba, France, and Iran, to coordinate with their own citizen tracking
programs.

Asked if this plan is not too Orwellian for Americans, Reno replied:
"The average citizen-unit has nothing to fear from PES if he has
nothing to hide. If, however, he is stopping off at bars on his way
home from work, and his National HealthPlan contract forbids alcohol
consumption, then we'll nail him."

The Position Escrow System does not require legislative approval, as
it has been made part of existing Executive Branch actions. Initial
testing of PES is now underway in Waco, Texas.


***end AP story***


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From khijol!erc  Sat Jun 18 10:04:32 1994
From: khijol!erc (Ed Carp [Sysadmin])
Date: Sat, 18 Jun 94 10:04:32 PDT
Subject: totally secure email?
Message-ID: <m0qF3jJ-0004JTC@khijol.uucp>


-----BEGIN PGP SIGNED MESSAGE-----

Howdy!  I'm trying to totally secure email as soon as it comes into a site,
before it hits me mailbox.  I don't have root access, though. :(

What I've tried is to do a "|pgp -feat ecarp|rmail erc%khijol at apple.com",
but pgp just produces empty files!  If I execute it by hand, it works.
Anyone know either (1) why it isn't working wnd how to fix it, or (2)
suggect a better alternative?  For political reasons, my email must be encrypted
as soon as it hits the site before it gets dropped in my mailbox, or the sysadmin
will read it (snoopy bugger) and find out I'm looking for a job elsewhere.

Thanks for all your help!!
- -- 
Ed Carp, N7EKG/VE3	ecarp at netcom.com, Ed.Carp at linux.org

"What's the sense of trying hard to find your dreams without someone to share
it with, tell me, what does it mean?"        -- Whitney Houston, "Run To You"

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgMnySS9AwzY9LDxAQF81AP9FIZnm0r0BoIl85dQgbedwpoSIEjlhoUJ
jTM/bXiNW07udBzmsS6Egb2HeuNOy4Hai+sw52rk4IhuBYVhi+z6OooQVLnsu5Qo
arxcfaqGEfW7peg45FcyAO2MEuJURIsjk26bKsUR+RRHm7y2BqnKKq7NnqZjDWAe
YNk8YOUQK/Y=
=IyWZ
-----END PGP SIGNATURE-----




From jrochkin at cs.oberlin.edu  Sat Jun 18 10:43:10 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Sat, 18 Jun 94 10:43:10 PDT
Subject: totally secure email?
Message-ID: <199406181742.NAA28347@cs.oberlin.edu>


> For political reasons, my email must be encrypted as soon as it hits
> the site before it gets dropped in my mailbox, or the sysadmi n will
> read it (snoopy bugger) and find out I'm looking for a job elsewhere.

Get teh unix program "procmail", source available on any comp.sources.misc archive, 
or, probably, at ftp.informatik.rwth-aachen.de /pub/unix/procmail.tar.Z.
 
This program lets you do things like sort your mail into different mailboxes
as soon as it comes in. It's also really easy to use it as a hook for
other programs or shell scripts to operate on mail as soon as it comes
in. It shouldn't be very hard to do what you want, but there are a couple
of things to be aware of here:
1) Your sysadmin can assuredly get around this too if he wants, and get
at your mail even before procmail does. As a general rule of thumb, the
sysadmin can do anything. But getting aroudn this would definitely be more
dificult then simply reading your /spool/mail file. 
2) You obviously don't want to leave your private key in your unix
account, as the sysadmin could just use it to decrypt all your mail
and read it. Obvious of course, but sometimes it's easy to overlook the
obvious.
 
Of course the best solution would be to have your correspondents send you
PGP encrypted mail, but I guess the best solution isn't always available.





From nobody at soda.berkeley.edu  Sat Jun 18 10:48:37 1994
From: nobody at soda.berkeley.edu (Tommy the Tourist)
Date: Sat, 18 Jun 94 10:48:37 PDT
Subject: Another Cellular Victim
Message-ID: <199406181748.KAA16670@soda.berkeley.edu>


> >They report that he was tracked via his cellphone use.  What this country
> >needs is a good anonymous cellphone net.

> Really.  And what's more: when the Colombian drug lord was located
> via his cellular use, the story was that the NSA had to bring special
> equipment into the country to do the tracking.  That doesn't wash here.
> It looks like at least some switches in Amerika are already equipped
> to read out locations for individual phones.  They probably don't even
> have to wait for you to make a call - they can call you, or even use
> the phone's automatic pings.

   No NSA equipment needed. A simple scanner and some software can be
used to track which cell you are in. They didn't have to triangulate
OJ's position or anything, they only needed to know which cell he was in,
and the direction he was traveling. The rest is simple.

(you can find such software on hack/phreak BBSes already. The only
personal information needed is the telephone # of the cell phone)


------------
To respond to the sender of this message, send mail to
remailer at soda.berkeley.edu, starting your message with
the following 7 lines:
::
Response-Key: ideaclipper

====Encrypted-Sender-Begin====
MI@```$YS^P;+]AB?X9TW6\8WR:.P&2'N\0Q?\$?[X!7/,SN6`JBJ$D//!Z"Z
FS)`S)G0<=-J!/44-Q$^WK"37[MUZNKYYE)[BS7ZNSJSP<LH*RSD`
====Encrypted-Sender-End====





From karn at qualcomm.com  Sat Jun 18 10:53:03 1994
From: karn at qualcomm.com (Phil Karn)
Date: Sat, 18 Jun 94 10:53:03 PDT
Subject: Another Cellular Victim
In-Reply-To: <9406181611.AA01016@vail.tivoli.com>
Message-ID: <199406181734.KAA01562@servo.qualcomm.com>


Bear in mind that OJ himself placed a call to 911.  You sort of expect
to lose some of your privacy when you do that.

As everyone knows, when you call 911 from a landline telephone your
phone number and address are automatically displayed on the
dispatcher's console. As strongly pro-privacy as I am, I'd find it
hard to argue against this particular feature. If I called 911 in an
emergency, I'd *want* my address to show up. Especially if I was too
panicked or sick or whatever to give it over the phone.

What I don't know, and am trying to find out, is whether there are any
comparable features in the LA/Orange cellular and 911 systems that
would have displayed the caller's cell site to the 911 dispatcher, or
whether some ad-hoc telephone company help was required.

But however it was done, it worked. This does tend to undermine the
FBI's claim that they can't catch crooks using cell phone systems...

Phil






From nobody at rebma.rebma.mn.org  Sat Jun 18 10:56:04 1994
From: nobody at rebma.rebma.mn.org (nobody at rebma.rebma.mn.org)
Date: Sat, 18 Jun 94 10:56:04 PDT
Subject: DSS
Message-ID: <199406181657.LAA00229@rebma.rebma.mn.org>


Dan Harmon wrote:

>What do they know that we do not?  Makes you wonder about all of PKP's
>claims.  Has PKP ever sued anyone over their patents or have they just
>threatened?  Very curious.

They have just threatened.






From jrochkin at cs.oberlin.edu  Sat Jun 18 11:04:50 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Sat, 18 Jun 94 11:04:50 PDT
Subject: O(f(x))
Message-ID: <199406181801.OAA28517@cs.oberlin.edu>


> The way *I* learned it was like this: g(x) = o(f(x)) means that
> g(x)/f(x) -> 0 (as x goes to some specified limit) g(x) = O(f(x))
> means that |g(x)/f(x)| is bounded (as x goes to some limit)
> 
> In other words: a function that is o(f(x)) is of lower order than
> f(x),  while a function that is O(f(x)) is of no higher order than
> f(x).
 
Well, close anyway. Okay, here's straight out of my Discrete math textbook:
"A useful way to check whether f [is a member of] O(g), is to look
at the limit:
Lim(as n->infinity)  (f(n)/g(n))
In other words, we look at the _asymptotic_ behavior of f and g. If this
limit exists (in practice it usually does) and is a finite number (possibly
0), we can conclude taht f [is a member of] O(g). If this limit is
infinity, then f [is not a member of] O9g). For example,
7n**3 + 100n -3 [is a member of] O(n**3), because the limit of the
ratio of these functions, as n->infinity, is the finite number 7. In fact,
if the limit is a _nonzero_ number, as in this case, then O(f)=O(g).
 
Okay, end of the quote. What all this stuff is used for is just comparing
the running time of different algorithms. If you've got an algorithm whose
running time varies with size of input n, according to the function
7n**3 + 100n -3, then this is _basically_ the same as if it varied 
according to n**3. Now, according to the definition of "big -oh notation
", which is what this is called, we could also say that function
was an element of O(n**4), or O(n**20), or even O(3**n). So what
big-oh notation really means is that function f is basically the same
as, or better then, function g. But in practice we pick the "quickest"
simple function g. So we call the functions (5n**4 + 4) (32n**4 +43n)
and (n**4 +n**3 +n**2) elements of O(n**4). Which means that algorithms
whose running times were described by those functions are all
about the same speed, and are all about the same speed as n**4 too.
 
Furthermore, any function which is O(n**k) for any k, is called _polynomial_.
A polynomial algorithm is slow. Better is one which is an element of
O(n log(n)), or even O(n), which is called _linear_.
 
There ends the lesson. :)





From tcmay at netcom.com  Sat Jun 18 11:18:15 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sat, 18 Jun 94 11:18:15 PDT
Subject: Andy Grove on Clipper
Message-ID: <199406181818.LAA22161@netcom4.netcom.com>


In between the helocopter coverage of OJ, which looked like outtakes
from "Speed" in slo-mo, I happened to catch a repeat showing of the
"Larry King Live" discussion with Al Gore, Andy Grove, the head of the
FCC, and a journalist.

The transcript was posted here, so I won't try to check on the
details. Just my impressions, having worked with Grove.

I say impressions because its important we understand how views come
to be held, how strongly they are held, whether they can be changed,
etc.

In the case of Grove's comment that Clipper is just an extension into
the digital real of existing wiretap "rights," I think I can see why
he has this view--I don't agree with it, of course, but his view is
probably the dominant view. Something we need to understand. 

To wit,

* If asked whether digital transmission should "exempt" someone from
wiretaps, most people would say "No, of course not." (There are subtle
issues here, of course. More on this later.)

* If asked a different question, about whether users should be
compelled to use a government encryption and key escrow system, the
answer for most Americans is different: "No, of course not."
(Actually, same answer, different question.)

If I were trying to convince Grove of the "Cypherpunks position," I
would of course make these arguments about mandatory escrow, about the
parallels to "diary escrow" (after all, cops can search papers with
search warrants, so doesn't this mean that the digital age needs
"diary and papers escrow"?) and other such travesties.

I think it might take an hour of discussion, but eventually a light
bulb would go off in his head and he'd see that the price paid with
these "escrow" systems--especially if _mandatory_, as most of think is
the real agenda--is simply too high for a nominally free society to
put up with.

(I had these hour-long debates with Grove, Moore, and Barrett when I
was at Intel, and sometimes I won. Often I lost. I won't be having any
opportunities to argue the Clipper issue with them, of course.)

I'm citing this because it helps to explain the dichotomous reaction
to Clipper. If the question about Clipper is phrased as an issue of
privacy, do Americans have the right to keep conversations private,
etc., then the answer is overwhelmingly (80%, as in Time-CNN poll)
pro-privacy. If, however, the question is phrased in terms of
"legitimate law enforcement needs" and whether suspected terrorists
and pedophiles have a sacred right to use "fortress-like crypto," then
I suspect the answer will shift in the other direction rather
dramatically.

With egg all over their face on Clipper, I see the Administration now
launching a new campaign, a campaign being led by Donn Parker, Dorothy
Denning, Andy Grove, and others. In this campaign, the second approach
mentioned above will be dominant: a focus on pedophiles who "encrypt
their list of victims," a focus on "terrorists who form virtual
networks around the world," and a focus on "money launderers who use
crypto anarchy to spread their poison."

Their is little chance that we Cypherpunks will get the opportunity to
make our case in the public...the hour it might take me to convince
Grove, as an example, is about 59 minutes more than the "sound bite"
any of us will be given.

Is it hopeless? For public relations, probably yes. Fortunately, the
power of strong crypto lies in its use. The leverage effect.

As Phil Karn put it: "Don't get mad, get even. Write code."


--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Sat Jun 18 11:33:43 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sat, 18 Jun 94 11:33:43 PDT
Subject: Having your own computer means never having....
In-Reply-To: <199406181742.NAA28347@cs.oberlin.edu>
Message-ID: <199406181833.LAA23673@netcom4.netcom.com>


Jonathan Rochkind wrote:

...

> 2) You obviously don't want to leave your private key in your unix
> account, as the sysadmin could just use it to decrypt all your mail
> and read it. Obvious of course, but sometimes it's easy to overlook the
> obvious.
>  
> Of course the best solution would be to have your correspondents send you
> PGP encrypted mail, but I guess the best solution isn't always available.

And an even better solution is for folks to have their own private
machines and access to one of the cheap Internet service providers
springing up all around. Then they won't have to worry about their
corporations "snooping" in their e-mail files. Or restricting them
about using PGP or other crypto.

Corporations have a legitimate reason to tell employees what they can
and can't use. After all, corporations are held liable for most
employee actions (so those death threats to whitehouse.gov will
reflect back on the company) and have other concerns as well
(espionage, extortion, bribery, too much use of the Net, etc.).

Having your own computer means never having to say you're sorry.

(I fear laws telling corporations they *can't* snoop as much as I fear
Clipper. The reasons are obvious, to me at least, and I can expand on
this point if anyone's really interested.)

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From jgostin at eternal.pha.pa.us  Sat Jun 18 12:20:16 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Sat, 18 Jun 94 12:20:16 PDT
Subject: (None)
Message-ID: <940618133142c6Njgostin@eternal.pha.pa.us>


Dan Harmon <harmon at tenet.edu> writes:

> What do they know that we do not?  Makes you wonder about all of PKP's 
> claims.  Has PKP ever sued anyone over their patents or have they just 
> threatened?  Very curious.
     They know that they have deep pockets. AT&T has some of the deepest
pockets in the country, and could out-money PKP/RSA in yesterday's
heartbeat. PKP fights little guys... that's all they've HAD to fight, so
far. Now that they have a real opponent, who can meet (and surpass) their
level of gameplaying, it'll be interesting to see what happens.

                                             --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From bmorris at netcom.com  Sat Jun 18 12:24:26 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Sat, 18 Jun 94 12:24:26 PDT
Subject: ANOTHER CELLULAR VIC
Message-ID: <199406181924.MAA12284@netcom11.netcom.com>


To: cypherpunks at toad.com

KK> Bear in mind that OJ himself placed a call to 911.  You sort of expect
KK> to lose some of your privacy when you do that.

Actually OJ called his ex-wifes condo, her father answered, OJ said he
was coming over to kill himself, the father ran out yelling "Call 911".

But yes, I would want my cell phone number to appear on the 911
dispatchers screen too.

 * RM 1.4 B0037 *
                                                                                                            





From bmorris at netcom.com  Sat Jun 18 12:24:27 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Sat, 18 Jun 94 12:24:27 PDT
Subject: (NONE)
Message-ID: <199406181924.MAA12281@netcom11.netcom.com>


To: cypherpunks at toad.com

CC> Alas, the full quote runs "Under the rule of men entirely great, the
CC> pen is mightier than the sword".  Pen wielders tend to omit that awkwa
CC> preface.

Perhaps a better ( and more optimistic ) way to put it would be
"All the armies on earth can not stop an idea whose time has come".

 * RM 1.4 B0037 *
                                             





From ebrandt at jarthur.cs.hmc.edu  Sat Jun 18 12:36:50 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Sat, 18 Jun 94 12:36:50 PDT
Subject: (None)
In-Reply-To: <940618133142c6Njgostin@eternal.pha.pa.us>
Message-ID: <9406181936.AA10330@toad.com>


> From: Jeff Gostin <jgostin at eternal.pha.pa.us>
> Now that they have a real opponent, who can meet (and surpass) their
> level of gameplaying, it'll be interesting to see what happens.

I think some people are misinterpreting the situation.  The case
of DSS is atypical, because RSADSI doesn't hold a patent on DSS.
They hold another patent which they claim can be stretched to
cover DSS; NIST's and ATT's lawyers apparently disagree.

This is different from, say, using RSA.  They hold a patent which
does quite clearly cover RSA.

   Eli   ebrandt at hmc.edu






From mpd at netcom.com  Sat Jun 18 13:01:22 1994
From: mpd at netcom.com (Mike Duvos)
Date: Sat, 18 Jun 94 13:01:22 PDT
Subject: Andy Grove on Clipper
In-Reply-To: <199406181818.LAA22161@netcom4.netcom.com>
Message-ID: <199406182001.NAA06781@netcom13.netcom.com>


Tim writes:

 > With egg all over their face on Clipper, I see the
 > Administration now launching a new campaign, a campaign
 > being led by Donn Parker, Dorothy Denning, Andy Grove, and
 > others. In this campaign, the second approach mentioned
 > above will be dominant: a focus on pedophiles who "encrypt
 > their list of victims," a focus on "terrorists who form
 > virtual networks around the world," and a focus on "money
 > launderers who use crypto anarchy to spread their poison."

This is beginning already.  I haven't seen anything in the
mainstream press lately on Cyberspace in which the word
"pedophile" wasn't mentioned prominently.  The enemy learned long
ago that you can get the public up in arms about almost anything,
as long as you package it as either a public safety or child
protection issue.

I don't think we have very much time left to save our precious
encryption rights from Big Brother.  Revoking rights is like frog
boiling.  As long as it is done slowly enough, it goes relatively
unnoticed.

Bill Clinton was talking yesterday about how no one complains any
more about tight airport security and accepts it as a fact of
life.  Contrast this with the screams of outrage from the first
few people forced to walk through metal detectors and have their
baggage searched.

Remember when civil forfeiture started?  First only profits from
illegal activities were seized.  They quickly moved to seizing
all of a suspects assets.  Now cops can stop you on the road,
empty your pockets, and take your money using only the
justification that possession of more than a certain amount is
evidence of wrongdoing.

Look at the engineering of public attitudes on marijuana,
underage erotica, and even smoking that have taken place over the
last decade.

Pretty soon the public will accept the notion that they must give
up all their personal privacy in order to protect us from
terrorists, drug dealers, and people with rarified sexual
interests.  Only incompetent opposing points of view on this
issue are ever presented by the mainstream media.  Give these
people another year or two, and they will be telling us that mere
possession of PGP abuses children in some ficticious and
vicarious manner.

Because the government is so powerful, and we are not, we have to
avoid the pitfall of harping frivilous issues in a last desperate
attempt to thwart the federal agenda.  Attacks on Denning's
character, the Clipper algorithm, and the LEAF field, while
interesting, do nothing to help our cause.  What will we do when
the government presents us with an escrowed, publicly reviewed,
unbreakable strong encryption algorithm which is mandatory?  We
need to concentrate on the basic issues here and state them
clearly many times in language the public can understand.

The public slap in the face our agenda received the other day on
the crypto export issue should be proof enough that our enemies
will accept nothing less than the total surrender of our right to
personal privacy.  It's time to stop being nice.  When you go after 
the King, you shoot to kill.

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $





From khijol!erc  Sat Jun 18 13:41:30 1994
From: khijol!erc (Ed Carp [Sysadmin])
Date: Sat, 18 Jun 94 13:41:30 PDT
Subject: Position Escrow System
In-Reply-To: <199406181636.JAA01483@netcom2.netcom.com>
Message-ID: <m0qF3pD-0004JTC@khijol.uucp>


-----BEGIN PGP SIGNED MESSAGE-----

> With position escrow, she said, each citizen would emit unique
> identifying code in the radio spectrum, whose signals could be
> triangulated and then stored in a data base of positions versus time.
> "This will allow us to track criminals, suspects, fugitives,
> terrorists, child support deadbeats, and father rapers," she said.

<sigh>  Tim's at it again.  :)  Keep it up, Tim ... I got a good chuckle out
of this one :)
- -- 
Ed Carp, N7EKG/VE3	ecarp at netcom.com, Ed.Carp at linux.org

"What's the sense of trying hard to find your dreams without someone to share
it with, tell me, what does it mean?"        -- Whitney Houston, "Run To You"

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgMpOCS9AwzY9LDxAQF9ZwP+IlXsTbBl6qvBcM3fOulat8TyLqnjDOqw
3QUNDPhkLlSgeKssmcKrjceUb4sw5KbBEFRSqUbPY0HmlXw5RTiTqjWVr5sC1+Mr
xXPWncT9ajLmO5LRlbLgMRXF7Z6MdBQIcK9Q7WUphGEjpUOAsbhIPQVDyDC+ZDYe
v6QlEzFnbxc=
=bU/O
-----END PGP SIGNATURE-----




From jmdk+ at andrew.cmu.edu  Sat Jun 18 13:42:15 1994
From: jmdk+ at andrew.cmu.edu (Jason C Miller)
Date: Sat, 18 Jun 94 13:42:15 PDT
Subject: ANOTHER CELLULAR VIC
In-Reply-To: <199406181924.MAA12284@netcom11.netcom.com>
Message-ID: <Ei0pile00WB65bzW58@andrew.cmu.edu>




This is kind of offtopic, but I wanted to correct something.


At least from what I know, if you place a 911 call from a cellular, it
doesn't pass any information on the phone number (or car) at all.  This
was originally posted on from the telcom groups.  I later tested it in
some respect.  E911 uses ANI to get your number, so I did a check on ANI
from a cellular.  The number ANI gets is a call-out-only line from the
cellular MTSO.

So how'd they find him? Your friend comes along with you on your run
from the cops.  You take his bronco (dumb move #1), you use HIS cellular
phone not a payphone (dumb move #2), you place long calls so the FCC can
track you in one of those nifty vans you only see in LA and NYC (dumb
move #3), and you call people who the government would expect you to
call (dumb move #4).  Well, with a simple addition they could have the
phone company add ANI to all his family/friends. Then they would know
its a cellular, and knowing that, they kinda guessed who owned it.  I
don't give them that much credit though, probably a tip from a
friend/family told the LAPD/FBI/CIA/NSA/FCC/BLAH that he was calling
from his friends Bronco. Then its a matter of waiting for another
cellular call. At that point, you'd know the tower (about a one mile
radius) and then you'd could easy send cops or a trianglulation van to
hunt him down with a 99% sucess rate.

Why anyone would attempt to run like this baffles me.  Unless he was
just stalling for time, he did things I think my little sister even
knows NOT to do in that situation.

Once again, sorry for the blurb, lets get back to cryptography.

Smiles,
jason




-
In the end we will conserve only what we love, we will love only what we
understand, we will understand only what we are taught.
-
|\\|        Jason Miller             |//| jmdk at cmu.edu      CALL (412)/325-2036
|//| Mathematics/Information Systems |\\| jcm at sei.cmu.edu   PAGE (800)/901-0840
|\\|   Carnegie Mellon University    |//| dyn at cs.cmu.edu    FAX  (412)/268-5758





From KEFIR at pluton.pol.lublin.pl  Sat Jun 18 13:49:19 1994
From: KEFIR at pluton.pol.lublin.pl (Martin Strzyzewski)
Date: Sat, 18 Jun 94 13:49:19 PDT
Subject: No Subject
Message-ID: <3E52C563EF@pluton.pol.lublin.pl>


Y0

I want more info about cypherpunks....who r they?
im form Poland.,.....
thx


              -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-        
              |               Martin Strzyzewski                |
              |                     kefir                       |
              |           kefir at pluton.pol.lublin.pl            |
              -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-





From qwerty at netcom.com  Sat Jun 18 13:51:59 1994
From: qwerty at netcom.com (-=Xenon=-)
Date: Sat, 18 Jun 94 13:51:59 PDT
Subject: Andy Grove on Clipper
Message-ID: <199406182041.NAA12557@netcom7.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

Tim May concluded, after an insightful essay,

>Is it hopeless? For public relations, probably yes. Fortunately, the power
>of strong crypto lies in its use. The leverage effect.
>
>As Phil Karn put it: "Don't get mad, get even. Write code."

The crypto code exists, for whatever you may wish to do (at least if it
isn't real-time voice, but that's also being written).  What is now needed
has nothing to do with crypto. It has to do with art, not science, not
mathematics.  Interface design and interface creation, for PGP.  It means
Mac and Windows.  That's a 100+ million user base.  That's why we started
the Mac Crypto Interface Project, and why similar is needed for Windows. 
We already have a simple Apple Script interface almost done (by Pete
Hinely) which will allow MacPGP2.6 to be used by millions, not just a few
fanatics.

"g(x) = O(f(x))" doesn't matter now, no more than E = hv mattered for
getting microwave ovens in every household.  Nice GUI matters now.  The
product exists but it needs packaging and marketing.  I'd like to see a
shift in focus here, brought on not by my nagging, but by realizing how
radical a thing it would be, were a five-minute learning curve, "No
Questions Asked" PGP interface available for the Mac and Windows.  And in
this effort, newbies are the experts, and the leaders, for it is they we
must serve.

It comes down to, do you want strong crypto tools just for your group of a
few hundred, or do you want to change the world?

 -=Xenon=-

P.S. ftp to ftp.netcom.com in /pub/mcip to get MCIP.Design.Spec.cpt.hqx to
see pictures of future MacPGP.  There's will also soon be a simple-Simon
interim interface (already almost done) which will use MacPGP2.6/2.6ui as a
dummy crypto engine.  No more 14 buttons and four text areas every time you
want to encrypt the Clipboard.  Also, it looks like AOL and Compuserve etc.
will finally start carrying PGP. That's a mainstream market.  PGP2.6 is a
radical thing, thus. 

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLgMjewSzG6zrQn1RAQHriwP9EHp1N392+kOSezzjxce/TgcDFokilrGL
wks/v9Cyi/MlxGIG1pyZU1U1kM/VM8VrrAuAI1f5/3KevfpeJLuBdoO04wH1TDcb
EkBBjjOw5WgNUhF7QVJc52WSroQB/8Mle95H1bLlEKeYL1eVP0l6bDDGQK6T2+KZ
Rzl+zkaXhJY=
=hRbR
-----END PGP SIGNATURE-----





From khijol!erc  Sat Jun 18 14:18:53 1994
From: khijol!erc (Ed Carp [Sysadmin])
Date: Sat, 18 Jun 94 14:18:53 PDT
Subject: totally secure email?
In-Reply-To: <199406181742.NAA28347@cs.oberlin.edu>
Message-ID: <m0qF7cT-0004JTC@khijol.uucp>


-----BEGIN PGP SIGNED MESSAGE-----

> 1) Your sysadmin can assuredly get around this too if he wants, and get
> at your mail even before procmail does. As a general rule of thumb, the
> sysadmin can do anything. But getting aroudn this would definitely be more
> dificult then simply reading your /spool/mail file. 

True, but I don't know if he'd think of this one...

> 2) You obviously don't want to leave your private key in your unix
> account, as the sysadmin could just use it to decrypt all your mail
> and read it. Obvious of course, but sometimes it's easy to overlook the
> obvious.

I'm curious - all the stuff that comes with PGP says to not let your secret
key /pass phrase out of your sight, but why is it necessary to guard your
secret key so carefully?  After all, you have to type your pass phrase to
use the secret key, so without the pass phrase, the secret key is useless,
isn't it?  I mean, besides just destroying it...

> Of course the best solution would be to have your correspondents send you
> PGP encrypted mail, but I guess the best solution isn't always available.

Well, that's already happening, but it's hard to stop someone from dropping
a piece of email in your mailbox saying, "xxx gave me your resume, and it
looks good.  Can we talk?"
- -- 
Ed Carp, N7EKG/VE3	ecarp at netcom.com, Ed.Carp at linux.org

"What's the sense of trying hard to find your dreams without someone to share
it with, tell me, what does it mean?"        -- Whitney Houston, "Run To You"

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgNiKCS9AwzY9LDxAQEKsAP7BXrjLGdocYRalC6A/aa1Qoa+U3sPBEGv
PI55xfBPhJ5EVWUHWxYRCB8a4nXTw41teuoBY2e40zmeVNtF+syrn1APntnq1pif
CpxMc4WrGQw58rteDrzOysrwrXLsh/oxErrCQ8fEvMXKCe5uXMCHLa+cb6DHq+D0
poizF1fFlrU=
=YYf6
-----END PGP SIGNATURE-----




From clewton at netcom.com  Sat Jun 18 14:39:23 1994
From: clewton at netcom.com (charles lewton)
Date: Sat, 18 Jun 94 14:39:23 PDT
Subject: Andy Grove on Clipper
In-Reply-To: <199406182001.NAA06781@netcom13.netcom.com>
Message-ID: <Pine.3.89.9406181451.A20530-0100000@netcom>


If you substitute the word "gun" for "crypto" most all of this applies to
your second amendment rights as well.

The plan seems to be to demonize and then ridicule the target group until 
the masses are convinced they are not worthy of rights.  The best known 
case:  Germany in the 30s and 40s.  The new Jew=crypto user.

Mike is exactly right when he states that every story in print or video or
radio highlights the miniscule misuse of crypto and, of course, the
Oprah generation eats it up.  Now, they do not give the relative misuse of
crypto, it must be huge or why would they report it as a problem, right?
About like the horrendous number of crimes committed with so-called
assault weapons, which on a bad day might approach 1%.

Let us not forget RICO while we're at it, talking about seizing.

                                             clewton at netcom.com
					     E-mail for PGP 2.x
                                             public key               

On Sat, 18 Jun 1994, Mike Duvos wrote:

> Tim writes:
> 
>  > With egg all over their face on Clipper, I see the
>  > Administration now launching a new campaign, a campaign
>  > being led by Donn Parker, Dorothy Denning, Andy Grove, and
>  > others. In this campaign, the second approach mentioned
>  > above will be dominant: a focus on pedophiles who "encrypt
>  > their list of victims," a focus on "terrorists who form
>  > virtual networks around the world," and a focus on "money
>  > launderers who use crypto anarchy to spread their poison."
> 
> This is beginning already.  I haven't seen anything in the
> mainstream press lately on Cyberspace in which the word
> "pedophile" wasn't mentioned prominently.  The enemy learned long
> ago that you can get the public up in arms about almost anything,
> as long as you package it as either a public safety or child
> protection issue.
> 
> I don't think we have very much time left to save our precious
> encryption rights from Big Brother.  Revoking rights is like frog
> boiling.  As long as it is done slowly enough, it goes relatively
> unnoticed.
> 
> Bill Clinton was talking yesterday about how no one complains any
> more about tight airport security and accepts it as a fact of
> life.  Contrast this with the screams of outrage from the first
> few people forced to walk through metal detectors and have their
> baggage searched.
> 
> Remember when civil forfeiture started?  First only profits from
> illegal activities were seized.  They quickly moved to seizing
> all of a suspects assets.  Now cops can stop you on the road,
> empty your pockets, and take your money using only the
> justification that possession of more than a certain amount is
> evidence of wrongdoing.
> 
> Look at the engineering of public attitudes on marijuana,
> underage erotica, and even smoking that have taken place over the
> last decade.
> 
> Pretty soon the public will accept the notion that they must give
> up all their personal privacy in order to protect us from
> terrorists, drug dealers, and people with rarified sexual
> interests.  Only incompetent opposing points of view on this
> issue are ever presented by the mainstream media.  Give these
> people another year or two, and they will be telling us that mere
> possession of PGP abuses children in some ficticious and
> vicarious manner.
> 
> Because the government is so powerful, and we are not, we have to
> avoid the pitfall of harping frivilous issues in a last desperate
> attempt to thwart the federal agenda.  Attacks on Denning's
> character, the Clipper algorithm, and the LEAF field, while
> interesting, do nothing to help our cause.  What will we do when
> the government presents us with an escrowed, publicly reviewed,
> unbreakable strong encryption algorithm which is mandatory?  We
> need to concentrate on the basic issues here and state them
> clearly many times in language the public can understand.
> 
> The public slap in the face our agenda received the other day on
> the crypto export issue should be proof enough that our enemies
> will accept nothing less than the total surrender of our right to
> personal privacy.  It's time to stop being nice.  When you go after 
> the King, you shoot to kill.
> 
> -- 
>      Mike Duvos         $    PGP 2.6 Public Key available     $
>      mpd at netcom.com     $    via Finger.                      $
> 
> 





From wcs at anchor.ho.att.com  Sat Jun 18 14:48:17 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Sat, 18 Jun 94 14:48:17 PDT
Subject: Magic O(logn) RSA decryption algorithms
Message-ID: <9406182147.AA14634@anchor.ho.att.com>


Complexity theory often uses the concept of an oracle, which is a function
that gives you a correct answer in constant time; some oracles only hand 
out one bit at a time, while others give you more data than that.
One reason that oracles are useful is that they give you lower bounds
on how much work is required to do something - if a job requires O(f(x))
time with an oracle doing the hard parts, you know the whole job is
at least that complex.  NP completeness uses Non-Deterministic Turing Machines,
which are one formalization of oracles - an NP complete problem requires
polynomial time to solve if the Turing machine is allowed to make
O(p(n)) correct non-deuerministic steps (e.g. gets the bits from an oracle),
where p(n) is some polynomial or smaller function of the input size.
(NP complete problems are normally formalized as a function that returns
0 or 1 depending on whether the input is a correct solution to the problem,
so solving is equivalent to demonstrating that a given solution is correct.)

So, if you've got an oracle around (and oracles cost more than the $10,000
Perry bet Jim, if you buy good ones :-), how much work does it require
to demonstrate that the oracle just handed you a correct key?

Public Key: n = pq, where p and q are secret, e relatively prime to (p-1)(q-1)
Privatekey: d = e**-1 mod (p-1)(q-1), which is about logn bits long.
Encrypting: c = m**e mod n
Decrypting: m = c**d mod n
n, d, c, and m are all about logn bits long; d may be a couple bits shorter.
p and q may be shorter, but logp + logq = logn.

One way to demonstrate that the oracle handed you a correct key
is to encrypt a piece of data and then decrypt it.  This requires
two exponentiations, and two or more modulo steps.   My copy of Knuth
is buried somewhere, so I don't remember the complexity of mod n,
but it's got to be at least log n or so.  Encryption is fast,
since e is a constant (fast is log n in this case), but decryption
requires O(logn) multiplies, and each multiply takes at least logn
steps since the answer has 2logn bits (it may be slower, I forget;
it's probably logn * logn single-bit adds plus carries.)
So the time required is >= logn**2, which is too slow for Jim.

The other way to demonstrate that the oracle handed you a correct key
is to show that de = 1 mod (p-1)(q-1), which requires knowing p and q,
and is thus equivalent to factoring n, as Perry said.
I suppose the oracle could hand you (p-1)(q-1) = pq-p-q+1 = n-p-q+1
without handing you p and q, but that's asking a lot from an oracle.

		Bill





From pfarrell at netcom.com  Sat Jun 18 15:54:06 1994
From: pfarrell at netcom.com (Pat Farrell)
Date: Sat, 18 Jun 94 15:54:06 PDT
Subject: No Subject
Message-ID: <199406182254.PAA22537@netcom3.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

A while ago some folks talked about being willing to pay for
a hardware random number generator. Not a PRNG, but a real
one. There are lots of uses listed in TCMay's document that
can't be named, but generating blinding factors for digital cash 
is my favorite.

I've got a friend who is a professional electronics engineer that
is willing to help, but he has some questions on the design.

The Prime Assumption: White noise due to molecular motion is truly random.  
Noise generated in a carbon resistor or zener diode is white noise.  

Is this true, cryptographically speaking?

The circuit is essentially a "Hiss Generator".  The 
hiss waveform, after being amplified to the proper
amplitude, would be sent to a rude, crude, inaccurate analog to digital
converter. From there we send it to a serial or parallel port. Probably 
just grab the LSB, but that is an implementation detail...

We have some design options based upon the Prime Assumption:

1.A a device would use a cheap noisy carbon resistor and a
rude, crude, noisy amplifier to amplify the noise generated 
by the resistor.  

1.B. A zener diode may make a "louder" noise and require a cheaper 
amplifier.

1.C How about if we take the hiss that you find between stations on an 
FM receiver, and digitize them through a PC soundcard? 

1.D Another wonderful source of hiss is the telephone when it is off hook.

Is there any solid justification to pick one over the others?
(I expect that 1.C limits our audience too much, but maybe not, esp 
with VoicePGP coming RSN.)

This clearly needs support, such as  a UART or similar chip would 
convert the signal to RS-232 to to dangle off of your ports.  Some 
type of clock would be required to sync the UART, providing a more 
or less constant baud rate, so the computer can read it.  There 
needs to be a DC power supply to make this thing go.   This is 
accessable in the power supply of most PCs.  It is my opinion 
that nobody wants to put 9 volt batteries in this thing and 
have to remember to turn it off when they are finished using 
their computers.   

We think that we could  create these beasts for less than $25.00 
in some quantity.  The first one would probably cost about $50.00 
to produce plus somebody's time (which isn't typically free or 
this probably would have been done already).

Seriously,  is there really much market out there for this?  
Will there be a bigger market in the future as more people 
get on the "Information Superhighway"?  I get the impression 
from folks a while ago that real random data is a problem, 
but nobody wants to spend more than the price of two cases 
of beer to solve the it. Is the value of random data really 
that low?

More questions:

2. Do people really want to tie up a serial port with this or 
should it  contain a switch to cut it in and out as needed and 
free up the port? This sounds like an A-B switch. 

3. Maybe it should go on the PC bus as an adapter card. This 
would greatly raise the cost, up to maybe $100, but would 
preserve "valuable" serial ports. Most PCs only have two, 
and one is used for the mouse, and the other for the modem. 
Since DOS can't handle more without help, this is a real limit.

4. How secure should the device itself be? Bruce's wonderful _Applied 
Cryptography_ talks about OS Virtual Memory managers writing out keys 
to disk without the user/programmer knowing, which is a serious 
potential problem. We have that same problem with the random number 
that this device generates. Wose, it wouldn't be hard for a `bad guy' 
to write a TSR that constantly reads the random port, and records
the numbers in parallel with whatever wants to use it for real. 

While I'd like to think that I really control my PC, once you get 
networking TSRs, smartdrv, APSI drivers, CDROM and Soundcard drivers, 
HIMEM, etc. loaded, do you really _know_ that they are your friends? 
Is this a real problem?

I can imagine a design for an internal card that allows only one read 
of the number, so even if a bad guy were there, they would get 
alternating (and thus different) numbers. I can't imagine doing 
this off a parallel or serial port. Is there a need for this level of 
sophistication (and added expense)?

Any comments are greatly appreciated. And if you are seriously 
interested, let me know, as that will surely add to my motivation.

Cypherpunks write code (or maybe work on hardware :-) !

Pat

Pat Farrell      Grad Student                 pfarrell at netcom.com
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgN03rCsmOInW9opAQG0wAP/RNJ8VeZDq5KhVI4JFs0tdXxUkVvSiY06
lHvjmf8EL3kxn2ruxNYmigvxocvIn5mOSJQbpUl4CyLa++HMBkSDN06PMYVVreTX
LA1XvHFgzjoC/WILD6LNy9XyUn0W/g2KkbQM/4FYCTa1b82f+vdq/7L6glHJ4cm3
GKlCaeklSXU=
=dzwk
-----END PGP SIGNATURE-----





From jef at ee.lbl.gov  Sat Jun 18 16:13:05 1994
From: jef at ee.lbl.gov (Jef Poskanzer)
Date: Sat, 18 Jun 94 16:13:05 PDT
Subject: No Subject
Message-ID: <199406182312.QAA04517@hot.ee.lbl.gov>


>1.C How about if we take the hiss that you find between stations on an 
>FM receiver, and digitize them through a PC soundcard? 

Hmm.  And if an attacker discovers you're using this method, and
decides to send out a signal on the same frequency?  You might find
your "random" numbers are suddenly all zeros...
---
Jef





From werewolf at io.org  Sat Jun 18 16:33:26 1994
From: werewolf at io.org (Mark Terka)
Date: Sat, 18 Jun 94 16:33:26 PDT
Subject: Chaining Help?
Message-ID: <Pine.3.89.9406181931.A27575-0100000@nudge.io.org>


Could someone give me some advice on chaining? I'm thinking of bouncing
a message fisrt thru hacktic and then soda (as you can Usenet post from
there) but need some tips as i seem to have trouble getting the encryption
sequences correct.

--------------------------------------------------------------------------
Mark Terka     | werewolf at io.org             | public key (werewolf) at
Toronto,Canada | dg507 at cleveland.freenet.edu | pgp-public-keys at demon.co.uk
--------------------------------------------------------------------------






From Richard.Johnson at Colorado.EDU  Sat Jun 18 16:58:07 1994
From: Richard.Johnson at Colorado.EDU (Richard Johnson)
Date: Sat, 18 Jun 94 16:58:07 PDT
Subject: "The Virtual Hand": Free-market Internet guide
In-Reply-To: <nobody@soda.berkeley.edu>
Message-ID: <199406182358.RAA04858@spot.Colorado.EDU>


> > >The Competitive Enterprise Institute is pleased to announce:
> > >
> > >                THE VIRTUAL HAND
> > >
> > >                CEI'S FREE-MARKET GUIDE TO THE
> > >                INFORMATION SUPERHIGHWAY
> > >...
> 
> > Alright, who let the spammer in? I subscribe to net-resources for this
> > sorta crud; I don't need to see it here in cypherpunks.
> 
>    Didn't look like a spam to me. It looked like a very targeted ad
> to a receptive audience. Cypherpunks contains, after all, a high...

This part of the audience is certainly not receptive.  I'm here to
discuss crypto and its implications, not to have my mailbox filled with
adverts.

Keep the spam off.  Unordered e-mail advertising (beyond a pointer to
where to find more info) is indeed bad.  If I wanted to read that guff in
its entirety, I would have checked the Web, gophers, or FTP sites, etc.


Richard






From sandfort at crl.com  Sat Jun 18 17:21:09 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sat, 18 Jun 94 17:21:09 PDT
Subject: "The Virtual Hand": Free-market Internet guide
In-Reply-To: <199406182358.RAA04858@spot.Colorado.EDU>
Message-ID: <Pine.3.87.9406181704.A9235-0100000@crl.crl.com>


C'punks,

On Sat, 18 Jun 1994, Richard Johnson wrote:

> . . .
> Keep the spam off.  Unordered e-mail advertising (beyond a pointer to
> where to find more info) is indeed bad.  If I wanted to read that guff in
> its entirety, I would have checked the Web, gophers, or FTP sites, etc.
> . . .

Why is it no one ever complains about "Jobs Available" or "Jobs Wanted"
e-mail advertisements?  ("That's different!"   Right.)


 S a n d y









From klbarrus at owlnet.rice.edu  Sat Jun 18 19:05:15 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Sat, 18 Jun 94 19:05:15 PDT
Subject: MAIL: secure mail
Message-ID: <9406190205.AA18270@flammulated.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

> What I've tried is to do a "|pgp -feat ecarp|rmail erc%khijol at apple.com",
> but pgp just produces empty files!  If I execute it by hand, it works.
> Anyone know either (1) why it isn't working wnd how to fix it, or (2)
> suggect a better alternative?

The problem may be this: pgp needs a path.

Try "| PGPPATH=/whatever pgp -feat ecarp | rmail erc%khijol at apple.com"

This is what I needed to do when I tried something similar with mh and slocal.

Karl Barrus
klbarrus at owlnet.rice.edu


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgOoX8SF/V8IjI8hAQEOCgP+KvrsAOZ/rRK5Vq4t26rgH20EzKipijds
nai5x4Tki6mZfnEbb5uUVOEb6QSaf5E6rCSoGVBW2eVcX7frSXXQdPr9TuHM/W5A
xfVqr/KInHwwxOWa2XK0nvhfHyUKJuOlnbIolEpgk2o42OMax4EERTfReJWqD/2f
B//7SsCcjy0=
=6ktn
-----END PGP SIGNATURE-----

-- 
Karl L. Barrus: klbarrus at owlnet.rice.edu         
2.3: 5AD633;   D1 59 9D 48 72 E9 19 D5  3D F3 93 7E 81 B5 CC 32 
2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5  E8 97 64 7E 20 95 60 D9
"One man's mnemonic is another man's cryptography" - K. Cooper




From usura at vox.hacktic.nl  Sat Jun 18 19:21:12 1994
From: usura at vox.hacktic.nl (Usura)
Date: Sat, 18 Jun 94 19:21:12 PDT
Subject: Chaining Help?
Message-ID: <061994033551Rnf0.78@vox.hacktic.nl >


werewolf at io.org (Mark Terka) writes:

>Could someone give me some advice on chaining? I'm thinking of bouncing
>a message fisrt thru hacktic and then soda (as you can Usenet post from
>there) but need some tips as i seem to have trouble getting the encryption
>sequences correct.

 _1  werewolf at io.org             ->  remail at vox.hacktic.nl
 _2  remail at vox.hacktic.nl       ->  remailer at soda.berkely.edu
 _3  remailer at soda.berkely.edu   ->  werewolf at io.org


First you make the _3rd message,  
    below means : only 1 blanc line
                  then the header pasting tokens
                  then the Anon-Send-To line
                  then 1 blanc line
                  then the actual message.
                  
---cut here-------------------

::
Anon-Send-To: werewolf at io.org

This is some anon mail from me :)
---end here-------------------

You encrypt the lines between the --- with the PGPpubKEY of soda:

Tommy the Tourist <remailer at soda.berkeley.edu>
512/5E6875 1994/04/25
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQBNAi27mNAAAAECAONCUi/9jdl0SXGhOhT4Vvgl9uOYLgbOjU5kMXEkpFQriCYC
hWfNuhH8zESs9DFTMHCXUsXYrkkm/bHdhGheaHUABRO0LlRvbW15IHRoZSBUb3Vy
aXN0IDxyZW1haWxlckBzb2RhLmJlcmtlbGV5LmVkdT4=
=aoJM
-----END PGP PUBLIC KEY BLOCK-----

You then have an encrypted message that has to leave hacktic
in such a way that soda know it is encrypted, and it has to be 
send to hacktic in such a way that it knows it has to remail it
to soda.

so you put these tokens above it:

---cut here-------------------

::
X-Anon-To: remailer at soda.berkely.edu

::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: 2.6

message made in step _3
-----END PGP MESSAGE-----

---end here-------------------


The lines between --- you encrypt with the PGPpubKEY of vox.hacktic.nl

remail at vox.hacktic.nl and anon at vox.hacktic.nl
512/368B41 1994/04/29
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQBNAi3BYrsAAAECALbhXUJWvniV9bGz67lGnXqc3BOjRwVBV9pY9V6cJEfw/UOn
R9Bi0WWDelp20Z6u+CHijrq7iaRyTL2DNtw2i0EABRG0KlZvWCBSZW1haWwgU2Vy
dmljZSAgIDxhbm9uQHZveC5oYWNrdGljLm5sPokAlQIFEC3H6O5Z33QUjVaRPQEB
P0oEAJKp0uOhkx7uAfUQGpYLL3RlBR2xomvYdbf/ES7DMn2eAast+cO0YWkveNO1
6h+7K1/AFa3G/q2R0alOoFFYd4J/G5hn/NBdvp3KylhEC5OCe40Qb151NpkF++OE
dtUPu0qd9VlQPNhFzF37sdffkuk5Uaac1/UrPJLaYDQJYIBGtCpWb1ggUmVtYWls
IFNlcnZpY2UgPHJlbWFpbEB2b3guaGFja3RpYy5ubD6JAJQCBRAtx+lIWd90FI1W
kT0BAaBGA/ixWSQsCYDAOw8udVKzcqzjkzcvqDXoOTeoCRCW5yKFjLq/O+jydj0+
Y6sSHgQWeNQMYuLAq3PZWi66POhrXCrQNTdu2+Ni0Zq1UpjDE6D/6bg0ujvJd+Tr
rycJq8B7T81RR/nlkQNkWRji8b1GJ1QAz/NSWuskOKEgsH5fsdvL
=RRIj
-----END PGP PUBLIC KEY BLOCK-----


You get [if all goes well :)] another PGP encypted message,

You send this to hacktic:

---cut here-------------------

::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: 2.6

message made in step _2
-----END PGP MESSAGE-----

---end here-------------------

It should work that way .. 

FYI, you can also post to usenet from vox, [to approx 2800 newsgroups] 

you can use: X-Anon-To: alt.soccer.world-cup
        or : X-Anon-To: alt.soccer.world-cup at hacktic.nl


>--------------------------------------------------------------------------
>Mark Terka     | werewolf at io.org             | public key (werewolf) at
>Toronto,Canada | dg507 at cleveland.freenet.edu | pgp-public-keys at demon.co.uk
>--------------------------------------------------------------------------

BTW: Oranje Wereldkampioen !!
--
Exit! Stage Left.
Alex de Joode                                 <usura at vox.hacktic.nl>





From carterm at spartan.ac.brocku.ca  Sat Jun 18 19:50:55 1994
From: carterm at spartan.ac.brocku.ca (Mark Carter)
Date: Sat, 18 Jun 94 19:50:55 PDT
Subject: Another Cellular Victim
In-Reply-To: <199406180225.TAA03122@hot.ee.lbl.gov>
Message-ID: <foe0kiU9QboO066yn@spartan.ac.brocku.ca>


-----BEGIN PGP SIGNED MESSAGE-----

> It looks like at least some switches in Amerika are already equipped
> to read out locations for individual phones.  They probably don't even

No doubt this will eventually be marketed as a feature you can pay
extra for... intended so people can track their spouses' movements
so they know when they're getting home, if they're stuck in a traffic
jam, etc.

Such "legitimate" uses don't really make the prospect of carrying a
device to track my every movement all that attractive, unless of course
I can turn off that feature by flicking a switch on my phone.

          Mark
    
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Mark Carter
 carterm at spartan.ac.brocku.ca
 PGP key available by finger.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgKOK2cmVnbEt/gBAQHo7QQAoafZkoVTPlZkUfAUAMPxi7JeKaM3nS41
pZn3mWDZUa0m/sNrsEU9QzOFHmBagLrAHrfLC+tbxClGAbb4XHSFiH+dw5gIPzvY
vrg0Qh/xwlZp+D1hV/C4YuQN5qbWwSX+DzqPhbe1nVNh/2rjpTKTULDglt7B+lJx
tLuQ8iOXpsI=
=9Mhz
-----END PGP SIGNATURE-----






From Ralph.Stokes at f1611.n375.z1.fidonet.org  Sat Jun 18 21:14:40 1994
From: Ralph.Stokes at f1611.n375.z1.fidonet.org (Ralph Stokes)
Date: Sat, 18 Jun 94 21:14:40 PDT
Subject: Beware of Roman Catholic Corruption
Message-ID: <1d4_9406182301@nisc.fidonet.org>



-----BEGIN PGP SIGNED MESSAGE-----


Beware of the Satanic conspiracy of the WHORISH Roman Catholic Church.  The
Pope and his puppets have attempted to infiltrate and subvert the
Protestant Christian church using corrupt modern translations of the Bible.
These are nothing more than religious filth that have spewed forth from the
deceitful pens of Satan-inspired men in league with the Vatican.  Don't
let them lure you into following them into Hell.  The 1611 Authorized (King
James) Version of the Holy Bible is the only book that God ever wrote.  All
other alleged translations are frauds written by the Devil himself.

For further information regarding this damnable Satanic conspiracy, contact
me:

    Ralph Stokes, sysop                 King James Bible BBS, Millbrook, AL
    Internet address: ralph.stokes at f1611.n375.z1.fidonet.org
    Fidonet address: Ralph Stokes (1:375/1611)
    BBS #: (205) 285-5948


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLf5XxlD7OIX0EWM5AQG1sgP/fdbLsmV6M89n/zZbW6I3Cjmup99BGaYm
YEw2oernsmnn7cOuCM9IwZkOy24ggVXIBoD2yRhuXJ7P/7aecXchV8cERZhPuDpi
0XPTFuYeAeAIt3uV13yNAzVDYvLGNK/eWwIqjSw16IevOHLjtbw1kGS6lu9XgRFE
g5YsARSzQ5I=
=TEbX
-----END PGP SIGNATURE-----







From carterm at spartan.ac.brocku.ca  Sat Jun 18 22:04:20 1994
From: carterm at spartan.ac.brocku.ca (Mark Carter)
Date: Sat, 18 Jun 94 22:04:20 PDT
Subject: Having your own computer means never having....
In-Reply-To: <199406181833.LAA23673@netcom4.netcom.com>
Message-ID: <YMy0kiU9Qn-0066yn@spartan.ac.brocku.ca>


-----BEGIN PGP SIGNED MESSAGE-----

> (I fear laws telling corporations they *can't* snoop as much as I fear
> Clipper. The reasons are obvious, to me at least, and I can expand on
> this point if anyone's really interested.)

The implications in the field of industrial espionage leap quickly to mind.

Beyond that, unrestrained encryption is dangerous to corporations, because
what's to stop a ticked off employee from encrypting everything in the office
as revenge for some imagined slight?

Encryption as a weapon is something that's not often talked about, despite
the fact that everyone's always rambling about how valuable information
is...

The arguments for restraining encryption in corporate situations can
go on and on... just as the arguments for encouraging private encryption
can go on and on.

    Mark

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Mark Carter
 carterm at spartan.ac.brocku.ca
 PGP key available by finger.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgPHYWcmVnbEt/gBAQFu/wP9Febqmdu8LNR7CL2cEpx4fRrQVPnQZp92
rqvkAdxLNZV5UEhkvsyRXOZcbg+CAbvYe0dXrAqOOvSA7B/g+tzvMpup5rUZ3Ydt
tneo3ANnrdaCyrNHoMV2RuavUcYltmdf+EgIg85smUOyvOYQa21K/MtCahzYziXI
HnLB1pll0sQ=
=JWjQ
-----END PGP SIGNATURE-----






From nobody at shell.portal.com  Sat Jun 18 22:19:08 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sat, 18 Jun 94 22:19:08 PDT
Subject: Chaining through Soda
Message-ID: <199406190520.WAA07158@jobe.shell.portal.com>


> Could someone give me some advice on chaining? I'm thinking of bouncing
> a message fisrt thru hacktic and then soda (as you can Usenet post from
> there) but need some tips as i seem to have trouble getting the encryption
> sequences correct.

I dunno.  Has anyone succeeded in doing that?  I can't recall 
ever getting a chained and encrypted message posted through soda.  
Messages sent there as plaintext seem to get posted just fine.  
Could it be that:

1.) They wont post CHAINED Usenet bulletins, or;

2.) They are rejecting messages encrypted with PGP 2.3a rather 
    than 2.6.

Any success stories?






From Richard.Johnson at Colorado.EDU  Sat Jun 18 23:13:22 1994
From: Richard.Johnson at Colorado.EDU (Richard Johnson)
Date: Sat, 18 Jun 94 23:13:22 PDT
Subject: Having your own computer means never having....
In-Reply-To: <YMy0kiU9Qn-0066yn@spartan.ac.brocku.ca>
Message-ID: <199406190613.AAA06457@spot.Colorado.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

TimM > (I fear laws telling corporations they *can't* snoop as much as
TimM > I fear Clipper. The reasons are obvious, to me at least, and I
TimM > can expand on this point if anyone's really interested.)

MarkC > The implications in the field of industrial espionage leap quickly
MarkC > to mind.

MarkC > Beyond that, unrestrained encryption is dangerous to
MarkC > corporations, because what's to stop a ticked off employee from
MarkC > encrypting everything in the office as revenge for some imagined
MarkC > slight?

Mark Carter makes the same erroreous simplification many people do when
talking about point security.  I see it most often on the Firewalls list.
There, the standard answer to "Should I prevent ftp connections so
employees can't send our proprietary plans off-site?" appears to be "Do
you search your employees at the exit for floppies and magnetic tapes?" 
Security is a web, the strength of which is only as high as the biggest
gap between threads.

Encryption being available to employees can make industrial espionage
easier only if it opens a new channel (or clears an insecure channel) for
bad apple employees or contractors to get their stolen memos off site. An
encrypted channel is just a channel, and probably not worth it for the spy
(unless higher bandwidth per incident channels like DAT or 8mm tapes risk
exposure).

Mark's rhetorical question about ticked off employees encrypting everything
in sight for revenge shows the same problem.  If an employee can encrypt
the files and lose the key, the employee can instead just delete them or
fill them with garbage.  It is indeed a security risk, but the sabotage can
more easily be performed without strong encryption.

However, strong encryption in the workplace can indeed be used to cause
difficulties.

I'm more worried about situations where a corporate officer or the like
leaves the firm, and "forgets" to let her successor know the pass phrase
for the key used to encrypt the payroll records.  Or, the executive
secretary to the Treasurer could be fired because he was caught trying to
embezzle e-cash, and subsequently refuse to release the key used to
encrypt official financial transactions.  In such situations, a smart
company will have used a secret-sharing scheme to split the key, and will
have escrowed it with their outside counsel and/or a couple of escrow
services.

What other problems can we come up with?


Richard

-----BEGIN PGP SIGNATURE-----
Version: 2.3a-sterno-bait

iQCVAgUBLgPuMvobez3wRbTBAQE7cQQAlvZtNyR06aPMrmm00tByNQ9EP1sHtM20
d3ZlbeFJRzizdd/OvhSN0CaYFDnp+tkoXhRuPtvELOgE+Jp/H2181oyoDM03Z+sP
H+Qsr0kp6pY7EPItzKKaz+8iLPOOPZ3zXnUIzQzbRXYiRjXAOifUzLRmdA8xaFEe
/hLgZV746Js=
=qlOS
-----END PGP SIGNATURE-----






From nobody at shell.portal.com  Sat Jun 18 23:17:22 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sat, 18 Jun 94 23:17:22 PDT
Subject: Beware of Roman Catholic Corruption
Message-ID: <199406190618.XAA09656@jobe.shell.portal.com>


Ralph.Stokes at f1611.n375.z1.fidonet.org (Ralph Stokes) wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 
> Beware of the Satanic conspiracy of the WHORISH Roman Catholic Church.  The
> Pope and his puppets have attempted to infiltrate and subvert the
> Protestant Christian church using corrupt modern translations of the Bible.
> These are nothing more than religious filth that have spewed forth from the
> deceitful pens of Satan-inspired men in league with the Vatican.  Don't
> let them lure you into following them into Hell.  The 1611 Authorized (King
> James) Version of the Holy Bible is the only book that God ever wrote.  All
> other alleged translations are frauds written by the Devil himself.
> 
> For further information regarding this damnable Satanic conspiracy, contact
> me:
> 
>     Ralph Stokes, sysop                 King James Bible BBS, Millbrook, AL
>     Internet address: ralph.stokes at f1611.n375.z1.fidonet.org
>     Fidonet address: Ralph Stokes (1:375/1611)
>     BBS #: (205) 285-5948
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.3a
> 
> iQCVAgUBLf5XxlD7OIX0EWM5AQG1sgP/fdbLsmV6M89n/zZbW6I3Cjmup99BGaYm
> YEw2oernsmnn7cOuCM9IwZkOy24ggVXIBoD2yRhuXJ7P/7aecXchV8cERZhPuDpi
> 0XPTFuYeAeAIt3uV13yNAzVDYvLGNK/eWwIqjSw16IevOHLjtbw1kGS6lu9XgRFE
> g5YsARSzQ5I=
> =TEbX
> -----END PGP SIGNATURE-----

It looks like Ralph Stokes has finally learned about Internet and 
Usenet gateways and is now spreading his prenicious religious 
bigotry beyond the borders of Fido-land. (He spammed several 
Usenet newsgroups with this malicious diatribe, too)  Mr. Stokes 
is infamous for promulgating hatred and intolerance on certain 
religious echoes on Fidonet.  He is one of those rare breed of 
fanatics called "Ruckmanites" who follow the xenophobic rantings 
of an ultra-fundamentalist evangelist from Florida named Peter 
Ruckman.  They have come to be know, less affectionately, as 
"WRECKmanites" or "Ruckbots".

Stokes even dared to post his Fidonet/Internet addresses.  I 
wonder if he's prepared for the response to his worldwide "spam" 
post?  I guess he's about to learn!  If you'd care to protest his 
net.abuse, a polite letter to his sysop, net coordinator, and 
alternate net cooordinator would probably be in order.  The way 
Fidonet works, he'll be burning up their resources, too, so they 
should probably be made aware of your feelings.  Because of the 
topology of the fidonet.org domain, appropriate addresses for 
complaint, at your discretion, are as follows:

    His sysop:                      sysop at f1611.n375.z1.fidonet.org
    His Net coordinator:            sysop at f0.n375.z1.fidonet.org
    His alternate Net coordinator:  sysop at f1.n375.z1.fidonet.org

The operative expression on Fidonet, as concerns grounds for 
disciplining an abusive user, is "excessively annoying behavior".  
You might wish to make mention of that phrase in any letters that 
you write.  In any event, reading his mail should "keep him off 
the streets" (or info super-highway) for awhile... :)





From jrochkin at cs.oberlin.edu  Sun Jun 19 00:09:13 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Sun, 19 Jun 94 00:09:13 PDT
Subject: Having your own computer means never having....
Message-ID: <199406190709.DAA05044@cs.oberlin.edu>


> Beyond that, unrestrained encryption is dangerous to corporations,
> because what's to stop a ticked off employee from encrypting
> everything in the office as revenge for some imagined slight?
 
If the bozo has write-priveledges to everything in the office, sounds
like a problem with or without encryption. Or were you just suggesting
that he was going to encrypt it all and mail it to a competitor?
This too seems to be a problem with or without encryption; he can just copy
to floppy and snailmail to a competitor. Same with industrial espionage of
just about any kind; sure it makes it _easier_ for the hypothetical
spy to do his dirty work, but it doesn't actually enable him to do anything
fundamentally different then he could before.
 
I can't think of any real security risks introduced by allowing employees
the use of encryption, that weren't present already. Certainly none
mentioned thus far fit the bill. 
 
Obviously properly used encryption can enable the corporation to keep
info in the "hands", of only those people who are supposed to have it, actually. 
Although of course I'm not accusing you of suggesting that corporations
shouldn't have access to good cryptology; you probably wouldn't be 
on the list if you thought that. I'm not completely sure how different it is
to say that individuals give up their right to good cryptology upon
being employed by a corporation, however.





From jdwilson at gold.chem.hawaii.edu  Sun Jun 19 03:58:10 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Sun, 19 Jun 94 03:58:10 PDT
Subject: Beware of Roman Catholic Corruption
In-Reply-To: <1d4_9406182301@nisc.fidonet.org>
Message-ID: <Pine.3.07.9406190059.I20118-b100000@gold.chem.hawaii.edu>



Mister Stokes:

What does this have to do with cryptography and why did you send this
to the Cypherpunks listserv?

On 17 Jun 1994, Ralph Stokes wrote:

> Date: 17 Jun 94 17:05:34 -0500
> From: Ralph Stokes <Ralph.Stokes at f1611.n375.z1.fidonet.org>
> Subject: Beware of Roman Catholic Corruption
> 
> James) Version of the Holy Bible is the only book that God ever wrote.  All
> other alleged translations are frauds written by the Devil himself.
> 
> For further information regarding this damnable Satanic conspiracy, contact
> me:
> 
>     Ralph Stokes, sysop                 King James Bible BBS, Millbrook, AL
>     Internet address: ralph.stokes at f1611.n375.z1.fidonet.org
>     Fidonet address: Ralph Stokes (1:375/1611)
>     BBS #: (205) 285-5948
> 
> 
> -----BEGIN PGP SIGNATURE-----


-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |finger for key / Viacrypt Reseller  >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>













From cipher at nemesis.wimsey.com  Sun Jun 19 04:41:34 1994
From: cipher at nemesis.wimsey.com (Stuart Smith)
Date: Sun, 19 Jun 94 04:41:34 PDT
Subject: totally secure email? Not a chance
In-Reply-To: <m0qF7cT-0004JTC@khijol.uucp>
Message-ID: <2e03b49e.nemesis@nemesis.wimsey.com>


> > 1) Your sysadmin can assuredly get around this too if he wants, and get
> > at your mail even before procmail does. As a general rule of thumb, the
> > sysadmin can do anything. But getting aroudn this would definitely be more
> > dificult then simply reading your /spool/mail file. 
> 
> True, but I don't know if he'd think of this one...

As long as you are aware of the risks and accept them.. no
problem.  But "I don't know if he'd think of this" is hardly
cryptographically secure..

> I'm curious - all the stuff that comes with PGP says to not let your secret
> key /pass phrase out of your sight, but why is it necessary to guard your
> secret key so carefully?  After all, you have to type your pass phrase to
> use the secret key, so without the pass phrase, the secret key is useless,
> isn't it?  I mean, besides just destroying it...

Well no.. without the secret key file, you have to factor the
public modulus to find the secret key.   We all know how are
that is..  if he already has the encrypted key file though...
then he just has to guess your password.  Far less work, unless
of course you picked a pass phrase a few hundred letters long.

In general, it is impossible to achieve total security on a
multi-user system unless you are the sysadmin yourself.  You
either have to forget it entirely or decide what risks you're
willing to take and what risks you're not.

Good luck.

-- 
 Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister
shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba
        E7 E3 90 7E 16 2E F3 45   *   28 24 2E C6 03 02 37 5C 
   Stuart Smith                           <stu at nemesis.wimsey.com>





From frissell at panix.com  Sun Jun 19 05:45:17 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sun, 19 Jun 94 05:45:17 PDT
Subject: Andy Grove on Clipper
Message-ID: <199406191245.AA16476@panix.com>


T >Denning, Andy Grove, and others. In this campaign, the second 
T >approach mentioned above will be dominant: a focus on pedophiles who
T >"encrypt their list of victims," a focus on "terrorists who form
T >virtual networks around the world," and a focus on "money launderers
T >who use crypto anarchy to spread their poison."

I agree of course that technological fixes are superior to political 
argument.  In fact, I *use* technological fixes as a political argument.  
For example, "While you might like to censor video nasties, you should 
know that censorship is no longer technologically feasible.  There are so 
many different communications channels that you can't possibly block all 
of them."

It can be convenient to work on some anti Clipper/DTI soundbites though.  
Since coding sentences are more my specialty than coding software...

"The administration wants us to spend $300 million of our own money to 
help them perform just a few wiretaps a year.  It isn't worth it."

"Yeah, and we could use torture to catch pedophiles too.  Do you favor 
torture?"

"Strong cypyto *prevents* crime by protecting people from criminals."

"The government didn't think we needed strong crypto until the market 
demanded it.  Why should we trust their judgement as to what kind we 
need?"

"How does the government think that it can compete in a software and 
hardware market that will frustrate the brightest marketers around."

"I guess the government thinks that forcing Microsoft, Novell, and IBM 
overseas so that they can incorporate strong crypto into their products is 
a good idea."

DCF

"Do you suppose the Feds can completely upgrade their hardware/software 
crypto system every 6 months to keep up with the market?"

"In 1946, Soviet and U.S. electronics technology was approximately equal 
and the U.S. had a 10-year lead in nuclear weapons technology.  By 1986, 
U.S. and Soviet nuclear weapons technology was approximately equal but the 
U.S. had a more than 10-years lead in electronic technology."  Trust the 
market.
--- WinQwk 2.0b#1165                                                                                                                   





From frissell at panix.com  Sun Jun 19 06:30:01 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sun, 19 Jun 94 06:30:01 PDT
Subject: Another Cellular Vict
Message-ID: <199406191329.AA18599@panix.com>


To: cypherpunks at toad.com 

C.>No doubt this will eventually be marketed as a feature you can pay
C.>extra for... intended so people can track their spouses' movements
C.>so they know when they're getting home, if they're stuck in a traffic
C.>jam, etc.

Bell Atlantic already announced a joint venture with one of the electronic 
navigation companies to supply drivers with position info using cellular 
triangulation.

DCF

--- WinQwk 2.0b#1165
                                                                  





From frissell at panix.com  Sun Jun 19 06:30:02 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sun, 19 Jun 94 06:30:02 PDT
Subject: Beware of Roman Catho
Message-ID: <199406191329.AA18606@panix.com>



N >It looks like Ralph Stokes has finally learned about Internet and 
N >Usenet gateways and is now spreading his prenicious religious 
N >bigotry beyond the borders of Fido-land. (He spammed several 

At least he's using PGP.  We are making progress.  Nothing wrong with a 
strong expression of religious opinion (as long as it was limited to the 
religious USENET groups and mailing lists).  At least he's not asking for 
a new government program.  Must be a lot of papists out there if they fear 
hearing the "truth" once in a while.

DCF

"If the language of the Authorized Version (1611) was good enough for our 
Lord Jesus Christ -- it's good enough for me." -- actually, not a bad 
read.



--- WinQwk 2.0b#1165
                                                





From smb at research.att.com  Sun Jun 19 06:35:46 1994
From: smb at research.att.com (smb at research.att.com)
Date: Sun, 19 Jun 94 06:35:46 PDT
Subject: No Subject
Message-ID: <9406191335.AA24696@toad.com>


There are a few things to watch out for.  First, it's really easy
for subtle (or not so subtle) biases to be present in a noise source.
These can be due to component drift, external noise (i.e., power
supply coupling), etc.  You want a design that isn't sensitive to
such things, if possible.  Second -- and it's partly a corollary to
the first -- the designs I've seen for real RNGs have always included
a scrambler step, to mix up the bits, account for biases, etc.

The first such scrambler was, I think, described by von Neuman himself.
I have the citation in my office; I'll try to post it tomorrow.





From smb at research.att.com  Sun Jun 19 06:39:26 1994
From: smb at research.att.com (smb at research.att.com)
Date: Sun, 19 Jun 94 06:39:26 PDT
Subject: Having your own computer means never having....
Message-ID: <9406191339.AA24789@toad.com>


	 I can't think of any real security risks introduced by allowing
	 employees the use of encryption, that weren't present already.
	 Certainly none mentioned thus far fit the bill. 

Have a look at Matt Blaze's paper from Usenix last week.  He describes
a smart-card based key escrow system for file encryption -- the risk
to the company is that an employee will quit, forget a password, walk in
front of a truck, etc. -- at which point they're unable to get at the
files that this person created -- files that the company owns in
accordance with the provision of the free-market contract willingly
agreed to by this employee.





From pfarrell at netcom.com  Sun Jun 19 07:10:53 1994
From: pfarrell at netcom.com (Pat Farrell)
Date: Sun, 19 Jun 94 07:10:53 PDT
Subject: Hardware generators was: your mail
Message-ID: <36414.pfarrell@netcom.com>


In message Sat, 18 Jun 94 19:30:35 EDT,
  Adam Shostack <adam at bwh.harvard.edu>  writes:

> Making it PC only shuts out the Mac/UNIX market for your
> devices.  There are probably lots of folks in the research/scientific
> community who use UNIX & would buy a random number dongle that hangs
> off the serial port. For $25, I'd probably get our lab to buy 3 or 4.
>
> If you put it on a PC card, you're cutting out all other
> computers from using it.

Adam's points are correct, and I thought of them before I posted the
initial message.

My thinking was that about 90% of all computers sold are Intel PCs, and
to get my manufacturing costs down, I need volume and simplicity.
So by addressing the 90% solution first, I have a larger market without
the complexity of multiple platforms.

Once I've sold thousands of Hardware random number generators, then I can
afford the design effort for other platforms, if they still exist then :-)

Pat

Pat Farrell      Grad Student                 pfarrell at cs.gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>





From lethin at ai.mit.edu  Sun Jun 19 07:18:13 1994
From: lethin at ai.mit.edu (Rich Lethin)
Date: Sun, 19 Jun 94 07:18:13 PDT
Subject: Decline and Fall
In-Reply-To: <2tnlbgINNjss@life.ai.mit.edu>
Message-ID: <9406152315.AA02540@toast>


In article <2tnlbgINNjss at life.ai.mit.edu> you write:
>Decline and Fall of the Nation State:
>
>Tuesday's WSJ had an article on how private money market funds are 
>starting to jawbone foreign governments just like the World Bank used to.
>
>Case cited was Fidelity Investments calling Mexican bank officials during 
>the Peso crisis after the recent assasination.  They said "we'll invest 
>another $18 billion (of ours and other fund's money) if you do what we say 
>and if not..."
>
>DCF
>
>"If they hadn't killed quite so many people, you'd almost have to feel 
>sorry for them."
>
>--- WinQwk 2.0b#1165
>                                                                                                      

Noam Chomsky spoke here in January and made the point that the increasing
mobility of capital increasingly holds governments hostage.  He felt that
it was the current greatest danger to democracy, because it bypasses any
leverage voters might have on politicians at the ballot box.

It's not clear how well his argument really holds together, though, since
the leverage that the mobile capital has is via the satisfaction of the
voters.  If capital flees a country, the population will be less
productive, dissatisfied and vote the politicians out of office.  So
policies that favor capital in some sense also favor labor.

Anyone else care to take shots at his argument or support it?

Mobile capital does mean that population and government lose their ability
to decree the relative rewards made to capital and labor.  If labor
requires too high a return, capital will go somewhere else.

The ownership and control of capital IS highly skewed, but since it's still
distributed among many parties, it is forced to compete and remain engaged,
lest it depreciate in value.

Go cyphercredits.






From adam at bwh.harvard.edu  Sun Jun 19 07:51:14 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Sun, 19 Jun 94 07:51:14 PDT
Subject: Hardware generators was: your mail
In-Reply-To: <36414.pfarrell@netcom.com>
Message-ID: <199406191450.KAA29861@duke.bwh.harvard.edu>


You wrote:

| My thinking was that about 90% of all computers sold are Intel PCs, and
| to get my manufacturing costs down, I need volume and simplicity.
| So by addressing the 90% solution first, I have a larger market without
| the complexity of multiple platforms.
| 
| Once I've sold thousands of Hardware random number generators, then I can
| afford the design effort for other platforms, if they still exist then :-)

	Understood, but its not a matter of addressing 90% or the
other 10%, its a matter of "Is the security gain in building a card
that only hands out each number once worth cutting out 10% of the
market?"  I think that if you are worried about rouge code on your
machine, you aren't going to run on  a computer that can't protect its
memory from random browsing.  (I can still access all of a PC's memory
from normal code, can't I?)  Thus, building a PC card doesn't really
afford you a gain in security if I can use my hostile code to read
PGP's memory locations.  If you agree with that, then there is no good
reason not to build a serial port dongle, and include me in your
potential customers. :)

Adam


-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From ravage at bga.com  Sun Jun 19 07:51:41 1994
From: ravage at bga.com (Jim choate)
Date: Sun, 19 Jun 94 07:51:41 PDT
Subject: your mail
In-Reply-To: <199406182312.QAA04517@hot.ee.lbl.gov>
Message-ID: <199406191451.JAA01206@zoom.bga.com>


> >1.C How about if we take the hiss that you find between stations on an 
> >FM receiver, and digitize them through a PC soundcard? 
> 
> Hmm.  And if an attacker discovers you're using this method, and
> decides to send out a signal on the same frequency?  You might find
> your "random" numbers are suddenly all zeros...
> ---
> Jef
> 
Band hop. Build a variable modulo counter and use its output to reset its 
modulo and hop the band around pseudo-randomly. Unless they know or stumble
on the particular design you are using it will be very difficult to track.

Since music, energy wise, approaches 1/f^2 it might be ok to even use the
actual stations.






From ravage at bga.com  Sun Jun 19 08:03:58 1994
From: ravage at bga.com (Jim choate)
Date: Sun, 19 Jun 94 08:03:58 PDT
Subject: your mail
In-Reply-To: <199406182254.PAA22537@netcom3.netcom.com>
Message-ID: <199406191503.KAA01497@zoom.bga.com>


> 
> The Prime Assumption: White noise due to molecular motion is truly random.  
> Noise generated in a carbon resistor or zener diode is white noise.  
> 
> Is this true, cryptographically speaking?
>
What you want is a Gunn diode oscillator w/ feedback.

> 1.A a device would use a cheap noisy carbon resistor and a
> rude, crude, noisy amplifier to amplify the noise generated 
> by the resistor.  
>
Just remember to keep the temperature of the devices constant, semi-
conductors have a temperature dependancy which would allow them to monitor
the data and  possibly determine the gain of the amp and hence approx.
how much noise energy and sprectrum thereof it was contributing. Check
into Boltzmanns Constant applications to black body radiation.

> 1.B. A zener diode may make a "louder" noise and require a cheaper 
> amplifier.
>
I am not shure that a zener would produce any more  noise than a standard
diode. 
              
There might even be less noise because the design parameters are more tightly
controlled on a zener than standard diodes.

> 1.C How about if we take the hiss that you find between stations on an 
> FM receiver, and digitize them through a PC soundcard? 
>
I actually like this idea a lot.                                  

> that nobody wants to put 9 volt batteries in this thing and 
> have to remember to turn it off when they are finished using 
> their computers.   
>
How about using the lines on the serial port for power?

> should it  contain a switch to cut it in and out as needed and 
> free up the port? This sounds like an A-B switch. 
>
How about a dongle? 

> 
> 4. How secure should the device itself be? Bruce's wonderful _Applied 
> Cryptography_ talks about OS Virtual Memory managers writing out keys 
> to disk without the user/programmer knowing, which is a serious 
> potential problem. We have that same problem with the random number 
> that this device generates. Wose, it wouldn't be hard for a `bad guy' 
> to write a TSR that constantly reads the random port, and records
> the numbers in parallel with whatever wants to use it for real. 
>
If they have this close access to your hardware then you have a more 
serious problem.

> While I'd like to think that I really control my PC, once you get 
> networking TSRs, smartdrv, APSI drivers, CDROM and Soundcard drivers, 
> HIMEM, etc. loaded, do you really _know_ that they are your friends? 
> Is this a real problem?
>
I would suggest getting some of virus source out there and take a look
at how the detectors watch system activity for fishy writes. Should not
be hard to load another TSR which watchdogs the system for any bogus
or un-authorized reads from the device. Just pass all system calls through
the TSR to access the device.






From ravage at bga.com  Sun Jun 19 08:10:24 1994
From: ravage at bga.com (Jim choate)
Date: Sun, 19 Jun 94 08:10:24 PDT
Subject: Magic O(logn) RSA decryption algorithms
In-Reply-To: <9406182147.AA14634@anchor.ho.att.com>
Message-ID: <199406191510.KAA01680@zoom.bga.com>


> 
> Complexity theory often uses the concept of an oracle, which is a function
> that gives you a correct answer in constant time; some oracles only hand 
> out one bit at a time, while others give you more data than that.
> One reason that oracles are useful is that they give you lower bounds
> on how much work is required to do something - if a job requires O(f(x))
> time with an oracle doing the hard parts, you know the whole job is
> at least that complex.  NP completeness uses Non-Deterministic Turing Machines,
> which are one formalization of oracles - an NP complete problem requires
> polynomial time to solve if the Turing machine is allowed to make
> O(p(n)) correct non-deuerministic steps (e.g. gets the bits from an oracle),
> where p(n) is some polynomial or smaller function of the input size.
> (NP complete problems are normally formalized as a function that returns
> 0 or 1 depending on whether the input is a correct solution to the problem,
> so solving is equivalent to demonstrating that a given solution is correct.)
> 
> So, if you've got an oracle around (and oracles cost more than the $10,000
> Perry bet Jim, if you buy good ones :-), how much work does it require
> to demonstrate that the oracle just handed you a correct key?
> 
> Public Key: n = pq, where p and q are secret, e relatively prime to (p-1)(q-1)
> Privatekey: d = e**-1 mod (p-1)(q-1), which is about logn bits long.
> Encrypting: c = m**e mod n
> Decrypting: m = c**d mod n
> n, d, c, and m are all about logn bits long; d may be a couple bits shorter.
> p and q may be shorter, but logp + logq = logn.
> 
> One way to demonstrate that the oracle handed you a correct key
> is to encrypt a piece of data and then decrypt it.  This requires
> two exponentiations, and two or more modulo steps.   My copy of Knuth
> is buried somewhere, so I don't remember the complexity of mod n,
> but it's got to be at least log n or so.  Encryption is fast,
> since e is a constant (fast is log n in this case), but decryption
> requires O(logn) multiplies, and each multiply takes at least logn
> steps since the answer has 2logn bits (it may be slower, I forget;
> it's probably logn * logn single-bit adds plus carries.)
> So the time required is >= logn**2, which is too slow for Jim.
> 
> The other way to demonstrate that the oracle handed you a correct key
> is to show that de = 1 mod (p-1)(q-1), which requires knowing p and q,
> and is thus equivalent to factoring n, as Perry said.
> I suppose the oracle could hand you (p-1)(q-1) = pq-p-q+1 = n-p-q+1
> without handing you p and q, but that's asking a lot from an oracle.
> 
> 		Bill
> 
Thanks Bill,

Would you happen to know of any texts which discuss the characteristics of
the mod function when nested or applied to other  functions? I am having a 
hard time locating such texts. (this was and is my original question)

Take care.






From roy at sendai.cybrspc.mn.org  Sun Jun 19 08:41:39 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Sun, 19 Jun 94 08:41:39 PDT
Subject: Hardware Random Numbers
In-Reply-To: <199406182254.PAA22537@netcom3.netcom.com>
Message-ID: <940619.094713.8w5.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, thus spake pfarrell at netcom.com (Pat Farrell):

> A while ago some folks talked about being willing to pay for
> a hardware random number generator. Not a PRNG, but a real
> one. There are lots of uses listed in TCMay's document that
> can't be named, but generating blinding factors for digital cash 
> is my favorite.
> 
> I've got a friend who is a professional electronics engineer that
> is willing to help, but he has some questions on the design.

[...]

> 3. Maybe it should go on the PC bus as an adapter card.

This is the way to go.  Serial port real estate is way too scarce in the
average PC.  Besides, this approach makes the design easier and has
another advantage...

> While I'd like to think that I really control my PC, once you get 
> networking TSRs, smartdrv, APSI drivers, CDROM and Soundcard drivers, 
> HIMEM, etc. loaded, do you really _know_ that they are your friends? 
> Is this a real problem?

Yes, this can be a real problem.  So design the card such that the noise
source runs continuously at a high speed, and feeds an 8-bit shift
register.  Place a latch on the output of the register, and set up
decoding logic to read the latch in a memory-mapped port position.
Ports are available, if you look and plan around the popular ones (such
as UARTs, soundblasters, CD-ROM cards, etc.).  You'll want to make it
configurable to several possible ports.  This design assures that each
random byte can only be read once.  A TSR couldn't read the card in
parallel (because reading a port doesn't require hooking an interrupt),
so the only way to compromise it is to subvert the application reading
the card.  Conventional anti-virus protection can see to it that the app
remains trustworthy.

> Cypherpunks write code (or maybe work on hardware :-) !

I hack both.  Hardware is fun!
- -- 
Roy M. Silvernail --  roy at sendai.cybrspc.mn.org will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
        PGP 2.3a public key available upon request (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLgRdWxvikii9febJAQG16wP7BzcIdnQw/TPFO+E/GwnPIt3xBVu0lHq3
H1ACbdiWMxD55F2GiQ21fZ7K1IRtr8gTsgKGnbBDMMW7hjfVmFinzYJRhH/jBnQC
0nndL9bK+DtX42GyDYn88MnGYQL1b+7Efp6V1QNP+gGdfYYZrZwqscgajPalPkKD
qQveABptfBI=
=+j3A
-----END PGP SIGNATURE-----






From roy at sendai.cybrspc.mn.org  Sun Jun 19 09:02:09 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Sun, 19 Jun 94 09:02:09 PDT
Subject: Hardware generators was: your mail
In-Reply-To: <199406191450.KAA29861@duke.bwh.harvard.edu>
Message-ID: <940619.102103.9N5.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, adam at bwh.harvard.edu writes:

>         Understood, but its not a matter of addressing 90% or the
> other 10%, its a matter of "Is the security gain in building a card
> that only hands out each number once worth cutting out 10% of the
> market?"  I think that if you are worried about rouge code on your
> machine, you aren't going to run on  a computer that can't protect its
> memory from random browsing.  (I can still access all of a PC's memory
> from normal code, can't I?)  Thus, building a PC card doesn't really
> afford you a gain in security if I can use my hostile code to read
> PGP's memory locations.  If you agree with that, then there is no good
> reason not to build a serial port dongle, and include me in your
> potential customers. :)

The card design isn't so much security as avoiding scarce real estate on
a PC (which, at somewhere over 130 million units fielded, is a not
inconsiderable market segment).  If this were a dongle device, I'd want
it on a parallel port.  Many machines don't have a spare serial port,
and transparent dongles would be harder to do there, anyway.  But
transparent parallel port dongle technology is already established.
- -- 
    Roy M. Silvernail       |  #include <stdio.h>            | PGP 2.3 public
roy at sendai.cybrspc.mn.org   |  main(){                       | key available
                            |  int x=486;                    | upon request
                            |  printf("Just my '%d.\n",x);}  | (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLgRkdhvikii9febJAQFLeAQAitqR4viAo/o/zxVzV/ixxvDZiTtO8R3u
FrxtuNWHAnxoNivuGOJ0zkyYEGOeMFuw2s8ZFKhpGdJwLn2zFl/m9C6H7WKbjaJv
gtMAjEr1QFvmhm5KUSB9aARIWHn2kvwyqCZae829y29jH9jiNxRgIxnaezbPd5gA
xNVImYKQZOo=
=Hz6T
-----END PGP SIGNATURE-----






From bmorris at netcom.com  Sun Jun 19 09:11:22 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Sun, 19 Jun 94 09:11:22 PDT
Subject: OJ`S CELL PHONE
Message-ID: <199406191611.JAA20513@netcom12.netcom.com>


To: cypherpunks at toad.com

>From the L.A. Times Sunday 6/19

Fugitive Relied On And Was Undone By Cellular Phone
...
Law enforcement officials subpoenaed the company ( AirTouch Cellular )
for assistance in tracking down O J Simpson.  Technicians began
monitoring calls made to and from the white Bronco.
...
Even if an eyewitness had not spotted the vehicle, such monitoring would
have made Simpson's capture inevitable.
...
Technicians in the tracking station can, if necessary, track a
particular call back to the cell site from which it originates.  But the
monitoring can not be done unless the phone is in use. [ Is that true? ]

 * RM 1.4 B0037 *
                                                                                                                     





From bmorris at netcom.com  Sun Jun 19 09:11:23 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Sun, 19 Jun 94 09:11:23 PDT
Subject: DECLINE AND FALL
Message-ID: <199406191611.JAA20505@netcom12.netcom.com>


To: cypherpunks at toad.com

LL> If capital flees a country, the population will be less
LL> productive, dissatisfied and vote the politicians out of office.  So
LL> policies that favor capital in some sense also favor labor.

LL> Anyone else care to take shots at his argument or support it?

Hot money ( investing money ) is always going wherever the best yield
is, and ignores national boundaries.  While this isn't capital investing
money, a big inflow/outflow to/from one country, especially a small one,
probably will affect the politics.

With global banking, and stock and commodity markets effectively open 24
hrs a day, this trend will increase.  For instance, the stock market of
Turkey zoomed up last year, and is zooming down now.  The hot money was
there last year as is leaving now.  This is undoubtably affecting their
internal politics.

 * RM 1.4 B0037 *
                          





From frissell at panix.com  Sun Jun 19 09:12:30 1994
From: frissell at panix.com (Duncan Frissell)
Date: Sun, 19 Jun 94 09:12:30 PDT
Subject: Decline and Fall
In-Reply-To: <9406152315.AA02540@toast>
Message-ID: <Pine.3.87.9406191236.A3123-0100000@panix.com>




On Wed, 15 Jun 1994, Rich Lethin wrote:

> Noam Chomsky spoke here in January and made the point that the increasing
> mobility of capital increasingly holds governments hostage.  He felt that
> it was the current greatest danger to democracy, because it bypasses any
> leverage voters might have on politicians at the ballot box.
> 

If I withhold my capital from some country or enterprise I am not 
threatening to kill anyone.  When a "Democratic State" decides to do 
something, it does so with armed men.  If you don't obey, they tend to shoot.

I know this may violate the cypherpunks politics alert threshold, but 
people out there have to realize that if technological change enhances 
the powers of individuals, their power is enhanced no matter what the 
government does.  

If the collective is weakened and the individual strengthened by the fact 
that I have the power of cheap guns, cars, computers, telecoms, and 
crypto then the collective has been weakened and we should ease the 
transition to a society based on voluntary rather than coerced interaction.

Unless you can figure out a new, improved way of controlling others; you 
have no choice.

DCF

"1000 idiots are not an improvement over 1 idiot." 






From sandfort at crl.com  Sun Jun 19 09:18:43 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 19 Jun 94 09:18:43 PDT
Subject: Decline and Fall
In-Reply-To: <9406152315.AA02540@toast>
Message-ID: <Pine.3.87.9406190839.A18112-0100000@crl.crl.com>


C'punks,

On Wed, 15 Jun 1994, Rich Lethin wrote:

> . . .
> Noam Chomsky spoke here in January and made the point that the increasing
> mobility of capital increasingly holds governments hostage.  He felt that
> it was the current greatest danger to democracy, because it bypasses any
> leverage voters might have on politicians at the ballot box.
> . . .

Chomsky's error is that he equates governments with democracy.  There are
plenty of governments (most, ALL?) that incorporate no meaningful elements
of democracy.  More often than not, it is the politicians who use
governments to hold the citizens hostage.  Then, of course, there is the
issue of whether democracy, itself, is a good thing or not.  (Personally,
I'll take freedom over democracy any day.)

The important issue for Cypherpunks is how we should respond to this
seemingly inevitable increased mobility of capital.  Does it pose a threat
to privacy?  If so, let's write code to thwart the threat.  Does it offer
us any tools we can use to fight the efforts of nation-states to take away
our privacy?  If so, let's write code to take advantage of those tools.

Let's not forget why we are here.


 S a n d y








From sinclai at ecf.toronto.edu  Sun Jun 19 09:38:09 1994
From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N)
Date: Sun, 19 Jun 94 09:38:09 PDT
Subject: Hardware generators was: your mail
In-Reply-To: <940619.102103.9N5.rusnews.w165w@sendai.cybrspc.mn.org>
Message-ID: <94Jun19.123759edt.16565@cannon.ecf.toronto.edu>


> The card design isn't so much security as avoiding scarce real estate on
> a PC (which, at somewhere over 130 million units fielded, is a not
> inconsiderable market segment).  If this were a dongle device, I'd want
> it on a parallel port.  Many machines don't have a spare serial port,
> and transparent dongles would be harder to do there, anyway.  But
> transparent parallel port dongle technology is already established.

I agree.  I have constructed a parallel port RNG that sampled a blank
AM radio band for its source.  The data lines give plenty of power to
the device, and there are dedicated feedback lines (busy, paper_out, &c).

However, I had a very informative discussion with Eric Hughes at
CF '94 where I learned that this was the wrong way to go to get good
random numbers.  Maybe he would like to comment since I don't
believe I can do justice to his argument.





From michael.shiplett at umich.edu  Sun Jun 19 09:41:32 1994
From: michael.shiplett at umich.edu (michael shiplett)
Date: Sun, 19 Jun 94 09:41:32 PDT
Subject: Position Escrow System
In-Reply-To: <199406181636.JAA01483@netcom2.netcom.com>
Message-ID: <199406191641.MAA29256@totalrecall.rs.itd.umich.edu>


"tcm" == Timothy C May <tcmay at netcom.com> writes:

tcm> Forwarded without comment, for now:

ap> AP, Washington. In an interview on Cable News Network's "Weekend
ap> Events," Attorney General Janet Reno said the recent O.J. Simpson case
ap> demonstrate the need for the Administration's "position escrow
ap> system," PES. 
 [Other useful text deleted]

  CNN later reported that due to the initially insufficient satellite
coverage, the position escrow system will only be in effect in major
metropolitan areas and some unspecified outlying areas. The covered
regions are ``position escrow zones'', PEZ. The transmitter is a
rounded rectangle tube topped with a symbol denoting each citizen
unit's genetic classification.

michael





From m5 at vail.tivoli.com  Sun Jun 19 09:45:29 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Sun, 19 Jun 94 09:45:29 PDT
Subject: Beware of Roman Catholic Corruption
In-Reply-To: <1d4_9406182301@nisc.fidonet.org>
Message-ID: <9406191645.AA02102@vail.tivoli.com>



NetSurfer writes:
 > What does this have to do with cryptography and why did you send this
 > to the Cypherpunks listserv?

It's pretty clear to me.  The Bible is an gigantic staganography
project.  Within it is concealed a complete plan for building
spacecraft to take all of us home to Alpha Centauri.

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From m5 at vail.tivoli.com  Sun Jun 19 09:48:56 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Sun, 19 Jun 94 09:48:56 PDT
Subject: OJ`S CELL PHONE
In-Reply-To: <199406191611.JAA20513@netcom12.netcom.com>
Message-ID: <9406191648.AA02110@vail.tivoli.com>



It may be that the phone can be "pinged" unbeknownst to the owner, but
I'm fairly confident that if the phone is shut off, you're safe.  The
truly paranoid might consider stowing the phone inside some sort of RF
cage, I guess, or maybe just throw it out the window :-)

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From dave at marvin.jta.edd.ca.gov  Sun Jun 19 10:00:48 1994
From: dave at marvin.jta.edd.ca.gov (Dave Otto)
Date: Sun, 19 Jun 94 10:00:48 PDT
Subject: L.J. Freeh and the Opposition
Message-ID: <9406191700.AA01544@marvin.jta.edd.ca.gov>


Check out sunday's _Parade_ magazine for an article on Louis J. Freeh, the
director of the F.B.I.  "Tough on crime", "man of the streets", and ruthless
eliminator of directors :-)  If he ever throws his weight behind Clipper, the
battle will get *MUCH* tougher.

        Dave Otto -- dave at marvin.jta.edd.ca.gov -- daveotto at acm.org
    "Pay no attention to the man behind the curtain!"     [the Great Oz]
    {I *DO* have a life, it's just that my kids are using it right now!}





From Richard.Johnson at Colorado.EDU  Sun Jun 19 10:24:49 1994
From: Richard.Johnson at Colorado.EDU (Richard Johnson)
Date: Sun, 19 Jun 94 10:24:49 PDT
Subject: Hardware generators was: your mail
In-Reply-To: <940619.102103.9N5.rusnews.w165w@sendai.cybrspc.mn.org>
Message-ID: <199406191724.LAA06416@spot.Colorado.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

  From the keyboard of:  roy at sendai.cybrspc.mn.org (Roy M. Silvernail)

> If this were a dongle device, I'd want it on a parallel port.  Many
> machines don't have a spare serial port ...

How about a SCSI device instead.  Most UNIX boxes and Macs nowadays have
a few unused SCSI IDs.  The great majority of DOS machines with SCSI (all
those new ones with CD-ROMs, etc.) have unused SCSI IDs.  SCSI has the
advantage of being rather fast, and is a cross-platform solution.


Richard

-----BEGIN PGP SIGNATURE-----
Version: 2.3a-sterno-bait

iQCVAgUBLgSNmPobez3wRbTBAQFWzAP/aLr0VY6hyenhzek6SI8h/+WoB4WPh7qw
HRhnCGQEjzFPVPgvD6ZR6va6pnjjCzchH16I6vM3vEDZ9rbU5blLMCT9a+PzemL4
iBRjuyFhWZP30YekazX96utgLfZqg/nK2Q+WyY9IKvDgR3kvTlM+sTRJ4jggpDKC
+gSvwqOam3Y=
=oE3j
-----END PGP SIGNATURE-----

--
Loudyellnet: Richard Johnson | Sneakernet: ECNT1-6, CB 429, CU Boulder
Phonenet:    +1.303.492.0590 | Internet:   Richard.Johnson at Colorado.EDU
   RIPEM and PGP public keys available by server, finger or request
   Speaker to avalanche dragons.   Do you really think they listen?





From smb at research.att.com  Sun Jun 19 10:39:25 1994
From: smb at research.att.com (smb at research.att.com)
Date: Sun, 19 Jun 94 10:39:25 PDT
Subject: Hardware generators was: your mail
Message-ID: <9406191739.AA28649@toad.com>


	 How about a SCSI device instead.  Most UNIX boxes and Macs
	 nowadays have a few unused SCSI IDs.  The great majority of
	 DOS machines with SCSI (all those new ones with CD-ROMs, etc.)
	 have unused SCSI IDs.  SCSI has the advantage of being rather
	 fast, and is a cross-platform solution.

``Cross-platform'' is great, but ``fast'' is probably a bad idea.
Few random number generators are particularly fast, and if you sample
the input too rapidly, you're likely to get too high a correlation
between successive bits.





From pfarrell at netcom.com  Sun Jun 19 10:54:07 1994
From: pfarrell at netcom.com (Pat Farrell)
Date: Sun, 19 Jun 94 10:54:07 PDT
Subject: Hardware generators
Message-ID: <49800.pfarrell@netcom.com>


In message Sun, 19 Jun 94 10:50:14 EDT,
  Adam Shostack <adam at bwh.harvard.edu>  writes:

> Understood, but its not a matter of addressing 90% or the
> other 10%, its a matter of "Is the security gain in building a card
> that only hands out each number once worth cutting out 10% of the
> market?"  I think that if you are worried about rouge code on your
> machine, you aren't going to run on  a computer that can't protect its
> memory from random browsing.  (I can still access all of a PC's memory
> from normal code, can't I?)  Thus, building a PC card doesn't really
> afford you a gain in security if I can use my hostile code to read
> PGP's memory locations.  If you agree with that, then there is no good
> reason not to build a serial port dongle, and include me in your
> potential customers. :)

I think I'm a bit confused. Your first post suggested that I was ignoring
an important part of the market, and I acknowledge that this was delibrate.

Now you seem to be arguing that the paranoia that I addressed in my
fourth question is justified. I'd like more backup for this, as
all I have is speculation at this point. I don't know if it is paranoia or
prudence.

Yes, if you are running DOS/Windows, you can address the world. Sigh.
And lots of other/better OS fix this, but they haven't got the market
penetration. So I'm back to addressing lots of folks, or a few
ones with real computers and real operating systems. I'd rather not
degrade into that religion, I started with TOPS-10 and moved to Tenex...

The problem with the serial port dongles are:

1) while parallel port dongels are known technology, making it work
on a serial port is more problematical.

2) Most PC serial ports are junk. Getting reliable data rates above
2400 baud is non-trivial for low end PCs. If I could claim that the
users had to have 16560AFN uarts, or better, then I could get decent
rates, but then I lose market size.

3) PCs typically don't have a spare serial port.

It is interesting that my mail is so far favoring an internal board
approach. Given that, and the forthcomming Plug-n-Plan spec from
Microsoft/Compaq/Intel/... and the hidious hassles of seting
up IRQs, port addresses, etc. Does this suggest that a
Plug-n-play board would be more attractive?

The key is that they would be more expensive, at least at first. Compaq
probably has the volume that can allow the cost difference to be
offset by lower tech support costs. I haven't got that volume yet.

Pat

Pat Farrell      Grad Student                 pfarrell at cs.gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>





From pfarrell at netcom.com  Sun Jun 19 10:54:08 1994
From: pfarrell at netcom.com (Pat Farrell)
Date: Sun, 19 Jun 94 10:54:08 PDT
Subject: Hardware RN generators, data volume requirements
Message-ID: <49814.pfarrell@netcom.com>


I'm quite happy about the volume and quality of responses I've
received. So here is another question:

What data generation rate should we aim for?

I guess I should be more precise, given that costs are usually
directly proportional to data rates, what are the minimum,
hoped for, and high end data rates needed?

For example, Tony Patti's RANGER has a very high data rate,
but is big and costs more than two cases of beer.

Is a good bit a second sufficient? 100 b/s? ???

Right now, I've only generated a few of Pr0duct Cypher's magic money
tokens. So if I had a daemon process collecting bits for me in the
background, then 3600 per hour is plenty.

I am sure that when Perry uses digicash for online trading of eurodollars,
he (and his user community) will need orders of magnitude more. But I'd
expect them to be willing to pay at least an order of magnitude more
for the gear too.

I'd like to hear grounded justification for rates, and/or
a rate/dollar tradeoff.

Don't worry about the exact monetary exchange rates. Estimates in
bits per second per case of beer are accurate enuff for this
level of design.

Thanks
Pat

p.s. I just got up to the chapter of Bruce's _Applied Crypto_ that
addresses some of the approaches to this. It really is a FAQ for
serious cypherpunks.

Pat Farrell      Grad Student                 pfarrell at cs.gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>





From rfb at lehman.com  Sun Jun 19 12:21:20 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Sun, 19 Jun 94 12:21:20 PDT
Subject: Decline and Fall
In-Reply-To: <Pine.3.87.9406190839.A18112-0100000@crl.crl.com>
Message-ID: <9406191918.AA05854@fnord.lehman.com>


    Date: Sun, 19 Jun 1994 08:55:39 -0700 (PDT)
    From: Sandy Sandfort <sandfort at crl.com>

    [Chomsky] equates governments with democracy.

This is most certainly *not* true.  If anything, I think that Noam
Chomsky would be far more likely to claim that there has never been a
democratic state, although its also reasonably likely that he'd first
ask about the meaning of the term `democratic state'.

I suspect that the root of Chomsky's concern is that the power of big
money interests should be concerned to be at least as large a source
of concern to individuals as the power of big government.  While many
lump him in with `consiracy theorists', his arguments are almost
universally based on a combination of (a) widely available evidence
(b) the idea that entities tend to act in their own self interest and
(c) something akin to Occam's Razor, i. e. simpler explanations are
more likely to be correct.

			Rick





From jrochkin at cs.oberlin.edu  Sun Jun 19 12:56:36 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Sun, 19 Jun 94 12:56:36 PDT
Subject: Anonymous Mailing list?
Message-ID: <199406191956.PAA09759@cs.oberlin.edu>


Has anyone tried to write some mailing list software that uses
PGP-anon-remailers to implement a double-blind anon system?
 
It wouldn't be very dificult to have a mailing list people contributed
to using a remailer with a encryted address-block, so no one knew
the actual address of the mailing list. Or more significantly, the
mailing list, instead of keeping a list of addresses, could keep a list
of encrypted address-blocks, and the proper remailer to send them to, so
the list maintainer doesn't know the real address of anyone on the list.
 
This is intriguing to me because it seems to solve the problem of a 
"secret" organization's security. The members of this mailing list don't
need to trust anyone else on the list not to reveal their identity; no
one can reveal anyone elses identity even if they wanted to. Assuming
the security of the encryption (which of course can't be assumed; anyone
with a sufficiently powerful comptuer and sufficient time to spend can
surely break PGP, but anyway...), this mailing list would seem to be
pretty much 100% secure. 
 
It would also seem desirable to have the mailing list software keep a record
of all it's members public keys as well, and send out posts encrypted. 
As well as perhaps check signatures of incoming messages so that only
legitimate list-members could contribute to it. 
 
I've been thinking of trying to write such software, perhaps by working with
the procmail program from comp.sources.misc, whcih can be used to implement
a standard mailing list. But has this already been done? It seems like such
an obvious idea, that it's hard to believe no one has thought of it first,
but I haven't heard of anything so far. Comments?





From cknight at crl.com  Sun Jun 19 13:10:15 1994
From: cknight at crl.com (Chris Knight)
Date: Sun, 19 Jun 94 13:10:15 PDT
Subject: OJ`S CELL PHONE
In-Reply-To: <9406191648.AA02110@vail.tivoli.com>
Message-ID: <Pine.3.87.9406191323.A2052-0100000@crl.crl.com>




On Sun, 19 Jun 1994, Mike McNally wrote:

> 
> It may be that the phone can be "pinged" unbeknownst to the owner, but
> I'm fairly confident that if the phone is shut off, you're safe.  The
> truly paranoid might consider stowing the phone inside some sort of RF
> cage, I guess, or maybe just throw it out the window :-)

Maybe something as simple as unplugging/removing bateries?

-ck






From hayden at vorlon.mankato.msus.edu  Sun Jun 19 13:13:12 1994
From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden)
Date: Sun, 19 Jun 94 13:13:12 PDT
Subject: Anonymous Mailing list?
In-Reply-To: <199406191956.PAA09759@cs.oberlin.edu>
Message-ID: <Pine.3.89.9406191542.A7800-0100000@vorlon.mankato.msus.edu>


I've look a little at using something similiar to Julf's double-blind 
system integrated with majordomo along with an encrypted database of 
addresses.

The user would send mail to listname at sitename, and then be matched to a 
pseudonym and it would be then sent out as pseudonym at sitename to the 
subscribers of the list.  Any mail back to pseudonym at sitename would be 
directed back to the real person and mail replied back to 
listname at sitename would be delivered as a pseudonymed name as well.

The database that matches the pseudonym to the real person would be 
encrypted to prevent prying eyes (although it does increase the overhead 
requred to decrypt the name).  I also looked at using a system that did 
not rely on human input for the keys or passphrases, using a 
machine-generated randomly garbled key phrase or some such.  An 
administrator could get physical access to the key, but without knowing 
the phrase they have a job ahead of them.

Unfortunately, lack of programming experience and time has forced me to 
push it way back on the agenda.

____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or Blue Earth County
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From pfarrell at netcom.com  Sun Jun 19 14:05:19 1994
From: pfarrell at netcom.com (Pat Farrell)
Date: Sun, 19 Jun 94 14:05:19 PDT
Subject: Hardware generators was: your mail
Message-ID: <61288.pfarrell@netcom.com>


In message Sun, 19 Jun 1994 11:24:34 -0600,
  Richard Johnson <Richard.Johnson at Colorado.EDU>  writes:
>
> How about a SCSI device instead.  Most UNIX boxes and Macs nowadays have
> a few unused SCSI IDs.  The great majority of DOS machines with SCSI (all
> those new ones with CD-ROMs, etc.) have unused SCSI IDs.  SCSI has the
> advantage of being rather fast, and is a cross-platform solution.

Sadly, the state of PC platform SCSI is in turmoil, at least right now.
Microsoft is working hard to convince folks that Enhanced-IDE is the
answer, and many CD-ROMs, big disks, etc. that are aimed at the mass
market are no longer SCSI, but E-IDE.

I don't think you can substantiate your claim that a "great majority of
DOS machines" have SCSI.

Worse, MS is pushing hard to push into Windows-for-Workgroups. Many OEMs
no longer ship Windows, even for standalone PCs. They ship W4Wg.
W4Wg's support for SCSI devices is a step or two down from even
W4Wg 3.10. My SCSI disk setup (1.7GB Maxtor) is significantly slower under
W4Wg 3.11 because MS changed things to the point that I no longer have
32-bit disk I/O.

Chicago is claimed to have "better" SCSI support, but I was hoping that
I could get this at least prototyped this summer. No RSN reliance
on 3rd party vendors for me, thanks.

Right now, SCSI is too high-end (Suns, HP, Macs, serious PCs, etc.)
for the market that I have in mind.

Pat

Pat Farrell      Grad Student                 pfarrell at cs.gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>





From sandfort at crl.com  Sun Jun 19 14:27:40 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 19 Jun 94 14:27:40 PDT
Subject: TV AS A SOURCE OF KNOWLEDGE
Message-ID: <Pine.3.87.9406191434.A4659-0100000@crl.crl.com>


C'punks,

I just watched the latest episode of "Acapulco H.E.A.T." In this weeks
show, "Codename: Ghost," the Bad Guy is a renegade CIA agent who has
become an arms dealer on the Black Market.  He controls his far flung
organization via encrypted e-mail over the Internet.  The H.E.A.T. team
foils his dastardly plans by *intercepting* his e-mail and sending on
*forged* messages signed with his own *code* (digital signature?).  Too
bad he wasn't a renegade NSA agent (or a Cypherpunk), then he might have
had the good sense to use strong crypto.  Yeah, I guess there must be dumb
criminals who would use Clipper or the like. 

WHY I WATCH ACAPULCO H.E.A.T.

Cheap thrills.  Lots of babes in bikinis, lots of guns, lots of car chases
and lots of explosions.  (Subtract 2 points for Fabio.)  I would kill for
a night with the woman who plays "Cat" (Alison Something-or-other). 

WHY YOU SHOULD WATCH ACAPULCO H.E.A.T.

We can see really good TV and movies again and again.  If you miss it the
first time, it will be back again, soon enough.  The really bad stuff is
gone in a heartbeat.  See it now, or never see it again (unless it becomes
a cult show). 


 S a n d y









From die at pig.jjm.com  Sun Jun 19 15:36:42 1994
From: die at pig.jjm.com (Dave Emery)
Date: Sun, 19 Jun 94 15:36:42 PDT
Subject: Cell phone tracking
Message-ID: <9406192230.AA02687@pig.jjm.com>



   Mike McNally writes: 
 > 
 > Jef Poskanzer writes:
 >  > It looks like at least some switches in Amerika are already equipped
 >  > to read out locations for individual phones.  
 > 
 > This is not actually that surprising.  All they need is to know which
 > phones are using a band on a cell site, and they narrow the search
 > down to a relatively small area.  I seriously doubt that they can do
 > triangulation (I mean, they *could*, but there's not much likelihood
 > that the cellular operators would incorporate something complicated
 
 
 	A company I am familiar with which does specialized classified
 interception systems for the NSA and other TLA's has built just such a
 system for the TLAs. 
 
 	It can locate a cellphone to within a few feet just as soon
 as it starts transmitting - it uses time of arrival techniques to 
 triangulate the cell phone's position.
 
 	How many of these are installed and where I do not know, but
 the technology has been developed and is in use. The system is multi-channel
 and can keep track of many cellphones at once - but as a practical
 matter it isn't hard to monitor the control channels and paging channels
 to locate the phone of interest and identify which of the 866 channels
 it is transmitting on so even simple doppler DF technology might work.
 
 	Considering that the LA area is the biggest cellular market in
 the country it wouldn't surprise me that some of the these systems
 are installed there.
 
 	And in the future Phil Karn's company Qualcomm's CDMA digital
 cellphones will provide few feet accuracy position as a byproduct of the
 spread spectrum receive correlator operation on every transmitting phone
 within range of more than one cell receiving site unless they actually
 aviod trying to make the measurement.  Most of the time more than one
 cell site tracks a given phone so they can vote on which one has the
 stronger signal - given that each of these sites has a precise estimate
 of the time of arrival of transissions from each phone it takes little
 more than netting of the time base (with GPS ?) between the cell sites to
 detemine cellphone positions since the positions of the cell site
 antennas are well known.  I suspect that if the hardware and software to
 do this (mostly software) is not part of the current base station that
 certain TLAs will pay to have it developed and implemented. 
 
					
					Dave Emery

					die at pig.jjm.com 








From dmandl at panix.com  Sun Jun 19 15:56:15 1994
From: dmandl at panix.com (David Mandl)
Date: Sun, 19 Jun 94 15:56:15 PDT
Subject: Decline and Fall
Message-ID: <199406192256.AA28621@panix.com>


At  8:55 AM 6/19/94 -0700, Sandy Sandfort wrote:

>Chomsky's error is that he equates governments with democracy.

Not true.  Chomsky is an anarchist.  He would never make a statement like that.

Just for the record...

   --Dave.


--
Dave Mandl
dmandl at panix.com







From klbarrus at owlnet.rice.edu  Sun Jun 19 17:04:02 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Sun, 19 Jun 94 17:04:02 PDT
Subject: MAIL: anon mailing list
Message-ID: <9406200003.AA17728@flammulated.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

> Has anyone tried to write some mailing list software that uses
> PGP-anon-remailers to implement a double-blind anon system?
 
> a standard mailing list. But has this already been done? It seems
> like such an obvious idea, that it's hard to believe no one has
> thought of it first, but I haven't heard of anything so far. Comments?

Well, Hal Finney offered a service by which people could subscribe to
an encrypted version of this list... which is something similar.

Say somebody wants to run a mailing list as you propose.  I think they
should just run the list at the same address unless the remailers can
suitably pad, delay, and randomize incoming messages and redirect them
to the true list site (but then delay and randomization may lead to
loss of coherency on the list ;).  If not, surely external observation
of the contact point will show where all the messages are headed.

The resources needed would be higher than a normal list since each
incoming message would need to be checked for a digital signature (or
the list could become victim to an anonymous mail bomber, and you
can't filter out anonymous remailers since of course everybody is
using them to submit posts!), encrypted to every other member, and
remailed.

Which isn't to say impossible, just maybe impractical for a large
mailing list.  Take this list, with say 500 members - every incoming
post digitally signed and arriving via anonymous remailer, and upon
arrival, checked for a valid signature, encrypted with the public keys
of the pseudonyms subscribing to the list;), and remailed out...

This may work if you have a small group of people dedicated to this
setup, but otherwise, no go.  I mean, most people on this list don't
even sign their posts, most don't submit via anonymous remailer, etc.
It would take much work to make it convenient enough to do this.

I think a higher priority is finding the bug that keeps unsubscribing
everybody ;)

Karl Barrus
klbarrus at owlnet.rice.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgTdeMSF/V8IjI8hAQHeTwQAjDPXzJgrwubLkxq0Kz6ETM7chR4Ci5kG
XbzWrFc3jwT57xpOfHIeeTTWn73Sls7C5UsFAT1sE4hxHRZO2HG6a7psLRa5/82V
bhjnW+6KMOByCZb01h4b0toVR+7vF22EzPME0lnlsW+SjBqlAcNYPb+rSnjbnahG
g9zzaCL6nJ8=
=1WIZ
-----END PGP SIGNATURE-----

-- 
Karl L. Barrus: klbarrus at owlnet.rice.edu         
2.3: 5AD633;   D1 59 9D 48 72 E9 19 D5  3D F3 93 7E 81 B5 CC 32 
2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5  E8 97 64 7E 20 95 60 D9
"One man's mnemonic is another man's cryptography" - K. Cooper




From roy at sendai.cybrspc.mn.org  Sun Jun 19 18:02:09 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Sun, 19 Jun 94 18:02:09 PDT
Subject: Hardware generators was: your mail
In-Reply-To: <199406191724.LAA06416@spot.Colorado.EDU>
Message-ID: <940619.183500.7i8.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, quoth Richard.Johnson at Colorado.EDU (Richard Johnson):

>   From the keyboard of:  roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
> 
>> If this were a dongle device, I'd want it on a parallel port.  Many
>> machines don't have a spare serial port ...
> 
> How about a SCSI device instead.  Most UNIX boxes and Macs nowadays have
> a few unused SCSI IDs.  The great majority of DOS machines with SCSI (all
> those new ones with CD-ROMs, etc.) have unused SCSI IDs.  SCSI has the
> advantage of being rather fast, and is a cross-platform solution.

Now I have machine envy... (so SCSI here yet)  But maybe a generalized
product line?  SCSI and IDE, as well as parallel dongle.  Whatever kind
of port you happen to have laying about.  And not using up slots is
really a Good Thing.  My 486 is full right now, and I use all of it, so
pulling a card isn't an option.
- -- 
Roy M. Silvernail  []  roy at sendai.cybrspc.mn.org

                          It's just this little chromium switch.......

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLgTXIxvikii9febJAQHvgAQApJpVi3SqZg9QVefA4iS31tpi0mc+rj+7
7ZJCyqQBbFe0g0C5GH1nWumHfIc5UzLpti9RWsxMVNqHQ87MTcq3eQ1tvLh6cAQO
ReEj2RqappfxgRa9seQkDNrOsrb1IuxMTtDRJBBSCvuxF+vhUiECrZV087aSUdTu
GpH+AZtFrhg=
=LWo7
-----END PGP SIGNATURE-----






From carterm at spartan.ac.brocku.ca  Sun Jun 19 18:09:09 1994
From: carterm at spartan.ac.brocku.ca (Mark Carter)
Date: Sun, 19 Jun 94 18:09:09 PDT
Subject: Having your own computer means never having....
In-Reply-To: <199406190613.AAA06457@spot.Colorado.EDU>
Message-ID: <P-D1kiU9QTzP066yn@spartan.ac.brocku.ca>


-----BEGIN PGP SIGNED MESSAGE-----

> employees can't send our proprietary plans off-site?" appears to be "Do
> you search your employees at the exit for floppies and magnetic tapes?" 

I see your point.

> Encryption being available to employees can make industrial espionage
> easier only if it opens a new channel (or clears an insecure channel) for
> bad apple employees or contractors to get their stolen memos off site. An

Encryption could be used as a secure means of storage of accumulated material
(on site) until a security gap can be found, though.  And if anyone does any
snooping, they can't see through the encryption to see if it's really company
secrets, thus protecting the spy.

> (unless higher bandwidth per incident channels like DAT or 8mm tapes risk
> exposure).

Again, encryption is sort of a nice safety net.  They can catch you with the
tape, but they've only got you on suspicion of espionage, and the evidence
is encrypted.

> fill them with garbage.  It is indeed a security risk, but the sabotage can
> more easily be performed without strong encryption.

I was thinking more about data being held hostage.

Encryption offers the possibility of restoring the information... no doubt
for a price of some sort.  Few companies would like to admit to being
blackmailed in this fashion.

Sabotage, on the other hand, is much less flexible, and hence would be the
practice of comparative amateurs.  If you destroy everything, and get caught,
what do you have to bargain with?

    Mark

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Mark Carter
 carterm at spartan.ac.brocku.ca
 PGP key available by finger.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgTjWmcmVnbEt/gBAQEbxQP+JNs6QvvpMft3FH7DeEUFvsz37lcLAn9d
KzKFHdGMqA0GTqdQLTaEdCBaZzXWMvCW99VcA63l9BFqwEbV1iNw0qs/dWUQseyR
JR0bc/RWqhW7E20NSTXeNpRbxTD9oRoUz1qkV4Z482SWGPEjuIB8Ri+/gJLID9El
rNaKKEJluoE=
=ewDq
-----END PGP SIGNATURE-----






From m5 at vail.tivoli.com  Sun Jun 19 18:14:28 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Sun, 19 Jun 94 18:14:28 PDT
Subject: Decline and Fall
In-Reply-To: <199406192256.AA28621@panix.com>
Message-ID: <9406200114.AA04775@vail.tivoli.com>


> Chomsky is an anarchist.

[ Why is it that I find myself responding to off-crypto-topic posts? ]

I find the above claim to be a little difficult to accept, based on the
Chomsky I've read.

I don't know what pigeonhole I'd choose, but I'm pretty sure it wouldn't
be "anarchist".







From mgream at acacia.itd.uts.edu.au  Sun Jun 19 18:48:05 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Sun, 19 Jun 94 18:48:05 PDT
Subject: OJ`S CELL PHONE
In-Reply-To: <199406191611.JAA20513@netcom12.netcom.com>
Message-ID: <9406200150.AA19360@acacia.itd.uts.EDU.AU>


"Bob MorrisG" wrote:
> Technicians in the tracking station can, if necessary, track a
> particular call back to the cell site from which it originates.  But the
> monitoring can not be done unless the phone is in use. [ Is that true? ]

I wonder about this.

A friend had a Motorola handset he was using with our (Telecom) AMPS
service. When in stand-by mode, it polls the closest cell to determine
link quality and whether any slots are available for use.

When we were on holiday a few months ago, we stayed in a little seaside
town (ie. a small cell) and I can remember eating and noticing the
phone switch to `no service' for a few minutes, presumably as the cell
was fully loaded. While travelling through a National Park the
following day, in the middle of nowhere effectively, the same thing
happened as we went out of network range for a couple of hours.

The question is whether this polling includes the handset identifying
itself to the cell.

Matthew.

-- 
Matthew Gream <M.Gream at uts.edu.au> -- Consent Technologies, (02) 821-2043
Disclaimer: I'm only a student at UTS





From roy at sendai.cybrspc.mn.org  Sun Jun 19 18:51:58 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Sun, 19 Jun 94 18:51:58 PDT
Subject: Hardware generators
In-Reply-To: <49800.pfarrell@netcom.com>
Message-ID: <940619.185244.7M9.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, 'tis pfarrell at netcom.com (Pat Farrell):

> It is interesting that my mail is so far favoring an internal board
> approach. Given that, and the forthcomming Plug-n-Plan spec from
> Microsoft/Compaq/Intel/... and the hidious hassles of seting
> up IRQs, port addresses, etc. Does this suggest that a
> Plug-n-play board would be more attractive?

I need to examine the Plug-n-play spec.  But if it's forthcoming, I'd be
inclined to support the huge installed base.  The hassles are more
hideous with IRQs because there's less of them.  This application
doesn't really need an IRQ, since it's going to be polled anyway.  A
simple questionaire or install program can find a usable port that
probably isn't taken.  DosRef2.2 shows nothing assigned in the 0x400
range.  Maybe you can grab something unique in there.
- -- 
Roy M. Silvernail  []  roy at sendai.cybrspc.mn.org

                          It's just this little chromium switch.......

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLgTf6hvikii9febJAQGPGQP7BWOShuYPNlrTzP6YhLcFpriTYTj+oxSG
jFInCc9bSzXrGUsWx2ObFeeYw1gz/8ZtnhdZ26kVRLj/CpKuGV64/NtxZ6JUhpEA
V0LtoWPpcv5XqlVwYBpMgQtIUVI8ekXJt88ZHfjOgeMfBRyprA0Mt8z9i7frSdf6
lUBsXq3/KY0=
=CTxZ
-----END PGP SIGNATURE-----






From tcmay at netcom.com  Sun Jun 19 19:00:59 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 19 Jun 94 19:00:59 PDT
Subject: Corporations and Encryption
In-Reply-To: <199406181833.LAA23673@netcom4.netcom.com>
Message-ID: <199406200201.TAA06906@netcom5.netcom.com>


Earlier I wrote:

> And an even better solution is for folks to have their own private
> machines and access to one of the cheap Internet service providers
> springing up all around. Then they won't have to worry about their
> corporations "snooping" in their e-mail files. Or restricting them
> about using PGP or other crypto.
> 
> Corporations have a legitimate reason to tell employees what they can
> and can't use. After all, corporations are held liable for most
> employee actions (so those death threats to whitehouse.gov will
> reflect back on the company) and have other concerns as well
> (espionage, extortion, bribery, too much use of the Net, etc.).
> 
> Having your own computer means never having to say you're sorry.
> 
> (I fear laws telling corporations they *can't* snoop as much as I fear
> Clipper. The reasons are obvious, to me at least, and I can expand on
> this point if anyone's really interested.)

Several people having asked for an explanation and/or commented here
on their interpretations, I'll explain my position:

* Individuals, groups, corporations are free to set their won
policies, more or less, in a free society. (Not everyone agrees with
this, more's the shame.)

A company can set working hours, working conditions, software to be
used, and so on. It is not the business of government to interfere in
these decisions, nor do "civil rights" enter in...an employee told to
use Microsoft Word and not to use PGP cannot claim his "civil rights"
are being violated.

* I did not say companies _should_ snoop...I said there should not be
laws forbidding snooping--in line with the point above.

Imagine the implications of a law forbidding such "snooping": a
company would presumably be unable to ensure that its policies were
being followed, that it's employees were not violating various laws,
etc.

To be sure, companies may wish to avoid snooping, as the repercussions
on company morale are often severe. Not being a good idea, in general,
does not imply that there "ought to be a law" regulating such things.

(Ditto for searches on leaving premises, which one writer here likened
to snooping. Indeed, the two are the same. For 12 years at Intel, my
briefcase was searched--sometime thouroughly, usually cursorily--every
time I left a building with it. Not hard to see, given that a single
uP could be sold for $500 and a briefcase of them could be worth a
small fortune. Floppy disks and the like were generally ignored, as
determining the contents would be too difficult, etc. A lot more I
could say here, but I won't. Searches of briefcases was a "condition
of employment" and not a civil rights issue....except for female
employees, whose handbags were exempted by external law from any
search...assembly workers were often suspected of stealing packaged
devices, but Intel was forbidden to check their bags!)

* In summary, it's a real bad idea--ethically and practically--to deny
"corporations" behaviors we take for granted for ourselves. If I hire
someone to help me in my home, I can set the conditions of the job:
what hours, what rate of pay, what tools can and can't be used, and
what limits I may wish to place on his use of my modems to communicate
with outside services or agents. Corporations are not really
different.

We may not like big corporations...most new companies are formed by
people fed up big companies...but this does not mean we should
interfere with how they run their businesses. Not working for them is
always an option. (I am sympathetic to many anarchist views, such as
those held by my friend Dave Mandl, but I am not at all convinced by
left-leaning arguments that "sometimes people have no choice " in the
jobs they take. Thus, I am a standard libertarian here.)

In considering whether crypto should be "allowed" or "not allowed" for
corporations, a better answer is: that's not for society and the law
to concern itself with. Companies that snoop too much will lose
employees, and companies that are told they cannot monitor what
employees are doing and what tools are being used will also lose out.

Finally, all the arguments about there being _other_ ways for
corporate secrets to leak out are accurate, but beside the point. Of
course there are, and I have done extensive writing on this (BlackNet,
information markets, Gibson-style "escrow" of key employees, etc.).
But that employees can use their home computers to sell corporate
secrets is somthing they will have to learn to deal with somehow (*),
not a reason to limit corporations' abilities to set policy in their
workplaces.

(*) One possibility, the Gibson scenario mentioned (cf. "Count Zero"),
is to require key employees in extremely sensitive positions to forego
access to outside contacts. It may not work very will, and it may be
distasteful to many or most people, but it's not a violation of "civil
rights."

Along with "democracy," the term "civil rights" is bandied about too
much and is used to justify entirely too much State intervention.
Mutually agreed-upon contracts always take precedence over democracy
and civil rights. 


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From Richard.Johnson at Colorado.EDU  Sun Jun 19 19:02:28 1994
From: Richard.Johnson at Colorado.EDU (Richard Johnson)
Date: Sun, 19 Jun 94 19:02:28 PDT
Subject: OJ`S CELL PHONE
In-Reply-To: <9406200150.AA19360@acacia.itd.uts.EDU.AU>
Message-ID: <199406200202.UAA20180@spot.Colorado.EDU>


-----BEGIN PGP SIGNED MESSAGE-----

  From the keyboard of:  mgream at acacia.itd.uts.edu.au (Matthew Gream)

> "Bob MorrisG" wrote:
> > Technicians in the tracking station can, if necessary, track a
> > particular call back to the cell site from which it originates.  But the
> > monitoring can not be done unless the phone is in use. [ Is that true? ]
>
> I wonder about this.

> [Description of polling handset deleted]
>
> The question is whether this polling includes the handset identifying
> itself to the cell.

Yes, it must.  If the handset is on standby, it won't receive calls
unless the cell can tell which number the handset is using.

The only sure way to keep yourself out of the "Position Escrow System"
is by keeping the phone turned off, and possibly disconnecting the
battery or car power lead.  "On Standby" == "In use."


Richard

-----BEGIN PGP SIGNATURE-----
Version: 2.3a-sterno-bait

iQCVAgUBLgUGwfobez3wRbTBAQGDWwP/fA5i68L8YGJ0qOQ8nmTVMLRKjpVGWcLj
ZGm6kSqXhERJFDuGmoiEzKLsg9KLTkrtHQl6IMKJ/MS921k1an/b13Hzksp6SvRm
aFN8zYMoEUUiWcPGdKZC2sf7XjtAkUxnKfYlXXWuDp5qeaGdroPCtQ9MDFsl9ply
lORwwdOA7Ls=
=15Dp
-----END PGP SIGNATURE-----

--
Loudyellnet: Richard Johnson | Sneakernet: ECNT1-6, CB 429, CU Boulder
Phonenet:    +1.303.492.0590 | Internet:   Richard.Johnson at Colorado.EDU
   RIPEM and PGP public keys available by server, finger or request
   Speaker to avalanche dragons.   Do you really think they listen?





From tcmay at netcom.com  Sun Jun 19 19:30:34 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 19 Jun 94 19:30:34 PDT
Subject: Andy Grove on Clipper
In-Reply-To: <199406182001.NAA06781@netcom13.netcom.com>
Message-ID: <199406200230.TAA09568@netcom5.netcom.com>


I agree with what Mike Duvos says here:

(other points I also agree with elided)

> I don't think we have very much time left to save our precious
> encryption rights from Big Brother.  Revoking rights is like frog
> boiling.  As long as it is done slowly enough, it goes relatively
> unnoticed.

That's right. And the essay I just posted on "Corporations and
Encryption" is apropos. If, for example, Cypherpunks go along with
(or, worse, _advocate_) laws regulating crypto use in corporations,
then this is part of turning up the temperature on the frog.

> Remember when civil forfeiture started?  First only profits from
> illegal activities were seized.  They quickly moved to seizing
> all of a suspects assets.  Now cops can stop you on the road,
> empty your pockets, and take your money using only the
> justification that possession of more than a certain amount is
> evidence of wrongdoing.

It's worth noting again for any newcomers in the last half year or so
that Whit Diffie said at a Cypherpunks meeting that he think _civil
forfeiture_ will be used to suppress noncomplying crypto: corporations
will be told that only certain types of crypto are allowable, and
noncomplying crypto will be grounds for forfeiture of corporate assets.

...
> attempt to thwart the federal agenda.  Attacks on Denning's
> character, the Clipper algorithm, and the LEAF field, while
> interesting, do nothing to help our cause.  What will we do when
> the government presents us with an escrowed, publicly reviewed,
> unbreakable strong encryption algorithm which is mandatory?  We
> need to concentrate on the basic issues here and state them
> clearly many times in language the public can understand.

I agree...the focus on the "weaknesses" of EES, rather than the deeply
flawed ethical, Constitutional, and practical issues, is mistaken. But
if folks want to put effort into this, fine. I don't. They can.

> The public slap in the face our agenda received the other day on
> the crypto export issue should be proof enough that our enemies
> will accept nothing less than the total surrender of our right to
> personal privacy.  It's time to stop being nice.  When you go after 
> the King, you shoot to kill.

I'm sure there are those scanning this list who view such metaphorical
comments more literally, as a death threat against Bill Clinton and
his minions. They have no appreciation of irony.

Pushing strong crypto to the "tipping point," the point of no return,
is within our grasp.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From matsb at sos.sll.se  Sun Jun 19 19:40:42 1994
From: matsb at sos.sll.se (Mats Bergstrom)
Date: Sun, 19 Jun 94 19:40:42 PDT
Subject: self-serving bureaucracy
In-Reply-To: <199406172358.AAA14963@an-teallach.com>
Message-ID: <Pine.3.85.9406200326.A25654-0100000@cor.sos.sll.se>


Graham Toal wrote:
> There was quite an interesting quotation in one of the British papers
> recently from Ames, the CIA spy who was caught - he said that the intelligence
> infrastructure in the US was a self-serving bureaucracy.

This is a truth not limited to the US. The English spy analyst Phillip 
Knightley has dwelled a lot on this subject in his books, especially
in 'The Second Oldest Profession' (from the early-mid 80's) which, in
my opinion, gives an excellent historical background to the rise of
government intelligence agencies as the means of livelihood for hordes
of slightly odd academic personalities that otherwise might have had a
hard time finding employment.

Mats B.








From rah at shipwright.com  Sun Jun 19 19:42:00 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Sun, 19 Jun 94 19:42:00 PDT
Subject: e$, Liquidity, and Economic Granularity
Message-ID: <199406200241.WAA24316@zork.tiac.net>



Flame-bait warning.

The last week or so, I've been trying to cobble together some business
models for electronic commerce, particularly how the banking system fits
in. I'm posting some of the more far-out stuff for discussion here.  To get
here, I've had to thrash some stuff that's probably obvious to the
cypher-gerontocracy. I beg their indulgence in advance, because some of the
stuff I'm going to yak about probably has been been said here numerous
times in prehistory.  I'd like pointers to those discussions, FAQs(?), etc.
as I couldn't find specific mention of them in the file heirarchy at soda.
As it is, I've bumped into some interesting stuff to me, and thought I'd
share... Hokay... Here goes.

One of the things I like about e$ is that strong crypto provides the
linkages to  disperse it into quite small units and still reunite quite
usefully into big batches for the purposes of financial markets. This is
necessary, because like all technology, successful new stuff usually
creates a superset of the old stuff. It has to offer the same functionality
and add a significant improvement. Here's how.

Let's start with where people keep their money. It can be said that given
the size of a bank's average retail demand deposit account, and the
interest and fees on those accounts, it might at some time behoove people
to keep their disposable money *in cash* on a personal hard drive
somewhere, probably at home, and probably backed up offsite for security.

The principal reasons that people have checking/savings accounts these days
are pretty much as follows: 1. to protect that money from theft, 2. to be
able to conveniently safely spend that money in small increments with
checks or with ATM cards, 3. (recently) to be paid through direct-deposit
mechanisms, 4. to get interest on the money while it sits there.

I think that reasons 1,2, and 3 can be taken care of with e$ protocols, and
that for most demand deposits, 4 is not meaningful because fees outweigh
interest most of the time. You might as well keep your money at home.

Like a lot of other things, retail demand deposits are largely an
industrial phenomenon.  With e$, information technology does to banking
what it did with the industrial telephone network.  A heirarchical network
is replaced with a geodesic one, and demand deposits, except as
concentrator points for large institutional cash distributions, cease to be
meaningful in an economic sense for individuals.

When people accumulate surplus money (:-)) and want to sell that money to
an entity in the financial community, the transaction can be taken care of
with automated secure transmissions of e$.

Organizational concentrations caused by efficiencies of scale would tend to
dissapate as well.  Imagine if Peter Lynch's replacement(s?) could run
Magellan as he saw fit and had all his fund concentration and distribution
activity taken care of automatically without the cost of the Fidelity
administrative armature. He'd still drive a multi-billion dollar fund. His
customers would still hold shares of Magellan. However, those customers
would be doing business with an automated digital cash transaction server,
which would take their money or redeem their digital shares of Magellan for
it's current market value following whatever redemption criteria exist in
the funds prospectus and deposit agreement.

The disbursement/concentration code's already there in Sybase and on the
Heavy Iron (yes, it's still there...).  The user interface just needs
changing. With a digital cash transaction server, there is no need to train
a cast of thousands of clean-scrubbed young econ majors to answer the
phone. (Fidelity Joke: "Camp Fido. It's a great place to work if you're
parents can afford to send you there.")  Grove's Law tells us the iron
keeps getting smaller.  So, our Lynch-analog could (in theory) have a small
cash transaction server handling his client relations while spent his time
looking out the window at Marblehead, at his Quotron-replacement, or at his
collection of Ren-n-Stimpy cartoons.

With e$, the capital markets could still operate the way they always do,
but with more functionality. The growth of communications technology
originally allowed financial information to move more quickly.  Then,
centralized information technology allowed transactions to be processed
more quickly. Finally, distributed information technology allowed decisions
to be made more quickly.  The increased functionality contributed by strong
crypto enables decision-making ability to be pushed out of investment firms
and onto the network, the same way that automated switching technology
created more more nodes in the telephone network.

Here's how that could happen. Most serious individual equity investors know
what p/e ratios and book values are, and what they mean.  Software can
allow them to understand and manipulate fixed-income concepts like
duration, convexity and total return. This means that people can do more
and more sophisticated things with their money and get better returns.

The first limitation for sophisticated individual transactions is small
transaction size. However, it's possible to see how if they're trading on
their own, investors could take "physical" delivery of e$-based investment
instruments. A person's "portfolio" could consist of various "securities"
physically resident on a storage medium that they physically control.
Because of the automation of transactions allowed by this kind of "physical
delivery", the minimum certificate sizes could come down for the most
common securities.

For uncommon securities or market strategies, it is possible to envision
the ability to anonymously concentrate large purchases of various
positions, much in the way odd-lot trades are consolidated in the equity
markets today.

The second limitation is the ability to securely communicate these
transctions with the markets. I suppose that's a straw man to those on this
list, but as you've probably guessed, this is the most important part.
Strong crypto allows you to send money and money equivalents over the
network with the confidence that it doesn't get waylayed.  Thats *real*
important for the efficient function of capital markets. ;-).

I bet that the roles of the really important players in the capital markets
won't really change much. Portfolio managers still function like editors.
They add value by synthesizing information.  The people on the sell side,
the investment bankers, securitizers, and pool-builders, etc. all still
create securities so that markets can cope with technological change in
information technology. (A charitable way of looking at *those* guys,
anyway...)

The thing that holds this all together is strong encryption and it's
various offspring, including digital cash and other forms of e$.

This crypto-stuff has a lot of really spiffy applications in finance and
financial operations. I *love* this place....




-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From tcmay at netcom.com  Sun Jun 19 19:53:37 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 19 Jun 94 19:53:37 PDT
Subject: Having your own computer means never having....
In-Reply-To: <199406190709.DAA05044@cs.oberlin.edu>
Message-ID: <199406200253.TAA11789@netcom5.netcom.com>


Jonathan Rothkind writes:

> If the bozo has write-priveledges to everything in the office, sounds
> like a problem with or without encryption. Or were you just suggesting
> that he was going to encrypt it all and mail it to a competitor?
> This too seems to be a problem with or without encryption; he can just copy
> to floppy and snailmail to a competitor. Same with industrial espionage of
> just about any kind; sure it makes it _easier_ for the hypothetical
> spy to do his dirty work, but it doesn't actually enable him to do anything
> fundamentally different then he could before.

Companies I am familiar with make some attempts to chech U.S. Mail,
although this is like pissing into the ocean. Packages, though, are
suspect and my old company (Intel, as you all know by now) had strict
rules about sending packages, and all were subject to inspection.

But I agree that it's ridiculously easy to get 4 gigabytes out of a
company. In my years at Intel, my pockets were never searched. A 4 GB
DAT tape....

Still, none of these examples are reasons to "outlaw" a company's ban
on PGP or any other software produce it doesn't want used. My recent
essay explains this position in more detail.

> I can't think of any real security risks introduced by allowing employees
> the use of encryption, that weren't present already. Certainly none
> mentioned thus far fit the bill. 

Here's an example that inspired my early thinking about crypto, crypto
anarchy, and "BlackNet," back in late 1987: Will companies "allow"
employees to log on to information market services to buy and sell
information? I was evaluating the business plan for the "American
Information Exchange," which later got funding from Autodesk (but
failed, and is now essentially dormant), and had to think about this.

My conclusion: allowing employees access to such a system would be
dangerous. Yes, they could log in at home, but that's no reason to
facilitate "digital moonlighting" on company time. Encryption allows
this to happen even if companies don't wish it to, hence a rationale
for limiting encryption use, or requiring a snoop mode to spot-check
what types of business are being conducted.

(We may not like it, but that's tough. Forbidding a company from
enforcing policies is truly disastrous.)

...
> Although of course I'm not accusing you of suggesting that corporations
> shouldn't have access to good cryptology; you probably wouldn't be 
> on the list if you thought that. I'm not completely sure how different it is
> to say that individuals give up their right to good cryptology upon
> being employed by a corporation, however.

Yes, employees give up various "rights" when they enter into
contracts, or work for companies, etc. (They don't actually give up
the rights per se, the rights just don't apply. I have a "civil right"
to read "Moby Dick," in the sense that the U.S. government cannot ban
it, but this does not mean I have a "right" to read "Moby Dick" while
I'm supposed to be working at Apple!).

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From sameer at c2.org  Sun Jun 19 20:05:39 1994
From: sameer at c2.org (sameer)
Date: Sun, 19 Jun 94 20:05:39 PDT
Subject: MAIL: anon mailing list
In-Reply-To: <9406200003.AA17728@flammulated.owlnet.rice.edu>
Message-ID: <199406200303.UAA08425@infinity.c2.org>


	I'm sorry if I missed the beginning of the thread and am
off-topic:

	(but I may as well promote what I've written anyway =)

	The blind anonymous server that I've written which is running
on omega.c2.org can facilitate the creation of a mailing list for
which all the members are anonymous. The maintainer of the list merely
needs to create an "identity" for the list and add as "paths" back to
the identity encrypted blocks pointing to the people who are
subscribed to the list. (Thus the maintainer of the list doesn't need
to know the email addresses of people subscribed..)
	Mail sent to the list can just be sent to the identity's alias
at omega.c2.org, and if the "spraymode" option is on then mail will go
out to everyone on the list.
	See http://www.c2.org/services/blindserver.html for more
information.

> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> > Has anyone tried to write some mailing list software that uses
> > PGP-anon-remailers to implement a double-blind anon system?
>  
> > a standard mailing list. But has this already been done? It seems
> > like such an obvious idea, that it's hard to believe no one has
> > thought of it first, but I haven't heard of anything so far. Comments?
> 
> Well, Hal Finney offered a service by which people could subscribe to
> an encrypted version of this list... which is something similar.
> 
> Say somebody wants to run a mailing list as you propose.  I think they
> should just run the list at the same address unless the remailers can
> suitably pad, delay, and randomize incoming messages and redirect them
> to the true list site (but then delay and randomization may lead to
> loss of coherency on the list ;).  If not, surely external observation
> of the contact point will show where all the messages are headed.
> 
> The resources needed would be higher than a normal list since each
> incoming message would need to be checked for a digital signature (or
> the list could become victim to an anonymous mail bomber, and you
> can't filter out anonymous remailers since of course everybody is
> using them to submit posts!), encrypted to every other member, and
> remailed.
> 
> Which isn't to say impossible, just maybe impractical for a large
> mailing list.  Take this list, with say 500 members - every incoming
> post digitally signed and arriving via anonymous remailer, and upon
> arrival, checked for a valid signature, encrypted with the public keys
> of the pseudonyms subscribing to the list;), and remailed out...
> 
> This may work if you have a small group of people dedicated to this
> setup, but otherwise, no go.  I mean, most people on this list don't
> even sign their posts, most don't submit via anonymous remailer, etc.
> It would take much work to make it convenient enough to do this.
> 
> I think a higher priority is finding the bug that keeps unsubscribing
> everybody ;)
> 
> Karl Barrus
> klbarrus at owlnet.rice.edu
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6
> 
> iQCVAgUBLgTdeMSF/V8IjI8hAQHeTwQAjDPXzJgrwubLkxq0Kz6ETM7chR4Ci5kG
> XbzWrFc3jwT57xpOfHIeeTTWn73Sls7C5UsFAT1sE4hxHRZO2HG6a7psLRa5/82V
> bhjnW+6KMOByCZb01h4b0toVR+7vF22EzPME0lnlsW+SjBqlAcNYPb+rSnjbnahG
> g9zzaCL6nJ8=
> =1WIZ
> -----END PGP SIGNATURE-----
> 
> -- 
> Karl L. Barrus: klbarrus at owlnet.rice.edu         
> 2.3: 5AD633;   D1 59 9D 48 72 E9 19 D5  3D F3 93 7E 81 B5 CC 32 
> 2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5  E8 97 64 7E 20 95 60 D9
> "One man's mnemonic is another man's cryptography" - K. Cooper
> 


-- 
sameer						Voice:   510-841-2014
Network Administrator				Pager:	 510-321-1014
Community ConneXion: The NEXUS-Berkeley		Dialin:  510-841-0909
http://www.c2.org (or login as "guest")			sameer at c2.org




From khijol!erc  Sun Jun 19 20:43:31 1994
From: khijol!erc (Ed Carp [Sysadmin])
Date: Sun, 19 Jun 94 20:43:31 PDT
Subject: Corporations and Encryption
In-Reply-To: <199406200201.TAA06906@netcom5.netcom.com>
Message-ID: <m0qFZYk-0004EbC@khijol.uucp>


> Finally, all the arguments about there being _other_ ways for
> corporate secrets to leak out are accurate, but beside the point. Of
> course there are, and I have done extensive writing on this (BlackNet,
> information markets, Gibson-style "escrow" of key employees, etc.).
> But that employees can use their home computers to sell corporate
> secrets is somthing they will have to learn to deal with somehow (*),
> not a reason to limit corporations' abilities to set policy in their
> workplaces.
> 
> (*) One possibility, the Gibson scenario mentioned (cf. "Count Zero"),
> is to require key employees in extremely sensitive positions to forego
> access to outside contacts. It may not work very will, and it may be
> distasteful to many or most people, but it's not a violation of "civil
> rights."

Clancy mentioned a scenario that corporations (and others) might be able to
take advantage of - the so-called "Canary Trap".  Instead of identical copies
of a sensitive memo being made, slightly different copies are prepared
instead.  The meaning isn't changed, but the precise wording is, so that if
someone quites verbatim, the precise wording will indicate which document
was leaked, and hence the leaker.  I know for a fact that the United States
and Canada use this for their classified material, at least some of it.

> Along with "democracy," the term "civil rights" is bandied about too
> much and is used to justify entirely too much State intervention.
> Mutually agreed-upon contracts always take precedence over democracy
> and civil rights. 

This is not entirely true, as the courts have ruled that certain contractual
agreements, even when made between consensual parties, may be null and
void, because they go against public policy.  Consider if I contract with
you to kill someone, and at the conclusion of the contract I will pay you
a certain amount of money.  So, you wax the guy, and come to me with his ear
or left testicle or whatever, demanding payment.  I give you the finger, and
instead of putting a .22 hollowpoint between my eyes, you take me to court.
The courts would rule that the contract had no force of law, because it
essentially was a contrat to do something that was against public policy.
Same with illegal "contracts" some companies coerce people into signing as
a condition of employment.  The companies can argue that the employees signed
them of their own free will, but the courts would hold that if the act was
illegal, there can be no binding contract.
-- 
Ed Carp, N7EKG/VE3	ecarp at netcom.com, Ed.Carp at linux.org

"What's the sense of trying hard to find your dreams without someone to share
it with, tell me, what does it mean?"        -- Whitney Houston, "Run To You"




From tcmay at netcom.com  Sun Jun 19 20:53:14 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Sun, 19 Jun 94 20:53:14 PDT
Subject: Corporations and Encryption
In-Reply-To: <m0qFZYk-0004EbC@khijol.uucp>
Message-ID: <199406200353.UAA18425@netcom5.netcom.com>


Ed Carp writes:

> Clancy mentioned a scenario that corporations (and others) might be able to
> take advantage of - the so-called "Canary Trap".  Instead of identical copies
> of a sensitive memo being made, slightly different copies are prepared
> instead.  The meaning isn't changed, but the precise wording is, so that if
> someone quites verbatim, the precise wording will indicate which document
> was leaked, and hence the leaker.  I know for a fact that the United States
> and Canada use this for their classified material, at least some of it.

The "canary trap" is also called "barium" (coined by the KGB). Tagging
is sometimes useful, but can be found by XORing two or more
copies.

> > Along with "democracy," the term "civil rights" is bandied about too
> > much and is used to justify entirely too much State intervention.
> > Mutually agreed-upon contracts always take precedence over democracy
> > and civil rights. 
> 
> This is not entirely true, as the courts have ruled that certain contractual
> agreements, even when made between consensual parties, may be null and
> void, because they go against public policy.  Consider if I contract with

Sure, courts have interfered with contracts. Some of these
interferences I even agree with, slightly (while I'm mostly an
anarchist, I support a few laws).

But my point was a judgement ("entirely too much" is a cue), not a
statement of realpolitik.

...
> The courts would rule that the contract had no force of law, because it
> essentially was a contrat to do something that was against public policy.
> Same with illegal "contracts" some companies coerce people into signing as
> a condition of employment.  The companies can argue that the employees signed
> them of their own free will, but the courts would hold that if the act was
> illegal, there can be no binding contract.

Crypto anarchy means a bypassing of such courts. Money held in escrow,
and reputatable (though anonymous) escrow agents will make such
contracts enforceable by other means.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From bmorris at netcom.com  Sun Jun 19 20:53:33 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Sun, 19 Jun 94 20:53:33 PDT
Subject: DECLINE AND FALL
Message-ID: <199406200353.UAA18558@netcom5.netcom.com>


To: cypherpunks at toad.com

SS> The important issue for Cypherpunks is how we should respond to this
SS> seemingly inevitable increased mobility of capital.  Does it pose a
SS> threat to privacy?

I'd say that those moving the money around the world would be deeply
interested in privacy - their own.  Not necessarily for nefarious
reasons, but to protect the competition from knowing what they are
doing.  A 800-pound gorilla like the Fidelity Magellan Fund takes
elaborate precautions to not alert the market as to what they are buying
and selling.  Thus, I assume, they deeply value their own privacy.

Will the capital moving about the world be hostile to cypherpunks et al?
I doubt it.  Instead, they'll probably cherry-pick the best of crypto
technology and use it for themselves.  Besides, big money generally
isn't thrilled by governments and usually views national boundaries as
an annoyance, a view shared by many on the Net.

 * RM 1.4 B0037 * 
                                                                      





From khijol!erc  Sun Jun 19 20:56:27 1994
From: khijol!erc (Ed Carp [Sysadmin])
Date: Sun, 19 Jun 94 20:56:27 PDT
Subject: Andy Grove on Clipper
In-Reply-To: <199406200230.TAA09568@netcom5.netcom.com>
Message-ID: <m0qFaIr-0004EbC@khijol.uucp>


> > The public slap in the face our agenda received the other day on
> > the crypto export issue should be proof enough that our enemies
> > will accept nothing less than the total surrender of our right to
> > personal privacy.  It's time to stop being nice.  When you go after 
> > the King, you shoot to kill.
> 
> I'm sure there are those scanning this liFrom owner-cypherpunks  Mon Jun 20 01:18:06 1994
Return-Path: <owner-cypherpunks>
Received: by toad.com id AA11875; Mon, 20 Jun 94 01:18:06 PDT
Received: from gw1.att.com by toad.com id AA11869; Mon, 20 Jun 94 01:18:00 PDT
Received: from anchor.ho.att.com by ig1.att.att.com id AA11807; Mon, 20 Jun 94 04:17:35 EDT
Received: by anchor.ho.att.com (bind.920909)
	id AA03886; Mon, 20 Jun 94 04:16:53 EDT
Date: Mon, 20 Jun 94 04:16:53 EDT
From: wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204)
Message-Id: <9406200816.AA03886 at anchor.ho.att.com>
To: pfarrell at netcom.com
Subject: Re: Hardware generators
Cc: cypherpunks at toad.com
Sender: owner-cypherpunks at toad.com
Precedence: bulk

> The problem with the serial port dongles are:
> 
> 3) PCs typically don't have a spare serial port.
> 1) while parallel port dongles are known technology, making it work
> on a serial port is more problematical.

Only if you're trying to share the port with other functions,
like, ummm, modems, which you'll probably want at about the same
time you want your random number generator.  But if you've got a 
spare slot to put a random number generator in, you could just as well
put *it* in the spare slot, and save $20 or whatever the current price
difference between internal and external modems is.  Except for
laptops, where slots are generally not available (except PCMCIA),




From wcs at anchor.ho.att.com  Mon Jun 20 01:21:39 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Mon, 20 Jun 94 01:21:39 PDT
Subject: L.J. Freeh and the Opposition
Message-ID: <9406200820.AA03908@anchor.ho.att.com>



> Check out sunday's _Parade_ magazine for an article on Louis J. Freeh, the
> director of the F.B.I.  "Tough on crime", "man of the streets", and ruthless
> eliminator of directors :-)  If he ever throws his weight behind Clipper, the
> battle will get *MUCH* tougher.

Yeah.  On the other hand, his weight *is* strongly, if quietly,
behind Clipper - he's pushing the Digital Tele-phony Initiative to prevent
the phone companies from offering real crypto, so that if one of them
*does* decide to offer real non-Clipper encrypted service (e.g. cellphones),
they won't be able to.  If he were officially on the side of Clipper,
then the Clipper forces wouldn't be able to say "it's purely voluntary";
for now they can pretend to be totally separate efforts.





From wcs at anchor.ho.att.com  Mon Jun 20 01:28:36 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Mon, 20 Jun 94 01:28:36 PDT
Subject: Position Escrow System
Message-ID: <9406200827.AA03947@anchor.ho.att.com>


But for now, the auxiliary Portable Position Escrow Devices (cellphones,
to mix in the OJ thread) augment the satellite support.
Under no circumstances shoudl citizen-units be permitted to put their
PPEDs in moving vehicles driven by other people; fortunately,
existing littering laws prevent people from tossing their cellphones
into moving pickup trucks, and the forthcoming ban on Gun Transportation
Devices should eliminate pickup trucks before the population as a whole notices.
Meanwhile, plans to restrict citizen-units to their Position Escrow Zones
unless carrying PPEDs are being evaluated, and a cost-benefit analysis
versus enhancing the planned SmartCard systems will be forthcoming.

... And they think we're just working for the Post Office....






From khijol!erc  Mon Jun 20 02:09:15 1994
From: khijol!erc (Ed Carp [Sysadmin])
Date: Mon, 20 Jun 94 02:09:15 PDT
Subject: Having your own computer means never having....
In-Reply-To: <199406200636.CAA04031@dunx1.ocs.drexel.edu>
Message-ID: <m0qFdak-0004EbC@khijol.uucp>


> Actually, Apple has some really good concepts, using AOCE digital
> signatures and products currently out for the corporate environment.  The
> automatic routing of digitally signed forms from one desk to another, with
> the appropriate digital signatures on them, replacing normal forms.  This
> is the kind of thing I think you'll see making cryptographic inroad with
> business.

I think you're right.  The ability to verify a signature that would be
impossible to repudiate is a strong one.  Tamperproof documents that preserve
privacy are all powerful incentives for a company to adopt strong crypto and
DSS.
-- 
Ed Carp, N7EKG/VE3	ecarp at netcom.com, Ed.Carp at linux.org

"What's the sense of trying hard to find your dreams without someone to share
it with, tell me, what does it mean?"        -- Whitney Houston, "Run To You"




From werner at mc.ab.com  Mon Jun 20 04:28:45 1994
From: werner at mc.ab.com (tim werner)
Date: Mon, 20 Jun 94 04:28:45 PDT
Subject: Having your own computer means never having....
Message-ID: <199406201128.HAA06248@sparcserver.mc.ab.com>


>Date: Sun, 19 Jun 1994 22:27:23 -0700
>From: nobody at kaiwan.com (Anonymous)
>carterm at spartan.ac.brocku.ca (Mark Carter) wrote:
>> Beyond that, unrestrained encryption is dangerous to corporations, because
>> what's to stop a ticked off employee from encrypting everything in the
>> office as revenge for some imagined slight?
>
>If he was pissed off and wanted revenge, he would not waste his time
>encrypting it, he could just delete it, and/or steal all remaining copies.

Not necessarily.  One could get in the habit of keeping all one's files
encrypted, decoding only the material that one has to occasionally release
in order to convince one's boss that one is doing productive work on one's
computer.  :-)

Many times when one is fired, one does not have the option of logging in
one last time.  The boss taps you on the shoulder, and escorts you to
human resources.  While you are having your exit interview, the sysadmin
is disabling your account.

For instance, the emacs editor has a mode (see crypt++.el) that
automagically prompts for a decryption key wheneve you open a file that
appears not to be pure text, in case you want to pass it through crypt
before editing it.  Only in the editor's buffer does it ever appear in
decoded form.  On the disk it is always encrypted.

If one got fired unduly, one's former bosses would have to ask for the key.

Of course, the usual reason peopnle get fired is incompetence, so there
may not be anything worthwhile laying around anyway.

tw





From perry at imsi.com  Mon Jun 20 04:59:55 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 20 Jun 94 04:59:55 PDT
Subject: Perry vs. the Math Teacher
In-Reply-To: <940617183828g5fjgostin@eternal.pha.pa.us>
Message-ID: <9406201159.AA05028@snark.imsi.com>



Jeff Gostin says:
> perry at imsi.com (Perry E. Metzger) writes:
> 
> > the result applicable to factoring, I feel rather sad. Its depressing
> > commentary on what cypherpunks has become.
>      Go figger. It's become a haven of learning, where the more learned
> teach those willing to learn,
[...]
>      I've recieved some very nice replies to my earlier question about
> what O(f(x)) meant, including one from you, Mike McNally, Bill O'Hanlon,
> and Douglas Sinclair (thanx guys!! If anyone else sent anything, I haven't
> recieved it yet, but you do have my thanx, in advance!). This only proves
> that there are people who are only too willing to teach if someone shows
> they are willing to listen, and learn.

I was perfectly willing to answer someone asking an honest question.
I've asked many a stupid question myself over the years because I
didn't know a field yet. The point is not that people can't ask
questions or expect polite answers -- its that I resent people who
think that now that they've been handed a rusty saw they know how to
do surgery. You didn't insist that you knew more than other people --
you said you didn't know something so I made an effort to point you at
the answer. I dislike people who are ignorant pretending to themselves
that they know what they don't.

Perry





From perry at imsi.com  Mon Jun 20 05:06:48 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 20 Jun 94 05:06:48 PDT
Subject: Prime magnitude and keys...a ?
In-Reply-To: <199406172325.SAA22491@zoom.bga.com>
Message-ID: <9406201206.AA05037@snark.imsi.com>



Jim choate says:
> > 
> > If you can get the sign of the difference between RSA(your number) and
> > RSA(unknown key), then you can discover (unknown key) in log n time.
> > That implies, due to the nature of RSA, that you can factor in log n
> > time using whatever algorithm it is that makes the determination of
> > the sign of the difference. 
> 
> No, again   it will allow you to find the secret key, it will not 
> provide any information about the factors of that number.

The two are equivalent. Unfortunately, no amount of explanation will
get that into your head. I've revised my thoughts on the matter over
the weekend after scribbling on a pad for a few minutes -- it should
be fairly straightforward to prove that if you can get the private key
given the public key that you can factor arbitrary numbers. (This is
not the equivalent of saying RSA can be broken only by factoring -- it
is possible that there is an algorithm to get the plaintext given the
public key and the ciphertext without first determining the private
key.)

Anyway, no one is interested any more, and most people are likely
quite unhappy to have received so much unwanted flame mail about this,
so I won't reply to Jim any further.


Perry





From nelson at crynwr.com  Mon Jun 20 05:18:38 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Mon, 20 Jun 94 05:18:38 PDT
Subject: Having your own computer means never having....
In-Reply-To: <199406200636.CAA04031@dunx1.ocs.drexel.edu>
Message-ID: <m0qFhPk-000I7WC@crynwr.com>


   Date: Mon, 20 Jun 1994 02:37:42 -0400
   From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder)
   Cc: cypherpunks at toad.com

   What to stop him/her from shredding everything in the office?

Um, because desks don't *fit* in the shredder?  :) Sorry about that,
but this thread *is* becoming a little silly on its own.

-russ <nelson at crynwr.com>      ftp.msen.com:pub/vendor/crynwr/crynwr.wav
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)    | Quakers do it in the light
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From perry at imsi.com  Mon Jun 20 05:50:14 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 20 Jun 94 05:50:14 PDT
Subject: Another Cellular Victim
In-Reply-To: <199406181628.AA06095@srl03.cacs.usl.edu>
Message-ID: <9406201250.AA05130@snark.imsi.com>



"Phil G. Fraering" says:
> I was on a trip out of town a while back... as soon as I crossed
> into another cellular network boundary, I got a call from the
> provider's sales droid, telling me how to use their service. They
> _are_ tracking individual phone movement, IMHO.

Tracking individual phone movement is how cellphones work. Of course
they are tracking you. How else could you get calls?

.pm





From perry at imsi.com  Mon Jun 20 06:19:38 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 20 Jun 94 06:19:38 PDT
Subject: OJ`S CELL PHONE
In-Reply-To: <9406191648.AA02110@vail.tivoli.com>
Message-ID: <9406201319.AA05178@snark.imsi.com>



Mike McNally says:
> It may be that the phone can be "pinged" unbeknownst to the owner, but
> I'm fairly confident that if the phone is shut off, you're safe.  The
> truly paranoid might consider stowing the phone inside some sort of RF
> cage, I guess, or maybe just throw it out the window :-)

Wouldn't it be much simpler to hit the "power" button?

.pm





From gtoal at an-teallach.com  Mon Jun 20 06:36:06 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Mon, 20 Jun 94 06:36:06 PDT
Subject: Didn't anyone note the A5 posting?
Message-ID: <199406201335.OAA08727@an-teallach.com>


Didn't anyone notice that someone posted a putative source code for
the secret A5 algorithm as used in GSM phones?  (It was on sci.crypt
xposted to uk.telecom, on Friday).  Seems someone was going to give
a talk on ways of hacking the algorithm, at some university, and he
got stomped on by CGHQ.  So another guy has come out in sympathy and
posted his reconstruction of the algorithm in C as reverse engineered
from a hardware description he received in a plain brown envelope!

This is *significantly* more of a coup on the net that the NSA handbook.

Now, all I need is for you guys to explain coherently *why* it's a
good coup and what the political implications are, and I'll feed the
story to the UK press.  (I don't think anyone here has it yet...)

G





From paul at poboy.b17c.ingr.com  Mon Jun 20 07:00:44 1994
From: paul at poboy.b17c.ingr.com (Paul Robichaux)
Date: Mon, 20 Jun 94 07:00:44 PDT
Subject: Another Cellular Victim
In-Reply-To: <199406181628.AA06095@srl03.cacs.usl.edu>
Message-ID: <199406201401.AA26935@poboy.b17c.ingr.com>


-----BEGIN PGP SIGNED MESSAGE-----

> I was on a trip out of town a while back... as soon as I crossed
> into another cellular network boundary, I got a call from the
> provider's sales droid, telling me how to use their service. They
> _are_ tracking individual phone movement, IMHO.

> pgf

That's a feature, not a bug.

When your phone hears an ident message broadcast from a cell whose
system ID doesn't match the home system ID, it will emit a "here I am"
message. The foreign cell can be programmed to send a "welcome,
roamer" message, to log the entry into a file, or whatever.

Within individual systems, there's no built-in capability to follow a
phone. For example, the local BellSouth cellular operator can tell
that _right now_ my phone is in the Harvest cell, and it can later
tell that I've moved to the Decatur cell, but it won't automatically
do so unless asked.

- -Paul

- -- 
Paul Robichaux, KD4JZG      | Catch the wave with Mosaic for CLIX! 
perobich at ingr.com           | newprod -n newprod at poboy.b17c.ingr.com
	       Of course I don't speak for Intergraph.

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgWhUqfb4pLe9tolAQGQlAQApdOAdX90mzl4fxHwqukc1rB0vPhfCkUF
AaC3NHULNrcengudDfFeGYuH7+cCGjLRFo27XNGxMeytDcQQVa63snqohi7icsoK
O/yMFDkpxqwyzLxNukCysXLxgkZXt9YMlhXYHi3E3Xcx4fr4VE0ofFNggi2oha9y
dy8jbD8dfHU=
=O4Q/
-----END PGP SIGNATURE-----





From pstemari at bismark.cbis.com  Mon Jun 20 07:16:02 1994
From: pstemari at bismark.cbis.com (Paul J. Ste. Marie)
Date: Mon, 20 Jun 94 07:16:02 PDT
Subject: OJ`S CELL PHONE
In-Reply-To: <9406200150.AA19360@acacia.itd.uts.EDU.AU>
Message-ID: <9406201412.AA04431@focis.sda.cbis.COM>


> The question is whether this polling includes the handset identifying
> itself to the cell.

It has to.  Consider the case of an incoming call.  The system needs
to know which cell to begin transmitting to.

	--Paul





From honey at citi.umich.edu  Mon Jun 20 07:35:08 1994
From: honey at citi.umich.edu (peter honeyman)
Date: Mon, 20 Jun 94 07:35:08 PDT
Subject: OJ`S CELL PHONE
Message-ID: <9406201435.AA17322@toad.com>


a cellular phone that is turned on is in periodic contact with
the local antenna.  certainly the cellular provider knows what
cell a mobile phone is in; that's how calls are directed.  in
fact, anyone can monitor the paging channel to make a primitive
tracking device.  (some folks on this list know much more about
this ... perhaps they'll speak up.)

	peter





From jrochkin at cs.oberlin.edu  Mon Jun 20 08:14:05 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Mon, 20 Jun 94 08:14:05 PDT
Subject: MAIL: anon mailing list
Message-ID: <199406201513.LAA19070@cs.oberlin.edu>


> Say somebody wants to run a mailing list as you propose.  I think they
> should just run the list at the same address unless the remailers can
> suitably pad, delay, and randomize incoming messages and redirect them
> to the true list site (but then delay and randomization may lead to
> loss of coherency on the list ;).  If not, surely external observation
>of the contact point will show where all the messages are headed.
 
Hmm. I'd think that if the list address were an encrypted remailer
path with several hops, it would be non-trivial to find the contact
point by external observation. Would it even be possible?
Regretably, probably so.
 
An additional layer of security could be having the list address underneath
all of the encrypted remailer stuff be an anon address at the server
in Finland.  Although it's probably quite easy to to determine your
true address by external observation of anon.penet.fi, unfortunately.
Still, the combination of chained encrypted remailer paths, and the
finnish anon server would definitely make it dificult to determine
the contact point. But I guess not as dificult as I had hoped.
 
> The resources needed would be higher than a normal list since each
> incoming message would need to be checked for a digital signature (or
> the list could become victim to an anonymous mail bomber, and you
 
Yeah, quite true. It would be impractical for a very large list. 
At least, if you wanted a list with more then maybe 70 members, you'd
need to dedicate some machine to it, probably. Although maybe not; I don't
want to concede that until it's actually tried to see how much proccesing
power is required in practice. :)
 
And yeah, it would take users who were actually committed to doing it,
as most users of _this_ list (including me), don't even sign their 
messages, as you point out. If we won't even sign our messages, then I don't
know who is going to be willing to sign, encrypt, append remailer path, 
to it. Although I guess if the list required it, as it would, then people
might join the list and do the stuff, just for the principle of it. 
And automated shell scripts certainly help. You could have an automated shell
script particularly for the mailing list that took cleartext, encrypted it
to the list, signed it, appended the remailer stuff to the front, and sent
it off to the proper remailer.





From jp at jep.pld.ttu.ee  Mon Jun 20 08:28:12 1994
From: jp at jep.pld.ttu.ee (Jyri Poldre)
Date: Mon, 20 Jun 94 08:28:12 PDT
Subject: PC RND generator based on physical  random
Message-ID: <9406201523.AA21364@jep.pld.ttu.ee>



What you need is natural source of random. I have used clocking
higher speed quarz generator with
lower speed (10 x is ok ) unstable frequency oscillator  
and then taken parity of the result (4-5 bits is enough for most situations, depends of cource on distribution of LF generator values) . Variable Freq. 
oscillator  is RC and higher quarz. Now as we are not willing to 
give up card slot (and PCB board area ands so on ) for just RND generator
maybe it is good to find existing source of random in PC itself. 
So - do we have RC generator in PC? YES. We have 4 of them, to be exact.
Most of us do not make much use of these ports, because most games do not support them correctly. But anyhow, joystick ports are there. IO card costs 10$ if you have not already got one. So I propose scheme for PC RND generator:
1. Make LF generator using Joystick ports
2. Use HF oscilltor of PC clock ( Program Execution, if any interrupts occur,
   it is no problem).
3. Find out the distribution of LF oscillator and calculate the needed Parity
   filter size. 
   ( By parity filter I concider parity values of N last bits)
4. Use it    





From rishab at dxm.ernet.in  Mon Jun 20 08:33:13 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Mon, 20 Jun 94 08:33:13 PDT
Subject: Hardware RNGs
Message-ID: <gate.eaN9Nc1w165w@dxm.ernet.in>


pfarrell at cs.gmu.edu:
> up IRQs, port addresses, etc. Does this suggest that a
> Plug-n-play board would be more attractive?

Just build it, on any platform. The key is the RNG, not the interface, which
can be easily adapted to market demands. I take it that you don't plan to
invest millions of dollars to start up, so _which_ interface you use first
is not crucial ;-)

There have been too many "let's do this" suggestions that degenerate into a
discussion of the smallest details and disappear all together...

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Mon Jun 20 08:33:42 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Mon, 20 Jun 94 08:33:42 PDT
Subject: Neural nets crack RSA? AAARRGHH!
Message-ID: <gate.5LP9Nc1w165w@dxm.ernet.in>


Jim choate <ravage at bga.com>:
> As far as I am concerned if it could be done w/ a neural network, or

Ouch. Neural networks are _deterministic_ (except, possibly, analog VLSI ones
such as Mead's).
Digital neural networks can't do _anything_  that cannot be done by 
algorithms; they run on Turing machines too. Why neural networks are 'magical' 
as Perry says, in certain classes of problems, is that they provide a way to
perform complex algorithmic funtions through a relatively simple interface
to humans.

In any case, how "fuzzy" do you allow your relative magnitude function to be?
Even if a function exists that compares keys with a magnitude difference of
the order of 100 bits, it's useless. For your binary search method to work,
this comparator function would have to be accurate when the difference is on
the order of just 1 bit. 

Yeah, quantum computers ;-)

----------------From owner-cypherpunks  Mon Jun 20 10:33:41 1994
Return-Path: <owner-cypherpunks>
Received: by toad.com id AA20571; Mon, 20 Jun 94 10:33:41 PDT
Received: from src.honeywell.com (moon.src.honeywell.com) by toad.com id AA20548; Mon, 20 Jun 94 10:33:24 PDT
Received: from tbird.src.honeywell.com by src.honeywell.com (4.1/smail2.6.3/SRCv0.25);
	Mon, 20 Jun 94 12:33:26 CDT id AA02136  for cypherpunks at toad.com  at toad.com
Posted-Date: Mon, 20 Jun 94 12:33:15 CDT
Received: by tbird.src.honeywell.com (4.1/SMI-3.2)
	id AA29883; Mon, 20 Jun 94 12:33:15 CDT
Date: Mon, 20 Jun 94 12:33:15 CDT
From: bergstro at src.honeywell.com (Pete Bergstrom)
Message-Id: <9406201733.AA29883 at tbird.src.honeywell.com>
To: cypherpunks at toad.com
Subject: re: MAIL: secure mail
Sender: owner-cypherpunks at toad.com
Precedence: bulk

>>>>> On Sat, 18 Jun 1994 21:05:04 -0500 (CDT), Karl Lui Barrus <klbarrus at owlnet.rice.edu> said:

> What I've tried is to do a "|pgp -feat ecarp|rmail erc%khijol at apple.com",
> but pgp just produces empty files!  If I execute it by hand, it works.
> Anyone know either (1) why it isn't working wnd how to fix it, or (2)
> suggect a better alternative?

> The problem may be this: pgp needs a path.

> Try "| PGPPATH=/whatever pgp -feat ecarp | rmail erc%khijol at apple.com"

> This is what I needed to do when I tried something similar with mh
> and slocal.

Keep in mind that if you have a site that follows CERT advisories,
there are usually restrictions on which programs may be used to filter
mail. My site requires a sysadmin to put an entry in a config file to
allow any filter programs to work at all.

One standard filtering program that works well is procmail. This will
typically be "approved" by default and should keep your (Ed's) admin
from having to be involved in your incoming mail.

Pete









From jamiel at sybase.com  Mon Jun 20 11:00:12 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Mon, 20 Jun 94 11:00:12 PDT
Subject: Stealth Crypto (Was: Re: Andy Grove on Clipper)
Message-ID: <9406201759.AA26312@ralph.sybgate.sybase.com>


At  2:28 AM 06/20/94 -0400, Ed Carp [Sysadmin] wrote:

>I've read about (with interest) the so-called "stealth viruses", and how they
>adapt to their environment - might crypto do the same thing?

There is no way to to translate the idea that I can see. Stealth
viruses work by patching the interrupts that AV programs watch-
(on a PC- Macs and other platforms are conceptually different)
INT 21h, etc. and the file attributes repoting mechanisms
in DOS, and lie. It is hardware specific, and I don't see anyway to
translate the concept to a networked environment in order to fool
'traffic cops.'

I wonder about the mutation engine concept, though...

-j






From B858JT at UTARLVM1.UTA.EDU  Mon Jun 20 11:14:42 1994
From: B858JT at UTARLVM1.UTA.EDU (John A. Thomas)
Date: Mon, 20 Jun 94 11:14:42 PDT
Subject: Hardware RNG's
Message-ID: <9406201814.AA21421@toad.com>


Pat Farrell and others have been discussing hardware random-number
generators.  Since I've built such devices, I thought I'd put in my
opinions.

I used a reverse-biased transistor junction for the noise source.  The
noise is amplified by a three-stage op-amp circuit with about 60 dB of
voltage gain in the passband and a 3-dB bandwith of 10 Hz - 3 KHz.
A spectrum analyzer shows the noise is random, with no frequencies standing
out more than others.

The analog noise feeds an op-amp comparator wired as a zero-crossing
detector.  The output is a logic level which switches randomly, but on
average, on and off about 50% of the time, respectively.  This logic level
gates a 5 MHz TTL oscillator, producing bursts of pulses of random length.
These pulses are counted by an 8-bit counter, producing random 8-bit
numbers.  The outputs of the counter are latched and read through a PC
bi-directional parallel port.  Allowing the slowest changing bit to turn
over 10 times between samples suggests a maximum sampling rate of 1000
bytes/sec.

The chi-square test and the runs tests on these samples show very good
statistical properties.  For large samples (> 100,000 bytes), there seems
to be a slight predominance of "one" bits (e.g.  0.6% difference).  This is
probably due to some factor in the sampling process which I haven't figured
out yet.  Anyway, exclusively-or'ing successive samples together removes
this bias.  I'd appreciate any ideas about this.

I don't know what practical use this device has, except for those who need
one-time pads, but it was fun to hack up and test.

John A. Thomas
b858jt at utarlvm1.uta.edu
75236.3536 at compuserve.com
PGP key available on request





From perry at imsi.com  Mon Jun 20 11:23:39 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 20 Jun 94 11:23:39 PDT
Subject: Hardware RNG's
In-Reply-To: <9406201814.AA21421@toad.com>
Message-ID: <9406201823.AA05581@snark.imsi.com>



"John A. Thomas" says:
> I don't know what practical use this device has, except for those who need
> one-time pads, but it was fun to hack up and test.

I suspect several people around (including me) would buy one if it
could connect to a serial port...

.pm





From jim at bilbo.suite.com  Mon Jun 20 12:13:09 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Mon, 20 Jun 94 12:13:09 PDT
Subject: Crypto export legislation defeated in House Intelligence Cmte.
Message-ID: <9406201911.AA16862@bilbo.suite.com>



> Brief update:  The report is expected tomorrow.  Initial
> news from Intelligence Committee staffers is that the
> crypto provisions of H.R. 3937 were axed with an
> unbelievable 13-0 unanimous vote...
> 



Has the official report been placed online, and if so, where?

Thanks,

Jim_Miller at suite.com





From pcw at access.digex.net  Mon Jun 20 12:23:52 1994
From: pcw at access.digex.net (Peter Wayner)
Date: Mon, 20 Jun 94 12:23:52 PDT
Subject: 
Message-ID: <199406201923.AA15535@access2.digex.net>


>>The cypherpunks mailing list has once again been mysteriously purged.
>
>I've been receiving mail from cypherpunks all morning.
>
>--
>Lefty (lefty at apple.com)
>C:.M:.C:., D:.O:.D:.

I've received nothing. Nada. Zero







From smb at research.att.com  Mon Jun 20 13:01:07 1994
From: smb at research.att.com (smb at research.att.com)
Date: Mon, 20 Jun 94 13:01:07 PDT
Subject: rec.radio.scanner #7670 - Re: OJ's Cellular
Message-ID: <9406202001.AA23637@toad.com>


This article, reposted with permission from rec.radio.scanner, sheds
a bit of light on the topic.

In article <2u47fl$18no at hermes.acs.ryerson.ca>, cal at ee.ryerson.ca (Calvin Henry-Cotnam) writes:
> 
> I just heard an interview on the radio with a representitive from the
> "umbrella group" that represents the cellular industry.  He explained
> how position tracking is done, and stated that call content is not
> involved.  A court order is needed to track position, but another court
> order, presumably one more difficult to get, is needed to intercept the
> conversation.  The location tracking basically locates which cell site
> the call is being picked up by plus monitoring of actual signal strength
> which usually can get to within a mile of the location.

The original poster mentioned that he's not an expert on cellular; the
person he cited is from an ``''umbrella organization'' for the cellular
industry in D.C.





From perry at imsi.com  Mon Jun 20 13:06:08 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Mon, 20 Jun 94 13:06:08 PDT
Subject: mail hacking
Message-ID: <9406202005.AA29324@webster.imsi.com>


Some nice person today decided to hack my mail account at the free
software foundation to assure that all my mail in the world would
bounce. There have beens some complaints recently from others that I
know about similar activities of late. I would say that people should
watch out for this sort of thing.

Perry






From cipher at nemesis.wimsey.com  Mon Jun 20 13:11:43 1994
From: cipher at nemesis.wimsey.com (Stuart Smith)
Date: Mon, 20 Jun 94 13:11:43 PDT
Subject: Andy Grove on Clipper
In-Reply-To: <m0qFcpz-0004EbC@khijol.uucp>
Message-ID: <2e05f20b.nemesis@nemesis.wimsey.com>


> > Not if you use Stealth for PGP which I released a few months ago after
> > persuading "Henry Hastur" to write it. They can't *tell* it' non-compliant
> > crypto. Sophisticated steganography is now needed however, since most noise in
> > the digital domain is not white noise, like a Stealth PGP message would be (or
> > at least different than normal digital noise). But even more so is needed nice
> > Mac and Windows interfaces for the system that you can send to a friend, on a
> > floppy. I suggest a voice mail utility. Then a critical mass is not even
> > needed (security through obscurity). Remember, "Encryption always wins." They
> > can't outlaw noise.
> 
> True, but I think that the <insert name of your favorite spook agency here>
> would have it's hands on any method almost as soon as it hits the streets.
> I'd be interested in getting a copy to play with, but I'm curious - the methods
> to validate that you have a proper message have to be there, anyway, and that
> would seem to be your undoing.  If you have to validate it, it can be scanned
> for -- that's how they find viruses these days, too.  Does your method take
> that into consideration?  I could imagine a future where, like viruses, crypto
> used "adaptive crypto" or "adaptive signatures" to hide itself from detection...

Well, I've played with stealth briefly, along with a few other
interesting utilities, and it does look good.  i.e. there is no
way to validate proper messages.  If you feed
noise/junk/whatever into stealth, it will give you a pgp encoded
message back.  Every picture posted to alt.binaries.pictures.*
could be run through stealth and a pgp file would result.  Find
which ones *really* were pgp files to begin with.. good luck..

What we have to worry about is making sure there is no way to
identify the data that pgp puts out itself.  That is, the
encrypted data and the encrypted IDEA key.  If I gave you random
samples of noise and told you that one of them was an IDEA key
encrypted by an RSA key, you shouldn't be able to pick it out.

-- 
 Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister
shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba
        E7 E3 90 7E 16 2E F3 45   *   28 24 2E C6 03 02 37 5C 
   Stuart Smith                           <stu at nemesis.wimsey.com>





From ghio at cmu.edu  Mon Jun 20 13:54:51 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Mon, 20 Jun 94 13:54:51 PDT
Subject: REMAIL: Remailer that only remails to other remailers
Message-ID: <9406202054.AA24879@toad.com>


One of the problems in convincing people to run remailers is that they don't
want to have to deal with complaints.  Someone posted awhile ago that they
would be willing to run a remailer that would only remail to other remailers.
This would enhance the security of remailer chains while not creating too
many political problems for sensitive sysadmins.  If anyone's still
interested, here's how to do it:

ftp cs.cmu.edu
cd /afs/andrew.cmu.edu/usr12/mg5n/public
get ghio.cp.remailer.tar.gz

This is a copy of the remailer that I run on kaiwan.  gunzip and untar it.
Modify remailer and sendlatents with the proper directory names for your
system.  Now, you need to modify a line at the end of block.c.  Change
  if (match==0) printf("%s",argv[1]);
to
  if (match!=0) printf("%s",argv[1]);

Now it is a pass-address filter instead of a block-address filter.
Now put the addresses that you want the remailer to be able to send to in
blocked.addresses (you can rename the file in the remailer csh script.)
Now create a PGP key for your remailer, set up a .forward file to 'remailer'
and you're all set...





From rah at shipwright.com  Mon Jun 20 14:08:03 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Mon, 20 Jun 94 14:08:03 PDT
Subject: Majordomo
Message-ID: <199406202107.RAA03434@zork.tiac.net>


Was it my breath, or did Majordomo go down again?

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From jya at pipeline.com  Mon Jun 20 14:14:27 1994
From: jya at pipeline.com (John Young)
Date: Mon, 20 Jun 94 14:14:27 PDT
Subject: No Subject
Message-ID: <199406202114.RAA28416@p03.pipeline.com>


How can I check a newly downloaded PGP2.6 to verify that it is 
tamper-free before use and back-up?

John Young





From sandfort at crl.com  Mon Jun 20 14:53:50 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Mon, 20 Jun 94 14:53:50 PDT
Subject: CYPHERPUNK OPERATIVE
Message-ID: <Pine.3.87.9406201401.A11220-0100000@crl3.crl.com>


-----BEGIN PGP SIGNED MESSAGE-----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Okay, somebody needs to fess up.  I *know* someone on the
Cypherpunks Channel is writing about the Clipper Chip and other
crypto-privacy issues for /Expat World/.  I thought I was the
only one who had even heard of this newsletter for expatriates
until I saw some of the crypto articles.

Whoever it is, is doing a great job.  In the June 15 issue, in
the article, "How Big Brother Wants to LIsten, Too," the writer
coined the term "Al Gorewellian."  Gotta love it.

If the writer of these articles is reading this note, please let
us know who you are.  You deserve the recognition.  (If you want
to keep a low profile, how 'bout sending me private e-mail?  I'd
like to discuss some things with you.)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLgYBPU5ULTXct1IzAQEINgQAhzypoIDVoX5bad9Vd8psttmS5ClRbKqr
vNA7L88jallJzrmUL5NZv6SO7NPAFxQzC2bnS2KJv4MpyRFl+ZYIku2cQZfQWShY
3TLUXuqK9HVHED7rCzq3Xq1Kny/fZZ9U74PSLe8fi+L9xsL5Ht0yDEmBYCG3REkv
J0npF+9FCHw=
=xgFs
-----END PGP SIGNATURE-----







From rusty at hodge.com  Mon Jun 20 15:07:33 1994
From: rusty at hodge.com (Rusty Hodge)
Date: Mon, 20 Jun 94 15:07:33 PDT
Subject: Real truth about Cell phone tracking
Message-ID: <199406202207.PAA23750@netcom.netcom.com>


1. Cellular phones "register" (the proper term) themselves whenever they
move into a new cell (the coverage area provided by a base or tower - not
the proper term. They do this by scanning the control channels when the
current one falls below a certian signal strength. If you have cellular
monitoring equipment, you will see the registration confirmations
transmitted on the control channel, complete with the MIN (mobile
identification number, or cellular phone number). The MTSO (mobile
telephone switching office) knows what MINs are registered in each cell at
a given time.

1a. A cellular phone can be "tracked" if it is turned on. It does not have
to be in use.

2. If you are in a fixed position, and your phone is going between service
and no service modes, you are at the edge of coverage area, and some of the
time the control channel is falling below the scan threshold. It then tries
to register with another cell and another until it is successful. It is
scanning control channels when the no service lite is on.

3. There is a test mode defined in the NAMPS standard that causes a phone
to begin transmitting on a designated frequency. And since the mouthpiece
on a cellular phone is not switched off when the phone is on hook, you can
easily bug someone's car this way.

4. Many of the cellular-based vehicle tracking systems only use the
cellular phone to transmit data back to company headquarters, and do not
determine location via triangulation or doppler direction finding
techniques.  These are not reliable enough for moving targets due to all
the RF reflections.  Also, my (limited) experience with doppler-based
triangulation DFing shows how hard it is to DF a modulated FM signal. And
since all cellular phones are transmitting a SAT tone (a 6kHz-ish
supervisory audio tone) all the time, I think this would be very hard to
do.

5. In major metro areas, individual cells cover extremely small areas...
often every mile or two on the freeway, you will see another cell site. So
you know exactly where to send a helicopter to.

6. For under $1000, you can buy a box which hooks up to a PC and controls a
scanner and decodes the cellular control channels (and reverse channel data
too). This includes software for following cellular calls as they hop from
cell to cell, paging requests (get a phones attention), and displaying the
MINs that register in a given cell (or cells, but you need one receiver for
each cell you are monitoring!).

7. From the moment your phone starts ringing, there is an audio path back
to the MTSO. When your phone is ringing, it has been assigned a channel and
is transmitting. Pressing the send button to answer the phone sends a
signal to the MTSO telling the switch to connect the landline to the
channel the phone is on.  This is especially evident on Ericcison switches
(like LA Cellular uses).

--
Rusty Hodge <rusty at hodge.com>







From gtoal at an-teallach.com  Mon Jun 20 17:27:07 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Mon, 20 Jun 94 17:27:07 PDT
Subject: Real truth about Cell phone tracking
Message-ID: <199406202345.AAA11941@an-teallach.com>


: From: Rusty Hodge <rusty at hodge.com>

: 3. There is a test mode defined in the NAMPS standard that causes a phone
: to begin transmitting on a designated frequency. And since the mouthpiece
: on a cellular phone is not switched off when the phone is on hook, you can
: easily bug someone's car this way.

Woo! Built-in infinity-transmitter mode!  (Just like ISDN actually)

: 6. For under $1000, you can buy a box which hooks up to a PC and controls a
: scanner and decodes the cellular control channels (and reverse channel data
: too). This includes software for following cellular calls as they hop from
: cell to cell, paging requests (get a phones attention), and displaying the
: MINs that register in a given cell (or cells, but you need one receiver for
: each cell you are monitoring!).

These are selling on the black market over here in Britain for 3 or 4 K
pounds.  People who buy them use them to close phones, then sell time on the
cloned phone over a weekend before it's discovered.

G





From grendel at netaxs.com  Mon Jun 20 17:34:13 1994
From: grendel at netaxs.com (Michael Handler)
Date: Mon, 20 Jun 94 17:34:13 PDT
Subject: List wiped AGAIN?
Message-ID: <Pine.3.89.9406202010.A2490-0100000@access.netaxs.com>



	I thought it had been a little quiet... then I saw the subscriber 
list. Any idea *why* this keeps happening?

--------------------------------------------------------------------------
Michael Brandt Handler                                <grendel at netaxs.com> 
Philadelphia, PA                            PGP v2.6 public key on request
Boycott PSI, Inc. & Canter & Siegel    <<NSA>> 1984: We're Behind Schedule






From claborne at microcosm.sandiegoca.NCR.COM  Mon Jun 20 18:25:44 1994
From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris at ScrippsRanc)
Date: Mon, 20 Jun 94 18:25:44 PDT
Subject: Crypto export legislation defeated in House Intelligence Cmte.
Message-ID: <2E064042@microcosm.SanDiegoCA.NCR.COM>




> So much for lobbying.
>
> Look, something is going on here that doesn't meet the eye. Nothing is
> ever unanimous in Washington. These guys were told something by somebody
> that caused them to vote like this. You can bet it had nothing to do with
> terrorists, drug pushers, or pedophiles. Why don't you expend
> some effort to find out what they were told and by whom so we could learn
> what this issue is really about because it is NOT about "national 
security".
>

   Think about it...  If you've had the ability to listen to any voice or 
e-mail traffic you felt like with a simple telco set or inexpensive computer 
any time, anywhere you felt like, wouldn't you put up a fight?

   It's like trying to take a gun from a NRA member.  Once you have a 
freedom to do something you aren't going to give up easy.  It's only going 
to be more difficult since NSA, and other three letter orgs are part of the 
government.

   Our metro-police, FBI, CIA, XXX, have been able to tap phone and e-mail 
(illegally or with court permission, or in the name of "national security") 
as easy as plugging in a toaster.   Once citizens start using crypto 
systems, these three letter orgs are going to have to work for a living. 
 OK, so a crook is using crypto in his communications.  Most are so stupid, 
getting the keys won't be that hard and even better... the crook will still 
think his comm link is secure.  I'll stop here with my arguments for 
dropping the barriers to crypto.

   For NSA, finding the right string to pull is probably real easy.  The 
only thing we can do is continue to apply pressure at all fronts.  Educating 
the general public is on one front.  EFF has other fronts.

                                        ...  __o
                                       ..   -\<,
chris.claborne at sandiegoca.ncr.com      ...(*)/(*).      CI$: 76340.2422
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.






From gbe at netcom.com  Mon Jun 20 23:33:34 1994
From: gbe at netcom.com (Gary Edstrom)
Date: Mon, 20 Jun 94 23:33:34 PDT
Subject: Beware of Roman Catholic Corruption
Message-ID: <199406210633.XAA22065@netcom4.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

> Don't let them lure you into following them into Hell.  The 1611 
> Authorized (King James) Version of the Holy Bible is the only book 
> that God ever wrote.  All other alleged translations are frauds 
> written by the Devil himself.

So what version of the scriptures did Jesus quote from?

Gary B. Edstrom          | Sequoia Software     | PGP fingerprint:
Internet: gbe at netcom.com | Programming Services | 2F F6 1B 28 6E A6 09 6C
CompuServe: 72677,564    | P.O. Box 9573        | B0 EA 9E 4C C4 C6 7D 46
Fax: 1-818-247-6046      | Glendale, CA 91226   | Key available via finger
What is PGP?  Subscribe to alt.security.pgp and find out!


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgaIwkHZYsvlkKnJAQHfJAP+NBbcCDGzobs2IKuBCro9+Cka9VtMrbqi
NQY1SZRv6ZMUb7UwF5dd6J0rPJCwjzs9bLNWDxG643BHww0LWlc8+jfw0N6eZX7U
jYeso6+jKwSA3+sVfygyI5WTOUe5dUqFQfzHuxDFzZrgej3eejLw16WiwuCRpViL
sk345Pw5dQQ=
=SlzJ
-----END PGP SIGNATURE-----






From wcs at anchor.ho.att.com  Mon Jun 20 23:56:10 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Mon, 20 Jun 94 23:56:10 PDT
Subject: Having your own computer means never having....
Message-ID: <9406210653.AA24992@anchor.ho.att.com>


> >Beyond that, unrestrained encryption is dangerous to corporations, because
> >what's to stop a ticked off employee from encrypting everything in the office
> 
> What to stop him/her from shredding everything in the office?  This is a
> personnel/legal problem; there's nothing special about the use of
> cryptography (except that it might be reversable).

Reversability is the main difference - the disgruntled fired ex-sysadmin
can encrypt everything and promise to restore it for big bucks plus amnesty.
On the other hand, hiding the backup tapes and shredding everything is
relatively reversable as well, and has the advantage that you can
threaten to sell it to the competitors, so it's not much different.

When I was an undergrad, an ex-sysadmin left the University,
and a week or so after he was gone, the database system announced
that it would self-destruct in a week.  They had to keep the system
shut down for a couple of weeks and change the system clock while
they hunted for the time-bomb, and the same sort of thing could be
done in many modern systems without crypto, though crypto makes it easier.





From hugh at ecotone.toad.com  Tue Jun 21 03:14:39 1994
From: hugh at ecotone.toad.com (Hugh Daniel)
Date: Tue, 21 Jun 94 03:14:39 PDT
Subject: ADMIN: MajorDomo Meltdown
Message-ID: <9406211012.AA17701@ecotone.toad.com>


  Humm, seems as I have my work cut out for me tonight, as majordomo
zeroed out the list again and is having problems with it's temp files
(filling up a second disk here at toad.com).
  Eric Hughes and I freed up 15 megs on the disk where majordomo keeps
the cypherpunks list, and I tought that would give me the time to do
the fix right (and speend the weekend not hacking...).  Turns out that
the disk filled up again tonight, this time with 12+ megs of bounce
messages from Cypherpunks subscribers durring the last 9 days.
  Seems we have some major problems to solve still with the basic mail
list technology.
  I have 11 hours to make a major meeting, so I am going to go back to
hacking the software and see how much I can get running tonight.
  I will install a backup from a few days ago, some of you will have
duplacates that we will have to remove yet again, sigh, thats the way
it goes.
  If you have futher questions or problems, please contact me.

		||ugh Daniel
		Muchtimes Postmaster
		hugh at toad.com





From John.Schofield at f903.n102.z1.fidonet.org  Tue Jun 21 03:24:38 1994
From: John.Schofield at f903.n102.z1.fidonet.org (John Schofield)
Date: Tue, 21 Jun 94 03:24:38 PDT
Subject: Keep Out--The Journal of Electronic Privacy
Message-ID: <5124.2E06B196@mcws.fidonet.org>



rr> About "Keep Out": you might want to be more precise in your blurbs.  As
rr> things stand, I'm leery of trusting anything I might see in
rr> your journal.

rr> RSA is not broken, as far as I know.  If you have verifiable details that
rr> it has, that'll be quite a scoop.  If you meant to say "the _factoring_ of
rr> RSA-129," well, you should have said that instead.

My apologies to the net.  RSA is certainly not broken, and I was aware of that
when this press release was written.  My word choice was sloppy.  In the
article, the information comes from people I have interviewed who have direct,
first-hand knowledge of the effort--people like Arjen Lenstra, who wrote the
software that made the factoring possible.

rr> >        *  An interview with Phil Zimmermann, including his thoughts on
rr> privacy in the digital age, export controls on cryptography, the
rr> copyright on RSA (the algorithm used in PGP), and information on his
rr> struggle with US Customs over exporting PGP

rr> A publisher, of all people, really needs to understand what a copyright
rr> is.  Note that we cannot copyright ideas, only our expression of those
rr> ideas.  Referring to a copyright on "the algorithm used in PGP" is
rr> nonsense.  Instead, PKP holds licensing rights to a system _patent_ on
rr> using RSA to perform public key encryption.

Again, I used sloppy language.  And again, my apologies.

This is certainly not the last mistake I will make.  There will be errors in
Keep Out.  However, I will do my damndest to make sure Keep Out remains as
accurate and unbiased as it can be.

And when I make mistakes, I trust Cypherpunks to let me know about them, so I
don't repeat the mistakes.  It's a damn sure bet I won't be making these two
errors again!

--John Schofield
--  
: John Schofield - via mcws.fidonet.org - Public Access (213)256-8371
: ARPA/INTERNET: John.Schofield at f903.n102.z1.fidonet.org
: UUCP: ...!cheshire!mcws!903!John.Schofield
: Compu$erve: >internet:John.Schofield at f903.n102.z1.fidonet.org





From hugh  Tue Jun 21 05:32:14 1994
From: hugh (Hugh Daniel)
Date: Tue, 21 Jun 94 05:32:14 PDT
Subject: ADMIN: Test message
Message-ID: <9406211232.AA07601@toad.com>


  This should only be goin to the list maintainers.

		||ugh Daniel





From hugh  Tue Jun 21 05:36:29 1994
From: hugh (Hugh Daniel)
Date: Tue, 21 Jun 94 05:36:29 PDT
Subject: ADMIN: Test message
Message-ID: <9406211236.AA07652@toad.com>


  Something is broken with the full list, and it seems that I have to waste
everybodys bandwidth to figure it out... not good.  My apologies.

		||ugh Daniel
		Sometimes Postmaster
		hugh at toad.com





From jgostin at eternal.pha.pa.us  Tue Jun 21 05:51:07 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Tue, 21 Jun 94 05:51:07 PDT
Subject: (None)
Message-ID: <940618160035w4yjgostin@eternal.pha.pa.us>


tcmay at netcom.com (Timothy C. May) writes:

> And an even better solution is for folks to have their own private
> machines and access to one of the cheap Internet service providers
> springing up all around. Then they won't have to worry about their
> corporations "snooping" in their e-mail files. Or restricting them
> about using PGP or other crypto.
     Isn't Cleveland Freenet still giving out freebie accounts? If they
are, that's a good place to start.

> Having your own computer means never having to say you're sorry.
     That's why I have my own computer and net.access. I'm the only admin
making silly rules now! :-)

> (I fear laws telling corporations they *can't* snoop as much as I fear
> Clipper. The reasons are obvious, to me at least, and I can expand on
> this point if anyone's really interested.)
Me too, don't worry. :-)

                                   --Jef
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From jgostin at eternal.pha.pa.us  Tue Jun 21 05:51:10 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Tue, 21 Jun 94 05:51:10 PDT
Subject: (None)
Message-ID: <940618155354t9Pjgostin@eternal.pha.pa.us>


"Phil G. Fraering" <pgf at srl.cacs.usl.edu> writes:

> I was on a trip out of town a while back... as soon as I crossed
> into another cellular network boundary, I got a call from the
> provider's sales droid, telling me how to use their service. They
> _are_ tracking individual phone movement, IMHO.
     Not just IMHO... They are tracking individual phone movement. I know
this for fact. What happens is this: When you are out driving, your phone
is constantly checking the local zone for strength. When the strength goes
down, or signal quality is too low, it scans for a new zone. Then it "logs
in" to the new zone while "logging out" of the old zone.

     Big cities, like LA, have ALOT of zones, none of which are all that
big. By knowing which zone one is in, one is leaving, and one is entering,
it is very easy to determine where someone is, especially if that zone
tracks along a major highway. Then, it's just a matter of time until he's
found.

                                             --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From khijol!erc  Tue Jun 21 05:55:38 1994
From: khijol!erc (Ed Carp [Sysadmin])
Date: Tue, 21 Jun 94 05:55:38 PDT
Subject: ADMIN: MajorDomo Meltdown
In-Reply-To: <9406211012.AA17701@ecotone.toad.com>
Message-ID: <m0qG5Fb-0004JTC@khijol.uucp>


-----BEGIN PGP SIGNED MESSAGE-----

>   Humm, seems as I have my work cut out for me tonight, as majordomo
> zeroed out the list again and is having problems with it's temp files
> (filling up a second disk here at toad.com).
>   Eric Hughes and I freed up 15 megs on the disk where majordomo keeps
> the cypherpunks list, and I tought that would give me the time to do
> the fix right (and speend the weekend not hacking...).  Turns out that
> the disk filled up again tonight, this time with 12+ megs of bounce
> messages from Cypherpunks subscribers durring the last 9 days.
>   Seems we have some major problems to solve still with the basic mail
> list technology.
>   I have 11 hours to make a major meeting, so I am going to go back to
> hacking the software and see how much I can get running tonight.
>   I will install a backup from a few days ago, some of you will have
> duplacates that we will have to remove yet again, sigh, thats the way
> it goes.

Reminds me of the old saying, "if builders built buildings the way 
programmers wrote programs, the first woodpecker that came along would 
destroy civilization."  I won't start on my rant as to this is one major 
reason I hate shell scripts... no, I'll keep my big fly-trap shut (for 
once)...
- -- 
Ed Carp, N7EKG/VE3	ecarp at netcom.com, Ed.Carp at linux.org

"What's the sense of trying hard to find your dreams without someone to share
it with, tell me, what does it mean?"        -- Whitney Houston, "Run To You"

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgbhkiS9AwzY9LDxAQHwNgP9H5b7D1+AhJw6v2gFPzf4pA8DYWMx7Mxe
HBIMi5dE8EDmZjq5Li8eRYx7AtXgPNjN87glPe0UgK7PXSJr4VkeGyXCcbvsdiKe
3gS6Wjuig21Z4NKpunCzo1FvwzibWIRta/bQHO6etKlLFEao9ogIgtNq28xlXX3O
+gqlV30QgRI=
=l5QM
-----END PGP SIGNATURE-----




From jgostin at eternal.pha.pa.us  Tue Jun 21 06:49:46 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Tue, 21 Jun 94 06:49:46 PDT
Subject: (None)
Message-ID: <940619205034a4rjgostin@eternal.pha.pa.us>


carterm at spartan.ac.brocku.ca (Mark Carter) writes:

> Encryption as a weapon is something that's not often talked about, despite
> the fact that everyone's always rambling about how valuable information
> is...
     If you have backups and keep paper trails like any serious company,
this is merely inconvenient and annoying.

> The arguments for restraining encryption in corporate situations can
> go on and on... just as the arguments for encouraging private encryption
> can go on and on.
     This argues similiarly to the gun control argument. Encryption, like
guns, are a tool. When used responsibly, tools don't cause problems. When
used irresponsibly, problems occur. Responsible use of encryption is for
privacy. Irresponsible use is for some damaging purpose.


                                        --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From werner at mc.ab.com  Tue Jun 21 06:57:37 1994
From: werner at mc.ab.com (tim werner)
Date: Tue, 21 Jun 94 06:57:37 PDT
Subject: freenet
Message-ID: <199406211357.JAA14113@sparcserver.mc.ab.com>


>From: Jeff Gostin <jgostin at eternal.pha.pa.us>
>Date: Sat, 18 Jun 1994 16:00:35 EST

>Isn't Cleveland Freenet still giving out freebie accounts? If they
>are, that's a good place to start.

Yes and no.  All you really get is usenet and email.  Plus irc, I think,
although I have never used that.  You can't telnet or ftp out, although you
can telnet or ftp in.  Your disk space is limited to 2meg, and all your
files expire every 2 or 3 days.

As I recall, you have to receive a letter from them with your password, so
they know at least your address (no PO box, I think, not sure, been too
long), and they require you to use your real name.  They're actually pretty
cool, but they have a couple of rules about abusing the account.  They do
carry all the Usenet groups.

Also, there are times when it is impossible to log in.  Many times, when
you do get in, the response time is unacceptable.

Still, it's better than nothing.  Especially if you have no other way to
get alt.binaries.pictures.tasteless.

tw
















From nobody at shell.portal.com  Tue Jun 21 07:15:17 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Tue, 21 Jun 94 07:15:17 PDT
Subject: Beware of Roman Catholic Corruption
Message-ID: <199406211416.HAA22421@jobe.shell.portal.com>


Ralph.Stokes at f1611.n375.z1.fidonet.org (Ralph Stokes) Spammed thusly:

> Beware of the Satanic conspiracy of the WHORISH Roman Catholic Church.  The
> Pope and his puppets have attempted to infiltrate and subvert the
> Protestant Christian church using corrupt modern translations of the Bible.
> These are nothing more than religious filth that have spewed forth from the
                                                        ^^^^^^
> deceitful pens of Satan-inspired men in league with the Vatican.

Intersting word, "spewed".  It's a synonym for "vomited".  If you'd get 
your head out of your ass and out of the 17th century, you'd realize that 
the slang expression "to Ralph" also refers to vomiting.  And that's 
exactly what you've done all over the Internet, RALPH!

--- piss-ass stuff deleted ---


> Don't let them lure you into following them into Hell.
                                                   ^^^^
Like any fire, it would require STOKing, would it not?  Gee, you were sort 
of appropriately named, weren't you?  When somebody asks what your job is
in Hell, it can be said Ralph stokes.

--- more ass dung nuked ---

> For further information regarding this damnable Satanic conspiracy, contact
> me:
> 
>     Ralph Stokes, sysop                 King James Bible BBS, Millbrook, AL
>     Internet address: ralph.stokes at f1611.n375.z1.fidonet.org
>     Fidonet address: Ralph Stokes (1:375/1611)
>     BBS #: (205) 285-5948

Those who have endured your incessant blathering over in Fido land tell me 
that you've said a few quotable things, such as "G-d is a Devil", "El 
Shaddai is Satan", and "all the words in the King James Bible are God's 
pure words, including 'pisseth', 'ass', 'bastard', and 'dung'".  Therefore, 
I've tried to avoid "profanity" in my response and use only the words that 
you consider "pure".  Thus' let me say, "Pisseth upon thy ass, thou bastard 
who eateth dung".

May your wife (if you can even attract/keep one) "Bobbitize" you.  Can I 
recommend a good doctor?  Kevorkian!

Go thou and fornicate thyself.  Thou shalt not "Spam" the Internet/Usenet!  
Go back and play in the Fidonet sandbox until you learn how to play nicely 
with the big kids...






From dwomack at runner.utsa.edu  Tue Jun 21 08:22:14 1994
From: dwomack at runner.utsa.edu (David L Womack)
Date: Tue, 21 Jun 94 08:22:14 PDT
Subject: DE-crypting (trivial case)
Message-ID: <9406211522.AA12298@runner.utsa.edu>


Fellow C'punks:

I was wondering if anyone knew of software that
does decryption of weakly encrypted messages,
i.e., similar to ROT13, but perhaps ROT(x) where
0<x<26?  Or maybe a bit more sophisticated, but
not even at the single DES level?

Also...anyone know of any histogram software?
i.e., I input a file, it counts how many
letters of each type, and outputs it in a
table and/or a graph?

If not, I'll have to (horrors!) write code!

Kindest regards,

Dave




From perry at imsi.com  Tue Jun 21 08:42:58 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 21 Jun 94 08:42:58 PDT
Subject: DE-crypting (trivial case)
In-Reply-To: <9406211522.AA12298@runner.utsa.edu>
Message-ID: <9406211542.AA08068@snark.imsi.com>



David L Womack says:
> Fellow C'punks:
> 
> I was wondering if anyone knew of software that
> does decryption of weakly encrypted messages,
> i.e., similar to ROT13, but perhaps ROT(x) where
> 0<x<26?  Or maybe a bit more sophisticated, but
> not even at the single DES level?

Between Caesar ciphers and DES lies an enormous range of encryption
systems -- much as an enormous range of transport options lie between
crawling on hands and knees and flying a space shuttle. Single DES is
an extremely sophisticated encryption system -- its just a bit out of
date. Breaking Caesar ciphers can be done by hand by a child with no
knowledge of statistics. Breaking the traffic from an M209 is quite
doable, but not exactly something you could explain in five minutes to
someone, or even necessarily an hour.

> Also...anyone know of any histogram software?
> i.e., I input a file, it counts how many
> letters of each type, and outputs it in a
> table and/or a graph?

You can write that yourself in about three or four minutes in PERL.
Just keep an array of N elements corresponding to each of the ASCII
codes (or whatever) and count. Its between four and fifteen lines,
depending on how fancy you want to get with the printout.

> If not, I'll have to (horrors!) write code!

Probably good for your soul.

Perry





From lefty at apple.com  Tue Jun 21 09:11:15 1994
From: lefty at apple.com (Lefty)
Date: Tue, 21 Jun 94 09:11:15 PDT
Subject: (None)
Message-ID: <9406211610.AA28536@internal.apple.com>


>> I was on a trip out of town a while back... as soon as I crossed
>> into another cellular network boundary, I got a call from the
>> provider's sales droid, telling me how to use their service. They
>> _are_ tracking individual phone movement, IMHO.
>     Not just IMHO... They are tracking individual phone movement. I know
>this for fact. What happens is this: When you are out driving, your phone
>is constantly checking the local zone for strength. When the strength goes
>down, or signal quality is too low, it scans for a new zone. Then it "logs
>in" to the new zone while "logging out" of the old zone.
>
>     Big cities, like LA, have ALOT of zones, none of which are all that
>big. By knowing which zone one is in, one is leaving, and one is entering,
>it is very easy to determine where someone is, especially if that zone
>tracks along a major highway. Then, it's just a matter of time until he's
>found.

Forgive my ignorance, since I've always viewed cellular phones as being
overpriced toys, but if the cellular network _didn't_ track the location of
a given phone how could it route incoming calls to it?  Some friends who
were visiting from New Mexico this weekend told me they had to inform their
service provider of where they were going to be so they could receive calls
on their cellular phone.

We've played with wireless mobile networking around here, and routers need
to keep track of individual nodes as they move around.  Are cellular phones
different?  Am I missing something here?


--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From cort at ecn.purdue.edu  Tue Jun 21 09:17:12 1994
From: cort at ecn.purdue.edu (cort)
Date: Tue, 21 Jun 94 09:17:12 PDT
Subject: DE-crypting (trivial case)
In-Reply-To: <9406211522.AA12298@runner.utsa.edu>
Message-ID: <199406211616.LAA06569@en.ecn.purdue.edu>


> I was wondering if anyone knew of software that
> does decryption of weakly encrypted messages,
> i.e., similar to ROT13, but perhaps ROT(x) where
> 0<x<26?  Or maybe a bit more sophisticated, but
> not even at the single DES level?

There is stuff to be had.  Look on the ftp sites (especially ripem.
msu.edu).

crypt200 by John K. Taber helps solve transposition and substitution
ciphers.

> Also...anyone know of any histogram software?
> i.e., I input a file, it counts how many
> letters of each type, and outputs it in a
> table and/or a graph?

Again, lots of statistics gathering software in the crypt directories
lying around the internet.

> If not, I'll have to (horrors!) write code!

I have examined a couple of these software packages and found some
of them very powerful.  However, all I have seen are interactive.
I want a pipe (ciphertext in; plaintext out).  This is completely
feasible for large classes of substitution/transposition ciphers.

I have ideas and _some_ code.

Some of the concepts to look for include isomorphisms and cross
reduction.

Good luck!

Cort.




From jim at bilbo.suite.com  Tue Jun 21 09:49:27 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Tue, 21 Jun 94 09:49:27 PDT
Subject: something I've always wondered
Message-ID: <9406211648.AA06523@bilbo.suite.com>




Does DES (or name your favorite encryption algorithm) produce as output  
all possible cyphertexts of length L, given all possible conbinations of  
keys and plaintexts of length L?

Since there are more combinations of key and plaintext than there are  
possible cyphertexts outputs of length L, you know there must be some  
combinations of key and plaintext that produce the same cyphertext.

Just curious,

Jim_Miller at suite.com





From perry at imsi.com  Tue Jun 21 10:00:09 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 21 Jun 94 10:00:09 PDT
Subject: something I've always wondered
In-Reply-To: <9406211648.AA06523@bilbo.suite.com>
Message-ID: <9406211659.AA00383@snark.imsi.com>



Jim Miller says:
> Does DES (or name your favorite encryption algorithm) produce as output  
> all possible cyphertexts of length L, given all possible conbinations of  
> keys and plaintexts of length L?

DES defines a family of fucntions defined by the keys, call them E_k,
that map the 64 bit integers one to one into the 64 bit integers. That
is, no two plaintexts produce the same cyphertext. Therefore, you
don't need all possible combinations of keys -- any key will produce
all possible cyphertexts if you chain through all possible plaintexts.

> Since there are more combinations of key and plaintext than there are  
> possible cyphertexts outputs of length L, you know there must be some  
> combinations of key and plaintext that produce the same cyphertext.

Given any two distinct keys, k_1 and k_2, it is pretty much guaranteed
that there are at the very least plenty of cyphertexts C_1=E_k_1(P_1)
such that there is a C_2=E_k_2(P_2) with C_1 = C_2 and P_1 != P_2.

Perry





From sinclai at ecf.toronto.edu  Tue Jun 21 10:01:07 1994
From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N)
Date: Tue, 21 Jun 94 10:01:07 PDT
Subject: something I've always wondered
In-Reply-To: <9406211648.AA06523@bilbo.suite.com>
Message-ID: <94Jun21.130047edt.16588@cannon.ecf.toronto.edu>


> Does DES (or name your favorite encryption algorithm) produce as output  
> all possible cyphertexts of length L, given all possible conbinations of  
> keys and plaintexts of length L?
> 
> Since there are more combinations of key and plaintext than there are  
> possible cyphertexts outputs of length L, you know there must be some  
> combinations of key and plaintext that produce the same cyphertext.

Of course.  Take some random bytes.  Decrypt them with two different
keys.  You will end up with two plaintexts that when encrypted with
different keys make the same cyphertext.  The problem is finding
two plaintexts that make sense which encrypt to the same cyphertext.





From snyderra at dunx1.ocs.drexel.edu  Tue Jun 21 10:19:08 1994
From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder)
Date: Tue, 21 Jun 94 10:19:08 PDT
Subject: Having your own computer means never having....
In-Reply-To: <9406210653.AA24992@anchor.ho.att.com>
Message-ID: <199406211717.NAA22170@dunx1.ocs.drexel.edu>


-----BEGIN PGP SIGNED MESSAGE-----

bill.stewart at pleasantonca.ncr.com +1-510-484-6204 scribbles:

> > >Beyond that, unrestrained encryption is dangerous to corporations, because
> > >what's to stop a ticked off employee from encrypting everything in the office
> > 
> > What to stop him/her from shredding everything in the office?  This is a
> > personnel/legal problem; there's nothing special about the use of
> > cryptography (except that it might be reversable).

> Reversability is the main difference - the disgruntled fired ex-sysadmin
> can encrypt everything and promise to restore it for big bucks plus amnesty.
> On the other hand, hiding the backup tapes and shredding everything is
> relatively reversable as well, and has the advantage that you can
> threaten to sell it to the competitors, so it's not much different.

OK.  What's to stop this irked employee from simply *taking*
everything?  I just don't see how encryption has any special
significance here.

In either case, the person would probably find themselves in the
middle of some fairly big criminal and civil litigation.

> When I was an undergrad, an ex-sysadmin left the University,
> and a week or so after he was gone, the database system announced
> that it would self-destruct in a week.  They had to keep the system
> shut down for a couple of weeks and change the system clock while
> they hunted for the time-bomb, and the same sort of thing could be
> done in many modern systems without crypto, though crypto makes it easier.

I'm still not sure how it makes it easier.  If you're a programmer,
it's probably easier to insert a trapdoor than to set up some kind of
encryption to take place after the fact.  If you are just hiding data,
taking it is as effective and encrypting it.  Safer, in fact, because
it wouldn't be open for cryptographic attack.

The only real use I could see is getting data out of a company to a
competetor, and if security is lax enough to let encrypted email out,
it's probably lax enough to walk out with a 8mm tape and 5+ GB of
data.

Bob

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgcgguS0CjsjWS0VAQH6sQP/Wc1aWslwUYyLwQvKtpkXda2qqrjc9D70
PWx4FRwT+j1lXSGQvel3Aq+KDzW93qtCpEk7ugZCKssDiM4y/lZ0408CQVVSmccj
jLEYbGrxP8/DIl9aT4mc6u4hU+UsJdT9fMLCMlplux0quUILOdg0JBRIdCb5pLii
ibUgPkgL01A=
=RGOW
-----END PGP SIGNATURE-----




From jamiel at sybase.com  Tue Jun 21 10:20:50 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Tue, 21 Jun 94 10:20:50 PDT
Subject: OJ's cellphone again (Bay Area Article)
Message-ID: <9406211627.AB15658@ralph.sybgate.sybase.com>


The San Francisco Chronicle has an article on the front
page about cellphone tapping/snooping as a tie in to the
O J Simpson case. No time for comment or retyping, just
providing a pointer.

-j







From sandfort at crl.com  Tue Jun 21 11:04:34 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 21 Jun 94 11:04:34 PDT
Subject: CYPHERPUNK OPERATIVE
Message-ID: <Pine.3.87.9406211029.A19702-0100000@crl3.crl.com>


C'punks,

Apologies to those who saw this, but most missed it due to the 
loss of the list yesterday.

-----BEGIN PGP SIGNED MESSAGE-----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

Okay, somebody needs to fess up.  I *know* someone on the
Cypherpunks Channel is writing about the Clipper Chip and other
crypto-privacy issues for /Expat World/.  I thought I was the
only one who had even heard of this newsletter for expatriates
until I saw some of the crypto articles.

Whoever it is, is doing a great job.  In the June 15 issue, in
the article, "How Big Brother Wants to LIsten, Too," the writer
coined the term "Al Gorewellian."  Gotta love it.

If the writer of these articles is reading this note, please let
us know who you are.  You deserve the recognition.  (If you want
to keep a low profile, how 'bout sending me private e-mail?  I'd
like to discuss some things with you.)


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLgYBPU5ULTXct1IzAQEINgQAhzypoIDVoX5bad9Vd8psttmS5ClRbKqr
vNA7L88jallJzrmUL5NZv6SO7NPAFxQzC2bnS2KJv4MpyRFl+ZYIku2cQZfQWShY
3TLUXuqK9HVHED7rCzq3Xq1Kny/fZZ9U74PSLe8fi+L9xsL5Ht0yDEmBYCG3REkv
J0npF+9FCHw=
=xgFs
-----END PGP SIGNATURE-----








From gbe at netcom.com  Tue Jun 21 11:07:40 1994
From: gbe at netcom.com (Gary Edstrom)
Date: Tue, 21 Jun 94 11:07:40 PDT
Subject: Beware of Roman Catholic Corruption
Message-ID: <199406211758.KAA04964@netcom13.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

> Don't let them lure you into following them into Hell.  The 1611 
> Authorized (King James) Version of the Holy Bible is the only book 
> that God ever wrote.  All other alleged translations are frauds 
> written by the Devil himself.

So what version of the scriptures did Jesus quote from?

Gary B. Edstrom          | Sequoia Software     | PGP fingerprint:
Internet: gbe at netcom.com | Programming Services | 2F F6 1B 28 6E A6 09 6C
CompuServe: 72677,564    | P.O. Box 9573        | B0 EA 9E 4C C4 C6 7D 46
Fax: 1-818-247-6046      | Glendale, CA 91226   | Key available via finger
What is PGP?  Subscribe to alt.security.pgp and find out!


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgaIwkHZYsvlkKnJAQHfJAP+NBbcCDGzobs2IKuBCro9+Cka9VtMrbqi
NQY1SZRv6ZMUb7UwF5dd6J0rPJCwjzs9bLNWDxG643BHww0LWlc8+jfw0N6eZX7U
jYeso6+jKwSA3+sVfygyI5WTOUe5dUqFQfzHuxDFzZrgej3eejLw16WiwuCRpViL
sk345Pw5dQQ=
=SlzJ
-----END PGP SIGNATURE-----

--
Gary B. Edstrom          | Sequoia Software     | PGP fingerprint:
Internet: gbe at netcom.com | Programming Services | 2F F6 1B 28 6E A6 09 6C
CompuServe: 72677,564    | P.O. Box 9573        | B0 EA 9E 4C C4 C6 7D 46
Fax: 1-818-247-6046      | Glendale, CA 91226   | Key available via finger
What is PGP?  Subscribe to alt.security.pgp and find out!





From 74172.314 at CompuServe.COM  Tue Jun 21 11:10:46 1994
From: 74172.314 at CompuServe.COM (ss)
Date: Tue, 21 Jun 94 11:10:46 PDT
Subject: SLACKER JOB
Message-ID: <940621180746_74172.314_GHA50-1@CompuServe.COM>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  SANDY SANDFORT                    Reply to:  sandfort at crl.com
401 Merrydale Road * San Rafael, CA 94903 * USA * +1 415 472 6525
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

I sent out the following message just before the Second Great
Cypherpunks List Blackout.  Probably, there are many of you who
never saw it.  Sorry for the repetition for some of you, but this
is a great opportunity for the right folks.

                            *   *   *

Would you and your SO like a great slacker job in the San
Francisco Bay Area?  Yes?  Well, have I got a deal for you!

I will be leaving for Hongkong (by way of Madison, Wisc., it
would now appear) in the latter part of July.  I'm looking for
someone to take over my slacker job managing a self-storage
facility in lovely Marin county.  Here's the deal:

WHAT YOU GET

    -- Two bedroom, two bath, 1200 sq.ft. house (rent free)
       with large living and dining rooms, porch, covered
       carport, big backyard and garden, in a fenced compound.

    -- Washer and dryer, dishwasher, disposal, gas range and
       electric oven.

    -- Free electricity(!), water and garbage pick-up, plus
       $25/mo. towards gas.

    -- All of the above, is within a short walking distance
       of shopping centers, supermarkets, restaurants, parks,
       government offices and public transportation.

WHAT YOU HAVE TO DO

    -- Be on site from 8:00am to 6:00pm, M-F.

    -- Walk the self-storage yard several times per day.

    -- Answer the phone and give information about storage
       (averages less than 10 calls per day).

    -- Assist potential and current customers (averages about
       once per day).

    -- Misc. duties (averages less than 20 minutes per day).

Most of the time in this position is your own.  You can read,
watch TV, eat, work on your computer--whatever.  Of course
because there is no pay, you much have another source of income.
This could mean having an SO with an outside job, you doing shift
work, telecommuting or running your own at-home business.  In
addition, this is a stealth position.  It has an extremely low
profile if you manage things properly.

If you're interested, call, write or e-mail me at the address at
the top of this message.


 S a n d y  S a n d f o r t          Reply to:  sandfort at crl.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From jamiel at sybase.com  Tue Jun 21 11:48:45 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Tue, 21 Jun 94 11:48:45 PDT
Subject: Beware of Roman Catholic Corruption
Message-ID: <9406211848.AA19301@ralph.sybgate.sybase.com>


At 10:58 AM 06/21/94 -0700, Gary Edstrom wrote:

>> Don't let them lure you into following them into Hell.  The 1611 
>> Authorized (King James) Version of the Holy Bible is the only book 
>> that God ever wrote.  All other alleged translations are frauds 
>> written by the Devil himself.
>
>So what version of the scriptures did Jesus quote from?
>
>Gary B. Edstrom

The ones that were printed with the red letters, silly. That's how
he knew what his lines were.

:)

-j






From perry at imsi.com  Tue Jun 21 12:12:44 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 21 Jun 94 12:12:44 PDT
Subject: Beware of Roman Catholic Corruption
In-Reply-To: <199406211758.KAA04964@netcom13.netcom.com>
Message-ID: <9406211907.AA01283@snark.imsi.com>



Gary Edstrom says:
> > Don't let them lure you into following them into Hell.  The 1611 
> > Authorized (King James) Version of the Holy Bible is the only book 
> > that God ever wrote.  All other alleged translations are frauds 
> > written by the Devil himself.
> 
> So what version of the scriptures did Jesus quote from?

Please don't reply to this jerk on cypherpunks -- he isn't a
subscriber. By replying here, you add noise and you aren't even being
heard.

Perry





From stjude at well.sf.ca.us  Tue Jun 21 12:57:26 1994
From: stjude at well.sf.ca.us (Judith Milhon)
Date: Tue, 21 Jun 94 12:57:26 PDT
Subject: HOW TO MUTATE AND TAKE OVER THE WORLD
Message-ID: <199406211957.MAA24444@well.sf.ca.us>




Please write to me personally if you want to express indignation at 
this posting.  It's not an ad: it's an invitation to culture hacking, 
okay?  And write to me personally if it interests you.

I, Judith Milhon, am not a fink. I was at the first meating of this 
weird coalescence.  I even thought up the name "cypherpunk."  I write 
tech humor, I'm a good editor, I used to program under Unix, okay?  My 
bona fides can be verified by several on this list; write me for 
references.  I have a contract with Ballantine Books, bless their 
stingy but experimental hearts, to compile with R U Sirius a hack/prank
book called HOW TO MUTATE AND TAKE OVER THE WORLD.  You are invited to 
write yourself in as a character.  We want to present the cypherpunk 
movement in its own words, with its own cast of characters, as 
themselves or as their pseudonyms.  If you want to buckle a swash with 
impunity, you can hide your identity even from me.  You know how.

   If you have the time to change the world a little, this is a 
magnificent propaganda opportunity.  Rant!  Issue underground 
manifestos!  Start your own cell of an international hack/phreak/prank 
Underground.  Conceive and dedicate amazing hacks!  Write the future 
your way!

   The book is a scrapbook of media reportage, DIY manuals and email 
commentary starting way back in 1994 and continuing till 2001, at which
time the world ends in a nanotech industrial accident.  If you're 
interested, write me and I'll send you the year by year timeline, as 
HADL, the Human Anti-Degradation League [this ad degrades women. This 
article degrades children. And THIS degrades...] forces the gobliment 
to crack down on speech in the society at large, and btw succeeds in 
censoring the Internet, in response to which an entirely virtual 
Underground appears overnight, one that you can join as easy as you can
say... F S P.  Bam FSP sites that appear and disappear within hours, on
hacked Internet sites, distribute crypto programs and anarchist 
cookbook-style hacking info; and pirate TV interrupts our regularly 
scheduled broadcast to bring you today's edresses for these sites (and 
also very slick computer-animated ads for Stego and bogus ads for 
parodic nonproducts and on and on and on...  The issues are privacy and
censorship, the hacker mindset, Dada revolution, media pranking, etc 
etc etc.  Write your own!

   At minimum it will be fun, and will even pay minimal $$ -- like a 
few-cent word rate.

R U came up with these, but you can whomp up your own identity:

--------------------------------  >8  Cut Here  8<  
----------------------------
MUTATE CHARACTERS/ROLES:


TECHNICAL

You're a how-to, hands-on phreaker, intruder or media pirate and can 
draw DIY circuit diagrams, maps and step-by-step instructions.


TECHNO-REVOLUTIONISTS

You are a born anarchist hacker rhetorician w. enough techno knowledge 
to monkey wrench a bit in the digital realm.

You're a black post-riot grrrrl, Sub Rosa, with the most popular online
pirate multimedia show in the world.

You are a generalist hacker/cracker who can write technical material 
and engage in colorful email exchanges.  

You're a vile revolutionary psycho into media piracy advocating direct 
technological attacks on the government

You are a hacker genius who can figure out ways to do things that 
simply can't be done, and talk about them in a reasonably accessible 
way.  Or maybe you're the near-cartoon brilliant NERD, living the 
Vampire shift on caffeine and canned corn.  With an entirely fictoidal 
posse of nastyass teeners with whom you concoct horrid pranks.  Etc 
etc.


THE "MAN"

You are a puritanical nut who likes to write personal threat notes

You write official statements for the forces of purity and repression

You're Vice-President Tipper Gore, a HADL fellow traveler, on a 
rampage.


JOURNALISTS

You are good at compiling data on a subject and making it readable.  
You are a mainstream journalist or a techno-newsletter writer or both
...with Extropian tendencies.
...into Media Piracy.

You are a detail-oriented hard-tech journalist with wit and style

You are a detail-oriented science writer specializing in biotech, with 
wit and style

You're a business journalist.

You're a serious mainstream journalist with a left-liberal agenda 
monitoring social and cultural trends 

You're a Goddess-pagan oriented writer ready to shill for a religion 
based on bodily fluids.

You're a Gonzo "rock" culture journalist of the wickedest sort!!

You are a music/art writer/critic with a good sense of the ludicrous.

------------------------8<  cut here  >8------------------------

Write to me, flame me, whatever.  This is a chance for you to engage in some
cultural monkey-wrenching, at least...

Judith Milhon, aka stjude at well.sf.ca.us





From talon57 at well.sf.ca.us  Tue Jun 21 14:01:55 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Tue, 21 Jun 94 14:01:55 PDT
Subject: INFORMATION WARFARE
Message-ID: <199406212101.OAA21127@well.sf.ca.us>



-----BEGIN PGP SIGNED MESSAGE-----

Winn Schwartau's new book is out, "Information Warfare" and I am
enjoying it a great deal. I thought the list might be interested.
Here are the contents:

an introduction to information warfare             11
1.  The Econo-Politics of Information Warfare      27
2.  Computers Everywhere and the Global Network    49
3.  Binary Schizophrenia                           65
4.  On The Nature of Insidious                     82
5.  Influenza, Malicious Software, and OOPS!       95
6.  Sniffers and the Switch                        114
7.  The World of Mr van Eck                        137
8.  Cryptography                                   148
9.  Chipping: Silicon-Based Malicious Software     160
10. HERF Guns and EMP/T Bombs                      171
11. Hackers: The First Information Warriors
    in Cyberspace                                  190
12. Who are The Information Warriors?              215
13. The Military Perspective                       249
14. Class 1: Personal Information Warfare          258
15. Class 2: Corporate Information Warfare         271
16. Class 3: Global Information Warfare            291
17. Defense Before Defeat                          312
18. Outline of a National Information Policy:
    A Constitution for Cyberspace and
    an Electronic Bill of Rights.                  316
19. The Future of Information Warfare              354

    Afterword: Practical Proactive
    Security and Privacy                           367

    Resources                                      384
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLgdUGdCcBnAsu2t1AQHuOQQAnUItVChxiifCuLyU91B5QxysJ2FuFUfT
bL0S3y2z8L6HXDZ7fMJQOsBY6/xM8Pl71Ak8EzEupF26UrEAUvpSlQRo1DDA2fp6
XfAZMqDWOBj9hLYvrzBj4etH9LB8s1h2iYkJrTt7M5nuaOrJVnw8Et3ysUSwlrAR
D6w0vfVDXp0=
=bBAW
-----END PGP SIGNATURE-----





From kentborg at world.std.com  Tue Jun 21 14:02:18 1994
From: kentborg at world.std.com (Kent Borg)
Date: Tue, 21 Jun 94 14:02:18 PDT
Subject: Tracking Mobile Nodes--was Re: (None)
Message-ID: <199406212102.AA01110@world.std.com>


Wireless communication does *not* require nodes be closely tracked.
Efficiency demands some tracking but the amount of tracking can be
traded off.
 
I just drove cross-country.  With me were my little hand-held phone
and my Sky Pager.  Lacking battery power (and out of general
principals), I keep the phone off.  The pager, however, was on.  With
this combination I can be in quite good contact with the world yet not
reveal my location if I didn't make any calls.  (Limited money did a
pretty good job of keeping me from making roaming calls.)  Out of
cities the pager coverage is pretty bad--cells have much better
coverage--but the point is that other than my occasional use of phones
(wired and cell) I was a vanished person.  In 1994 I can still buy gas
and new tires with cash and vanish--for a time.
 
(I am behind in my reading so I might repeat you people with this next
comment--sorry.)
 
The physical tracking of phone users is not just theoretical if the
stories are true of finding O.J. via his cellular phone usage.  Where
I sit right now (Venice, CA) police helicopters fly over nearly
constantly watching drug gangs or some such.  That is expensive.  A
few gigs of hard disks is cheap, on the otherhand.  The idea of
logging *all* cell phone movement seems to me not at all far-fetched.
I am glad I know enough about phones that before I got caught I could
accomplish at least several calls through the effective call
"remailers" in the system.  (Isn't there a commercial phone anonymity
service?  It had a catchy 800-number, but I forget it.)


-kb


P.S.  Yes, I am about to go out and buy the SF Chronicle to read the 
O.J. article.


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 28:15 hours of TV viewing so far in 1994!





From jktaber at netcom.com  Tue Jun 21 14:28:15 1994
From: jktaber at netcom.com (John K. Taber)
Date: Tue, 21 Jun 94 14:28:15 PDT
Subject: DE-crypting (trivial case) (fwd)
Message-ID: <199406212128.QAA22847@netcom9.netcom.com>


Forwarded message:
> From owner-cypherpunks at toad.com Tue Jun 21 09:14:10 1994
> From: dwomack at runner.utsa.edu (David L Womack)
> Message-Id: <9406211522.AA12298 at runner.utsa.edu>
> Subject: DE-crypting (trivial case)
> To: cypherpunks at toad.com
> Date: Tue, 21 Jun 1994 10:22:42 -0500 (CDT)
> X-Mailer: ELM [version 2.4 PL23beta2]
> Mime-Version: 1.0
> Content-Type: text/plain; charset=US-ASCII
> Content-Transfer-Encoding: 7bit
> Content-Length: 463       
> Sender: owner-cypherpunks at toad.com
> Precedence: bulk
> 
> Fellow C'punks:
> 
> I was wondering if anyone knew of software that
> does decryption of weakly encrypted messages,
> i.e., similar to ROT13, but perhaps ROT(x) where
> 0<x<26?  Or maybe a bit more sophisticated, but
> not even at the single DES level?
> 
> Also...anyone know of any histogram software?
> i.e., I input a file, it counts how many
> letters of each type, and outputs it in a
> table and/or a graph?
> 
> If not, I'll have to (horrors!) write code!
> 
> Kindest regards,
> 
> Dave
> 
I have a hack in C for the PC that does trigraphic counting a la Sinkov.
It is just a hack, without documentation, and limited to a file that
is smaller than a 80x86 segment.  But if there is interest in it, I
can make it available.

Trigraphic counting, BTW, is the way to go.  Helps reveal repeated
sequences.  The same counting gives you your more normal stats too.




From jims at Central.KeyWest.MPGN.COM  Tue Jun 21 14:32:35 1994
From: jims at Central.KeyWest.MPGN.COM (Jim Sewell)
Date: Tue, 21 Jun 94 14:32:35 PDT
Subject: Tracking Mobile Nodes
Message-ID: <9406212132.AA06145@Central.KeyWest.MPGN.COM>


 I've read many comments about cell phone tracking and would
 like to add my own:
 
   In Louisville, KY where I used to live you could find out
   where a person was by the frequency they were on.  Each 
   cell site used a different frequency so you could tell at
   least the part of town a person was in.  This made listening
   to conversations frustrating because they kept shifting
   frequencies as they drove around.
 
   A cell phone is a glorified radio.  Any radio-smart person
   with an active conversation and a directional antenna could
   track a cell phone.  Add in a friend with another antenna
   and you could triangulate (biangulate?) to within blocks
   in a jiffy.  Add in some common sense (he's on the freeway)
   and it's easy to find someone.
 
   Of course, I never listened to cell phone conversations 
   because THEY made it illegal to do so.  Forget the fact
   that they are radiating my body with RF radiation and I
   should have a right to hook up a speaker to it!
 	 Sheesh, the government can be so anal sometimes!
 
 
 	 Jim
-- 
 Tantalus Inc.          Jim Sewell      Amateur Radio: KD4CKQ
 P.O. Box 2310          Programmer           Internet: jims at mpgn.com
 Key West, FL 33045     C-Unix-PC          Compu$erve: 71061,1027
 (305)293-8100                            PGP via email on request. 
 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3  C4 CF CD 9A 3E F9 4A 73




From jgostin at eternal.pha.pa.us  Tue Jun 21 14:50:58 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Tue, 21 Jun 94 14:50:58 PDT
Subject: cell Phones and Digital networking.
Message-ID: <940621170318M5Jjgostin@eternal.pha.pa.us>


lefty at apple.com (Lefty) writes:

> Forgive my ignorance, since I've always viewed cellular phones as being
> overpriced toys, but if the cellular network _didn't_ track the location of
> a given phone how could it route incoming calls to it?
     Bingo. :-) It has to know the proper ESN to send the signal to. The
ESN is an Electronic Serial Number, and every Cell Phone has a unique one.
Your cellphone number is attached to the ESN. 

> Some friends who
> were visiting from New Mexico this weekend told me they had to inform their
> service provider of where they were going to be so they could receive calls
> on their cellular phone.
     Well, I don't know about the need to let them know. I do know that
you can generally "log in" and "log out" of zones as you pass through
them, allowing the system to track you as you trek across the country.

> We've played with wireless mobile networking around here, and routers need
> to keep track of individual nodes as they move around.  Are cellular phones
> different?  Am I missing something here?
     This is where I get a little shady on my knowledge. If you substitute
routers for signal centers, and individual nodes for ESNs, you have the
general idea. :-)

                                        --jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From roy at sendai.cybrspc.mn.org  Tue Jun 21 15:00:25 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Tue, 21 Jun 94 15:00:25 PDT
Subject: DE-crypting (trivial case)
In-Reply-To: <9406211522.AA12298@runner.utsa.edu>
Message-ID: <940621.153443.0v3.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks you write:

> Fellow C'punks:
> 
> I was wondering if anyone knew of software that
> does decryption of weakly encrypted messages,
> i.e., similar to ROT13, but perhaps ROT(x) where
> 0<x<26?  Or maybe a bit more sophisticated, but
> not even at the single DES level?

Isn't rot13 a Caesar cypher?  Mark Riordan's collection has Caesar
decrypt by exhaustive search.  Lots of other stuff, too:

[Ono-Sendai 1]c:\user\request\mrrcip.z>unzip -v mrrcip.zip
 Length  Method   Size  Ratio   Date    Time   CRC-32     Name ("^" ==>
case
 ------  ------   ----  -----   ----    ----   ------     ----
conversion)
  23058  Implode  15186  34%  11-19-87  11:49  80e94a0c  ^detran.exe
   4383  Implode   1878  57%  10-26-87  13:04  5e4c0ecd  ^detran.for
   7053  Implode   2858  59%  04-16-88  23:21  5d9e3deb  ^entran.c
   9088  Implode   5760  37%  04-16-88  23:22  bd543440  ^entran.exe
  21104  Implode  13890  34%  02-06-88  20:29  f1b7d492  ^mktrnkey.exe
   3105  Implode   1387  55%  02-06-88  20:28  d88ca139  ^mktrnkey.for
   7176  Implode   2708  62%  02-16-88  23:20  3c825831  ^mrrmkmon.c
   5072  Implode   2954  42%  02-16-88  23:20  4efef3aa  ^mrrmkmon.exe
  24516  Implode  15845  35%  10-26-87  22:54  ac58ac41  ^playfair.exe
  10392  Implode   3582  66%  10-26-87  22:59  2474a710  ^playfair.for
   3100  Implode   1416  54%  10-11-88  22:20  959c6d8d  ^smplsub.c
  10365  Implode   6807  34%  10-11-88  22:20  b95448af  ^smplsub.exe
   3244  Implode   1348  58%  07-29-88  23:56  bc28efd4  ^stradalf.c
   8715  Implode   5387  38%  07-29-88  23:56  c98651f0  ^stradalf.exe
   6711  Implode   2259  66%  07-19-88  13:16  7c4bb388  ^straddle.c
  16890  Implode   9681  43%  07-19-88  13:17  edf8e4e2  ^straddle.exe
   1138  Implode    614  46%  07-02-88  15:46  acc7b6ea  ^caesar.c
   5737  Implode   3820  33%  07-02-88  15:46  6c62c135  ^caesar.exe
     74  Shrunk      62  16%  02-03-91  17:25  b16f569d  ^p.h
   4379  Implode   1665  62%  09-05-88  21:24  e1cd6821  ^periodic.c
   9981  Implode   6619  34%  01-19-91  16:08  014028fa  ^periodic.exe
   8156  Implode   2607  68%  07-30-88  13:00  3d2a271b  ^phrase.c
  10192  Implode   6382  37%  07-30-88  13:00  5ab75734  ^phrase.exe
   7555  Implode   2878  62%  02-03-92  21:48  7e088b37  ^solvevig.c
  12182  Implode   8672  29%  01-13-91  10:34  0fda5189  ^solvevig.exe
  13455  Implode   4159  69%  07-02-88  15:01  50230126  ^subst.c
  13376  Implode   8377  37%  07-02-88  15:01  3a501d94  ^subst.exe
    461  Implode    266  42%  01-12-91  19:28  af329b77  ^usage.c
   1007  Implode    606  40%  01-19-91  16:22  85025017  ^vigkey.c
   6662  Implode   4862  27%  01-19-91  16:23  9dd763a4  ^vigkey.exe
   1922  Implode   1052  45%  02-03-92  22:09  ff0d58ad  ^readme
 ------          ------  ---                              -------
 260249          145587  44%                              31

I found it on cpsr.org, somewhere in the Gopherspace.

> Also...anyone know of any histogram software?
> i.e., I input a file, it counts how many
> letters of each type, and outputs it in a
> table and/or a graph?
> 
> If not, I'll have to (horrors!) write code!

Histogram for 256 values?  Yikes, that could take all morning!

;-)

#! /usr/bin/perl
undef $/;
grep($table[vec($_,0,8)]++,split(/ */,<>));
for($x=0;$x < 256;$x++) {
    print "$x : $table[$x]\n";
}

(you'll need lots of memory for this one, though ;)
- -- 
Roy M. Silvernail, writing from roy at sendai.cybrspc.mn.org
        "Anything but Nixon, man... a blender.  Anything!"
                       -- National Lampoon, when they were funny

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLgdUHRvikii9febJAQFWZwP+L9b9ZXhbksQfWe9FS9VUt6r4+ZJhYffN
DosXC85KcV9flTi1NzL/MMHfy7LTImbDswr24GLbMYqXx821jBGRiuljDbYGcs5g
faZZ8G3Gcmhgkeo6HOpad32A6lbHo18Suz5Z6zIHznNYtBGvXDasocVkO9IlBd2o
Loi3Y0I68l8=
=z0st
-----END PGP SIGNATURE-----






From rah at shipwright.com  Tue Jun 21 15:04:00 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Tue, 21 Jun 94 15:04:00 PDT
Subject: e$: Geodesic Securities Markets
Message-ID: <199406212203.SAA18481@zork.tiac.net>


Flame bait alert.  Those of you who "know this already" (or know who's
posting ;-)) hit your spacebar (or down-arrow, whatever) now.

When it rains, it pours.

I've been yammering about e$ to another one of my UofC friends for a while
now.  He's ABD (all but dissertation) in Physics, repeated the process in
Finance, spent some time at First Boston and now builds asset/liability
software for insurance companies.  He'll remain nameless, 'cause if he
wants to fess up for his part in this craziness, he can do it himself.

Recall I'm screwing around with business models for e$ financial entities,
and how I talked about how the crypto-security it requires makes the funds
transfer system more granular and the network it lives in more geodesic.
Definition of geodesic network: a network where nodes (switches) become
more prevalent than lines (lines :-)) the opposite of pyramidal or
hierarchical, where the opposite holds. (From Peter Huber's "The Geodesic
Network", 1987, U.S. Government Printing Office)

So I'm swapping OJ jokes with this guy, and he says, "I've been thinking
about how this electronic money stuff makes brokerage firms disappear".
And I blurt, "like I did with banks!", and I sent him my last e$ screed,
about how to make demand deposits obsolete with digital cash ;-).  We
gibbered at each other for an hour or so, and here's how *he* made
*brokerage firms* go away...

The primary reasons for a brokerage account are 1.) safety, to protect your
securities from theft.  2. To be able to trade those securities
conveniently, by keeping them in "street name",  3.  only brokerage firms
can trade in the capital markets, because the markets are a giant
"web-of-trust", to quote someone around here.

Strong crypto accomplishes 1, and e$ protocols make 2 and 3 meaningless.

Without boring you folks too much, trades are executed by brokerage firms
for their clients in the market, where buyers and sellers are matched.  The
trades are  given to clearing houses, which are like banks, but hold
nothing but stock.  The clearing houses swap book entries around and then
notify the corporation that the stock was sold so the company know who the
new stockholder is.  The reason this can happen is because your stock is
actually held at the clearinghouse in the name of your brokerage.  You've
signed paper somewhere allowing all this to happen.  Otherwise you have to
take physical delivery of your securities, and re register them in street
name when you want to sell them, which takes time and money to do.  Your
time and your money.  Most people don't take physical delivery as a result.
They just leave it at the brokerage in street name.

If you remember the last post, you can see where I'm going with this.
Strong crypto allows the reinstitution of physical delivery.  Well, the
electronic analog of it, anyway.  Instead of keeping a security at a
broker's account in a clearinghouse, a stock "certificate" is issued by the
clearinghouse to the buyer immediately at the time of sale.  Instead of
keeping brokerages' securities on account and swapping accounting entries,
the clearinghouse acts more as an officiator, "blessing" the trade, and
notifying the corporation of the change in its ownership, etc.  Like
digital cash, No one can steal your certificate or use it if they do, and
if you're backed up, you might as well have it in Fort Knox...

Okay. Those are points 1 and 2 from above.  Point 3 is where we wave our
hands a bit.   Unless I'm beaten senseless by arcana, it seems to me that
every kind of securities market (including the electronic ones!!) from the
specialist system to open outcry can be done on line.  (In cyberspace no
one can hear your open outcry <hyuk!>).  The important question here is,
_who trades?_.  It seems pretty obvious to me that if you can prove you own
a security, you should be allowed to trade it.  Since you have taken
"physical" (metaphysical???) delivery, if *you* can't prove ownership, no
one can.

Notice this system allows for position traders, arbitrageurs, portfolio
managers, investment bankers, equity and fixed income salesmen (who buy
inventories of securities and resell them to their clients at a spread for
the information<fat chance!>), and lots of other current players in the
markets.

In addition, it blows the doors off the role of the brokerage firm as the
gatekeeper to the capital markets.

It also creates a menagerie of other financial creatures and entities...
To quote the famous Dr. Emil Lizardo, "It make-a the ganglia twitch!"

My pal says that these protocols could help in derivatives markets, where
securing ("insuring?") instruments is a problem...When I get that out of
him, in a form that I can understand, I'll write it up and kill more
bandwidth...

Cheers,
Bob Hettinga


-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From perry at imsi.com  Tue Jun 21 15:30:05 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 21 Jun 94 15:30:05 PDT
Subject: e$: Geodesic Securities Markets
In-Reply-To: <199406212203.SAA18481@zork.tiac.net>
Message-ID: <9406212229.AA01976@snark.imsi.com>



Robert Hettinga says:
> Strong crypto accomplishes 1, and e$ protocols make 2 and 3 meaningless.

Not really. Not all commodities are fungible. Not all entities are
willing to conduct all sorts of trades with all other sorts of
entities. Besides all that, someone has to hold physical goods, and
investing will continue to be a realm for which expert advice is
purchased.

Perry





From rah at shipwright.com  Tue Jun 21 16:33:03 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Tue, 21 Jun 94 16:33:03 PDT
Subject: e$: Geodesic Securities Markets
Message-ID: <199406212332.TAA19688@zork.tiac.net>


I don't really want to thrash this out point by point, but I will anyway ;-).

>Perry Metzger says:
>>Robert Hettinga says:
>> Strong crypto accomplishes 1, and e$ protocols make 2 and 3 meaningless.
>
>Not really. Not all commodities are fungible.

Agreed. And?

>Not all entities are
>willing to conduct all sorts of trades with all other sorts of
>entities.

No, but buyers of a specific security might want to buy those securities
from those who hold them...  Could you elaborate on your comment, please?

>Besides all that, someone has to hold physical goods,

Unless it is a stock, bond, derivative, call option, etc.  Most of which
are "held" in offsetting book entries at brokerage houses, banks, and
clearinghouses. If it's not kept there, then you need a certificate of some
sort (though I'm hard pressed to have heard of a certificate for a call
option, say), which might as well live on a hard drive as a desk drawer. I
guess I was saying that it could be that a "certificate" on a hard drive
was as tradeable, as "liquid"? as book entry in a clearinghouse.

>and
>investing will continue to be a realm for which expert advice is
>purchased.

I thought I did say that people like portfolio managers, anal(ah, I
*didn't* say *analysts* back there... OK. There.  I said "analysts")lysts,
investment bankers etc., still played their usual roles.

For example, a market analyst essentially sells his time to a brokerage
house to write reports on securities.  Those reports are then "sold" to the
brokerage's customers in exchange for brokerage fees.  They don't have to
work for brokerage houses any more, even. In the institutional markets, it
is now a common practice for some percentage of a commission to go on a
soft-dollar basis to third party analysts for their work.  (There was a
time 10 years ago or so where portfolio managers were getting *junkets* to
investment "seminars" in tropical locations on soft-dollars.  They don't do
that much anymore, I'm told.)  In an e$conomy, you sell your reports
direct.  Newsletter writers do it already.

Our "Peter Lynch" (forgive me Mister Lynch, I take your name in vain)
successor sitting in Marblehead would do some background e$ transaction to
have the report stuck on the screen of his trusty UltraPowerMac VXXI (next
to a Ren-N-Stimpy rerun) as soon as it came out.

In that case, as we said before, the mutual fund is where the investment
advice, the "editing" *is* being purchased.  But if an individual, or even
a professional trading his own money for his own profit, wanted to trade,
he only need put up one of two things to do so.  Money if he's buying, of
the securities if he's trading. In either case you don't really need a
brokerage firm for that...

Thanks Perry.

Cheers,
Bob

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From grendel at netaxs.com  Tue Jun 21 16:36:26 1994
From: grendel at netaxs.com (Michael Handler)
Date: Tue, 21 Jun 94 16:36:26 PDT
Subject: Cellular Phone Monitoring Made EZ!
Message-ID: <Pine.3.89.9406211920.A23455-0100000@access.netaxs.com>



	In light of the recent cellular phone monitoring discussions: 
check out the most recent issue of _2600_, Spring 1994. It has a product 
review for the "Cellular Telephone Experimenters Kit", $125 from Network 
Wizards in Menlo Park, CA. Given this kit and a OKI-900 cellular phone 
($450 new, $300 used), you can do wonderous things. The kit connects to 
the phone and a standard PC RS-232 port, and lets you control the phone 
via your computer and do all sorts of things. The kit comes with a 
C API for controlling the phone, so you're not limited by what software 
comes with the kit. The author of the article listed these things that he 
programmed in a day or so:

	* Scan for a paging channel and display the messages. If a voice 
channel is assigned, go to that channel and listen to the call.
	* Scan for voice channels and listen to active channels.
	* Scan OMNICELL channels and listen to active channels.
	* While listening to a call, display the voice channel messages.
	* Automatically follow handoffs.
	* Decode DTMF, change the volume or audio source.
	* Automatically mute the audio and stop monitoring when the call 
is released.

	Possible things he said you could do with more time:
	* Log all messages and call information for certain cellular 
phone numbers. You could log paging channel messages, calls places and 
recieved, call durations, DTMF digits dialed, cell channels used, etc.
	* Create a "spectrum" display of the cellular band by scanning 
all channels and recording the signal strength.
	* With a map of cell sites in your area, physically track a phone 
as it moves from cell to cell.

	The article is interesting in itself. Check it out. Spring 94 
issue of _2600_. I'm typing in the article for a friend, so I'll mail it 
to anyone who wants a copy....

--------------------------------------------------------------------------
Michael Brandt Handler                                <grendel at netaxs.com> 
Philadelphia, PA                            PGP v2.6 public key on request
Boycott PSI, Inc. & Canter & Siegel    <<NSA>> 1984: We're Behind Schedule






From karn at qualcomm.com  Tue Jun 21 18:01:19 1994
From: karn at qualcomm.com (Phil Karn)
Date: Tue, 21 Jun 94 18:01:19 PDT
Subject: Another Cellular Vict
In-Reply-To: <199406191329.AA18599@panix.com>
Message-ID: <199406220101.SAA00348@servo.qualcomm.com>


>Bell Atlantic already announced a joint venture with one of the electronic 
>navigation companies to supply drivers with position info using cellular 
>triangulation.

Not to mention our very own Omnitracs service, which uses spread
spectrum ranging via satellite to report the position of every mobile
user to roughly GPS accuracy (without actually using GPS). So far the
trucking companies to whom we sell this stuff have been pretty
enlightened in how they use this information.

We've also discussed adding position location to our CDMA cellular
system, although that wasn't originally a design consideration.
Depending on how far you go with modifying the existing system,
and depending on local terrain, you could locate a user somewhere on
a circle around a given cell (by round trip time measurements from
cell to mobile and back) or perhaps to a specific point by multi-cell
delay measurements during a handoff.

Which suggests a "stealth" phone that randomly dithers its round trip
delay a la GPS selective availability...

Phil






From die%pig.jjm.com at jjmhome  Tue Jun 21 18:23:37 1994
From: die%pig.jjm.com at jjmhome (Dave Emery)
Date: Tue, 21 Jun 94 18:23:37 PDT
Subject: (None)Cellphones
In-Reply-To: <9406211610.AA28536@internal.apple.com>
Message-ID: <9406220109.AA02682@pig.jjm.com>


> Lefty (lefty at apple.com) writes:
> Forgive my ignorance, since I've always viewed cellular phones as being
> overpriced toys, but if the cellular network _didn't_ track the location of
> a given phone how could it route incoming calls to it?  Some friends who
> were visiting from New Mexico this weekend told me they had to inform their
> service provider of where they were going to be so they could receive calls
> on their cellular phone.
> 
> --

	Within a service area (usually the coverage area of one
cellphone system or provider) the problem of incoming calls is handled
by the same basic techique as pagers use - a global area wide broadcast
of cellphone numbers being called transmitted from one or more transmitters on
each cellphone tower.   Each cellphone, when it is turned on, scans the
paging channels (special frequencies are used for this) to find the loudest
one and sits on this channel looking for it's MIN until a call comes in
or the signal gets marginal at which time it goes and looks for another
paging channel.

	All the paging channels usually carry all incoming calls for the
system (some MTSOs may page a cellphone which has recently transmitted
first on the site that was last serving it, but eventually it will get
paged on every site if it doesn't answer).  When a cellphone hears its
MIN being paged it transmits on the frequency paired with the paging channel
it is listening to.   All the nearby cells listen on the paging response
channels and measure the signal strength of the response.   The one with
the strongest signal gets picked by the MTSO which then sends out a
command over the paging channel the mobile is listening to telling it to
switch to a traffic frequency and start ringing.

	Thus the mechanism for contacting local phones is basically
broadcast paging.   Built into the system, however, is a set of commands
to a powered up cellphone that will tell it to transmit it's ID on the
paging channel response channel it is listening to without ringing or giving
any other particular indication that it has been ping'd.   This command
can be addressed to a particular cellphone MIN or to classes of cellphone
such as roamers that have not registered with the local system yet.
Some cell systems use this to automatically track roamer cellphones from
non-local systems so they can be paged, virtually all systems will keep track
of such roamers when they make calls.  This roamer information
is passed around between system and system via nationwide and regional databases
accessed over packet switched networks connecting the MTSOs.   Thus
paging can be directed to the system that last saw a particular cellphone.


						Dave Emery

						die at pig.jjm.com







From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Tue Jun 21 18:25:51 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Tue, 21 Jun 94 18:25:51 PDT
Subject: Using "nobody" to camouflage encryption/remailers/commerce
Message-ID: <772247601/vac@FURMINT.NECTAR.CS.CMU.EDU>


If we use "nobody" as an email address we can hide remailers or make it
seem like there were remailers where there are not, etc.

The convention on the Internet is for mail to "nobody" to go to
"/dev/null".  This is used as a return address when you don't want bounced
mail.

Now remailer operators are clearly more interested in privacy than in
following conventions.  Imagine remailers also had addresses like
"nobody at vox.hacktic.nl", and "nobody at jpunix.com".  Now if someone doing
an internet wire-tap sees mail to "nobody at furmint.nectar.cs.cmu.edu" it
is hard for him to tell if this means:

  a) It will just end up in /dev/null like it does on 99% of the machines
  b) furmint is another remailer
  c) someone on furmint gets mail as "nobody"
  d) furmint acts as a remailer for those with money
  e) furmint is being used for some email based business
  f) etc

So now assume that there was a lot of encrypted mail going to
"nobody at alex.sp.cs.cmu.edu".  That might be because I am also doing
something funny there, or it might be because someone is just sending a
lot of encrypted mail to /dev/null.  By the way, anyone is welcome to send
encrypted mail to this address (via a remailer or not).  Even if there is
no email going out of that machine, it could just be that with my remailer
I collect the mail some period into a file, encrypt the file, move it
off to some other machine (using FTP, NFS, uucp, rcp, http, telnet, etc.),
and mail it from there.  Could be hard to tell.

Remailers named "nobody" will be harder to stop.  So it would be nice
if sites with remailers would set the "nobody" alias to point to their
remailer to start this convention.  Assuming that the remailer will
drop non-encrypted mail (or at least mail that does not have a good
format) this should not cause any problems.

On "furmint" I did the following:

   Changed the "nobody:/dev/null" in /usr/misc/.mmdf/table/aliases 
   to "nobody:vac+pgp at furmint.nectar.cs.cmu.edu". 

   Ran "dbmbuild" to rebuild the "mmdf" database.

I don't know how different this will be on other Unixes.  It may only take
editing "/usr/lib/aliases" on other systems.

So I did give away the puzzle in the second paragraph, if you send mail to
"nobody at furmint.nectar.cs.cmu.edu" it is the same as sending mail to
"vac+pgp at cs.cmu.edu".  So far.  :-)

I doubt that "nobody" was getting a lot of mail, but if so I will modify
my "pgp-receive" script to drop any mail not encrypted for it.

If they ever outlaw sending mail to "nobody" there will be millions of
people who are breaking the law.

If some country outlaws encryption, people (or programs) in other
countries could send encrypted mail to "nobody" at random machines in that
country to act as a cover for the legitimate encrypted mail.

   -- Vince







From karn at qualcomm.com  Tue Jun 21 19:14:38 1994
From: karn at qualcomm.com (Phil Karn)
Date: Tue, 21 Jun 94 19:14:38 PDT
Subject: your mail
In-Reply-To: <199406191451.JAA01206@zoom.bga.com>
Message-ID: <199406220214.TAA00451@servo.qualcomm.com>


>> Hmm.  And if an attacker discovers you're using this method, and
>> decides to send out a signal on the same frequency?  You might find
>> your "random" numbers are suddenly all zeros...

>Band hop. Build a variable modulo counter and use its output to reset its 
>modulo and hop the band around pseudo-randomly. Unless they know or stumble
>on the particular design you are using it will be very difficult to track.

An even better idea: disconnect the antenna. Most of the noise comes
from the front end amplifier, not the galactic and cosmic background,
at least in your average consumer grade receiver. And this is a quantum
process that someone else definitely can't predict or copy.

Phil






From nobody at vox.hacktic.nl  Tue Jun 21 19:50:13 1994
From: nobody at vox.hacktic.nl (nobody at vox.hacktic.nl)
Date: Tue, 21 Jun 94 19:50:13 PDT
Subject: nobody@vox.hacktic.nl is up.
Message-ID: <199406220250.AA17370@xs4all.hacktic.nl>



Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU once said:

:If we use "nobody" as an email address we can hide remailers or make it
:seem like there were remailers where there are not, etc.
:
:The convention on the Internet is for mail to "nobody" to go to
:"/dev/null".  This is used as a return address when you don't want bounced
:mail.
:
:Now remailer operators are clearly more interested in privacy than in
:following conventions.  Imagine remailers also had addresses like
:"nobody at vox.hacktic.nl", and "nobody at jpunix.com".  

You now can choose from three cypherpunx remailers at vox.hacktic.nl :

    -> remailer at vox.hacktic.nl
    ->   remail at vox.hacktic.nl
    ->   nobody at vox.hacktic.nl
    
Regz,
-- 
____      Alex de Joode                       <usura at vox.hacktic.nl>  
\  /__    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 \/  /    "It's dangerous to be right when the government is wrong." 
   \/     --Voltaire    --finger usura at hacktic.nl for PGPpublicKEY-- 





From schneier at chinet.chinet.com  Tue Jun 21 20:18:10 1994
From: schneier at chinet.chinet.com (Bruce Schneier)
Date: Tue, 21 Jun 94 20:18:10 PDT
Subject: Thoughts on the NSA's correction to SHA
Message-ID: <m0qGIjn-0006ZmC@chinet>



This is the fix to the Secure Hash Standard, NIST FIPS PUB 180:

     In Section 7 of FIPS 180 (page 9), the line which reads

     "b) For t=16 to 79 let Wt = Wt-3 XOR Wt-8 XOR Wt-14 XOR
     Wt-16."

     is to be replaced by

     "b) For t=16 to 79 let Wt = S1(Wt-3 XOR Wt-8 XOR Wt-14 XOR
     Wt-16)."

     where S1 is a left circular shift by one bit as defined in
     Section 3 of FIPS 180 (page 6):

     S1(X) = (X<<1) OR (X>>31).

This is exactly one additional line in assembly language.

The very fact that this correction had to made offers some
insights into the National Security Agency.

I believe that releasing DES to the public was the biggest
cryptography mistake that NSA ever made.  Consider the state of
research in cryptology before DES.  It was simplistic.  It was
haphazard.  There was little interest.  If any results of value
were ever discovered, the NSA could squash them with a secrecy
order.  No one cared.

Then, in the late 1970s, came DES.  Suddenly there was a an
algorithm to argue about, dissect, study, and learn from.  A
whole generation of cryptographers learned their craft from DES. 
Even today, we're still learning from DES.  We're learning new
techniques of cryptography and cryptanalysis.  DES has
transformed academic cryptology in ways the NSA never envisioned.

The NSA will not make this mistake again.  They will not release
Skipjack or any other algorithm to the public, because that could
galvanize another fifteen years of research in algorithm design
and analysis.  (Even so, I believe that Skipjack is similar in
design to DES; the NSA realizes that Clipper chips will be
reverse-engineered eventually.)

When it came time to propose an algorithm for the SHS, the NSA
chose not to use an algorithm from its own arsenal.  Instead it
chose to take an algorithm from academia, Ronald Rivest's MD4,
and modify it to produce a 160-bit hash.  While this approach did
not compromise any of NSA's work, it also short circuited NSA's
lengthy internal algorithm design and review process.  The SHA
was announced only two years after MD4.  By contrast, NSA claims
to have spent five years designing and analyzing their Skipjack
algorithm, based on an additional seven years of design.

There is no substitute for years of intense cryptanalysis, and
the flaw in SHA illustrates that.


>From owner-cypherpunks  Tue Jun 21 20:47:03 1994




From schneier at chinet.chinet.com  Tue Jun 21 20:47:03 1994
From: schneier at chinet.chinet.com (Bruce Schneier)
Date: Tue, 21 Jun 94 20:47:03 PDT
Subject: C Programmer Wanted for Cryptography Programming
Message-ID: <m0qGIw9-0004S9C@chinet>


I am looking for a good C programmer who is interested in doing some
contract programming for me.

Anyone interested?

Bruce

**************************************************************************
* Bruce Schneier
* Counterpane Systems         For a good prime, call 391581 * 2^216193 - 1
* schneier at chinet.com
**************************************************************************




From dcosenza at netcom.com  Tue Jun 21 20:54:22 1994
From: dcosenza at netcom.com (dcosenza at netcom.com)
Date: Tue, 21 Jun 94 20:54:22 PDT
Subject: Unofficial Release
Message-ID: <199406220354.UAA03231@netcom14.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

I'm pleased to announce the release of an unofficial version of PGP v2.6ui
that allows for key generation up to 8176 bits, thanks are due to Tom
Rollins for his diligence compiling the code and also to Mathew at Mantis
Consultants in the UK for bringing us all up to 2.6ui. Said material, 
including source codes and an associated signature, can be found on 
ftp.netcom.com look in /pub/dcosenza for the following: 

                pgp26ui.zip        --> DOS release
                pgp26uisrc.zip     --> source codes
                pgp26uisrc.sig     --> sigfile for pgp26uisrc.zip
                tom.asc            --> Tom's public key, you'll need this to
                                                  check the sig

This patch level is not endorsed or supported in any way shape or form by 
MIT, so usage of this program might put you in violation.

A couple of notes: keys that are larger than 1264 bits will not be readable
by previous versions of the software, so users who are interested in larger
key lengths are encouraged to move up. Also, considering the enormous amount
of time it takes to generate a 4096 bit key on a 486 (10 1/2 hours), an upper
limit of 2048 or thereabouts is strongly recommended.

Enjoy everybody and

Ever forward,

David

- --
- ---------------------------------------------------------------------------
David Cosenza                                           dcosenza at netcom.com
PGP 2.3a Public Key available by finger  _or_  ftp.netcom.com:/pub/dcosenza
PGP 2.3a Key fingerprint = BF 6C AA 44 C6 CA 13 3F  4A EC 0A 90 AE F3 74 6D
    "When encryption is outlawed, only outlaws will have encryption."


-----BEGIN PGP SIGNATURE-----
Version: 2.3a 

iQCzAgUBLgevPSjdpAfJZzihAQFipATwk1jlksS571wBq3p2KySjjpj0PHOY8QJy
yc5/S2BYn5ynY4XSp98skAUgWTblU0cT1uFu2JrukpdCqec5pCzCFVuErN2fn9zY
MWUhqZKG74v1nTfNrlA+JjfiXd9LWjJJO8bBRfEyZ5ZBMsxALvU/N1j1rCV+KovI
OjxtLDdbe5znloT/2GVwlPo2TQUi//cpfT9XNbVDUVCLG934nlw=
=BQtC
-----END PGP SIGNATURE-----




From danisch at ira.uka.de  Wed Jun 22 00:33:31 1994
From: danisch at ira.uka.de (Hadmut Danisch)
Date: Wed, 22 Jun 94 00:33:31 PDT
Subject: something I've always wondered
Message-ID: <9406220731.AA02364@tartarus.ira.uka.de>



> Does DES (or name your favorite encryption algorithm) produce as output  
> all possible cyphertexts of length L, given all possible conbinations of  
> keys and plaintexts of length L?

Choose any cyphertext and a random key and decrypt the cyphertext with that
key. Now you have a key and a plaintext which produce this cyphertext.

Hadmut




From karn at qualcomm.com  Wed Jun 22 01:52:49 1994
From: karn at qualcomm.com (Phil Karn)
Date: Wed, 22 Jun 94 01:52:49 PDT
Subject: OJ`S CELL PHONE
In-Reply-To: <199406191611.JAA20513@netcom12.netcom.com>
Message-ID: <199406220852.BAA03587@servo.qualcomm.com>


>Technicians in the tracking station can, if necessary, track a
>particular call back to the cell site from which it originates.  But the
>monitoring can not be done unless the phone is in use. [ Is that true? ]

There is an optional mechanism called "registration" by which the
system can keep track of your approximate location even though you're
not actually making calls. The intent is not really to track your
location, although it could certainly be used for that purpose. It's
intended to minimize the amount of "flood paging" that goes on.

When somebody calls you on a cell phone and the system doesn't know
where you are, it has to broadcast the page (the message announcing
the call) on every cell in the system. In large busy systems, this can
cause quite a bit of congestion on the paging channels. So the system
has the option of asking the users to transmit occasionally so the
system can keep track of their location and direct incoming pages to
the last known cell, at least as a first try.

Think of the system as a large bridged Ethernet and you won't be far
off, at least on the concept. On the other hand, the fact that most
cell phones see very little use, and the use that they do see is
predominantly mobile originated, means that registration actually
doesn't buy that much in practice. It can even be counterproductive
because of all that non-revenue generating registration traffic that
takes up capacity on the access and paging channels. This probably
explains why registration isn't often used in practice, as far as I
know.

The best way to make sure it isn't occurring, of course, is to turn
off your phone.

Phil







From karn at qualcomm.com  Wed Jun 22 01:58:18 1994
From: karn at qualcomm.com (Phil Karn)
Date: Wed, 22 Jun 94 01:58:18 PDT
Subject: OJ`S CELL PHONE
In-Reply-To: <9406191648.AA02110@vail.tivoli.com>
Message-ID: <199406220857.BAA03608@servo.qualcomm.com>


>It may be that the phone can be "pinged" unbeknownst to the owner, but
>I'm fairly confident that if the phone is shut off, you're safe.  The
>truly paranoid might consider stowing the phone inside some sort of RF
>cage, I guess, or maybe just throw it out the window :-)

I should have added in my remarks about registration that one very
easy way to "ping" a cellular phone is to call it. If the phone is
powered on and hears the page, it will automatically acknowledge it on
the access channel (the mobile-to-base link that is also used to
request a mobile-originated call). This will certainly reveal the
mobile's location to the closest cell.

Phil






From karn at qualcomm.com  Wed Jun 22 02:14:55 1994
From: karn at qualcomm.com (Phil Karn)
Date: Wed, 22 Jun 94 02:14:55 PDT
Subject: Cell phone tracking
In-Reply-To: <9406192230.AA02687@pig.jjm.com>
Message-ID: <199406220913.CAA03748@servo.qualcomm.com>


> 	And in the future Phil Karn's company Qualcomm's CDMA digital
> cellphones will provide few feet accuracy position as a byproduct of the
> spread spectrum receive correlator operation on every transmitting phone
> within range of more than one cell receiving site unless they actually
> aviod trying to make the measurement.  Most of the time more than one
> cell site tracks a given phone so they can vote on which one has the
> stronger signal - given that each of these sites has a precise estimate
> of the time of arrival of transissions from each phone it takes little
> more than netting of the time base (with GPS ?) between the cell sites to
> detemine cellphone positions since the positions of the cell site
> antennas are well known.  I suspect that if the hardware and software to
> do this (mostly software) is not part of the current base station that
> certain TLAs will pay to have it developed and implemented. 

Yes, as I described in earlier mail this is certainly doable with our
CDMA system although position location was not one of the original
design goals for the system nor is it a requirement for the ones we're
currently building.

During drive tests in the demo/test system it was easy to tell by
watching a display in the cell when the test van had returned to the
starting point. We had a continuous display of round trip time which
would increase and then return to its original value. But we don't do
anything useful with this information at present. For data logging
purposes on field tests, we now use commercial Trimble GPS receivers
that have piezo gyros for dead reckoning through the GPS coverage
shadows. They work much better than the compass/wheel rotation counter
scheme used in the ETAK units we had before.

We already "net our time base with GPS" - each cell site has a GPS
timing receiver that controls frequencies and spreading codes within a
microsecond (limited mainly by SA dithering). This is needed to make
our soft-handoff work, but it does have the side effect of making
a potential location-determination system more practical.

Phil





From tn0s+ at andrew.cmu.edu  Wed Jun 22 02:27:27 1994
From: tn0s+ at andrew.cmu.edu (Timothy L. Nali)
Date: Wed, 22 Jun 94 02:27:27 PDT
Subject: Need advice on starting to make PGP library
In-Reply-To: <199406220354.UAA03231@netcom14.netcom.com>
Message-ID: <8i20C3W00iV0E0jVVf@andrew.cmu.edu>


Hi all.

Recently, there was a tread about getting pgp to the masses.  There was
a general consenus that nice GUIs are needed to get pgp used by the
masses.  THere needs to be a MS Windows version that is easy to use.

The bast way to go about doing this is to turn pgp into a library that
other programmers can link into thier code.  Once the library is
finished, people could roll GUIs for every platform out there.  FOr
example, under MS Windows, if a pgp DLL (Dynamic Link Library) existed,
we could use something as simple as Visual Basic to make an easy-to-use
front end for pgp.  It also shouldn't be so difficult to incoporate a
pgp library into various mailers and newsreaders.

Now, I'm not one of those who dream up some grandiose idea and then
expect someone else to do it.  I plan to make (or at least try) a pgp
library.  However, I am rather new to all this, so I could use some
advice:

1)  I going to use C++ for this.  Are there any platforms that do not
have a c++ compiler, or is there any other good reason to stick with C.

2)  Should I use the MIT version or the pgp2.6ui version as a starting
point?  I am in the United States.

3)  Assuming I complete this, how do I release the code without having
somebody break down my door? (the export and patent nonsense.  Isn't
living in america dandy :-)



_____________________________________________________________________________
 
 Tim Nali            \  "We are the music makers, and we are the dreamers of
 tn0s at andrew.cmu.edu  \   the dreams" -Willy Wonka and the Chocolate Factory







From dichro at tartarus.uwa.edu.au  Wed Jun 22 02:39:15 1994
From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn)
Date: Wed, 22 Jun 94 02:39:15 PDT
Subject: sorry...
Message-ID: <199406220938.RAA17759@lethe.uwa.edu.au>


apologies for last message...





From mathew at mantis.co.uk  Wed Jun 22 04:01:18 1994
From: mathew at mantis.co.uk (mathew)
Date: Wed, 22 Jun 94 04:01:18 PDT
Subject: Unofficial Release
In-Reply-To: <199406220354.UAA03231@netcom14.netcom.com>
Message-ID: <m0qGQ2p-001JJFC@sunforest.mantis.co.uk>


>A couple of notes: keys that are larger than 1264 bits will not be readable
>by previous versions of the software

And probably not by future official versions either.

I explained why it would be a bad idea to do this.  Did you have to go
and do it anyway?


mathew





From nobody at shell.portal.com  Wed Jun 22 04:11:19 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Wed, 22 Jun 94 04:11:19 PDT
Subject: HOW TO MUTATE AND TAKE OVER THE WORLD
Message-ID: <199406221112.EAA09716@jobe.shell.portal.com>


> Date: Tue, 21 Jun 1994 12:57:11 -0700
> From: Judith Milhon <stjude at well.sf.ca.us>
> 
> I, Judith Milhon, am not a fink. I was at the first meating of this 
> weird coalescence.  I even thought up the name "cypherpunk."  I write 

  I wasn't at the first meeting.  I wasn't the one who coined the term
"cypherpunk".  I heard that Andy Hawks did.

  Cat Shoe





From rfb at lehman.com  Wed Jun 22 04:48:20 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Wed, 22 Jun 94 04:48:20 PDT
Subject: OJ`S CELL PHONE
In-Reply-To: <199406220857.BAA03608@servo.qualcomm.com>
Message-ID: <9406221147.AA08792@fnord.lehman.com>


    Date: Wed, 22 Jun 1994 01:57:04 -0700
    From: Phil Karn <karn at qualcomm.com>

    I should have added in my remarks about registration that one very
    easy way to "ping" a cellular phone is to call it.

My wife said that some news show last night, maybe it was the Baba
Wawa thing, was saying that the current police story on OJ is that
someone called the police saying that they thought they saw OJ in the
Bronco.  Then the police called OJ on the cellular to start
pinpointing his location.  Presumeably, they'd already figured out
who's Bronco it was . . . .

			Rick






From perry at imsi.com  Wed Jun 22 05:03:48 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 22 Jun 94 05:03:48 PDT
Subject: e$: Geodesic Securities Markets
In-Reply-To: <199406212332.TAA19688@zork.tiac.net>
Message-ID: <9406221203.AA02493@snark.imsi.com>



Robert Hettinga says:
> I don't really want to thrash this out point by point, but I will anyway ;-).
> 
> >Perry Metzger says:
> >>Robert Hettinga says:
> >> Strong crypto accomplishes 1, and e$ protocols make 2 and 3 meaningless.
> >
> >Not really. Not all commodities are fungible.
> 
> Agreed. And?

And the result of that is that intermediaries are needed in such cases
to handle the transactions if the things being traded are complex
instruments. Its fairly easy to envision a system that directly
matches orders for shares in IBM. Trying to match up buyers and
sellers of swaps might not be that easy.

> >Not all entities are
> >willing to conduct all sorts of trades with all other sorts of
> >entities.
> 
> No, but buyers of a specific security might want to buy those securities
> from those who hold them...  Could you elaborate on your comment, please?

Certainly. In the foreign exchange market, for instance, most trading
is done on blocks of millions to hundreds of millions of dollars worth
of currency. In the current scheme of things people will only deal
with entities that they know because fails are devistating. It is
possible for third parties to guarantee credit to open up markets, but
they will expect to be paid for this. You can't get rid of the banks
-- someone has to guarantee that you have the money on hand.

> >Besides all that, someone has to hold physical goods,
> 
> Unless it is a stock, bond, derivative, call option, etc. Most of which
> are "held" in offsetting book entries at brokerage houses, banks, and
> clearinghouses.

Actually, even in the case of securities largely settled by book
entry, DTC still holds physical certificates. That is not, however,
the point. The point is that no matter what you hold, be it dollars,
shares of IBM, or futures contracts for dried silkworm cocoons (a
perfectly real commodity, by the way) you need a bank to hold the
account and guarantee the existance of the thing being held, be it a
figment of the computer's memory or a thing backed by a bar of gold.
The banks will expect to be paid for this service. Try imagining a
digital cash algorithm that DOESN'T involve a bank, and you will
swiftly see that there is a small problem involved...

This is not to say that transaction costs can't be radically reduced,
and the role of intermediation in fully fungible goods reduced.
However, transaction costs will not go to zero, and banks will not
disappear. (I suspect conventional interest bearing accounts may be
fully replaced by mutual funds at some point, however.)

Perry





From trollins at debbie.telos.com  Wed Jun 22 05:33:33 1994
From: trollins at debbie.telos.com (Tom Rollins)
Date: Wed, 22 Jun 94 05:33:33 PDT
Subject: PGP Comments and Questions.
Message-ID: <9406221233.AA22563@debbie.telos.com>


Hey, Got some comments about the future of PGP.

I would like to compair PGP with DOS. It has gotten a large
following and that is good. It has it's limitations and that
is bad.
Like DOS, expanding it's functions seems to be trouble. Trouble
from the tech side and from government.
I believe that we should lay a framework so that people around
the world can modify and enhance various parts of PGP and not
get in each others way. After all, how much can 1 or 2 or 3 or
4 people do vs thousands on the net.
Also if the code is modular, people in the US can work on
sections that do not contain the crypto engines.
Bulk crypto engines could be replaced and not get in the way of
the Public key stuff.

So, now for some questions....

As I understand the Gnu CopyLeft. People can make changes and
pass them on with the source code and NOT step on anyone's
toes. Why then should there be an official release by a small
group of people that still have bugs in the code after N years.
An official framework which will allow for expansion and change
is in order.

Is Mathew in the UK a named remailer for Phil Z? (just kidding)

How fine do you have to divide the crypto code before it is not
considered crypto code anylonger. (for US ITAR regs)

How do the French get around the anti crypto laws? I want to know
before those laws get enacted here in the US.





From khijol!erc  Wed Jun 22 05:40:57 1994
From: khijol!erc (Ed Carp [Sysadmin])
Date: Wed, 22 Jun 94 05:40:57 PDT
Subject: CYPHERPUNK OPERATIVE
In-Reply-To: <Pine.3.87.9406211029.A19702-0100000@crl3.crl.com>
Message-ID: <m0qGLJY-0004EcC@khijol.uucp>


> Whoever it is, is doing a great job.  In the June 15 issue, in
> the article, "How Big Brother Wants to LIsten, Too," the writer
> coined the term "Al Gorewellian."  Gotta love it.

I love it! :)
-- 
Ed Carp, N7EKG/VE3	ecarp at netcom.com, Ed.Carp at linux.org

"What's the sense of trying hard to find your dreams without someone to share
it with, tell me, what does it mean?"        -- Whitney Houston, "Run To You"




From khijol!erc  Wed Jun 22 05:40:59 1994
From: khijol!erc (Ed Carp [Sysadmin])
Date: Wed, 22 Jun 94 05:40:59 PDT
Subject: your mail
In-Reply-To: <199406220214.TAA00451@servo.qualcomm.com>
Message-ID: <m0qGL7W-0004EcC@khijol.uucp>


> An even better idea: disconnect the antenna. Most of the noise comes
> from the front end amplifier, not the galactic and cosmic background,
> at least in your average consumer grade receiver. And this is a quantum
> process that someone else definitely can't predict or copy.

And if that doesn't work, crawl up the spectrum a bit.  The higher in 
frequency you go, the more thermal noise you'll see.

Gee, it's *good* to be able to write something intelligent in response to 
one of Phil's posts... :)
-- 
Ed Carp, N7EKG/VE3	ecarp at netcom.com, Ed.Carp at linux.org

"What's the sense of trying hard to find your dreams without someone to share
it with, tell me, what does it mean?"        -- Whitney Houston, "Run To You"




From perry at imsi.com  Wed Jun 22 05:50:00 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 22 Jun 94 05:50:00 PDT
Subject: your mail
In-Reply-To: <199406220214.TAA00451@servo.qualcomm.com>
Message-ID: <9406221249.AA02619@snark.imsi.com>



Phil Karn says:
> An even better idea: disconnect the antenna. Most of the noise comes
> from the front end amplifier, not the galactic and cosmic background,
> at least in your average consumer grade receiver. And this is a quantum
> process that someone else definitely can't predict or copy.

This is also cheap. If you have audio input on your computer, just put
an El-Cheapo radio with its antenna off tuned to dead air into your
workstation, and distill what comes out with MD5 or SHA or something
similar. Assume that things are much less random than they seem and
distill every N bytes down to 1 byte with the hashing algorithm -- N
depends on your paranoia.

Perry





From perry at imsi.com  Wed Jun 22 05:55:14 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 22 Jun 94 05:55:14 PDT
Subject: Unofficial Release
In-Reply-To: <199406220354.UAA03231@netcom14.netcom.com>
Message-ID: <9406221254.AA02636@snark.imsi.com>



dcosenza at netcom.com says:
> I'm pleased to announce the release of an unofficial version of PGP v2.6ui
> that allows for key generation up to 8176 bits,

Way overkill. Remember that 2000 is not just twice as hard as 1000 --
even breakthroughs that improved factoring speed by factors of
thousands couldn't break 2000 bit keys any century soon, if ever. I'd
worry more about my key management -- before putting in even the
effort to crack a 1500 bit key they are likely to just listen in on
the emmissions from your keyboard and monitor.

Perry






From gtoal at an-teallach.com  Wed Jun 22 06:21:25 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Wed, 22 Jun 94 06:21:25 PDT
Subject: Need advice on starting to make PGP library
Message-ID: <199406221321.OAA08491@an-teallach.com>


Too late!  It's been done, by Pr0duct Cypher...

G
(Some of us are even using it...)





From sommerfeld at orchard.medford.ma.us  Wed Jun 22 06:34:54 1994
From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld)
Date: Wed, 22 Jun 94 06:34:54 PDT
Subject: Another Cellular Vict
In-Reply-To: <199406220101.SAA00348@servo.qualcomm.com>
Message-ID: <199406221242.IAA00419@orchard.medford.ma.us>


   Which suggests a "stealth" phone that randomly dithers its round trip
   delay a la GPS selective availability...

Well, I'm not sure how well that would work...  The "dither" on the
RTT can't go negative (for obvious reasons :-) ).

Presumably the dither turns a "He's somewhere on this circle" into a
"He's somewhere inside this circle".

If you vary the dither over time, someone trying to track you would
wait for the RTT to hit a local minimum to get the most precise fix.

If the dither introduced by the phone has to be the same for all cell
sites, it gets even easier.


						- Bill





From talon57 at well.sf.ca.us  Wed Jun 22 06:56:38 1994
From: talon57 at well.sf.ca.us (Brian D Williams)
Date: Wed, 22 Jun 94 06:56:38 PDT
Subject: INFORMATION WARFARE
Message-ID: <199406221356.GAA09698@well.sf.ca.us>



-----BEGIN PGP SIGNED MESSAGE-----

For those who asked:

                       INFORMATION WARFARE
              Chaos on the electronic Superhighway
                         Winn Schwartau
                      Thunder's Mouth Press
                       ISBN 1-56025-080-1


I should add that at least one member of this list wrote and
doesn't share my opinion of it. Let the buyer beware! I am still
enjoying it immensely!


Brian Williams
Extropian
Cypherpatriot

"Cryptocosmology: Sufficently advanced communication is
                  indistinguishable from noise." --Steve Witham

 "Have you ever had your phones tapped by the government? YOU WILL
  and the company that'll bring it to you....  AT&T" --James Speth
 
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLghCANCcBnAsu2t1AQHkpQP+KQ7lnUMJJNQsdW9pYZYTLVNLXHQDq9L5
ruX+zearfvplpwtke/0YE+8X6dwuPCtHalzmBfo921euX9mN/eaSOGhfmagQ80wY
U6G/AT2ox1s5XbvtRHoqA9/glAiMZrRH+hXNNmEMXMu0GJSdDIMWDKXTglyiXlEt
Uc20JPC+Cng=
=BbYI
-----END PGP SIGNATURE-----





From trollins at debbie.telos.com  Wed Jun 22 07:07:22 1994
From: trollins at debbie.telos.com (Tom Rollins)
Date: Wed, 22 Jun 94 07:07:22 PDT
Subject: Unofficial Release
Message-ID: <9406221407.AA04259@debbie.telos.com>


Perry @ insi.com says:
>Way overkill. Remember that 2000 is not just twice as hard as 1000 --
>even breakthroughs that improved factoring speed by factors of
>thousands couldn't break 2000 bit keys any century soon, if ever. I'd
>worry more about my key management -- before putting in even the
>effort to crack a 1500 bit key they are likely to just listen in on
>the emmissions from your keyboard and monitor.

Ahhhh, It is nice to know that people won't even TRY to crack
big keys. Cracking, you know, is a lot like the lotto. You
MIGHT guess the correct key on the first TRY. But, if you
don't TRY, then you won't crack the key.

	"Gotta play to win"

				-tom






From perry at imsi.com  Wed Jun 22 07:42:25 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 22 Jun 94 07:42:25 PDT
Subject: Unofficial Release
In-Reply-To: <9406221407.AA04259@debbie.telos.com>
Message-ID: <9406221442.AA02745@snark.imsi.com>



Tom Rollins says:
> Ahhhh, It is nice to know that people won't even TRY to crack
> big keys. Cracking, you know, is a lot like the lotto. You
> MIGHT guess the correct key on the first TRY. But, if you
> don't TRY, then you won't crack the key.
> 
> 	"Gotta play to win"

It is all a question of economics. Its one thing if your idle try has
one in 10^6 chance of working, but if its one in 10^70 or something
like that the attempt is pretty much pointless -- you are more likely
to have a giant sack of gold hit you on the head. Even spending a
penny on cracking something that way is uneconomical.

Playing the lottery is an economic lose, plain and simple. Your
expected return is a loss. Having a small number of your workstations
that are otherwise idle trying to crack a DES key that would make you
a million dollars is likely cost effective; your expected return is a
win. Unless the NSA knows something very interesting about factoring
that we don't (not merely an algorithm that is a constant factor of a
million faster, say), trying to crack a 2000 bit RSA key is without
question an economic lose. They could spend a lot less effort simply
getting your key via "practical cryptanalysis". 

There is therefore no point in using a cryptosystem which would cost
the enemy hundreds of billions of dollars to try to attack and then
type in your key on a machine who's keystrokes can be monitored using
$3000 in equipment. Which way would YOU try to get the keys, eh?

Unless you are already doing all your encryption in a Faraday cage,
I'd say that there is no conceivable point in using anything over a
2000 bit key -- indeed, there is probably no point in using such a key
even if you are doing all your encryption in a Faraday cage. The
benefit is minimal, and the cost, in terms of dramatically slowed
performance, is very high. Using an 8000 bit key is like claiming you
are stronger than the enemy because whereas he only has enough nuclear
weapons to vaporize your city 15 times over you have enough to
vaporize his 90 times over.

Perry





From frissell at panix.com  Wed Jun 22 07:44:33 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 22 Jun 94 07:44:33 PDT
Subject: Groups Hail New Bill For
Message-ID: <199406221444.AA17062@panix.com>


To: cypherpunks at toad.com


C >This is a press release put out by People for the American Way and 
C >the Media Access Project last week. 
C >
C >Senate Communications Subcommittee Chairman Inouye's bill guarantees
C >access on the "superhighway" for non-commercial and governmental 
C >uses.  "Without this protection, we may not get anything besides home 
C >shopping and movies on demand," said Leslie Harris, Director of Public
C >Policy for the People For the American Way Action Fund (PFAWAF).

C >"We hope -- and expect -- that some day the new technologies
C >will provide so much capacity at such low prices that there will be 
C >no >need to reserve space for public use.  The bill directs the Federal
C >Communications Commission to phase out the `public right of way' if 
C >and when that happens." But, he added, "It is critical that local 
C >government and non-profit groups have access to the new technologies 
C >right away. 

What complete and utter garbage.  With monthly access costs in the $20 
range and an incredibly diverse marketplace under construction without 
"public interest" power-mad fascists involved in it, such whining shows 
nothing more than their view of the gullibility of the public.  

All networking proposals involve two-way networks and private voice and 
data systems that anyone who cares to can use to communicate with anyone 
who cares to.

Any "public interest group" that cares to (and many have) can put aside 
its tin cup and get online.  If 12-year-olds can do it...

DCF

"Whether or not the residents of that fetid swamp between Virginia and 
Maryland try to help us or hinder us, we'll build Market Earth on the 
nets.  And there's not a damned thing on God's good green earth that they 
can do about it." 

--- WinQwk 2.0b#1165
        





From sandfort at crl.com  Wed Jun 22 08:26:23 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Wed, 22 Jun 94 08:26:23 PDT
Subject: Another Cellular Vict
In-Reply-To: <199406221242.IAA00419@orchard.medford.ma.us>
Message-ID: <Pine.3.87.9406220820.A13612-0100000@crl.crl.com>


C'punks,

On Wed, 22 Jun 1994, Bill Sommerfeld wrote:

>    Which suggests a "stealth" phone that randomly dithers its round trip
>    delay a la GPS selective availability...
> 
> Well, I'm not sure how well that would work...  The "dither" on the
> RTT can't go negative (for obvious reasons :-) ).
> . . .

Why not?  Of course it would reveal the dithering, but your location 
would still be ambiguous.  One would assume if someone were on the run, 
there would be only minimal advantage in have a legitimate looking ping 
location.  The major emphasis would be in not getting caught.


 S a n d y








From rah at shipwright.com  Wed Jun 22 08:46:57 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 22 Jun 94 08:46:57 PDT
Subject: e$: Geodesic Securities Markets
Message-ID: <199406221546.LAA27793@zork.tiac.net>


Perry Metzger says,

>Its fairly easy to envision a system that directly
>matches orders for shares in IBM. Trying to match up buyers and
>sellers of swaps might not be that easy.

Agreed. I do want to talk my buddy about derivatives, however, because he
seems to think that there are ways that e$ protocols could help. Of course,
he didn't tell me in any way I could understand...  I think it had to do
with the authentication of e$ instruments, proving you are who you say you
are and you have what you say you have.  A WAG: Maybe zero-knowlege stuff
has something to do with this?

However, like you say it's easy to see how IBM could issue its own shares
directly into a geodesic market; maybe even a company could do it's own
IPO, with the right rules...

When you think about it that way, an investment banker could "sign" an
issue (for a fee...), to vouch for it. After all, using that kind of
"protocol" on large well established companies is what kept Morgan partners
in wood walls and leather wing-back chairs from the time of Glass-Stegall
all the way up until the early 70's. In the IPO markets, that's what
Hambrecht & Quist does (did? ;-)). The technology changes, but the practice
would be the same in a geodesic market. I mean, there's the risk of
underwriting the security, but that's pretty much nonexistant these days
anyway, and with some modification of the shelf registration idea, a
company could "underwrite" it's own offering. Of course when you're
underwriting yourself, the term "underwriting" ceases to have meaning,
really.

>In the foreign exchange market, for instance, most trading
>is done on blocks of millions to hundreds of millions of dollars worth
>of currency. In the current scheme of things people will only deal
>with entities that they know because fails are devistating. It is
>possible for third parties to guarantee credit to open up markets, but
>they will expect to be paid for this. You can't get rid of the banks
>-- someone has to guarantee that you have the money on hand.

It seems to me that the issue of capital concentration could be taken care
of by the mutual fund analog I used before, the portfolio manager in
Marblehead with an e-cash / fund "certificate" exchanger.  The restriction
of transaction size in the markets is still there, though it might be that
the economies of scale would diminish a bit, reducing that required
transaction size...

The whole idea of avoiding trusted entities is what the DigiCash algorithm
is about, right? e$ itself in proper form is proof it is what it says it
is. Just like it's possible to spot counterfeit money. It's a pointer to
some other stuff, but it can be moved around much better than the stuff
it's denominated in, or the market wouldn't create that particular form of
e$.

>...no matter what you hold, be it dollars,
>shares of IBM, or futures contracts for dried silkworm cocoons (a
>perfectly real commodity, by the way) you need a bank to hold the
>account and guarantee the existance of the thing being held, be it a
>figment of the computer's memory or a thing backed by a bar of gold.
>The banks will expect to be paid for this service. Try imagining a
>digital cash algorithm that DOESN'T involve a bank, and you will
>swiftly see that there is a small problem involved...

I'm not entirely sure we disagree, Perry. e$ protocols are just pointers
(with teeth) to the actual stuff being traded. e$ (cash, mutual fund
shares, cocoon futures) has to be issued by somebody and it has to be
convertable into something else to be of any use at all.

To take one business model that we've pretty much killed, it's easy to see
how someone could plug the ATM network into one end of a DigiCash server,
and pay out DigiCash to customers on the internet, using encrypted card
swipes and PIN numbers for authorization.  Banks are necessary in that
scenario, because the money the digicash was issued for has to be held in a
bank by the issuer, whoever that may be ;-)... Or maybe the issuer buys
t-bills (safely) and keeps the interest. Maybe the issuer charges a nominal
transaction fee for the conversion from one side of the gateway to another.
The money doesn't just disappear or get created.  Only governments (or
lending institutions) get to do that (both ways, in the case of Uncle Sam).

>
>This is not to say that transaction costs can't be radically reduced,
>and the role of intermediation in fully fungible goods reduced.
>However, transaction costs will not go to zero, and banks will not
>disappear.

Yes.  There will still be a need for *some* demand deposits. There will be
a need for *some* brokerage accounts. The timescale is certainly nebulous
here. But I think that like most successful new technology a superset of
the old capital market structure gets created. We still walk, but we fly
too.

Cheers,
Bob

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From tcmay at netcom.com  Wed Jun 22 09:19:27 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 22 Jun 94 09:19:27 PDT
Subject: Unofficial Release
In-Reply-To: <9406221407.AA04259@debbie.telos.com>
Message-ID: <199406221619.JAA14843@netcom2.netcom.com>


Tom Rollins writes:

> Perry @ insi.com says:
> >Way overkill. Remember that 2000 is not just twice as hard as 1000 --
> >even breakthroughs that improved factoring speed by factors of
> >thousands couldn't break 2000 bit keys any century soon, if ever. I'd
> >worry more about my key management -- before putting in even the
> >effort to crack a 1500 bit key they are likely to just listen in on
> >the emmissions from your keyboard and monitor.
> 
> Ahhhh, It is nice to know that people won't even TRY to crack
> big keys. Cracking, you know, is a lot like the lotto. You
> MIGHT guess the correct key on the first TRY. But, if you
> don't TRY, then you won't crack the key.
> 
> 	"Gotta play to win"

If this was tongue in cheek, I missed it. Nobody in their right mind
will try a brute force attack on a 1024-bit key, let alone a 1200- or
2000-bit key. Unless there are flaws in PGP and/or RSA we haven't
heard about.

As for lotto, simple calculations tell anyone that the best way to win
is not to play. The return _at best_ is 30 or 40 cents on the
dollar, with the rest going to all the various programs the lotto is
supposed to support. The more you play, the more you lose.

(I think gambling is a perfectly fine "tax on stupidity," collecting
money from the gullible. However, banning gambling by private citizens
while having the government run their own casinos and lotteries is
crummy. It's government at its worst.)

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From pcw at access.digex.net  Wed Jun 22 09:29:36 1994
From: pcw at access.digex.net (Peter Wayner)
Date: Wed, 22 Jun 94 09:29:36 PDT
Subject: Thoughts on the NSA's correction to SHA
Message-ID: <199406221629.AA01108@access2.digex.net>



>The very fact that this correction had to made offers some
>insights into the National Security Agency.
>
>I believe that releasing DES to the public was the biggest
>cryptography mistake that NSA ever made.  Consider the state of
>research in cryptology before DES.  It was simplistic.  It was
>haphazard.  There was little interest.  If any results of value
>were ever discovered, the NSA could squash them with a secrecy
>order.  No one cared.
>

There is one problem with this analysis: 

  IBM created DES. Not the NSA. Sure the NSA could have asked them to keep
  it hidden, but the NSA was also going to IBM and warning them
  about Russians evesdropping on IBMs networks. Everyone realized it
  was time for public cryptography. Especially IBM. It is not clear
  that a secrecy order would have worked. 

This is not to say that your analysis is wrong. They classified the
design procedures which was their attempt at a compromise. IBM couldn't
publish the details of how to make a good algorithm, but they could
release the details of the standard. 







From wcs at anchor.ho.att.com  Wed Jun 22 10:15:10 1994
From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Wed, 22 Jun 94 10:15:10 PDT
Subject: something I've always wondered
Message-ID: <9406221712.AA27812@anchor.ho.att.com>


> Jim Miller says:
> > Does DES (or name your favorite encryption algorithm) produce as output  
> > all possible cyphertexts of length L, given all possible conbinations of  
> > keys and plaintexts of length L?

As Perry points out, for any key, cycling through the 2**64 inputs
will produce all 2**64 outputs.  On the other hand, there are
(2**64)! mappings of the set of inputs to the set of outputs,
and DES only uses 2**56 of those mappings, so there are probably
values of P and C for which there is no key K such that C = DES(P,K).





From kentborg at world.std.com  Wed Jun 22 10:19:32 1994
From: kentborg at world.std.com (Kent Borg)
Date: Wed, 22 Jun 94 10:19:32 PDT
Subject: Tracking Mobile Nodes
Message-ID: <199406221719.AA17018@world.std.com>


Triangulation works great for tracking any transmitter--but it is
expensive.  Cellular systems, by their nature, know which cell you are
in.  Given that they already know, the service provider could log all
movement pretty easily.  A simple matter of programming--programming
which is possibly already done, judging from the Simpson case.
 
-kb
 
 
--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com
kentborg at aol.com
          Proud to claim 28:15 hours of TV viewing so far in 1994!
                           ^ note, number that did not increment
                             after the Big Chase.





From rah at shipwright.com  Wed Jun 22 10:33:52 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 22 Jun 94 10:33:52 PDT
Subject: e$: Geodesic Securities Markets
Message-ID: <199406221733.NAA29157@zork.tiac.net>


Forgive me for *ever* doubting you...

Perry Metzger says,

>Actually, even in the case of securities largely settled by book
>entry, DTC still holds physical certificates. That is not, however,
>the point.

I know It's Not the Point, but I got curious anyway ;-). After all, I
haven't been near a brokerage cage in 10 years (NIDS was big stuff back
then), and I thought maybe it's time to learn how the world really works
these days... So I called DTC, the Depository Trust Corporation, on Water
St. in Manhattan, the Mother of all Securities Clearinghouses.

After about five transfers, I talked to a very nice lady in underwriting.
She said they really *do* have bales of securities in a vault, and that
they have a program called FAST, where securities are stored in banks also.
However, she said that a growing number of securities are issued book
entry only.  Issues of up to $150 million can be issued on a *single*
certificate.  That certificate is held just like the other securities
issues, in a vault.

She said that like par value, physical delivery is becoming more and more
obsolete. That makes sense. Once a certificate is put into the vault at
DTC, it usually never leaves.  It might as well not be there at all.
Changes in ownership are reflected by offseting book entries. Ah, the
wonders of double-entry bookeeping.

Oddly enough, an e$ certification scheme reverses that paradigm. The book
entries disapear, the certificates proliferate, and the clearinghouse
becomes a referee, "blessing" the trade.

Cheers,
Bob

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From Eric_Weaver at avtc.sel.sony.com  Wed Jun 22 10:39:58 1994
From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver)
Date: Wed, 22 Jun 94 10:39:58 PDT
Subject: Paging Eric Hughes
Message-ID: <9406221739.AA21784@sosfc.avtc.sel.sony.com>


[apologies to all others; couldn't reach him at any addresses I have
seen]

Mr. H., Please write me.  Thanks.





From exabyte!gedora!mikej2 at uunet.uu.net  Wed Jun 22 10:41:34 1994
From: exabyte!gedora!mikej2 at uunet.uu.net (Mike Johnson second login)
Date: Wed, 22 Jun 94 10:41:34 PDT
Subject: C Programmer Wanted for Cryptography Programming
In-Reply-To: <m0qGIw9-0004S9C@chinet>
Message-ID: <Pine.3.89.9406221121.A16667-0100000@gedora>




On Tue, 21 Jun 1994, Bruce Schneier wrote:

> I am looking for a good C programmer who is interested in doing some
> contract programming for me.
> 
> Anyone interested?

I am.  303-447-7302 (work) or 303-772-1773 (home).
(I sent you a message from my account on nyx10.cs.du.edu saying so, but 
lost the connection suddenly, so you may or may not have gotten it).

Mike Johnson
mpj at exabyte.com (aka mpjohnso at nyx10.cs.du.edu, among others).






From perry at imsi.com  Wed Jun 22 10:49:08 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 22 Jun 94 10:49:08 PDT
Subject: e$: Geodesic Securities Markets
Message-ID: <9406221748.AA03128@snark.imsi.com>



Robert Hettinga says:
> Perry Metzger says,
> 
> After about five transfers, I talked to a very nice lady in underwriting.
> She said they really *do* have bales of securities in a vault, and that
> they have a program called FAST, where securities are stored in banks also.
> However, she said that a growing number of securities are issued book
> entry only.  Issues of up to $150 million can be issued on a *single*
> certificate.  That certificate is held just like the other securities
> issues, in a vault.

Yup. The certificate is held in street name -- the name such
certificates are held in is "Ceed & Co." for obscure reasons I've
never been able to fathom.

> She said that like par value, physical delivery is becoming more and more
> obsolete.

That is largely the case for institutional transactions. Lots of
equities are still physically delivered, and in fact all equities are
still physically deliverable. (Many holders still request physical
delivery, and there are many instances in which physical delivery is
still in fact necessary -- for instance, when you purchase
unregistered securities in a private placement. I still have bad
memories about trying to get the incompetant 144 department at my
broker to deal with some previously unregistered certificates.) There
are no US govvies that are physically deliverable any more, although
of course the older ones still are.

> That makes sense. Once a certificate is put into the vault at
> DTC, it usually never leaves.  It might as well not be there at all.

However, it is still there, fulfilling technical legal requirements,
and the vaults on Long Island are heavily guarded in spite of the fact
that the certificates are non transferable.

> Oddly enough, an e$ certification scheme reverses that paradigm. The book
> entries disapear, the certificates proliferate, and the clearinghouse
> becomes a referee, "blessing" the trade.

Its not really practical to do this with things that aren't bearer
instruments. You need to know the beneficial owner of virtually all
securities issued in the U.S., and even if we had a completely free
market we would still likely not have bearer certificates for most
corporate stocks, since such certificates are hard to track and one
wants to be able to find stockholders for corporate governance
reasons -- when stockholder meetings are called for example.

Perry





From dwomack at runner.utsa.edu  Wed Jun 22 10:53:28 1994
From: dwomack at runner.utsa.edu (David L Womack)
Date: Wed, 22 Jun 94 10:53:28 PDT
Subject: Thanks!
Message-ID: <9406221753.AA23473@runner.utsa.edu>


First, thanks to everyone for some *_super_*
guidance on decrypting weak cyphers...I
have some (enjoyable) homework to do now!

Secondly, I seem to have come across a minor
bug in the majordomo software;  and I thought
others might be having a similar problem...

I subscribed...'domo accepted...then I got
duplicate mailings.  I did a 'who', and
found I was listed under 2 slightly 
different, equally valid, addressess.  I
canceled one, and it required manual approval,
which came (apparently) quickly...and BOTH
addresses got taken off!  Anyway, after
fiddling with it a bit, I'm getting the
one copy of each posting I wanted...but,
I wonder if somehow the duplicate address
problem might be related to the crash
problem?

Regards,

Dave




From trollins at debbie.telos.com  Wed Jun 22 10:54:57 1994
From: trollins at debbie.telos.com (Tom Rollins)
Date: Wed, 22 Jun 94 10:54:57 PDT
Subject: Unofficial Release
Message-ID: <9406221754.AA05954@debbie.telos.com>


Perry at imsi.com says:
>Tom Rollins says:
>> Ahhhh, It is nice to know that people won't even TRY to crack
>> big keys. Cracking, you know, is a lot like the lotto. You
>> MIGHT guess the correct key on the first TRY. But, if you
>> don't TRY, then you won't crack the key.
>>
>> 	"Gotta play to win"
>
>It is all a question of economics. Its one thing if your idle try has
>one in 10^6 chance of working, but if its one in 10^70 or something
>like that the attempt is pretty much pointless -- you are more likely
>to have a giant sack of gold hit you on the head. Even spending a
>penny on cracking something that way is uneconomical.

Our govenment has NEVER been very economical!

>They could spend a lot less effort simply
>getting your key via "practical cryptanalysis".

True, a good hose or pretty woman in the sack would loosen me up.
Except for my old key that hangs out on the pgp-key-servers.
Too bad, Lost that secret key...

>There is therefore no point in using a cryptosystem which would cost
>the enemy hundreds of billions of dollars to try to attack and then
>type in your key on a machine who's keystrokes can be monitored using
>$3000 in equipment. Which way would YOU try to get the keys, eh?

Say, that sounds like a good deal !
Where could I buy that.
Wow, hang out at Charles Schwab, or Meryll Lynch
and get account info...


>Unless you are already doing all your encryption in a Faraday cage,
>I'd say that there is no conceivable point in using anything over a
>2000 bit key -- indeed, there is probably no point in using such a key
>even if you are doing all your encryption in a Faraday cage.

Well, I work for C3-Telos and we make several lines of ruggedized
portable tempest capable equipment (like the one I am typing on).

>The benefit is minimal, and the cost, in terms of dramatically slowed
>performance, is very high. Using an 8000 bit key is like claiming you
>are stronger than the enemy because whereas he only has enough nuclear
>weapons to vaporize your city 15 times over you have enough to
>vaporize his 90 times over.

I don't need an 8000 bit key, but, I don't want the pgp-key-server
barfing on a 4096 bit key that I feel I need.
How can you put a price on someones life. You don't know
there situation. (think about OJ and fooling around with his wife)

Tim May says:
>If this was tongue in cheek, I missed it. Nobody in their right mind
>will try a brute force attack on a 1024-bit key, let alone a 1200- or
>2000-bit key. Unless there are flaws in PGP and/or RSA we haven't
>heard about.

So you or I won't try the crack. But then there are all those people who
are being paid from tax dollars to do nothing else but crack.
And all those high priced computers paid for with tax dollars
to do the cracking with.
Do you think they will just close up shop and sell off the equipment?

Yes, there are flaws. (some call them design compromises)
Why known text in the Idea data area?
Why CFB mode vs CBC mode?
Peter Gutman's SFS documentation makes reference to a class
of weak IDEA keys. What are they? And what do they do?


>As for lotto, simple calculations tell anyone that the best way to win
>is not to play. The return _at best_ is 30 or 40 cents on the
>dollar, with the rest going to all the various programs the lotto is
>supposed to support. The more you play, the more you lose.

I don't advocate that you play the lotto.
I am pointing out a fact that the lotto people use/say/claim to get
people to play their game and thus give them money.

>(I think gambling is a perfectly fine "tax on stupidity," collecting
>money from the gullible. However, banning gambling by private citizens
>while having the government run their own casinos and lotteries is
>crummy. It's government at its worst.)

I agree almost 100%






From ravage at bga.com  Wed Jun 22 11:13:23 1994
From: ravage at bga.com (Jim choate)
Date: Wed, 22 Jun 94 11:13:23 PDT
Subject: your mail
In-Reply-To: <m0qGL7W-0004EcC@khijol.uucp>
Message-ID: <199406221812.NAA21717@zoom.bga.com>


> 
> > An even better idea: disconnect the antenna. Most of the noise comes
> > from the front end amplifier, not the galactic and cosmic background,
> > at least in your average consumer grade receiver. And this is a quantum
> > process that someone else definitely can't predict or copy.
>
This is a bad idea, the computer it self will generate clocking noise which
will appear in the noise and destroy the randomness. The standard, and even
most high-end, recievers don't have the shielding to prevent this sort of
intrussion. Heck, that digital clock on your desk (and possibly your wrist if
close enough) will cause problems as well. 

> And if that doesn't work, crawl up the spectrum a bit.  The higher in 
> frequency you go, the more thermal noise you'll see.
>
Only up to a point. Past a certain point and the processes will start to
roll off their energy production. 






From perry at imsi.com  Wed Jun 22 11:16:33 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 22 Jun 94 11:16:33 PDT
Subject: Unofficial Release
In-Reply-To: <9406221754.AA05954@debbie.telos.com>
Message-ID: <9406221816.AA03231@snark.imsi.com>



Tom Rollins says:
> I don't need an 8000 bit key, but, I don't want the pgp-key-server
> barfing on a 4096 bit key that I feel I need.
> How can you put a price on someones life. You don't know
> there situation. (think about OJ and fooling around with his wife)

Yup, you have it on me. I guess it is important to lower the
possibility of someone cracking your key by brute force from lower
than the odds that all the oxygen atoms in the room you are in will
spontaneously end up on the wrong side of the room to lower than the
odds that all the oxygen atoms in the world will end up on the wrong
side of the planet. After all, we are fooling with lives. Yup. That
infinitessimal safety margin is important. After all, someone who's
got billions of dollars to spend is very likely to waste it on doing
nothing but cracking your key -- listening in on your computer's
electromagnetic emissions, tapping your keyboard, or beating you up
would all be too complicated when there is an infinitesimal chance
that billions of dollars could crack your key directly.

> Tim May says:
> >If this was tongue in cheek, I missed it. Nobody in their right mind
> >will try a brute force attack on a 1024-bit key, let alone a 1200- or
> >2000-bit key. Unless there are flaws in PGP and/or RSA we haven't
> >heard about.
> 
> So you or I won't try the crack. But then there are all those people who
> are being paid from tax dollars to do nothing else but crack.

And you know, who knows? Maybe they are in fact concealing more
computers than you could build with all the silicon in the solar
system in Fort Meade. Those feds, they are superhuman, you know?

Jeesh.

Perry





From catalyst-remailer at netcom.com  Wed Jun 22 11:23:10 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Wed, 22 Jun 94 11:23:10 PDT
Subject: RSA Key Size & QP
Message-ID: <199406221823.LAA11794@mail2.netcom.com>


A wild card here is the recent work in quantum computing,  done
at AT&T and reported in a recent post by Pal Vitanyi.
With a specialized quantum computer (not clear yet whether one could
economically built it, but it's theoretically possible) one
can factor in polynomial time (computational class "QP", or
something like that).  If cycles on such a computer would be,
say, 1,000 times more expensive than on your PC, then
cracking the key would be 1,000*O(keysize^c) more expensive than 
generating it, not 1,000*O(c^keysize).  Having a keysize of, say,
8 kbits instead of 1 kbit in this circumstance is not at all overkill; 
it makes a practical economic difference.   Of course if your 
info is _very_ valuable and the polynomial is of small degree, 
even a large key size won't help much.

If such a device was built, we'd want to switch to a cryptosystem 
whose inverse is not in QP; but some of our current communications
would be compromised.  If a QP machine is with even small probability
feasible within the next few decades (or whatever your timeline 
of concern is), it makes sense to use larger key sizes.









From hayden at vorlon.mankato.msus.edu  Wed Jun 22 11:34:53 1994
From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden)
Date: Wed, 22 Jun 94 11:34:53 PDT
Subject: Thanks!
In-Reply-To: <9406221753.AA23473@runner.utsa.edu>
Message-ID: <Pine.3.89.9406221322.A13783-0100000@vorlon.mankato.msus.edu>


On Wed, 22 Jun 1994, David L Womack wrote:

> Secondly, I seem to have come across a minor
> bug in the majordomo software;  and I thought
> others might be having a similar problem...

[story deleted]

I had something similiar happen.  Last week, I moved all of my stuff from 
my old address to this one.  I unsubscribed from cypherpunks and 
resubscribed over here.  Then the crash happened.   I resubscribed from 
here, and then Eric restored the backups, so I was now subscribed twice.  
I unsubscribed from my old account and lost both of them (majordomo can 
do some funky domain checking) and had to resubscribe from my new 
workstation.  Annoying but understandable.

The 'funky' domain checking that Majordomo does is so that if you are on 
terminal1.domain.foo.bar, it will assume that a user with the same name 
at terminal2.domain.foo.bar is the same and tell you you are already 
subscribed and if there are two entries, remove them both.

____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or Blue Earth County
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From rah at shipwright.com  Wed Jun 22 12:06:17 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 22 Jun 94 12:06:17 PDT
Subject: e$: Geodesic Securities Markets
Message-ID: <199406221905.PAA00365@zork.tiac.net>




>That is largely the case for institutional transactions. Lots of
>equities are still physically delivered, and in fact all equities are
>still physically deliverable.                        ^^^^^^^^^^^^

Except those equities designated "Book entry only" issues, of course ;-).

>> That makes sense. Once a certificate is put into the vault at
>> DTC, it usually never leaves.  It might as well not be there at all.
>
>However, it is still there, and the vaults on Long Island are heavily
>guarded in spite of the fact that the certificates are non
>transferable.

I'm just wondering why not make them e$ certificates someday...

>
>> Oddly enough, an e$ certification scheme reverses that paradigm. The book
>> entries disapear, the certificates proliferate, and the clearinghouse
>> becomes a referee, "blessing" the trade.
>
>Its not really practical to do this with things that aren't bearer
>instruments.

Ain't it a bitch...:-)

>You need to know the beneficial owner of virtually all
>securities issued in the U.S., and even if we had a completely free
>market we would still likely not have bearer certificates for most
>corporate stocks, since such certificates are hard to track and one
>wants to be able to find stockholders for corporate governance
>reasons -- when stockholder meetings are called for example.

I'm *really* *not* making this up as I go along, but... If a clearinghouse
is "blessing" the trade they could still perform their function(??) of
notifying the corporation / issuer of a change in it's ownership.  The
"pointers" to the security just get swapped around... Uncle Sam still gets
to know who owns what.

However, it's possible under this scheme to have anonymous ownership, too.
If it were legal, of course...

While this thread is starting to look more like crypto-enabled and less
like actual crypto, I'm still thrashing this stuff around on my own.  My
crew figures there's some business in here somewhere.  If anyone wants to
yak about it with me off-line, let me know.... *I'm* having fun...


Cheers,

Bob

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From perry at imsi.com  Wed Jun 22 12:12:34 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 22 Jun 94 12:12:34 PDT
Subject: e$: Geodesic Securities Markets
In-Reply-To: <199406221905.PAA00365@zork.tiac.net>
Message-ID: <9406221912.AA03378@snark.imsi.com>



After this, I shan't be replying any more to this thread, as its a
completely obscure and uninteresting topic to most people that has
little to do with cryptography.

Robert Hettinga says:
> >That is largely the case for institutional transactions. Lots of
> >equities are still physically delivered, and in fact all equities are
> >still physically deliverable.                        ^^^^^^^^^^^^
> 
> Except those equities designated "Book entry only" issues, of course ;-).

No US equities are book entry only. To my knowledge no enabling
legislation to let that happen occured. You can always call up your
broker and ask for certificates if you want them.

> >However, it is still there, and the vaults on Long Island are heavily
> >guarded in spite of the fact that the certificates are non
> >transferable.
> 
> I'm just wondering why not make them e$ certificates someday...

Well, if you allow nothing but book entry, you don't need certificates
sitting in a vault (they exist only because the UCC doesn't grok
issues without certificates), but even so you would still need someone
to be keeping track of the information -- someone has to play bank.

Perry





From bryner at atlas.chem.utah.edu  Wed Jun 22 12:12:44 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Wed, 22 Jun 94 12:12:44 PDT
Subject: Unofficial Release
In-Reply-To: <9406221816.AA03231@snark.imsi.com>
Message-ID: <Pine.3.89.9406221309.A20389-0100000@atlas.chem.utah.edu>


On Wed, 22 Jun 1994, Perry E. Metzger wrote:
> And you know, who knows? Maybe they are in fact concealing more
> computers than you could build with all the silicon in the solar
> system in Fort Meade. Those feds, they are superhuman, you know?
There are two curves you have to worry about, one is computation, the 
other is advances in mathmatics.  Even if some great advance was made in 
factoring, a larger key *might* remain safe.  This is the reason, not 
increased computational power.  That is, unless you have proven some 
verry interesting things about factoring numbers and algorithmic complexity.

Roger, Mad Dog, Bryner.






From trollins at debbie.telos.com  Wed Jun 22 12:13:54 1994
From: trollins at debbie.telos.com (Tom Rollins)
Date: Wed, 22 Jun 94 12:13:54 PDT
Subject: Unofficial Release
Message-ID: <9406221913.AA06863@debbie.telos.com>


Perry says;
>Yup, you have it on me. I guess it is important to lower the
>possibility of someone cracking your key by brute force from lower
>than the odds that all the oxygen atoms in the room you are in will
>spontaneously end up on the wrong side of the room to lower than the
>odds that all the oxygen atoms in the world will end up on the wrong
>side of the planet. After all, we are fooling with lives.

Perry, I don't know the probability of oxygen atoms moving to Japan
or anywhere else. (who said Japan was the wrong side of the planet)
And, I don't think that anyone will attack my keys by brute force.

I do think that someone will be trying to crack messages on a random
basis. That is by trying IDEA keys with otherwise idle cpu time on a
large base of message trafic. (not my one little pathetic message).
Given estimates that the IDEA algorithem is equivlent to a
3000-bit rsa key. I am bringing the rsa part of PGP up to par with
the IDEA part of PGP. (just hitting on the weakest link first)

So, call me paranoid or joe, I will strive to reach MY crypto comfort
level. And that seems to be a higher level of crypto than you have.
Who cares !
Use whatever crypto you want.

				tom






From perry at imsi.com  Wed Jun 22 12:15:42 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 22 Jun 94 12:15:42 PDT
Subject: Unofficial Release
In-Reply-To: <Pine.3.89.9406221309.A20389-0100000@atlas.chem.utah.edu>
Message-ID: <9406221915.AA03401@snark.imsi.com>



Roger Bryner says:
> On Wed, 22 Jun 1994, Perry E. Metzger wrote:
> > And you know, who knows? Maybe they are in fact concealing more
> > computers than you could build with all the silicon in the solar
> > system in Fort Meade. Those feds, they are superhuman, you know?
> There are two curves you have to worry about, one is computation, the 
> other is advances in mathmatics.

The conversation was predicated on the notion that no major
breakthrough in factoring has occured, as I explicitly said. A minor
breakthrough, like an improvement of a constant factor of a million or
so, isn't going to let people break 2000 bit keys.

Perry





From bryner at atlas.chem.utah.edu  Wed Jun 22 12:17:07 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Wed, 22 Jun 94 12:17:07 PDT
Subject: RSA Key Size & QP
In-Reply-To: <199406221823.LAA11794@mail2.netcom.com>
Message-ID: <Pine.3.89.9406221355.A20389-0100000@atlas.chem.utah.edu>


On Wed, 22 Jun 1994 catalyst-remailer at netcom.com wrote:
> something like that).  If cycles on such a computer would be,
> say, 1,000 times more expensive than on your PC, then
> cracking the key would be 1,000*O(keysize^c) more expensive than 
> generating it, not 1,000*O(c^keysize).  Having a keysize of, say,
> 8 kbits instead of 1 kbit in this circumstance is not at all overkill; 
I would say this can be extended and made a general rule.  You should 
always take some reasonable ammount of time(say 5 min) to encrypt your 
most sensitive messages, even if you have a 12 crays and a connection 
machene.  The algorithim can be viewed as giving you an economic 
advantage, and worying over spending $.01 vs $.0001 is not just stingy, 
it is dangerous.

Roger.





From bryner at atlas.chem.utah.edu  Wed Jun 22 12:20:40 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Wed, 22 Jun 94 12:20:40 PDT
Subject: Unofficial Release
In-Reply-To: <9406221915.AA03401@snark.imsi.com>
Message-ID: <Pine.3.89.9406221330.A20389-0100000@atlas.chem.utah.edu>


On Wed, 22 Jun 1994, Perry E. Metzger wrote:
> The conversation was predicated on the notion that no major
> breakthrough in factoring has occured, as I explicitly said. A minor
What reason do you have to believe that this will be the case?  Why is it 
foolish to use available and cheap computer power to hedge your bets?

Roger.





From bryner at atlas.chem.utah.edu  Wed Jun 22 12:22:03 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Wed, 22 Jun 94 12:22:03 PDT
Subject: Archives?
In-Reply-To: <199406221823.LAA11794@mail2.netcom.com>
Message-ID: <Pine.3.89.9406221344.A20389-0100000@atlas.chem.utah.edu>



Hello, 
Are there archives for this mailing list?

Roger.






From bryner at atlas.chem.utah.edu  Wed Jun 22 12:23:15 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Wed, 22 Jun 94 12:23:15 PDT
Subject: Random number hardware.
In-Reply-To: <199406221823.LAA11794@mail2.netcom.com>
Message-ID: <Pine.3.89.9406221357.A20389-0100000@atlas.chem.utah.edu>



Is there any company that sells pre-made true unpredictable random number 
sources?  Please forwared information if you know where I could buy one.

Roger.






From frissell at panix.com  Wed Jun 22 12:26:51 1994
From: frissell at panix.com (Duncan Frissell)
Date: Wed, 22 Jun 94 12:26:51 PDT
Subject: e$: Geodesic Securities Markets
In-Reply-To: <199406221733.NAA29157@zork.tiac.net>
Message-ID: <Pine.3.87.9406221552.A14655-0100000@panix.com>



On Wed, 22 Jun 1994, Robert Hettinga wrote:

> Changes in ownership are reflected by offseting book entries. Ah, the
> wonders of double-entry bookeeping.

BTW, 1994 is the 500th anniversary of the invention of double entry 
bookkeeping (by a monk).  Made capitalism possible.

DCF

"Bookkeeping - the only common work with three consecutive pairs of letters"






From perry at imsi.com  Wed Jun 22 12:27:29 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 22 Jun 94 12:27:29 PDT
Subject: Unofficial Release
In-Reply-To: <9406221913.AA06863@debbie.telos.com>
Message-ID: <9406221927.AA03427@snark.imsi.com>



Tom Rollins says:
> I do think that someone will be trying to crack messages on a random
> basis.

Yes, sure. Maybe someone out there is trying to do something like
that. I also suspect someone out there is experimenting to see if they
can blow up buildings with their psychic powers. The question is, do
you have any rational reason to fear that either group will succeed?
Are the odds that you will be killed because all the protons in your
brain undergo spontaneous decay higher?

> So, call me paranoid or joe, I will strive to reach MY crypto comfort
> level.

Fine. However, you are, you realize, a fool. There is no point in
building a house with 3 foot thick steel doors and walls made from
paper. After 2^10 or 2^11 bits or so the key is no longer the weak
link, and is not what people will attack since it no longer has a
reasonable possibility of success. You are entitled to your opinions,
of course.

Perry





From grendel at netaxs.com  Wed Jun 22 12:32:14 1994
From: grendel at netaxs.com (Michael Handler)
Date: Wed, 22 Jun 94 12:32:14 PDT
Subject: Cellular Telephone Experimenter's Kit (2600 article)
Message-ID: <Pine.3.89.9406221500.A18121-0100000@access.netaxs.com>



[ Apologies about posting to the list, but my mail directory got scragged 
by Net Access admins, and I lost the list of people who wanted this. 
Interesting stuff regardless.]


----- BEGIN ARTICLE -----

>From _2600_ Magazine, Spring 1994 (Volume 11, Number 1), pp 20-21

***** Product Review *****
Cellular Telephone Experimenters Kit
$125, Available for OKI 900
Network Wizards
PO Box 343
Menlo Park, CA  94026
Voice: (415) 326-2060
Fax:   (415) 326-4672
Email: info at nw.com
OKI Telecom
(404) 955-9800
(800) 554-3112
Review by Mr. Upsetter

        Any technology that combines radio, telephones, and computers is
sure to interest hackers. It's no wonder cellular telephony has received
so much attention. Now exploring the system is a little easier for us. A
company called Network Wizards has introduced an interface that allows
control of an OKI 900 cellular telephone from a DOS PC via the RS-232
port. Their Cellular Telephone Experimenters Kit (CTEK) consists of an
interface, four DOS executables for controlling the phone, and a C
function library so you can write your own programs. Also included on
disk are a user's manual, function library, and a short cellular
tutorial.
        The interface itself is contained in a small black box with a
DB25 connector on one end. A cable with a specialized plug for
connecting to the OKI is on the other end. Inside is a PIC16C54
microcontroller which converts data from the OKI to standard RS-232
data. The interface also has a mini stereo jack for connecting a
microphone and earphone.
        The DOS executables included with the CTEK allow you to perform
numerous functions. The MENU.EXE program allows you to change any of the
phone's five NAMs. (A NAM, or Number Assignment Module, consists of a
telephone number, system ID, initial paging channel, access overload
class, and group ID mark. This information, along with your ESN,
identifies your phone in the cellular system.) This program also allows
you to read, write, and edit the phone's 200 alphanumeric memories. The
TEST.EXE program, allows you to manually control the transmit and audio
functions of the phone. You can turn the transmitted on or off and set
the channel, SAT, and transmit power. You can also set the volume, mute
the transmit, or recieve audio as well as set the audio source to the
earpiece, sounder, or external jack on the CTEK interface. The TEL.EXE
program allows you to monitor the paging channel and displays all the
forward control channel messages. It also allows you to place and
receive a phone call while displaying the voice channel messages. The
KEYCON.EXE program simply allows you to press keys on the OKI from the
computer keyboard.
        The programs provided with the CTEK certainly expand on the
functionality of the phone. But to do the really fun stuff, you need to
write your own programs. Source code to TEL.EXE and KEYCON.EXE are
provided to get your started with the CTEK function library. Although my
C programming skills were a little rusty, I found it easy enough to
write programs with the library. I wrote a cellular scanning program
which had the following capabilities:

        * Scan for a paging channel and display the messages. If a voice
channel is assigned, go to that channel and listen to the call.
        * Scan voice channels and listen to active channels.
        * Scan OMNICELL channels and listen to active channels.
        * While listening to a call, display the voice channel messages.
        * Automatically follow handoffs.
        * Decode DTMF, change the volume or audio source.
        * Automatically mute the audio and stop monitoring when the call
is released.

        Other functions in the library allow you to send reverse channel
messages, get the received signal strength, control transmitter and
audio functions, and read the phone's memory. Overall the function
library is quite versatile. I had several other ideas for programs, for
instance:

        * Log all messages and call information for certain cellular
phone numbers. You could log paging channel messages, calls placed and
received, call durations, DMTF digits dialed, cell channels used, etc.
        * Create a "spectrum" display of the cellular band by scanning
all channels and recording the signal strength.
        * With a map of cell cites in your area, physically track a
phone as it moves from cell to cell.

        I had great fun exploring the cellular network while playing
with the CTEK. But this kit isn't for everyone. To get the most out of
CTEK, you need to write your own programs. The executables provided in
the kit really don't use the phone to its highest potential. Also, the
OKI 900 isn't the cheapest phone in the world. It goes for about $400 to
$450 new, perhaps $300 used if you can find one. Still, you could put
together a great cellular monitoring system comparable to the ones
designed for law enforcement for a few hundred dollars as opposed to a
few thousand dollars. The CTEK is best suited for monitoring the
cellular network rather than as a tool for fraud. You cannot change the
phone's ESN with the CTEK. In fact, the library function which lets you
send reverse control messages won't even let you send a bogus ESN.
        Overall, the CTEK is a well-designed product, both in hardward
and in software. While it's currently only available for the OKI 900,
Network Wizards promises a version for the OKI 1150 soon.

***** Sample output of my cellular monitoring program *****
             (phone numbers have been masked)

Monitor system A or B?
Monitoring system B
Scanning for control channel
Monitoring Control Channel: 0337 System: B
Received Signal Strength: 46
(408) 482-01XX page scc=3, dcc=2
(415) 264-06XX page scc=3, dcc=2
(408) 671-19XX page scc=3, dcc=2
(310) 701-23XX non-autonomous reg: on scc=3, dcc=3
(805) 680-11XX reserved (13,6) scc=3, dcc=2
(415) 517-32XX page scc=3, dcc=2
(408) 499-03XX page scc=3, dcc=2
(805) 893-22XX reserved (13,6) scc=3, dcc=2
(510) 914-46XX page scc=3, dcc=2
(213) 500-44XX chan=526, vmac=0, scc=1, dcc=2
monitoring channel 256
audio on
hit any key to stop monitoring
Decoding DTMF. Press any key to resume.
3447555#706
audio off
(415) 971-86XX page scc=3, dcc=2
(707) 312-21XX page scc=3, dcc=2
OMNICELL Scan: Press any key to resume.
channel: 0358 RSSI: 10
channel: 0379 RSSI: 53
activity on channel 0379 RSSI 53
audio on
hit any key to stop monitoring
handoff msg: chan=465, vmac=0, scc=2, pscc=1
tuning to channel 465
handoff msg: chan=505, vmac=0, scc=1, pscc=2
tuning to channel 505
audio off
channel: 0400 RSSI: 11
channel: 0421 RSSI: 08

----- END ARTICLE -----

Transcribed 22 June 1994 by Michael Handler <grendel at netaxs.com>
Support 2600! If you like the article, please buy the magazine -- there
is immense amounts of useful information in there.

--------------------------------------------------------------------------
Michael Brandt Handler                                <grendel at netaxs.com> 
Philadelphia, PA                            PGP v2.6 public key on request
Boycott PSI, Inc. & Canter & Siegel    <<NSA>> 1984: We're Behind Schedule






From perry at imsi.com  Wed Jun 22 12:35:16 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 22 Jun 94 12:35:16 PDT
Subject: Unofficial Release
In-Reply-To: <Pine.3.89.9406221330.A20389-0100000@atlas.chem.utah.edu>
Message-ID: <9406221934.AA03452@snark.imsi.com>



Roger Bryner says:
> On Wed, 22 Jun 1994, Perry E. Metzger wrote:
> > The conversation was predicated on the notion that no major
> > breakthrough in factoring has occured, as I explicitly said. A minor
> What reason do you have to believe that this will be the case?  Why is it 
> foolish to use available and cheap computer power to hedge your bets?

Because it isn't cheap, first of all. If you wanted to run a
completely secure internet, for example (a problem I am currently
working on) the cost of all those RSAs really DOES show up, and fast.

Because using a 2000 bit key already is a sign of madness -- an 8000
bit one is beyond the pale (doesn't anyone understand exponential
blowup here?)

Because if you have a polynomial factoring algorithm doubling the key
size will no longer provide any real protection for very valuable
data.

Because once your RSA key is big enough the conventional key you use
becomes the weak link and any increase in the size ends up being
rubble bouncing.

Perry





From perry at imsi.com  Wed Jun 22 12:39:17 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 22 Jun 94 12:39:17 PDT
Subject: RSA Key Size & QP
In-Reply-To: <Pine.3.89.9406221355.A20389-0100000@atlas.chem.utah.edu>
Message-ID: <9406221938.AA03460@snark.imsi.com>



Roger Bryner says:
> I would say this can be extended and made a general rule.  You should 
> always take some reasonable ammount of time(say 5 min) to encrypt your 
> most sensitive messages, even if you have a 12 crays and a connection 
> machene.

First of all, you behave as though time is not a factor. If it takes
five minutes to start every phone conversation you have, well, you've
just given people a big incentive not to use any encryption at all.

Second of all, all this rubble bouncing is insane. The NSA or whomever
isn't stupid. They will not attack you where you are strong -- they
will attack you where you are weak. Do YOU do all your typing in a
faraday cage? No? Then why the hell bother?

Lastly, you behave as though cost is not a factor. Well, you don't
live in the real world, then. Cost is ALWAYS a factor. 

Perry





From nelson at crynwr.com  Wed Jun 22 12:57:06 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Wed, 22 Jun 94 12:57:06 PDT
Subject: Unofficial Release
In-Reply-To: <Pine.3.89.9406221330.A20389-0100000@atlas.chem.utah.edu>
Message-ID: <m0qGWa2-000I7XC@crynwr.com>


   Date: Wed, 22 Jun 1994 13:18:51 -0600 (MDT)
   From: Roger Bryner <bryner at atlas.chem.utah.edu>
   Cc: cypherpunks at toad.com

   On Wed, 22 Jun 1994, Perry E. Metzger wrote:
   > The conversation was predicated on the notion that no major
   > breakthrough in factoring has occured, as I explicitly said. A minor
   What reason do you have to believe that this will be the case?  Why is it 
   foolish to use available and cheap computer power to hedge your bets?

Because you might be reading your mail on an HP-100LX with a
silly-pissant 8088.  Cheap and availabile?  Only if you're willing to
carry a heavy computer around with you.

-russ <nelson at crynwr.com>
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)    | Quakers do it in the light
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From jamiel at sybase.com  Wed Jun 22 13:01:34 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Wed, 22 Jun 94 13:01:34 PDT
Subject: Unofficial Release
Message-ID: <9406222000.AA05252@ralph.sybgate.sybase.com>


At  3:27 PM 06/22/94 -0400, Perry E. Metzger wrote:

>Fine. However, you are, you realize, a fool. There is no point in

I was wondering if you had recently lost an appendage, or maybe had bad
hemorrhoids or something.






From trollins at debbie.telos.com  Wed Jun 22 13:13:10 1994
From: trollins at debbie.telos.com (Tom Rollins)
Date: Wed, 22 Jun 94 13:13:10 PDT
Subject: Unofficial Resease
Message-ID: <9406222012.AA07604@debbie.telos.com>


Perry says:
>Fine. However, you are, you realize, a fool. There is no point in
>building a house with 3 foot thick steel doors and walls made from
>paper. After 2^10 or 2^11 bits or so the key is no longer the weak
>link, and is not what people will attack since it no longer has a
>reasonable possibility of success. You are entitled to your opinions,
>of course.

Excuse me, What is your point.
My 4096-bit rsa key is (last I looked 4096 == 2^12)
over your 2^10 or 2^11 estimate and thus NOT the weak link.
Why would you want the rsa key to BE the weak link?
After all the rsa key will decrypt all your messages
and the IDEA key is for (1) message only.

				-tom






From sandfort at crl.com  Wed Jun 22 13:19:15 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Wed, 22 Jun 94 13:19:15 PDT
Subject: EXPAT WORLD ARTICLE
Message-ID: <Pine.3.87.9406221341.A4736-0100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

I've been asked to post the /Expat World/ crypto article to the
Cypherpunks Channel.  Here 'tis:


 S a n d y

                            *   *   *                           

                           EXPAT WORLD
                          June 15, 1994

                        "How Big Brother
                      Wants to Listen, Too"

                   (copied without permission)


Recently, the White House sent Stewart A. Baker, general counsel
for the National Security Agency (NSA), to the annual Computer,
Freedom and Privacy Conference in New York City to speak about
the Clinton Administration's desire to safeguard the government's
ability to eavesdrop on every American.  At that conference, Mr.
Baker posed the question:  "Do you want to live in a world where
law enforcement cannot do its job because of the need for
privacy?"

Everyone who cherishes his constitutional rights should answer,
"Absolutely."  The Orwellian, or Al Gorewellian, technology that
would foster the government's ability to eavesdrop on its cit-
izens is essentially a microcircuit that the Administration want
all American telephone and computer companies to install in their
products.  The microcircuit, dubbed the "Clipper" chip, scrambles
all electronic communications between individuals, resulting in
gibberish to outsiders--all outsiders, that is, but the federal
government.  The plan to implement the Clipper chip is an insult
to the American people and its realization would erode the Fourth
Amendment rights of all citizens.

As usual, presuming Americans have no more sense than Yahoos, the
administration has presented the Clipper chip in the guise of a
plan to protect individuals from invasions of their privacy.
According to the NSA, because telephone conversations and compu-
ter transmissions are becoming so easy to tap, the White House
would like to offer the Clipper chip to shield everyone from such
unwanted interferences.

In reality, the Feds want to see a uniform standard in the type
of computer software that secures electronic communications.  The
reason for this is that people are already protecting their con-
versations with a variety of privately-supplied devices, and the
FBI, CIA and NSA cannot and will not be able to penetrate such
security.

With the Clipper chip, everyone has the same lock on his communi-
cations.  Unfortunately, the government has the keys.  The Amer-
ican people can do without the overwhelming generosity of this
administration.

When Charles Freeh, FBI director, testified before the House
Judiciary Subcommittee on Technology and the Law, he said that
the chip is necessary because the police and national security
agents are falling behind advances in criminal technology.  How-
ever, no one has offered evidence that a trend of criminals or
terrorist using scrambled communications to pass unlawful plots
exists, or reasons why a criminal sophisticated enough to use
cryptography would be dumb enough to use an American made tele-
phone or computer containing the Clipper chip.

Worse, the implementation of the Clipper chip would erode the
right to be free from illegal searches and seizures under the
Fourth Amendment.  According to the President's plan, both the
Commerce and Treasury Department would hold keys to unscramble
electronic communications, operating as a "key escrow" system.
The government would no longer be aiming wiretap technology at
specific individuals or specific locations.  The presumption
would be that everyone is a criminal.  Because only two keys
partition people's privacy from governmental seizing electronic
documents without prior notification is great.

If the White House truly desires to use technology for the bene-
fit of all, it should mandate the use of a different computer
chip.  How about one called the Clinterceptor that would act as a
sort of modern-day Paul Revere.  Through the information super-
highway, the Clinterceptor would forewarn the public that the
government is about to invade their privacy.  Thus, the next time
President Clinton and his college roomies are burning the
midnight oil and come up with a hair-brained idea like the
Clipper chip, an alarm will sound and alert the American people
to the government shaking the shackles of the Constitution.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






From perry at imsi.com  Wed Jun 22 13:22:43 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 22 Jun 94 13:22:43 PDT
Subject: Unofficial Resease
In-Reply-To: <9406222012.AA07604@debbie.telos.com>
Message-ID: <9406222022.AA03637@snark.imsi.com>



Those who didn't understand my point the first thirty times I made it
aren't going to learn now. Anyone who cares to discuss this
individual's Idee Fixe on keysize (shall we call such people "size
queens" from now on?) can do so with me in private mail.

Tom Rollins says:
> Perry says:
> >Fine. However, you are, you realize, a fool. There is no point in
> >building a house with 3 foot thick steel doors and walls made from
> >paper. After 2^10 or 2^11 bits or so the key is no longer the weak
> >link, and is not what people will attack since it no longer has a
> >reasonable possibility of success. You are entitled to your opinions,
> >of course.
> 
> Excuse me, What is your point.
> My 4096-bit rsa key is (last I looked 4096 == 2^12)
> over your 2^10 or 2^11 estimate and thus NOT the weak link.
> Why would you want the rsa key to BE the weak link?
> After all the rsa key will decrypt all your messages
> and the IDEA key is for (1) message only.
> 
> 				-tom
> 





From gtoal at an-teallach.com  Wed Jun 22 13:26:36 1994
From: gtoal at an-teallach.com (Graham Toal)
Date: Wed, 22 Jun 94 13:26:36 PDT
Subject: e$: Geodesic Securities Markets
Message-ID: <199406222026.VAA27230@an-teallach.com>


	> Changes in ownership are reflected by offseting book entries. Ah, the
	> wonders of double-entry bookeeping.

	BTW, 1994 is the 500th anniversary of the invention of double entry 
	bookkeeping (by a monk).  Made capitalism possible.

Ah yes, "Swedish Accounting Techniques" as my Economics lecturer used
to call it :)

G





From sandfort at crl.com  Wed Jun 22 13:29:38 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Wed, 22 Jun 94 13:29:38 PDT
Subject: e$: Geodesic Securities Markets
In-Reply-To: <199406221733.NAA29157@zork.tiac.net>
Message-ID: <Pine.3.87.9406221348.A4736-0100000@crl.crl.com>


C'punks,

On Wed, 22 Jun 1994, Robert Hettinga wrote:

> . . . physical delivery is becoming more and more
> obsolete. That makes sense. Once a certificate is put into the vault at
> DTC, it usually never leaves.  It might as well not be there at all.
> Changes in ownership are reflected by offseting book entries. Ah, the
> wonders of double-entry bookeeping.
> 
> Oddly enough, an e$ certification scheme reverses that paradigm. The book
> entries disapear, the certificates proliferate, and the clearinghouse
> becomes a referee, "blessing" the trade.

I don't think so.  The book entries still exist.  The book is the only 
place securities ever really exist.  E$ certificates--and even physical 
certificates--are nothing more than receipts evidencing ownership as 
defined by the book entry.  Remember, securities are "intangible" assets 
by definition.  (Ditto for dollars, yen, pounds and francs, by the way.)


 S a n d y








From jims at Central.KeyWest.MPGN.COM  Wed Jun 22 14:21:41 1994
From: jims at Central.KeyWest.MPGN.COM (Jim Sewell)
Date: Wed, 22 Jun 94 14:21:41 PDT
Subject: Cellular Telephone Experimenter's Kit (2600 article)
In-Reply-To: <Pine.3.89.9406221500.A18121-0100000@access.netaxs.com>
Message-ID: <9406222121.AA12173@Central.KeyWest.MPGN.COM>


<In mail Michael Handler said:>
> Cellular Telephone Experimenters Kit
> $125, Available for OKI 900

  Cell providers should be scared of this.  I saw the OKI 900
  the first time on a news clip on either one of those "Educational
  type" shows or a CNN-(like?) news clip.  The typical nerd was there
  with billions of wires coming out of it saying how simple it was
  to hook it up and after it was wired to his computer he could
  simply decode another ID and rewrite his phone with that id and
  Joe Schmoe would get the bill.  Made it sound VERY simple to
  make the world think you were Joe.

  Heck, I'm scared to get an account since I could become a 
  Joe!  (1/2 :)  )

  Jim
-- 
 Tantalus Inc.          Jim Sewell      Amateur Radio: KD4CKQ
 P.O. Box 2310          Programmer           Internet: jims at mpgn.com
 Key West, FL 33045     C-Unix-PC          Compu$erve: 71061,1027
 (305)293-8100                            PGP via email on request. 
 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3  C4 CF CD 9A 3E F9 4A 73




From karn at qualcomm.com  Wed Jun 22 14:38:10 1994
From: karn at qualcomm.com (Phil Karn)
Date: Wed, 22 Jun 94 14:38:10 PDT
Subject: Hardware generators
In-Reply-To: <9406200816.AA03886@anchor.ho.att.com>
Message-ID: <199406222135.OAA06068@servo.qualcomm.com>


Is this trip really necessary?

Seems to me you can get strong random numbers without having to build
hardware from scratch. Just get a sound interface (widely available
for both ISA and parallel interfaces) and run the noise from an FM
receiver into the A/D converter. Hash the output with MD5 and you have
some pretty strong random numbers.

I wouldn't be surprised if with some 16-bit boards you could do away
with the FM receiver and just sample the noise from the analog preamp
and mixer stages. Many of those boards are rather noisy.

It is always better to buy than to build when you can make effective
use of some mass-market PC peripheral. Not only do you save a lot of
time, but it'll be much easier for others to replicate too.

Phil






From grendel at netaxs.com  Wed Jun 22 14:44:47 1994
From: grendel at netaxs.com (Michael Handler)
Date: Wed, 22 Jun 94 14:44:47 PDT
Subject: Cellular Telephone Experimenter's Kit (2600 article)
In-Reply-To: <9406222121.AA12173@Central.KeyWest.MPGN.COM>
Message-ID: <Pine.3.89.9406221709.A21549-0100000@access.netaxs.com>


On Wed, 22 Jun 1994, Jim Sewell wrote:

> <In mail Michael Handler said:>
> > Cellular Telephone Experimenters Kit
> > $125, Available for OKI 900
> 
>   Cell providers should be scared of this.  I saw the OKI 900
>   the first time on a news clip on either one of those "Educational
>   type" shows or a CNN-(like?) news clip.  The typical nerd was there
>   with billions of wires coming out of it saying how simple it was
>   to hook it up and after it was wired to his computer he could
>   simply decode another ID and rewrite his phone with that id and
>   Joe Schmoe would get the bill.  Made it sound VERY simple to
>   make the world think you were Joe.

	Fear not, Jim! Reread the article: it says that the CTEK cannot 
be used to fake a bogus ESN (this controls billing). As it says, the CTEK 
is more useful as a cellular monitor than a tool for fraud.

	Of course, this doesn't rule out a very good hardware hacker 
playing with the ROMs in it....

--------------------------------------------------------------------------
Michael Brandt Handler                                <grendel at netaxs.com> 
Philadelphia, PA                            PGP v2.6 public key on request
Boycott PSI, Inc. & Canter & Siegel    <<NSA>> 1984: We're Behind Schedule
 "With opiates of silicon / Big Brother schemes to rule the nation" -- BR






From pcw at access.digex.net  Wed Jun 22 15:59:08 1994
From: pcw at access.digex.net (Peter Wayner)
Date: Wed, 22 Jun 94 15:59:08 PDT
Subject: Cellular Telephone Experimenter's Kit (2600 article)
Message-ID: <199406222258.AA16755@access2.digex.net>


This CTEK sounds like a fun toy and I guess I'm glad that it can't be
used for cellular phone fraud. That would be an illegitimate use. But,
monitoring cell phone traffic is a crime now, right? Is there a legitimate
use for the device? Can anyone think of one? 


-Peter Wayner







From rah at shipwright.com  Wed Jun 22 16:31:43 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 22 Jun 94 16:31:43 PDT
Subject: Unofficial Release
Message-ID: <199406222331.TAA04118@zork.tiac.net>


jamiel at sybase.com (Jamie Lawrence) says,

>At  3:27 PM 06/22/94 -0400, Perry E. Metzger wrote:
>
>>Fine. However, you are, you realize, a fool. There is no point in
>
>I was wondering if you had recently lost an appendage, or maybe had bad
>hemorrhoids or something.

Like a lot of bright people on this list, Perry doesn't like to repeat
himself too much.  Like a lot of other people on this list, he gets grouchy
when the ritalin wears off...

(Damn, I can't find it *anywhere*.  Excuse me, there's a tongue around here
somewhere... ah.  There it is. It's now in my cheek, see?  A joke. Levity,
even...)

Cheers,
Bob

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From rah at shipwright.com  Wed Jun 22 16:59:39 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Wed, 22 Jun 94 16:59:39 PDT
Subject: e$: Geodesic Securities Markets
Message-ID: <199406222359.TAA04482@zork.tiac.net>


Sandy Sandfort says

Me>>
|>> Oddly enough, an e$ certification scheme reverses that paradigm. The book
|>> entries disapear, the certificates proliferate, and the clearinghouse
|>> becomes a referee, "blessing" the trade.
>
>I don't think so.  The book entries still exist.  The book is the only
>place securities ever really exist.  E$ certificates--and even physical
>certificates--are nothing more than receipts evidencing ownership as
>defined by the book entry.  Remember, securities are "intangible" assets
>by definition.  (Ditto for dollars, yen, pounds and francs, by the way.)
>

Well, yes. You're right. In a sense.

However, in this scenario, it is possible for the clearing house to operate
more like a, since "referee" didn't work before, how about "notary", with
an official cc: to the security's issuer. The issuer could keep books, if
it was important (as Perry said a while back, the Feds would have to have a
"confirm", so someone would keep records of the transaction).  Of course,
the parties to the trade could keep their books, too.

On the other hand, if, like those famous asian anonymous equity markets we
heard about (from Eric?) there's no recording requirement (assume a
frictionless waterbed <g>), very interesting things can happen.  All the
new owners of the security care about is the ability to sell it later, or
collect interest from the payer of any interest, etc. All the sellers want
is cash.  My contention is that the sellers can get cash in a market by
presenting the e$-based certificate. Cashing out interest "coupons" from
the issuer happens in the same fashion.

Perry had a point a while back.  This is cryptography based, but not
cryptography, and most c-punks are probably skipping this thread. I'm
*really* interested in this stuff, and will talk to all comers about it,
off-line.  A couple of people have already sent me e-mail to start the ball
rolling...

Thanks,

Bob Hettinga

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From trollins at telos.com  Wed Jun 22 16:59:59 1994
From: trollins at telos.com (Tom Rollins)
Date: Wed, 22 Jun 94 16:59:59 PDT
Subject: Unofficial Release
Message-ID: <9406222103.AA09370@debbie.telos.com>


Parry says:
>Because it isn't cheap, first of all. If you wanted to run a
>completely secure internet, for example (a problem I am currently
>working on) the cost of all those RSAs really DOES show up, and fast.

Parry, It looks like you have your own agenda in which large rsa keys
doesn't fit your time constraints.
Don't implement large keys for your secure net.
And don't convince yourself that it be COMPLETELY SECURE.

					-tom






From jdwilson at gold.chem.hawaii.edu  Wed Jun 22 17:43:15 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Wed, 22 Jun 94 17:43:15 PDT
Subject: Combined DSP Technology
Message-ID: <Pine.3.07.9406221408.C3899-b100000@gold.chem.hawaii.edu>



The following is cut from EDUPAGE:

---------- Forwarded message ----------
Date: Wed, 22 Jun 1994 02:15:36 -0400
From: E-D-U-P-A-G-E <info at ivory.educom.edu>

MOTOROLA UNVEILS 3-WAY CHIP, SNAGS HONG KONG CONTRACT   
        Motorola's new MC68356 chip combines a microprocessor, a
digital-signal processor, and a special communications processor, all on a
single sliver of silicon. The three-way chip will be used in
credit-card-sized high-speed modems, cellular telephone equipment and
automobile guidance systems. (Wall Street Journal 6/20/94 B8) Meanwhile,
Motorola's been hired to build a $40 million high-speed wireless computing
network in Hong Kong. A trial run of the network, operating at 19.2 K bits
per second, is planned for later this year. (Investor's Business Daily
6/20/94 A14)


  This would be a nice little package to include PGP...


-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |     finger for full PGP key        >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>








From jktaber at netcom.com  Wed Jun 22 18:03:02 1994
From: jktaber at netcom.com (John K. Taber)
Date: Wed, 22 Jun 94 18:03:02 PDT
Subject: Thoughts on the NSA's correction to SHA
Message-ID: <199406230102.UAA28921@netcom12.netcom.com>


Forwarded message:
> 
> 
> >The very fact that this correction had to made offers some
> >insights into the National Security Agency.
> >
> >I believe that releasing DES to the public was the biggest
> >cryptography mistake that NSA ever made.  Consider the state of
> >research in cryptology before DES.  It was simplistic.  It was
> >haphazard.  There was little interest.  If any results of value
> >were ever discovered, the NSA could squash them with a secrecy
> >order.  No one cared.
> >
> 
> There is one problem with this analysis: 
> 
>   IBM created DES. Not the NSA. Sure the NSA could have asked them to keep
>   it hidden, but the NSA was also going to IBM and warning them
>   about Russians evesdropping on IBMs networks. Everyone realized it
>   was time for public cryptography. Especially IBM. It is not clear
>   that a secrecy order would have worked. 
> 
> This is not to say that your analysis is wrong. They classified the
> design procedures which was their attempt at a compromise. IBM couldn't
> publish the details of how to make a good algorithm, but they could
> release the details of the standard. 
> 
> 
> 

Well, yes, IBM did create DES.  But the NSA against its better judgment
blessed the effort, and by my guessing helped tremendously.  I have heard
rumors that NSA *does* say it was their biggest mistake, and never again.

There is no way I can prove a rumor, but I put a lot of credence in these
particular rumors.  I speculate that it was Bobby Inman who ordered NSA
to facilitate IBM.




From jdwilson at gold.chem.hawaii.edu  Wed Jun 22 18:03:25 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Wed, 22 Jun 94 18:03:25 PDT
Subject: Need advice on starting to make PGP library
In-Reply-To: <8i20C3W00iV0E0jVVf@andrew.cmu.edu>
Message-ID: <Pine.3.07.9406221419.D3899-b100000@gold.chem.hawaii.edu>



There is a current freeware Windows interface that works ok, but it
is not truly integrated i.e. it fires off a DOS background session
and stuffs parameters incl. your passphrase.

A DLL or VxD would be the better solution.  (A VxD has no DOS memory
overhead.)

If you were interested, once you have the DLL or VxD you could use the
Microsoft Office developers kit (currently approx. $49 on CD) and integrate
PGP into Excel-type applications, Word-type applications, Powerpoint-type
applications, and *microsoft mail* type applications.  I say "type" because
unlike the current links (OLE etc.) the developers kit gives you objects
to incorporate in your programs, including but *not* limited to Visual
Basic or Visual C++.

-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |     finger for full PGP key        >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>













From B858JT at UTARLVM1.UTA.EDU  Wed Jun 22 18:04:35 1994
From: B858JT at UTARLVM1.UTA.EDU (John A. Thomas)
Date: Wed, 22 Jun 94 18:04:35 PDT
Subject: Hardware RNG's
Message-ID: <9406230104.AA16833@toad.com>


Perry Metzger asks if the hardware random-number generator I
described in a post just before the list crashed could be
modified to use serial output.

Sure.  It was just easier to use the parallel port.  I know
the original IBM PC stupidly omitted bidirectional ports,
but they are available now.

Roger Bryner asks if there is any ready-made hardware RNG
device.

Yes.  A few years ago, at least, AT&T was selling such a
chip.  The data book says:

"The T7001 Random Number Generator (RNG) integrated circuit
produces random bits based on the phase jitter of a free-
running oscillator.  The output data stream is truly random,
not pseudo random.  The T7001 RNG is processed in CMOS
technology, requires a single 5 V supply, and is supplied in
a 32-pin plastic DIP."

The output is 536-bit numbers, available in 8-bit bytes.

There are probably others available; I haven't looked
lately.

John A. Thomas
b858jt at utarlvm1.uta.edu
75236.3536 at compuserve.com
PGP public key available.





From klbarrus at owlnet.rice.edu  Wed Jun 22 18:04:42 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Wed, 22 Jun 94 18:04:42 PDT
Subject: MAIL: Using "nobody"
In-Reply-To: <772247601/vac@FURMINT.NECTAR.CS.CMU.EDU>
Message-ID: <9406230104.AA05037@flammulated.owlnet.rice.edu>


Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU wrote:

Using "nobody" as a remailer is pretty interesting ;) the only problem
being you have to be root or be allowed to choose your own username.

> Imagine remailers also had addresses like "nobody at vox.hacktic.nl",
> and "nobody at jpunix.com".  Now if someone doing an internet wire-tap
> sees mail to "nobody at furmint.nectar.cs.cmu.edu" it is hard for him to
> tell if this means:
>  a) It will just end up in /dev/null like it does on 99% of the machines
>  b) furmint is another remailer
>  c) someone on furmint gets mail as "nobody"

I don't understand: why can't the somebody do a telnet to port 25 and
"vrfy nobody" to see if it points to /dev/null?  Or find out if mail
is piped to a script? 

> So it would be nice if sites with remailers would set the "nobody"
> alias to point to their remailer to start this convention.  Assuming

Again, a pretty good suggestion, but I don't think most remailer
operators can do this even if they wanted to.  I know I couldn't have
with remailers I've run in the past.

-- 
Karl L. Barrus: klbarrus at owlnet.rice.edu         
2.3: 5AD633;   D1 59 9D 48 72 E9 19 D5  3D F3 93 7E 81 B5 CC 32 
2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5  E8 97 64 7E 20 95 60 D9
"One man's mnemonic is another man's cryptography" - K. Cooper




From mgream at acacia.itd.uts.edu.au  Wed Jun 22 18:54:30 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Wed, 22 Jun 94 18:54:30 PDT
Subject: Hardware RNG's
In-Reply-To: <9406230104.AA16833@toad.com>
Message-ID: <9406230156.AA26564@acacia.itd.uts.EDU.AU>


"John A. Thomas" wrote:

> Perry Metzger asks if the hardware random-number generator I
> described in a post just before the list crashed could be
> modified to use serial output.

You don't even need to build a serial interface, per se, on the RNG
device. So long as you have output levels consistent with RS-232, you
can push a clock down DSR and the random bits down CTS.  The PC (or any
computer for that fact) has no problem looking at these signals, so
although specific software is required, it doesn't require a special
async device driver.

Just as with a parallel interface, you take the next sample when an
inversion of the clock signal is detected. If the computer in question
is too slow, the only side effect is a loss of bits as clock inversions
as missed. If the computer is too fast, it just hangs around a while.

If the RNG device has a negative rail (>=5v), no extra components are
needed, otherwise you'll need to generate it, something like a Maxim
RS-232 line driver (which only requires +5v/gnd and generates +/-
RS-232 voltages) will do the trick. Certainly cheaper than a UART
(which would require line drivers anyway).

I remember a ham friend of mine telling me of a certain syncronous TNC
that communicates with a PC device driver using CTS/RTS, I thought it
was a cool hack at the time :-).

cheers,
Matthew.

-- 
Matthew Gream <M.Gream at uts.edu.au> -- Consent Technologies, (02) 821-2043
Disclaimer: I'm only a student at UTS





From rarachel at prism.poly.edu  Wed Jun 22 19:32:30 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Wed, 22 Jun 94 19:32:30 PDT
Subject: !A Question of Copyright
Message-ID: <9406230219.AA17000@prism.poly.edu>


For the PC Expo disk distribution I would like to use some of the articles
that have been "liberated" on here.  These include NYT and LAT articles as well
as several other magazines and papers.

I have been told by a professor that as long as I label the diskettes as
"For Educational Purposes" I can distribute these articles.  Should I do so?
I'd rather not get sued on this, so if there be a lawyer here, please
advise...


(For those just tuning in, I and several other cypherpunks will be giving out
free disks at PC Expo with PGP, other crypto software, and crypto articles as
a mini anti-clipper/digital telephony campaign...




From ghio at cmu.edu  Wed Jun 22 21:17:08 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Wed, 22 Jun 94 21:17:08 PDT
Subject: Archives?
Message-ID: <9406230415.AA21058@toad.com>


Roger Bryner <bryner at atlas.chem.utah.edu> wrote:

> Hello,
> Are there archives for this mailing list?

ftp cs.cmu.edu /afs/andrew.cmu.edu/usr12/mg5n/public/cypherpunks


It's a symlink to CMU's internal news directory.  You will need to get the
file cypherpunks.index to figure out the filenames.  The file also contains
some binary data for the local news software here, you will have to just
ignore that.  Not exactly the easiest way to look things up, but it works.
Messages are kept one month.





From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Wed Jun 22 21:32:56 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Wed, 22 Jun 94 21:32:56 PDT
Subject: MAIL: Using "nobody"
Message-ID: <772345283/vac@FURMINT.NECTAR.CS.CMU.EDU>



Karl Lui Barrus:
>Using "nobody" as a remailer is pretty interesting ;) the only problem
>being you have to be root or be allowed to choose your own username.

Yes, you need to be root. 

>I don't understand: why can't the somebody do a telnet to port 25 and
>"vrfy nobody" to see if it points to /dev/null?  Or find out if mail
>is piped to a script?

When I do this to different machines where "nobody" is aliased to
different things, I always get "Nice address".

But even if there was some way to tell by accessing something on my
machine, I can make my machine lie.  Really.  Do I need to get my
machine to lie for me?  Can anyone detect any difference between the
"nobody"s on cs.cmu.edu, furmint.nectar.cs.cmu.edu, and
alex.sp.cs.cmu.edu?

>> So it would be nice if sites with remailers would set the "nobody"
>> alias to point to their remailer to start this convention.  Assuming
>
>Again, a pretty good suggestion, but I don't think most remailer
>operators can do this even if they wanted to.  I know I couldn't have
>with remailers I've run in the past.

It does not need to be all of them to work.  Even if only a few places
do this, it is still good cover. 

If there is some mail going to "nobody" on my machine, maybe I have
some "black-net" operation running off of my machine, or maybe mail is
all getting dropped in the bit bucket like "nobody" on standard
machines.  From outside you can not be sure.  It could just be L. D. 
trying to make it look like I am up to something.  

If there was a witch hunt for encryption use, someone might send lots
of encrypted mail to someplace like nobody at att.att.com, and the fierce
witch hunters might try to burn someone who was not a true witch.

  -- Vince






From bmorris at netcom.com  Wed Jun 22 22:06:47 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Wed, 22 Jun 94 22:06:47 PDT
Subject: OJ`S CELL PHONE
Message-ID: <199406230506.WAA11013@netcom11.netcom.com>


To: cypherpunks at toad.com

KK> There is an optional mechanism called "registration" by which the
KK> system can keep track of your approximate location even though you're

Is this registration method the exception or the rule?

 * RM 1.4 B0037 * 
          





From ghio at cmu.edu  Wed Jun 22 22:07:50 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Wed, 22 Jun 94 22:07:50 PDT
Subject: MAIL: Using "nobody"
In-Reply-To: <klbarrus@owlnet.rice.edu>
Message-ID: <9406230506.AA21511@toad.com>


> I don't understand: why can't the somebody do a telnet to port 25 and
> "vrfy nobody" to see if it points to /dev/null?  Or find out if mail
> is piped to a script?

Try that on andrew.cmu.edu






From Vincent.Cate at cs.cmu.edu  Wed Jun 22 22:36:21 1994
From: Vincent.Cate at cs.cmu.edu (Vincent.Cate at cs.cmu.edu)
Date: Wed, 22 Jun 94 22:36:21 PDT
Subject: Archives?
In-Reply-To: <9406230415.AA21058@toad.com>
Message-ID: <Ui2FwWu00hvnQ8L0Ug@cs.cmu.edu>



Though slightly biased, I highly recommend the mosaic page:

     ftp://furmint.nectar.cs.cmu.edu/security/README.html

Amoung many other things,  this points to the 
archive/database of email:

     http://pmip.maricopa.edu/crypt/cypherpunks/Cypherpunks.src

 - Vince





From crame001 at hio.tem.nhl.nl  Thu Jun 23 02:51:56 1994
From: crame001 at hio.tem.nhl.nl (ER CRAMER)
Date: Thu, 23 Jun 94 02:51:56 PDT
Subject: PGS v0.99b is out there...
Message-ID: <9406231044.AA00747@hio.tem.nhl.nl>


-----BEGIN PGP SIGNED MESSAGE-----

I have just uploaded PGS v0.99b to the following ftp-sites:

 - wuarchive.wustl.edu:/pub/msdos_uploads/pgs/pgs099b.zip
 - oak.oakland.edu:/SimTel/msdos/security/pgs099b.zip
   (just uploaded it... So it must be there in a few days...) 
 - rzsun2.informatik.uni-hamburg.de:/pub/virus/crypt/pgp/...
   (just uploaded it... So it must be there in a few days...)

If you want it fast look on wuarchive...

For the ones who don't know what PGS is...

PGS is a very good ms-dos shell for PGP. It reads directly from the 
keyrings and has a very good keymanagement system...

... If you outlaw Privacy, only Outlaws will have Privacy!

Eelco Cramer <crame001 at hio.tem.nhl.nl> ------
- --------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLglnQ4DAdPKe9hHLAQHHvAP/eP5M6hh5k1jXya19p+tj7ol8a6h+A2fg
XKwj3ZPT+pPmEdFe1TQpKTPDQJwATmPMHg8930fp0sET4Gfmtx8yggDXAUJabEGN
Tvx9Su7QwIuKg4Ga2JSW1onyplJdxqI5KmBAhGrDpEj1TDDIO55r8hnBrQsxIsld
lJa+XC+SFEA=
=qDDg
-----END PGP SIGNATURE-----




From perry at imsi.com  Thu Jun 23 04:58:13 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Thu, 23 Jun 94 04:58:13 PDT
Subject: Unofficial Release
In-Reply-To: <9406222103.AA09370@debbie.telos.com>
Message-ID: <9406231157.AA04404@snark.imsi.com>



Tom Rollins says:
> Parry says:
> >Because it isn't cheap, first of all. If you wanted to run a
> >completely secure internet, for example (a problem I am currently
> >working on) the cost of all those RSAs really DOES show up, and fast.
> 
> Parry, It looks like you have your own agenda in which large rsa keys
> doesn't fit your time constraints.
> Don't implement large keys for your secure net.
> And don't convince yourself that it be COMPLETELY SECURE.

It will be no less secure than one using larger keys. This point is
lost on you, of course.

Perry





From jktaber at netcom.com  Thu Jun 23 07:39:02 1994
From: jktaber at netcom.com (John K. Taber)
Date: Thu, 23 Jun 94 07:39:02 PDT
Subject: !A Question of Copyright
In-Reply-To: <9406230219.AA17000@prism.poly.edu>
Message-ID: <199406231439.JAA00415@netcom9.netcom.com>


> 
> For the PC Expo disk distribution I would like to use some of the articles
> that have been "liberated" on here.  These include NYT and LAT articles as well
> as several other magazines and papers.
> 
> I have been told by a professor that as long as I label the diskettes as
> "For Educational Purposes" I can distribute these articles.  Should I do so?
> I'd rather not get sued on this, so if there be a lawyer here, please
> advise...
> 
> 
> (For those just tuning in, I and several other cypherpunks will be giving out
> free disks at PC Expo with PGP, other crypto software, and crypto articles as
> a mini anti-clipper/digital telephony campaign...
> 

If you have time, why not ask the NYT and LAT for permission.  I'll bet that
they will be glad to grant it, but it will take a few weeks.




From bshantz at spry.com  Thu Jun 23 08:05:45 1994
From: bshantz at spry.com (Brad Shantz)
Date: Thu, 23 Jun 94 08:05:45 PDT
Subject: Looking for Applied Cryptography Errata sheet
Message-ID: <9406231505.AA28123@homer.spry.com>


Hi,
   I grabbed a copy of the Errata sheet (1.5.9 I think) off of a newsgroup,
or maybe it was posted to the list.  Anyway, I lost the thing!!!  If anyone
(including the original poster...who I believe was Bruce Schneier himself)
could send it to me, I would be extremely happy.  Or if you feel so
inclined, post it, so I don't get bombarded with several thousand copies of
the errata sheet.
                           Thanx,
                               Brad

 :::::::::::::::::<<< NETWORKING THE DESKTOP >>>:::::::::::::::::
 Brad Shantz                          Internet : bshantz at spry.com
 SPRY Inc                             Ph# (206) 447-0300
 316 Occidental Avenue S. 2nd Floor   FAX (206) 447-9008
 Seattle, WA  98104
 ----------------------------------------------------------------
 "In gopherspace no one can hear you scream."
 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::





From hfinney at shell.portal.com  Thu Jun 23 08:28:40 1994
From: hfinney at shell.portal.com (Hal)
Date: Thu, 23 Jun 94 08:28:40 PDT
Subject: Thoughts on the NSA's correction to SHA
Message-ID: <199406231529.IAA08015@jobe.shell.portal.com>


Bruce Schneier may be correct about NSA's views, but I think the
NSA gives itself too much credit.  There was another very significant
event in the 1970's which IMO played at least as much of a role in
the increased interest in cryptography as the DES.  This is, of course,
the invention of public-key cryptography.

I know that my own interest in crypto can largely be traced to the
Scientific American column by Martin Gardner in which he introduced
the RSA system (along with the famous RSA-129 number which was just
factored).  PK crypto combines simplicity with surprise to produce
results which attracted a lot of attention and interest.  In comparison,
the development of DES was of relatively little interest outside of the
few specialists in the field.  I would suggest that PK crypto did more
to attract attention to cryptography and to lure people to the field than
did DES.

If you look at the papers in the crypto conference proceedings you will
see a number on cryptanalysis of DES and on DES-like systems, especially
in the early days; but there are generally at least as many on PK and
related ideas such as zero-knowledge.  Much of what we think of as
"modern cryptography" owes itself more to the kinds of information
manipulation provided by PK than to the DES, which is often relegated
to the role of a "black box" in a crypto protocol, interchangeable with
IDEA or any other conventional cypher.

It's more defensible to argue that strictly from the NSA's goal of reading
other people's mail, DES was harmful by revealing a general approach for
constructing strong conventional cyphers.  But as far as stimulating the
field of cryptography in general, I think PK has played a more important
role.

Hal Finney
hfinney at shell.portal.com






From frissell at panix.com  Thu Jun 23 08:53:31 1994
From: frissell at panix.com (Duncan Frissell)
Date: Thu, 23 Jun 94 08:53:31 PDT
Subject: Thoughts on the NSA's correction to SHA
In-Reply-To: <199406231529.IAA08015@jobe.shell.portal.com>
Message-ID: <Pine.3.87.9406231136.A10440-0100000@panix.com>




On Thu, 23 Jun 1994, Hal wrote:

> I know that my own interest in crypto can largely be traced to the
> Scientific American column by Martin Gardner in which he introduced
> the RSA system (along with the famous RSA-129 number which was just
> factored).  PK crypto combines simplicity with surprise to produce

I was one of the 10,000 people who ordered a free copy of "A proposal for 
a Public Key Encryption System" from MIT as a result of that column.  It 
certainly guarranteed wide dissemination of the ideas.  

The real mistake that the NSA made was writing that "Publish and We'll 
Throw You in Jail" letter to RSA.  Good publicity generator.

DCF

"Got to find my copy of that paper somewhere..."






From nate at VIS.ColoState.EDU  Thu Jun 23 08:57:50 1994
From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons)
Date: Thu, 23 Jun 94 08:57:50 PDT
Subject: looking for an ftp site
Message-ID: <9406231557.AA08930@vangogh.VIS.ColoState.EDU>



I am looking for an ftp site to hold 16K of gzipped tarred file.  It's
my WWW interface to teh remailer network, and I cannot put it up for ftp 
at my university (The Powers That Be and all that).  

Please send email.

-nate

-- 
+-----------------------------------------------------------------------+
| Nate Sammons <nate at VIS.ColoState.Edu> <nate at yuma.ANCS.ColoState.Edu>  |
|      Colorado State University Computer Visualization Laboratory      |
|    Data Visualization/Interrogation, Modeling, Animation, Rendering   |
+-----------------------------------------------------------------------+




From jdwilson at gold.chem.hawaii.edu  Thu Jun 23 09:32:33 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Thu, 23 Jun 94 09:32:33 PDT
Subject: RSA Key Size & QP
In-Reply-To: <Pine.3.89.9406221355.A20389-0100000@atlas.chem.utah.edu>
Message-ID: <Pine.3.07.9406230605.C5983-a100000@gold.chem.hawaii.edu>



In the folder RSA sends out in response to inquirys they have a nice
explanation of brute-force factor-cracking estimated computation time
on several platforms at several key sizes.  I'll see if I can dig it
up (I know it's *somewhere* on my desk here...)



-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |     finger for full PGP key        >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>













From claborne at microcosm.sandiegoca.NCR.COM  Thu Jun 23 10:04:01 1994
From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris at SanDiegoCA)
Date: Thu, 23 Jun 94 10:04:01 PDT
Subject: FW: Crypto export legislation defeated in House Intelligence Cmte.
Message-ID: <2E09BF54@microcosm.SanDiegoCA.NCR.COM>




> So much for lobbying.
>
> Look, something is going on here that doesn't meet the eye. Nothing is
> ever unanimous in Washington. These guys were told something by somebody
> that caused them to vote like this. You can bet it had nothing to do with
> terrorists, drug pushers, or pedophiles. Why don't you expend
> some effort to find out what they were told and by whom so we could learn
> what this issue is really about because it is NOT about "national 
security".
>

   Think about it...  If you've had the ability to listen to any voice or 
e-mail traffic you felt like with a simple telco set or inexpensive computer 
any time, anywhere you felt like, wouldn't you put up a fight?

   It's like trying to take a gun from a NRA member.  Once you have a 
freedom to do something you aren't going to give up easy.  It's only going 
to be more difficult since NSA, and other three letter orgs are part of the 
government.

   Our metro-police, FBI, CIA, XXX, have been able to tap phone and e-mail 
(illegally or with court permission, or in the name of "national security") 
as easy as plugging in a toaster.   Once citizens start using crypto 
systems, these three letter orgs are going to have to work for a living. 
 OK, so a crook is using crypto in his communications.  Most are so stupid, 
getting the keys won't be that hard and even better... the crook will still 
think his comm link is secure.  I'll stop here with my arguments for 
dropping the barriers to crypto.

   For NSA, finding the right string to pull is probably real easy.  The 
only thing we can do is continue to apply pressure at all fronts.  Educating 
the general public is on one front.  EFF has other fronts.

                                        ...  __o
                                       ..   -\<,
chris.claborne at sandiegoca.ncr.com      ...(*)/(*).      CI$: 76340.2422
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.






From sandfort at crl.com  Thu Jun 23 10:17:16 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Thu, 23 Jun 94 10:17:16 PDT
Subject: No Subject
Message-ID: <Pine.3.87.9406231025.A14731-0100000@crl.crl.com>


who cypherpunks







From dmandl at lehman.com  Thu Jun 23 10:36:05 1994
From: dmandl at lehman.com (David Mandl)
Date: Thu, 23 Jun 94 10:36:05 PDT
Subject: ?
Message-ID: <9406231735.AA05847@disvnm2.lehman.com>


> From owner-cypherpunks at toad.com Thu Jun 23 13:26:22 1994
> Date: Thu, 23 Jun 1994 10:14:25 -0700 (PDT)
> From: Sandy Sandfort <sandfort at crl.com>
> To: Cypherpunks <cypherpunks at toad.com>
> Mime-Version: 1.0
> Content-Type> : > TEXT/PLAIN> ; > charset=US-ASCII> 
> Sender: owner-cypherpunks at toad.com
> Content-Length: 18
> 
> who cypherpunks
> 

Well, it's a long story...





From sandfort at crl.com  Thu Jun 23 11:04:39 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Thu, 23 Jun 94 11:04:39 PDT
Subject: MY FAUX PAS
Message-ID: <Pine.3.87.9406231106.A26796-0100000@crl2.crl.com>


C'punks,

It's great to see that Cypherpunks not only write code; they write jokes 
too (unfortunately at my expense).  Thanks for all the humorous responses 
to my "who cypherpunks" message.

God, I love this group.


 S a n d y








From f_griffith at ccsvax.sfasu.edu  Thu Jun 23 11:40:55 1994
From: f_griffith at ccsvax.sfasu.edu (f_griffith at ccsvax.sfasu.edu)
Date: Thu, 23 Jun 94 11:40:55 PDT
Subject: e$: Geodesic Securities Markets
Message-ID: <9406231840.AA02736@toad.com>


>

>> Perry Metzger says,
>>
>Yup. The certificate is held in street name -- the name such
>certificates are held in is "Ceed & Co." for obscure reasons I've
>never been able to fathom.


I think it's Cede & Co.

The original reason, which may not still hold, was that it was rather
cumbersome to transfer securities held in the name of a corporation,
much easier to transfer those in a partnership's name.  Thyus, the 
clearing corp formed a partnership to hold the securities. 






From claborne at microcosm.sandiegoca.NCR.COM  Thu Jun 23 11:44:01 1994
From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris at SanDiegoCA)
Date: Thu, 23 Jun 94 11:44:01 PDT
Subject: PGP is Product of the Week
Message-ID: <2E09D1B9@microcosm.SanDiegoCA.NCR.COM>



   PGP is Product of the Week in last weeks PCMag.

I will bang my drum one more time...
How to beat the three letter agencies:

1.   Power of the press is just one of the weapons at our disposal.  Public 
education and continued press on privacy alternatives is important.   One of 
the things that would help a concerted offensive against the three letter 
agencies that want to remove our privacy would be to send more articles to 
the industry rags.  Hopefully better than the one published in Byte.   The 
more exposure the better.  You there!  Start writing!

2.   Improve the ease-of-use factor for PGP... That is, write more front 
ends (windowing since most of the general public uses it).  Example: 
ViaCryptPGP for Compuserve's WINCIM and navigator.  I believe in the 
critical mass theory... "A product becomes a defacto standard not that it is 
always the best product but because of sheer number of users".  In this case 
I am pushing PGP but I think it would go for crypto products in general.

3.  Drive for an independent "renegade" standard like PGP.  The term 
renegade here meaning "having rejected tradition".  Flood the net with it 
and the genie is truly out of the bottle.   Now that PGP is "legal" in the 
US, and people outside the U.S. have the product spec no-one gets left out 
in the cold.

4.  Mentioned earlier... "Attack the NSA budget".  This can be a win and a 
loose since a smaller budget could lower our countries defenses.  It is 
possible that an attack on the budget would get them to lay off without any 
real action needing to be taken.



                                        ...  __o
                                       ..   -\<,
chris.claborne at sandiegoca.ncr.com      ...(*)/(*).          CI$: 76340.2422
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.





From karn at qualcomm.com  Thu Jun 23 14:20:06 1994
From: karn at qualcomm.com (Phil Karn)
Date: Thu, 23 Jun 94 14:20:06 PDT
Subject: Another Cellular Vict
In-Reply-To: <199406221242.IAA00419@orchard.medford.ma.us>
Message-ID: <199406232119.OAA16482@servo.qualcomm.com>


>Well, I'm not sure how well that would work...  The "dither" on the
>RTT can't go negative (for obvious reasons :-) ).

Sure it can. We're not talking RTT in the Internet sense.  In a spread
spectrum system, deterministic pseudo-random sequences are used for
the spreading codes; the receiver always knows the future of the sequence.

We generate ours with conventional linear feedback shift
registers. The mobile phone tracks the code phase of the cell site and
slaves its own coded transmissions to that. All you'd have to do is to
add a random time-varying phase to the tracking loop. That would cause
the measured delay to be either greater than or less than the real
value.

There would be limits to how far you could vary the delay, but the
tolerance at the cell has to be on the order of the cell radius for
the system to work anyway.

Phil






From karn at qualcomm.com  Thu Jun 23 15:15:39 1994
From: karn at qualcomm.com (Phil Karn)
Date: Thu, 23 Jun 94 15:15:39 PDT
Subject: your mail
In-Reply-To: <199406221812.NAA21717@zoom.bga.com>
Message-ID: <199406232210.PAA16536@servo.qualcomm.com>


>This is a bad idea, the computer it self will generate clocking noise which
>will appear in the noise and destroy the randomness. The standard, and even
>most high-end, recievers don't have the shielding to prevent this sort of
>intrussion. Heck, that digital clock on your desk (and possibly your wrist if
>close enough) will cause problems as well. 

In my ham experience, almost all of the computer noise you might pick
up in such a receiver comes through the antenna. If you disconnect the
antenna, what remains is almost entirely thermal noise from the
receiver front end. And even if there were some computer noise mixed
in, MD5 hashing the output to concentrate the entropy should satisfy
even the most paranoid.

It's advisable to replace the antenna with a dummy load (matched
resistive terminator) to ensure that the front end remains stable; if
the receiver is sensitive enough you also pick up the thermal noise
generated by the terminator itself. (BTW, you can easily demonstrate
thermal noise with a *good* low-noise preamp and a linear, e.g., SSB
or AM -- not FM, receiver this way.  Turn off the receiver AGC and
dunk the terminator in liquid nitrogen.  The noise level will decrease
dramatically.  Take the terminator out of the N2 and let it warm up;
the noise level will return to normal. Be prepared to sacrifice the
coax you dunk into the N2; I've cracked a few rubber connector boots
this way.

>> And if that doesn't work, crawl up the spectrum a bit.  The higher in 
>> frequency you go, the more thermal noise you'll see.
>>
>Only up to a point. Past a certain point and the processes will start to
>roll off their energy production. 

It's a little more complicated than that. In general, as you go higher
in frequency the natural background noise power (lightning, sun noise,
galactic synchrotron radiation, 3K cosmic background, etc) decreases
rapidly, reaching a minimum in the 1-10 GHz range. Above that,
atmospheric components such as water vapor and oxygen again start to
contribute quite a bit of thermal noise.  (This low-noise window is
why the Search for Extraterrestrial Intelligence projects concentrate
on the 1-10Ghz range).  On the other hand, the noise contributed by
state-of-the-art receivers tends to increase with frequency, though
again the state of the art has gotten very good.

For cryptographic quality random numbers you want *only* local
receiver noise; if you rely on external sources like the galactic
background, your attacker also has access to them.

Phil










From karn at qualcomm.com  Thu Jun 23 16:33:11 1994
From: karn at qualcomm.com (Phil Karn)
Date: Thu, 23 Jun 94 16:33:11 PDT
Subject: Cellular Telephone Experimenter's Kit (2600 article)
In-Reply-To: <199406222258.AA16755@access2.digex.net>
Message-ID: <199406232328.QAA16686@servo.qualcomm.com>


>This CTEK sounds like a fun toy and I guess I'm glad that it can't be
>used for cellular phone fraud. That would be an illegitimate use. But,
>monitoring cell phone traffic is a crime now, right? Is there a legitimate
>use for the device? Can anyone think of one? 

Several companies make cellular test sets (or optional modules for
more general purpose RF test sets) that perform functions very much
like those of the CTEK package. Since we manufacture cell phones, we
have a perfectly legitimate reason to have a few of those test sets
around here.  And I know of no special licensing requirements to buy
them (other than having $20,000 or so in cash).

Phil





From mech at eff.org  Thu Jun 23 17:45:34 1994
From: mech at eff.org (Stanton McCandlish)
Date: Thu, 23 Jun 94 17:45:34 PDT
Subject: New at EFF - Intell. Cmte. HR3937 crypto report, Inouye NII bill
Message-ID: <199406240042.UAA19941@eff.org>


Electronic Frontier Foundation ftp site:  ftp.eff.org

06/23/94  - added House Intelligence Committee's enraging report on its
             so-called reasons for butchering the crypto export provisions
             of the Export Admin. legislation (HR3937/3627): /pub/EFF/Policy/
             Crypto/ITAR_export/hr3937_intell_cmte.report
          - added Sen. Inouye's bill for "public spaces" on the NII:
             /pub/EFF/Policy/OP/inouye_nii_s2195.bill

-- 
Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist
F O R   M O R E   I N F O,    E - M A I L    T O:     I N F O @ E F F . O R G 
O  P  E  N    P  L  A  T  F  O  R  M     O  N  L  I  N  E    R  I  G  H  T  S
V  I   R   T   U   A   L   C  U   L   T   U   R   E      C  R   Y   P   T   O




From karn at qualcomm.com  Thu Jun 23 18:03:46 1994
From: karn at qualcomm.com (Phil Karn)
Date: Thu, 23 Jun 94 18:03:46 PDT
Subject: Unofficial Release
In-Reply-To: <9406231157.AA04404@snark.imsi.com>
Message-ID: <199406240102.SAA16821@servo.qualcomm.com>


Rumor has it that certain government applications do Diffie Hellman
with 2K-bit moduli. Given the apparent connections between factoring
and discrete logarithm (the complexity formulas seem to look very much
alike), it appears that at least one user feels that keys longer than
1K bits provide a desirable safety margin.

Phil






From B858JT at UTARLVM1.UTA.EDU  Thu Jun 23 18:30:59 1994
From: B858JT at UTARLVM1.UTA.EDU (John A. Thomas)
Date: Thu, 23 Jun 94 18:30:59 PDT
Subject: Hardware RNG's
Message-ID: <9406240130.AA09341@toad.com>


Roger, I would like some details about your hardware RNG, if you
could, including how you were reading the random value.  I had the
impression you were taking one bit at a time.

What did you mean when you said:  "I just got a 3 standard deviation
at a 1000000 sample..."?  What statistical testing did you do?

I used the chi-square test on 8-bit values (255 degrees of freedom),
and also computed the probablility for the chi-square statistic.  I
programmed the runs-up and runs-down tests as suggested by Knuth, and
computed the chi-square for those as well.  Finally, I counted the
numbers of 1 and 0 bits, and the number of times 1 followed 0, 0
followed 1, etc.

I didn't do the autocorrelation test.  If you have any code for that,
I would appreciate having it.  I'm not sure what you mean by "...the
derevitives of the sequence..."  What is that?

I suppose these gadgets could be useful for those who want the
absolute security of the one-time pad, and can exchange disks
securely.  With disks holding 1.44 meg now, it could be practical.

John A. Thomas
b858jt at utarlvm1.uta.edu
75236.3536 at compuserve.com
PGP public key available.





From jrochkin at cs.oberlin.edu  Thu Jun 23 18:33:31 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Thu, 23 Jun 94 18:33:31 PDT
Subject: Get U.S. Representatives to use PGP?
Message-ID: <199406240132.VAA27391@cs.oberlin.edu>


I just saw a press release somewhere or other on the net which stated
that a number of U.S. Representatives now have email addresses @hr.house.gov.
 
Among other things, the release stated:
>         In addition, constituents who communicate with their
> Representative by electronic mail should be aware that Members will
> sometimes respond to their messages by way of the U.S. Postal Service.
> This  method of reply will help to ensure confidentiality, a concern
> that is of upmost importance to the House of Representatives.
 
What if we could get the Reps to use PGP to solve this problem?
Sure, they _should_ be using clipper chip, to respect the Administration
and all. But the fact is, they couldn't realistically use clipper now,
even if they wanted to. No one else uses it. On the other hand, lots
of people use PGP. 
 
PGP is fully legal now, so the Reps can use it if they want to. Maybe 
we should write up some form letter proseletyzing PGP and send it
to all online Representatives? If we could get even one or two to use it,
it would be major major pro-PGP publicity. It would also be a major
embaressment to Clipper-supporters (ie. the Administration), but we definitely
don't want to mention this in our form letter, as I doubt few Reps want
to blatantly embaress the administration like that. But the fact is, PGP
really _is_ a de facto standard, which is why teh Reps would use it instead
of clipper, and furthermore if we can "trick" (maybe too harsh a word)
a Rep or two into using it, it will just prove the standardness of PGP.
 
What do you think?
It looks like we'd have to snailmail the form letter to them all if we did
it, as their email will only accept stuff from constituents who have
pre-registered their email address by snailmail so as to prove their
constituency.





From jgostin at eternal.pha.pa.us  Thu Jun 23 18:50:57 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Thu, 23 Jun 94 18:50:57 PDT
Subject: PGP is the product of the week!
Message-ID: <940623192504r4Tjgostin@eternal.pha.pa.us>


"Claborne, Chris at SanDiegoCA" <claborne at microcosm.sandiegoca.NCR.COM>
writes:

>    PGP is Product of the Week in last weeks PCMag.
Good to hear it. Does this mean that PGP has become part of the
Establishment? 

> 4.  Mentioned earlier... "Attack the NSA budget".  This can be a win and a 
> loose since a smaller budget could lower our countries defenses.  It is 
> possible that an attack on the budget would get them to lay off without any 
> real action needing to be taken.
     This isn't truly an issue. The NSA had it's hey-day during the Cold
War.  Now that that's over, and the same level of effort can be attuned to
fewer enemies, one would think that they don't NEED a bigger budget.

                                        --Jeff
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From jkreznar at ininx.com  Thu Jun 23 18:51:31 1994
From: jkreznar at ininx.com (John E. Kreznar)
Date: Thu, 23 Jun 94 18:51:31 PDT
Subject: PGP is Product of the Week
In-Reply-To: <2E09D1B9@microcosm.SanDiegoCA.NCR.COM>
Message-ID: <9406240056.AA10178@ininx>


-----BEGIN PGP SIGNED MESSAGE-----

> Now that PGP is "legal" in the 
> US, and people outside the U.S. have the product spec no-one gets left out 
> in the cold.

It's interesting that you put it exactly like that.  It happens that I
have been grappling, so far unsuccessfully, with the fact that there is
a group of people who _are_ ``left out in the cold''.  I would value
your comments on this.

A person in the group to which I refer is ``in the US'' by the commonly
understood geographical definition of that phrase, but has as a matter
of conscience renounced any citizenship he may have had.  He refuses on
principle to affirm that he is a national person, and therefore cannot
use PGP 2.6 because such affirmation is supposed to be required in order
to obtain PGP 2.6, and may therefore be implicit in each use of PGP 2.6.
On the other hand, if he uses PGP 2.6ui, he risks being accused of
violating RSADSI's patent rights, because they will take him to be ``in
the US'', even though he has disaffiliated himself.

What version of PGP can such a person use?

	John E. Kreznar		| Relations among people to be by
	jkreznar at ininx.com	| mutual consent, or not at all.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLgotOcDhz44ugybJAQFK5QQAr9nSs15ffo49jXFarfi8kSIQXPH16+1V
hGgMre0LktEG4M2hVO8K2VmoFiy982yM9W8jQmH2e6twrTGqiOmEKEyNcOFKwsWA
Ew45bEWcBcZpE/Ql+LBHk0PJNHoMGo/ORf4iec5ySYVo89XDahm+a6NMcGbBchHA
/3IdqOddt/c=
=8ITr
-----END PGP SIGNATURE-----





From dcosenza at netcom.com  Thu Jun 23 19:02:34 1994
From: dcosenza at netcom.com (dcosenza at netcom.com)
Date: Thu, 23 Jun 94 19:02:34 PDT
Subject: WARNING!
Message-ID: <199406240124.SAA14946@netcom3.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

I spoke with Phil Zimmermann today at some length, and he has informed me 
that users who decide to use the jumo keys generated by the hack of 2.6ui 
will be running a risk of incompatibility on down the line with future 
releases he has planned. You have been warned!

Ever forward,

David

- --
- ---------------------------------------------------------------------------
David Cosenza                                           dcosenza at netcom.com
PGP 2.3a Public Key available by finger  _or_  ftp.netcom.com:/pub/dcosenza
PGP 2.3a Key fingerprint = BF 6C AA 44 C6 CA 13 3F  4A EC 0A 90 AE F3 74 6D
    "When encryption is outlawed, only outlaws will have encryption."


-----BEGIN PGP SIGNATURE-----
Version: 2.3a 

iQCzAgUBLgoyQCjdpAfJZzihAQGXhwTuO79ehD2s5q4c877Uc/+gt5ygytj2cmDD
eUGhKGwqhGco9p/SC3FmtFltSvaTRuMP8GKBbQfXPnSQ4l1i2k11qvQObioKjq7p
gGsb5CwyK47sVzPm/0WvAYcPc0wv1FHmZQOWLjiQEgjR9q3JHMSD0bDnV0zeoV3Q
6G02xeigDGCuGHQMBm4zT2n5ffldDTS0b2vn4AJZxNYPGoAH5nI=
=G/aQ
-----END PGP SIGNATURE-----




From Cypher1 at aol.com  Thu Jun 23 19:43:56 1994
From: Cypher1 at aol.com (Cypher1 at aol.com)
Date: Thu, 23 Jun 94 19:43:56 PDT
Subject: Digital Sigs?
Message-ID: <9406232243.tn104109@aol.com>


I read in yesterday's L.A. Times about something called CommerceNet,
where sellers and buyers of workstation level equipment can meet and
conduct busniess.

Near the end of the article, they talked about a proposed method for 
exchanging "digital signatures" via Moasic (so that buyers and sellers
could _know_ that they were who they said they were) and that they
were going to "submit it to the Internet Standards body"

Is this something new, or am I way gone on this one?

Cyph1 at aol.com






From adam at bwh.harvard.edu  Thu Jun 23 19:52:45 1994
From: adam at bwh.harvard.edu (Adam Shostack)
Date: Thu, 23 Jun 94 19:52:45 PDT
Subject: PGP is Product of the Week
In-Reply-To: <9406240056.AA10178@ininx>
Message-ID: <199406240250.WAA05520@duke.bwh.harvard.edu>


John E. Kreznar:

| A person in the group to which I refer is ``in the US'' by the commonly
| understood geographical definition of that phrase, but has as a matter
| of conscience renounced any citizenship he may have had.  He refuses on
| principle to affirm that he is a national person, and therefore cannot
| use PGP 2.6 because such affirmation is supposed to be required in order
| to obtain PGP 2.6, and may therefore be implicit in each use of PGP 2.6.

[...]

| What version of PGP can such a person use?

2.4/2.7, from ViaCrypt.  They are licensed, without requiring the
buyer to assert that they are a US citizzen, and part of the money you
pay out is for the RSA license.

Viacrypt: 602 944 0773

Adam


-- 
Adam Shostack 				       adam at bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.






From nobody at ds1.wu-wien.ac.at  Thu Jun 23 21:02:05 1994
From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at)
Date: Thu, 23 Jun 94 21:02:05 PDT
Subject: WARNING!
Message-ID: <9406240401.AA24191@ds1.wu-wien.ac.at>


+++++++++++++++++++++++++++++++++

dcosenza at netcom.com wrote:

> I spoke with Phil Zimmermann today at some length, and he has informed me 
> that users who decide to use the jumo keys generated by the hack of 2.6ui 
> will be running a risk of incompatibility on down the line with future 
> releases he has planned. You have been warned!
> 
> Ever forward,

Doesn't part of "ever forward" sometimes involve something "non-standard"
and "running the risk of incompatibility"?  Unless there's something flawed
with the implementation of longer keys, why shouldn't the first to implement
them become the de-facto standard?  If a leter release turns out to be
incompatible with an older one, but it's cryptographically superior, then
it's time to switch, even if it means generating and distributing new keys.
Anyone concerned enough about security to want the "latest and greatest"
crypto package, with longer/stronger keys or whatever, should already be
practicing good key management and generating new keys periodically, anyway.

My only concern would be whether the implementation of longer keys might
possibly "push the envelope" of the math routines used, and thus introduce
subtle, hidden weaknesses.  Two examples might be an RNG that became
non-random with larger numbers, or a primality tester that failed to detect
larger non-primes.  If you have evidence for any of those scenarios, I'd
love to hear it.  Personally, I'm staying with PGP 2.3a until the dust
settles a bit.  I've FTPed the RSAREF 2.6 release, and it remains in its
zipped archive for now.

Just as an aside, can some of the PGP-aware-anon-remailer operators comment
on what they plan to do with respect to the various PGP versions?

++++++++++++++++++++++





From nobody at ds1.wu-wien.ac.at  Thu Jun 23 21:02:05 1994
From: nobody at ds1.wu-wien.ac.at (nobody at ds1.wu-wien.ac.at)
Date: Thu, 23 Jun 94 21:02:05 PDT
Subject: Unofficial release
Message-ID: <9406240401.AA24192@ds1.wu-wien.ac.at>


++++++++++++++++++++++++++++++++++++

> Rumor has it that certain government applications do Diffie Hellman
> with 2K-bit moduli. Given the apparent connections between factoring
> and discrete logarithm (the complexity formulas seem to look very much
> alike), it appears that at least one user feels that keys longer than
> 1K bits provide a desirable safety margin.

I'm still not sure that I understand the original argument against using
keys that are "too long" by someone's standards.  Nor am I sure the analogy
holds up. It would be the security equivalent of saying that it's "paranoid"
to put strong locks on your front door because your windows are made of
glass, and are thus easier to break than the door.

The fact is, most burglars would rather not break a window, if possible,
because it's a glaring sign of forced entry visible even while they're in
the process of burgling, it's noisy, and they could get cut, leaving blood
samples behind and causing themselves pain.

Sure, hypothetically, it might be "easier", in a given case, to monitor RF
(Tempest) leakage vs. breaking a 1K+ key.  OTOH, it would also require
putting monitoring equipment at every Internet user's site vs. collecting
and cracking keys at a centralized location.

Of course, if someone wants to leave his front door unlocked for fear of
being labelled "paranoid", that's his prerogative, I suppose.  Just don't
ridicule others who are more security conscious!

+++++++++++++++++++++





From hfinney at shell.portal.com  Thu Jun 23 22:22:34 1994
From: hfinney at shell.portal.com (Hal)
Date: Thu, 23 Jun 94 22:22:34 PDT
Subject: WARNING!
In-Reply-To: <9406240401.AA24191@ds1.wu-wien.ac.at>
Message-ID: <199406240523.WAA18227@jobe.shell.portal.com>


Nobody writes:

>My only concern would be whether the implementation of longer keys might
>possibly "push the envelope" of the math routines used, and thus introduce
>subtle, hidden weaknesses.  Two examples might be an RNG that became
>non-random with larger numbers, or a primality tester that failed to detect
>larger non-primes.  If you have evidence for any of those scenarios, I'd
>love to hear it.  Personally, I'm staying with PGP 2.3a until the dust
>settles a bit.  I've FTPed the RSAREF 2.6 release, and it remains in its
>zipped archive for now.

I'd like to see PGP eventually remove artifical constraints on key sizes.
The MP package in PGP uses fixed-size buffers, but a more general approach
using variable-sized buffers is used in other packages such as gmp.  These
do not force you to use compiled-in limits on sizes like this.  The basic
multi-precision integer data structure in PGP does have a limit of 64K bits
but that is probably not worth changing.

Remember that it is the owner of a long key who pays most of the price of
using it.  He is the one who has to wait through lengthy signs and decrypts.
The signature-checking and encryption which other people do just involve
a few multiplications and should be pretty fast even for sizable keys.  So
I don't see any reason PGP should take this decision out of people's hands.

>Just as an aside, can some of the PGP-aware-anon-remailer operators comment
>on what they plan to do with respect to the various PGP versions?

I'm still running 2.3.  I figure that when the time comes I'll hack it to
accept 2.6 messages.

Hal





From crame001 at hio.tem.nhl.nl  Fri Jun 24 00:56:53 1994
From: crame001 at hio.tem.nhl.nl (ER CRAMER)
Date: Fri, 24 Jun 94 00:56:53 PDT
Subject: WARNING!
In-Reply-To: <9406240401.AA24191@ds1.wu-wien.ac.at>
Message-ID: <9406240849.AA01379@hio.tem.nhl.nl>


-----BEGIN PGP SIGNED MESSAGE-----


> them become the de-facto standard?  If a leter release turns out to be
> incompatible with an older one, but it's cryptographically superior, then
> it's time to switch, even if it means generating and distributing new keys.

And it is superior indeed... But what are we talking about here. A 1024 bits
key should be save for at least the next 10000 years so who cares if a 5000
bits key could be save for maybe a 1000000 years!!! 

If the big keys are going to be used PGP will be taken away from user that
not can use very fast machines... 

... If you outlaw Privacy, only Outlaws will have Privacy!

Eelco Cramer <crame001 at hio.tem.nhl.nl> ------
- --------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLgqd64DAdPKe9hHLAQHtPQP9FERBDECwHTeexO3IL1hwTh4qeG+aKnpw
+HjGBq2H2C/2ypk0FvRWayOUn75uR/zIHXz33+0a3HzDgu/tlY6luL2L4joKPQHu
muA7qmHVN9KjHYR31GEEsneM2Q/QGJ9yv/yIxz4A5Xe5JIiZ3FCrMmzRFTrTjZrX
LlE8eSS2r7c=
=xBxZ
-----END PGP SIGNATURE-----




From mgream at acacia.itd.uts.edu.au  Fri Jun 24 01:35:35 1994
From: mgream at acacia.itd.uts.edu.au (Matthew Gream)
Date: Fri, 24 Jun 94 01:35:35 PDT
Subject: WARNING!
In-Reply-To: <9406240849.AA01379@hio.tem.nhl.nl>
Message-ID: <9406240837.AA15302@acacia.itd.uts.EDU.AU>


"ER CRAMER" wrote:

> > them become the de-facto standard?  If a leter release turns out to be
> > incompatible with an older one, but it's cryptographically superior, then
> > it's time to switch, even if it means generating and distributing new keys.
> 
> And it is superior indeed... But what are we talking about here. A 1024 bits
> key should be save for at least the next 10000 years so who cares if a 5000
> bits key could be save for maybe a 1000000 years!!! 

And if a near polynomial time method is developed for factoring or
breaking RSA (or any other PKCS you care to mention), super large keys
aren't going to matter a hoot.

Anyway, it's a subjective choice if you decide to use super large keys,
I don't think people should be flamed for making that choice. Sure,
point out to them the fact that it doesn't really give any extra
security, but it makes some people _feel_ secure, so let them be. Some
people waste money protecting themselves against things that are
statistically less likely to happen than things they don't protect
themselves against, but it makes them happy.

If people want to choose large key sizes that aren't supported by
software, then they're the ones that suffer the most, by way of
decreased audience. If enough people use super large keys, then maybe
software developers will come around to supporting them -- market
forces and all that.

It's kind of funny to see bickering over bigger keys, I thought
cypherpunks would be happy with people demanding or wanting bigger keys
:-). What's important is that people are deciding not to use smaller
keys and they're realising the need and requirements for strong crypto
through bigger keys.

Big is good, Bigger is good, Smaller is doubleplus ungood :-)

cheers,
Matthew.

-- 
Matthew Gream <M.Gream at uts.edu.au> -- Consent Technologies, (02) 821-2043
Disclaimer: I'm only a student at UTS, and don't represent them.





From frissell at panix.com  Fri Jun 24 03:18:36 1994
From: frissell at panix.com (Duncan Frissell)
Date: Fri, 24 Jun 94 03:18:36 PDT
Subject: PGP is Product of the
Message-ID: <199406241018.AA17201@panix.com>


To: cypherpunks at toad.com

J >A person in the group to which I refer is ``in the US'' by the 
J >commonly understood geographical definition of that phrase, but has as
J >a matter of conscience renounced any citizenship he may have had.  He
J >refuses on principle to affirm that he is a national person, and
J >therefore cannot use PGP 2.6 because such affirmation is supposed to be
J >required in order to obtain PGP 2.6, and may therefore be implicit in
J >each use of PGP 2.6. On the other hand, if he uses PGP 2.6ui, he risks
J >being accused of violating RSADSI's patent rights, because they will
J >take him to be "in the US", even though he has disaffiliated himself.
J >What version of PGP can such a person use?

Even though your friend is no longer a U.S. Citizen he is a "legal 
resident of the U.S." in that he could not be deported.  Residence is 
defined at law as equal to "domicile" and is under the legal control of 
the individual rather than the State.  "Domicile" is defined as "Actual 
physical presence plus intent to make the place one's home."  Once 
domicile is gained, it persists even if you are away until one acquires a 
new domicile by one's own action.

So he could use the MIT version of PGP.  When their lawyers came up with 
their spastic language about users having to be U.S. Citizens or Green 
Card holders they weren't trying to be exhaustive.  They were clearly 
trying to mirror the ITAR crypto regs.  Since your friend, while not a 
citizen, is not an alien he can possess crypto technology under ITAR and 
thus under the MIT license.

DCF
  

"If Nicole had had a Colt Mk IV Govt. Model, she'd be alive today."
--- WinQwk 2.0b#1165                                                                                                                       





From usura at vox.hacktic.nl  Fri Jun 24 03:31:29 1994
From: usura at vox.hacktic.nl (Usura)
Date: Fri, 24 Jun 94 03:31:29 PDT
Subject: WARNING!
Message-ID: <062494113222Rnf0.78@vox.hacktic.nl >


nobody at ds1.wu-wien.ac.at writes:

>Just as an aside, can some of the PGP-aware-anon-remailer operators comment
>on what they plan to do with respect to the various PGP versions?

The remailers at vox.hacktic.nl are running PGP 2.6 ui. 

Regz,
--
Exit! Stage Left.
Alex de Joode                                 <usura at vox.hacktic.nl>





From rfb at lehman.com  Fri Jun 24 05:21:10 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Fri, 24 Jun 94 05:21:10 PDT
Subject: Unofficial release
In-Reply-To: <9406240401.AA24192@ds1.wu-wien.ac.at>
Message-ID: <9406241220.AA12432@fis1510.lehman.com>


    Date: Fri, 24 Jun 94 06:01:20 +0200
    From: nobody at ds1.wu-wien.ac.at

    I'm still not sure that I understand the original argument against
    using keys that are "too long" by someone's standards.  Nor am I
    sure the analogy holds up. It would be the security equivalent of
    saying that it's "paranoid" to put strong locks on your front door
    because your windows are made of glass, and are thus easier to
    break than the door.

In the case of 8000ish bit keys, the analogy is more like putting 10
foot thick steel doors on your house and leaving the windows open.
I don't think that anyone is suggesting that it's paranoid, but rather
that it's silly.

			Rick





From pcw at access.digex.net  Fri Jun 24 06:07:38 1994
From: pcw at access.digex.net (Peter Wayner)
Date: Fri, 24 Jun 94 06:07:38 PDT
Subject: Cellular Telephone Experimenter's Kit (2600 article)
Message-ID: <199406241307.AA18536@access2.digex.net>


>>This CTEK sounds like a fun toy and I guess I'm glad that it can't be
>>used for cellular phone fraud. That would be an illegitimate use. But,
>>monitoring cell phone traffic is a crime now, right? Is there a legitimate
>>use for the device? Can anyone think of one? 
>
>Several companies make cellular test sets (or optional modules for
>more general purpose RF test sets) that perform functions very much
>like those of the CTEK package. Since we manufacture cell phones, we
>have a perfectly legitimate reason to have a few of those test sets
>around here.  And I know of no special licensing requirements to buy
>them (other than having $20,000 or so in cash).


Sure, I know that Qualcomm could easily justify having the toys around
the place. But what would I say to the cops/FCC when they came knocking?
I was just waiting to get the capital together to set up a phone manufacturing
program? Is there any legitimate use for someone not in the business? 

The best I can come up with is: a wife who wants to track her husbands
progress home so she knows when to throw the steaks on the grill. ("He
always arrives 12 minutes after the he moves into our cell.")



>
>Phil







From pcw at access.digex.net  Fri Jun 24 06:08:00 1994
From: pcw at access.digex.net (Peter Wayner)
Date: Fri, 24 Jun 94 06:08:00 PDT
Subject: PGP is the product of the week!
Message-ID: <199406241307.AA18555@access2.digex.net>



>> 4.  Mentioned earlier... "Attack the NSA budget".  This can be a win and a 
>> loose since a smaller budget could lower our countries defenses.  It is 
>> possible that an attack on the budget would get them to lay off without any 
>> real action needing to be taken.
>     This isn't truly an issue. The NSA had it's hey-day during the Cold
>War.  Now that that's over, and the same level of effort can be attuned to
>fewer enemies, one would think that they don't NEED a bigger budget.

"Fewer" enemies? Yugoslavia is now split into at least 5 pieces. Before we
only needed to monitor the line from Moscow to Tito. All the orders came 
down this line and Yugoslavia did what they were told, more or less. No one
in the US had to seriously wonder about the differences between Bosnia, Serbia,
Croatia etc... We didn't need to monitor the different governments in the
different regions.  

The ex-SU is now split into too many pieces for me to count. Some of them
have nuclear weapons that they don't want to turn over. Others have military
ships. Before, it was enought to have a good presence in Moscow. Now you
need to be in Kiev, Lvov, Talinn, etc... 

North Korea, the Mid East and Cuba are the only places that still need the
same amount of attention that they needed during the Cold War. This is
because they're already maxed out. 


>
>                                        --Jeff
>--
>======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
>  ==    ==        | The new, improved, environmentally safe, bigger, better,|
>  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
>====    ======    | Now with a new fresh lemon scent!                       |
>PGP Key Available +---------------------------------------------------------+ 







From jgostin at eternal.pha.pa.us  Fri Jun 24 09:06:03 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Fri, 24 Jun 94 09:06:03 PDT
Subject: (None)
Message-ID: <940624112412J9wjgostin@eternal.pha.pa.us>


pcw at access.digex.net (Peter Wayner) writes:

> "Fewer" enemies?
     I am of the opinion that most of the Post SU countries will amount to
no serious threat. Remember, most of our problem was with Moscow. Most of
the SU didn't especially care about us -- they were more concerned with
eating dinner that night. As a result, yes, there are a few emerging hot
spots, but they aren't _our_ enemies. The Bosnia deal is a local political
problem. It is _not_ a threat to US security, much as Clinton would like
us to think it is... ;-)

> Croatia etc... We didn't need to monitor the different governments in the
> different regions.  
     True, but, most of that died. Yugoslavia, for example, is hardly a
threat to us. Our problems in the past were mostly with Moscow. Most of
the rest of the SU was not an issue. So yes, we have more governments to
watch, but fewer enemies.

> The ex-SU is now split into too many pieces for me to count. Some of them
> have nuclear weapons that they don't want to turn over. Others have military
> ships.
     Yes, they have Nukes. If I did, in their shoes, you're damn right I
wouldn't want to give them up! Yes, they bear watching. Hell, even Israel,
our military ally, bears watching. That doesn't mean they require the same
level of surveillance.

> North Korea, the Mid East and Cuba are the only places that still need the
> same amount of attention that they needed during the Cold War. This is
> because they're already maxed out. 
     NK is a hot spot at the moment. Even if the C/W was still in effect
and the SU still in force, NK would probably still be a problem now. The
Middle Eastern area still requires a mind-boggling amount of watching.
That situation is just too volatile not to watch it. However, I find it
hard to buy into the fact that we're going to give 100% to Middle East,
and the same 100% to Russia, who not only still can't feed it's people,
but has SERIOUS financial problems. 


                                             --Jeff

--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 
--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From sameer at c2.org  Fri Jun 24 09:19:27 1994
From: sameer at c2.org (sameer)
Date: Fri, 24 Jun 94 09:19:27 PDT
Subject: remail@c2.org supports X-Anon-To and Request-Remailing-To
Message-ID: <199406241617.JAA28769@infinity.c2.org>


	I forgot when I moved the code over from remailer at soda over
here to accept X-Anon-To: and Request-Remailing-To:

	I prefer Anon-Send-To: because it differentiates between Send
and Post, such as with Anon-Post-To:

	Well here's a list of the commands remail at c2.org supports:

Subject		"remailer-info"	pipe A	instructions.pl
X-Ping		"--PING--"	pipe A  pinger.pl

# anon block response header
Response-Key		""	pipe A	reply.pl
# remailing headers - non-anon
Send-To			""	pipe A	send.pl

# remailing headers - anon
Anon-To			""	pipe A  anon-send.pl
Request-Remailing-To	""	pipe A	anon-send.pl
X-Anon-To		""	pipe A	anon-send.pl
Anon-Send-To		""	pipe A	anon-send.pl

# posting headers - not anon
Post-To			""	pipe A	post.pl

# posting headers - anon
Anon-Post-To		""	pipe A	anon-post.pl

Resp-To			""	pipe A	resp-send.pl
Resp-Send-To		""	pipe A	resp-send.pl
Resp-Post-To		""	pipe A	resp-post.pl

Encrypted		PGP	pipe A	pgpmail.pl

#
*                       ""      pipe ?  recurse.pl

	

-- 
sameer						Voice:   510-841-2014
Network Administrator				Pager:	 510-321-1014
Community ConneXion: The NEXUS-Berkeley		Dialin:  510-841-0909
http://www.c2.org (or login as "guest")			sameer at c2.org




From mattt at microsoft.com  Fri Jun 24 09:37:44 1994
From: mattt at microsoft.com (Matt Thomlinson)
Date: Fri, 24 Jun 94 09:37:44 PDT
Subject: Differences in key generation
Message-ID: <9406241539.AA13877@netmail2.microsoft.com>


I've recently been asked if there are any differences in key generation 
techniques between US and non-US encryption programs.

For that matter, are there any *basic* differences between foreign and 
domestic encryption algorithms? (IDEA, LUC, etc..?)

I know the question is worded poorly; I'm wondering if there *is* a 
difference (I haven't ever assumed there was).

This is very important and I need a response by midafternoon. :l

matt
(formerly phantom at u.washington.edu)





From hfinney at shell.portal.com  Fri Jun 24 10:00:53 1994
From: hfinney at shell.portal.com (hfinney at shell.portal.com)
Date: Fri, 24 Jun 94 10:00:53 PDT
Subject: WARNING!
Message-ID: <199406241702.KAA19766@jobe.shell.portal.com>


mgream at acacia.itd.uts.edu.au (Matthew Gream) writes:

>"ER CRAMER" wrote:

>> But what are we talking about here. A 1024 bits
>> key should be save for at least the next 10000 years so who cares if a 5000
>> bits key could be save for maybe a 1000000 years!!! 

After the RSA-129 factoring there was considerable discussion on sci.crypt
about how much harder a 1024 bit key would be using current algorithms.
There was some disagreement, but it did not seem that a 1024 bit key would
be good for 10000 years; as I recall, the time scale was more like a few
decades before it would fall to an attack as expensive as RSA-129.  Larger
keys with 2K bits, OTOH, were good for thousands or millions of years
(of course it's hard to extrapolate computer power out that far).  Does
anyone have more precise numbers?

>And if a near polynomial time method is developed for factoring or
>breaking RSA (or any other PKCS you care to mention), super large keys
>aren't going to matter a hoot.

People have been talking as though the only possible improvements
to factoring algorithms would be to jump to polynomial or near-polynomial
time.  Obviously it is equally possible that improvements will occur as
they have in the past, reductions to the exponents or constant factors but
still an exponential algorithm.  In such a scenario it is very plausible
that 1K bit keys would be unsafe while keys of a few K would be fine.

Hal





From jamesd at netcom.com  Fri Jun 24 14:50:11 1994
From: jamesd at netcom.com (James A. Donald)
Date: Fri, 24 Jun 94 14:50:11 PDT
Subject: RSA Key Size & QP
In-Reply-To: <199406221823.LAA11794@mail2.netcom.com>
Message-ID: <199406242150.OAA19559@netcom14.netcom.com>



catalyst-remailer at netcom.com writes
> 
> A wild card here is the recent work in quantum computing,  done
> at AT&T and reported in a recent post by Pal Vitanyi.
> With a specialized quantum computer (not clear yet whether one could
> economically built it, but it's theoretically possible) one
> can factor in polynomial time (computational class "QP", or
> something like that).  If cycles on such a computer would be,
> say, 1,000 times more expensive than on your PC,

The limit will not be cost per cycle, but the problem of maintaining
quantum coherence over a large area for a long time.

My guess would be that some time in the next thirty odd years
we will see quantum computers that can maintain quantum coherence
over a few hundred bits of memory for a few hundred CPU cycles.

This will make possible many useful and interesting tasks that
classical computers cannot do, but I doubt that cracking thousand
bit keys will be one of those tasks.

If cracking big keys using quantum computers does become feasible
in the near future, we will have several years of advance warning,
during which we will switch to some alternative, less convenient
cryptography system.



-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our    |
property, because of the kind of animals that we |         James A. Donald
are.  True law derives from this right, not from |
the arbitrary power of the omnipotent state.     |         jamesd at netcom.com




From fhalper at pilot.njin.net  Fri Jun 24 14:54:10 1994
From: fhalper at pilot.njin.net (Frederic Halper)
Date: Fri, 24 Jun 94 14:54:10 PDT
Subject: test ignore
Message-ID: <9406242154.AA03816@pilot.njin.net>


just a test for my .mailrc file please ignore.





From jdwilson at gold.chem.hawaii.edu  Fri Jun 24 17:34:22 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Fri, 24 Jun 94 17:34:22 PDT
Subject: Digital Sigs?
In-Reply-To: <9406232243.tn104109@aol.com>
Message-ID: <Pine.3.07.9406241443.E13166-a100000@gold.chem.hawaii.edu>



On Thu, 23 Jun 1994 Cypher1 at aol.com wrote:

> I read in yesterday's L.A. Times about something called CommerceNet,
> 
> Is this something new, or am I way gone on this one?

Recently on line.  And NOT cheap!

They are inferring the upcoming Secure Mosaic from NCSA for PK technology.


-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |     finger for full PGP key        >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>













From peace at BIX.com  Fri Jun 24 20:19:46 1994
From: peace at BIX.com (peace at BIX.com)
Date: Fri, 24 Jun 94 20:19:46 PDT
Subject: Windows source for PGP
Message-ID: <9406242251.memo.83189@BIX.com>


Folks:

I am looking for the source for a Windows front end for PGP.
I know that WINFRONT is available (on special application)
in source, but it's written in Visual Basic.  I guess that
I could get VB and learn it, but I was hoping that someone
knew of a C version.  It doesn't need to be particularly
polished, since I will be making some changes to suit my
own format.  I know its a lot to ask, but I can hope, can't I.
(The path name would help too.)

Peace





From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Fri Jun 24 21:30:17 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Fri, 24 Jun 94 21:30:17 PDT
Subject: difficulty of factoring / commerce net / etc
Message-ID: <772518130/vac@FURMINT.NECTAR.CS.CMU.EDU>



My mosaic page has pointers for these topics an many others:

   ftp://furmint.nectar.cs.cmu.edu/security/README.html

For these two topics, there is a section on factoring and a pointer
to http://www.commerce.net.

I have added a lot since it first came out.  It can really be used like
a FAQ at this point.  If you are looking for cypherpunks things, this
is a good place to start.

Please let me know if you know of any cypherpunk pages I am not yet
pointing to.

  -- Vince





From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU  Sat Jun 25 00:02:06 1994
From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU)
Date: Sat, 25 Jun 94 00:02:06 PDT
Subject: Secure Mosaic / Net surfing
Message-ID: <772527133/vac@FURMINT.NECTAR.CS.CMU.EDU>



I was surfing off the edges of my page and came across a 
page about secure http/mosaic.  The page is:

     http://hoohoo.ncsa.uiuc.edu/docs/PEMPGP.html

I include ASCII of this below.

  -- Vince


 Using PGP/PEM encryption

This document is formatted roughly like a FAQ. Here are the section headings: 

   What is PGP/PEM encryption? 
   How are they used in HTTP? 
   What do I need to use it? 
   How do the keys get distributed? 
   How bulletproof is it? 
   Installation: server side. 
   Installation: client side. 
   What does the protocol look like? 



What is PGP/PEM encryption?

PGP and PEM are programs to allow you and a second party to communicate
in a way which does not allow third parties to read them, and which
certify that the person who sent the message is really who they claim
they are. 

PGP and PEM both use RSA encryption. The U.S. government has strict
export controls over foreign use of this technology, so people outside
the U.S. may have a difficult time finding programs which perform the
encryption. 



How are they used in HTTP?

We have implemented a system by which NCSA Mosaic and NCSA httpd call
external programs which encrypt and decrypt their communications and
thus provide secure communications between the server and the client
and ensure that a user is who he/she says they are. This system
currently has hooks for PEM encryption as well as PGP encryption. As
interest in this area grows, more will most likely be added. 



What do I need to use it?

You will need a working copy of either Pretty Good Privacy or RIPEM to
begin with. You should be familiar with the program and have generated
your own public/private key pair. 

You should be able to use the TIS/PEM program with the PEM
authorization type. I haven't tried it. This tutorial is written
assuming that you are using RIPEM. 



How do the keys get distributed?

Currently, we have implemented this protocol with PEM and PGP using
local key files on the server side, and on the client side with PEM
using finger to retrieve the server's public key. 

As you can tell, parties who wish to use Mosaic and httpd with PEM or
PGP encryption will need to communicate beforehand and find a
tamper-proof way to exchange their public keys. 



How bulletproof is it?

Pioneers get shot full of arrows. This work is currently in the
experimental stages and thus may have some problems that I have
overlooked. There aren't any that I can see but I've been looking at it
for a long time. There may be some quirks in the additions to Mosaic
and httpd as well. In particular, error recovery is not always as
helpful as it could be. 

The only known problem that I know about is that the messages are
currently not timestamped. This means that a malicious user could
record your encrypted message with a packet sniffer and repeat it back
to the server ad nauseum. Although they would not be able to read the
reply, if the request was something you were being charged for, you may
have a large bill to pay by the time they're through. 



Installation: The Server Side

First, you must compile httpd with CFLAGS set to -DPEM_AUTH. This will
enable the PEM and PGP authentication directives. 

Next, look in the support/auth directory. This directory contains your
encryption and decryption scripts, as well as bins for your remote
users' public keys. 

Edit ripem-dec, ripem-enc, pgp-enc, and pgp-dec and follow the
instructions therein. You need not set up PGP if you don't plan to use
it, and same with RIPEM. 

Now, edit your server configuration file, usually conf/httpd.conf. You
will want to add three new directives for PGP and three new directives
for PEM depending on which you plan to use (or both). 

PEMEncryptCmd /usr/local/etc/httpd/auth/ripem-enc
PGPEncryptCmd /usr/local/etc/httpd/auth/pgp-enc

These directives change what executables httpd will look for when it is
trying to encrypt its reply to a client. Edit the pathnames to taste.

PEMDecryptCmd /usr/local/etc/httpd/auth/ripem-dec
PGPDecryptCmd /usr/local/etc/httpd/auth/pgp-dec

These directives change what executables httpd will look for when it is
trying to decrypt the client's request. 

PEMServerEntity webmaster at foobar.org
PGPServerEntity webmaster at foobar.org

These directives set your entity name. This should be the same as the
name you place on the public/private keys you generate for your server.
If you make these directives different than the key names, your server
and its client will become hopelessly confused. 

You are now ready to protect directories of your server with this
authorization scheme. 

For a directory you want to protect, you should first set its AuthType.
Use AuthType PGP for a directory you are protecting with PGP and
AuthType PEM for a directory you are protecting with PEM.

The require directive accepts key names as its arguments. The
AuthGroupFile directive is valid as well, to create groups of keys. A
full example: 

AuthType PEM
AuthGroupFile /httpd/.htgroup-pem
Options None
<Limit GET>
require user robm at ncsa.uiuc.edu
require group pemusers

Let's say /httpd/.htgroup-pem reads: 

pemusers: pls at ncsa.uiuc.edu In this case, this directory will be
protected with PEM encryption and will require that only users
robm at ncsa.uiuc.edu and pls at ncsa.uiuc.edu be allowed to access that
directory. 



Installation: the Client Side

First, get a copy of Mosaic/X 2.2. If it hasn't been released yet, be
patient. Compile it with -DPEM_AUTH to enable PEM/PGP authentication.

Follow the instructions in each of the scripts in the auth subdirectory
to customize them to your setup. 

There are six new X resources which have been defined for PEM/PGP
authentication.  They are: 

Mosaic*pemEncrypt: /X11/robm/Mosaic/auth/ripem-enc
Mosaic*pemDecrypt: /X11/robm/Mosaic/auth/ripem-dec
Mosaic*pemEntity: robm at ncsa.uiuc.edu
Mosaic*pgpEncrypt: /X11/robm/Mosaic/auth/pgp-enc
Mosaic*pgpDecrypt: /X11/robm/Mosaic/auth/pgp-dec
Mosaic*pgpEntity: robm at ncsa.uiuc.edu

You should change the Encrypt and Decrypt entries to reflect where you
are going to install your encryption and decryption crypts. You should
change the Entity lines to the key name you have given the server
maintainers for yourself. If you don't, bad things will happen. 



What does the protocol look like?

This protocol is almost word-for-word a copy of Tony Sander's RIPEM
based scheme, generalized a little. Below, wherever you see PEM you can
replace it with PGP and get the same thing.

Client: 

GET /docs/protected.html HTTP/1.0
UserAgent: Mosaic/X 2.2


Server: 

HTTP/1.0 401 Unauthorized
WWW-Authenticate: PEM entity="webmaster at hoohoo.ncsa.uiuc.edu"
Server: NCSA/1.1


Client: 

GET / HTTP/1.0
Authorization: PEM entity="robm at ncsa.uiuc.edu"
Content-type: application/x-www-pem-request

--- BEGIN PRIVACY-ENHANCED MESSAGE ---
this is the real request, encrypted
--- END PRIVACY-ENHANCED MESSAGE ---

Server: 

HTTP/1.0 200 OK
Content-type: application/x-www-pem-reply

--- BEGIN PRIVACY-ENHANCED MESSAGE ---
this is the real reply, encrypted
--- END PRIVACY-ENHANCED MESSAGE ---

That's it. 


Almost all of this stuff is my fault (including the implementations),
so direct comments about it to me. 

Rob McCool, robm at ncsa.uiuc.edu 





From michael.shiplett at umich.edu  Sat Jun 25 02:47:04 1994
From: michael.shiplett at umich.edu (michael shiplett)
Date: Sat, 25 Jun 94 02:47:04 PDT
Subject: Secure Mosaic / Net surfing
In-Reply-To: <772527133/vac@FURMINT.NECTAR.CS.CMU.EDU>
Message-ID: <199406250946.FAA16762@totalrecall.rs.itd.umich.edu>


"vc" == Vincent Cate <Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU> writes:

vc> I was surfing off the edges of my page and came across a page
vc> about secure http/mosaic. The page is:

vc>      http://hoohoo.ncsa.uiuc.edu/docs/PEMPGP.html

  This is not the SHTTP work being done for CommerceNet--it is more a
proof of concept for doing PK encryption of HTTP requests. It has a few
shortcomings:
  1) The server identity is passed over an insecure connection without
     any way for the client to verify it.
  2) The server's public key are obtained via finger.
  3) Requests are subject to replay attacks.

  To be fair, the document mentions (2) & (3).

  There are, at least, a couple projects adding security to
HTTP--Shen Security Enhancements to HTTP and Secure HTTP.

The former may be found at
    http://info.cern.ch/hypertext/WWW/Shen/ref/shen.html

while SHTTP is available as
    WWW   http://www.commerce.net/information/standards/drafts/shttp.txt
    Email shttp-info at commerce.net
    FTP   ftp://ftp.commerce.net/pub/standards/drafts/shttp.txt

  I do not know if the differences between the two have been resolved
so that there is a single proposal for secure web transactions.

michael





From paul at hawksbill.sprintmrn.com  Sat Jun 25 08:09:35 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Sat, 25 Jun 94 08:09:35 PDT
Subject: NIST responds to LEAF-blower
Message-ID: <9406251612.AA20677@hawksbill.sprintmrn.com>



 
FYI -
 
extracted from:
 
RISKS-LIST: RISKS-FORUM Digest  Friday 17 June 1994  Volume 16 : Issue 17
 
------------------------------
 
Date: Thu, 16 Jun 1994 17:29:40 -0400 (EDT)
From: ROBACK at ENH.NIST.GOV
Subject: NIST Response to Blaze Attack on Clipper
 
Note: The following material was released by NIST in response to recent
articles regarding AT&T/Matt Blaze and the key escrow chip.  A second more
technical response follows.
 
                    -------------------------
June 2, 1994
Contact:  Anne Enright Shepherd
(301) 975-4858
 
The draft paper by Matt Blaze* describes several techniques aimed at
circumventing law enforcement access to key escrowed encryption products based
on government-developed technologies.
 
As Blaze himself points out, these techniques deal only with the
law-enforcement feature, and in no way reduce the key escrow chips' inherent
security and data privacy.
 
     --   "None of the methods given here permit an attacker to
          discover the contents of encrypted traffic or
          compromise the integrity of signed messages.  Nothing
          here affects the strength of the system from the point
          of view of the communicating parties...." p. 7.
 
Furthermore, Blaze notes that the techniques he is suggesting are
of limited use in real-world voice applications.
 
     --   "28 minutes obviously adds too much latency to the
          setup time for real-time applications such as secure
          telephone calls." p. 7.
 
     --   "The techniques used to implement them do carry enough
          of a performance penalty, however, to limit their
          usefulness in real-time voice telephony, which is
          perhaps the government's richest source of wiretap-
          based intelligence." p. 8.
 
Anyone interested in circumventing law enforcement access would most likely
choose simpler alternatives (e.g., use other nonescrowed devices, or super
encryption by a second device).  More difficult and time-consuming efforts,
like those discussed in the Blaze paper, merit continued government review --
but they are very unlikely to be employed in actual communications.
 
All sound cryptographic designs and products consider trade-offs among design
complexity, costs, time and risks.  Voluntary key escrow technology is no
exception.  Government researchers recognized and accepted that the law
enforcement access feature could be nullified, but only if the user was
willing to invest substantial time and trouble, as the Blaze report points
out.  Clearly, the government's basic design objective for key escrow
technology was met: to provide users with very secure communications that will
still enable law enforcement agencies to benefit from lawfully authorized
wiretaps.  It is still the only such technology available today.
 
Today, most Americans using telephones, fax machines, and cellular phones have
minimal privacy protection.  The key escrow technology -- which is available
on a strictly voluntary basis to the private sector -- will provide the
security and privacy that Americans want and need.
 
*    Statements from "Protocol Failure in the Escrowed Encryption
     Standard," May 20 draft report by Matt Blaze, AT&T Bell
     Laboratories
                              -----
 
Note: The following provides additional technical material in response to
questions regarding a recent paper by Matt Blaze on key escrow encryption.
 
        --------------------------------------
                              
Technical Fact Sheet on Blaze Report and Key Escrow Encryption
 
     Several recent newspaper articles have brought attention to a report
prepared by Dr. Matthew Blaze, a researcher at AT&T's Bell Labs. These
articles characterize a particular finding in Blaze's report as a ~flaw~ in
the U.S. government's key escrow encryption technology. None of the findings
in Dr. Blaze's paper in any way undermines the security and privacy provided
by the escrow encryption devices.
 
     The finding which has received the most publicity could allow a
non-compliant or ~rogue~ application to send messages to compliant or
~non-rogue~ users which will not be accessible by law enforcement officials
through the escrowed encryption standard field called the Law Enforcement
Access Field (LEAF).
 
     Dr. Blaze's approach uses the openly disclosed fact that the LEAF
contains 16-bit checkword to prevent rogue users from modifying the law
enforcement access mechanism. This 16-bit checkword is part of the 128-bit
LEAF, which also includes the enciphered traffic key and the unique chip
identifier.
 
     Dr. Blaze's method is to randomly generate different 128-bit LEAFs until
he gets one that passes the checkword. It will take on average 216, or 65,536
tries.  This is not a formidable task; it could be done in less than an hour.
Dr. Blaze questions the adequacy of a 16-bit checkword and suggests using a
larger one, to ensure that the exhaustion attack would be so time consuming as
to be impractical.
 
     The chip designers recognized the strengths and limitations of a 16-bit
checkword. Following are the reasons why they chose to use a checkword of only
16 bits:
 
* There were four fundamental considerations that the designers considered in
choosing the LEAF parameters.
 
These were:
 
(1) ease of access by authorized law enforcement agencies, 
 
(2) impact on communications, 
 
(3) a sufficiently large identifier field which would not constrain
manufacturers, and
 
(4) the difficulty required to invalidate the LEAF mechanism by techniques
such as those described by Dr. Blaze.
 
* The purpose of the LEAF is to preserve law enforcement's ability to access
communications in real-time. The encrypted traffic key, which enables them to
do this, is 80 bits long. In addition to this 80-bit field, the LEAF must
contain the unique identification number of the key escrow encryption chip
doing the encryption.
 
* The size of the identifier field was the subject of considerable
deliberation.  In the earliest considerations it was only 25 bits long. The
chip designers recognized that 25 bits did not offer enough flexibility to
provide for multiple manufacturers of key escrow devices. Different chip
manufacturers would need manufacturer identifiers as well as their own chip
identifiers to ensure that identifiers are unique. Eventually, the designers
agreed that 32 bits would adequately meet this requirement.
 
* In many environments, error-free delivery of data is not guaranteed, and
there is considerable concern by communication engineers that requiring
error-free transmission of a fixed field (the LEAF) could make the encryption
device difficult to use. In early discussions with industry, they were opposed
to any checkword.  In the end, they agreed it would be acceptable if the size
of the LEAF was restricted to 128 bits. This left 16 bits for a checkword to
inhibit bypassing the LEAF. While recognizing the possibility of exhausting
these 16 bits, the designers concluded that 16 bits are adequate for the first
intended application. Security enhancements are being made for other
applications, such as the TESSERA card.
 
Note that computations are required to search for a matching checkword, which
then has to be properly substituted into the communications protocol. The
performance and cost penalties of the search operation are significant for
telephone, radio, and other such applications, thus providing adequate
protection against this technique for bypassing the LEAF.
 
In summary:
 
* Although this technique would allow one to bypass the LEAF, the security
provided by the escrow encryption devices would not be altered. Users'
information would still be protected by the full strength of the encryption
algorithm.
 
* Dr. Blaze was accurate in noting that these attacks are of limited
effectiveness in real-time telephony.
 
* When designing the key escrow chip, NSA emphasized sound security and
privacy, along with user friendliness. The attacks described by Dr. Blaze were
fully understood at the time of initial chip design. The use of 16 bits for
the checkword was an appropriate choice in view of the constraints of a
128-bit LEAF.  It provides excellent security for real-time telephone
applications with high assurance that law enforcement's interests are
protected.
 
* Dr. Blaze's research was done using prototype TESSERA cards.  As part of the
family of planned releases/upgrades, NSA already has incorporated additional
security safeguards into the production TESSERA cards to protect against the
kinds of attacks described by Dr. Blaze.
 
-------- end of article ----------------------
 
 
_______________________________________________________________________________
Paul Ferguson                         
US Sprint 
Managed Network Engineering                        tel: 703.904.2437 
Herndon, Virginia  USA                        internet: paul at hawk.sprintmrn.com





From nobody at shell.portal.com  Sat Jun 25 10:06:11 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Sat, 25 Jun 94 10:06:11 PDT
Subject: PGP public key for soda.berkeley remailer?
Message-ID: <199406251707.KAA04021@jobe.shell.portal.com>


Does somebody have the correct PGP public key for the
remailer at soda.berkeley.edu remailer?  Nothing I've sent there for posting
has ever shown up, and I suspect I've got a bad key on my ring for them!





From r6788 at hopi.dtcc.edu  Sat Jun 25 13:48:21 1994
From: r6788 at hopi.dtcc.edu (Joseph R. Rach)
Date: Sat, 25 Jun 94 13:48:21 PDT
Subject: MacPGP2.6
Message-ID: <Pine.3.87.9406251645.A14050-0100000@hopi.dtcc.edu>



Hello,

  Does anyone know how to get MacPGP to sign with a different secret key then
it's orginal one? I have two different keys in secring.pgp, but MacPGP refuses
to accept the new one. I even made two seperate secret rings (one for each)
and when I try the ring with the newer key in it, it tells me that it can't
find my other key. This is fustrating for me. 2.3 lets me pick my key, and 
2.6 will only let me use one. Anybody have a solution??? 
 
                             Thanks in advance.


ps - I wish MIT had come out with a MacPGP2.5 release. 
________________________________________________________________________________
                      Joseph R. Rach <r6788 at hopi.dtcc.edu>
                    Delaware Technical and Community College







From jis at mit.edu  Sat Jun 25 17:28:05 1994
From: jis at mit.edu (Jeffrey I. Schiller)
Date: Sat, 25 Jun 94 17:28:05 PDT
Subject: MacPGP2.6
Message-ID: <9406260027.AA11131@big-screw>


Hmmm. I just tried and was unable to reproduce your problem. I created a
secret keyring which contained two keys. MacPGP2.6 happily let me select
either one. How did you wind up with two keys? Did MacPGP generate them
both or did you import one (or both) of them? What actually happens when
you attempt to use the one that MacPGP doesn't want to use?

			-Jeff

P.S. We might want to move this conversation to pgp-bugs at mit.edu





From r6788 at hopi.dtcc.edu  Sat Jun 25 18:21:46 1994
From: r6788 at hopi.dtcc.edu (Joseph R. Rach)
Date: Sat, 25 Jun 94 18:21:46 PDT
Subject: MacPGP2.6
In-Reply-To: <9406260027.AA11131@big-screw>
Message-ID: <Pine.3.87.9406252124.A16956-0100000@hopi.dtcc.edu>



Thanx,

  I got it to work finally!!! I have to change config.txt and restart the 
application in order to use both keys. The menu after selecting file-
encrypt/sign no longer exists? Is the wipe file option still part of the
program?

  I'd like to suggest that the next release of USA legal MacPGP have the
option to choose MyName within the program. It's a pain to edit config.txt,
quit, and restart the program everytime you want to choose a different
secret key.

  I congradulate all the work and effort put into this program. It's truely
amasing.

                              Thanks again...
________________________________________________________________________________
                      Joseph R. Rach <r6788 at hopi.dtcc.edu>
                    Delaware Technical and Community College







From dcosenza at netcom.com  Sat Jun 25 19:17:03 1994
From: dcosenza at netcom.com (dcosenza at netcom.com)
Date: Sat, 25 Jun 94 19:17:03 PDT
Subject: FYI
Message-ID: <199406260217.TAA01118@netcom7.netcom.com>


-----BEGIN PGP SIGNED MESSAGE-----

I spoke to Phil Zimmermann again today, and as per his request I have
removed the hack of 2.6ui from ftp given that PGP is Phil's intellectual
property and I respect him. In its place I have ftp'd Mathew's 2.6ui, I 
recommend it to all of you who want upward and downward compatibility
with official versions of the software.

Ever forward,

David

PS, I know that an 8176 bit key is absurd from a security standpoint,
for that matter so might a 4096 bit key, but there are users who feel 
they need such a capability and for their sake I sincerely hope that a 
future version of PGP addresses this concern at least up to 4096 bits. :-)

- --
- ---------------------------------------------------------------------------
David Cosenza                                           dcosenza at netcom.com
PGP 2.3a Public Key available by finger  _or_  ftp.netcom.com:/pub/dcosenza
PGP 2.3a Key fingerprint = BF 6C AA 44 C6 CA 13 3F  4A EC 0A 90 AE F3 74 6D
    "When encryption is outlawed, only outlaws will have encryption."


-----BEGIN PGP SIGNATURE-----
Version: 2.3a 

iQCzAgUBLgzbqCjdpAfJZzihAQGplwTvQhu5SdwRhzBC1PDRpv+w51Z6iJU3VPY3
qhWH3neM6nlzA3sICdkQDW2EuifoaQ5un1zLGG1UMvITSDFpmDvEraenHyY0wa1e
Tz3Wlm2mAmHdA82nSv6IEN52cQahPo11XjK6a0kuRuGLK3rF87ldoToQ91fhJ+dI
Ycsijo627a36OzgIiNSPeGiWVID59kqp/F0suhgq4esQNHHRyN0=
=FFy4
-----END PGP SIGNATURE-----




From 0005514706 at mcimail.com  Sat Jun 25 21:41:13 1994
From: 0005514706 at mcimail.com (Michael Wilson)
Date: Sat, 25 Jun 94 21:41:13 PDT
Subject: One man's view on Clipper...
Message-ID: <21940626043912/0005514706NA5EM@mcimail.com>


Cypherpunks...  just thought I would contribute my two cents on the recent 
developments, by showing you a response I wrote to a friend on the issue 
recently.  I've been building anti-Clipper sentiment in some 'old school' 
businessmen friends of mine, since my belief is in free markets and money 
trails...

===
>Many thanks for the messages -- Clipper is still bothering a bunch of
>people including me, and I hope the cyberworld will do something organized
>about it.  If I were more competant in computers than I am I would be
>willing to lead the charge.

The politics of Clipper are insidious.  If it actually gets passed off as the 
standard, it will show up in pretty much any standard product that will hook 
into the grid.  Most people, since there is already encryption built into the 
products they use, won't advocate the use of anything else, and more 
importantly, won't PAY for anything additional.  I can tell you from experience,
people won't buy security products, there is no security market; security is 
something that people expect to get built in to a system.  The only reason that 
there is any market to speak of at all is a symptom of just how bad the current 
security situation is--essentially, most systems, including critical ones, are 
wide open, and you can certainly say that secure communications make up less 
than 1% of the total amount of traffic on the grid.

So what happens when Clipper gets in?  People once again abdicate responsibility
for handling their own security and secure communications.  Why pay more (money,
time, effort) when it is already taken care of?  The market for competing 
products dries up; interest dies.  If there is no money, how can you expect to 
pursue a product or create a market?  There is no perceived need to address.  
And so Big Brother wins; they once again become the only experts in the field, 
since they are the only ones with the money to continue playing the game.  
Direct outlawing of the technology would only make martyrs of the people trying 
to present it.  Instead, the government is striking in a much more intelligent 
and, from my viewpoint, dangerous strategy.  Their [govt] encryption scheme is 
good enough...  Yes, there are holes, but only to 'hackers'...  People who want 
to have secrets must have something to hide...  Only criminals will need to 
protect themselves, and have additional security and cryptography....  The folks
at NSA have struck a blow from a very advanced PsyOps perspective, rather than a
cryptographic one.  They destroy the marketplace, and also attack any popular 
support that could be put to good use by the opposition [cypherpunks].  Does 
this outlaw other cryptographic methods?  Not at all; there is the fiction of 
choice still available (the old game of "let them hold free elections as long as
we get to choose the candidates").  Cypherpunks and others who are concerned 
will be the 'lunatic fringe.'  And their more secure traffic will stand out like
a sore thumb; somebody somewhere will be making lists.

So at this stage, I am increasingly convinced that the solution, actually the 
groundrules of the game, are not technical at all, but belong solidly in the 
realm of political warfare.  It just so happens that I know more than a little 
about that game.
===

The rest of the communication is confidential, but I thought you folks would 
appreciate some additional thoughts.

Michael Wilson
Managing Director, The Nemesis Group
An old hand at political warfare...





From jgostin at eternal.pha.pa.us  Sun Jun 26 01:05:27 1994
From: jgostin at eternal.pha.pa.us (Jeff Gostin)
Date: Sun, 26 Jun 94 01:05:27 PDT
Subject: One man's view on Clipper...
Message-ID: <PXLioc2w165w@eternal.pha.pa.us>


Michael Wilson <0005514706 at mcimail.com> writes:

> Cypherpunks...  just thought I would contribute my two cents on the recent 
> developments, by showing you a response I wrote to a friend on the issue 
> recently.  I've been building anti-Clipper sentiment in some 'old school' 
> businessmen friends of mine, since my belief is in free markets and money 
> trails...
     My congratulations on a well-written document. I agree 100% with what
you said on a cursory view. I haven't looked into this very deeply yet.
But, the points you bring up are valid, and need to EXPLOITED before
Clipper becomes a standard. Even then, I'll still use PGP, or whatever the
newest secure gizmo is at the time. Let them put me on a list for
protecting my privacy. It'd be an honor to be recognized for it.

                                        --Jeff

--
======  ======    +----------------jgostin at eternal.pha.pa.us----------------+
  ==    ==        | The new, improved, environmentally safe, bigger, better,|
  ==    ==  -=    | faster, hypo-allergenic, AND politically correct .sig.  |
====    ======    | Now with a new fresh lemon scent!                       |
PGP Key Available +---------------------------------------------------------+ 





From catalyst-remailer at netcom.com  Sun Jun 26 11:41:14 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Sun, 26 Jun 94 11:41:14 PDT
Subject: Linux under SecureDrive partition?
Message-ID: <199406261841.LAA07093@mail2.netcom.com>


1. Where can I get the latest/greatest copy of SecureDrive?
(I'm a U.S. resident).

2. Can I install Linux underneath a SecureDrive partition --
say, DOS on C:, Linux under SecureDrive under D: and the
Linux swap also under SecureDrive. So that the C: DOS
partition is in the clear, and all the good stuff running
under Linux is hidden on D:.

Much thanks.





From jpp at jpplap.markv.com  Sun Jun 26 12:06:25 1994
From: jpp at jpplap.markv.com (Jay Prime Positive)
Date: Sun, 26 Jun 94 12:06:25 PDT
Subject: Linux under SecureDrive partition?
Message-ID: <m0qHyaZ-0003n3C@jpplap>


-----BEGIN PGP SIGNED MESSAGE-----

  I don't know how to make a dos device driver run under linux.  I
would be interested since due to lack of space, most of my dos
partition is doublespaced.

  I supose you could port SecureDrive to linux, after all, you have
(or theoreticaly can get) the source.

j'
-----BEGIN PGP SIGNATURE-----
iQBXAgUBLg3DedC3U5sdKpFdAQHHWAIKAsUp+azpPNe2QnPBVBfds9bUcnufauqs
BjK07S1/S+i6naeLXj4Ge7JB2qKlmqYQs5DylPAHeUa5QxVOnoQtOYh5
-----END PGP SIGNATURE-----





From markh at wimsey.bc.ca  Sun Jun 26 13:07:56 1994
From: markh at wimsey.bc.ca (Mark C. Henderson)
Date: Sun, 26 Jun 94 13:07:56 PDT
Subject: Linux under SecureDrive partition?
Message-ID: <m0qI0Sn-0000Idc@vanbc.wimsey.com>


-----BEGIN PGP SIGNED MESSAGE-----

Subject: Re: Linux under SecureDrive partition?

> 1. Where can I get the latest/greatest copy of SecureDrive?
> (I'm a U.S. resident).
> 
> 2. Can I install Linux underneath a SecureDrive partition --
> say, DOS on C:, Linux under SecureDrive under D: and the
> Linux swap also under SecureDrive. So that the C: DOS
> partition is in the clear, and all the good stuff running
> under Linux is hidden on D:.

There's something called CFS written by mab at research.att.com which is 
an encrypting file system for many flavours of Unix (essentially does 
NFS over the loopback) including Linux. It isn't the fastest
thing in the world, but it does work.

I've heard mutterings about a port of SFS to Linux, but I don't
have any concrete information about this. 

You can get the latest SecureDrive from ftp.wimsey.bc.ca
/pub/crypto/software/dist/US_or_Canada_only_XXXXXXXX/SECDRV/secdrv13e.zip

to find the value of XXXXXXXX
cd /pub/crypto/software
and read the README file.

Mark

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQBVAgUBLg3fnmrJdmD9QWqxAQEyywIAn/Q15RpxdXMS0OACYQTCyYkbgIGNhACc
eWpL1FyZM84r1aUeQDVimlOAz9qHIr6Yy4cT0408ZtcKJituXgHrGQ==
=Z6UI
-----END PGP SIGNATURE-----

-- 
Mark Henderson markh at wimsey.bc.ca - RIPEM MD5: F1F5F0C3984CBEAF3889ADAFA2437433
ViaCrypt PGP key fingerprint: 21 F6 AF 2B 6A 8A 0B E1  A1 2A 2A 06 4A D5 92 46
low security key fingerprint: EC E7 C3 A9 2C 30 25 C6  F9 E1 25 F3 F5 AF 92 E3
cryptography archive maintainer -- anon ftp to ftp.wimsey.bc.ca:/pub/crypto





From sandfort at crl.com  Sun Jun 26 14:33:25 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 26 Jun 94 14:33:25 PDT
Subject: GILMORE IN THE SUNDAY PAPER
Message-ID: <Pine.3.87.9406261414.A17369-0100000@crl.crl.com>


C'punks,

John Gilmore has a hot op-ed piece in the business section of the San 
Francisco Examiner entitled, "Strong Cryptography a Must."   Lots of good 
stuff.  My favorite was, "...we want the public to see a serious debate 
about why the Constitution should be burned in order to save the country."
Gee, I'm glad John is on *our* side.


 S a n d y









From paul at hawksbill.sprintmrn.com  Sun Jun 26 15:09:28 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Sun, 26 Jun 94 15:09:28 PDT
Subject: GILMORE IN THE SUNDAY PAPER
In-Reply-To: <Pine.3.87.9406261414.A17369-0100000@crl.crl.com>
Message-ID: <9406262311.AA27588@hawksbill.sprintmrn.com>



> 
> John Gilmore has a hot op-ed piece in the business section of the San 
> Francisco Examiner entitled, "Strong Cryptography a Must."   Lots of good 
> stuff.  My favorite was, "...we want the public to see a serious debate 
> about why the Constitution should be burned in order to save the country."
> Gee, I'm glad John is on *our* side.
>

For those of us less fortunate non-left-coasters, would someone be
kind enough to commit John's piece to ascii and forward it to the
list?  ,-)

- paul
 




From usura at vox.hacktic.nl  Sun Jun 26 16:16:00 1994
From: usura at vox.hacktic.nl (Usura)
Date: Sun, 26 Jun 94 16:16:00 PDT
Subject: anon service at vox.hacktic.nl
In-Reply-To: <X6wJoc1w165w@vox.hacktic.nl>
Message-ID: <Z6XJoc2w165w@vox.hacktic.nl>



-----BEGIN PGP SIGNED MESSAGE-----


There are basicly two remailers at vox.hacktic.nl :

- -> a cypherpunx-style remailer with three adresses
        -) nobody
        -) remail
        -) remailer
        
- -> a anon mail back ID remailer
        -) anon
       

Sometimes you may find it conveniant to have te ability to receive
mail, but to remain anonymous for the sender. anon at vox.hacktic.nl
gives you that ability.

Here is some info:

{step 1}
send some mail to ping at vox.hacktic.nl to receive a pong and an account
ie. an0 at vox.hacktic.nl

{step 2}
send your first message to anon at vox.hacktic.nl, the commands for 
remailingare similair to the cypherpunx-remailers, the only differance 
will be the sender.
 
If you send mail to remail at vox.hacktic.nl, the name that will appear in 
the FROM: line is nobody at vox.hacktic.nl. 

If you send mail to anon at vox.hacktic.nl the corresponding entry for the
adress that is sending the mail will be in the FROM: line, 
ie an0 at vox.hacktic.nl so someone can contact you by sending mail to 
an0 at vox.hacktic.nl. 

This mail will not be anonymised, you -will- know the sender. If you 
- -as a sender- want to remain anonymous send the mail trough a remailer
or aquire a anon account at vox.hacktic.nl and send the mail using the
anon at vox.hacktic.nl remailer.

{step 3}
make -absolutily positively- sure the header pasting tokens [::] are
the first thing you type, if you start with a blanc line, your remail
request -will- fail.

Hope this helps.


-----BEGIN PGP SIGNATURE-----
Version: 2.6 for VoX Labz.

iQCVAgUBLg4Ki1nfdBSNVpE9AQG+jgP+PUmaqszGp+aMelflYXOOin47Zu+dVIqX
25Ry356L3/dGD2rMKYZMTK3P1+ly4F4ildgh/Gf5zQiqTh4Ry4L0zG8z3/xYEzwJ
vNun9e6zREXGhnaFx9W/7Da67AHfhe38hvcO15riG9Jl4sEQWAXCkqQmyj+05KFx
oxxt2XbkQ+U=
=Rg9Y
-----END PGP SIGNATURE-----

Regz,
-- 
____      Alex de Joode                       <usura at vox.hacktic.nl>  
\  /__    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 \/  /    "It's dangerous to be right when the government is wrong." 
   \/     --Voltaire    --finger usura at hacktic.nl for PGPKEY -kinky-






From sandfort at crl.com  Sun Jun 26 16:31:56 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Sun, 26 Jun 94 16:31:56 PDT
Subject: H.E.A.T. UPDATE
Message-ID: <Pine.3.87.9406261644.A1072-0100000@crl2.crl.com>


C'punks,

"Acapulco H.E.A.T." was hip deep in crypto again this week.  This time 
the Team was trying to bust *drug trafficers* (bad, bad drug lords).  For 
some reason, my favorite character, "Cat" (Alison Armitage) got herself 
into a school for women drug operative recruited by the trafficers.  We 
got to see lots of scenes of Cat and other nubiles jogging, doing jumping 
jacks, push ups and, best of all, shooting strange large caliber 
automatic weapons.

The crypto part?  Oh, yeah, right.  Anyway, the trafficers (ex-KGB types) 
were transmitting date, time and location information to associates in 
Miami.  Communications was via a series of numbers read in the clear over 
shortwave radio.  For some reason, the H.E.A.T. guys new that the "key" 
was a ten-digit number that was the *same* every time!  Since the KGB guy 
had once been busted by the CIA, H.E.A.T. finally guessed that the key 
was the CIA's phone number.  No kidding.

There was some other minor computer stuff, but the important values were 
preserved:  Alison and other babes did callisthenics, there was lots of gun 
play and Fabio did *not* "act" in this episode.

Tune in next--same H.E.A.T.-time, same H.E.A.T.-channel--for the further 
crypto adventures of "Acapulco H.E.A.T."


 S a n d y








From trollins at debbie.telos.com  Sun Jun 26 16:36:02 1994
From: trollins at debbie.telos.com (Tom Rollins)
Date: Sun, 26 Jun 94 16:36:02 PDT
Subject: Warning about PGP
Message-ID: <9406262335.AA04103@debbie.telos.com>


-----BEGIN PGP SIGNED MESSAGE-----
 
 
 WARNING - WARNING - WARNING - WARNING - WARNING - WARNING
 
Quoting "Applied Cryptography by Bruce Schneier, Page 287-288."
> Low Exponent Attack Agenst RSA
> Another suggestion to "improve" RSA is to use low
> values for e, the public key. This makes encryption
> fast and easy to perform. Unfortunately, it is also
> insecure. Hastad demonstrated a successful attack
> against RSA with a low encryption key [417]. Another
> attack by Michael Wiener will recover e, when e is
> up to one quarter the size of n [878]. A low decryption
> key d, is just as serious a problem. Moral: Choose
> large values for e and d.
 
> 417. J. Hastad, "On Using RSA with Low Exponent in a Public-
>      Key Network," Advances in Cryptology - CRYPTO '85
>      Proceedings, Berlin: Springer-Verlag, 1986, pp403-408
> 878. M. J. Weiner, "Cryptanalysis of Short RSA Secret Exponents."
>      IEEE Transactions on Information Theory, v.36, n. 3,
>      May 1990, pp. 553-558.
 
The public domain PGP programs curriently produce short public key
exponents, (17 is a common value). It would seem that the
Governments of the world have had easy access to PGP traffic.
 
			Tom Rollins <trollins at debbie.telos.com>
 
 WARNING - WARNING - WARNING - WARNING - WARNING - WARNING
 
 
-----BEGIN PGP SIGNATURE-----
Version: 2.6
 
iQCzAgUBLg3CpGWJTLDtTMmNAQHhfQTwkalahr6xBNpeO8Yg2Ln1TkTbJ/VDccSS
4hZmqos1WEhmNuHEYTbKBZoS5wA9PHJkd26byy8JCAxoM5siiL6tNUaA4hRa+0IV
RJtIYnS5yIvGfocrBcmN+e2fJGZXyyc+h1cUzNMq/aml4CEmnaHl7PKhL69pk4jI
TfKUnah0ihgCb72Dkzqtsw6iTsJpg1rEd+TDpDPpTp3KIB0xbtk=
=e5eN
-----END PGP SIGNATURE-----






From blancw at microsoft.com  Sun Jun 26 18:43:08 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Sun, 26 Jun 94 18:43:08 PDT
Subject: H.E.A.T. UPDATE
Message-ID: <9406270044.AA24300@netmail2.microsoft.com>


Well, shoot, what's the use of watching this show if Fabio (+5) isn't in it?
Why, it's because when he *is* on, it will make you ponder the need for 
& importance of privacy.
I get it, now.

Blanc
Le Bon Femme





From 0005514706 at mcimail.com  Sun Jun 26 20:48:49 1994
From: 0005514706 at mcimail.com (Michael Wilson)
Date: Sun, 26 Jun 94 20:48:49 PDT
Subject: More of one man's opinion
Message-ID: <61940627033916/0005514706NA3EM@mcimail.com>


Hello again Cypherpunks...

A fast follow up to the previous note I dropped at the list...  I was asked by a
group of businessmen to explain, following up my previous message, why the 
government was restricting exports on crypto gear/software/knowledge when 
everything else in the inventory was being shoved out the door, as well as why 
the media wasn't getting into the picture.  My answers:

If the domestic market dries up for a product [alternative cryptographic 
solutions besides Clipper], then traditionally a provider will look to export 
his products to available markets overseas.  With the requirement of a munitions
license to deal in these products, few software or hardware houses are going to 
attempt to get approval and deal with the problems of selling the product 
overseas.  It fits into the strategy of market denial--create apathy at home so 
people can't support the advances there, and prevent them from making money 
overseas.  Consider it 'follow the money'' in reverse--watch what happens when 
there is no money to be made in an area.  Classic 'die-back.'

As for media coverage on the issue, look at what we are talking about.  Can you 
explain it in 4th grade language?  Can you put the issues on a 3x5 card?  Where 
is the 'sizzle,' as they say in the news biz?  A new product release of PGP?  So
what.  Barlow or other EFF members write an article or speak?  So what.  Phil 
makes a comment?  So what.  Where is the blood, the arrests, the kicking in of 
doors, the things that make for news?  Nada.  To sustain interest, you have to 
have 'developments,' witness the Simpson fiasco.  Why does that so dominate the 
attention of the media and the public?  Because the lid gets peeled back and 
people get to hear more dirt every day.  Just try to peel back the lid at NSA, I
dare you.

What is the solution?  There isn't one.  There was all sorts of noise when it 
first became an issue.  That noise was in fact detrimental to the cause.  Now a 
news organization will say "we covered that already, so what's new...  nothing? 
drop it."  The only thing that can be done is by the continuing effort to 
discover 'developments' and make those known.  Find the holes.  Tell people.  
Keep the situation buzzing.  Right now, there is a lot of 'preaching to the 
choir' going on; lots of high-fives and back-slapping, and when it all is said 
and done, the government still gets its way.  Push on the issue and expand it; 
demonstrate how strong crypto can be used for secure operating systems and viral
protection (don't look for viral signatures, MAC executables and look for 
changes).  Is Clipper the choice of the National Information Infrastructure?  If
it is, kiss any effort at ANY other form of crypto good-bye.  Develop alternates
that are more appealing to the market for NII.  Push stories of how 
international industrial espionage is attacking American business, and how 
strong crypto is needed for commercial enterprise (site the French attacks on 
companies such as IBM, where the DST [French intel] was the perpetrator, and 
they could break Clipper).  Cypherpunks write code, but they also need to wage 
political war against the enemy.

Michael Wilson
Managing Director, The Nemesis Group

[A special note to the government 'stoolie'; tell the boys back at McLean and 
Meade that their purchases through the Maryland Procurement Office are in public
databases, and are quite revealing!  Tag, you're it!]





From markh at wimsey.bc.ca  Sun Jun 26 21:43:23 1994
From: markh at wimsey.bc.ca (Mark C. Henderson)
Date: Sun, 26 Jun 94 21:43:23 PDT
Subject: Warning about PGP - relax
Message-ID: <m0qI8Vv-0000Guc@vanbc.wimsey.com>


-----BEGIN PGP SIGNED MESSAGE-----

Subject: Re: Warning about PGP - relax

>  WARNING - WARNING - WARNING - WARNING - WARNING - WARNING
> > insecure. Hastad demonstrated a successful attack
> > against RSA with a low encryption key [417]. Another
> > attack by Michael Wiener will recover e, when e is
> > up to one quarter the size of n [878].

Take a look at the errata (I'm quoting from version 1.5.9).

} Page 287:  Last line:  Wiener's attack is misstated.  If d is
} less than one-quarter the length of the modulus, then the attack
} can use e and n to find d quickly.

Still, I do prefer e=65537 to e=17 (the value that PGP typically 
uses). But the situation isn't as bad as it looks from reading 
Schneier. 

Mark

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQBVAgUBLg5YfWrJdmD9QWqxAQHwGAH/b0NcQQCSO7xcsF0VufzsSG5mk0tZu1Eq
jt3Cr5gfhZsuuf2zoNEIOLVEz+Hsbgv9mBhccCNSOIgP3aowgcWoyQ==
=tavZ
-----END PGP SIGNATURE-----

-- 
Mark Henderson markh at wimsey.bc.ca - RIPEM MD5: F1F5F0C3984CBEAF3889ADAFA2437433
ViaCrypt PGP key fingerprint: 21 F6 AF 2B 6A 8A 0B E1  A1 2A 2A 06 4A D5 92 46
low security key fingerprint: EC E7 C3 A9 2C 30 25 C6  F9 E1 25 F3 F5 AF 92 E3
cryptography archive maintainer -- anon ftp to ftp.wimsey.bc.ca:/pub/crypto





From catalyst-remailer at netcom.com  Sun Jun 26 23:51:24 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Sun, 26 Jun 94 23:51:24 PDT
Subject: Is the NSA really competent?
Message-ID: <199406270651.XAA08926@mail2.netcom.com>


Here are the biggest breakthroughs in cryptography during the period
when the NSA has been the purported leader in the field, and 
has enjoyed by far the largest budget:

public key: Diffie, Hellman, Merkle, R.,S., A., etc.
key escrow: Micali  (and the current NSA/NIST scheme has all 
	the earmarks of being thrown on top of Skipjack at
	the last moment, after Micali had published, and
	perhaps even after Denning had discussed it).
DES: IBM
Skipjack: probably just a modified DES
IDEA: Swiss

Also zero-knowledge proofs, blind signatures, oblivious
transfer, BBS, and other recent advances were all discovered 
outside the NSA.

For all their vaunted competence, for all the mathematicians
they have been alleged to employ, despite having a cryptography
budget orders of magnitude larger than any other Western
crypto group, it looks like the NSA contribued to _none_ of 
the major advances in cryptography that occured during its zenith.







From cdodhner at indirect.com  Mon Jun 27 00:03:45 1994
From: cdodhner at indirect.com (Christian D. Odhner)
Date: Mon, 27 Jun 94 00:03:45 PDT
Subject: Is the NSA really competent?
In-Reply-To: <199406270651.XAA08926@mail2.netcom.com>
Message-ID: <Pine.3.89.9406270017.A519-0100000@id1.indirect.com>


On Sun, 26 Jun 1994 catalyst-remailer at netcom.com wrote:

> Skipjack: probably just a modified DES

[stuff deleted...]

> crypto group, it looks like the NSA contribued to _none_ of 
						    ^^^^^^
> the major advances in cryptography that occured during its zenith.

If skipjack is really a 'major advance' (I won't state an opinion at this 
point) then it seems that they did indeed contribute to a major advance. 
At least one. Also if I remember my history right they had a lot to do 
with the original redesigning of the s-boxes in des.

Happy Hunting, -Chris.

______________________________________________________________________________
Christian Douglas Odhner     | "The NSA can have my secret key when they pry
cdodhner at indirect.com	     | it from my cold, dead, hands... But they shall
pgp 2.3 public key by finger | NEVER have the password it's encrypted with!"
cypherpunks         WOw            dCD           Traskcom          Team Stupid
  Key fingerprint =  58 62 A2 84 FD 4F 56 38  82 69 6F 08 E4 F1 79 11 
------------------------------------------------------------------------------






From greg at ideath.goldenbear.com  Mon Jun 27 00:41:53 1994
From: greg at ideath.goldenbear.com (Greg Broiles)
Date: Mon, 27 Jun 94 00:41:53 PDT
Subject: Is the NSA really competent?
Message-ID: <m0qIAoK-0005MfC@ideath.goldenbear.com>


-----BEGIN PGP SIGNED MESSAGE-----


An anonymous author writes:

> For all their vaunted competence, for all the mathematicians
> they have been alleged to employ, despite having a cryptography
> budget orders of magnitude larger than any other Western
> crypto group, it looks like the NSA contribued to _none_ of 
> the major advances in cryptography that occured during its zenith.

The above assumes that if the NSA does something interesting they'll
tell the world about it. I'm not sure that's a plausible assumption.
They seem to view their mission as creating and maintaining a
balance-of-power of intelligence in favor of the United States;
specifically, gathering intelligence, preserving their ability to
gather intelligence, and preventing others from gathering intelligence.
Revealing the existence or substance of crypto breakthroughs isn't
necessarily compatible with that mission, at least as it's been
historically understood.

(I think remailers are good, but their use makes it necessary to
write to the list to reply; I'd have preferred to reply in E-mail.)


-----BEGIN PGP SIGNATURE-----
Version: 2.5

iQCVAgUBLg56633YhjZY3fMNAQEUrwP+OKCOWXHtiMh6dLoe8owILD5N26AIKtpY
dEdp74XlJ1pCagyIUsEeMNjvBPpH3xHpCZKygHWfPI74GRrDoxpDOdfIiHM6kDmI
fDwQf395aDrNrYcZJFOBVEM6FwpW3iMNZ8TRJPsLqKMbYSxq/pu/ST45jlxRg2eO
7eZjdJmqz8Q=
=BgnT
-----END PGP SIGNATURE-----




From 0005514706 at mcimail.com  Mon Jun 27 02:01:16 1994
From: 0005514706 at mcimail.com (Michael Wilson)
Date: Mon, 27 Jun 94 02:01:16 PDT
Subject: Is the NSA competent?
Message-ID: <22940627083522/0005514706NA1EM@mcimail.com>


An anonymous author writes:

> For all their vaunted competence, for all the mathematicians
> they have been alleged to employ, despite having a cryptography
> budget orders of magnitude larger than any other Western
> crypto group, it looks like the NSA contribued to _none_ of 
> the major advances in cryptography that occured during its zenith.

I think that this message betrays a serious misconception that a number of 
people likely share, and that has to do with the levels of security offered by 
commercial versus military methods.

NSA has never portrayed themselves as having any role in the creation of 
commercial systems until recently (the last few years) when in-fighting 
developed between their organization and NBS now NIST (NSA wanted DES to remain 
the standard, NBS wanted to change).  NSA-CSC will evaluate commercial security 
products to give them an Orange Book rating (a rating which was meaningless when
it was created, thanks to viral/worm technology), but keep to themselves as an 
arm of the military.  The cryptosystems that the anonymous author notes are all 
commercial level systems; NSA concentrates on cryptosystems that have greater 
requirements than the free market.  It is widely rumoured that they had public 
key systems for secure key management before Diffie-Hellman.  Their role in 
engineering the S-boxes for FDES is documented.

The assistance they gave to commercial organizations to provide system 
integration style 'one shot' systems for military use created a number of 
companies, such as the Honeywell Secure Computing Technology Center, as well as 
a number of DARPA funded groups such as Cray and Thinking Machines.

As the saying in the intelligence community goes, their successes are never 
known, but they will always be judged by their failures.  Don't assume that you 
have probed the depths of the NSA's abilities by their unwillingness to play on 
the commercial playing field; underestimating an opponent will lead you into 
gross miscalculations.

Michael Wilson
Managing Director, The Nemesis Group

[Today's Fun Math Problem:  Given an exhaustive search method, how long would it
take to discover the key of a standard DES financial transaction using four 
Connection Machines?  There are more than that in the basement at Fort Meade, or
at least they purchased that many during the time period they used the Maryland 
Procurement Office to buy them.]





From m5 at vail.tivoli.com  Mon Jun 27 06:00:32 1994
From: m5 at vail.tivoli.com (Mike McNally)
Date: Mon, 27 Jun 94 06:00:32 PDT
Subject: H.E.A.T. UPDATE
In-Reply-To: <Pine.3.87.9406261644.A1072-0100000@crl2.crl.com>
Message-ID: <9406271300.AA15214@vail.tivoli.com>



Sounds like they built the idea on the "number station" phenomenon.
I've heard those (just like everyone else with a shortwave receiver,
or a roommate with a shortwave receiver who slept with it on all night
every night :-) and they really do read out the same number sequence
over and over.  I suspect that the numbers change sometimes, though.

--
| GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5 at tivoli.com>       |
| TAKE TWA TO CAIRO.          ||| Tivoli Systems, Austin, TX:        |
|     (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |





From nelson at crynwr.com  Mon Jun 27 06:13:35 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Mon, 27 Jun 94 06:13:35 PDT
Subject: Is the NSA really competent?
In-Reply-To: <199406270651.XAA08926@mail2.netcom.com>
Message-ID: <m0qIEfh-000I7UC@crynwr.com>


   crypto group, it looks like the NSA contribued to _none_ of 
   the major advances in cryptography that occured during its zenith.

Exactly.  It's not the NSA's job to contribute to major advances in
publicly-known cryptography.  In fact, you could probably even say
that it's their job to inhibit such advances...

-russ <nelson at crynwr.com>
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)    | Quakers do it in the light
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From juola at suod.cs.colorado.edu  Mon Jun 27 07:13:32 1994
From: juola at suod.cs.colorado.edu (Patrick Juola)
Date: Mon, 27 Jun 94 07:13:32 PDT
Subject: Is the NSA really competent?
Message-ID: <199406271413.IAA17450@suod.cs.colorado.edu>


  Here are the biggest breakthroughs in cryptography during the period
  when the NSA has been the purported leader in the field, and 
  has enjoyed by far the largest budget:
  
  [ list of major breakthroughs deleted. ]
  
  For all their vaunted competence, for all the mathematicians
  they have been alleged to employ, despite having a cryptography
  budget orders of magnitude larger than any other Western
  crypto group, it looks like the NSA contribued to _none_ of 
  the major advances in cryptography that occured during its zenith.
  

My understanding is that we don't *know* what NSA actually has found.
For example, *someone* knew about differential cryptanalysis long before
Adi Shamir rediscovered it, as the DES S-boxes are optimized against it.
Similarly, they may have discovered public-key encryption fifty years
ago and simply not bothered to patent/publish it....

	- Patrick

p.s.  Any other cypherpunks heading to ACL this week?  If so, look
me up (Patrick Juola, U. of Colorado) and we can go grab a brew or
something and discuss the state of the world.... pmj





From catalyst-remailer at netcom.com  Mon Jun 27 08:59:03 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Mon, 27 Jun 94 08:59:03 PDT
Subject: Is the NSA really competent?
Message-ID: <199406271559.IAA12568@netcom2.netcom.com>


> I think that this message betrays a serious misconception that a number of
> people likely share, and that has to do with the levels of security offered by 
> commercial versus military methods.

I think that this reply betrays a serious lack of reading competence.  The
breakthroughs cited were the most important  breakthroughs in the 
science of cryptography, period.  There are no branches of mathematics
called "military" and "commercial".  The techniques have both
military and commercial application.  There is no evidence that the NSA 
knows about _any_ fundamental technique that has not been published 
in the literature.  Nor is there any evidence (save the hearsay about
S-boxes, which were actually developed at IBM) that they have made
any major contribution to the science of cryptography, despite the
massive resources they throw into it.  But they do want to preserve their 
jobs, so they would like you to think they do.  Their ability to drop 
hints here and there without having to demonstrate they actually know 
anything, to make people believe that Skipjack is an "advanced" algorithm 
without having to actually publish it, in general their ability
to use their top secret status for the purpose of selective
revelation, is perfectly suited to this kind of PR. 

Thus they can claim to "contribute to American competitiveness" by
releasing Skipjack, an algorithm for which there is _not even
any evidence that it is stronger than DES_, much less state of
the art algorithms like IDEA.  This has the actual efffect
of shooting the American computer security industry in the balls,
while making Congress believe they are helping it.

Note that I am _not_ accusing the NSA of political incompetence.
Any organization that can get a Congressional intelligence committee
to vote its way 13-0, that can keep pushing a warmed-over DES
crippled with a last-minute Rube Goldberg version of key escrow,
in the face of 70% public opposition (and nearly unanimous and quite
vocal opposition in the hi-tech industries) is no political slouch.  
Any organization that can increase their budget after their mission
has gone away, knows the ropes in D.C.  They are simply much better 
lobbyists than cryptographers.

> integration style 'one shot' systems for military use created a number of 
> companies, such as the Honeywell Secure Computing Technology Center, as well as 
> a number of DARPA funded groups such as Cray and Thinking Machines.

Of course with their budget, they can buy lots of slick hardware.  
That doesn't mean they know how to use it well.

Let's face it, our awe of NSA stems entirely from their budget
and their ability to stamps their incompetence top secret.  







From jamiel at sybase.com  Mon Jun 27 10:32:02 1994
From: jamiel at sybase.com (Jamie Lawrence)
Date: Mon, 27 Jun 94 10:32:02 PDT
Subject: Is the NSA really competent?
Message-ID: <9406271731.AA29376@ralph.sybgate.sybase.com>


At  8:59 AM 06/27/94 -0700, catalyst-remailer at netcom.com wrote:

>I think that this reply betrays a serious lack of reading competence.  The
>breakthroughs cited were the most important  breakthroughs in the 
>science of cryptography, period.  There are no branches of mathematics
>called "military" and "commercial".  The techniques have both

There is no *inherent* branch split, just as there is no
inherent split in knowledge of, say, what is in my pocket
right now. If I choose to tell you, we both know. If not...
and I have a lot more time devoted to 'researching' this
question than you. See my point? You can't measure thier
competence on crypto based on what they let you see. And if
it is true that they really don't know shit about it, then
so much the better for paranoid nutcases like me and you that
assumed they were a much more formidable foe, right? :)

>Thus they can claim to "contribute to American competitiveness" by
>releasing Skipjack, an algorithm for which there is _not even
>any evidence that it is stronger than DES_, much less state of

Just curious, what is your reference for asserting it is similar
to DES?

>Let's face it, our awe of NSA stems entirely from their budget
>and their ability to stamps their incompetence top secret.  

Yep. The NSA is a beaurocracy like any other. Probably has more than
a fair share of imcompetence and waste. On the other hand, with a
room full of connection machines, odds are they were brute forcing
DES long before most other folks on the block. Add in a huge R&D budget
and a few hundred mathematicians and odds are you are gonna find
something neat now and then...

-j






From 0005514706 at mcimail.com  Mon Jun 27 12:45:23 1994
From: 0005514706 at mcimail.com (Michael Wilson)
Date: Mon, 27 Jun 94 12:45:23 PDT
Subject: NSA and competence
Message-ID: <00940627182400/0005514706NA1EM@mcimail.com>


An anonymous author comments on my comments...

>> I think that this message betrays a serious misconception that a number of
>> people likely share, and that has to do with the levels of security offered 
by
>> commercial versus military methods.

>I think that this reply betrays a serious lack of reading competence.  The
>breakthroughs cited were the most important  breakthroughs in the 
>science of cryptography, period.  There are no branches of mathematics
>called "military" and "commercial".  The techniques have both
>military and commercial application.  There is no evidence that the NSA 
>knows about _any_ fundamental technique that has not been published 
>in the literature.  Nor is there any evidence (save the hearsay about
>S-boxes, which were actually developed at IBM) that they have made
>any major contribution to the science of cryptography, despite the
>massive resources they throw into it.  But they do want to preserve their 
>jobs, so they would like you to think they do.  Their ability to drop 
>hints here and there without having to demonstrate they actually know 
>anything, to make people believe that Skipjack is an "advanced" algorithm 
>without having to actually publish it, in general their ability
>to use their top secret status for the purpose of selective
>revelation, is perfectly suited to this kind of PR. 

I always love it when they try to get a personal attack in first; be that as it 
may, I prefer to think my reading competence is quite adequate, thank you.  As 
for there not being any branches of mathematics that differentiate between 
application, you make a serious error when you fall into the standard academic 
'if they didn't publish it, they didn't do it' mentality.  Unlike corporations 
such as AT&T with the old Bell System Technical Journal or IBM with their 
internal publication of their own filed patents (and technical papers designed 
to act as prior art to prevent *others* from filing patents), NSA and the others
who make advances do not publish, but build systems that stay in the defense 
sector and remain classified.  If you want an interesting clue as to what sort 
of things they will leak into the commercial domain every so often, research the
creation of relational databases and the involvement of CIA; it is quite 
educational.

As for their making advances, they have done it on a number of occassions, and I
think you would benefit by reading a good primer on the history of the topic and
organizations.  Kahn or Bamford would do nicely.  As for rumours...  I am 
uncertain of which rock you have been hiding under, but until recently, they 
weren't even officially recognized, and capabilities that we know about are 
known more from leaks or defectors.  NSA is a military organization and is run 
as one; the snake pit that the anonymous author works in may operate on rumour, 
but these people do not.

>Thus they can claim to "contribute to American competitiveness" by
>releasing Skipjack, an algorithm for which there is _not even
>any evidence that it is stronger than DES_, much less state of
>the art algorithms like IDEA.  This has the actual efffect
>of shooting the American computer security industry in the balls,
>while making Congress believe they are helping it.

Actually, the argument they are truly using is one of 'the child down the street
can listen to your portable and cell phone conversations, and this will stop 
that.'  What Skipjack and Clipper provide is a higher floor for the average 
person; it also, incidentally, kills the viability of the marketplace for 
alternate solutions.  No money, no advances.  Life gets simpler for them.  I 
have pointed this out in my two earlier posts, which you in fact are commenting 
on.

>Note that I am _not_ accusing the NSA of political incompetence.
>Any organization that can get a Congressional intelligence committee
>to vote its way 13-0, that can keep pushing a warmed-over DES
>crippled with a last-minute Rube Goldberg version of key escrow,
>in the face of 70% public opposition (and nearly unanimous and quite
>vocal opposition in the hi-tech industries) is no political slouch.  
>Any organization that can increase their budget after their mission
>has gone away, knows the ropes in D.C.  They are simply much better 
>lobbyists than cryptographers.

NSA didn't get anyone to do anything; the situation is status quo--crypto wasn't
liberalized for export, which is what Cypherpunks want, and would have 
constituted a change.  NSA has a very real function, which I would like to 
remind you of--they are responsible for the introduction of technology security 
into the Defense Department.  Based on track record, from 'spy birds' capable of
picking up a conversation on the ground, to creating the first evaluation rigor 
of computer security (even though Orange was out of date when instituted), they 
have been doing it.  As for political ability, of course they are no slouch; 
they view it much as I do, a form or warfare, which they are very good at.  Has 
their mission gone away?  Not in the least; they are still the watchdog of the 
airwaves.  People who think that NSA and CIA have no remaining mission are 
people who have no understanding of what they do.

>> integration style 'one shot' systems for military use created a number of 
>> companies, such as the Honeywell Secure Computing Technology Center, as well 
as 
>> a number of DARPA funded groups such as Cray and Thinking Machines.

>Of course with their budget, they can buy lots of slick hardware.  
>That doesn't mean they know how to use it well.

>Let's face it, our awe of NSA stems entirely from their budget
>and their ability to stamps their incompetence top secret.  

I don't think you know *how* they use the gear they have, so I recommend you 
don't make comments that you are not informed to make.  My awe of NSA comes from
viewing them as a powerful opponent with incredible resources, but as one who is
limited by their own tradecraft; a healthy respect, but we hold our own.

You do raise an interesting point, and that is the ability of groups such as NSA
to abuse their Classification priviledge.  They do.  Everyone in the 
intelligence community does.  Far too much material is considered classified.  
The hazards of professional intelligence organizations stem from classification;
they aren't open to outside review, analyses can end up driven by political 
agendas rather than available facts (see Casey and his positions vis a vis 
terrorism and State sponsorship by the Sovs and Libyans, neither of which is 
accurate), and sometimes gross errors are covered by the same cloak of secrecy. 
Do not, however, assume that they do not know and perform their job to the best 
of their abilities, or you will be in the position of the mark talking to a 
cardsharp:  'I'm not any good at cards, but I sure do like to play for money.'

Michael Wilson
Managing Director, The Nemesis Group

[The Maryland Procurement Office, which was the shell used to purchase budgeted 
items of a 'black' nature by the intelligence community, actually published (by 
accident) their complete records during the hottest part of the Cold War.  You 
can find them if you look in the right place, and see what it was that NSA, CIA,
etc. were spending their money on.  Capability is augmented by resource, 
including such hardware, and so this gives vital clues as to the lines they were
developing themselves along.]





From nobody at shell.portal.com  Mon Jun 27 14:08:15 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Mon, 27 Jun 94 14:08:15 PDT
Subject: NSA and competence
Message-ID: <199406272109.OAA21819@jobe.shell.portal.com>


>Do not, however, assume that they do not know and perform their job to the best
>of their abilities, or you will be in the position of the mark talking to a 
>cardsharp:  'I'm not any good at cards, but I sure do like to play for money.'

OTOH, one need not assume that everyone at NSA is a rocket scientist and
that they are miles ahead of us in this game.  The long undistinguished
history of federal agencies shows them to be full of incompetence, waste
and usually gross fraud as well. Considering the huge budget and lack of
accountability, NSA seems an unusual place to look for an exception.
A truly competent and efficient government agency that can hold its own
against competition from the private sector is a rarity indeed.  Granted,
NSA had a head start of a few decades, yet it would be surprising if
their lead at this point is more than negligible.  Yes, I have read
Bamford (though - sorry - not Kahn): remember that Bamford's book is
already 12 years old and was probably out-of-date WRT the technology
when it was published.

<not the same anonymous author>





From wmo at digibd.com  Mon Jun 27 15:03:50 1994
From: wmo at digibd.com (Bill O'Hanlon)
Date: Mon, 27 Jun 94 15:03:50 PDT
Subject: Sternlight
Message-ID: <9406272204.AA02502@poe.digibd.com>


Has anyone else noticed that David Sternlight has been quiet for the past 
two weeks or so?

I hope he's not like you-know-who in that mentioning his name summons the
fiend.

ObCrypto: Maybe he has decided that PGP 2.6 is okay, and now has had the
          wind removed from his sails...   Doubt it.

-Bill




From tcmay at netcom.com  Mon Jun 27 16:02:27 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 27 Jun 94 16:02:27 PDT
Subject: NSA Agents Threaten to Kill Bidzos of RSA?
Message-ID: <199406272302.QAA09581@netcom4.netcom.com>



Cypherpunk Criminals, 

I'm surprised that I got home today and didn't find any mention of
this distrurbing and important news article anyplace I looked. So I
wrote up this article and posted in several newsgroups.

It is not a spoof on my part, and I assume Bidzos was speaking the
truth as he knew it. Maybe the NSA agents were half-joking, but it
doesn't look like that.

I avoided speculating and commenting in the article I posted,
expecting to do so in the discussion that I hope will follow. I urge
you to make your most cogent responses in public, in the newsgroups
listed. (If posting under your name bothers you, use one of the
Remailer-to-Usenet gateways mentioned on this list so often...if you
have no info on this, send me a note and bounce you back some
instructions.) 

I think things are really heating up. In the aftermath of Waco, Randy
Weaver, drug raids, and the government losing the Clipper war, it
looks like they're playing hardball. 

--Tim May


Newsgroups: talk.politics.crypto,alt.politics.org.nsa,comp.org.eff.talk
Path: netcom.com!tcmay
From: tcmay at netcom.com (Timothy C. May)
Subject: NSA Agents Threaten to Kill Bidzos of RSA?
Message-ID: <tcmayCs2vI2.6EC at netcom.com>
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
X-Newsreader: TIN [version 1.2 PL1]
Date: Mon, 27 Jun 1994 22:51:37 GMT
Lines: 51

I know it sounds strange, but I have the article in front of me. I'll
excerpt it without further comment:

"The Keys to the Kingdom," David Bank, San Jose Mercury News, June 27,
1994, page D-1.

Blurb: "The government wants to be able to see private computer
communications. A Silicon Valley entrepreneur is leading the fight to
keep secret messags secret."

[stuff elided, to avoid copyright violations and because I don't feel
like typing in the whole article.]

"Take a meeting in April, for example, when three NSA agents dropped
in on Bidzos, president of RSA Data Security, Inc. For two hours,
Bidzos said, the agents were civil and pleasant as he drew diagrams,
told jokes and tried to convince them that the agency's attempts to
promote an alternative encryption scheme would fail.

"He must have said something wrong. One of the agents threatened to
run him over in the parking lot, Bidzos said.

"'He looked at me and very coldly said he would do me,' Bidzos said.
'He clearly threatened me.'

"To Bidzos the incident--which could not be confirmed
independently--was another indication that tensions are increasing as
his eight-year struggle with the government moves into its final
stages."

[discussion of privacy, NSA, Clipper, civil rights, etc., elided]

The article closes with this quote from Jim:

"'If we are ever in danger of undermining the NSA, they will either
buy us or shoot us.'

"'We'll know when we screw up. We'll either be rich--or dead.'"


Something to contemplate. I'll make comments in followups.

--Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."
--
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Mon Jun 27 16:14:36 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 27 Jun 94 16:14:36 PDT
Subject: Sternlight
In-Reply-To: <9406272204.AA02502@poe.digibd.com>
Message-ID: <199406272313.QAA11090@netcom4.netcom.com>



> Has anyone else noticed that David Sternlight has been quiet for the past 
> two weeks or so?
> 
> I hope he's not like you-know-who in that mentioning his name summons the
> fiend.
> 
> ObCrypto: Maybe he has decided that PGP 2.6 is okay, and now has had the
>           wind removed from his sails...   Doubt it.
> 
> -Bill

No, Sternlight has in fact posted a number of incisive articles--which
I publically agreed with--in the cpsr and eff groups. His analysis of
the public funding of a "free lane on the information highway" was
accurate (he's opposed). And Sternlight and Carl Kadie have been
debating the competing approaches to 'wiring the home,' with
Sternlight arguing for a common carrier, "video dialtone" approach
instead of a TCI "500 channels of what we think you want" approach.

[Don't agree or disagree _here_, as I'm only giving a thumbnail sketch
of the debate.]

I find myself agreeing with some things Sternlight says, and I
certainly find polite debate with him more rewarding than exchanging
stupid insults. (Not saying Bill did here, of course, just saying many
people seem to think debating with Sternlight means calling him clever
names like "Sterndark," "Sterno," and "UnProfessor." Not quite.)

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From baum at apple.com  Mon Jun 27 16:33:11 1994
From: baum at apple.com (Allen J. Baum)
Date: Mon, 27 Jun 94 16:33:11 PDT
Subject: CRYPTO '94 prelim. pgm (long)
Message-ID: <9406272329.AA15066@newton.apple.com>


Hope I'm not wasting net bandwidth here, - its long, but relevant.
                -AJB
------------------------------------------------------------------------------

                            CRYPTO '94

                         August 21-25, 1994

Crypto '94 is the fourteenth in a series of workshops on cryptology
held at Santa Barbara, California and is sponsored by the
International Association for Cryptologic Research, in
cooperation with the IEEE Computer Society Technical Committee on
Security and Privacy and the Computer Science Department of the
University of California, Santa Barbara. Formal proceedings
will be provided at the conference.


                         Preliminary Program


Monday August 22
================

8:30-8:45 Welcome


Session 1: Block Ciphers: Differential and Linear Cryptanalysis (8:45 - 10:10)
------------------------------------------------------------------------------
8:45 - 9:05  The First Experimental Cryptanalysis of the Data
             Encryption Standard
                   Mitsuru Matsui (Mitsubishi, Japan)

9:10 - 9:20  Linear Cryptanalysis of the Fast Data Encipherment
             Algorithm
                   Kazuo Ohta (NTT, Japan) and Kazumaro Aoki (Waseda
                     Univ., Japan)

9:20 - 9:40  Differential-Linear Cryptanalysis
                   Susan K. Langford and Martin E. Hellman (Stanford,
                     USA)

9:45 - 10:05  Linear Cryptanalysis Using Multiple Approximations
                   Burton S. Kaliski Jr. and M. J. B. Robshaw
                     (RSA Laboratories, USA)


Coffee Break 10:10 - 10:35



Session 2: Schemes Based on New Problems (10:40 - 11:25)
--------------------------------------------------------
10:40 - 11:00  Hashing with SL_2
                   Jean-Pierre Tillich and Gilles Zemor
                      (ENS, France)

11:05 - 11:15  Design of Elliptic Curves with Controllable Lower
               Boundary of Extension Degree for Reduction Attacks
                   Jinhui Chao (Chuo University, Japan), Kazuo Tanada
                   (Tokyo Inst. of Tech., Japan) and Shigeo Tsujii
                   (Chuo University, Japan)

11:15 - 11:25  Cryptographic Protocols based on Discrete Logarithms in
               Real-quadratic Orders
                   Ingrid Biehl, Johannes Buchmann and Christoph Thiel
                       (Univer. Saarlandes, Germany)


Session 3: Practical Implementations I
--------------------------------------
11:25 - 11:55 Cryptography in the Commercial World  --- Hardware Aspects
              (Invited presentation)
                   David Maher (AT&T)


lunch


Session 4: Signatures I (1:30 - 2:30)
-------------------------------------
1:30 - 1:50  Designated Confirmer Signatures and Public-Key Encryption
             are Equivalent
                   Tatsuaki Okamoto (NTT, Japan)

1:55 - 2:05  Directed Acyclic Graphs, One-way Functions and
             Digital Signatures
                   Daniel Bleichenbacher and Ueli M. Maurer
                     (ETH, Switserland)

2:05 - 2:25  An Identity-Based Signature Scheme With Bounded Life-span
                   Olivier Delos and Jean-Jacques Quisquater
                     (Univ. Louvain, Belgium)


Session 5: Implementation and Hardware Aspects (2:30 - 3:15)
------------------------------------------------------------
2:30 - 2:50  More Flexible Exponentiation with Precomputation
                   Chae Hoon Lim and Pil Joong Lee
                      (Pohang University, Korea)

2:55 - 3:05  A Parallel Permutation Multiplier for a PGM Crypto-chip
                   Tamas Horvath (Univ. Essen, Germany),
                   Spyros S. Magliveras (University of Nebraska, USA)
                   and Tran van Trung (Univ. Essen, Germany)

3:05 - 3:15  Cryptographic Randomness from Air Turbulence in Disk Drives
                   Don Davis (Openvision Technologies, USA),
                   Ross Ihaka (Univ. Auckland, New Zealand)
                   and Philip Fenstermacher (USA)


Coffee Break 3:15 - 3:35


Session 6: Authentication and Secret Sharing (3:40 - 5:05)
----------------------------------------------------------
3:40 - 4:00  Cryptanalysis of the Gemmell and Naor Multiround
             Authentication Protocol
                   Christian Gehrmann (Lund University, Sweden)

4:05 - 4:15  LFSR-based Hashing and Authentication
                   Hugo Krawczyk (IBM, USA)

4:15 - 4:35  New Bound on Authentication Code with Arbitration
                   Kaoru Kurosawa (Tokyo Inst. of Tech., Japan)

4:40 - 5:00  Multi-Secret Sharing Schemes
                   Carlo Blundo, Alfredo De Santis, Giovanni Di Crescenzo,
                   Antonio Giorgio Gaggia and Ugo Vaccaro
                        (Univ. Salerno, Italy)


Poster Session



Tuesday August 23
=================

Session 7: Zero-Knowledge (8:30 - 10:10)
----------------------------------------
8:30 - 8:50  Designing identification schemes with keys of short size
                   Jacques Stern (ENS, France)

8:55 - 9:15  Proofs of Partial Knowledge and Simplified Design of Witness
             Hiding Protocols
                   Ronald Cramer (CWI, The Netherlands),
                   Ivan Damgard (Aarhus University, Denmark) and
                   Berry Schoenmakers (CWI, The Netherlands)

9:20 - 9:40  Language Dependent Secure Bit Commitment
                   Toshiya Itoh, Yuji Ohta (Tokyo Inst. of Tech., Japan)
                   and Hiroki Shizuya (Tohoku Univ., Japan)

9:45 - 10:05  On the length of cryptographic hash-values used in
              identification schemes
                   Marc Girault (SEPT, France) and Jacques Stern (ENS,
                       France)


Coffee Break 10:10 - 10:35


Session 8: Securing an Electronic World: are we ready? (10:40 - 12:00)
----------------------------------------------------------------------
10:40 - 11:10 Securing the Information Highway (Invited presentation)
                 Whitfield Diffie (Sun Microsystems)
11:10 - 11:30 Opening statements
11:30 - 12:00 Panel Debate (could continue till 12:45)
              Panel members: Ross Anderson, Bob Blakley, Matt Blaze,
                  George Davida, Yvo Desmedt (moderator), Whitfield Diffie,
                  Joan Feigenbaum, Bob Greenlee, Martin Hellman,
                  David Maher and Miles Smid


free afternoon


7:00 - 11:00 pm Rump session



Wednesday August 24
===================

Session 9: Signatures II (8:30 - 9:20)
--------------------------------------
8:30 - 8:50  Incremental Cryptography: the Case of Hashing and Signing
                   Mihir Bellare (IBM, USA), Oded Goldreich (Weizmann
                   Inst., Israel) and Shafi Goldwasser (Weizmann Inst.,
                   Israel and MIT, USA)

8:55 - 9:15  An Efficient Existentially Unforgeable Signature Scheme and
              its Applications
                   Cynthia Dwork (IBM, USA) and Moni Naor (Weizmann
                      Inst., Israel)



Session 10: Combinatorics and its Applications (9:20 - 10:10)
-------------------------------------------------------------
9:20 - 9:40  Bounds for resilient functions and orthogonal arrays
                   Jurgen Bierbrauer (Math. Inst., Heidelberg,
                   Germany), K. Gopalakrishnan and
                   D. R. Stinson (University of Nebraska, USA)

9:45 - 10:05  Tracing Traitors
                   Benny Chor (Technion, Israel), Amos Fiat (Tel Aviv
                   Univ., Israel) and Moni Naor (Weizmann Inst., Israel)


Coffee Break 10:10 - 10:35


Session 11: Number Theory (10:40 - 11:30)
-----------------------------------------
10:40 - 11:00  Towards the Equivalence of Breaking the Diffie-Hellman
              Protocol and Computing Discrete Logarithms
                   Ueli M. Maurer (ETH, Switserland)

11:05 - 11:25  Fast Generation of Provable Primes Using Search in
               Arithmetic Progressions
                   Preda Mihailescu (UBS, Switzerland)


Session 12: Practical Implementations II
11:30 - 12:00 Cryptography in the Commercial World  --- Software Aspects
              (Invited presentation)
                 Joseph Pato (Hewlett-Packard Co.)


lunch


Session 13: Cryptanalysis and Protocol Failures (1:30 - 2:45)
-------------------------------------------------------------
1:30 - 1:50  Attack on the Cryptographic Scheme NIKS-TAS
                   Don Coppersmith (IBM, USA)

1:55 - 2:15  On the Risk of Opening Distributed Keys
                   Mike Burmester (Univ. London, UK)

2:20 - 2:40  Cryptanalysis of Cryptosystems based on Remote Chaos
             Replication
                   Th. Beth, D. E. Lazic and A. Mathias
                      (Univ. Karlsruhe, Germany)


Coffee Break 2:45 - 3:05


Session 14: Pseudo-Random Generation (3:10 - 3:35)
--------------------------------------------------
3:10 - 3:30  A Fourier Transform Approach to the Linear Complexity of
             Nonlinearly Filtered Sequences
                   James L. Massey and Shirlei Serconek
                        (ETH, Switserland)

3:30 - 4:15 Special event
4:15 -      General Assembly of the IACR (IACR President: Peter Landrock)



Thursday August 25
==================

Session 15: Block Ciphers: Design and Cryptanalysis (8:30 - 10:10)
------------------------------------------------------------------
8:30 - 8:50  The Security of Cipher Block Chaining
                   Mihir Bellare (IBM, USA), Joe Kilian (NEC, USA)
                   and Phillip Rogaway (Univ. California, Davis, USA)

8:55 - 9:15  A Chosen Plaintext Attack of the 16-round Khufu Cryptosystem
                   Henri Gilbert and Pascal Chauvaud (CNET, France)

9:20 - 9:40  Ciphertext Only Attack for One-way function of the MAP using
             One Ciphertext
                   Yukiyasu Tsunoo, Eiji Okamoto and Tomohiko Uyematsu
                       (J. Adv. Inst. Sci. Techn., Japan)

9:45 - 10:05  Pitfalls in Designing Substitution Boxes
                   Jennifer Seberry, Xian-Mo Zhang and Yuliang Zheng
                       (Univ. Wollongong, Australia)


Coffee Break 10:10 - 10:30


Session 16: Secure Computations and Protocols (10:35 - 11:50)
-------------------------------------------------------------
10:35 - 10:55  A Randomness-Rounds Tradeoff in Private Computation
                   Eyal Kushilevitz (Technion, Israel) and
                   Adi Rosen (Tel Aviv Univ., Israel)

11:00 - 11:20  Secure Voting Using Partially Compatible Homomorphisms
                   Kazue Sako (NEC, Japan) and Joe Kilian (NEC, USA)

11:25 - 11:45  Maintaining Security in the Presence of Transient Faults
                   Ran Canetti (Weizmann Inst., Israel) and
                   Amir Herzberg (IBM, USA)


adjournment and final lunch


The following people served on the Program Committee.

Tom Berson, Anagram Laboratories, USA
Don Coppersmith, IBM T. J. Watson Research Center, USA
Donald Davies, United Kingdom
Yvo Desmedt, Chair, University of Wisconsin - Milwaukee, USA
Shimon Even, Technion, Israel
Amos Fiat, Tel Aviv University, Israel
Russell Impagliazzo, University of California San Diego, USA
Ingemar Ingemarsson, University of Linkoping, Sweden
Mitsuru Matsui, Mitsubishi Electric Corporation, Japan
Alfred Menezes, Auburn University, USA
Andrew Odlyzko, AT&T Bell Laboratories, USA
Jennifer Seberry, University of Wollongong, Australia
Ben Smeets, Lund University, Sweden
Moti Yung, IBM T. J. Watson Research Center, USA



                        General  Information

Facilities will also be provided for attendees to demonstrate hardware,
software and other items of cryptological interest.  If you wish to
demonstrate such items, you are urged to contact the General Chair so
that your needs will be attended to.  The social program will
include hosted cocktail parties and dinners on Sunday, Monday and
the Beach Barbecue on Wednesday.  These events are included with the
cost of registration.  No evening meals will be provided at the dining
hall.

About the conference facilities:  The workshop will be held on the
campus of the University of California, Santa Barbara.  The campus
is located adjacent to the Santa Barbara airport and the Pacific
Ocean.  Accommodations are available in the university dormitories
at relatively low cost for  conference participants.  Children
under the age of 13 are not allowed to stay in the dormitories, so
those bringing small children will need to make separate
arrangements in one of several nearby hotels.  More information on
hotels is enclosed.  Parking on campus is available at no cost to
participants.

Travel information:  The campus is located approximately 2 miles
from the Santa Barbara airport, which is served by several
airlines, including American, America West, Delta, United and US
Air.  Free shuttle bus service will be provided between the Santa
Barbara airport and the campus on Sunday and Thursday afternoons.
All major rental car agencies are also represented in Santa
Barbara, and AMTRAK has rail connections to San Francisco from the
north and Los Angeles from the south.  Santa Barbara is
approximately 100 miles north of the Los Angeles airport, and 350
miles south of San Francisco.

Registration:  Participation is invited by interested parties, but
attendance at the workshop is limited, and pre-registration is
strongly advised. To register, fill out the attached registration
form and return to the address on the form along with payment in
full before July 8, 1994.  Campus accommodations will be available
on a first come, first serve basis for attendees who register by
July 8, 1994. Late registrations, subject to a late registration
fee, may be accepted if space is available, but there are no
guarantees.  The conference fees include participation in the
program and all social functions, as well as membership to the
IACR and a subscription to the Journal of Cryptology.  The room
and board charges include dormitory lodging Sunday night through
Wednesday night and breakfast and lunch Monday through Thursday.
Technical sessions will run from Monday morning to Thursday at
noon.  A very limited number of stipends are available to those
unable to obtain funding.  Students whose papers are accepted and
who will present the paper themselves are invited to apply if such
assistance is needed.  Requests for stipends should be sent to the
General Chair before June 3, 1994.

==================================================================

                                Hotels


For those who choose not to stay in the dormitories, the following
is a partial list of hotels in the area.  Those who choose to stay
off campus are responsible for making their own reservations, and
early reservations are advised since August is a popular season in
Santa Barbara.  Note that Goleta is closer to UCSB than Santa
Barbara, but a car will probably be required to travel between any
hotel and the campus.  All prices are subject to change; prices
should be confirmed by calling the individual hotels directly.
However, mention CRYPTO '94 when you are making your reservation
and in several of the hotels you will be eligible for the
university rate which can be significantly less than the normal
rates.  We are not able to block rooms in these hotels, so please
make reservations as early as possible.  The quality of the hotels
range from rather expensive beach-front resorts to basic
inexpensive accommodations.  For further information, try
contacting the Santa Barbara Convention and Visitors Center, (805)
966-9222.

South Coast Inn:  5620 Calle Real, Goleta, CA  93117.  Single is
$89; Double is $94. Call to see if they have University rates.
Contact person is Ms. Murrill Forrester (805) 967-3200, Fax (805)
683-4466.

Cathedral Oaks Lodge:  4770 Calle Real, Santa Barbara, CA 93110.
Single rates start at $75; double rates start at $85.  No
University rates available.  Prices include breakfast.  Contact
Doug Smoot or Tom Patton at (805) 964-3511.  Fax (805) 964-0075

Motel 6: 5897 Calle Real , Goleta, CA  93117.  Single rate is
$36.99 + tax.. Double rate is 42.99 + tax. (Rates are subject to
change.)  (805)  964-3596.

The Sandman Inn:  3714 State Street, Santa Barbara, CA  93105.
Single rate: $71  Double rate: $81. (805) 687-2468.  Fax (805)
687-6581.

Miramar Hotel (Beachfront): 3 miles south of Santa Barbara on U.S.
101 at San Ysidro turnoff. No  specific single or double rate.
Rooms begin at $75.  Call  Laura at (805) 969-2203.  Fax (805)
969-3163.

Pepper Tree Inn:  3850 State Street, Santa Barbara, CA  93105.
Single rate: $112  Double rate: $120.
(805) 687-5511.  Fax (805) 682-2410

Encina Lodge:  2220 Bath Street, Santa Barbara, CA  93105.  Single
rate: $112  Double rate: $118.
(805) 682-7277.  Fax (805) 563-9319.

Pacifica Suites (formerly Quality Suites):  5500 Hollister Avenue,
Santa Barbara, CA  93111 (close to campus).  Normal rates begin at
$120 for a suite.  Includes full-cooked breakfast.  Contact
Michael Ensign at (805) 683-6722.   Fax (805) 683-4121.

Upham Hotel: (bed-and-breakfast) 1404 De La Vina Road, Santa
Barbara, CA  93101.  Beginning rate: $105 per night.  (You must
mention you are attending the Crypto conference.)  Contact:
Shirley Fagardo  or reservations at  (805) 962-0058.  Fax (805)
963-2825.

The El Encanto Hotel:  1900 Lasuen Road, Santa Barbara, CA 93105.
Beginning rate: $90.  Contact: Elizabeth Spencer, (805) 687-5000.
Fax (805) 687-3903.

==================================================================

                    CRYPTO '94 Registration Form

                 Registration deadline: July 8, 1994

Last Name:________________________________________________________

First Name:__________________________________  Sex: (M)___  (F)___

Affiliation:______________________________________________________

Mailing Address:__________________________________________________

                __________________________________________________

                __________________________________________________

                __________________________________________________

Phone: _________________________   Fax: __________________________

Electronic Mail: _________________________________________________

Payment of the conference fee entitles you to membership in the
International Association for Cryptologic Research for 1995 at no
extra charge, including a subscription to the Journal of
Cryptology, published by Springer-Verlag, at no extra charge.  Do
you wish to be an IACR member?   YES_____  NO ______

Conference fee:
        Regular ($300)                            US $    ________

        Attended Eurocrypt '94, Perugia ($250)            ________

        Full Time Student ($150)                          ________

        deduct $50 if you do not wish the proceedings     ________
        (There will be NO pre-proceedings; the
        proceedings will be provided at the conference)

        Total Conference fee:                             ________

Room and Board (4 nights):    Smoking ______ Non-Smoking _____
(Prices include breakfast and lunch on Monday through Thursday)

        Single room ($250 per person)                     ________

        Double room ($200 per person)                     ________
                Roommate's name: ___________________

        Saturday Night                                    ________
                ($50 per person single / $40 per person double)

        $50 late fee for registration after July 8;       ________
        (registration not guaranteed after July 8)

        Total Guest Fees (from back of form)              ________

Total funds enclosed (U.S. Dollars)               US$     ________

Payment must be by check payable in U.S. funds, by money order in
U.S. funds or by U.S. bank draft, PAYABLE  TO: CRYPTO '94.



Payment should be mailed to
the General Chair:                  Additional Contact Information:

        Jimmy Upton, Crypto '94     Email:  crypto94 at uptronics.com
        1590 Oakland Road           Phone:  (408)451-8900
        Suite B203                  Fax:    (408)451-8901
        San Jose, CA  95131

==================================================================

                      CRYPTO '94 Guest Form

               Registration deadline: July 8, 1994

Please fill out this form for anyone who is coming with a
conference attendee but not registering for the conference and
wishes to either stay on campus or attend the social functions
Sunday, Monday and Wednesday.  Guests are not entitled to attend
the talks and must be attending with someone registering for the
conference.

Last Name:________________________________________________________

First Name:__________________________________  Sex: (M)___ (F)____

Affiliation:______________________________________________________

Mailing Address:__________________________________________________

                __________________________________________________

                __________________________________________________

                __________________________________________________

Phone: _________________________   Fax: __________________________

Electronic Mail: _________________________________________________

Social Program Attendance ($50)                          _________
        (Sunday, Monday and Wednesday Night
        Dinners - No admittance to talks)

Room and Board (4 nights):  Smoking ______   Non-Smoking _____

(Prices include breakfast and lunch on Monday through Thursday)
        Single room ($250 per person)                     ________

        Double room ($200 per person)                     ________
                Roommate's name: ___________________

        Saturday Night                                    ________
                ($50 per person single / $40 per person double)


Total Guest Fees                                  US$     ________
(Show here and on the other side of this form)

**************************************************
* Allen J. Baum              tel. (408)974-3385  *
* Apple Computer, MS/305-3B                      *
* 1 Infinite Loop                                *
* Cupertino, CA 95014        baum at apple.com      *
**************************************************







From mpj at netcom.com  Mon Jun 27 16:54:06 1994
From: mpj at netcom.com (Michael Paul Johnson)
Date: Mon, 27 Jun 94 16:54:06 PDT
Subject: Where to get the latest PGP FAQ
Message-ID: <Pine.3.89.9406271605.A2557-0100000@netcom13>


-----BEGIN PGP SIGNED MESSAGE-----


WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP)
(Last modified: 27 June 1994 by Mike Johnson)

WHAT IS THE LATEST VERSION?

There is more than one latest version.  Pick one or more of the following
that best suits your computer, patent restrictions, and export restrictions. 
Some countries (like France) may also restrict import or even use of strong
cryptography like PGP.

 |-----------------|--------------|-------------|---------------------|
 | Platform(s)     | Countries    | Allowed Use | Latest Version      |
 |-----------------|--------------|-------------|---------------------|
 | DOS, Unix,      | USA & Canada | Commercial  | Viacrypt PGP 2.4    |
 | or WinCIM/CSNav |              | Personal    |                     |
 |                 |              | Research    |                     |
 |-----------------|--------------|-------------|---------------------|
 | DOS, Unix, Mac, | USA & Canada | Personal    | MIT PGP 2.6         |
 | OS/2, others    |              | Research    |                     |
 |-----------------|--------------|-------------|---------------------|
 | DOS, Unix, Mac, | Most of the  | Personal    | PGP 2.6ui           |
 | OS/2, others    | world except | Research    |                     |
 |                 | the USA.     |             |                     |
 |-----------------|--------------|-------------|---------------------|
 | Mac Applescript | Most of the  | Personal    | MacPGP 2.3aV1.2     |
 |                 | world except | Research    |                     |
 |                 | the USA.     |             |                     |
 |-----------------|--------------|-------------|---------------------|
 | Mac Applescript | USA          | Research    | MacPGP 2.3aV1.2     |
 |-----------------|--------------|-------------|---------------------|
 | Amiga           | Most of the  | Personal    | Amiga PGP 2.3a3     |
 |                 | world except | Research    |                     |
 |                 | the USA.     |             |                     |
 |-----------------|--------------|-------------|---------------------|
 | Amiga           | USA          | Personal    | Amiga PGP 2.6 0b0.6 |
 |                 |              | Research    |                     |
 |-----------------|--------------|-------------|---------------------|
 | Atari           | Most of the  | Personal    | Atari PGP 2.3a      |
 |                 | world except | Research    |                     |
 |                 | the USA.     |             |                     |
 |-----------------|--------------|-------------|---------------------|
 | Atari           | USA          | Research    | Atari PGP 2.3a      |
 |-----------------|--------------|-------------|---------------------|
 | Any of the      | Countries    | Commercial  | Any of the above    |
 | above           | where IDEA   | Personal    |                     |
 |                 | is not       | Research    |                     |
 |                 | patented and |             |                     |
 |                 | cryptography |             |                     |
 |                 | is not       |             |                     |
 |                 | restricted.  |             |                     |
 |-----------------|--------------|-------------|---------------------|

Note:  there are other versions available, but these are either old, or
outside of the mainstream PGP project.  Look for new versions from one of
three sources:  Viacrypt (Commercial), MIT (North American freeware), or
mathew at mantis.co.uk (the unofficially non-designated holder of the
unofficial international version that parallels what Philip Zimmermann and
the rest of the PGP development team is doing in the USA.


WHAT IS ALL THIS NONSENSE ABOUT EXPORT CONTROLS?

For a detailed rant, get ftp://ftp.csn.net/mpj/cryptusa.zip

The practical meaning, until the law is corrected to make sense, is that you
are requested to get PGP from sites outside of the USA and Canada if you are
outside of the USA and Canada.  If you are in France, I understand that you
aren't even supposed import it.  Other countries may be worse.


WHERE CAN I GET VIACRYPT PGP?

Versions are available for DOS, Unix, or WinCIM/CSNav
Commercial software.  Call 800-536-2664 to order.

If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in
Phoenix, Arizona, USA.  The commecial version of PGP is fully licensed to use
the patented RSA and IDEA encryption algorithms in commercial applications,
and may be used in corporate environments in the USA and Canada.  It is fully
compatible with, functionally the same as, and just as strong as the freeware
version of PGP. Due to limitations on ViaCrypt's RSA distribution license,
ViaCrypt only distributes executable code and documentation for it, but they
are working on making PGP available for a variety of platforms.  Call or
write to them for the latest information.  The latest version number for
their version of PGP is 2.4.  Prices shown include release of version 2.7
if you buy your copy after May 27, 1994 (otherwise the upgrade will be about
US$10).

Viacrypt's licensing and price information is as follows:

ViaCrypt PGP for MS-DOS             1 user        $  99.98
ViaCrypt PGP for MS-DOS             5 users       $ 299.98
ViaCrypt PGP for MS-DOS       20 users or more, call ViaCrypt


ViaCrypt PGP for UNIX               1 user        $ 149.98
ViaCrypt PGP for UNIX               5 users       $ 449.98
ViaCrypt PGP for UNIX         20 users or more, call ViaCrypt

ViaCrypt PGP for WinCIM/CSNav       1 user        $ 119.98
ViaCrypt PGP for WinCIM/CSNav       5 user        $ 359.98
ViaCrypt PGP for WinCIM/CSNav 20 users or more, call ViaCrypt

If you wish to place an order please call 800-536-2664 during the
hours of 8:30am to 5:00pm MST, Monday - Friday.  They accept VISA,
MasterCard, AMEX and Discover credit cards.

If you have further questions, please feel free to contact:
 Paul E. Uhlhorn
 Director of Marketing, ViaCrypt Products
 Mail:          2104 W. Peoria Ave
                Phoenix AZ 85029
 Phone:         (602) 944-0773
 Fax:           (602) 943-2601
 Internet:      viacrypt at acm.org
 Compuserve:    70304.41


WHERE CAN I GET MIT PGP?

MIT PGP is Copyrighted freeware.
Telnet to net-dist.mit.edu, log in as getpgp, answer the questions, then ftp
to net-dist.mit.edu and change to the hidden directory named in the telnet
session to get your own copy.

MIT-PGP is for U. S. and Canadian use only, but MIT is only distributing it
within the USA (due to some archaic export control laws). 

1.  Read ftp://net-dist.mit.edu/pub/PGP/mitlicen.txt and agree to it.
2.  Read ftp://net-dist.mit.edu/pub/PGP/rsalicen.txt and agree to it.
3.  Telnet to net-dist.mit.edu and log in as getpgp.
4.  Answer the questions and write down the directory name listed.
5.  QUICKLY end the telnet session with ^C and ftp to the indicated directory
    on net-dist.mit.edu (something like /pub/PGP/dist/U.S.-only-????) and get
    the distribution files (pgp26.zip, pgp26doc.zip, pgp26src.tar.gz,
    MacPGP2.6.sea.hqx, and MacPGP2.6.src.sea.hqx).
    If the hidden directory name is invalid, start over at step 3, above.

File names (shortened file names are for DOS BBS distribution):
pgp26doc.zip - documentation only
pgp26.zip    - includes DOS executable & documentation
pgp26src.zip - source code
pgp26src.tar or pgp26src.tar.gz - source code release for Unix and others
macpgp26.hqx or MacPGP2.6.sea.hqx - Macintosh executable & documentation
macpgp26.src or MacPGP2.6.src.sea.hqx - Macintosh source code
mcpgp268.hqx or MacPGP2.6-68000.sea.hqx - Macintosh executable for 68000
pgp26os2.zip - OS/2 executable (may not be on the MIT archive)


RSA and IDEA algorithms licenced for personal and noncommercial use.
Uses RSAREF, which may not be modified without RSADSI permission.
Contains "time bomb" to start generating messages incompatible with PGP 2.3
and 2.4 on 1 September 1994 as an incentive for people to not use PGP 2.3a in
the USA, which RSADSI claims infringes on their patents.  Mac versions are
not yet Applescriptable.  This version is not intended for export from the
USA and Canada due to the USA's International Traffic in Arms Regulations and
Canada's corresponding regulations.

You can also get MIT PGP 2.6 from:

ftp.csn.net/mpj
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26.zip
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26src.zip
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26os2.zip
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26src.tar
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/mac
        MacPGP2.6.sea.hqx
        MacPGP2.6.src.sea.hqx
        MacPGP2.6-68000.sea.hqx
    ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/amiga/
        pgp26-amiga0b0.6-000.lha
        pgp26-amiga0b0.6-020.lha
        pgp26-amiga0b0.6-src.lha
	amiga.txt
    See ftp://ftp.csn.net/mpj/README.MPJ for the ???????
    See ftp://ftp.csn.net/mpj/help for more help on negotiating this site's
    export control methods.

ftp.netcom.com/pub/mpj
    ftp://ftp.netcom.com/mpj//I_will_not_export/crypto_???????/pgp/pgp26.zip
    ftp://ftp.netcom.com/mpj//I_will_not_export/crypto_???????/pgp/pgp26src.tar
    ftp://ftp.netcom.com/pub/mpj/I_will_not_export/crypto_???????/pgp/
        MacPGP2.6.sea.hqx
    ftp://ftp.netcom.com/pub/mpj/I_will_not_export/crypto_???????/pgp/
        MacPGP2.6.src.sea.hqx
        MacPGP2.6-68000.sea.hqx
    See ftp://ftp.netcom.com/pub/mpj/README.MPJ for the ???????
    See ftp://ftp.netcom.com/pub/mpj/help for more help on negotiating this 
    site's export control methods.
    TO GET THESE FILES BY EMAIL, send mail to ftp-request at netcom.com
    containing the word HELP in the body of the message for instructions.  
    You will have to work quickly to get README.MPJ then the files before 
    the ??????? part of the path name changes again (several times a day).

ftp.eff.org
    Follow the instructions found in README.Dist that you get from one of:
    ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/README.Dist
    gopher.eff.org, 1/Net_info/Tools/Crypto
    gopher://gopher.eff.org/11/Net_info/Tools/Crypto
    http://www.eff.org/pub/Net_info/Tools/Crypto/

Colorado Catacombs BBS
    Mike Johnson, sysop
    Mac and DOS versions of PGP, PGP shells, and some other crypto stuff.
    Also the home of some good Bible search files and some shareware written
    by Mike Johnson, including DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP, MDIR,
    DELETE, PROVERB, SPLIT, ONEPAD, etc.
    v.FAST/v.32bis/v.42bis, speeds up to 28,800 bps
    8 data bits, 1 stop, no parity, as fast as your modem will go.
    Use ANSI terminal emulation, of if you can't, try VT-100.
    Free access to PGP.  If busy or no answer, try again later.
    Log in with your own name, or if someone else already used that, try
    a variation on your name or pseudonym.  You can request access to 
    crypto software on line, and if you qualify legally under the ITAR,
    you can download on the first call.
    Download file names:  pgp26.zip (DOS version with documentation)
                          pgp26src.tar (Unix version and source code)
                          pgp26doc.zip (Documentation only -- exportable)
                          macpgp26.hqx (MacPGP executables, binhexed .sea)
                          macpgp26.src (MacPGP source, binhexed .sea)
			  mcpgp268.hqx (MacPGP executables, binhexed .sea for
                                        68000 processor).
    (303) 772-1062  Longmont, Colorado number - 2 lines.
    (303) 938-9654  Boulder, Colorado number forwarded to Longmont number
                    intended for use by people in the Denver, Colorado area.
    Verified: This morning.

Other BBS and ftp sites do have these files, as well.  I noticed that
PGP26.ZIP is being distributed on FIDONET.


WHERE CAN I GET PGP FOR USE OUTSIDE OF THE USA?

The latest for outside the USA is the "Unofficial International" PGP 2.6 for
most platforms, MacPGP 2.3aV1.2 for the Mac (although 2.6ui is under
development and should appear very soon), and 2.3a3 for the Amiga.  The
latest amiga version is fully compatible with MIT's PGP 2.6.

Copyrighted freeware.  
Version 2.6ui released by mathew at mantis.co.uk.
Amiga version 2.3a3 released by Peter Simons <simons at peti.gun.de>

These versions do NOT use RSAREF.  No RSA patent problems outside the USA, but
this version is not legal for commercial or extensive personal use in the
USA.  IDEA licensed for presonal use only in countries where the IDEA patent
holds.

The freeware version of PGP is intended for noncommercial, experimental, and
scholarly use.  It is available on thousands of BBSes, commercial information
services, and Internet anonymous-ftp archive sites on the planet called
Earth.  This list cannot be comprehensive, but it should give you plenty of
pointers to places to find PGP.  Although the latest freeware version of PGP
was released from outside the USA (England), it is not supposed to be
exported from the USA under a strange law called the International Traffic in
Arms Regulations (ITAR).  Because of this, please get PGP from a site outside
the USA if you are outside of the USA and Canada.  Even though the RSAREF
license associated with PGP 2.6 from MIT no longer prohibits use outside the
USA, it still carries the not-for-profit restriction that the original RSA
code in PGP 2.6ui doesn't have.  On the other hand, patents on the IDEA
cipher may limit PGP use in your country to nonprofit applications, anyway. 
Indeed, I understand that there are some countries where private electronic
mail is not legal, anyway.

These listings are subject to change without notice.  If you find that PGP has
been removed from any of these sites, please let me know so that I can update
this list.  Likewise, if you find PGP on a good site elsewhere (especially on
any BBS that allows first time callers to access PGP for free), please let me
know so that I can update this list.

Source code (gzipped tar format):
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26ui-src.tar.gz
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26ui-src.tar.gz.sig
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26ui-src.tar.gz
     * _IT:_
      ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26ui-src.tar.gz.sig.gz
     * _TW:_ ftp://nctuccca.edu.tw/PC/wuarchive/pgp/pgp26ui-src.tar.gz
     * _TW:_ ftp://nctuccca.edu.tw/PC/wuarchive/pgp/pgp26ui-src.tar.gz.sig.gz

Source code (zip format):
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uis.sig
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uis.zip
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uis.sig
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uis.zip
     * _TW:_ ftp://nctuccca.edu.tw/PC/wuarchive/pgp/pgp26uis.zip

Executable for DOS (zip format):
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uix.sig
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uix.zip
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uix.sig
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uix.zip

MacIntosh:
     * _DE:_
         ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/mac
               /MacPGP2.6ui_beta.sit.hqx
     * _IT:_
ftp://ftp.dsi.unimi.it/pub/security/PGP/MacPGP2.6ui_V1.2sources.cpt.hqx

Other sites to look for the above mentioned files at:

    ftp.informatik.uni-hamburg.de
      /pub/virus/crypt/pgp                  <---- a good collection!
    ftp.ee.und.ac.za
      /pub/crypto/pgp
    soda.berkeley.edu
      /pub/cypherpunks/pgp (DOS, MAC)
    ftp.demon.co.uk
      /pub/amiga/pgp
      /pub/archimedes
      /pub/pgp
      /pub/mac/MacPGP
    ftp.informatik.tu-muenchen.de
    ftp.funet.fi
    ftp.dsi.unimi.it
      /pub/security/crypt/PGP
    ftp.tu-clausthal.de (139.174.2.10)
    wuarchive.wustl.edu
      /pub/aminet/util/crypt
    src.doc.ic.ac.uk (Amiga)
      /aminet
      /amiga-boing
    ftp.informatik.tu-muenchen.de
      /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2)
    black.ox.ac.uk  (129.67.1.165)
        /src/security/pgp23A.zip     (MS-DOS executables & docs)
        /src/security/pgp23srcA.zip  (Unix, MS-DOS, VMS, Amiga sources,
                                      docs, info on building PGP into
                                      mailers, editors, etc.)
        /src/security/pgp23A.tar.Z   (Same as PGP22SRC.ZIP, in Unix tar
                                      format)
        /src/security/macpgp2.3.cpt.hqx     (Macintosh version)

    iswuarchive.wustl.edu
      pub/aminet/util/crypt (Amiga)

    ftp.csn.net
      /mpj/public/pgp/ contains PGP shells, faq documentation, language kits.

    ftp.netcom.com
      /pub/dcosenza -- Non-mainstream variants on PGP with huge keys sizes.
      /pub/gbe/pgpfaq.asc -- frequently asked questions answered.
      /pub/qwerty -- How to MacPGP Guide, largest steganography ftp site as
                     well.  PGP FAQ, crypto FAQ, US Crypto Policy FAQ,
                     Steganograpy software list. MacUtilites for use with 
                     MacPGP.  Stealth1.1 + other steganography programs.
                     Send mail to qwerty at netcom.com with the subject
                     "Bomb me!" to get the PGP FAQ and MacPGP guide if you
                     don't have ftp access.

    nic.funet.fi  (128.214.6.100)
        /pub/crypt/pgp23A.zip
        /pub/crypt/pgp23srcA.zip
        /pub/crypt/pgp23A.tar.Z

    van-bc.wimsey.bc.ca  (192.48.234.1)
        /m/ftp2/crypto/RSA/PGP/2.3a/pgp23A.zip
        /m/ftp2/crypto/RSA/PGP/2.3a/pgp23srcA.zip

    ftp.uni-kl.de (131.246.9.95)
    qiclab.scn.rain.com (147.28.0.97)
    pc.usl.edu (130.70.40.3)
    leif.thep.lu.se (130.235.92.55)
    goya.dit.upm.es (138.4.2.2)
    tupac-amaru.informatik.rwth-aachen.de (137.226.112.31)
    ftp.etsu.edu (192.43.199.20)
    princeton.edu (128.112.228.1)
    pencil.cs.missouri.edu (128.206.100.207)

StealthPGP:

    The Amiga version can be FTP'ed from the Aminet in 
    /pub/aminet/util/crypt/ as StealthPGP1_0.lha.

Also, try an archie search for PGP using the command:

    archie -s pgp26  (DOS & Unix Versions)
    archie -s pgp2.6 (MAC Versions)

ftpmail:

For those individuals who do not have access to FTP, but do have access
to e-mail, you can get FTP files mailed to you.  For information on
this service, send a message saying "Help" to ftpmail at decwrl.dec.com.
You will be sent an instruction sheet on how to use the ftpmail
service.

Another e-mail service is from nic.funet.fi. Send the following mail message
to mailserv at nic.funet.fi:

    ENCODER uuencode
    SEND pub/crypt/pgp23srcA.zip
    SEND pub/crypt/pgp23A.zip

This will deposit the two zipfiles, as 15 batched messages, in your mailbox
with about 24 hours.  Save and uudecode.

For the ftp sites on netcom, send mail to ftp-request at netcom.com containing
the word HELP in the body of the message.


World Wide Web URLs:

(Thanks to mathew at mantis.co.uk)

     _________________________________________________________________
   
  MACPGP 2.3
  
    Program
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.3.cpt.hqx
     * _UK:_ ftp://black.ox.ac.uk/src/security/macpgp2.3.cpt.hqx
     * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/macpgp2.3.cpt.hqx
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/macpgp2.3.cpt.hqx
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3.cpt.hqx
     * _US:_
       ftp://soda.berkeley.edu/pub/cypherpunks/pgp/macpgp2.3.cpt.hqx.gz
       
    Source code
    
   Requires Think C.
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.2src.sea.hqx --
       version 2.2 only
     * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/macpgp2.3src.sea.hqx.pgp
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3src.sea.h
       qx.pgp
       
    Documentation
    
   PGP is rather counter-intuitive to a Mac user. Luckily, there's a
   guide to using MacPGP in
   ftp://ftp.netcom.com/pub/qwerty/Here.is.How.to.MacPGP.
     _________________________________________________________________
   
  OS/2 PGP
  
   You can, of course, run the DOS version of PGP under OS/2.
   
     * _DE:_
ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/2.6ui/pgp26ui-os2.zip
       
     * _US:_
ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26os2.zip
ftp://ftp.csn.net/mpj/README.MPJ for the ???????
       
   
     _________________________________________________________________
   
  AMIGA PGP
     * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a_3.lha
     * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a_3.lha
       
    Source
     * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a3_src.lha
     * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a3_src.lha
       
   
     _________________________________________________________________
   
  ARCHIMEDES PGP
     * _UK:_ ftp://ftp.demon.co.uk/pub/archimedes/ArcPGP23a
       
   
     _________________________________________________________________
   
  DOCUMENTATION ONLY
  
     * _US:_ ftp://net-dist.mit.edu/pub/PGP/pgp26doc.zip
     * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26doc.zip
     * _US:_ ftp://ftp.netcom.com/pub/mpj/public/pgp/pgp26doc.zip
     * _US:_ ftp://ftp.ftp.csn.net/mpj/public/pgp/pgp26doc.zip
       
   
     _________________________________________________________________
   
  LANGUAGE MODULES
  
   These are suitable for most PGP versions.  I am not aware of any
   export/import restrictions on these files.
   
    German
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_german.txt
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_german.txt
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/PGP_german_docs.lha
 
    Italian
     * _IT:_ 
     ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.italian.tar.gz
     * _FI:_
     ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/PGP/pgp-lang.italian.tar.gz
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.italian.tar.gz
     
    Japanese
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-msgs-japanese.tar.gz

    Lithuanian
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp23ltk.zip

    Russian
     * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26ru.zip (MIT version)
     * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26uir.zip (ui version)
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp26ru.zip
 
    Spanish
     * _IT:_ 
     ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.spanish.tar.gz
     * _FI:_
       ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.tar.gz
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.spanish.tar.gz
      
    Swedish
     * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_swedish.txt
     * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_swedish.txt

  
     _________________________________________________________________
   
  OTHER SITES
  
   Some cryptographic software is available from
   ftp://van-bc.wimsey.bc.ca/pub/crypto/software/. 
   Read the README file and proceed from there.
 

BBS sites:

    Colorado Catacombs BBS
    (See also the entry above for PGP 2.6)
    (303) 772-1062 Longmont, Colorado (2 lines)
    (303) 938-9654 Boulder, Colorado (free call from Denver CO, but 1 line)
    For free access: log in with your own name, answer the questions, then
    select [Q]uestionaire 3 from the [M]ain menu.
    Verified: This morning.

    Hieroglyphics Voodoo Machine (Colorado)
    DOS, OS2, and Mac versions.
    (303) 443-2457
    Verified: 5-2-94
    For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO"
    with the password "NEW" (good for 30 minutes access to free files).

    Exec-Net (New York)
    Host BBS for the ILink net.
    (914) 667-4567

    The Ferret BBS (North Little Rock, Arkansas)
    (501) 791-0124   also   (501) 791-0125
    Special PGP users account:
    login name: PGP USER
    password:   PGP
    This information from: Jim Wenzel <jim.wenzel at grapevine.lrk.ar.us>

If you find a version of the PGP package on a BBS or FTP site and it does not
include the PGP User's Guide, something is wrong.  The manual should always
be included in the package.  If it isn't, the package is suspect and should
not be used or distributed.  The site you found it on should remove it so
that it does no further harm to others.


ARCHIE WHO?

There are many more sites.  You can use archie and/or other "net-surfing"
tools to find a more up-to-date listing, if desired.


- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.4

mQCNAi0aFSUAAAEEAOCOKpaLepvJCFgIR4m+UvZe0IN8g7Guwc+6GH4u6UGTPxQO
iAhk/MJ7E8LE4c55A1G8to2W4y3aKAHvi9QCYKnsLV8Ag0BYWo3bGGTPEfkS7NAI
N+Zy6vSjuF1D6MUnbvrQJ5p4efz7a28iYRKoAdan2bfnvIYWUD9nBjyFM+vFAAUR
tDdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajQgW2V4cCAz
MSBEZWMgOTRdiQCVAgUQLTqfXj9nBjyFM+vFAQGU7wP/ZuuHfdAnCIblNCtbLLG8
39CSg6JIVa3KWfe0WIz6dXFU3cvl2Wt094kJgZ+Nmq01INWlib2lTOznbkA9sV1W
q0aJSBHFWQH29qGmIdEqThs7A5ES2w8eRjJD80lxHodRIkBcC5KI6x4Mxo8cib5V
BrwsvtG0+81HD6Mrpvc+a0GJAJUCBRAtJc2rZXmEuMepZt0BAe4hA/9YANYPY4Z3
1pXv2mT6ReC09cZS5U3+xxC5brQdLsQGKuH6QVs/b5oc6NV84sh8A9tZyHG2067o
3XIEyN7PPQzRm2UUnHHqw9lBCNhMiFQsAJi4W+m8zXrVrpJWK0Wv61eV2/XIQl0V
d4lxu0r+MNRP6ID6FBzA4C9rO+RYEZmwOIkAlQIFEC0aGRzb/VZRBVJGuQEBfaUD
/3c2h//kg843OIcYHG4gMDqdeeZLzGlp3RVvh0Rs3/T0YylJZGjPL2L/BF/vfLlB
9E2Urh9mDG/7hiB5FncrUnkmN63IkSj+K9YyfPyYxBVx06Srj8ZzYynh0N+zledd
6cnwxRXhaD3Wc4EfSNR7BH9M2rjkGzyb5to9cgBb0ng+
=BLg5
- -----END PGP PUBLIC KEY BLOCK-----

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAi4PT2QAAAEEAPPCZnrshEJ9PSnV+mXEwjM4kzJF0kyg2MnLMzo83vWI40ei
jogncqdkXT0c2TQWg+Bsu9ckFoXdId0utumYv0aqd8yI/oU/DwJ1zJrqRL2PFbxe
ZLofHoKFjvq1TiNiJq9ps3jW6iYS4IU1SzyKhjmyE+K0+WyrPPX0zg8FAL9FAAUR
tCdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajiJAJUCBRAu
D1m7P2cGPIUz68UBASsjA/wO5L/dQtWWSEbZGwvZPZbFjoDpzvMBvGxjGo2nKOOu
WeZZVg/mPEAjHUlnKMLTgRn1tFr9W2dbnm3gqYNS+uqSewvgThMa5ID6kVQrLSy4
lXqyhnkjmaN8l7cWCmF+5h0D6x6ffHn+31BuCIikvkvs55hsaScK1bB2UZYSd4V1
LIkAlQIFEC4PWXn19M4PBQC/RQEBQUwEAIeLuFbp+1oT7i+n7F4l5qWmhn3i7Xd2
4kY/2jjABtXh7oVXVno8e9aK5sik3TQdmFeem6bBNyUPyoQbmA6NDUpEZ6njNkvh
H+2mRIOkOOLlxudqagmVJXbQnmHzrN2iwkfUjJXOmN85qUsAdcCj9OfrTfc67jWF
SigS1hCBQGO1tCtNaWNoYWVsIFBhdWwgSm9obnNvbiA8bS5wLmpvaG5zb25AaWVl
ZS5vcmc+tCBNaWNoYWVsIEpvaG5zb24gPG1wakBuZXRjb20uY29tPrQoTWlrZSBK
b2huc29uIDw3MTMzMS4yMzMyQGNvbXB1c2VydmUuY29tPrQrTWljaGFlbCBQLiBK
b2huc29uIDxtcGpvaG5zb0BueXguY3MuZHUuZWR1PrQtRG8gbm90IHVzZSBmb3Ig
ZW5jcnlwdGlvbiBhZnRlciAyNyBKdW5lIDE5OTYu
=1B8+
- -----END PGP PUBLIC KEY BLOCK-----

                  ___________________________________________________________
 |\  /| |        |                                                           |
 | \/ |o|        | Michael Paul Johnson  Colorado Catacombs BBS 303-772-1062 |
 |    | | /  _   | mpj at csn.org aka mpj at netcom.com m.p.johnson at ieee.org       |
 |    |||/  /_\  | ftp://ftp.csn.net/mpj/README.MPJ          CIS: 71331,2332 |
 |    |||\  (    | ftp://ftp.netcom.com/pub/mpj/README.MPJ  -. --- ----- ....|
 |    ||| \ \_/  |___________________________________________________________|

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQCVAgUBLg9jvD9nBjyFM+vFAQFK4gQAuBM4AYkrMk5wI4M40AUqAxrY/8rybYKO
U9lzypAQsNQNYMAot2Y+iCZQo1G3axEdyvxLb7Dwp5HDx4j/paQ866mHWX4nHOlA
7PXJv1jV9c+acnr8Z/cc7H3LiZ7UX1FaXmqoWGX1oRDdhCkLgLKtc6DPlsCNYaBR
Z18e6nKFd3s=
=j240
-----END PGP SIGNATURE-----





From rah at shipwright.com  Mon Jun 27 17:01:10 1994
From: rah at shipwright.com (Robert Hettinga)
Date: Mon, 27 Jun 94 17:01:10 PDT
Subject: Brits propose internet voting
Message-ID: <199406280001.UAA04655@zork.tiac.net>


The brits have the "american" disease, only they've done us one better.

I just got through listening to the BBC World Service.  It seems that some
official commission or other over there proposed the Information
Infrastructure thang with a couple of twists: polling and elections.  They
said that they could save mucho dinero by having people vote from home.
Looks like someone over there did their crypto homework...

Even cited Mr. Bill's (Clinton, not Gates) email address as a Good Thing.

What's next, er at bpalace.gov, gov? <hyuk>

Seriously, they couldn't be talking about this election thing unless they
knew it was possible (no star wars flames, please).  I wonder who put the
bug in their ear?  If anyone finds a copy of this report online (fat
chance, I bet) let me know.

Cheers,
Bob

-----------------
Robert Hettinga  (rah at shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923







From hayden at vorlon.mankato.msus.edu  Mon Jun 27 17:52:49 1994
From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden)
Date: Mon, 27 Jun 94 17:52:49 PDT
Subject: Regional Lists
Message-ID: <Pine.3.89.9406271952.A1312-0100000@vorlon.mankato.msus.edu>


A month or so back, there was a brief discussion talking about the 
production of a cypherpunks net.book.  Out of that discussion I talked 
about the fact that I (would) have a workstation available to provide a 
platform for various mailing lists if they were needed.

On of the suggestions that was made by Eric was that it might be a 'good 
thing'{tm} to creat some regional cypherpunk lists to facilitate the 
planning of physical meetings, to make announcements about speakers, or 
whatever.

In any case, I have the computer up and running, and am now in a position 
to create whatever cypherpunk mailing lists might be wanted or needed.  
So, does anyone have anything they'd want a mailing list for?

____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or Blue Earth County
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From tcmay at netcom.com  Mon Jun 27 18:28:30 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 27 Jun 94 18:28:30 PDT
Subject: Regional Lists
In-Reply-To: <Pine.3.89.9406271952.A1312-0100000@vorlon.mankato.msus.edu>
Message-ID: <199406280128.SAA26784@netcom9.netcom.com>


> 
> A month or so back, there was a brief discussion talking about the 
> production of a cypherpunks net.book.  Out of that discussion I talked 
> about the fact that I (would) have a workstation available to provide a 
> platform for various mailing lists if they were needed.
> 
> On of the suggestions that was made by Eric was that it might be a 'good 
> thing'{tm} to creat some regional cypherpunk lists to facilitate the 
> planning of physical meetings, to make announcements about speakers, or 
> whatever.
> 
> In any case, I have the computer up and running, and am now in a position 
> to create whatever cypherpunk mailing lists might be wanted or needed.  
> So, does anyone have anything they'd want a mailing list for?
> 
> ____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu

I know of, and am supposedly subscribed to, several such sub-lists:

-meeting plans, or somesuch, devoted to planning regional meetings

-DC-Nets (Austin...and I may also be on the "Austin-Cyperpunks" list,
or at least I recall sending in my subscribe notice a year or so ago)

-Hardware Punks (for those interested in RNGs, phones, boxes, etc.)
 
-LA meetings (Jay Prime Positive)

-DC area meetings (I think this is one I got on, but maybe not)

-Lib Tech or Tech Lib (Nick Szabo)

(Sorry for not having the precise names...the lists are mostly so
dormant that their names are a blur. Everytime a new mailing sublist
was announced, I got on it.)


All of these specialized mailing lists have nil traffic, for whatever
reasons. Draw your own conclusions.

The "Cypherpunks Book" is another matter, one we've discussed. Having
a "workstation" available is absolutely the least important thing
involved.

Vincent Cate and others are already doing a fine job of making URLs
available, and the writing of book-length stuff is not something
easily done. I know, because I'm still trying to finish a book-length
document filled with fine-granularity stuff (a different task than
linking some number of essays and articles together with URLs for
Mosaic/Lynx browsers to access). (About 300K of text.)

I hope these blunt remarks do not cause more cries that I am being a
wet blanket.

--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From hayden at vorlon.mankato.msus.edu  Mon Jun 27 18:31:02 1994
From: hayden at vorlon.mankato.msus.edu (Robert A. Hayden)
Date: Mon, 27 Jun 94 18:31:02 PDT
Subject: Regional Lists
In-Reply-To: <199406280128.SAA26784@netcom9.netcom.com>
Message-ID: <Pine.3.89.9406272001.A1731-0100000@vorlon.mankato.msus.edu>


On Mon, 27 Jun 1994, Timothy C. May wrote:

> The "Cypherpunks Book" is another matter, one we've discussed. Having
> a "workstation" available is absolutely the least important thing
> involved.

I wasn't trying to do anyting additional on the 'cypherpunks book' idea, 
as I see better and more capable people doing better projects already, I 
just mentioned it to give this whoel thing a time frame. :-)

____        Robert A. Hayden       <=> hayden at vorlon.mankato.msus.edu
\  /__          -=-=-=-=-          <=>          -=-=-=-=-
 \/  /  Finger for Geek Code Info  <=> I do not necessarily speak for the
   \/   Finger for PGP Public Key  <=> City of Mankato or Blue Earth County
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1)  GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
		       n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)






From norm at netcom.com  Mon Jun 27 19:36:38 1994
From: norm at netcom.com (Norman Hardy)
Date: Mon, 27 Jun 94 19:36:38 PDT
Subject: Archives?
Message-ID: <199406280236.TAA06928@netcom.netcom.com>


At 13:21 1994/06/22 -0600, Roger Bryner wrote:
>Hello, 
>Are there archives for this mailing list?
...
Probably at NSA.







From nate at VIS.ColoState.EDU  Mon Jun 27 19:41:49 1994
From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons)
Date: Mon, 27 Jun 94 19:41:49 PDT
Subject: WANTED: roommate for defcon
Message-ID: <9406280241.AA14143@matisse.VIS.ColoState.EDU>



Wanted: a roommate for the weekend at defcon.  Just let me sleep
on the floor and I'll pay part of the bill.

Also, I am not an axe-murderer! (what a deal!)

-nate

-- 
+-----------------------------------------------------------------------+
| Nate Sammons <nate at VIS.ColoState.Edu> <nate at yuma.ANCS.ColoState.Edu>  |
|      Colorado State University Computer Visualization Laboratory      |
|    Data Visualization/Interrogation, Modeling, Animation, Rendering   |
+-----------------------------------------------------------------------+




From jpinson at fcdarwin.org.ec  Mon Jun 27 19:52:34 1994
From: jpinson at fcdarwin.org.ec (jpinson at fcdarwin.org.ec)
Date: Mon, 27 Jun 94 19:52:34 PDT
Subject: Tom Clancy's Random Number Generator..
Message-ID: <9406280251.AA15206@toad.com>


There have been some recent discussions on the list about generating
random number using "thermal" noise from diodes and from radio
receivers.

I thought some of you might be interested in this fictional 
depiction of a Random Number Generator from Tom Clancy's book 
"The Sum of all Fears".  The story also touches on the topic of 
distributing OTP's on CD-ROMS, a topic discussed some time back 
on this list.


-------- story by Tom Clancy, typos by me....--------

"Tell me about it. I haven't been briefed in"

"Essential it's our own version of the TAPDANCE. It's a one-time 
pad with transpositions stored on laser-disk CD ROM.  The 
transpositions are generated from atmospheric radio noise, then 
super encrypted with noise from later in the day - atmospheric 
noise is prety random, and by using two separate sets of the 
noise, and using a computer-generated random algorithm to mix the 
two, well, the mathematicians say that's as random as it gets.  
The transpositions are generated by computer and fed onto laser 
disks in realtime.  We use a different disk for everyday of the 
year.  Each disk is unique, two copies only, one to the station, 
one in MERCURY- no backups.  The laser-disk reader we use at both 
ends looks normal, but has a beefed-up laser, and as it reads the 
transposition codes from the disk it also burns them right off 
the plastic.  When the disk is used up, or the day ends- and the 
day will end first, since we're talking billions of characters 
per disk- the disk is destroyed by baking it in a microwave oven.  
That takes two minutes.  It ought to be secure as hell.  It can 
only be compromised at three stages: fist when the disks ar 
manufactured; second, from disk-storage here,: third, from disk 
storage at each station.  Compromise of one station does not 
compromise anyone else. .....

---------- end of quoted material

(ciphers were discussed several times in the book, but I won't
take up bandwidth to reproduce them all)

Jim Pinson              Galapagos





From mech at eff.org  Mon Jun 27 19:53:55 1994
From: mech at eff.org (Stanton McCandlish)
Date: Mon, 27 Jun 94 19:53:55 PDT
Subject: EFFector Online 07.11 - House vote on NII bills, OR ISDN, Clipper news
Message-ID: <199406280251.WAA11627@eff.org>


=========================================================================
  ________________             _______________          _______________
 /_______________/\           /_______________\        /\______________\
 \\\\\\\\\\\\\\\\\ \          |||||||||||||||||       / ////////////////  
  \\\\\\\\\\\\\\\\\/          |||||||||||||||||      / ////////////////
   \\\\\\_______/\            ||||||_______\        / //////_____\  
    \\\\\\\\\\\\\ \           ||||||||||||||       / /////////////
     \\\\\\\\\\\\\/____       ||||||||||||||      / ///////////// 
      \\\\\___________/\      |||||              / ////   
       \\\\\\\\\\\\\\\\ \     |||||             / ////  
        \\\\\\\\\\\\\\\\/     |||||             \////

=========================================================================
EFFector Online Volume 07 No. 11      June 27, 1994       editors at eff.org
A Publication of the Electronic Frontier Foundation        ISSN 1062-9424

In This Issue:

ALERT: Open Platform Update - House Vote on HR3636, HR3626 06/28/94
Oregon PUC Request for Comments on ISDN Deployment
House Intelligence Committee Just Says No to Crypto Export
Republican Party Texas Denouces Clipper, DigTel, and ITAR Regs
PSI and Canter & Siegel Negotiate Net Access: No Spamming
SunFlash E-Journal Call for Papers: "UNIX and the Law" Symposium
"How Do I Get the Most Current EFFector?"
What YOU Can Do

----------------------------------------------------------------------


Subject: ALERT: Open Platform Update - House Vote on HR3636, HR3626 06/28/94
----------------------------------------------------------------------------

EFF OPEN PLATFORM UPDATE                                   JUNE 27, 1994


        House Prepares to Vote on Landmark Communications Bills
         EFF's Open Platform Language Remains a Central Aspect


        On June 28, 1994, the full House of Representatives will vote on
landmark telecommunications legislation.   Two bills will be considered:
H.R. 3636, the "National Communications and Information Infrastructure Act
of 1994" (which contains EFF's Open Platform Proposal), and H.R. 3626, the
"Antitrust and Communications Reform Act of 1994" (which will  permit RBOCs
- local-loop telephone companies - to re-enter the long distance,
manufacturing, and information services markets).  Together, these bills
represent the most dramatic restructuring of communications law in more
than 60 years.  
        
Both bills are expected to pass easily, but your supporting faxes and
calls to your Representatives are still important.  See ftp.eff.org, 
/pub/EFF/Issues/Activism/govt_contact.list for a full list of Congressional
fax numbers.

        
H.R. 3636, THE NATIONAL COMMUNICATIONS COMPETITION AND INFORMATION
INFRASTRUCTURE ACT OF 1994

H.R. 3636 seeks to promote the development of the National
Information Infrastructure (NII) through a combination of increased
competition and a new regulatory framework.  The bill would require local
telephone monopolies to provide equal access and interconnection to their
network, remove restrictions preventing telephone companies from providing
video services, and preserve and enhance the universal provision of
telecommunications services at affordable rates.  

There have been no major changes to the legislation since it was
marked up by the Energy and Commerce Committee on March 16, 1994.

Key points of the bill are analyzed below:

*       OPEN PLATFORM SERVICE

EFF believes that open platform service, available to all Americans
in the near-term at low cost, is key to promoting the democratic potential
of the NII.    Open platform service is designed to give residential and
commercial subscribers access to voice, data, and video services over
digital lines on a switched, end-to-end basis.  With open platform service
widely available, individuals and organizations would have access to a
variety of important applications, including  telemedicine, telecommuting, 
and distance learning.  Open Platform services enable any user on the
network to reach any other user or information source on the network,
without having to pass through any bottlenecks that might be erected by
vertically integrated network operators.  Today, many carriers are only
building capacity for primarily one-way services such as video-on-demand,
home shopping, and 500 channels of entertainment.  Open platform
architecture is a strong safeguard against anti-competitive behavior and
will promote the First Amendment goal of access to a diversity of
information sources.
         
EFF has been working closely with Rep. Markey and other members of
the House Telecommunications Subcommittee to ensure that the open platform
philosophy was incorporated in NII legislation.

Open platform service, as defined in section 101 (3)(ii) of H.R.
3636, refers to -- 

        ...a switched, end-to-end digital telecommunications service that 
        is subject to Title II of [the Communications Act of 1934: Common 
        Carriers]; and that (1) provides subscribers with sufficient 
        network capability to access multimedia information services, 
        (2) is widely available throughout a State, (3) is provided 
        based on industry standards, and (4) is available to all 
        subscribers on a single line basis upon reasonable  request.

Section 102 (d)(3) of H.R. 3636 directs the FCC to conduct an inquiry in
order to determine what regulations and policies are necessary to make open
platform service available to subscribers at reasonable rates.  Based on
the inquiry, the FCC is then directed to prescribe regulations to ensure
the deployment of open platform services.  The FCC may also require
carriers to file tariffs for open platform service as soon as such service
is economically feasible and technologically reasonable.  
        
The FCC is also directed to establish procedures for granting carriers a
temporary waiver from complying with the open platform requirements. 
Carriers would be granted a waiver if they could demonstrate that
compliance with the open platform requirements would (1) be economically or
technically infeasible, or (2) would materially delay the deployment of new
facilities with improved capabilities or efficiencies that will be used to
meet the requirements of open platform services.

Access to open platform service at affordable rates is also a key
part of the definition of universal service in H.R. 3636.

*       UNIVERSAL SERVICE

Universal access to telephone service has long been a cornerstone
of Federal and State telecommunications regulatory policies.  Because
residential local telephone service is provided by a monopoly carrier,
maintaining universal service has not been difficult.  As the ability to
participate in society becomes increasingly more dependent on access to
information, the need to preserve and maintain universal service becomes
more and more important.  However, as competition in the local exchange
increases the diversity of communications services providers, the old
systems for maintaining universal service will become more and more
ineffective.  H.R. 3636 seeks to establish a mechanism that ensures
universal service is preserved as competition increases in the
telecommunications market.
        
H.R. 3636 does not attempt to establish a statutory definition of
universal service.  Instead, the bill establishes a process which allows
the definition of universal service to evolve as new technologies and
services emerge.

Federal-State Joint Board to Determine the Definition of Universal Service  

The bill establishes a Federal-State Joint board (composed of
representatives from the FCC and State public utility commissions) to
determine what policies and regulations are necessary to preserve and
enhance universal service.  In determining the nature and extent of
universal service, the Federal-State board is directed to consider several
factors.  These include the extent to which:
        
(1) a telecommunications service has, through the operation of market
choices by customers, been subscribed to by a substantial majority
of residential customers; (2) the possibility that denial of access to such
service to any individual would unfairly deny that individual educational
and economic opportunities; (3) such service has been deployed in the
public switched telecommunications network; and (4) inclusion of such
service within a carriers' universal service obligations is otherwise
consistent with the public interest, convenience, and necessity.      
        
The bill states that all providers of telecommunications services
should contribute to the preservation of universal service.


*       LOCAL COMPETITION: EQUAL ACCESS AND INTERCONNECTION

        In order to promote competition in the local telecommunications
market, H.R. 3636 requires local exchange carriers to provide equal access
and interconnection to their networks.  The equal access and
interconnection requirements will allow competitors, such as cable
companies, long distance providers, and others, to compete with local
telephone monopolies without requiring competitors to build their  local
network from scratch.  

Regulations Required

The bill directs the FCC to establish regulations that require
reasonable and nondiscriminatory equal access and interconnection with the
facilities of a local exchange carrier's network.  Such regulations must
allow a competitor to place any equipment necessary for interconnection to
the network on the premises of a local exchange carrier.  The FCC is also
directed to prescribe regulations requiring reasonable compensation to the
exchange carrier providing equal access and interconnection.

State Preemptions 

H.R. 3636 preempts existing State and local regulations prohibiting
competition in the local exchange, while maintaining a State's ability to
enforce consumer protection laws, protect public safety and welfare, and
regulate interstate rates and quality of service.
        
Exemptions 

Finally, small and rural telephone companies (those with fewer than
500,000 access lines) are not required to comply with the equal access and
interconnection requirements unless the FCC determines that complying would
not be unduly economically burdensome, unfairly competitive,
technologically infeasible, or otherwise not in the public interest.

*       PROVISION OF VIDEO SERVICES BY TELEPHONE COMPANIES      

H.R. 3636 removes restrictions preventing telephone companies from
providing video services within their service area.  In order to provide
video services within its service area, a telephone company would be
required to: (1) establish a separate video programming affiliate; and (2)
establish a video platform.

Separate Video Programming Affiliate:

H.R. 3636 requires separate video programming affiliates to
maintain separate books and records from their affiliated telephone
company, and conduct its own separate promotion (with certain exceptions). 
The bill also contains prohibitions against cross subsidies.  The separate
affiliate requirements are intended to prevent a telephone from using its
power as a monopoly from impeding competition in the market.

Video Platform

H.R. 3636 requires any common carrier that provides video
programming to its subscribers in its telephone service area to establish a
video platform.  Any carrier establishing a video platform is required to
grant, on a nondiscriminatory basis, access to all bona fide requests for
carriage.  The FCC is also directed to prescribe regulations to prohibit
video platform providers from imposing discriminatory rates, terms, and
conditions on access to the video platform.

In order to promote competition in the delivery of video services,
H.R. 3636 also prohibits (with exceptions for small and rural areas) any
common carrier that provides telephone exchange service (or its affiliates)
from purchasing an existing cable system located within its telephone
service area.

Extension of Regulations to Other High Capacity Systems

This section extends the video platform requirements of H.R. 3636
to cable systems that operate switched broadband delivery systems.   Such
systems are required to establish a video platform, and are prohibited from
 discriminating among program providers with respect to carriage, and
requires that the rates and conditions for carriage of video programming
are just and reasonable

The FCC is also directed to study whether it is in the public
interest to extend the video platform requirements to other cable operators
though they may not have switched broadband video delivery systems.

*       INTERACTIVE SERVICES AND CRITICAL INTERFACES 
                (SET-TOP BOXES)

The bill states that set-top boxes and other interactive communications
devices may be "a critical gateway" to American homes and businesses.  The
bill states that,  "In order to promote diversity, competition, and
technological innovation among suppliers of equipment and services, it may
be necessary to make certain critical interfaces open and accessible to a
broad range of information providers",  the FCC is directed to identify
"critical interfaces" that allow end users to connect information devices
to networks and information service providers to transmit information to
end users.  

The bill directs the FCC to conduct an inquiry, to examine the
convergence of interactive technologies.   The FCC would examine the costs
and benefits of establishing open interfaces between, on the one hand, the
network provider and the set-top box, and on the other, between network
providers and information service providers.  The FCC would also determine
how to ensure the interoperability of converter boxes with interactive
networks.

The bill instructs this FCC to report to Congress within one year
of the date of enactment of this section on the results of its inquiry. 
Finally, the FCC is instructed to make such changes in its regulations as
deemed necessary in order to implement the findings of its inquiry.

*       BROADCAST SPECTRUM FLEXIBILITY

If the FCC decides to issue additional licenses for advanced television
services (such as HDTV) H.R. 3636 allows the FCC to prescribe regulations
that would permit broadcasters to use spectrum for "ancillary and or
supplementary services".   Such ancillary or supplementary services
will be treated as broadcast services and are subject to all regulations
applicable to broadcast services

*       PUBLIC ACCESS

H.R. 3636 requires the FCC to prescribe regulations to provide access for
the public on video platforms and cable systems at preferential rates.  The
FCC is directed to determine the appropriate capacity consistent with the
video platform requirements of the bill.  

*       CIVIC PARTICIPATION ON THE INTERNET

The bill directs the FCC in consultation with the NTIA, to conduct a study
of policies that will enhance civic participation on the Internet.  In
conducting this study, the FCC and NTIA are directed to request public
comment on whether common carriers should be required to provide citizens
with a flat rate service for gaining access to the Internet.

For More information on EFF's Open Platform Proposal, contact
Jerry Berman, Executive Director, <jberman at eff.org>
Danny Weitzner, Deputy Policy Director <djw at eff.org>
Jonah Seiger, Project Coordinator, <jseiger at eff.org>

For the most up-to date version of the bills and the reports, call the
Telecommunications Subcommittee at +1 202 226 2424

------------------------------


Subject: House Intelligence Committee Just Says No to Crypto Export
-------------------------------------------------------------------

June 15, the House Intelligence Committee deleted the provisions of the
Export Administration bill (HR3937, formerly HR3627) which would have allowed
the export of all mass-market encryption products and thus eliminated the
ITAR restrictions on most cryptographic material.

The Intelligence Committee substituted the cryptography study previously
adopted by the Senate.  So, instead of getting strong encryption in the
international information infrastructure, we'll get a nice big study to
read and debate.

The next phrase of this fight will be in the House Rules committee, which
will have the job of resolving the dispute between the Foreign Affairs
Committee, which approved the Cantwell bill, and the Intelligence Committee
version, which removed it.  The Rules Committee will decide which version,
if any, goes to the floor of the House for vote.

Stay tuned for further news and action alerts...

The members of the House Rules Committee are listed below.  You may wish
to send them letters and faxes supporting retention of the language
supporting the export of cryptographic products, in the version of the
bill passed by the House Foreign Affairs Cmte.

p st name                           phone            fax            position
______________________________________________________________________________
D MA Moakley, John Joseph           1-202-225-8273   1-202-225-7304 Cmte Chair
D SC Derrick, Butler                1-202-225-5301   na
R NY Solomon, Gerald B.H.           1-202-225-5614   1-202-225-1168
D CA Beilenson, Anthony             1-202-225-5911   na
D TX Frost, Martin                  1-202-225-3605   1-202-225-4951
R TN Quillen, James H.              1-202-225-6356   1-202-225-7812
D OH Hall, Tony P.                  1-202-225-6465   na
R CA Dreier, David                  1-202-225-2305   1-202-225-4745
R FL Goss, Porter J.                1-202-225-2536   1-202-225-6820
D MO Wheat, Alan                    1-202-225-4535   1-202-225-5990
R TN Gordon, Bart                   1-202-225-4231   1-202-225-6887
D NY Slaughter, Louise M.           1-202-225-3615   1-202-225-7822

------------------------------


Subject: Oregon PUC Request for Comments on ISDN Deployment
-----------------------------------------------------------

EFF will be filing comments in this inquiry and we encourage all
interested parties, especially those in Oregon, to do so as well.


Oregon Public Utility Commission
May 26, 1994
TO:  ALL INTERESTED PARTIES


The Public Utility Commission of Oregon has been sponsoring a series of
workshops concerning the deployment of an Integrated Services Digital
Network (ISDN) in Oregon. Through the workshop process, the Oregon ISDN
working group has established the feasibility of ISDN deployment by local
exchange carriers (LECs) within the state. The Commission now seeks
comments on ISDN deployment from the work group and any other interested
parties on the following issues and questions. If parties have comments on
any issues or concerns not covered in the questions, they are encouraged to
add them to the issues list.

Issues and Ouestions:

1.      Does the Commission have jurisdiction to compel the provision of
ISDN? Explain the basis of your position.

2.      What policies should the Commission adopt regarding the deployment
of ISDN? Should the Commission mandate deployment or encourage deployment
to be driven by customer demand?

3.      Should ISDN-based services be considered a replacement for, or an
evolution of, current services?

4.      Should all Oregon subscribers have access to ISDN? What policies
should be adopted concerning the general availability of ISDN to customers?

5.      Assuming that all central office switches in Oregon are either
digital or analog electronic, what network upgrades are necessary to deploy
ISDN?

6. What is the cost of these upgrades? Are these upgrades necessary
exclusively for ISDN, or will they be shared by other services? Explain.

7.      What digital switches are currently incapable of providing ISDN?
Are there plans for making them ISDN-capable? In what time frame?

8.      Are there methods of providing ISDN from ISDN-incapable switches?
Explain in detail.

9.      If overlay methods are used to provide ISDN in certain exchanges,
how will this affect the current structure of local, EAS, and toll services
within Oregon?

10.     What policies regarding ISDN standards should be adopted by the
Commission? Please explain.

11.     Should the Commission require that certain services or capabilities
be provided by ISDN? What are they? Why?

12.     What is the appropriate time frame for ISDN deployment in Oregon? Why?

13.     How should ISDN services be priced? Should there be a
residential/business price differential? Why?

14.     Should there be a voice/circuit data price differential? Why?

15.     Should there be flat rate/measured rate pricing options? Why?

16.     How should features be priced? Should they be provided in packages,
unbundled, or both? Why?

17.     How should the policies regarding ISDN be implemented by the
Commission? If tariff filings are required, what should they contain? Why?

18.     To which local exchange carriers should rules and policies on ISDN
apply? Why?

19.     Should the LECs be required to provide ISDN services in a manner
that is conducive to the competitive provision of ISDN? Why? If so, how?

20.     Should there be a mandated interconnection and interoperability of
competitively provided ISDN services? Why? If so, how and by whom?

21.     Are there any other aspects or characteristics of providing ISDN
that should be considered by the Commission? If yes, describe each and
explain why.

Please mail one copy of your comments by July 22, 1994, to:

     Woody Birko
     Oregon PUC
     550 Capitol St. NE
     Salem, OR 97310-1380

and one copy of your comments to everyone on the attached ISDN work group
mailing list. If you are not on the ISDN work group mailing list and would
like to receive a copy of everyone's comments, please call Woody Birko at
(503) 378-6122.

Reply comments should be mailed in a similar manner by August 30, 1994. The
next meeting of the Oregon ISDN work group is tentatively scheduled for
September 14, 1994, to discuss the comments and reply comments and to see
if a unified position paper can be written to the Commission on ISDN
deployment in Oregon.

If you have any questions concerning this, please call me at (503) 378-6122.

Wolodymyr Birko
Sr. Utility Engineering Analyst
Telecommunications Division
(503) 378-6122


------------------------------


Subject: Republican Party Texas Denouces Clipper, DigTel, and ITAR Regs
-----------------------------------------------------------------------

Partly in response to a widespread petition effort, conducted primarily
over the Internet, the Texas Republican Party has adopted a platform
supportive of electronic privacy, denoucing in one breath the ITAR crypto
export restrictions, the FBI's draft wiretapping bill, the Adminstration's
Escrowed Encryption Standard, and overly-broad cryptographic algorithm
patents.  

This is comes as something of a surprise given the unanimous House
Intelligence Committee Vote to retain export restrictions on cryptographic
products - a vote which included the ballot of Rep. Larry Combest (R/TX).
[see previous article in this issue] 

The relevant section of the RPT 1994 Platform is reproduced here:

"Electronic Privacy-The Party believes that no governmental trapdoor
encryption standards should be advanced for use in any civilian
communication system (eg Clipper Chip, Digital Telephony Act) and that the
US patent office should limit the RSA patent to allow individuals to secure
their own communications systems. We believe that encryption systems
publicly available outside the US should not be classified as munitions."

More info will follow when available.

------------------------------


Subject: PSI and Canter & Siegel Negotiate Net Access: No Spamming
------------------------------------------------------------------

Date: Thu, 23 Jun 1994 18:19:47 -0400
From: "Martin Lee Schoffstall" <schoff at us.psi.com

[This is just an informational forward, and is not an EFF document, nor
does it reflect official EFF positions or statements - mech at eff.org]


I'm sure this will provide for stimulating discussion...

 Marty
 -------


                              FOR IMMEDIATE RELEASE


    PSI AND CANTER & SIEGEL NEGOTIATE AGREEMENT ON FUTURE INTERNET ACCESS

June 23, 1994 - Herndon, VA - Performance Systems International, Inc.
(PSI), of Herndon Virginia, which provides Internet connection services
to more people and organizations than all other providers, today disclosed
that an interim agreement had been reached with Canter & Siegel (C&S), of
Phoenix, Arizona regarding the controversial C&S advertising over the
Internet and USENET.

Both firms concur that the continuing orderly evolution of the commercial
Internet must be preserved, and to that end, Canter & Siegel and PSI have
agreed to the following:

a) C&S will refrain from mass electronic postings of any unsolicited,
   non-contextual, non-topic advertisements to the USENET discussion group
   bulletin board system;   

b) C&S will refrain from mass postings of any unsolicited, non-contextual,
   non-topic advertisements using electronic mail or other TCP/IP Internet
   applications.

The worldwide Internet and USENET response to Canter & Siegel's activities
have been very strong. Many of the actions have been particularly virulent,
including the sending of "mail bombs". PSI has had first hand experience
where the actions in response to C&S were damaging to third parties. PSI
took a number of steps to remove these damaging situations as they occurred.
While the actions of C&S have been considered by many to be completely
inappropriate, the same is now being said about the actions in response to
C&S. Clearly, the ENTIRE situation needs to be amended and will take many
months, if not years, to settle out.

Better education will be key to Internet evolution with books like "NET
Etiquette" and the Internet Business Association (IBA) of Washington, DC
facilitating those changes. In addition, mediation and discussion instead
of unilateral confrontation, threats, and disconnection will be required
to develop the general framework for operating on the Internet as it continues
to evolve.  Several other application-oriented Internet service providers
have taken this approach successfully with C&S and others in parallel with PSI.

                                   ###

PSI's headquarters are located at 510 Huntmar Park Drive, Herndon, VA 22070.
Canter & Siegel is located at 3333 East Camelback Road, Suite 250,
Phoenix, AZ  85260. 

------------------------------


Subject: SunFlash E-Journal Call for Papers: "UNIX and the Law" Symposium
-------------------------------------------------------------------------

From: troll at sug.org (Alex Newman)

[Excerpted from _The_Flordia_SunFlash:_The_Electronic_Journal_for_Sun_Users_
_Since_1988_, Vol. 66, No. 54, June 1994.]


	Theme:  UNIX and the Law
		Security
		Computers and Privacy
		UNIX and the Government
		Copyrights and Licensing

        The Sun User Group is pleased to announce its First Annual
        Technical Symposium, which will address the important issues of
        legality and morality that face computer users every day.
        Technical papers and presentations concerning this topical
        issue, as well as other topics of interest to the Sun/SPARC
        community, are invited. Manufacturers of computer equipment and
        software based on SPARC/Solaris technology are encouraged to
        participate in this conference with presentations, and
        technical talks.


                           CALL FOR PAPERS

			    SUN USER GROUP
			     First Annual
		     "UNIX and the Law" Symposium

			 November 14-18, 1994
			      Austin, TX



SUG conferences are attended by members from all over the world.  Past
conferences have drawn upwards of 4000 attendees from 43 countries and
43 states.  We expect this timely topic to generate even more interest
than usual.


Submission Guidelines:

Submissions should be in the form of extended abstracts (750 to 1000
words) and be sufficiently complete to allow the committee to
understand and evaluate the submission. Abstracts should include:

  1. 	Author name(s), postal and e-mail address(es), and telephone
	number(s).
  2. 	Presenter name(s), postal and e-mail address(es), and
	telephone number(s).
  3. 	Title of the paper
  4. 	Time needed for presentation/questions. (30,45,60,90 Min.
	time slots)
  5. 	Audio-visual requirements.
  6. 	Student paper entry (Full time students only)

Authors whose submissions are accepted will receive instructions for
the preparation of final papers which will be published in the
conference proceedings. The Presenter will receive one free
registration for the conference.  Any tutorial attendance must be
purchased.

IMPORTANT!  All presentations will require a paper submission for 
            inclusion in the conference proceedings. 

Deadlines:

  Abstracts Due:                        July 8, 1993

  Notifications to Authors:             August 22, 1993

  Final Papers Due:                     September 12, 1993


Student Papers:

There will be an award for the best student paper. Be sure to indicate
with your submission if you are a full time student.  A cash prize and
free registration will be awarded by the Conference Program Committee.

Submit one hardcopy and one electronic copy to the Sun User Group office:

	Sun User Group
	Conference Committee
	1330 Beacon Street
	Suite 315
	Brookline, MA 02146

 Email: office at sug.org   Phone: (617) 232-0514     Fax: (617) 232-1347

The Program Committee will select presentations from among those
submitted.  It includes experts from many areas of the Sun/Sparc
world.  It will be aided by:

S. Lee Henry 		SUG board liaison	Johns Hopkins University
Peter Galvin	 	SUG board liason	Brown University
Alex Newman 		SUG liason		Sun User Group


Possible themes and topics are listed below.  These are only for
reference, however, and all submitted papers will be considered for
presentation at the conference.

Thematic Track
  Topics directly related to the theme of the program: System
  Security; Software law for businessmen; Copyrights vs Copylefts;
  Encryption Sytems; Public and private keys; Clipper chips; Digital
  signatures; Designing software for export; Carjacking on the
  Information Superhighway;

Mini-Tutorials and Q&A
  These sessions should be designed to directly address Sun user's
  needs.  They could include step-by-step guides to administration,
  networking, programming in various tools, and understanding aspects
  of system operation such as performance and utilities.  Q&A sessions
  are important and interesting to attendees because of their
  interactive, problem solving and question-resolving nature.
  Previous talks in this vein have included "securing your
  environment" and "system administration tips and tricks".

System Administration, System Security
  Talks in this area should address the interests of those who have
  been Sun users for a year or more.  Some of the more in-depth
  topics: mixed environments/mixed operating systems, backups,
  PPP/Slip, automounter, perl, tools for problem troubleshooting, and
  remote off-site administration.

Technical Product Information
  This topic provides a chance for vendors to toot their own
  (technical) horns and describe the compelling technical advantages
  of their products.  Panels of competitive products will be assembled
  when it seems appropriate to do so.  No sales-oriented or
  non-technical talks will be accepted.

Alex Newman		Sun User Group		Heus, Cerebre, quid vis 
troll at sug.org		1330 Beacon St.,	facere hac nocte?
(617) 232-0514 voice	Suite #315		Quod semper noctu facimus, 
(617) 232-1347 fax	Brookline, MA 02146	o Rufo. Conari ut mundum 
						superemus!

------------------------------


Subject: "How Do I Get the Most Current EFFector?"
--------------------------------------------------

For those that may have not received an issue due to net.troubles, found
it expired in their newsfeed before they could get to it, or don't wish to
subscribe to the mailing list, EFF Systems Administrator Dan Brown has set
up an infobot (an automated mail reflector, that will send you a file in
response to email) to deliver the current issue of EFFector to you.
Simply send any message to effector-reflector at eff.org (or er at eff.org for
short), and you'll get the latest issue mailed to you.  For ftp users,
ftp.eff.org, /pub/EFF/Newsletters/EFFector/current will always contain the
most recent issue of this newsletter.   Reminder: the info at eff.org infobot
will send you basic EFF info and membership form in response to any email,
while the netguide at eff.org infobot will likewise send you the current
version of EFF's Guide to the Internet, and pgpkey at eff.org will send you
our PGP 2.6 public key for encrypting sensitive messages (e.g. membership
forms that bear a credit card number) to us.  Queries that need answers
from a real live person should be sent to ask at eff.org.

------------------------------


Subject: What YOU Can Do
------------------------

"If you say to people that they, as a matter of fact, can't protect their
conversations, in particular their political conversations, I think you
take a long step toward making a transition from a free society to a
totalitarian society."
  - Whitfield Diffie of Sun Microsystems, world reknowned cryptographer,
    MacNeil/Lehrer News Hour, Thursday, 4/7/94

Who will decide how much privacy is "enough"?

The Electronic Frontier Foundation believes that individuals should be
able to ensure the privacy of their personal communications through any
technological means they choose.  However, the government's current
restrictions on the export of encrytion software have stifled the
development and commercial availability of strong encryption in the U.S. 
Now, more than ever, EFF is working to make sure that you are the one that
makes these decisions for yourself.  Our members are making themselves heard
on the whole range of issues.  To date, EFF has collected over 5000 letters
of support for Rep. Cantwell's bill (HR3627 - Sen. Murray's companion bill
is S1846) to liberalize restrictions on cryptography.  The bill's
provisions, now part of the more general HR3937, will need your
immediate and vocal support to succeed.  We also gathered over 1400 letters
supporting Sen. Leahy's open hearings on the proposed Clipper encryption
scheme, which were held in May 1994.

If you'd like to add your voice in support of the Cantwell bill's
language, which is in danger of being stripped from HR3937, fax the
members of the House Rules Committee [see above for fax number] immediately!

You KNOW privacy is important. You have probably participated in our online
campaigns.  Have you become a member of EFF yet?  The best way to protect
your online rights is to be fully informed and to make your opinions heard.
EFF members are informed and are making a difference.  Join EFF today!

For EFF membership info, send queries to membership at eff.org, or send any
message to info at eff.org for basic EFF info, and a membership form.

------------------------------


Administrivia
=============

EFFector Online is published by:

The Electronic Frontier Foundation
1001 G Street NW, Suite 950 E
Washington DC 20001 USA
+1 202 347 5400 (voice)
+1 202 393 5509 (fax)
+1 202 638 6119 (BBS - 16.8k ZyXEL)
+1 202 638 6120 (BBS - 14.4k V.32bis)
Internet: ask at eff.org
Internet fax gate: remote-printer.EFF at 9.0.5.5.3.9.3.2.0.2.1.tpc.int

     Coordination, production and shipping by:
     Stanton McCandlish, Online Activist/SysOp/Archivist <mech at eff.org>

Reproduction of this publication in electronic media is encouraged.  Signed
articles do not necessarily represent the views of EFF.  To reproduce
signed articles individually, please contact the authors for their express
permission.

To subscribe to EFFector via email, send message body of "subscribe
effector-online" (no quotes) to listserve at eff.org, which will add you a
subscription to the EFFector mailing list.

To get the latest issue, send any message to er at eff.org, and it will be
mailed to you automagically.  You can also get ftp.eff.org,
/pub/EFF/Newsletters/EFFector/current.

------------------------------


Internet Contact Addresses
--------------------------

Membership & donations: membership at eff.org
Legal services: ssteele at eff.org
Hardcopy publications: pubs at eff.org
Technical questions/problems, access to mailing lists: eff at eff.org
General EFF, legal, policy or online resources queries: ask at eff.org





End of EFFector Online v07 #11
******************************

$$




From frissell at panix.com  Mon Jun 27 20:54:26 1994
From: frissell at panix.com (Duncan Frissell)
Date: Mon, 27 Jun 94 20:54:26 PDT
Subject: Review of a Review
Message-ID: <199406280354.AA14016@panix.com>


A new novel, "Black Money" by Michael M. Thomas was reviewed in the Sunday 
and Monday New York Times (both).  It concerns the money laundering of the 
proceeds from the retail pharmaceutical trade.

>From the Monday review:

Black money, says a character ... is "money fleeing regulation, taxation 
or disclosure....Offshore is where it seeks and acquires anonymity.  Of 
course, you must not think of 'offshore' as having a defined physical 
geography, as an exotic setting for a Paul Erdman novel.  Offshore is no 
longer of our geography: it exists in what is called cyberspace, its 
cartography is digital.  You can be in the bar of this very hotel, and if 
you have a palmtop computer and a phone jack you can make yourself every 
bit as 'offshore' as if you were sitting on a Swiss mountaintop or a beach 
on Vanuatu."

Make that a palmtop and a wireless net link...

DCF

"If 5 billion people each have the ability to travel anywhere, buy 
anywhere, sell anywhere, invest anywhere, and communicate with anyone, the 
design of a control regime to rule them quickly becomes an NP complete 
problem." - DCF
--- WinQwk 2.0b#1165                     





From bryner at atlas.chem.utah.edu  Mon Jun 27 20:56:11 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Mon, 27 Jun 94 20:56:11 PDT
Subject: Regional Lists
In-Reply-To: <199406280128.SAA26784@netcom9.netcom.com>
Message-ID: <Pine.3.89.9406272110.A23047-0100000@atlas.chem.utah.edu>


Can I have the address for the following lists?
On Mon, 27 Jun 1994, Timothy C. May wrote:
> -meeting plans, or somesuch, devoted to planning regional meetings
> -Hardware Punks (for those interested in RNGs, phones, boxes, etc.)
> -Lib Tech or Tech Lib (Nick Szabo)
Roger.





From bryner at atlas.chem.utah.edu  Mon Jun 27 20:59:38 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Mon, 27 Jun 94 20:59:38 PDT
Subject: Archives?
In-Reply-To: <199406280236.TAA06928@netcom.netcom.com>
Message-ID: <Pine.3.89.9406272130.A23047-0100000@atlas.chem.utah.edu>


On Mon, 27 Jun 1994, Norman Hardy wrote:

> At 13:21 1994/06/22 -0600, Roger Bryner wrote:
> >Hello, 
> >Are there archives for this mailing list?
> ...
> Probably at NSA.
Hey, I would really like to see some of the old postings, is there any 
chance of aquireing them via an FOI request, after all, they are public 
anyway, giving them in their raw form would reveal nothing having to do 
with national security.

Right?:-)

P.S. Thanks for the pointers.

Roger,  Mad Dog Libertarian, Bryner.





From nobody at shell.portal.com  Mon Jun 27 21:17:49 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Mon, 27 Jun 94 21:17:49 PDT
Subject: Sternlight and Stokes
Message-ID: <199406280424.VAA02077@jobe.shell.portal.com>


> Has anyone else noticed that David Sternlight has been quiet for the past
> two weeks or so?

> I hope he's not like you-know-who in that mentioning his name summons the
> fiend.

Coincidentally, or maybe not, a fellow named Ralph Stokes 
(Ralph.Stokes at f1611.n375.z1.fidonet.org) has been mentioning 
"you-know-who" by name all over the net in his now infamous 
"Beware of Roman Catholic Corruption" spam, and accusing all 
matter of people of being in league with him.

You don't suppose that, with Sternlight's disappearance and 
Stokes' appearance that ... nah, forget it...






From fasttech!zeke at uu4.psi.com  Mon Jun 27 21:19:25 1994
From: fasttech!zeke at uu4.psi.com (Bohdan Tashchuk)
Date: Mon, 27 Jun 94 21:19:25 PDT
Subject: "military" one-time-pad generation
Message-ID: <9406280416.AA24558@fasttech>


While we're on the topic of random numbers, etc., this is what I was told
a long time ago about military OTPs. I don't know if this OTP generation
was by NSA or by one of the military forces itself. And, as this information
is at least 10 years old, who knows if this is how it's still done. And maybe
it was disinformation, and never done this way.

Anyway, there was supposedly a heavily shielded room which had equipment
that used radioactive decay to generate random numbers. Apparently it was
pretty automated and the thing basically spit out pairs of paper OTP pads
that were already prewrapped in tamperproof packaging.

To me, this makes more sense than Clancy's "atmospheric noise" hypothesis.
But then, Clancy was generating entire CD's worth of bits, which would
certainly need orders of magnitude more bits than actual paper pads.






From tcmay at netcom.com  Mon Jun 27 22:16:43 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Mon, 27 Jun 94 22:16:43 PDT
Subject: Regional Lists
In-Reply-To: <Pine.3.89.9406272110.A23047-0100000@atlas.chem.utah.edu>
Message-ID: <199406280548.WAA05758@netcom4.netcom.com>


> 
> Can I have the address for the following lists?
> On Mon, 27 Jun 1994, Timothy C. May wrote:
> > -meeting plans, or somesuch, devoted to planning regional meetings
> > -Hardware Punks (for those interested in RNGs, phones, boxes, etc.)
> > -Lib Tech or Tech Lib (Nick Szabo)
> Roger.

I guess I didn't make myself clear: these lists are so low in
traffic--or no traffic--that I don't even know their precise name, let
alone their address. Sorry.

But the operators of these lists can, if they see these messages,
comment.

The "meetings plans" list was set up by Eric Hughes to cope with the
dialog involving upcoming meetings in non-Bay Area sites. A flurry of
messages in April and May, but nothing in June--and I heard nothing
about LA, DC, Boston, Colorado, Seattle, or London meeting in June.
The soda site may have info.

The hardware punks list was formed more than a year ago. I have no
idea who was involved.

Nick Szabo set up the "Lib Tech" or "Tech Lib" list. His address is
szabo at netcom.com. I've only seen a few messages on it.

Which brings me to why all these "secondary" list fail. Someone gets
enthused about random number generators and proposes a list (yes, this
has happened at least twice). Or a "Stealth PGP" list. Or whatever.
Sometimes the lists even are formed.

But without a critical mass of posts, interest wanes. The addresses
are forgotten (hell, look how many people can't remember the
majordomo at toad.com address!), the list dies. Plus, there's just not a
big call for a "hardware list," given that only a few folks are
working on hardware. (If you think that this is in fact a _reason_ for
them to form a sublist, you need to think about things some more.)

In any case, active sublists should be mentioned periodically here.
Else why bother?

I only know of a few active or semi-active lists:

* The Extropians list. Instructions have changed (I think) since I was
last on it, so I won't offer it here.

* The "Digital Anarchy" list. digianarch at aol.com, as of 1994-04-17.
May have changed recently. (I've been on it since the start, but find
it fairly tedious and lacking the piquancy that crypto gives our
list....their list has a bunch of folks debating anarchy and how "free
access to the Net" will be provided.)

* Surfpunk List. Strick's personal zine, usually resending stuff from
our list or related lists. surfpunk at versant.com.


--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From edgar at spectrx.sbay.org  Tue Jun 28 00:08:53 1994
From: edgar at spectrx.sbay.org (Edgar W. Swank)
Date: Tue, 28 Jun 94 00:08:53 PDT
Subject: Lotto odds
Message-ID: <N8amoc2w165w@spectrx.sbay.org>


Tim May said,

    ...As for lotto, simple calculations tell anyone that the best way
    to win is not to play.  The return _at best_ is 30 or 40 cents on
    the dollar, with the rest going to all the various programs the
    lotto is supposed to support.  The more you play, the more you
    lose.

Actually, if memory serves, the CA Lotto claims to return 50% of
income in prizes with the remainder divided between schools and
"administration."  Better than 30-40, but still worse than odds on any
casino game or even the "numbers racket" run by organized crime.

However, one can improve the percentage by only playing lotto after 1
or more games where there was no perfect match, as often happens,
where some of the prize money is carried over to the next game, and so
on, until eventually somebody wins the grand prize.

After some number "x" of passed games, the odds turn in favor of the
player; but not by too much since this is just when large numbers of
people play and if more than one perfect ticket is played, the prize
is split.

Calculation of "x" is not "simple", since you also have to figure in
the 20-year (with no interest) payout of large prizes.

One other tip for lotto players:  Never mark your ticket with any
recognizable pattern.  The random "quick pick" is probably best.
Reason: A pattern is equally likely to be picked at random as a "quick
pick" but much -more- likely to also be picked by some other schmuck.
So if your pattern pick wins, you're more likely to have to split the
prize.

--
edgar at spectrx.sbay.org (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Cupertino, Ca






From edgar at spectrx.sbay.org  Tue Jun 28 00:09:50 1994
From: edgar at spectrx.sbay.org (Edgar W. Swank)
Date: Tue, 28 Jun 94 00:09:50 PDT
Subject: Use of large Keys
Message-ID: <18amoc3w165w@spectrx.sbay.org>


-----BEGIN PGP SIGNED MESSAGE-----

Roger Bryner said,

    ...You should always take some reasonable ammount of time(say 5
    min) to encrypt your most sensitive messages, even if you have a
    12 crays and a connection machene.  The algorithim can be viewed
    as giving you an economic advantage, and worying over spending
    $.01 vs $.0001 is not just stingy, it is dangerous.

I disagree.  The problem is not time to ENcrypt, which is not much
greater for large keys than small ones. This is because the ENcryption
exponent is usually a small number, like 17.  The problem is the time
for your recipient to DEcrypt.  On my 386/SX 16mz, DEcrypting a msg
with a 4096-bit key takes 5-10 minutes.  I have a report that a
Pentium takes about 1.5 minutes. During that 5-10 minutes, many
recipients will not sit there watching grass grow, but will leave the
PC unattended to do something else.  If during that time Janet Reno's
storm troopers break through the front door, your recipient may not
have time to power-off the PC and PGP will deliver your plaintext
message right into JR's hands!  Thus in some cases use of a large key
can -reduce- security of your msg.

I haven't worked out the math, but I suspect that an 8000-bit key
is completely impractical for use on any desktop machine.

At this time, open use of a large key marks you as not using an MIT
version of PGP, thus making you a target of RSA.  This is easily
avoided by exchanging large keys and messages encrypted with large
keys "inside an envelope" of 1024-bit key encryption.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLg6Mjd4nNf3ah8DHAQErZwP/RiKYC+iTX61iuNV/a8Ga1H3Cz1M/r1iL
0gYiHId1QckiKcWMt1f9XwbT4TpY9OWrVKb7wK1N94nKQq7T56eg/fuoEC4e2TlL
j5WXHX8S5SEUPWpTeU0V2XsnYeojsyBCHh8keVcDROr6nBZmxACmSxWEFMTjYfUf
3x8YdS2ThoE=
=0CI+
-----END PGP SIGNATURE-----

--
edgar at spectrx.sbay.org (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Cupertino, Ca






From catalyst-remailer at netcom.com  Tue Jun 28 00:11:16 1994
From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com)
Date: Tue, 28 Jun 94 00:11:16 PDT
Subject: NSA Agents Threaten to Kill Bidzos of RSA? (fwd)
Message-ID: <199406280711.AAA20901@mail.netcom.com>


Another interesting part of this article (Monday San Jose Mercury
News) quotes Lynn McNulty of NIST saying  that they explicitly 
chose DSS as the FIPS digital signature standard in order to
discourage use of RSA.   It looks like Bidzos has a clear 
case for a restraint of trade lawsuit.

Bidzos would also be well advised to tape record any future
conversations he has with NSA officials.






From tcmay at netcom.com  Tue Jun 28 00:38:45 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Tue, 28 Jun 94 00:38:45 PDT
Subject: Lotto odds
In-Reply-To: <N8amoc2w165w@spectrx.sbay.org>
Message-ID: <199406280738.AAA19633@netcom11.netcom.com>


Edgar Swank wrote:

> Tim May said,
> 
>     ...As for lotto, simple calculations tell anyone that the best way
>     to win is not to play.  The return _at best_ is 30 or 40 cents on
>     the dollar, with the rest going to all the various programs the
>     lotto is supposed to support.  The more you play, the more you
>     lose.
> 
> Actually, if memory serves, the CA Lotto claims to return 50% of
> income in prizes with the remainder divided between schools and

Maybe, but the state has a wonderful scam of paying off a "5 million
dollar jackpot" over 20 years; the true value (what the same deal
would cost you to buy as an annuity) is less than $5 M, possibly much
less. If private outfits did this, they'd be jailed.

> "administration."  Better than 30-40, but still worse than odds on any
> casino game or even the "numbers racket" run by organized crime.
              ^^^^^^^
"Or even"? The numbers games almost always have much better odds than
the State pays...that's one reason for their popularity (another is
tax avoidance).

> Calculation of "x" is not "simple", since you also have to figure in
> the 20-year (with no interest) payout of large prizes.

Oh, I see you mentioned this scam. (Calculation should still be
simple, as any spreadsheet can handle discounted present values and
the like.)

> One other tip for lotto players:  Never mark your ticket with any

I've never played, and never plan to. Money down the drain.

On the other hand, I play the stock market, and my losses in one day
probably dwarf the lottery ticket losses of a small town. But I win
more than I lose, because the stock market is not a zero sum game.

Sorry for talking about non-crypto things here, but volume on the
Cypherpunks list has remained abnormally low since the rolling outages
of a couple of weeks ago...I suspect we lost some folks.

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From devans at hclb.demon.co.uk  Tue Jun 28 04:15:54 1994
From: devans at hclb.demon.co.uk (Dave Evans)
Date: Tue, 28 Jun 94 04:15:54 PDT
Subject: Brits propose internet voting
In-Reply-To: <199406280001.UAA04655@zork.tiac.net>
Message-ID: <772830783snx@hclb.demon.co.uk>


In article <199406280001.UAA04655 at zork.tiac.net> you write:
> The brits have the "american" disease, only they've done us one better.
> 
> I just got through listening to the BBC World Service.  It seems that some
> official commission or other over there proposed the Information
> Infrastructure thang with a couple of twists: polling and elections.  They


You can find a copy of the Central Computer and Telecommunications Agency
report at ftp.demon.co.uk in directory /pub/doc/ccta file Report1.txt

The CCTA is the Government agency which deals with procurement of all
computer and telecommunications services.







From werner at mc.ab.com  Tue Jun 28 04:24:50 1994
From: werner at mc.ab.com (tim werner)
Date: Tue, 28 Jun 94 04:24:50 PDT
Subject: Sternlight
Message-ID: <199406281125.HAA12740@sparcserver.mc.ab.com>


>Date: Mon, 27 Jun 1994 17:03:59 -0500
>From: "Bill O'Hanlon" <wmo at digibd.com>
>Content-Length: 308
>Sender: owner-cypherpunks at toad.com
>Precedence: bulk
>
>Has anyone else noticed that David Sternlight has been quiet for the past 
>two weeks or so?

Sternlight does not belong to this list.  Why are you looking for him here?

tw





From werner at mc.ab.com  Tue Jun 28 04:31:15 1994
From: werner at mc.ab.com (tim werner)
Date: Tue, 28 Jun 94 04:31:15 PDT
Subject: Lotto odds
Message-ID: <199406281133.HAA12751@sparcserver.mc.ab.com>


>From: edgar at spectrx.sbay.org (Edgar W. Swank)
>Date: Mon, 27 Jun 94 23:43:46 PDT
>
>One other tip for lotto players:  Never mark your ticket with any
>recognizable pattern.  The random "quick pick" is probably best.
>Reason: A pattern is equally likely to be picked at random as a "quick
>pick" but much -more- likely to also be picked by some other schmuck.
>So if your pattern pick wins, you're more likely to have to split the
>prize.


Another hot tip: use at least 1 number greater than 31, so you don't have
to share with people who use family members' birthdays.

Or, like I told my sister: "The best number is 1-2-3-4-5-6", to which she
replied, "But that'll NEVER hit!".

tw





From roy at sendai.cybrspc.mn.org  Tue Jun 28 04:57:47 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Tue, 28 Jun 94 04:57:47 PDT
Subject: Lotto odds
In-Reply-To: <199406280738.AAA19633@netcom11.netcom.com>
Message-ID: <940628.065526.5S6.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, tcmay at netcom.com writes:

> Maybe, but the state has a wonderful scam of paying off a "5 million
> dollar jackpot" over 20 years; the true value (what the same deal
> would cost you to buy as an annuity) is less than $5 M, possibly much
> less. If private outfits did this, they'd be jailed.

Jailed?  Publisher's Clearing House, American Family Puublishers and
Reader's Digest have done this for years.
- -- 
Roy M. Silvernail --  roy at sendai.cybrspc.mn.org
                   "I'm a family man, model citizen."
                                      -- Warren Zevon

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLhAQCBvikii9febJAQEVeAP8CrFQtDidBx2g3u/d3q8jpYNtRs9gzOvb
OZg6FIou15ImoxqHEA6VVMQq9DPgvkaC2ypPg36XbeSyq7fF3xvIppjqkPMxKkSv
37ZYAgjPeVU0affqtMbEG4DESstNOByGSisJG6v1dIS/tmGYDGz4CqST1TL58VMZ
0hc/sOUPkzY=
=Mr0c
-----END PGP SIGNATURE-----






From perry at imsi.com  Tue Jun 28 05:02:47 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 28 Jun 94 05:02:47 PDT
Subject: Is the NSA really competent?
In-Reply-To: <199406271559.IAA12568@netcom2.netcom.com>
Message-ID: <9406281208.AA10223@snark.imsi.com>



catalyst-remailer at netcom.com says:

> There is no evidence that the NSA knows about _any_ fundamental
> technique that has not been published in the literature.

Thats naive. They knew about differential cryptanalysis, and likely
linear and related key attacks, twenty years before the open
literature did. The notion that there is nothing else that they have
up their sleeves doesn't ring true.

The NSA has a large budget, and lots of extremely smart people.

  Nor is there any evidence (save the hearsay about S-boxes, which
> were actually developed at IBM) that they have made any major
> contribution to the science of cryptography, despite the massive
> resources they throw into it.

Ahem. It is painfully obvious from the few bits and pieces of
information we glean to this day from repeated study of DES that they
know far, far more than we do about how to attack conventional
ciphers. It is unlikely that they haven't applied any of their skill
to public key techniques. There is no evidence that NSA cryptographers
aren't at least as smart as the ones out in the field, and they have a
tremendous head start and lots of practical experience that none of us
have.


Perry





From perry at imsi.com  Tue Jun 28 05:09:40 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Tue, 28 Jun 94 05:09:40 PDT
Subject: NSA and competence
In-Reply-To: <199406272109.OAA21819@jobe.shell.portal.com>
Message-ID: <9406281215.AA10235@snark.imsi.com>



nobody at shell.portal.com says:
> OTOH, one need not assume that everyone at NSA is a rocket scientist and
> that they are miles ahead of us in this game.

Well, the concrete evidence thus far is that they are ahead of us.

> The long undistinguished history of federal agencies shows them to
> be full of incompetence, waste and usually gross fraud as
> well.

Sure. However, ten billion dollars spent at only 25% efficiency is
still 2.5 billion dollars. They have plenty of money, and EXTREMELY
smart people. Bob Morris isn't a weenie. Neither are any of the other
NSAoids I know of. That, and the concrete evidence that they are
probably twenty years ahead of us, leads me to believe that it is
stupid to underestimate them.

Perry





From jya at pipeline.com  Tue Jun 28 06:08:55 1994
From: jya at pipeline.com (John Young)
Date: Tue, 28 Jun 94 06:08:55 PDT
Subject: NSA Agents Threaten to Kill Bidzos of RSA?
Message-ID: <199406281311.JAA23687@p03.pipeline.com>


There is a lead article in the New York Times Business Section 
today on Bidzos and RSA.  It reviews current crypto, RSA, NSA 
and others.

If there is interest I will transcribe the article for this 
forum.


John





From jim at bilbo.suite.com  Tue Jun 28 09:34:23 1994
From: jim at bilbo.suite.com (Jim Miller)
Date: Tue, 28 Jun 94 09:34:23 PDT
Subject: Lotto odds
Message-ID: <9406281550.AA20176@bilbo.suite.com>



Tim May writes:

>I've never played, and never plan to. Money down the drain.

I have a completely different attitude towards mega-buck lotteries.  I  
seem them as a form of entertainment.   For less than the price of a two  
hour movie, I can purchase a ticket that is good for a few days of  
daydreaming.

Yes, I admit it, although the rational portion of my brain understands the  
odds against winning are mostly zero, there still exists a portion of my  
brain that says "sure, but mostly zero means partly non-zero".  I derive  
pleasure from the daydreams of instant wealth that mega-buck lotteries  
make possible.  Therefore, for me, it's not money down the drain.

Jim_Miller at suite.com


ObC'punk:

[regarding export of crypto]

	"That the arguments they are hearing about American companies
	are unproven, and that no single case of a problem has been
	documented (in his view)."
	
What's the official government form I need to fill out to prove loss of  
revenue from an inability to export a version of our product that was  
never produced since we knew in advance we would not be able to export it?






From KillBarny at aol.com  Tue Jun 28 09:34:42 1994
From: KillBarny at aol.com (KillBarny at aol.com)
Date: Tue, 28 Jun 94 09:34:42 PDT
Subject: Markoff/NSA/RSA
Message-ID: <9406281200.tn117415@aol.com>


Here's something to put in your FYI files...

6/28:PROFIT AND EGO IN DATA SECRECY

By JOHN MARKOFF

c.1994 N.Y. Times News Service

REDWOOD CITY, Calif. - If the web of thousands of computer networks around
the world can be thought of as an information superhighway, then Jim Bidzos
is one of its best-placed toll takers. Bidzos expects to become very rich -
unless the government has its way.

As president of a Silicon Valley company called RSA Data Security Inc.,
Bidzos, 39, controls the patents for software crucial to scrambling and
unscrambling computer messages so they can be sent confidentially.

Just about anyone using a computer network - whether for sending personal
messages, filing taxes electronically, or shopping from home with a credit
card - would want such confidentiality.

On the strength of its coding technology, RSA has sold more than four million
copies of its software, and it has won wide support from industry giants like
Apple Computer, AT&T, IBM, Lotus Development, Microsoft, Motorola, Northern
Telecom, Novell and Sun Microsystems.

Until recently cryptography, the science of sending secret messages, was a
province generally populated by the armed forces, governments and their
spies. But with the rise of commercial computer networks, cryptography has
become an essential ingredient in information-age services.

RSA's software is based on an innovation in cryptography that permits people
to exchange private messages without actually getting together beforehand and
arranging a secret password.

In the past, cryptography required that the two parties to a communication
first meet to exchange a large number that enabled them to encode and decode
messages.

RSA's system employs two keys, one for encoding a message, known as a public
key, and another for decoding it, called a private key. People who wish to
receive secret messages can freely distribute their public key, which enables
senders to encode a message. Only with the private key can the message be
decoded.

A company selling products on-line, for instance, might make its public key
widely available, which would enable customers to send in a coded message
containing their credit card numbers that could not be intercepted and read
by others. The company could decode those messages with its private key,
which has a mathematical relationship to the public one.

The government fears that should the RSA system become available abroad, it
would lose its ability to eavesdrop and wiretap in cases involving risks to
national security.

It would much prefer that the global standard be based on its own Clipper
encryption standard, which has a "backdoor" that law enforcement officials
can peek through.

Precisely because the RSA method has no backdoor, it is the choice of
industry.

But to some government officials, Bidzos is nothing short of a scheming
businessman.

"The government would like him not to exist," said Jeffrey Schiller, a
computer manager at Massachusetts Institute of Technology, who has negotiated
a licensing deal with Bidzos.

And Stuart Baker, who until several weeks ago was chief counsel of the
National Security Agency, observed, "My sense is that his motivation is no
more than trying to convince people to buy his products."

Officials at the National Institute of Standards and Technology, another
federal agency, say they want to create a standard that is not beholden to
the patents of one small company. And the National Security Agency and the
Justice Department want a standard that will allow law enforcement agencies
to eavesdrop on suspected criminals or violators of national security.

>From Bidzos' perspective, Washington remains bound up in a cold war
mentality, and should simply get out of the way and let RSA Data go about its
business. What is more, he complains, any number of foreign companies are
developing encryption techniques just as hard to crack as his, so the
government's efforts to keep him from exporting his software are useless, and
perhaps counterproductive.

Notwithstanding the official concerns, RSA has developed a loyal following
among a wide range of computer, communications and software companies.

"They have the strongest technology and the best reputation in the
cryptography business," said William Ferguson, vice president of Semaphore
Inc., a maker of data-scrambling systems that licenses RSA's software.

Adding spice to this dispute is Bidzos' ability to outmaneuver the
government, most recently by snatching a crucial patent from under the noses
of officials who were planning to use it in an official standard they are
trying to establish.

Several years ago, two top computer scientists from the National Institute of
Standards and Technology traveled to Europe to meet with a German
mathematician, Claus Schnorr, who holds a key patent that the government's
coding system may violate.

When they returned to the United States, the scientists told their superiors
that the United States should license Schnorr's patent. But Washington was
slow to act.

So in March 1993, while Bidzos was on a trip to France, he met with Schnorr
for a four-hour lunch. By the end of the meal, Bidzos had a deal to use
Schnorr's patent.

Despite Bidzos' high profile in the world of encryption, RSA's revenue is
small - somewhere between $5 million and $10 million annually. But analysts
say that the company has the ability to grow substantially.

"They have a huge opportunity in the Internet," said Lisa Thorell, a
researcher at Dataquest in San Jose, Calif., referring to the global web of
computer networks that is regarded as a working but primitive model of a
global data highway.

RSA is also playing an increasing role in the $500 million
secure-communications business for equipment that permits safe financial
transactions and voice and data communications.

The issue clouding the future of the company is how severely it will suffer
from export controls and competing standards backed by the National Security
Agency. Last month the government made its own competing standard for signing
electronic documents mandatory for all federal agencies, and declared that
the digital signature standard, as it is known, did not violate RSA's
technology.

Bidzos thinks that Washington is infringing his patents, and, eventually, the
strength of his patent claims will be tested in court. Rather then sue the
government, Bidzos is likely to start with one of the small companies, like
Group Technologies Corporation in Tampa, that is making components under a
government contract, industry executives say.

Bidzos, who is a Greek citizen and a permanent resident of the United States,
was working at a small international marketing firm in 1985 when he decided
to move from Florida to the Silicon Valley to help a friend save a failing
business.

"I wanted to do deals and stay in luxury hotels," he said recently at his
office here. "I had no idea I'd be in the center of a political whirlwind."

When Bidzos joined the company in 1986, RSA was a shoestring operation about
to go into bankruptcy. With his help, RSA struck a deal with Lotus
Development in 1987, in which the software giant agreed to advance money for
the right to include RSA software in Lotus Notes, a program designed for work
groups of office employees.

A year later RSA was presented with an offer to be acquired by Rupert Murdoch
in a multimillion-dollar deal. A Murdoch subsidiary, the News Data
Communications Corp., was developing technology for Murdoch's Sky TV. So in
1988 Bidzos flew twice to Britain to attempt to negotiate a deal, but the
sides were far apart on price.

He says the offers to buy RSA still roll in. "I've received no less than five
firm, written offers in the last two years," he said.

He also says he doesn't think that the government can regain the upper hand
in the cryptography wars.

"They've fired every weapon they have at us now, and we're stronger than
ever," Bidzos said. "All they can do is try and get RSA legislated out of
business, and that will never happen, in my opinion."







From jya at pipeline.com  Tue Jun 28 09:35:19 1994
From: jya at pipeline.com (John Young)
Date: Tue, 28 Jun 94 09:35:19 PDT
Subject: NY Times on Bidzos and RSA
Message-ID: <199406281540.LAA18873@p03.pipeline.com>


>From The New York Times, June 28, 1994, pages D1, D5:

"Profit and Ego in Data Secrecy" [headline].

By John Markoff.  Special to The New York Times.

REDWOOD CITY, Calif., June 27 --

If the web of thousands of computer networks around the world 
can
be thought of as an information superhighway, then Jim Bidzos 
is
one of its best-placed toll takers.  Mr. Bidzos expects to 
become
very rich -- unless the Government has its way.

As president of a Silicon Valley company called RSA Data 
Security Inc., Mr. Bidzos,
39, controls the patents for software crucial to scrambling and 
unscrambling computer
messages so they can be sent confidentially.

Just about anyone using a computer network -- whether for 
sending personal
messages, filing taxes electronically, or shopping from home 
with a credit card --
would want such confidentiality.

On the strength of its coding technology, RSA has sold more 
than four million copies
of its software, and it has won wide support from industry 
giants like Apple Computer,
I.B.M., Lotus Development, Microsoft, Motorola, Northern 
Telecom, Novell and Sun
Microsystems.

Not Just for Spies Anymore [subhead]

Until recently cryptography, the science of sending secret 
messages, was a province
generally populated by the armed forces, governments and their 
spies.  But with the
rise of commercial computer networks, cryptography has become 
an essential
ingredient in information-age services.

RSA's software is based on an innovation in cryptography that 
permits people to
exchange private messages without actually getting together 
beforehand and
arranging a secret password.  In the past, cryptography 
required that two parties to a
communication first meet to exchange a large number that 
enabled them to encode
and decode messages.

RSA's system employs two keys, one for encoding a message, 
known as a public key,
and another for decoding it, called a private key.  People who 
wish to receive secret
messages can freely distribute their public key, which enables 
senders to encode a
message.  Only with the private key can the message be decoded.

A company selling products on-line, for instance, might make 
its public key widely
available, which would enable customers to send in a coded 
message containing their
credit card numbers that could not be intercepted and read by 
others.  The company
could decode those messages with its private key, which has a 
mathematical
relationship to the public one.

The Government fears that should the RSA system become 
available abroad, it would
lose its ability to eavesdrop and wiretap in cases involving 
risks to national security.  It
would much prefer that the global standard be based on its own 
Clipper encryption
standard, which has a "backdooor" that law enforcement 
officials can peek through.

Precisely because the RSA method has no backdoor, it is the 
choice of industry.

But to some government officials, Mr. Bidzos is nothing short 
of a scheming
businessman.

"The Government would like him to not exist," said Jeffrey I. 
Schiller, computer
manager at Massachusetts Institute of Technology, who has 
negotiated a licensing
deal with Mr. Bidzos.

And Stuart Baker, who until several weeks ago was chief counsel 
of the National
Security Agency, observed, "My sense is that his motivation is 
no more than trying to
convince people to buy his products."

Officials at the National Institute of Standards and 
Technology, another Federal
agency, say they want to create a standard that is not beholden 
to the patents of one
small company.  And the National Security Agency and the 
Justice Department want a
standard that will allow law enforcement agencies to eavesdrop 
on suspected
criminals or violators of national security.

Conventional Wisdom [subhead]

>From Mr. Bidzos's perspective, Washington remains bound up in a 
cold war mentality,
and should simply get out of the way and let RSA Data go about 
its business.  What
is more, he complains, any number of foreign companies are 
developing encryption
techniques just as hard to crack as his, so the Government's 
efforts to keep him from
exporting his software is useless, and perhaps 
counterproductive.

Notwithstanding the official concerns, RSA has developed a 
loyal following among a
wide range of computer, communications and software companies.  

"They have the
strongest technology and the best reputation in the 
cryptography business," said
William Ferguson, vice president of Semaphore, Inc., a maker of 
data-scrambling
systems that licenses RSA's software.

Adding spice to this dispute is Mr. Bidzos's ability to 
outmaneuver the Government,
most recently by snatching a crucial patent from under the 
noses of officials who were
planning to use it in an official standard they are trying to 
establish.

Several years ago, two top computer scientists from the 
National Institute of Standards
and Technology traveled to Europe to meet with a German 
mathematician, Claus
Schnorr, who holds a key patent that the Government's coding 
system may violate.

When they returned to the United States, the scientists told 
their superiors that the
United States should license Mr. Schnorr's patent.  But 
Washington was slow to act.

So in March 1993, while Mr. Bidzos was on a trip to France, he 
met with Mr. Schnorr
for a four-hour lunch.  By the end of the meal, Mr. Bidzos had 
a deal to use Mr.
Schnorr's patent.

Despite Mr. Bidzos's high profile in the world of encryption, 
RSA's revenue is small --
somewhere between $5 million and $10 million annually.  But 
analysts say that the
company has the ability to grow substantially.

"They have huge opportunity in the Internet," said Lisa 
Thorell, a researcher at
Dataquest in San Jose, Calif., referring to the global web of 
computer networks that is
regarded as a working but primitive model of a global data 
highway.

RSA is also playing an increasing role in the $500 million 
secure-communications
business for equipment that permits safe financial trasnactions 
and voice and data
communications.

A Question of Patents [subhead]

The issue clouding the future of the company is how severely it 
will suffer from export
controls and competing standards backed by the National 
Security Agency.  Last
month the Government made its own competing standard for 
signing electronic
documents mandatory for all Federal agencies, and declared that 
the digital signature
standard, as it is known, did not violate RSA's technology.

Mr. Bidzos thinks that Washington is infringing his patents, 
and, eventually, the
strength of his patent claims will be tested in court.  Rather 
then (sic) sue the
Government, Mr. Bidzos is likely to start with one of the small 
companies, like Group
Technologies Corporation, in Tampa, that is making components 
under a Government
contract, industry executives say.

Mr. Bidzos, who is a Greek citizen and a permanent resident of 
the United States, was
working at a small international marketing firm in 1985 when he 
decided to move from
Florida to the Silicon Valley to help a friend save a failing 
business.

"I wanted to do deals and stay in luxury hotels," he said 
recently at his office here.  "I
had no idea I'd be in the center of a political whirlwind."

When Mr. Bidzos joined the company in 1986, RSA was shoestring 
operation about to
go into bankruptcy.  With his help, RSA struck a deal with 
Lotus Development in 1987,
in which the software giant agreed to advance money for the 
right to include RSA
software in Lotus Notes, a program designed for work groups of 
office employees.

A year later RSA was presented with an offer to be acquired by 
Rupert Murdoch in a
multimillion-dollar deal.  A Murdoch subsidiary, the News Data 
Communications
Corporation, was developing technology for Mr. Murdoch's Sky 
TV.  So in 1988 Mr.
Bidzos flew twice to Britain to attempt to negotiate a deal, 
but the sides were far apart
on price.

He says the offers to buy RSA still roll in.  "I've received no 
less than five firm, written
offers in the last two years," he said.

He also says he doesn't think that the Government can regain 
the upper hand in the
cryptography wars.

"They've fired every weapon they have at us now, and we're 
stronger than ever," Mr.
Bidzos said.  "All they can do is try to get RSA legislated out 
of business, and that will
never happen, in my 
opinion."





From sandfort at crl.com  Tue Jun 28 09:35:33 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 28 Jun 94 09:35:33 PDT
Subject: Lotto odds
In-Reply-To: <940628.065526.5S6.rusnews.w165w@sendai.cybrspc.mn.org>
Message-ID: <Pine.3.87.9406280859.A19197-0100000@crl2.crl.com>


C'punks,

On Tue, 28 Jun 1994, Roy M. Silvernail wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> In list.cypherpunks, tcmay at netcom.com writes:
> 
> > Maybe, but the state has a wonderful scam of paying off a "5 million
> > dollar jackpot" over 20 years; the true value (what the same deal
> > would cost you to buy as an annuity) is less than $5 M, possibly much
> > less. If private outfits did this, they'd be jailed.
> 
> Jailed?  Publisher's Clearing House, American Family Puublishers and
> Reader's Digest have done this for years.

I don't think so.  While they now engage in this questionable practice,
I don't think they've been doing for more than 2-3 years.  If I had to
guess, I would think they only feel safe in doing so because the states
have already established a legal precedent with their lotterys.  They (the
states) would be hard pressed to make a distinction between their annuity
funded 20 year payoffs and those of Publisher's Clearing House.  Thus the 
State's corruption taints the free market.


 S a n d y











From wmo at digibd.com  Tue Jun 28 09:35:46 1994
From: wmo at digibd.com (Bill O'Hanlon)
Date: Tue, 28 Jun 94 09:35:46 PDT
Subject: Sternlight
In-Reply-To: <199406272313.QAA11090@netcom4.netcom.com>
Message-ID: <9406281517.AA06694@poe.digibd.com>


On Mon, 27 Jun 1994 16:13:13 -0700 (PDT)  Timothy C. May wrote:
--------
> 

> No, Sternlight has in fact posted a number of incisive articles--which
> I publically agreed with--in the cpsr and eff groups. His analysis of
> the public funding of a "free lane on the information highway" was
> accurate (he's opposed). And Sternlight and Carl Kadie have been
> debating the competing approaches to 'wiring the home,' with
> Sternlight arguing for a common carrier, "video dialtone" approach
> instead of a TCI "500 channels of what we think you want" approach.
> 
> [Don't agree or disagree _here_, as I'm only giving a thumbnail sketch
> of the debate.]
> 
> I find myself agreeing with some things Sternlight says, and I
> certainly find polite debate with him more rewarding than exchanging
> stupid insults. (Not saying Bill did here, of course, just saying many
> people seem to think debating with Sternlight means calling him clever
> names like "Sterndark," "Sterno," and "UnProfessor." Not quite.)
> 
> --Tim May
> 

Oooh.  Thank you, Tim.  This is exactly the kind of response I'd half hoped
for, and didn't think I'd get.  I was hoping someone HAD seen Sternlight, and
that he hadn't just been out of town or something.  It cheers me that he is
around but not prodding people on newsgroups that I am interested in.  There's
hope that his crypto-noise will die down, then.

I don't always disagree with him, either, but I don't like what the results are
once he takes a position on a news group.  Once, I talked (via email) him into
not posting to sci.crypt, for no other reason than because there were people
who had an emotional investment in putting him down, and the resulting 
arguments had nothing to do with sci.crypt.


Hmm.  As an attempt to legitimize this note in the crypto sense, does anyone
have an opinion as to whether or not I should upgrade the version of PGP I'm
using for the remailer at rebma.mn.org?  I'm using 2.3a, currently.

-Bill





From dave at marvin.jta.edd.ca.gov  Tue Jun 28 09:36:00 1994
From: dave at marvin.jta.edd.ca.gov (Dave Otto)
Date: Tue, 28 Jun 94 09:36:00 PDT
Subject: Bidzos and the NSA
Message-ID: <9406281529.AA17145@marvin.jta.edd.ca.gov>



posted to talk.politics.crypto in response to Tim's article...

-----BEGIN PGP SIGNED MESSAGE-----

  I think the issue, at this point, is not so much whether the NSA goons
actually threatened his life, but that they have consistently attempted to
suppress crypto anyway they can.  That the NSA has tried to intimidate
Bidzos is no secret.  That the NSA considers PGP a threat to their domain
is also well known.

  Given that the purpose of the ITAR restrictions appear to be to prevent
an international standard from forming, I think we need to refocus on the
issue of presenting strong crypto as "a right", inevitable, and ubiquitous.

  CPSR and EFF are doing an admirable job of taking the fight to the beltway;
but outside the net, the grass roots support just isn't there.  As has been
pointed out by PRZ et al., the primary reason to avoided hacks to PGP is
that doing so fragments what standards we have now.  The release of the
MIT PGP was the first step in legitimizing cryptography.  The next step is
to install interoperable crypto on EVERY box out there.  While I don't
advocate bypassing your local sysadmin, try to get PGP installed on each
machine you touch.  Use 2.6 (MIT in U.S., _ui_ elsewhere).  Publish your
key.  Tell your friends.  Annoy your family.  Irrate your boss ;-).

  My wife suggested that my activities would have gotten me "black-listed"
40 years ago.  I suggest that the NSA would like to do exactly that to
individuals like Bidzos and PRZ, but it is too late (and the net would make 
it virtually impossible anyway).  Besides, some things are worth fighting for.

       Dave Otto -- dave at marvin.jta.edd.ca.gov -- daveotto at acm.org
   "Pay no attention to the man behind the curtain!"     [the Great Oz]
          finger DaveOtto at ACM.org for PGP 2.6 key  <0x3300e841>
     fingerprint =  78 71 3A 5B FD 8A 9A F1  8F BC E8 6A C7 BD A4 DD

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhA9qCuceIAzAOhBAQHxjwP/eNcmflW3Pwve/ag8D7G0b5l39QKlNUSF
nEcm3DJp0Mhnwd5SIvlOgwPb9K4nH9ASMyjl7NtKCbAEQK9T0XN5nTazg+EsyT2q
qfm99I6ozFBQBe1XWMnCyNd6fr3fHoyqY8zIMMR7k29SByUaM9/lxK2ZawMoPgj1
6AS7r4xXFkw=
=OISd
-----END PGP SIGNATURE-----





From shabbir at panix.com  Tue Jun 28 09:53:25 1994
From: shabbir at panix.com (Shabbir J. Safdar)
Date: Tue, 28 Jun 94 09:53:25 PDT
Subject: Cryptography export legislation in need of help!
Message-ID: <199406281640.AA09933@panix3.panix.com>



[URGENT ACTION REQUIRED BEFORE 10:30AM JUNE 30TH, 1994]
[PLEASE CHECK THE "WHAT YOU CAN DO RIGHT NOW" SECTION!]
*********************************************************************
 
                        DISTRIBUTE WIDELY
 
*********************************************************************

Table of contents:
	Introduction & Alert
	Status of the bill
	What you can do right now
	List of legislators supporting HR 3937 (formerly HR 3627)
	List of legislators wavering on HR 3937 (formerly HR 3627)
	List of legislators opposing HR 3937 (formerly HR 3627)
	What is the Cantwell bill?

-------------------------------------------------------------------------------
INTRODUCTION & ALERT

Voters Telecomm Watch keeps scorecards on legislators' positions on 
legislation that affects telecommunications and civil liberties.
If you have updates to a legislator's positions, from either:

	-public testimony,
	-reply letters from the legislator,
	-stated positions from their office,

please send them to vtw at panix.com so they can be added to this list.

General questions: 	vtw at panix.com
Mailing List Requests: 	vtw-list-request at panix.com
Press Contact: 		stc at panix.com
Gopher URL: 		gopher://gopher.panix.com:70/1/1/vtw
WWW URL:		Be patient; we're working on it. :-)
-------------------------------------------------------------------------------
STATUS OF THE BILL (updated 6/28/94)

The Cantwell bill, that allows for fewer restrictions exports of
cryptography, has an interesting history.  It was rolled into the 
General Export Administration Act HR 3937.  The House Foreign Affairs
Committee passed the full strength version out of committee after
open, public hearings.  The House Intelligence Committee took the
bill and gutted it after a day of closed, secret hearings.  The
gutted version is making its way to the House floor.

There is a crucial stop-off point, however.  The House Rules Committee
will hold a hearing on Thursday June 30th, 10:30am in D.C. (Room H-13)
to determine if the bill can be amended on the House floor (an "open"
bill) or not (a "closed" bill).

If they mark the bill as "open", then the Cantwell bill could be restored
to its previous version, removing the language put in by the House Select
Intelligence Committee which gutted it without a public hearing.

It is crucial that you call of the members of the House Rules Committee
before 10:30am Thursday June 30th and urge them to mark the bill as
"open".

This may be the last thing you can do for the cryptographic export
legislation.  Take the time to make a call!

Chronology of the bill
Jun 30, 94  House Rules Comm. decides whether to allow amendments
	    on the bill when it reaches the House floor 
Jun 14, 94  Gutted by the House Select Committee on Intelligence 
May 20, 94  Referred to the House Select Committee on Intelligence 
May 18, 94  Passed out of the House Foreign Affairs Committee on May 18
	    attached to HR 3937, the General Export Administration Act
Dec  6, 93  Referred to the Subcommittee on Economic Policy, Trade and
Nov 22, 93  Referred to the House Committee on Foreign Affairs.

-------------------------------------------------------------------------------
WHAT YOU CAN DO RIGHT NOW

Estimated time to do this good deed: Two minutes

Show your support for HR 3937 (formerly HR 3627) by contacting a member
of the House Rules Committee and ask them to mark the bill as "open"
(allowing amendments) when it reaches the House floor.

The phone numbers of the members of the House Rules Committee are listed 
below.  Please pick one from your state and call them.  If your state
isn't listed please call the Chairman, Rep. Joe Moakley.
 
Feel free to use the following sample communique:

The Honorable ____________
address
Washington DC, 20515

Dear Congressman or Congresswoman,

Please mark the General Export Administration Act (HR 3937) as 
"open" (allowing amendments on the House floor).

Recently the House Intelligence Committee removed several provisions
of the General Export Administration Act, HR 3937, dealing with
the export of cryptographic technology.

The House Intelligence Committee did this in a closed, secret hearing
which provided for no public input.  The House Foreign Affairs
Committee previously held an open hearing on the same issue and
received a flood of people testifying in favor of the bill, which the
committee then reported out in full.

I urge you to allow the democratic process to take its course
on the House floor and mark the bill as "open".

Sincerely,

_________________________________


Phone/Fax/Addresses of members of the House Rules Committee


103rd United States Congress, 1993-1994
 
All addresses are Washington, D.C. 20515
 
   Dist ST Name, Address, and Party       Phone            Fax
   ==== == ========================       ==============   ==============
      9 MA Moakley, John Joseph (D)       1-202-225-8273   1-202-225-7304
             235 Cannon
      3 SC Derrick, Butler (D)            1-202-225-5301   1-202-225-5383
             221 Cannon
     24 CA Beilenson, Anthony (D)         1-202-225-5911   1-818-999-2258
             2465 RHOB					   (might not answer)

     24 TX Frost, Martin (D)              1-202-225-3605   1-202-225-4951
             2459 RHOB
     10 MI Bonior, David E. (D)           1-202-225-2106   1-202-226-1169
             2207 RHOB
      3 OH Hall, Tony P. (D)              1-202-225-6465   1-202-225-6766
             2264 RHOB
      5 MO Wheat, Alan (D)                1-202-225-4535   1-202-225-5990
             2334 RHOB
      6 TN Gordon, Bart (R)               1-202-225-4231   1-202-225-6887
             103 Cannon
     28 NY Slaughter, Louise M. (D)       1-202-225-3615   1-202-225-7822
             2421 RHOB
     22 NY Solomon, Gerald B. (R)         1-202-225-5614   1-202-225-1168
             2265 RHOB
      1 TN Quillen, James H. (R)          1-202-225-6356   1-202-225-7812
             102 Cannon
     28 CA Dreier, David (R)              1-202-225-2305   1-202-225-4745
             411 Cannon
     14 FL Goss, Porter J. (R)            1-202-225-2536   1-202-225-6820
             330 Cannon

-------------------------------------------------------------------------

LIST OF LEGISLATORS SUPPORTING CRYPTOGRAPHY EXPORT LEGISLATION

The following legislators have formally registered support for
cryptography export legislation.  Call them with your cheers.

All addresses are Washington, D.C. 20515

   Dist ST Name, Address, and Party       Phone            Fax
   ==== == ========================       ==============   ==============
      1 WA Cantwell, Maria (D)            1-202-225-6311   1-202-225-2286
             1520 LHOB
	HR 3627's sponsor; thank her for her work!

     16 IL Manzullo, Donald (R)           1-202-225-5676   1-202-225-5284
             506 Cannon
	Cosponsored HR 3627 on 11/22/93
 
      3 UT Orton, William H. (D)          1-202-225-7751   1-202-226-1223
             1122 LHOB
	Cosponsored HR 3627 on 03/22/94

      3 OR Wyden, Ronald (D)              1-202-225-4811   1-202-225-8941
             1111 LHOB
	Cosponsored HR 3627 on 03/22/94

     16 CA Edwards, Donald (D)            1-202-225-3072   1-202-225-9460
             2307 RHOB
	Cosponsored HR 3627 on 03/22/94

     19 OH Fingerhut, Eric D. (D)         1-202-225-5731   1-202-225-9114
             431 Cannon
	Cosponsored HR 3627 on 03/22/94

      4 MA Frank, Barney (D)              1-202-225-5931   1-202-225-0182
             2404 RHOB
	Cosponsored HR 3627 on 03/22/94

      2 UT Shepherd, Karen (D)            1-202-225-3011   1-202-226-0354
             414 Cannon
	Cosponsored HR 3627 on 03/22/94

      3 WA Unsoeld, Jolene (D)            1-202-225-3536   1-202-225-9095
             1527 LHOB
	Cosponsored HR 3627 on 03/22/94

     19 FL Johnston II, Harry (D)         1-202-225-3001   1-202-225-8791
             204 Cannon
	Cosponsored HR 3627 on 03/22/94

      9 WA Kreidler, Mike (D)             1-202-225-8901   1-202-226-2361
             1535 LHOB
	Cosponsored HR 3627 on 03/22/94

      4 WA Inslee, Jay (D)                1-202-225-5816   1-202-226-1137
             1431 LHOB
	Cosponsored HR 3627 on 03/22/94

      7 WA McDermott, James A. (D)        1-202-225-3106   1-202-225-9212
             1707 LHOB
	Cosponsored HR 3627 on 03/22/94

      8 IN McCloskey, Frank (D)           1-202-225-4636   1-202-225-4688
             306 Cannon
	Cosponsored HR 3627 on 03/22/94

     14 CA Eshoo, Anna G. (D)             1-202-225-8104   1-202-225-8890
             1505 LHOB
	Cosponsored HR 3627 on 03/22/94

     10 NC Ballenger, Thomas C. (R)       1-202-225-2576   1-202-225-0316
             2238 RHOB
	Cosponsored HR 3627 on 05/04/94

      2 WA Swift, Al (D)                  1-202-225-2605   1-202-225-2608
             1502 LHOB
	Cosponsored HR 3627 on 05/04/94

-------------------------------------------------------------------------------
LIST OF LEGISLATORS WAVERING ON CRYPTOGRAPHY EXPORT LEGISLATION
[Feel free to use the sample communique at the end of the FAQ when calling
 or writing a legislator.]

     26 NY Hinchey, Maurice D. (D)        1-202-225-6335   1-202-226-0774
             1313 LHOB
	Recently told a constituent that he is taking the Cantwell bill
	under consideration, but has "national security concerns" about
	allowing encryption to be exported outside the United States.

      1 IA Leach, James (R)               1-202-225-6576   1-202-226-1278
             2186 RHOB
	Has yet to answer a constituent letter with a stated position.

     13 NY Molinari, Susan (D)            1-202-225-3371   1-202-226-1272
             123 Cannon
	Has yet to answer a constituent letter with a stated position.
	(has taken inordinately long)

      8 NY Nadler, Jerrold (D)            1-202-225-5635   1-202-225-6923
             424 Cannon
	Met with lobbying constituent in April '94; no position taken yet

     25 CA McKeon, Howard P. (R)          1-202-225-1956   1-202-226-0683 
             307 Cannon
	Responded to a constituent with a "non-position", May '94
	Had a favorable meeting with a constituent and a VTW volunteer
		in May '94.

-------------------------------------------------------------------------------
LIST OF LEGISLATORS OPPOSING CRYPTOGRAPHY EXPORT LEGISLATION
[Feel free to use the sample communique at the end of the FAQ when calling
 or writing a legislator.]

   Dist ST Name, Address, and Party       Phone            Fax
   ==== == ========================       ==============   ==============
      5 AL Cramer Jr, Robert E. (D)       1-202-225-4801   1-202-225-4392
             1318 LHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      8 CA Pelosi, Nancy (D)              1-202-225-4965   1-202-225-8259
             240 Cannon
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     32 CA Dixon, Julian C. (D)           1-202-225-7084   1-202-225-4091
             2400 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     40 CA Lewis, Jerry (R)               1-202-225-5861   1-202-225-6498
             2312 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     46 CA Dornan, Robert K. (R)          1-202-225-2965   1-202-225-3694
             2402 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      2 CO Skaggs, David E. (D)           1-202-225-2161   1-202-225-9127
             1124 LHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     10 FL Young, C. W. (R)               1-202-225-5961   1-202-225-9764 
             2407 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      4 KS Glickman, Daniel (D)           1-202-225-6216   1-202-225-5398
             2371 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      1 NE Bereuter, Douglas (R)          1-202-225-4806   1-202-226-1148 
             2348 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      9 NJ Torricelli, Robert (D)         1-202-224-5061   1-202-225-0843
             2159 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      3 NM Richardson, William (D)        1-202-225-6190   1-202-225-1950
             2349 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      1 NV Bilbray, James H. (D)          1-202-225-5965   1-202-225-8808
             2431 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     17 PA Gekas, George W. (R)           1-202-225-4315   1-202-225-8440
             2410 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      2 RI Reed, John F. (D)              1-202-225-2735   1-202-225-9580
             1510 LHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     14 TX Laughlin, Gregory H. (D)       1-202-225-2831   1-202-225-1108 
             236 Cannon 
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     16 TX Coleman, Ronald D. (D)         1-202-225-4831   None
             440 Cannon
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

     19 TX Combest, Larry (R)             1-202-225-4005   1-202-225-9615
             1511 LHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      1 UT Hansen, James V. (R)           1-202-225-0453   1-202-225-5857
             2466 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

      6 WA Dicks, Norman D. (D)           1-202-225-5916   1-202-226-1176
             2467 RHOB
 
        FAILED Cryptography exports:
                Voted to kill Rep. Cantwell's export provisions in the
                House Intelligence Committee on 6/15/94.

-------------------------------------------------------------------------------
What is the Cantwell bill?

The Cantwell bill would permit companies to export products with
encryption technology in them.  US companies are currently
not permitted to export products (hardware or software) with this
technology in them.


What is encryption technology?

Encryption technology, or cryptography, is the art of scrambling 
a conversation so that only the people communicating can decode
it.  Other people (such as eavesdroppers) cannot learn about
the conversation.


Where is cryptography being used?

Cryptography is used to encrypt electronic mail to protect its confidentiality
in transit.  It's used by bank automatic teller machines to protect
sensitive data (such as your account number, your Personal Identification
Number, and your bank balance).  It can be implemented into software
(such as electronic mail programs and word processors) as well as hardware
(such as telephones and "walkie-talkies") to ensure your privacy.


Why is there a restriction on exporting products with technology
in them?

For many years the United States was a leading researcher in
cryptography.  High quality cryptographic technology was available only
within the United States.  The US government thought that if they did
not let this technology be exported, foreign individuals would not be able
to obtain it and use it against us (by keeping US intelligence agencies
from eavesdropping on their communications)

Since then, cryptography research has been published in international
journals.  Companies have been created throughout the world who
export cryptographic technology from countries that do not have
these restrictions.  You can now buy the same, high-quality cryptographic
technology from many international firms.  Although the marketplace
has changed, the regulations have not.


Why should the regulations be changed?

US companies compete in a global marketplace.  Because of the export
regulations, they often compete alongside products with superior
cryptographic capabilities built into them.

The result is that US companies build their products with
an inferior encryption technology.  The result of this is that
you, as an American consumer, have great difficulty obtaining
products with strong encryption in them.

Because US products cannot compete against products with better 
privacy features, and because the laws are outdated, the regulations
should be changed.  The Cantwell bill fixes these regulations to more
accurately resemble the current situation of the world marketplace.


How can I help encourage more privacy-enhanced products and
pass the Cantwell bill?

Call or write your representative and ask them to support or cosponsor
Rep. Cantwell's export provisions (formerly HR 3627) in the General
Export Administration Act, HR 3937.  You can base your letter on the
sample communication below.


SAMPLE LETTER OR PHONE CALL

The Honorable ____________
address
Washington DC, 20515

Dear Congressman or Congresswoman,

As a citizen concerned for my privacy, as well as a supporter of
American business, I urge you to cosponsor the Rep. Cantwell's
cryptographic export provisions (formerly HR 3627) in the General
Export Administration Act, HR 3937.

The bill would allow US companies to produce and export products with
cryptographic privacy-enhancing technology in them.  These products
are already available from firms throughout the world.  US companies
lose nearly $100 million per year in exports to them.

By encouraging this industry, ordinary citizens like you and me would
be able to purchase products with better privacy features.

Please support or co-sponsor HR 3937.

Sincerely,

___________________________________ 

-------------------------------------------------------------------------------





From sandfort at crl.com  Tue Jun 28 10:04:15 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 28 Jun 94 10:04:15 PDT
Subject: BLACK UNICORN
Message-ID: <Pine.3.87.9406280955.A24024-0100000@crl2.crl.com>


C'punks,

Black Unicorn called me from Florence, Italy just now.  He said he was 
not connected to the Net, so to say hight to the list.

 				Hi.



 S a n d y








From jdwilson at gold.chem.hawaii.edu  Tue Jun 28 10:18:36 1994
From: jdwilson at gold.chem.hawaii.edu (NetSurfer)
Date: Tue, 28 Jun 94 10:18:36 PDT
Subject: EFFector Online 07.11 - House vote on NII bills, OR ISDN, Clipper news (fwd)
Message-ID: <Pine.3.07.9406280737.G23026-g100000@gold.chem.hawaii.edu>



News re Telecom NII Bills, Clipper


-NetSurfer

#include standard.disclaimer

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==  =    = |James D. Wilson        |V.PGP 2.4:   512/E12FCD 1994/03/17 >
 "  "    " |P. O. Box 15432        |     finger for full PGP key        >
 "  " /\ " |Honolulu, HI  96830    |====================================>
\"  "/  \" |Serendipitous Solutions|    Also NetSurfer at sersol.com      >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

---------- Forwarded message ----------
Date: Mon, 27 Jun 1994 22:51:41 -0400 (EDT)
From: Stanton McCandlish <mech at eff.org>
To: effector-send at eff.org
Subject: EFFector Online 07.11 - House vote on NII bills, OR ISDN, Clipper news

=========================================================================
  ________________             _______________          _______________
 /_______________/\           /_______________\        /\______________\
 \\\\\\\\\\\\\\\\\ \          |||||||||||||||||       / ////////////////  
  \\\\\\\\\\\\\\\\\/          |||||||||||||||||      / ////////////////
   \\\\\\_______/\            ||||||_______\        / //////_____\  
    \\\\\\\\\\\\\ \           ||||||||||||||       / /////////////
     \\\\\\\\\\\\\/____       ||||||||||||||      / ///////////// 
      \\\\\___________/\      |||||              / ////   
       \\\\\\\\\\\\\\\\ \     |||||             / ////  
        \\\\\\\\\\\\\\\\/     |||||             \////

=========================================================================
EFFector Online Volume 07 No. 11      June 27, 1994       editors at eff.org
A Publication of the Electronic Frontier Foundation        ISSN 1062-9424

In This Issue:

ALERT: Open Platform Update - House Vote on HR3636, HR3626 06/28/94
Oregon PUC Request for Comments on ISDN Deployment
House Intelligence Committee Just Says No to Crypto Export
Republican Party Texas Denouces Clipper, DigTel, and ITAR Regs
PSI and Canter & Siegel Negotiate Net Access: No Spamming
SunFlash E-Journal Call for Papers: "UNIX and the Law" Symposium
"How Do I Get the Most Current EFFector?"
What YOU Can Do

----------------------------------------------------------------------


Subject: ALERT: Open Platform Update - House Vote on HR3636, HR3626 06/28/94
----------------------------------------------------------------------------

EFF OPEN PLATFORM UPDATE                                   JUNE 27, 1994


        House Prepares to Vote on Landmark Communications Bills
         EFF's Open Platform Language Remains a Central Aspect


        On June 28, 1994, the full House of Representatives will vote on
landmark telecommunications legislation.   Two bills will be considered:
H.R. 3636, the "National Communications and Information Infrastructure Act
of 1994" (which contains EFF's Open Platform Proposal), and H.R. 3626, the
"Antitrust and Communications Reform Act of 1994" (which will  permit RBOCs
- local-loop telephone companies - to re-enter the long distance,
manufacturing, and information services markets).  Together, these bills
represent the most dramatic restructuring of communications law in more
than 60 years.  
        
Both bills are expected to pass easily, but your supporting faxes and
calls to your Representatives are still important.  See ftp.eff.org, 
/pub/EFF/Issues/Activism/govt_contact.list for a full list of Congressional
fax numbers.

        
H.R. 3636, THE NATIONAL COMMUNICATIONS COMPETITION AND INFORMATION
INFRASTRUCTURE ACT OF 1994

H.R. 3636 seeks to promote the development of the National
Information Infrastructure (NII) through a combination of increased
competition and a new regulatory framework.  The bill would require local
telephone monopolies to provide equal access and interconnection to their
network, remove restrictions preventing telephone companies from providing
video services, and preserve and enhance the universal provision of
telecommunications services at affordable rates.  

There have been no major changes to the legislation since it was
marked up by the Energy and Commerce Committee on March 16, 1994.

Key points of the bill are analyzed below:

*       OPEN PLATFORM SERVICE

EFF believes that open platform service, available to all Americans
in the near-term at low cost, is key to promoting the democratic potential
of the NII.    Open platform service is designed to give residential and
commercial subscribers access to voice, data, and video services over
digital lines on a switched, end-to-end basis.  With open platform service
widely available, individuals and organizations would have access to a
variety of important applications, including  telemedicine, telecommuting, 
and distance learning.  Open Platform services enable any user on the
network to reach any other user or information source on the network,
without having to pass through any bottlenecks that might be erected by
vertically integrated network operators.  Today, many carriers are only
building capacity for primarily one-way services such as video-on-demand,
home shopping, and 500 channels of entertainment.  Open platform
architecture is a strong safeguard against anti-competitive behavior and
will promote the First Amendment goal of access to a diversity of
information sources.
         
EFF has been working closely with Rep. Markey and other members of
the House Telecommunications Subcommittee to ensure that the open platform
philosophy was incorporated in NII legislation.

Open platform service, as defined in section 101 (3)(ii) of H.R.
3636, refers to -- 

        ...a switched, end-to-end digital telecommunications service that 
        is subject to Title II of [the Communications Act of 1934: Common 
        Carriers]; and that (1) provides subscribers with sufficient 
        network capability to access multimedia information services, 
        (2) is widely available throughout a State, (3) is provided 
        based on industry standards, and (4) is available to all 
        subscribers on a single line basis upon reasonable  request.

Section 102 (d)(3) of H.R. 3636 directs the FCC to conduct an inquiry in
order to determine what regulations and policies are necessary to make open
platform service available to subscribers at reasonable rates.  Based on
the inquiry, the FCC is then directed to prescribe regulations to ensure
the deployment of open platform services.  The FCC may also require
carriers to file tariffs for open platform service as soon as such service
is economically feasible and technologically reasonable.  
        
The FCC is also directed to establish procedures for granting carriers a
temporary waiver from complying with the open platform requirements. 
Carriers would be granted a waiver if they could demonstrate that
compliance with the open platform requirements would (1) be economically or
technically infeasible, or (2) would materially delay the deployment of new
facilities with improved capabilities or efficiencies that will be used to
meet the requirements of open platform services.

Access to open platform service at affordable rates is also a key
part of the definition of universal service in H.R. 3636.

*       UNIVERSAL SERVICE

Universal access to telephone service has long been a cornerstone
of Federal and State telecommunications regulatory policies.  Because
residential local telephone service is provided by a monopoly carrier,
maintaining universal service has not been difficult.  As the ability to
participate in society becomes increasingly more dependent on access to
information, the need to preserve and maintain universal service becomes
more and more important.  However, as competition in the local exchange
increases the diversity of communications services providers, the old
systems for maintaining universal service will become more and more
ineffective.  H.R. 3636 seeks to establish a mechanism that ensures
universal service is preserved as competition increases in the
telecommunications market.
        
H.R. 3636 does not attempt to establish a statutory definition of
universal service.  Instead, the bill establishes a process which allows
the definition of universal service to evolve as new technologies and
services emerge.

Federal-State Joint Board to Determine the Definition of Universal Service  

The bill establishes a Federal-State Joint board (composed of
representatives from the FCC and State public utility commissions) to
determine what policies and regulations are necessary to preserve and
enhance universal service.  In determining the nature and extent of
universal service, the Federal-State board is directed to consider several
factors.  These include the extent to which:
        
(1) a telecommunications service has, through the operation of market
choices by customers, been subscribed to by a substantial majority
of residential customers; (2) the possibility that denial of access to such
service to any individual would unfairly deny that individual educational
and economic opportunities; (3) such service has been deployed in the
public switched telecommunications network; and (4) inclusion of such
service within a carriers' universal service obligations is otherwise
consistent with the public interest, convenience, and necessity.      
        
The bill states that all providers of telecommunications services
should contribute to the preservation of universal service.


*       LOCAL COMPETITION: EQUAL ACCESS AND INTERCONNECTION

        In order to promote competition in the local telecommunications
market, H.R. 3636 requires local exchange carriers to provide equal access
and interconnection to their networks.  The equal access and
interconnection requirements will allow competitors, such as cable
companies, long distance providers, and others, to compete with local
telephone monopolies without requiring competitors to build their  local
network from scratch.  

Regulations Required

The bill directs the FCC to establish regulations that require
reasonable and nondiscriminatory equal access and interconnection with the
facilities of a local exchange carrier's network.  Such regulations must
allow a competitor to place any equipment necessary for interconnection to
the network on the premises of a local exchange carrier.  The FCC is also
directed to prescribe regulations requiring reasonable compensation to the
exchange carrier providing equal access and interconnection.

State Preemptions 

H.R. 3636 preempts existing State and local regulations prohibiting
competition in the local exchange, while maintaining a State's ability to
enforce consumer protection laws, protect public safety and welfare, and
regulate interstate rates and quality of service.
        
Exemptions 

Finally, small and rural telephone companies (those with fewer than
500,000 access lines) are not required to comply with the equal access and
interconnection requirements unless the FCC determines that complying would
not be unduly economically burdensome, unfairly competitive,
technologically infeasible, or otherwise not in the public interest.

*       PROVISION OF VIDEO SERVICES BY TELEPHONE COMPANIES      

H.R. 3636 removes restrictions preventing telephone companies from
providing video services within their service area.  In order to provide
video services within its service area, a telephone company would be
required to: (1) establish a separate video programming affiliate; and (2)
establish a video platform.

Separate Video Programming Affiliate:

H.R. 3636 requires separate video programming affiliates to
maintain separate books and records from their affiliated telephone
company, and conduct its own separate promotion (with certain exceptions). 
The bill also contains prohibitions against cross subsidies.  The separate
affiliate requirements are intended to prevent a telephone from using its
power as a monopoly from impeding competition in the market.

Video Platform

H.R. 3636 requires any common carrier that provides video
programming to its subscribers in its telephone service area to establish a
video platform.  Any carrier establishing a video platform is required to
grant, on a nondiscriminatory basis, access to all bona fide requests for
carriage.  The FCC is also directed to prescribe regulations to prohibit
video platform providers from imposing discriminatory rates, terms, and
conditions on access to the video platform.

In order to promote competition in the delivery of video services,
H.R. 3636 also prohibits (with exceptions for small and rural areas) any
common carrier that provides telephone exchange service (or its affiliates)
from purchasing an existing cable system located within its telephone
service area.

Extension of Regulations to Other High Capacity Systems

This section extends the video platform requirements of H.R. 3636
to cable systems that operate switched broadband delivery systems.   Such
systems are required to establish a video platform, and are prohibited from
 discriminating among program providers with respect to carriage, and
requires that the rates and conditions for carriage of video programming
are just and reasonable

The FCC is also directed to study whether it is in the public
interest to extend the video platform requirements to other cable operators
though they may not have switched broadband video delivery systems.

*       INTERACTIVE SERVICES AND CRITICAL INTERFACES 
                (SET-TOP BOXES)

The bill states that set-top boxes and other interactive communications
devices may be "a critical gateway" to American homes and businesses.  The
bill states that,  "In order to promote diversity, competition, and
technological innovation among suppliers of equipment and services, it may
be necessary to make certain critical interfaces open and accessible to a
broad range of information providers",  the FCC is directed to identify
"critical interfaces" that allow end users to connect information devices
to networks and information service providers to transmit information to
end users.  

The bill directs the FCC to conduct an inquiry, to examine the
convergence of interactive technologies.   The FCC would examine the costs
and benefits of establishing open interfaces between, on the one hand, the
network provider and the set-top box, and on the other, between network
providers and information service providers.  The FCC would also determine
how to ensure the interoperability of converter boxes with interactive
networks.

The bill instructs this FCC to report to Congress within one year
of the date of enactment of this section on the results of its inquiry. 
Finally, the FCC is instructed to make such changes in its regulations as
deemed necessary in order to implement the findings of its inquiry.

*       BROADCAST SPECTRUM FLEXIBILITY

If the FCC decides to issue additional licenses for advanced television
services (such as HDTV) H.R. 3636 allows the FCC to prescribe regulations
that would permit broadcasters to use spectrum for "ancillary and or
supplementary services".   Such ancillary or supplementary services
will be treated as broadcast services and are subject to all regulations
applicable to broadcast services

*       PUBLIC ACCESS

H.R. 3636 requires the FCC to prescribe regulations to provide access for
the public on video platforms and cable systems at preferential rates.  The
FCC is directed to determine the appropriate capacity consistent with the
video platform requirements of the bill.  

*       CIVIC PARTICIPATION ON THE INTERNET

The bill directs the FCC in consultation with the NTIA, to conduct a study
of policies that will enhance civic participation on the Internet.  In
conducting this study, the FCC and NTIA are directed to request public
comment on whether common carriers should be required to provide citizens
with a flat rate service for gaining access to the Internet.

For More information on EFF's Open Platform Proposal, contact
Jerry Berman, Executive Director, <jberman at eff.org>
Danny Weitzner, Deputy Policy Director <djw at eff.org>
Jonah Seiger, Project Coordinator, <jseiger at eff.org>

For the most up-to date version of the bills and the reports, call the
Telecommunications Subcommittee at +1 202 226 2424

------------------------------


Subject: House Intelligence Committee Just Says No to Crypto Export
-------------------------------------------------------------------

June 15, the House Intelligence Committee deleted the provisions of the
Export Administration bill (HR3937, formerly HR3627) which would have allowed
the export of all mass-market encryption products and thus eliminated the
ITAR restrictions on most cryptographic material.

The Intelligence Committee substituted the cryptography study previously
adopted by the Senate.  So, instead of getting strong encryption in the
international information infrastructure, we'll get a nice big study to
read and debate.

The next phrase of this fight will be in the House Rules committee, which
will have the job of resolving the dispute between the Foreign Affairs
Committee, which approved the Cantwell bill, and the Intelligence Committee
version, which removed it.  The Rules Committee will decide which version,
if any, goes to the floor of the House for vote.

Stay tuned for further news and action alerts...

The members of the House Rules Committee are listed below.  You may wish
to send them letters and faxes supporting retention of the language
supporting the export of cryptographic products, in the version of the
bill passed by the House Foreign Affairs Cmte.

p st name                           phone            fax            position
______________________________________________________________________________
D MA Moakley, John Joseph           1-202-225-8273   1-202-225-7304 Cmte Chair
D SC Derrick, Butler                1-202-225-5301   na
R NY Solomon, Gerald B.H.           1-202-225-5614   1-202-225-1168
D CA Beilenson, Anthony             1-202-225-5911   na
D TX Frost, Martin                  1-202-225-3605   1-202-225-4951
R TN Quillen, James H.              1-202-225-6356   1-202-225-7812
D OH Hall, Tony P.                  1-202-225-6465   na
R CA Dreier, David                  1-202-225-2305   1-202-225-4745
R FL Goss, Porter J.                1-202-225-2536   1-202-225-6820
D MO Wheat, Alan                    1-202-225-4535   1-202-225-5990
R TN Gordon, Bart                   1-202-225-4231   1-202-225-6887
D NY Slaughter, Louise M.           1-202-225-3615   1-202-225-7822

------------------------------


Subject: Oregon PUC Request for Comments on ISDN Deployment
-----------------------------------------------------------

EFF will be filing comments in this inquiry and we encourage all
interested parties, especially those in Oregon, to do so as well.


Oregon Public Utility Commission
May 26, 1994
TO:  ALL INTERESTED PARTIES


The Public Utility Commission of Oregon has been sponsoring a series of
workshops concerning the deployment of an Integrated Services Digital
Network (ISDN) in Oregon. Through the workshop process, the Oregon ISDN
working group has established the feasibility of ISDN deployment by local
exchange carriers (LECs) within the state. The Commission now seeks
comments on ISDN deployment from the work group and any other interested
parties on the following issues and questions. If parties have comments on
any issues or concerns not covered in the questions, they are encouraged to
add them to the issues list.

Issues and Ouestions:

1.      Does the Commission have jurisdiction to compel the provision of
ISDN? Explain the basis of your position.

2.      What policies should the Commission adopt regarding the deployment
of ISDN? Should the Commission mandate deployment or encourage deployment
to be driven by customer demand?

3.      Should ISDN-based services be considered a replacement for, or an
evolution of, current services?

4.      Should all Oregon subscribers have access to ISDN? What policies
should be adopted concerning the general availability of ISDN to customers?

5.      Assuming that all central office switches in Oregon are either
digital or analog electronic, what network upgrades are necessary to deploy
ISDN?

6. What is the cost of these upgrades? Are these upgrades necessary
exclusively for ISDN, or will they be shared by other services? Explain.

7.      What digital switches are currently incapable of providing ISDN?
Are there plans for making them ISDN-capable? In what time frame?

8.      Are there methods of providing ISDN from ISDN-incapable switches?
Explain in detail.

9.      If overlay methods are used to provide ISDN in certain exchanges,
how will this affect the current structure of local, EAS, and toll services
within Oregon?

10.     What policies regarding ISDN standards should be adopted by the
Commission? Please explain.

11.     Should the Commission require that certain services or capabilities
be provided by ISDN? What are they? Why?

12.     What is the appropriate time frame for ISDN deployment in Oregon? Why?

13.     How should ISDN services be priced? Should there be a
residential/business price differential? Why?

14.     Should there be a voice/circuit data price differential? Why?

15.     Should there be flat rate/measured rate pricing options? Why?

16.     How should features be priced? Should they be provided in packages,
unbundled, or both? Why?

17.     How should the policies regarding ISDN be implemented by the
Commission? If tariff filings are required, what should they contain? Why?

18.     To which local exchange carriers should rules and policies on ISDN
apply? Why?

19.     Should the LECs be required to provide ISDN services in a manner
that is conducive to the competitive provision of ISDN? Why? If so, how?

20.     Should there be a mandated interconnection and interoperability of
competitively provided ISDN services? Why? If so, how and by whom?

21.     Are there any other aspects or characteristics of providing ISDN
that should be considered by the Commission? If yes, describe each and
explain why.

Please mail one copy of your comments by July 22, 1994, to:

     Woody Birko
     Oregon PUC
     550 Capitol St. NE
     Salem, OR 97310-1380

and one copy of your comments to everyone on the attached ISDN work group
mailing list. If you are not on the ISDN work group mailing list and would
like to receive a copy of everyone's comments, please call Woody Birko at
(503) 378-6122.

Reply comments should be mailed in a similar manner by August 30, 1994. The
next meeting of the Oregon ISDN work group is tentatively scheduled for
September 14, 1994, to discuss the comments and reply comments and to see
if a unified position paper can be written to the Commission on ISDN
deployment in Oregon.

If you have any questions concerning this, please call me at (503) 378-6122.

Wolodymyr Birko
Sr. Utility Engineering Analyst
Telecommunications Division
(503) 378-6122


------------------------------


Subject: Republican Party Texas Denouces Clipper, DigTel, and ITAR Regs
-----------------------------------------------------------------------

Partly in response to a widespread petition effort, conducted primarily
over the Internet, the Texas Republican Party has adopted a platform
supportive of electronic privacy, denoucing in one breath the ITAR crypto
export restrictions, the FBI's draft wiretapping bill, the Adminstration's
Escrowed Encryption Standard, and overly-broad cryptographic algorithm
patents.  

This is comes as something of a surprise given the unanimous House
Intelligence Committee Vote to retain export restrictions on cryptographic
products - a vote which included the ballot of Rep. Larry Combest (R/TX).
[see previous article in this issue] 

The relevant section of the RPT 1994 Platform is reproduced here:

"Electronic Privacy-The Party believes that no governmental trapdoor
encryption standards should be advanced for use in any civilian
communication system (eg Clipper Chip, Digital Telephony Act) and that the
US patent office should limit the RSA patent to allow individuals to secure
their own communications systems. We believe that encryption systems
publicly available outside the US should not be classified as munitions."

More info will follow when available.

------------------------------


Subject: PSI and Canter & Siegel Negotiate Net Access: No Spamming
------------------------------------------------------------------

Date: Thu, 23 Jun 1994 18:19:47 -0400
From: "Martin Lee Schoffstall" <schoff at us.psi.com

[This is just an informational forward, and is not an EFF document, nor
does it reflect official EFF positions or statements - mech at eff.org]


I'm sure this will provide for stimulating discussion...

 Marty
 -------


                              FOR IMMEDIATE RELEASE


    PSI AND CANTER & SIEGEL NEGOTIATE AGREEMENT ON FUTURE INTERNET ACCESS

June 23, 1994 - Herndon, VA - Performance Systems International, Inc.
(PSI), of Herndon Virginia, which provides Internet connection services
to more people and organizations than all other providers, today disclosed
that an interim agreement had been reached with Canter & Siegel (C&S), of
Phoenix, Arizona regarding the controversial C&S advertising over the
Internet and USENET.

Both firms concur that the continuing orderly evolution of the commercial
Internet must be preserved, and to that end, Canter & Siegel and PSI have
agreed to the following:

a) C&S will refrain from mass electronic postings of any unsolicited,
   non-contextual, non-topic advertisements to the USENET discussion group
   bulletin board system;   

b) C&S will refrain from mass postings of any unsolicited, non-contextual,
   non-topic advertisements using electronic mail or other TCP/IP Internet
   applications.

The worldwide Internet and USENET response to Canter & Siegel's activities
have been very strong. Many of the actions have been particularly virulent,
including the sending of "mail bombs". PSI has had first hand experience
where the actions in response to C&S were damaging to third parties. PSI
took a number of steps to remove these damaging situations as they occurred.
While the actions of C&S have been considered by many to be completely
inappropriate, the same is now being said about the actions in response to
C&S. Clearly, the ENTIRE situation needs to be amended and will take many
months, if not years, to settle out.

Better education will be key to Internet evolution with books like "NET
Etiquette" and the Internet Business Association (IBA) of Washington, DC
facilitating those changes. In addition, mediation and discussion instead
of unilateral confrontation, threats, and disconnection will be required
to develop the general framework for operating on the Internet as it continues
to evolve.  Several other application-oriented Internet service providers
have taken this approach successfully with C&S and others in parallel with PSI.

                                   ###

PSI's headquarters are located at 510 Huntmar Park Drive, Herndon, VA 22070.
Canter & Siegel is located at 3333 East Camelback Road, Suite 250,
Phoenix, AZ  85260. 

------------------------------


Subject: SunFlash E-Journal Call for Papers: "UNIX and the Law" Symposium
-------------------------------------------------------------------------

From: troll at sug.org (Alex Newman)

[Excerpted from _The_Flordia_SunFlash:_The_Electronic_Journal_for_Sun_Users_
_Since_1988_, Vol. 66, No. 54, June 1994.]


	Theme:  UNIX and the Law
		Security
		Computers and Privacy
		UNIX and the Government
		Copyrights and Licensing

        The Sun User Group is pleased to announce its First Annual
        Technical Symposium, which will address the important issues of
        legality and morality that face computer users every day.
        Technical papers and presentations concerning this topical
        issue, as well as other topics of interest to the Sun/SPARC
        community, are invited. Manufacturers of computer equipment and
        software based on SPARC/Solaris technology are encouraged to
        participate in this conference with presentations, and
        technical talks.


                           CALL FOR PAPERS

			    SUN USER GROUP
			     First Annual
		     "UNIX and the Law" Symposium

			 November 14-18, 1994
			      Austin, TX



SUG conferences are attended by members from all over the world.  Past
conferences have drawn upwards of 4000 attendees from 43 countries and
43 states.  We expect this timely topic to generate even more interest
than usual.


Submission Guidelines:

Submissions should be in the form of extended abstracts (750 to 1000
words) and be sufficiently complete to allow the committee to
understand and evaluate the submission. Abstracts should include:

  1. 	Author name(s), postal and e-mail address(es), and telephone
	number(s).
  2. 	Presenter name(s), postal and e-mail address(es), and
	telephone number(s).
  3. 	Title of the paper
  4. 	Time needed for presentation/questions. (30,45,60,90 Min.
	time slots)
  5. 	Audio-visual requirements.
  6. 	Student paper entry (Full time students only)

Authors whose submissions are accepted will receive instructions for
the preparation of final papers which will be published in the
conference proceedings. The Presenter will receive one free
registration for the conference.  Any tutorial attendance must be
purchased.

IMPORTANT!  All presentations will require a paper submission for 
            inclusion in the conference proceedings. 

Deadlines:

  Abstracts Due:                        July 8, 1993

  Notifications to Authors:             August 22, 1993

  Final Papers Due:                     September 12, 1993


Student Papers:

There will be an award for the best student paper. Be sure to indicate
with your submission if you are a full time student.  A cash prize and
free registration will be awarded by the Conference Program Committee.

Submit one hardcopy and one electronic copy to the Sun User Group office:

	Sun User Group
	Conference Committee
	1330 Beacon Street
	Suite 315
	Brookline, MA 02146

 Email: office at sug.org   Phone: (617) 232-0514     Fax: (617) 232-1347

The Program Committee will select presentations from among those
submitted.  It includes experts from many areas of the Sun/Sparc
world.  It will be aided by:

S. Lee Henry 		SUG board liaison	Johns Hopkins University
Peter Galvin	 	SUG board liason	Brown University
Alex Newman 		SUG liason		Sun User Group


Possible themes and topics are listed below.  These are only for
reference, however, and all submitted papers will be considered for
presentation at the conference.

Thematic Track
  Topics directly related to the theme of the program: System
  Security; Software law for businessmen; Copyrights vs Copylefts;
  Encryption Sytems; Public and private keys; Clipper chips; Digital
  signatures; Designing software for export; Carjacking on the
  Information Superhighway;

Mini-Tutorials and Q&A
  These sessions should be designed to directly address Sun user's
  needs.  They could include step-by-step guides to administration,
  networking, programming in various tools, and understanding aspects
  of system operation such as performance and utilities.  Q&A sessions
  are important and interesting to attendees because of their
  interactive, problem solving and question-resolving nature.
  Previous talks in this vein have included "securing your
  environment" and "system administration tips and tricks".

System Administration, System Security
  Talks in this area should address the interests of those who have
  been Sun users for a year or more.  Some of the more in-depth
  topics: mixed environments/mixed operating systems, backups,
  PPP/Slip, automounter, perl, tools for problem troubleshooting, and
  remote off-site administration.

Technical Product Information
  This topic provides a chance for vendors to toot their own
  (technical) horns and describe the compelling technical advantages
  of their products.  Panels of competitive products will be assembled
  when it seems appropriate to do so.  No sales-oriented or
  non-technical talks will be accepted.

Alex Newman		Sun User Group		Heus, Cerebre, quid vis 
troll at sug.org		1330 Beacon St.,	facere hac nocte?
(617) 232-0514 voice	Suite #315		Quod semper noctu facimus, 
(617) 232-1347 fax	Brookline, MA 02146	o Rufo. Conari ut mundum 
						superemus!

------------------------------


Subject: "How Do I Get the Most Current EFFector?"
--------------------------------------------------

For those that may have not received an issue due to net.troubles, found
it expired in their newsfeed before they could get to it, or don't wish to
subscribe to the mailing list, EFF Systems Administrator Dan Brown has set
up an infobot (an automated mail reflector, that will send you a file in
response to email) to deliver the current issue of EFFector to you.
Simply send any message to effector-reflector at eff.org (or er at eff.org for
short), and you'll get the latest issue mailed to you.  For ftp users,
ftp.eff.org, /pub/EFF/Newsletters/EFFector/current will always contain the
most recent issue of this newsletter.   Reminder: the info at eff.org infobot
will send you basic EFF info and membership form in response to any email,
while the netguide at eff.org infobot will likewise send you the current
version of EFF's Guide to the Internet, and pgpkey at eff.org will send you
our PGP 2.6 public key for encrypting sensitive messages (e.g. membership
forms that bear a credit card number) to us.  Queries that need answers
from a real live person should be sent to ask at eff.org.

------------------------------


Subject: What YOU Can Do
------------------------

"If you say to people that they, as a matter of fact, can't protect their
conversations, in particular their political conversations, I think you
take a long step toward making a transition from a free society to a
totalitarian society."
  - Whitfield Diffie of Sun Microsystems, world reknowned cryptographer,
    MacNeil/Lehrer News Hour, Thursday, 4/7/94

Who will decide how much privacy is "enough"?

The Electronic Frontier Foundation believes that individuals should be
able to ensure the privacy of their personal communications through any
technological means they choose.  However, the government's current
restrictions on the export of encrytion software have stifled the
development and commercial availability of strong encryption in the U.S. 
Now, more than ever, EFF is working to make sure that you are the one that
makes these decisions for yourself.  Our members are making themselves heard
on the whole range of issues.  To date, EFF has collected over 5000 letters
of support for Rep. Cantwell's bill (HR3627 - Sen. Murray's companion bill
is S1846) to liberalize restrictions on cryptography.  The bill's
provisions, now part of the more general HR3937, will need your
immediate and vocal support to succeed.  We also gathered over 1400 letters
supporting Sen. Leahy's open hearings on the proposed Clipper encryption
scheme, which were held in May 1994.

If you'd like to add your voice in support of the Cantwell bill's
language, which is in danger of being stripped from HR3937, fax the
members of the House Rules Committee [see above for fax number] immediately!

You KNOW privacy is important. You have probably participated in our online
campaigns.  Have you become a member of EFF yet?  The best way to protect
your online rights is to be fully informed and to make your opinions heard.
EFF members are informed and are making a difference.  Join EFF today!

For EFF membership info, send queries to membership at eff.org, or send any
message to info at eff.org for basic EFF info, and a membership form.

------------------------------


Administrivia
=============

EFFector Online is published by:

The Electronic Frontier Foundation
1001 G Street NW, Suite 950 E
Washington DC 20001 USA
+1 202 347 5400 (voice)
+1 202 393 5509 (fax)
+1 202 638 6119 (BBS - 16.8k ZyXEL)
+1 202 638 6120 (BBS - 14.4k V.32bis)
Internet: ask at eff.org
Internet fax gate: remote-printer.EFF at 9.0.5.5.3.9.3.2.0.2.1.tpc.int

     Coordination, production and shipping by:
     Stanton McCandlish, Online Activist/SysOp/Archivist <mech at eff.org>

Reproduction of this publication in electronic media is encouraged.  Signed
articles do not necessarily represent the views of EFF.  To reproduce
signed articles individually, please contact the authors for their express
permission.

To subscribe to EFFector via email, send message body of "subscribe
effector-online" (no quotes) to listserve at eff.org, which will add you a
subscription to the EFFector mailing list.

To get the latest issue, send any message to er at eff.org, and it will be
mailed to you automagically.  You can also get ftp.eff.org,
/pub/EFF/Newsletters/EFFector/current.

------------------------------


Internet Contact Addresses
--------------------------

Membership & donations: membership at eff.org
Legal services: ssteele at eff.org
Hardcopy publications: pubs at eff.org
Technical questions/problems, access to mailing lists: eff at eff.org
General EFF, legal, policy or online resources queries: ask at eff.org





End of EFFector Online v07 #11
******************************

$$







From jya at pipeline.com  Tue Jun 28 10:43:03 1994
From: jya at pipeline.com (John Young)
Date: Tue, 28 Jun 94 10:43:03 PDT
Subject: No Subject
Message-ID: <199406281742.NAA08992@p03.pipeline.com>


-----BEGIN PGP SIGNED MESSAGE-----

Dave Otto wrote:

  I think the issue, at this point, is not so much whether the 
NSA goons
actually threatened his life, but that they have consistently 
attempted to
suppress crypto anyway they can.  That the NSA has tried to 
intimidate
Bidzos is no secret.  That the NSA considers PGP a threat to 
their domain
is also well known.

  CPSR and EFF are doing an admirable job of taking the fight 
to the beltway;
but outside the net, the grass roots support just isn't there.  
As has been
pointed out by PRZ et al., the primary reason to avoided hacks 
to PGP is
that doing so fragments what standards we have now.  The 
release of the
MIT PGP was the first step in legitimizing cryptography.  The 
next step is
to install interoperable crypto on EVERY box out there.  While 
I don't
advocate bypassing your local sysadmin, try to get PGP 
installed on each
machine you touch.  Use 2.6 (MIT in U.S., _ui_ elsewhere).  
Publish your
key.  Tell your friends.  Annoy your family.  Irrate your boss 
;-).

  My wife suggested that my activities would have gotten me 
"black-listed"
40 years ago.  I suggest that the NSA would like to do exactly 
that to
individuals like Bidzos and PRZ, but it is too late (and the 
net would make 
it virtually impossible anyway).  Besides, some things are 
worth fighting for.



Dave rightly suggests that "black-listing" and other 
stigmatizing and threatening
inhibit the rights of citizens.  Such attacks also intimidate 
others who learn of 
the assault on organizations and persons and who fear they may 
become targets.  

To oppose this it seems also right that any attack we learn 
about should be posted 
in this forum, at the least.

Please post who else NSA -- and its like -- has threatened 
besides Bidzos and PRZ.


John

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhBhiyC2hhsUMyZpAQH/JAP/fjhJrxoe76Dbo2+wHD9EcFl2PObKgqEa
vjNaRomGIYgb/BKe/M4DejgtNgEGi+DyGoFspf14u18q2ZzFV8iQFJjaP7y5GFFI
/5ztKpAH/ERCpNmF6L9jOYqIy6p3FZTsMVsxQwSW9IsM+XD7jxW7g0QU/NkvcTIn
Vz7Bt0hjY9s=
=AlBx
-----END PGP SIGNATURE-----






From blancw at microsoft.com  Tue Jun 28 11:29:41 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 28 Jun 94 11:29:41 PDT
Subject: BLACK UNICORN
Message-ID: <9406281731.AA28621@netmail2.microsoft.com>


Well, I just sent mail to you, Sandy at crl.com, but it came back to 
you saying that you were "554 Unbalanced '>' ".    I guess it's in 
reference to the software  :>)

I was just inquiring, since you yourself are lately leaving the US & 
going off to Hong Kong, whether you would be there long enough to be 
part of the events in the changing of the guard to the Commie Chinese?

Blanc







From blancw at microsoft.com  Tue Jun 28 11:36:17 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 28 Jun 94 11:36:17 PDT
Subject: NSA and competence
Message-ID: <9406281738.AA28921@netmail2.microsoft.com>


From: "Perry E. Metzger"

...They have plenty of money, and EXTREMELY smart people. ........ 
That, and the concrete evidence that they are probably twenty years 
ahead of us, leads me to believe that it is
stupid to underestimate them.
..............................................

They sure make some BIG mistakes, though, don't they?
And they didn't cover up the Clipper mistakes very well at all.
And they're not seeing the economical relationships regarding exports 
very well.
Do you suppose that maybe this is intentional?

Blanc





From jrochkin at cs.oberlin.edu  Tue Jun 28 12:53:23 1994
From: jrochkin at cs.oberlin.edu (Jonathan Rochkind)
Date: Tue, 28 Jun 94 12:53:23 PDT
Subject: NSA and competence
Message-ID: <199406281953.PAA04598@cs.oberlin.edu>


> They sure make some BIG mistakes, though, don't they?
> And they didn't cover up the Clipper mistakes very well at all.
> And they're not seeing the economical relationships regarding exports 
> very well.
> Do you suppose that maybe this is intentional?
 
What big mistakes? The Clipper error is a relatively small mistake.
Sure, there's a loophole that allows someone with the neccesary
will and knowledge to clipper-encrypt things in such a way that the
government can't decrypt them. But I believe the NSA when they say they
knew about this, but didn't care. Because it makes sense. The NSA
knows that anyone with the neccesary knowledge to exercise this loophole
_surely_ knows about other non-clipper encryption methods too. 
Any terrorist who knows enough about encryption to know how to exercise the
loophole (which will be any terrorist at all pretty soon) will surely know
enough to encrypt with PGP underneath clipper anyway. So what difference
does it make to the NSA? Sure, clipper might be a bit harder for the NSA
to crack then RSA/IDEA, but appearantly not enough to justify NSA-concern.
 
This just re-emphasizes that the NSA isn't _really_ worried about terrorists
and drug dealers and such. I mean, they're worried, but that's not the
worry that motivates clipper. Because clipper wont' be any good against 
terrorists and drug dealers as long as alternate encryption is legal.
They are worried about non-escrowed encryption becoming a _standard_, for
the Average Joe. The Average Joe, while he might use PGP in a clipper-free
world, proably isnt' going to use it if his mail is protected by 
clipper already. And he sure isn't going to exercise the clipper
loophole. IMHO, the NSA obviously spends enough effort spying on the
Average Joe to justify clipper for these reasons. Because they can't
be blind enough to think that Clipper is going to be any use at all
against those who care.  The fact that they are unconcerned about this 
loophole seems to justify that.
 
As for "not seeing the economic relationships", they just don't care.
The export restrictions have one purpose only: to hinder cryptology
R&D in America. Yeah, anyone who thinks about it realizes that this means
hurting american software companies ability to compete, but the NSA
doesn't care about ability to compete. They care about National Security.
And they think that National Security will be compromised if American firms
engage in lots of crypto-R&D.  So they are doing anything in their power
to prevent that. Export-restrictions are really the only thing they have the
power to do in this regard, but they should work perfectly sufficiently
for their purposes.
 
They dont' seem to be making too many mistakes to me. 





From jya at pipeline.com  Tue Jun 28 12:57:40 1994
From: jya at pipeline.com (John Young)
Date: Tue, 28 Jun 94 12:57:40 PDT
Subject: Pipe>>OTTO5.ASC<<Pipe
Message-ID: <199406281957.PAA02267@p03.pipeline.com>


begin 644 /tmp/baaa006Cn
 
end




From jya at pipeline.com  Tue Jun 28 13:24:41 1994
From: jya at pipeline.com (John Young)
Date: Tue, 28 Jun 94 13:24:41 PDT
Subject: Bidzos and RSA
Message-ID: <199406282024.QAA07317@p03.pipeline.com>


-----BEGIN PGP SIGNED MESSAGE-----


Dave Otto posted today:

<  I think the issue, at this point, is not so much whether the 
NSA goons
<actually threatened his life, but that they have consistently 
attempted to
<suppress crypto anyway they can.  That the NSA has tried to 
intimidate
<Bidzos is no secret.  That the NSA considers PGP a threat to 
their domain
<is also well known.

<  Given that the purpose of the ITAR restrictions appear to be 
to prevent
<an international standard from forming, I think we need to 
refocus on the
<issue of presenting strong crypto as "a right", inevitable, 
and ubiquitous.

<  CPSR and EFF are doing an admirable job of taking the fight 
to the beltway;
<but outside the net, the grass roots support just isn't there. 
 As has been
<pointed out by PRZ et al., the primary reason to avoided hacks 
to PGP is
<that doing so fragments what standards we have now.  The 
release of the
<MIT PGP was the first step in legitimizing cryptography.  The 
next step is
<to install interoperable crypto on EVERY box out there.  While 
I don't
<advocate bypassing your local sysadmin, try to get PGP 
installed on each
<machine you touch.  Use 2.6 (MIT in U.S., _ui_ elsewhere).  
Publish your
<key.  Tell your friends.  Annoy your family.  Irrate your boss 
;-).

<  My wife suggested that my activities would have gotten me 
"black-listed"
<40 years ago.  I suggest that the NSA would like to do exactly 
that to
<individuals like Bidzos and PRZ, but it is too late (and the 
net would make 
<it virtually impossible anyway).  Besides, some things are 
worth fighting for.


Dave rightly suggests that black-listing and other such 
stigmatizing and
threatening offenses inhibit the rights of citizens.  These 
attacks also
intimidate others who learn of the aggression on organizations 
and persons
and who fear they may become targets themselves.

To oppose these offenses it seems also right that any attack we 
learn about
should be posted in this forum, at the least.

Please post who else NSA -- and its like -- has threatened 
besides Bidzos
and PRZ.


John
-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhCBFyC2hhsUMyZpAQGUnwQAqFgV+nYmG+yaDMfEp7jc3KIsU3dFddvO
8pRKo9049PZMMhScksExpgmQmTQAeXRuShKiRNFzaiO8RGCPOSX/iU8QaGPI/d8o
DMvoNYSDrK7IUEjTinaAGtCdHXvRE0JwtEXA/dgvj5X/s4eEzRFu4ZK3nvxsi2ey
YtcH8dQ2SnI=
=PdKJ
-----END PGP SIGNATURE-----






From frissell at panix.com  Tue Jun 28 06:51:46 1994
From: frissell at panix.com (Duncan Frissell)
Date: Tue, 28 Jun 94 13:51:46 GMT
Subject: Bidzos in the NYT
Message-ID: <199406281350.AA01056@panix.com>


Markoff has a profile of Jim Bidzos on the front page of today's NYT 
business section.  "Profit and Ego in Data Security."

No death threats mentioned other than: "The government would like him not 
to exist," said Jeffrey I. Schiller, a computer manager at the 
Massachusetts Institute of Technology, who has negotiated a licensing deal 
with Mr. Bidzos.

DCF

--- WinQwk 2.0b#1165





From ravage at bga.com  Tue Jun 28 06:58:05 1994
From: ravage at bga.com (Jim choate)
Date: Tue, 28 Jun 94 13:58:05 GMT
Subject: (fwd) Re: Real random numbers
Message-ID: <199406281352.IAA22731@lia.bga.com>


Path: bga.com!news.sprintlink.net!hookup!yeshua.marcam.com!zip.eecs.umich.edu!newsxfer.itd.umich.edu!gumby!wupost!spool.mu.edu!torn!nott!cunews!freenet.carleton.ca!freenet3.scri.fsu.edu!mailer.acns.fsu.edu!not-for-mail
From: jac at ds8.scri.fsu.edu (Jim Carr)
Newsgroups: sci.physics
Subject: Re: Real random numbers
Date: 24 Jun 1994 15:56:03 -0400
Organization: Supercomputer Computations Research Institute
Lines: 39
Message-ID: <2ufdoj$h69 at ds8.scri.fsu.edu>
References: <2u69cp$46q at asterix.uni-muenster.de>
NNTP-Posting-Host: ds8.scri.fsu.edu
Keywords: real random numbers , Monte Carlo simulation

In article <2u69cp$46q at asterix.uni-muenster.de> 
hoppep at asterix.uni-muenster.de (Peter Hoppe) writes:
>
>4-bit random numbers (0,1,...,15) have been produced from
>thermal noise by a complicated method.
>Since the production is not due to a determining algorithm
>(of a pseudo random generator) these numbers are 'real random numbers'.
>So a priori there could not be any periodicity in the number series.
>The equipartition has been checked by the "chi-square-test" and the
>correlations by the "serial-test" [1]. Both equipartition and 
>correlations fulfill the theoretical expectations very good.
 
>[1] D. Knuth, The Art of Computer Programming, Vol. II,
>    Addison-Wesley, 1969 

There are much tougher tests for random numbers than these, particularly 
if they are to be used for Monte Carlo where the numbers are used as 
m-tuples.  The tests you really need to make are the ones George 
Marsaglia calls the 'monkey test' and the 'birthday test', as well 
as the m-tuples test.  The first two are generalizations of the 
well known statistics problem of the monkey typing Shakespeare and 
of coincident birthdays in a group of people.  They are tough to pass. 

The problem as I see it is that 4-bit numbers do not generate much 
variability, so you will really need m-tuples of 4-tuples of these. 
This increases the chance that long range correlations will catch 
up to you when you least want them. 

I am sure George would be interested in this, however, since they have 
been looking at ways to incorporate physical noise that is truly 
random into the very sophisticated generators like the combination 
of lagged fibonacci with congruential.  The problem is that noise 
is seldom random enough, according to talks he has given. 

-- 
 James A. Carr   <jac at scri.fsu.edu>     |   "It's never confusing though, 
      http://www.scri.fsu.edu           |  because ultimately it all fits 
 Supercomputer Computations Res. Inst.  |  -- it's just cockeyed and fits  
 Florida State, Tallahassee FL 32306    |  and is fire."  -  Norman Maclean 





From nobody at vox.hacktic.nl  Tue Jun 28 14:35:02 1994
From: nobody at vox.hacktic.nl (nobody at vox.hacktic.nl)
Date: Tue, 28 Jun 94 14:35:02 PDT
Subject: A question about encryption methods.
Message-ID: <199406282134.AA26834@xs4all.hacktic.nl>


I would like to encrypt data for a CD-Rom.
Anyone's data can get on the CD-Rom by way of
the encryption box.
Likewise anyone could read the cypher data
back from the CD-Rom.

Given that every 2k block of data will be encrypted
with the same key.
Given that there are weak keys with the IDEA
cypher.
And given that someone could mount an adaptive
chosen plaintext attack.

Which of the following would be a good bet for
a secure data CD-Rom?

1 - IDEA cypher using Cypher Feed Back for the
2k data block. Insuring that the Weak Keys are
not used.

2 - A combination cypher consisting of...
IDEA -> T -> IDEA -> T -> IDEA
where each IDEA cypher is in Cypher Feed Back mode
with it's own key.
where each T mixes the bytes around in the 2K block
based on a modulo sum of the 2k bytes.

Would method two be too time consuming?
Would I need to exclude the weak keys from the IDEA
cyphers in the second method?






From sandfort at crl.com  Tue Jun 28 14:46:23 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Tue, 28 Jun 94 14:46:23 PDT
Subject: NOT JUST CYPHERPUNKS
Message-ID: <Pine.3.87.9406281422.A24569-0100000@crl.crl.com>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                         SANDY SANDFORT
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C'punks,

There's a pretty good article about the privacy debate in the
July/August issue of BEYOND COMPUTING.  The article, "Technology
and Government:  The Battle Heats Up," is by Dr. H. Jefferson
Smith.  It appears in the "ethics" section.  Mostly it was a
once-over-lightly, but at least it never mentioned kiddie porn,
narcotraffickers, pedophiles nor terrorists.  It was fairly even
handed in its presentation.

The article ended with these paragraphs:

    . . . On one level, discussions of an individual's
    rights--such as the right to conduct private conversa-
    tions without a threat of government intrusion--are
    pitted against the worthy goal of an efficient and safe
    society.

    On a deeper level, a potentially more perplexing dilemma
    is at play:  Should our government interject itself into
    technological advances to achieve some socially desir-
    able outcome?  And, if so, who should determine which
    outcome should be sought?

Of course, we know the Cypherpunk answers, but at least other
folks are looking at the issues.  Onward and upward.


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From sdw at lig.net  Tue Jun 28 15:09:18 1994
From: sdw at lig.net (Stephen D. Williams)
Date: Tue, 28 Jun 94 15:09:18 PDT
Subject: Lotto odds
In-Reply-To: <9406281550.AA20176@bilbo.suite.com>
Message-ID: <m0qIhVs-0009yeC@sdwsys>


> 
> Tim May writes:
> 
> >I've never played, and never plan to. Money down the drain.
> 
> I have a completely different attitude towards mega-buck lotteries.  I  
> seem them as a form of entertainment.   For less than the price of a two  
> hour movie, I can purchase a ticket that is good for a few days of  
> daydreaming.
> 
> Yes, I admit it, although the rational portion of my brain understands the  
> odds against winning are mostly zero, there still exists a portion of my  
> brain that says "sure, but mostly zero means partly non-zero".  I derive  
> pleasure from the daydreams of instant wealth that mega-buck lotteries  
> make possible.  Therefore, for me, it's not money down the drain.
> 
> Jim_Miller at suite.com

A plausible rationalization, but for me lotteries are still just:
"Taxes for the Stupid!"

(Innumarate actually, but that would get 'huh' from most people.)

I never play, but my wife does sometimes.

sdw
-- 
Stephen D. Williams  Local Internet Gateway Co.; SDW Systems 513 496-5223APager
LIG dev./sales       Internet: sdw at lig.net
OO R&D Source Dist.  By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430
Comm. Consulting     ICBM: 39 34N 85 15W I love it when a plan comes together
Newbie Notice:                          (Surfer's know the score...)
     I speak for LIGCo., CCI, myself, and no one else, regardless of
     where it is convenient to post from or thru.




From klbarrus at owlnet.rice.edu  Tue Jun 28 15:51:35 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Tue, 28 Jun 94 15:51:35 PDT
Subject: Archives?
In-Reply-To: <199406280236.TAA06928@netcom.netcom.com>
Message-ID: <9406282251.AA18250@flammulated.owlnet.rice.edu>


Roger Bryner wrote:
>Hello, Are there archives for this mailing list?

Well, I keep a variety of old posts at chaos.bsu.edu, available via
gopher, in the "Cypherpunks gopher site" directory.  It isn't a full
archive of the list, but has some of the more interesting posts since
I joined the list (Oct. 1992).

I added about 15 more files over the weekend, and probably need to
re-organize the posts and directory structure soon ;)

-- 
Karl L. Barrus: klbarrus at owlnet.rice.edu         
2.3: 5AD633;   D1 59 9D 48 72 E9 19 D5  3D F3 93 7E 81 B5 CC 32 
2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5  E8 97 64 7E 20 95 60 D9
"One man's mnemonic is another man's cryptography" - K. Cooper




From blancw at microsoft.com  Tue Jun 28 16:00:22 1994
From: blancw at microsoft.com (Blanc Weber)
Date: Tue, 28 Jun 94 16:00:22 PDT
Subject: FW: TOP TEN REASONS WHY THE WHITE HOUSE STAFF LIKE THE INTERNET
Message-ID: <9406282202.AA12373@netmail2.microsoft.com>


------- Forwarded Message

[ fwds deleted ]

TOP TEN REASONS WHY THE WHITE HOUSE STAFF LIKE THE INTERNET

This list provided by Tom Kalil, the David Letterman of the
Clinton/Gore administration.  Kalil gave the closing keynote at INET'94/JENC5
in Prague on Friday, June 17, and included this list in his talk about
NII efforts in the United States.

10. Surfing the Web is more fun than going to meetings.

9. Even reading old RFCs is more fun than going to meetings.

8. On the Internet, no one knows you're a bureaucrat.

7. It's how we get our daily marching orders from Vint Cerf, Tony
Rutkowski, and Dave Farber.

6. It's hard to write your X.400 address on a cocktail napkin.

5. We get all that great electronic fan mail on the Clipper Chip.

4. We have access to the Top Secret Air Force server with cool gifs of
UFOs and little green men.

3. We're still hoping to get on Carl Malamud's "Geek of the Week."

2. We love getting flamed by rabid libertarians on "com-priv."

1. We can send e-mail FROM president at whitehouse.gov.

------- End of Forwarded Message






From rslau at ucs.usc.edu  Tue Jun 28 16:06:14 1994
From: rslau at ucs.usc.edu (Robert Lau)
Date: Tue, 28 Jun 94 16:06:14 PDT
Subject: radio program - Los Angeles area only
Message-ID: <199406282305.QAA11854@tarazed.usc.edu>


today's topic on Which Way LA (KCRW 89.9FM, Los Angeles) was on phone,
computer, etc.  privacy, and how the government is doing everything it can
to take it away from us.  at least that's what the spots have said.
presumably about clipper, FBI wiretap laws, etc.  first broadcast was at
13:00 but i missed it, being rebroadcast at 19:00.

i don't have a tape deck in my office, but i guess i could digitize it.
sorry for all of you outside LA, which is probably 99.3598% of you... :)

Robert Lau - Systems Programmer, Unix Systems     213-740-2866
--  University Computing Services                 Internet: rslau at usc.edu
--  University of Southern California             Bitnet:   rslau at uscvm
--  1020 W Jefferson, LA, CA  USA, 90089-0251     UUCP:     ...!uunet!usc!rslau





From steven at echonyc.com  Tue Jun 28 17:39:52 1994
From: steven at echonyc.com (Steven Levy)
Date: Tue, 28 Jun 94 17:39:52 PDT
Subject: radio program - Los Angeles area only
In-Reply-To: <199406282305.QAA11854@tarazed.usc.edu>
Message-ID: <Pine.3.89.9406282031.D16977-0100000@echonyc.com>


I was on the show. It was a good presentation, a full hour, with me, Jim 
Kallstrom (FBI), Bidzos, John Droge of Mykotronx (maker of clipper), Marc 
Rotenberg, and a NIST guy, in that order I think.  The host was 
especially deft at sifting the points of disagreement and allowing both 
sides to have a say.

On Tue, 28 Jun 1994, Robert Lau wrote:

> today's topic on Which Way LA (KCRW 89.9FM, Los Angeles) was on phone,
> computer, etc.  privacy, and how the government is doing everything it can
> to take it away from us.  at least that's what the spots have said.
> presumably about clipper, FBI wiretap laws, etc.  first broadcast was at
> 13:00 but i missed it, being rebroadcast at 19:00.
> 
> i don't have a tape deck in my office, but i guess i could digitize it.
> sorry for all of you outside LA, which is probably 99.3598% of you... :)
> 
> Robert Lau - Systems Programmer, Unix Systems     213-740-2866
> --  University Computing Services                 Internet: rslau at usc.edu
> --  University of Southern California             Bitnet:   rslau at uscvm
> --  1020 W Jefferson, LA, CA  USA, 90089-0251     UUCP:     ...!uunet!usc!rslau
> 





From kentborg at world.std.com  Tue Jun 28 18:58:00 1994
From: kentborg at world.std.com (Kent Borg)
Date: Tue, 28 Jun 94 18:58:00 PDT
Subject: radio program - Los Angeles area only
Message-ID: <199406290157.AA28329@world.std.com>


Which Way LA was pretty good this afternoon, so good that I went out
and bought a blank cassette tape a few minutes ago.

Assuming no technical glitches or operator error, the tape will start
rolling in a couple minutes.  After that we can see how to let others
hear it.

-kb, the Kent who is being a digital nomad this summer--currently in LA

--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 29:45 hours of TV viewing so far in 1994!





From fnerd at smds.com  Tue Jun 28 20:12:09 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Tue, 28 Jun 94 20:12:09 PDT
Subject: Moakley's real fax #?
Message-ID: <9406290310.AA02625@smds.com>


Does someone have the real fax number of Representative Moakley
(chairman of the House Rules Committee)?  (202)225-7304 says,
"You have reached a non-working number at the U.S. House of
Representatives," and doesn't seem to respond to a fax tickler
beep.

-fnerd

- - - - - - - - - - - - - - -
the liquidy snack that drinks like a beverage!
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From rslau at ucs.usc.edu  Tue Jun 28 20:37:18 1994
From: rslau at ucs.usc.edu (Robert Lau)
Date: Tue, 28 Jun 94 20:37:18 PDT
Subject: radio program - Los Angeles area only
In-Reply-To: <199406290157.AA28329@world.std.com>
Message-ID: <199406290337.UAA13193@tarazed.usc.edu>


just heard it myself and yes, it was very good.
luckily, all participants talked fast (i can't stand slow talkers :)
so they got their points in...

i digitized it though i missed the first minute (nothing important, intro
only) and a few seconds after the first station id break.  cheezy sun mike
pickup only since i couldn't find a patch cable in time but it sounds okay.

does anybody want a 26Mb .au file (uncompressed) ?  heh :)
i'll make it available on my home page soon,
but it's available via anon ftp now.
mail me if you want it...

what's the copyright laws on this stuff anyway?

-robert





From shamrock at netcom.com  Tue Jun 28 20:54:50 1994
From: shamrock at netcom.com (Lucky Green)
Date: Tue, 28 Jun 94 20:54:50 PDT
Subject: ANI 800 number
Message-ID: <199406290354.UAA19878@netcom.netcom.com>


About 1.5 years ago, Sandy posted an 800 number that would give you the
number of the phone you are calling from. Does anyone still have that?

TIA,


-- Lucky Green <shamrock at netcom.com>  PGP public key by finger

Please write to clipper.petition at cpsr.org and tell them you oppose Clipper.







From ghio at cmu.edu  Tue Jun 28 21:42:41 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Tue, 28 Jun 94 21:42:41 PDT
Subject: BLACK UNICORN
Message-ID: <9406290438.AA12722@toad.com>


| Well, I just sent mail to you, Sandy at crl.com, but it came back to
| you saying that you were "554 Unbalanced '>' ".    I guess it's in
| reference to the software  :>)

This is a bit of SMTP foolishness.  Some applications put
greater-than/less-than brackets around the address, like this:
RCPT TO:<cypherpunks at toad.com>  and some don't, ie:
RCPT TO:cypherpunks at toad.com

Some SMTP implementations refuse to accept one or the other format.
It's not a very common problem, but it happens occasionally, especially with
older versions.





From jim at RSA.COM  Tue Jun 28 22:21:57 1994
From: jim at RSA.COM (Jim Bidzos)
Date: Tue, 28 Jun 1994 22:21:57 -0700
Subject: NSA Agents Threaten to Kill Bidzos of RSA?
In-Reply-To: <199406280049.AA20853@access2.digex.net>
Message-ID: <9406290514.AA02321@RSA.COM>



Everything reported in the Merc News is true. I am certain that he was
not speaking for the agency, but when it happened he was quite
serious, at least appeared to be.  There was a long silence after he
made the threat, with a staring contest.  He was quite intense.

I respect and trust the other two who were in the room (they were
shocked and literally speechless, staring into their laps) and plan to
ask NSA for a written apology and confirmation that he was not
speaking for the agency. We'll see if I get it.  If the incident made
it into their trip reports, I have a chance of getting a letter.







..end..

-- 






From beker at netcom.com  Wed Jun 29 00:04:02 1994
From: beker at netcom.com (Brian Beker)
Date: Wed, 29 Jun 94 00:04:02 PDT
Subject: Bandwidth According to Seabrook
Message-ID: <Pine.3.89.9406282343.A24137-0100000@netcom10>



The New Yorker's John Seabrook on the Charlie Rose show tonight:

	"...bandwidth, which is basically the width of the wire
	coming into your home..."

[quoted from memory -- verbatim or nearly so.]



Brian






From kentborg at world.std.com  Wed Jun 29 00:06:49 1994
From: kentborg at world.std.com (Kent Borg)
Date: Wed, 29 Jun 94 00:06:49 PDT
Subject: LA Radio Program
Message-ID: <199406290701.AA11932@world.std.com>


Jim Bidzos is damn impressive.  I heard most of the Which Way LA
program on the rerun as I recorded it.  (I think I got it all--the
tape flip was during Marc Rotenberg's introduction, but we mostly know
who he is--next question, what do I do with the tape?  KCRW-FM sells
tapes, so they might object to free distribution of said recording...)

Bidzos did a wonderful job.  He sounded nice and approachable, the
practical businessman, and the independent American standing up on
principles.  He left no obvious openings for the other side to make
points, it was a great appearance.  (Apparently from an airport
lounge, all the more impressive.)

Don't get me wrong, all the privacy phreaks sounded good (even the
"neutral" member of the press, Steven Levy), it is just that Bidzos
was really in the flow this afternoon.

Generally a very well done program.  To me it seemed obvious which
side came out ahead, yet the other side got such a good opportunity to
clearly make their case that they probably think the same.  (To me the
TLA case is so damming that a clear statement is thrilling.)

-kb, the Kent visiting in Venice, CA


P.S. As a MA resident I wish I had Moakley's correct fax number.
Effector says his House Rules Committee is the next battle in the
Cantwell bill crypto-export war.





From beker at netcom.com  Wed Jun 29 00:29:15 1994
From: beker at netcom.com (Brian Beker)
Date: Wed, 29 Jun 94 00:29:15 PDT
Subject: LA Radio Program
In-Reply-To: <199406290701.AA11932@world.std.com>
Message-ID: <Pine.3.89.9406290023.A24487-0100000@netcom10>




On Wed, 29 Jun 1994, Kent Borg wrote:

> Bidzos did a wonderful job.  He sounded nice and approachable, the
> practical businessman, and the independent American standing up on
> principles.  


FYI, Bidzos is a Greek national with permanent US residence.

Brian





From tcann at netcom.com  Wed Jun 29 04:09:08 1994
From: tcann at netcom.com (Tim Canning)
Date: Wed, 29 Jun 94 04:09:08 PDT
Subject: Subscription Info Request
Message-ID: <199406291109.EAA16476@netcom8.netcom.com>



Please send subscription and general info to  tcann at netcom.com

Thanx





From werner at mc.ab.com  Wed Jun 29 04:44:00 1994
From: werner at mc.ab.com (tim werner)
Date: Wed, 29 Jun 94 04:44:00 PDT
Subject: Bandwidth According to Seabrook
Message-ID: <199406291143.HAA21959@sparcserver.mc.ab.com>


>Date: Wed, 29 Jun 1994 00:04:10 -0700 (PDT)
>From: Brian Beker <beker at netcom.com>
>
>The New Yorker's John Seabrook on the Charlie Rose show tonight:
>
>	"...bandwidth, which is basically the width of the wire
>	coming into your home..."
>
>[quoted from memory -- verbatim or nearly so.]


Finally an explanation I can understand.

tw






From trollins at debbie.telos.com  Wed Jun 29 05:28:49 1994
From: trollins at debbie.telos.com (Tom Rollins)
Date: Wed, 29 Jun 94 05:28:49 PDT
Subject: Un-Documented Feature
Message-ID: <9406291228.AA21293@debbie.telos.com>


PGP 2.6ui has an undocumented feature.

When generating a Public/Secret key pair PGP documentaion shows
the command "pgp -kg" as the way to generate the keys.
I had posted about how pgp uses a small public key exponent
of 17 which is 5 bits.
It turns out that this is only the default setting.
An Un-Documented feature in PGP 2.6ui (I don't know about other
versions as I don't have source code for them) lets you specify
the number of bits in your public key exponent.
The command "pgp -kg keybits ebits" will let you specify this
public key exponent size. For example "pgp -kg 1024 256" will
generate a key with modulus of aprox 1024 bits and a public
key exponent of 256 bits rather than the 5 bit default.

Too Bad pgp doesn't let you look at the public key exponent.
I had to write some code to see them.

					-tom






From paul at hawksbill.sprintmrn.com  Wed Jun 29 05:51:10 1994
From: paul at hawksbill.sprintmrn.com (Paul Ferguson)
Date: Wed, 29 Jun 94 05:51:10 PDT
Subject: Un-Documented Feature
In-Reply-To: <9406291228.AA21293@debbie.telos.com>
Message-ID: <9406291353.AA25111@hawksbill.sprintmrn.com>



> 
> PGP 2.6ui has an undocumented feature.
> 
> When generating a Public/Secret key pair PGP documentaion shows
> the command "pgp -kg" as the way to generate the keys.
> I had posted about how pgp uses a small public key exponent
> of 17 which is 5 bits.
> It turns out that this is only the default setting.
> An Un-Documented feature in PGP 2.6ui (I don't know about other
> versions as I don't have source code for them) lets you specify
> the number of bits in your public key exponent.
> The command "pgp -kg keybits ebits" will let you specify this
> public key exponent size. For example "pgp -kg 1024 256" will
> generate a key with modulus of aprox 1024 bits and a public
> key exponent of 256 bits rather than the 5 bit default.
> 
> Too Bad pgp doesn't let you look at the public key exponent.
> I had to write some code to see them.
>

But then again, cypherpunks _do_ write code, right?  ,-)

- paul
 




From Banisar at epic.org  Wed Jun 29 06:33:21 1994
From: Banisar at epic.org (David Banisar)
Date: Wed, 29 Jun 94 06:33:21 PDT
Subject: ACM Press Conference on Crypto 6/30
Message-ID: <9406290933.AA16570@Hacker2.cpsr.digex.net>


FYI - 


CLIPPER REPORT RELEASE ON THURSDAY

ACM TO MAKE POLICY RECOMMENDATIONS

	A press conference will be held at the U.S. Capitol on Thursday, June 30 at 10:30 am to announce the release of a new study on the controversial Clipper cryptography proposal. 

The ACM cryptography panel was chaired by Dr. Stephen Kent, Chief Scientist for Security Technology with the firm of Bolt Beranek and Newman.  Dr. Susan Landau, Research Associate Professor in Computer Science at the University of Massachusetts, co-ordinated the work of the panel and did most of the writing. The panel members were:
 
Dr. Clinton Brooks, Advisor to the Director, National
  Security Agency
Scott Charney, Chief of the Computer Crime Unit, Criminal Division, U.S. Department of Justice
Dr. Dorothy Denning, Computer Science Chair, Georgetown
  University
Dr. Whitfield Diffie, Distinguished Engineer, Sun
  Microsystems
Dr. Anthony Lauck, Corporate Consulting Engineer,
  Digital Equipment Corporation
Douglas Miller, Government Affairs Manager, Software
  Publishers Association
Dr. Peter Neumann, Principal Scientist, SRI
  International
David Sobel, Legal Counsel, Electronic Privacy
 Information Center.

	The final report of the panel will be made public at the Thursday 
press conference.  Also, the policy committee of the 85,000 member ACM will 
release a statement on cryptography issues facing the Clinton administration.

	For more information, call (202) 298-0842.  Additional press 
announcement forthcoming.

	Cryptography report announcement.  10:30 am, Thursday, June 30, 
United States Capitol building, room SC-5.  







From rfb at lehman.com  Wed Jun 29 06:56:37 1994
From: rfb at lehman.com (Rick Busdiecker)
Date: Wed, 29 Jun 94 06:56:37 PDT
Subject: radio program - Los Angeles area only
In-Reply-To: <199406290337.UAA13193@tarazed.usc.edu>
Message-ID: <9406291355.AA17976@fnord.lehman.com>


    Date: Tue, 28 Jun 1994 20:37:02 -0700
    From: Robert Lau <rslau at skat.usc.edu>
    
    does anybody want a 26Mb .au file (uncompressed)?
    
    WHAT'S the copyright laws on this stuff anyway?
    
I'd also be interested in hearing on the legal issues surrounding
this.  Also, is anyone aware of any laws which I might be violating if
I were to convert a message from my voice mail box to a raw
Sun audio file?  How about if I send email the file to someone?

			Rick





From lefty at apple.com  Wed Jun 29 09:55:24 1994
From: lefty at apple.com (Lefty)
Date: Wed, 29 Jun 94 09:55:24 PDT
Subject: Bandwidth According to Seabrook
Message-ID: <9406291654.AA10478@internal.apple.com>


>>Date: Wed, 29 Jun 1994 00:04:10 -0700 (PDT)
>>From: Brian Beker <beker at netcom.com>
>>
>>The New Yorker's John Seabrook on the Charlie Rose show tonight:
>>
>>       "...bandwidth, which is basically the width of the wire
>>       coming into your home..."
>>
>
>Finally an explanation I can understand.

I was very happy to read this.

I plan to spend my lunch hour increasing the bandwidth of my network
connection by wrapping the cable in electrical tape.

--
Lefty (lefty at apple.com)
C:.M:.C:., D:.O:.D:.







From fnerd at smds.com  Wed Jun 29 09:57:16 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Wed, 29 Jun 94 09:57:16 PDT
Subject: Got Rep. Moakley's fax #
Message-ID: <9406291641.AA05199@smds.com>


I called Representative Moakley's office and got their correct
fax number:
   (202) 225-3984

-fnerd
quote me

- - - - - - - - - - - - - - -
the liquidy snack that drinks like a beverage!
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From perry at imsi.com  Wed Jun 29 10:23:54 1994
From: perry at imsi.com (Perry E. Metzger)
Date: Wed, 29 Jun 94 10:23:54 PDT
Subject: NSA and competence
In-Reply-To: <9406281738.AA28921@netmail2.microsoft.com>
Message-ID: <9406291722.AA13728@snark.imsi.com>



Blanc Weber says:
> From: "Perry E. Metzger"
> 
> ...They have plenty of money, and EXTREMELY smart people. ........ 
> That, and the concrete evidence that they are probably twenty years 
> ahead of us, leads me to believe that it is
> stupid to underestimate them.
> ..............................................
> 
> They sure make some BIG mistakes, though, don't they?

Everyone does. That makes them human. No one said they weren't human.
I didn't even say that I'd trust stuff they'd hand me. I just said
that there is concrete evidence that they are ahead of us.

> And they didn't cover up the Clipper mistakes very well at all.
[...]
> Do you suppose that maybe this is intentional?

No.

Perry





From nelson at crynwr.com  Wed Jun 29 10:32:37 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Wed, 29 Jun 94 10:32:37 PDT
Subject: Bandwidth According to Seabrook
In-Reply-To: <9406291654.AA10478@internal.apple.com>
Message-ID: <m0qJ0jP-000I7UC@crynwr.com>


   Date: Wed, 29 Jun 1994 09:54:32 -0800
   From: lefty at apple.com (Lefty)

   >>Date: Wed, 29 Jun 1994 00:04:10 -0700 (PDT)
   >>From: Brian Beker <beker at netcom.com>
   >>
   >>The New Yorker's John Seabrook on the Charlie Rose show tonight:
   >>
   >>       "...bandwidth, which is basically the width of the wire
   >>       coming into your home..."
   >>
   >
   >Finally an explanation I can understand.

   I was very happy to read this.

   I plan to spend my lunch hour increasing the bandwidth of my network
   connection by wrapping the cable in electrical tape.

Um, ah, er, I don't think you understand. It's the size of the *wire*,
not the size of the insulation, according to the elephant theory of
electronics.  You see, copper wires are not really solid.  They
actually have little tiny elephants running around in them.  Now, the
elephants go through straight lines pretty well.  But when they get to
a resistor, they have to slow down to get through the zig-zags.  And
they have to wait to jump across the two parallel lines of a
capacitor.  And when elephants on one side of a coil see the
elephants on the other side sliding down and having all the fun, they
want to join in and so slide down their side.

Electronics is really very simple.

-russ <nelson at crynwr.com>
Crynwr Software   | Crynwr Software sells packet driver support | ask4 PGP key
11 Grant St.      | +1 315 268 1925 (9201 FAX)    | Quakers do it in the light
Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.





From cme at tis.com  Wed Jun 29 10:47:12 1994
From: cme at tis.com (Carl Ellison)
Date: Wed, 29 Jun 94 10:47:12 PDT
Subject: US Chauvanism -- hurting us
Message-ID: <9406291747.AA06406@tis.com>


The announcement calling for calls to Moakley includes the following
explanatory blurb:

>Why is there a restriction on exporting products with technology
>in them?
>
>For many years the United States was a leading researcher in
>cryptography.  High quality cryptographic technology was available only
>within the United States.  The US government thought that if they did
>not let this technology be exported, foreign individuals would not be able
>to obtain it and use it against us (by keeping US intelligence agencies
>>from eavesdropping on their communications)
>
>Since then, cryptography research has been published in international
>journals.  Companies have been created throughout the world who
>export cryptographic technology from countries that do not have
>these restrictions.  You can now buy the same, high-quality cryptographic
>technology from many international firms.  Although the marketplace
>has changed, the regulations have not.

This is inaccurate chauvanism and is hurting our cause.

The US (and especially the NSA) wanted to believe it was the leader in
cryptography.  The NSA wanted to believe, and probably still believes, that
the only cryptography worthy of the name is what they produce.  Everything
else is mere toys.  The only crypto the US produces is therefore theirs and
therefore all crypto leaving the US needs to be controlled.

To the contrary, Switzerland has long been a producer of very good,
commercial crypto.  The US military even bought crypto devices from
Switzerland during WW-II, if I remember Kahn correctly.  Over the years,
different countries have taken the lead (since it's usually tied to
individuals and to national export and mfg laws).

In the 4000 year history of cryptography, private citizens of various
countries have been making, using and distributing their own strong
cryptography, without concern for government controls.

The US and the NSA might want to believe they're all that important, but in
fact they're not and never have been (except possibly for a momentary
period starting in about 1950 -- a period during which the US was #1 in
*everything*, since the rest of the world had been bombed back to
subsistence level).



Crypto is not a US product and *never has been*, wishful thinking by the
NSA notwithstanding.  Strong crypto has always been dual source and dual
use, except during those periods when civilians had it and the gov't
didn't.  Strong crypto outside the government and outside the USA is far
from something new.  If we concede that point to the proponents of
export controls and of Clipper, we have lost a major battle.

 - Carl






From kentborg at world.std.com  Wed Jun 29 11:09:00 1994
From: kentborg at world.std.com (Kent Borg)
Date: Wed, 29 Jun 94 11:09:00 PDT
Subject: Arguing Crypto: The Engineering Approach
Message-ID: <199406291808.AA06379@world.std.com>


Who knows how well it plays, but my faxed letter to Moakley on crupto
export took a different approach from my usual privacy tirades.

I tried to (calmly) argue that we need strong cryptography for
fundamental engineering reasons.

Data is so damn flexible.  This is both good and bad.  The bad is that
data can be capricious and flighty.  If our physical world were to
allow objects to appear out of no where and disappear again,
transmorgraphy beyond recognition, or become massively duplicated in
unknown locations, we would find it disconcerting--to say the least.
We would go to considerable lengths to keep physical objects
reassuringly in one place.  In fact, with some physical objects that
often do carpiciously vanish, we go to inconvienient extremes in hopes
we can prevent the vanishing.  Look at some of the anti-theft devices
people will put on their cars.

There are good engineering approaches which can force data to behave
itself.  Many of them involve cryptography.  Our government's
restrictions on crypto limit our ability to build reliable computer
systmems.  We need strong crypto for basic engineering reasons.


Note, my fax to Moakley was phrased (and spelled?) considerably
different from this posting.  I am still wondering how best to make
this argument.  Something I want to avoid is too strong a reliance on
"pulling rank": "We are professionals, we need these tools to do our
jobs, don't try to understand the reasons.".  Just using words like
"engineering" smacks of that enough, let's leave it at that.

One thing I like about this approach is that is avoids the kneejerk
positions the word "privacy" prompts.

-kb, the Kent who tries to sound reasonable


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 29:45 hours of TV viewing so far in 1994!





From tcmay at netcom.com  Wed Jun 29 11:17:22 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 29 Jun 94 11:17:22 PDT
Subject: "What motivates Crypto-folk?"
Message-ID: <199406291817.LAA25443@netcom3.netcom.com>



There's an interesting new thread with this name in
talk.politics.crypto.

I've responded with an essay--you other folks might want to as well.


--Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay at netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




From tcmay at netcom.com  Wed Jun 29 11:58:56 1994
From: tcmay at netcom.com (Timothy C. May)
Date: Wed, 29 Jun 94 11:58:56 PDT
Subject: More on NSA Threatening to Kill Bidzos
Message-ID: <199406291858.LAA01577@netcom8.netcom.com>



Jim Bidzos has told me I can distribute this comment he made to me and
Peter Wayner:

..begin..


From Eric_Weaver at avtc.sel.sony.com  Wed Jun 29 12:24:33 1994
From: Eric_Weaver at avtc.sel.sony.com (Eric Weaver)
Date: Wed, 29 Jun 94 12:24:33 PDT
Subject: More on NSA Threatening to Kill Bidzos
In-Reply-To: Timothy C. May's message of Wed, 29 Jun 1994 11:58:56 -0700 (PDT) <199406291858.LAA01577@netcom8.netcom.com>
Message-ID: <9406291924.AA14477@sosfc.avtc.sel.sony.com>


I'm curious what this wonderchild thought such a threat would
accomplish, other than assuage his own testosterone poisoning.

Did he think that if J. Bidzos were out of the picture, RSA would




From ScottB4599 at aol.com  Wed Jun 29 12:53:44 1994
From: ScottB4599 at aol.com (ScottB4599 at aol.com)
Date: Wed, 29 Jun 94 12:53:44 PDT
Subject: Wanted: hardware random strm
Message-ID: <9406291553.tn172470@aol.com>


Found this on sci.crypt.  Wasn't there a thread concerning something
like this not too long ago?

>Subject: Wanted: hardware random stream
>generator with RS-232 output
>From: mleech at bnr.ca (Marcus Leech)
>Date: 28 Jun 1994 13:44:03 GMT
>Message-ID: <2up9f3$eb2 at bcars6a8.bnr.ca>
>
>I'm looking for a hardware random-number/random-stream generator that
>  provides an RS-232 output.  What I'm think of is something like this:
>
>
>  noise-source---->amplifier----->1-bit quantizer---->RS-232 driver.
>
>Does anyone produce such a thing, and how much is it?
>-- 
>Marcus Leech        |Any opinions expressed are mine.         |+1 613 763
>9145
>VE3MDL              | and not those of my employer            |+1 613 567
>5484
>mleech at bnr.ca       |                       

Scott Bourne

ScottB4599 at aol.com
Cyph1 at aol.com






From whitaker at dpair.csd.sgi.com  Wed Jun 29 13:32:07 1994
From: whitaker at dpair.csd.sgi.com (Russell Whitaker)
Date: Wed, 29 Jun 94 13:32:07 PDT
Subject: (Fwd) Hi-tech, Schmi-tech -- Pass the toner cartridge
Message-ID: <9406291330.ZM7158@dpair.csd.sgi.com>



--- Forwarded mail from "Michael/Miguel Sanchez" <miguel at boytoy>

--Boundary-2478430-0-0
X-Orcl-Content-Type: message/rfc822

Received: 28 Jun 1994 14:26:28                    Sent: 28 Jun 1994 14:25:13
From:"Amy Coppola" <ACOPPOLA>
To: Jokers
Subject: Hi-tech, Schmi-tech -- Pass the toner cartridge


A judge admonished the police in Radnor, Pa., for pretending a Xerox
copy machine was a lie detector. Officials had placed a metal
colander on the head of a suspect and attached the colander to the
copier with metal wires. In the copy machine was a typewritten
message: "He's lying."

Each time investigators received answers they didn't like, they pushed
the copy button and out popped the message, "He's lying." Apparently
convinced the machine was accurate, the suspect confessed.


--Boundary-2478430-0-0--



--- End of forwarded mail from Edie Cheng <echeng at us.oracle.com>


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Miguel (Michael) J. Sanchez		"There's always room for jello."
miguel at csd.sgi.com
SGI, Customer Services Engineering (CSE)		Cage #64


--- End of forwarded mail from "Michael/Miguel Sanchez" <miguel at boytoy>

--
Russell Earl Whitaker			    whitaker at csd.sgi.com
Silicon Graphics Inc.
Technical Assistance Center / Centre D'Assistance Technique /
  Tekunikaru Ashisutansu Sentaa
Mountain View CA     			    (415) 390-2250
================================================================
#include <std_disclaimer.h>









From nobody at shell.portal.com  Wed Jun 29 18:27:36 1994
From: nobody at shell.portal.com (nobody at shell.portal.com)
Date: Wed, 29 Jun 94 18:27:36 PDT
Subject: Chained Remailing Strategy and Tactics
Message-ID: <199406300128.SAA25746@jobe.shell.portal.com>


--------------------------

In order to preserve anonymity and thwart traffic analysis in 
chained remailings, it would seem useful to include a very BUSY 
remailer in the chain, and try to ensure that the message arrives 
at the busiest time of the day for that remailer, from a traffic 
standpoint.  Hitting a remailer at a slack time when, let's say, 
only one message arrives over a period of several hours would 
seem most unwise.

Can some of the major remailer operators make available some 
"sanitized" traffic stats of average traffic by hour and day of 
the week?  The vox.hacktic.nl remailer sounds useful in this 
regard, since it apparently uses a UUCP link, and batches up 
accumulated messages, both incoming and outgoing.  When are the 
"best" times for chained traffic to arrive there?

Can someone familiar with remailer software answer something?  
When a message is encrypted, using the "Encrypted: PGP" header, 
will everything after the end of the encrypted message itself be 
ignored?  I ask, because this seems like a good place to 
introduce "padding" into the message length to thwart detection 
of identical messages, assuming that such extraneous material 
wouldn't screw something up.

What's the best strategy for utilizing a given group of remailers 
in a chain?  Which ones would be most advantageous as the FIRST 
link in the chain, since this is the one link that has direct 
address to the originator's address.

How would "someone", hypothetically, follow the chain backwards?  
Let's say that a message traveled down the chain A -> B -> C.  
Couldn't someone with enough clout ask "C" where a certain 
message (based on header data) originated, find out it was 
relayed by "B", ask "B" for the source, etc. and trace it all the 
way back to the source?  What, if anything, would prevent that?

For the sake of argument, let's assume a worst-case scenario: a 
chained message to "president at whitehouse.gov" containing a 
seemingly credible threat to harm the President of the United 
States, or perhaps a chained message, ultimately posted to Usenet 
via a mail-to-news gateway, containing the first part, with more 
installments threatened, of certain highly classified U.S. 
military secrets.  IOW, a scenario where powerful agencies are 
motivated enough to invest considerable resources in tracking the 
culprit down.

While we might agree that in those two cases, the persons deserve 
to be caught, what's to prevent a President or other highly 
placed federal bureaucrat from MISusing those same resources on 
something less critical, such as tracking down and persecuting 
someone who anonymously posts "Clinton is a prick" or "Clipper 
sucks"?

----------------------------





From rarachel at photon.poly.edu  Wed Jun 29 18:49:32 1994
From: rarachel at photon.poly.edu (Arsen Ray Arachelian)
Date: Wed, 29 Jun 94 18:49:32 PDT
Subject: PC Expo summary!!
Message-ID: <9406300151.AA14200@photon.poly.edu>


i

PC EXPO

Perhaps one of the great lessons to be learned from this is that you 
should not rely on others to always be there to help you in your endeavors, 
even if they are cypherpunks and have already volunteered.  Out of all
the cypherpunk folks who have "volunteered," to help out at PC Expo 
precisely zero came through.   Like having assholes, everyone also had 
an excuse.  Still this was my idea and as such I refuse to give it up
without trying.  In light of this blatant rats-fleeing-the-ship
syndrome, a great load of kudos goes to my friend Sal, who although
not a cypherpunk, and although short on time, and although he is the
CIO of his company, and although I did not run into him at the pre-
arranged place, did show up and did distribute diskettes as promissed.

I would strongly suggest that you send him "Thank you" notes as he
is not on the cypherpunks list, but helped enourmosly.  His address
is denaro09 at darwin.poly.edu.  Also much thanks to Tung Ming Wong
whose email address I don't have.  He also helped out even though he
knew nothing about Clipper, Digital Telephony, the NSA, or the
Cypherpunks.

Now as with all disasters, the blame is partially my own.  I should
have kept a whip on you guys and made sure you'd come. :-)  But I am
at a greater fault (more on this later.)

Now before you accuse me of being lazy, let me remind you that I
have taken a great deal of time out of my schedule to even go to
PC Expo.  Luckily my boss wasn't able to say "no" because he was
too busy in meetings the day before, and even if he did say "No"
I'd rather give up my job than give up my principles.  As a result
of my endeavors, I hope that I have at least set forth an example
for the rest of you, and that you will do well to sacrifice some
time and money on disks and distribution at Comdex, Software 
Developer's Expo, or whatever expo.  And make copies out to others 
as well.

With the exception of Sal, Tung, Greg Broiles (sent 25 disks for
this project!), Dave Mandl, Perry Metzger, and Susan Fullar, I am
pretty disappointed in you guys.   Dave and Perry weren't directly
involved in this project, but their Feb 17 speech which I taped
and had Sue transcribe (not a cypherpunk) was the centerpiece of
the articles.  (I want to add an extra load of thanx to Perry for
not showing up to do a speech for my crypto class as since he didn't
I had to get over my crowd-shyness and did a killer, informative
speech.)

I did the hard work for you already.  I've set the precedent, I've
built the disk, I've written the software. Yes, I wrote software,
even while pressed for time, I wrote a professional looking 
installer program, a file lister program, and a menu program, 
all of which are mousable, and have windows, buttons, menus, and
all the other neat features of modern software.  The disk looks
and feels fairly professional.  With the correct style of label
the disk looks like its a free demo from some company, when in
actuality it is free software.   Now if it sounds like I'm
congradulating myself and patting my own shoulders, it's because
I am!  Also, all of the above software is "freeware" and as such
is copyable.  So if you'd like to get your greedy little hands
on it, and use it to make a fortune, feel free.  There are
no restrictions on use other than that you send me free
copies of any package you include my 'wares in.

Although on the surface this may indicate a "failure" it was actually
a far greater blessing in disguise.  I didn't need much help, and it
turned out I didn't have to do much work.  I still believe that 
between Sal and myself, we made a little, albeit important grass-roots
dent in Clipper's armor (not that it wasn't already dented and as well
built and solid as swiss cheese.)

I was supposed to meet Sal infront a diner near PC Expo at 9:00am.
Borland's Marketting engine decided to give me a call and make an
offer I couldn't refuse.  The woman wouldn't get off the phone even
after I told her, "Yes, put it on my Visa Card, I gotta run!"  So I
wound up at the meeting place at 10:14AM, with Sal already departed.

Luckily, as I got out of the subway station I ran into an old
buddy of mine, Tung.  He tagged along the whole day and helped out
quite a bit.  I gave him some diskettes to take home, and gave some
out to a few of his friends we ran into.  Not a biggie there. However
as I was in line waiting to get my badge holder, I noticed an arrow
pointing up to the fourth level with the words "Press Resource Office"
imprinted!  What luck!  I dragged Tung with me and started hounding
the press.  I gave out about ten or so disks to the press dudes.  It
seems that I did well to pick male press folk as when I approached a
femme reporter with disk in hand, she loudly yelped "No, no!" as if
I was carrying a bomb....  But all the other reporters took it in
with great interest. 

I caught the eye of Ephraim Schwartz, and he gave me his card so
now I have a press contact for cypherpunk info.  After deciding that
I had depleted a fifth of my diskette supply on the media, and
well knowing that the media did plenty of Clipper stories I decided
to hand some out to the exhibitors.  I hit MacAffe and a couple
of other companies... anything with "security" on their products
list.

Then, the biggest most fortuitus slop of luck decided to land on top
of me.  WIRED was there.  And to my joy, the just dumped about a
thousand or so magazines on a table, and didn't have anyone watching
it.  Just freebies for all to take.   Sniffing out the territory, I
spread about five diskettes on the table next to the magazines and
retreated while keeping an eye out.  Within two seconds they were
all consumed!  What luck!  I came back about two or three times,
and by the time I had realized it, all my PC Expo cypherpunk 
diskettes were gone.  Wired turned out to be a good target because
those familiar with WIRED, even in passing are far more of the
type to be interested in crypto software than the average Joes. 

Let this be a good lesson for the future my droogs!  When the next
Expo arrives, be it PC Expo, Unix Expo, or whatever, pick an empty
table, or a table which isn't being watched too closely and deposit
your eggs there.  The cookoo's egg deposit method worked VERY well
for me.  Even if the Wired table had been watched, the disks I
placed there vanished so quickly, it would be unlikely that the
"watcher" would catch on fast enough to stop the majority of the
disks from being distributed.  And if he "confiscated" them, he'd
be likely to have a look for himself anyway, which is the point!

But mind you, don't get caught.  If you do, you might get kicked
out of the Expo, but even so, in that case you hit the folks
entering and leaving the Expo and give them disks directly. We
can't be stopped.  Clipper WILL BE STOPPED.

Having finished my job I enjoyed the rest of the day.

Meanwhile Sal, (good thing I didn't run into him or we'd probably
not have hit as diverse a crowed as we did) hit the fourth level
near where the press people were.  He didn't have it in mind to
give out disks to the press.  Good thing as I had done that
already.  Instead he gave out disks to all sorts of PC USER GROUPS!
Most of which promissed to distribute/carry the disk as part of
their catalog!!!!!   One of the groups he targeted was cyberqueers
and he rightfully did so.  Being straight didn't stop him from
realizing that this group would be very likely to value their
privacy.   He also handed out some diskettes to the exhibitors.

Between the two of us, we threw out about 80-90 diskettes.  With
the press, this number would remain the same, but the added
noise will help a bit.  With the users group, this number of
diskettes will likely reach the thousands within six months,
a few hundred within a month.  With the users which picked up
the freebies from the Wired table, they will probably give out
some copies. I'd guess on the average that half of them would
make copies for their friends (using software piracy as a model.
here, though this of course is freely copyable.)

I unfortunatly found out (here comes the blame part!) that the
installation script I had written had a typo in it.  Now this is
no ordinary typo mind you, but a severe and fairly fatal one.

The installer script that I have given out won't install any
of the articles!  Ugh!  I wish I caught it before the fact,
>BUT< I had spent all Sunday from 12:30PM to 1:00am (yes, that
is twelve and a half hours,) writing the software, and from 4:30am
on Monday to about 1:00pm putting the script and selecting the
articles for the disk.  Now mind you I do have a full time
job and I did risk being fired for coming in four hours late, 
and taking off a whole day for PC Expo!  So before you start
with the flames, fuck off right now as you did almost nothing
to help.

For those who don't notice the missing articles, they weren't
interested anyway.  For those who do, I hope some of them
are technically oriented enough, or know someone who is
technically oriented enough to type in:

  C:
  CD CRYPTO
  MD ARTICLES
  A:ARTICLES
  
Which will run the self extracting LHA articles archive. For
those who have email availble to them, can email either me,
or Sal, or the list and I will tell'em how to get at the
articles.  Unfortunatly most of the punch of the disk was in
the articles... But no use crying over what's done... I'll
just make sure that I'll be ready next year.

Anyone who wants a copy of this disk should let me know and
I'll send'em a disk image (made using the DIM Disk IMage 
archiver program which I've also written.)  Guys, please get
out there and start making a difference.  Being keyboard
cryptographers and keyboard politicians won't help our cause
at all!

I've lost about twenty hours of sleep overall on this project,
a day and a halffrom work, the price of printing labels,
cost of diskettes, etc.  A small sacrifice, and a really big
effect in the long run.  So come on, join in.






From rarachel at photon.poly.edu  Wed Jun 29 18:52:20 1994
From: rarachel at photon.poly.edu (Arsen Ray Arachelian)
Date: Wed, 29 Jun 94 18:52:20 PDT
Subject: Feb 11 Transcript (LONG)
Message-ID: <9406300153.AA14227@photon.poly.edu>



                  FEB 17  CYPHERPUNKS TRANSCRIPT

        Crypto-anarchy:  How new developments in cryptography,
        digitial anonymity,  and untraceable digital cash will
        make the State a thing of the past.
 
        [an anarchist's forum.]   With  cypherpunks Dave Mandl
        and Perry Metzger.   Thursday Feb 17,1994 7:30pm, NYC.
          
     Copyright (C) 1994, cypherpunks at toad.com  All Rights Reserved.      

  This article may be redistributed provided that the article and this 
  copyright  notice  remain  intact.   This  article may not under any 
  circumstances be sold or redistributed for compensation of any kind.



MODERATOR:  In any event, again this is part of a monthly series we've 
            been doing for -- close to twenty years now.  The announcements
            of our March forum, which is (inaudible) with people like 
            Judith Molina and Hannah Resnikoff from the theater, Richard
            Kostelanetz and (inaudible) and such -- announcements are on
            the table back there, some information about the book club you 
            might be interested in, and our mailing list.  Sign up for our 
            mailing list and you will never get off it again.  Unless you
            send us a contribution and become a life member.  Then we take
            you off right away.
            
            We have lots of -- certainly lots of anarchist literature for
            sale in the back.  Please feel free to peruse and spend a lot
            of money.  At some point, usually after the speakers 
            finish, we get into questions and discussion.  We're going to
            pass a donation box around.  We've got the door locked so you
            can't sneak out.  Just to let you know in advance, the suggested 
            donation is $5, more if you can, less if you can't.

MALE:  Much more if you can.

MODERATOR: Right.  Let's see.  Here we have some souvenir flyers.  Anyone
           who gives more, they can get a souvenir copy or have their 
           program tonight autographed by the speakers. Let's see.  Before
           I introduce them, a couple of sort of "for your information"
           announcements.  Let's see.  All right.  One, old friend and book
           club participant Bruce Caton does a regular series of radical
           walking tours.  Next one is Saturday, March 12th, 1:00 p.m. in
           Chelsea.  I have the material.  If anyone is interested in the
           literature, take one back.  This Saturday, 2:00 p.m., we're going
           to be having a first gathering of anarchists in the lower Hudson
           Valley, Westchester-Rockland area.  And yes, there are anarchists
           in the Westchester-Rockland area.  You're looking at one.  Anyone
           who's interested, see me in the back.  I can give you the details
           of when and where and so on.  Coming up in April is the Socialist
           Scholars Conference, April 1st through 3rd.  Despite the name,
           anarchists do participate in this thing.  We've had anarchist 
           panels in the past, and we'll probably have both anarchist panels
           and literature tables at the event so, again, see us if you're
           interested.  So -- without further ado, our subject tonight is
           Crypto-Anarchy, and for those of you who saw the original flyer
           that's the Scandinavian version for the Olympics Kripto-Onarchy.
           And our speakers tonight are Cypherpunks Perry Metzger, long-time 
           cryptographer and lots of other stuff, and Dave Mandl, long-time 
           book club member and Cypherpunk.  So -- I'll let them take it 
           away, and just enjoy it.
           
                                    *   *   *
DAVE
MANDL:    I'm gonna start off with just sort of a general overview of some
          of the issues and techniques and stuff.  Then Perry is going to
          -- if anyone is taping this, by the way, if anyone out there 
          besides this guy is making an audio tape I'd appreciate it if 
          you'd let me know afterwards, because I think people, some of
          them, might want to get copies from you eventually.  Okay.  I'm 
          going to start off with just a -- sort of a general overview
          of what this stuff is all about.  Then Perry is going to talk
          about some more specifics, and then we hope --hopefully we can 
          get that over relatively quickly and then we can have a
          discussion, question and answer, whatever.  But first Perry is
          going to say something.

PERRY
METZGER:  Yeah.  Just trying to get a sense of how much people  know about
          this topic already.  How many people here have any real knowledge
          about what Cryptography is?   Just raise your hand.  Okay.  Call
          it about -- one quarter, one third maybe.  No, less than a
          quarter.  Okay.  How many people here know what the National 
          Security Agency does? And I don't mean just to the level of 
          knowing what "National Security" might mean.  So we're talking,
          again -- a couple more.  Okay.  How many people -- well, actually
          that already more or less says it.  This should be interesting for
          you.  Go on.
           
DM:       Okay.  Perry and I are involved with a group called the 
          Cypherpunks, which I'm sort of hesitant to say just because it's 
          a very loose-knit group of people very -- anarchically 
          constructed, and there are no official spokesmen or leaders or
          anything like that.  Just mentioning it for informational purposes
          only, as they say on all those petitions and stuff. Cypherpunks
          is a pun obviously on Cyberpunk, with "Cypher" being a reference
          to codes and cyphers.  More on that in a second.  If the 
          Cypherpunks have a particular philosophy, party line, approach,
          we generally refer to it as Crypto-Anarchy.  Crypto-Anarchy is a 
          term that was coined by Tim May, one of the founders of the 
          group, Cypherpunks, and it's a reference to like Crypto-Fascist
          or Crypto-Authoritarian or whatever, and the pun being in --
          "Crypto" because the core of what the Crypto-Anarchists or 
          Cypherpunks do is cryptography.  That's  the basis of everything
          we're going to be talking about tonight, basically achieving 
          anarchy or sort of working towards anarchy using cryptography and
          other things.  So let me just briefly for the whatever -- twenty-
          seven percent of you who don't know what cryptography is, let me
          just give a brief explanation.

MALE:     Seventy-seven.

DM:       Seventy-seven.  Sorry.  Cryptography is -- I guess a dictionary 
          definition would be the study -- the science of codes and cyphers.
          Hiding, encrypting, encoding information so that other people 
          can't read it.  Cryptography in one form or another has been 
          around for probably thousands of years, probably more than that
          -- as long -- as far back as people had things they needed to 
          hide. 
           
          Let me just give you some really simple examples of what crypto-
          graphy might be.  Let's say that we're planning on doing a bank
          job tomorrow (ridiculous) and I want to pass along to my friend
          over here the name of the guy who's going to be going in and
          opening the vault, who happens to be Perry, let's say.  So I'm
          going to hand him a slip of paper with Perry's name on it, but 
          I don't want to write "P-e-r-r-y" and give it to him because 
          someone else may grab the piece of paper away or see it over his
          shoulder or something and then to the -- to the pokey with Perry.
          
          So what I might do is instead of writing "Perry" on a piece of
          paper maybe I'll scramble the letters up and write "Y-p-r-e-r"
          and he knows based on some previously agreed upon formula that 
          I take this cryptic message here and move this letter here and
          move this letter here and lo and behold there it is --"Perry".
          And if anyone else intercepts it they just see a bunch of junk, 
          and they don't know who it is that's gonna be opening the bank
          vault.
          
          Another way I might hide this information from enemy eyes would be
          to substitute the letters, so instead of writing "Perry" I might
          write "Xwssp" where X represents the letter P and W represents the
          letter E and so on, and again we have some previously agreed-up
          code or formula that says when you see X substitute P and so on,
          and again you put it together and there it is, "Perry". 
          
          Okay.  So that's the most basic kind of cryptography.  In fact
          codes that simple haven't been used for probably many centuries,
          and -- especially in I guess the last forty years cryptography
          has made tremendous, tremendous leaps forward so now it's not
          just a matter of shifting letters around.  If you look in 
          Newsday, the newspaper, every day they have a little puzzle
          called the "Cryptoquote" where they have a quote by some famous
          guy and you have to figure out which letter is substituted for
          which.  So that's baby stuff now basically.  
          
          In the last forty years  it's changed so that now it's not based
          on just jumbling letters around but it's based on higher
          mathematics -- extremely, extremely advanced, sophisticated
          mathematics, so sophisticated that the strongest -- the codes
          that are widely used today by like the government or even banks
          would require all the computer power in the world and more to
          crack.  So cryptosystems have gotten much, much, much, much, 
          much more sophisticated.  So a couple of new developments that 
          are of interest to us:  
          
          Well, the main thing is this ultrastrong state-of-the-art
          cryptography has become available to the hoi polloi, people like
          us.  With advances in computer technology, just a simple PC that
          a lot of you, maybe even most of you, have, in your bedroom,
          you can run software that does extremely sophisticated crypto-
          graphy, in fact so sophisticated that even the NSA, we think, can't
          break it.  
          
          So military strength -- for obvious reasons, military strength is
          generally the name they use for the strongest cryptosystems in the
          world, because those are the ones that would be used by the 
          President for the codes to the nuclear weapons or something like
          that.   Perry and I are going to be giving those codes out a 
          little later on in the evening.   [LAUGHTER]
          
          Another thing which Perry is going to talking more about is the
          N.S.A., National Security Agency.  That's the super tip-top-secret
          U.S. government agency that specializes in cryptography.  For
          years they had a complete monopoly on cryptography.  Well, not
          complete, but effectively a monopoly on cryptography.  That's 
          sort of changed now, or that has changed now, and like I said 
          jerks like us have access to extremely powerful cryptography, 
          which is a good thing. 

          Okay.  So what does this mean?  Who cares?  What do we need crypto-
          graphy for?  Who gives a damn?  Well, I'll tell you.  There are a
          whole bunch of different things you can do now with this extremely
          strong cryptography, and I usually just arbitrarily for no parti-
          cular reason; just to make it easier I usually split it up into 
          two different categories: defensive applications of cryptography, 
          and offensive applications.
          
          Let's start with the defensive stuff, or passive as opposed to
          active.  First of all, more and more -- a lot of you probably know
          this.  Some of you haven't really seen it yet maybe. Everything's
          moving more and more into digital form, and moving to the Net. 
          We're probably going to be throwing the term "the Net" around a 
          lot.  
          
          People say the Net they're usually referring to the Internet, 
          which you probably have heard, most of you, because it's plastered
          all over magazines every day now.  The Internet basically in a 
          nutshell is a massive international network of computers that is
          --basically is totally anarchic.  It spans the whole world, 
          probably just about every country at this point?
          
          
PM:       No, but every industrialized country at this point.


DM:       A whole shitload of countries.  And over the Net, using these
          amorphous connections to computers around the world, you can send
          information almost instantaneously anywhere in the world at the
          push of a button.  That also means that as time goes by more and
          more of your personal information let's say is going to be stored 
          on the Net and stored in electronic form.  So it's -- we're still
          at the very, very early stages of this happening and it's a really
          important time because first of all while before this infra-
          structure is fully developed the government wants to sort of slip
          by certain laws.  
          
          The Net, as I said, is still basically anarchic, and the govern-
          ment doesn't like that, and while we're still at square one they 
          want to slip in laws that will restrict this ultimate freedom of 
          movement that people have on the Net.             
               
          Okay.  Let me get into some of these applications.  First of all,
          electronic mail.  Over time -- I mean you'll still be sending mail
          in envelopes to your friends, but more and more mail will be sent
          over the Net. E-Mail.  Electronic Mail.  Electronic mail is 
          completely insecure.  I don't mean it has an inferiority complex.
          [LAUGHTER]  I mean basically it's completely unprotected.  So we 
          -- a lot of you here probably use electronic mail every day.  It's
          growing by leaps and bounds.  If I send an electronic mail message
          to someone out here:  "Hi.  Meet me tomorrow night at 7:30."  
          That message goes out over the Net.  It may be passing through
          several other machines on the way from me to him, and it goes out
          in the clear as cryptographers would call it, meaning it's not
          encrypted.  It's not protected in any way.  Anyone who taps into
          the line, anyone who has the appropriate access to the computer
          system I'm using, can just pick it right out, read the text of the
          message I'm sending, no problem.  That's that. 
          
          That's not good, especially if I'm sending sensitive messages 
          over the Net.  So using cryptography -- this is the most obvious
          use of cryptography -- what you can do is take the message you're
          going to send, encrypt it so that it's scrambled and cannot be
          read by anyone except the person it's intended for, and then 
          send it out.  Someone intercepts the message, someone reads it, 
          fine.  Go ahead.  Do whatever you want.  It's a bunch of junk.  
          You can't make sense of it unless you have the key.  I guess I 
          sort of skipped over that.  In cryptography, it depends on keys, 
          so ...

PM:       I'll get into that.

DM:       Okay.  So basically if I send you a message that's encrypted and
          it's intended for you, you will have the key to read it.  No one
          else will.  And like I said, this stuff is basically uncrackable,
          unreadable by anyone, including the N.S.A. as far as we know.  
          So -- you want to send E-mail to somebody, you encrypt it, send
          it out, that's it.  That problem is solved.  No one can read it.
          No one. 
           
          There's another problem, however, and that's what cryptographers
          call traffic analysis.  For example if the Chase Manhattan Bank on
          Seventh Avenue in Park Slope is knocked over every Monday evening
          and they see that every Monday afternoon an E-mail message passes
          from me to Perry even though they can't read it 'cause it's 
          encrypted they may say, "Hmm. Something fishy's going on here.  
          There's E-mail going from Dave to Perry every Monday.  Ten minutes
          later the bank gets knocked over."  So without actually being able 
          to read my message, they still can sort of infer some information
          by using what's called traffic analysis, by the mere fact that 
          mail is going from this person to that person.  So you want to be 
          able to hide that also if you can. 
          
          The main technique that people have been using and talking about
          and developing to foil traffic analysis is something we can anony-
          mous remailers, which are like mail drops [OR MAIL FORWARDING
          SERVICES].  Most of you know what mail drops are.  Any criminals
          in the audience?  They're like the electronic -- the Net version
          of mail drops.  The way an anonymous remailer would work is -- it
          might be out in Berkeley, California, let's say.  There actually
          are a lot of them out in Berkeley.  There's one in Finland that's
          really heavily used.  I might take my E-mail message saying,
          "Perry.  Chase Manhattan Bank.  The usual.  Seventh Avenue."  Send
          it to this remailer in Berkeley with instructions to the remailer,
          which is an automatic machine -it's a computer program -- saying,
          "Take this message and forward it over to Perry Metzger."
          
          Okay.  So now what happens?  What's going out from me is an 
          encrypted, that is completely unreadable message, out to Berkeley.
          A minute later, ten minutes later, an hour later however we set it
          up, a message goes from Berkeley over to Perry.  Okay?  So no one
          can read the mail because it's encrypted. No one can do traffic
          analysis because it's -- it's blurred.  I can even -- without 
          getting into too much painstaking detail I can bounce it off ten
          different remailers.  I can send it to Berkeley, to Finland, to 
          here, to there, to there, and then to Perry.  No one looking at
          this -- where the mail is going can possibly figure out what's 
          going on.    
          
          Okay.  That's number one.  More applications for cryptography, 
          more of these --what I'm calling defensive applications.  Let's
          say you have people on the Net a lot of times asking embarrassing
          questions.  Let's say --there are groups, there are discussion
          groups out there for -- to discuss sex or to discuss like -- you 
          know people who were sexually abused when they were children, all
          kinds of stuff with all kinds of personal information.  You don't
          necessarily want to send out E-mail saying, "Oh, you know, I've 
          never slept with a woman.  Can anyone tell me about, you know, 
          how?"
            
          That's the kind of thing you see all the time and you don't 
          necessarily want your name attached to that, so, again, you can 
          -- you can use encryption to hide the contents of what you're
          sending out.  You can bounce it off these remailers so no one is
          the wiser. 
           
          Tim May mentioned this next one, actually.  You can actually lead
          several lives.  Let's say you're like a high government official. 
          This is sort of unlikely.  Let's say you work for the Defense
          Department or you're the Vice President or something like that but
          you actually have some -- or you're a fancy straight respected 
          scientist but you have some bizarre views that you don't want your
          name to be tainted with.  Let's say you're a fancy scientist and 
          you have an interest in UFO's or crop circles or something like 
          that.  Using cryptography, anonymous remailers and all this stuff
          you can lead a double or triple life, and, you know, lead your
          straight, respected Nobel Prize life and at the same time discuss
          crop circles with some lunatics over in England.  [LAUGHTER]

          And -- you see that all the time.  You see people on the Net who
          use pseudonyms, and actually establish reputations under a 
          particular pseudonym.  There's someone in the Cypherpunks group 
          --there have been several people in the Cypherpunks group 
          -- there was a guy -- he used the name "The Wonderer" and he would
          ask -- you know, he was asking like very simple, basic questions, 
          and for all we know he might have been -- it might have been 
          Perry?  And he was embarrassed to say, like "What's cryptography?"
          You know? [LAUGHTER]
          
          So he used this pseudonym, "The Wonderer."
          
PM:       You found me out.

DM:       I always suspected.  You can't fool me.      [LAUGHTER]

DM:       Okay.  You might want to hide certain political activities.  We're
          going to go over to the Federal Reserve and knock it over 
          tomorrow.  Whatever.
          
          What else?  Purchases.  Over time people will be making purchases
          over the Net.  You may be buying and selling stuff over the Net.  
          You don't want The Man or The Woman -- Janet Reno, I guess -- to
          know that you buy $300 worth of sex toys every month.  Or you 
          send out your credit card number over the Net to buy stuff and you
          don't want people grabbing your credit card number, which, as I
          said, is very easy to do.  So, again, you can encrypt this stuff
          and that's the end of people being able to track these purchases
          or rip off your credit card number.  
          
          All kinds of other personal information.  Again, more and more of 
          this stuff's going to be stored in electronic form. Medical
          records, credit history, stuff like that.  If you use cryptography
          to send all the stuff around then you have a little bit less of 
          a worry about people being able to just circulate it around 
          freely.   Okay, that's some of the basic -- what I'm calling 
          the defensive stuff.  Basically just, you know, protect your 
          privacy because your privacy is going to be in more and more 
          jeopardy as the Net grows, as Big Brother grows. 
          
          
          Okay, but let's get on to the fun stuff.  There's what I call
          offensive, not defensive, tactics, but more fun offensive stuff.  
          
          For example:  Whistle blowing.  You may work for some government
          agency that's doing some particularly horrible thing and you want
          to blow the whistle on them.  Or they ripped someone off or they
          did LSD experiments or something like that.  You can use crypto-
          graphy, anonymous remailers, to blow the whistle on people.  
          
          Anonymous transactions.  Again, as more and more people are doing
          business over the Net you can conduct transactions with complete
          untraceability.   Perry, I think, I hope, will be talking a little
          bit about digital cash.
          
PM:       I will.

DM:       Digital cash is another application of cryptography, where people
          can buy, sell, do banking on the Net without anyone knowing
          anything -- like an electronic Swiss bank account.  People can 
          buy and sell stuff from each other without even knowing who the 
          parties are -- a drug deal, let's say, or whatever, and no one 
          will know who either party is.  
          
          Underground economy, that falls into the same category.  Digital
          cash.  Again, if all this stuff is encrypted then it's basically
          untraceable, untrappable by the government, the I.R.S., whomever. 
          
          Sending illegal information.  The safe example that Tim May used 
          when I interviewed him on my radio show was, "RU-486?"  Is that
          still illegal?  Or what's the deal?
          
TM:       Yes.

DM:       So let's say you want to get information out to people on RU-486,
          the abortion pill, which is illegal in the U.S.  Again, you can
          encrypt it, send it anywhere in the world, completely untraceable.
          
          Okay.  That's basically it.  What this means is -- and this is 
          where the anarchy part comes in.  Borders, national borders, are 
          Swiss cheese.  Basically as things move more and more over to 
          electronic form, borders -- whether they like it or not, the 
          governments -- territorial gangsters as a friend of mine calls
          them -- borders become Swiss cheese.  They become completely
          irrelevant.  At the push of a button you can send anything you
          want basically anywhere in the world. No one will know what 
          you're sending, where you're sending it, nothing.
            
          There's a quote.  There's a quote in a Cypherpunks article in 
          "Whole Earth Review."  You can hide encrypted information on 
          a DAT, a music cassette or a digital audio tape, so, for example,
          Anyone carrying a single music cassette bought in a store could
          carry the entire computerized files of the Stealth Bomber and it 
          would be completely and totally imperceptible.  Nothing anyone 
          can do about it.  Again, basically what this does is sort of
          renders obsolete a lot of the laws, or most of the laws, or the
          whole basis for laws that are in place now.  Borders can't be
          enforced, taxes can't be enforced, and so on and so on. You get
          the idea.
     
          So to cut to the chase, the main goals of crypto-anarchy, the 
          main goals of the Cypherpunks, are:  (1) to spread the use of 
          strong cryptography.  Everyone should use encryption.  You
          should send all your E-mail encrypted.  
          
          People say, "Why do I need to encrypt my E-mail?  All I'm doing 
          is saying, you know, meet me for lunch at 12:30.  I don't need to
          encrypt it."  The answer we usually give is most of the mail you
          send out isn't that secret either, but you wouldn't send it all 
          on postcards.  So sending your E-mail unencrypted is like sending
          all your mail on postcards.  Encrypting your E-mail is like 
          putting all your mail in envelopes.  One further reason for that 
          is, again, this traffic analysis thing.  If you send all your 
          mail out unencrypted, hundreds of pieces of E-mail a day, and 
          then all of a sudden tomorrow at 5:00 p.m. you send out an 
          encrypted piece of E-mail, people might get a little suspicious 
          and look a little further into things.

          That's one reason that we promote the use of encryption all the 
          time.  If everything is encrypted-- if things are just flying 
          all around the world, no one knows anything.  Half of them may 
          be, "Meet me for lunch at 12:30," and the other half may be, you 
          know, "Let's make a drug deal," or whatever.  So the more people 
          use cryptography the more the lines get blurred and the more 
          powerless the authorities become.  There is a dark cloud which 
          Perry is going to talk about in a second, that unfortunately 
          -- I would prefer it if we could just stick to this stuff, but 
          actually there have been developments recently mainly with some-
          thing called the Clipper Chip that is really, really, ugly 
          and -- the Clipper Chip, and also the Digital Telephony Bill 
          that -- sort of bring a dark cloud in over all this stuff.
            
          One thing I'm always talking about is how in the last few years 
          anarchists or anarchist activists have sort of maybe been getting
          an inferiority complex, because it seems like the cops don't care
          about us that much anymore.  As much as I don't want to be a 
          martyr, you know that if the cops are tapping all your phones 
          you at least know that you're probably doing something right.  
          But I sort of get the impression lately a little bit that, you
          know, the cops just think "Fucking anarchists  Who cares?  
          They're not doing anything." 
           
          Well, you can put those fears to rest, because this stuff is 
          actually of great interest to the government, and the government
          is going to tremendous lengths to stifle this stuff.  It 
          definitely has the government's undivided attention, and I guess 
          Perry is going to tell you more about that now.


PM:       All right.  Now I was touching on this a little bit earlier, but 
          -- this gives you a little bit of motivation, why this is so 
          interesting.  It's one thing to say that the government is 
          interested in this, but does anyone -- I know that some people 
          in the audience already know the answer to this, but do most of 
          you -- if most of you are asking yourself what's the biggest and
          most secret agency that the United States government operates,
          you probably think the Central Intelligence Agency.

MALE:     National Reconnaissance Office.

MALE:     The Federal Reserve.

PM:       No.  It is the not the N.R.O., either.  The N.R.O. is bigger than
          the C.I.A., but it is not bigger than the N.S.A.
          
MALE:     Is DISCO more secret than the N.S.A.?

PM:       Pardon?

MALE:     DISCO?

PM:       DISCO?

MALE:     I guess it is.

PM:       It must be.  The National Security Agency -- spends more money
          and has more employees than all of the other intelligence 
          organizations the United States government operates combined.  
          Okay?  It spends over $30 billion a year only on signal 
          intelligence operations (SIGINT).  I'm about to get into what 
          those are.  This is something  that the government cares about 
          extremely passionately.   They spend vast amounts of money on it.
          You should ask yourself why.
          
          Now what exactly is the business of the National Security Agency?
          The business of the National Security Agency is signals 
          intelligence.  Most people aren't aware of it, but signals 
          intelligence is considered by most intelligence analysts to be 
          the most important form of intelligence.  Signals intelligence 
          played incredibly important roles all through World War II.  How
          many people here knew that the Battle of Midway was won entirely
          because of signals intelligence intercepts?  Okay.  A couple of 
          people.

MALE:     Seven percent.

PM:       How many people in this audience knew that the Battle of the 




From rarachel at photon.poly.edu  Wed Jun 29 18:56:55 1994
From: rarachel at photon.poly.edu (Arsen Ray Arachelian)
Date: Wed, 29 Jun 94 18:56:55 PDT
Subject: Feb 11 Transcript part 2
Message-ID: <9406300158.AA14295@photon.poly.edu>



          Atlantic was largely not a complete disaster because of signals
          intelligence work?  A few people know.  

          What is signals intelligence?  Why does the government care so 
          much about this?  Signals intelligence, put simply, is the busi-
          ness of reading other peoples' mail. That's it, most baldly.  
          It's the interception of communications, whatever form those
          communications take.   And it's a very, very big thing with the 
          government. The National Security Agency basically has two 
          jobs. One of them is to be this gigantic ear out there 
          that listens to all the communications that it can unearth. 
          Period.  Now one of the problems is that lots of foreign 
          governments don't like having all their communications listened 
          to.  I don't know why.  [LAUGHTER] And lots of private 
          individuals don't like having all their communications 
          intercepted.  So they tend to use cryptography.  So one of the 
          other big things that the National Security Agency spends
          billions of dollars a year on is research in code breaking 
          -- how to break cryptographically protected messages.
            
          The other half of what the N.S.A. is try to keep foreign 
          governments from doing the same thing to us. They're also in the 
          business of developing codes and trying to protect the United 
          States government and government contractors from having their 
          communications intercepted.  Naturally there's a small conflict
          here, because the people who spend their days trying to break 
          other countries' codes and foreign companies' codes and American
          citizens' codes, they're not supposed to do that anymore.  At 
          the Congressional hearings in the Seventies they promised to 
          stop doing that.

          Anyway, the people who spend their days monitoring, you know, 
          cellular telephone calls in Moscow would prefer that the 
          technology developed by the people who are developing ways to 
          keep the United States government's communications secure not 
          get into the hands of the people who are trying to make cellular
          telephone calls in Moscow, because they want to be able to listen
          to all of this stuff.
          
          So we've got this conflict between the two halves of the National 
          Security Agency, and the side that wins is almost always the 
          people that slurp up traffic.  They never talk about any of the
          techniques they use, and they try to keep them as secret as 
          possible.  And until the early 1970s there was almost no private 
          sector research on cryptography done in the world.  The National 
          Security Agency had a monopoly on information about cryptography,
          and to this day they never have said -- they still have a great 
          reluctance to declassify things from the Second World War.  Put 
          it that way.
          
          By the way, the National Security Agency is truly huge.  They 
          have at least ninety thousand employees that we know of.  They 
          occupy the entire Ft. Meade military base just outside of 
          Washington.  It really is bigger than all the other intelligence 
          agencies put together.  It's of course an agency that's extremely
          secretive, and until the 1970s they did not even admit that the 
          N.S.A. existed.  N.S.A. was said to stand for "No Such Agency."
          
          Something rather interesting happened, however, in the early 
          Seventies, which is that a few computer scientists and 
          mathematicians, specifically Whitfield Diffy, Ralph Merkel and 
          Martin Helman, came up with the first major discovery in 
          cryptography outside of the government sector in about fifty or 
          sixty years, which was this notion called "public key 
          cryptography."  It's an idea that was so feared by the National
          Security Agency that they actually attempted to quash all open 
          research and publication on the subject.  They discovered that 
          it was not possible to do so, much to their chagrin. This little 
          thing called the First Amendment gets in the way.  But to this 
          day they attempt with every means possible that they can to try
          to deter research in the public sector.
            
          Now what was it that Diffy, Helman and Merkel came up with that 
          they considered to be so dangerous?  I have to explain a little 
          bit more about cryptography than I like to in order to explain 
          this.  The reason it's more than I'd like to is because frankly 
          unless you're really interested on an intimate level cryptography
          gets rather boring.  It's like discussing the details of auto
          mechanics.  It doesn't make for interesting talks.  But I'll talk
          about it for a minute anyway.
          
          All modern cryptosystems have two components to them.  There is 
          an algorithm and there is a key.  The algorithm is basically 
          your recipe for saying how you're going to take your message in 
          on one end, scramble it up and spit it out the other end.  But 
          the algorithm is not a complete recipe.  It's missing a portion.
          That portion is the key.  The idea is that by having this thing
          called a key, that's -- it's just like a key to a lock in a door.
          
          Thousands of people can own exactly the same model of Yale lock 
          all over this city, but because each of them uses a different 
          key on their lock two people who own the same brand of lock can't
          open each other's doors.  Well, it's exactly the same idea.  By 
          separating out this small piece of information -- it's usually a
          large number these days -- two users of a system can -- different
          people can communicate using the same cryptographic system without
          being able to read each other's messages, and indeed one of the 
          rules for designing cryptosystems is that the cryptosystem should
          only depend on the key for secrecy. 
          
          You should be able to tell people exactly how you're encrypting 
          things, but just not tell them what the key is.  And they should 
          be unable to decipher your traffic no matter how hard they try.
          
          Now most people know that -- you know, your ordinary door, you 
          walk up to it, you unlock it, use a key, you lock it again, you 
          use the same key.  This is actually the way that most 
          cryptosystems used to be before Diffy, Helman and Merkel.  Now
          this causes a problem.  Let's say that I want to communicate with
          Dave.  Okay.  Now we have to exchange a key securely.  I can't 
          just call him up on the phone and say, "Hey, Dave. This is the 
          key we're going to use," because someone can be tapping the 
          phone line.  I have to actually go up to Dave, you know, hand
          him the key, and then go off -- or send a courier and then go 
          off and later on communicate with it.  But let's say that I want
          to then communicate with, say, you.  I can't use the same key I'm
          using with Dave, because then you could read the traffic and I
          wouldn't necessarily want you to be able to read the traffic.  
          
          So okay, now I have two sets of keys.  Well, let's say I'm 
          communicating with several hundred people regularly.  Well, 
          I have to exchange keys with all of them.  This is an enormous 
          pain in the ass.  What Merkel, Helman and Diffy came up with was 
          something called the public key concept.  It's a really neat idea.
          
          Imagine for a moment -- imagine a mailbox for a moment that has a 
          mail slot in it.  Okay? And once something's been stuck in the 
          mail slot it's inside the mailbox and the only way to open the 
          mailbox is with this key.  But anyone can stuff things into the 
          mail slot.  Anyone can put things in, but only the owner of the 
          key to open the mailbox can get things out.  The idea that they
          had was this.  Let's say that we had cryptography systems in which
          there were two keys, two keys that cannot be determined from each
          other.  I cannot figure out what one of the keys is based on what
          the other key is.  One of the keys encrypts things:  takes them, 
          scrambles them up, makes them look like gibberish. You cannot, 
          however, unscramble things with that key. You need the second 
          key in order to descramble things. 
          
          The scrambling key is the encryption key, or the public key.  It's
          called a public key because I can give it away.  I can put in the
          phonebook or in an ad in the New York Times or anywhere else I 
          want, "this is my public key."  Anyone on earth can use that, 
          because you cannot determine from that key what the decryption 
          or private key is, the key that I keep to myself, that I don't 
          tell anyone, and which is the only way to read things that have 
          been scrambled up with the public key.  Now this is a real 
          revolution.
            
          Now I can just give thousands of people the same key to send mail
          to me or to have phone conversations with me or what have you, 
          and all I have to do is keep one key private and I'm secure.  
          I no longer have any problem with key distribution.  Now this 
          might not sound terribly revolutionary, but consider that we live
          in the modern age and we've got lots of computers and computerized
          telephone systems and things like that. Because of public key 
          cryptography -- and this is not practical without public key 
          cryptography -- I can build a telephone system where, every pair
          of phones in the country have public keys associated with them
          and the public keys are published off somewhere and when you pick
          up the telephone and dial a number, your telephone asks a 
          database somewhere what the public key is for the number I'm 
          calling, finds it out and scrambles the entire telephone conver-
          sation using that public key.  
          
          So instead of having to worry about and sweat over distributing 
          keys to everyone I talk to, I can afford to encrypt my conver-
          sations with the corner store, or the pizza parlor that I'm 
          calling to give an order to.  I can encrypt absolutely everything.
          This wasn't practical before public key cryptography was invented.
          
          Public key cryptography makes cryptography really cheap and easy 
          to use.  This is something that the N.S.A. doesn't like, obviously,
          and that's why they tried to keep this information from being 
          published to the point that N.S.A. officials who were apparently 
          not acting under official orders sent letters to lots of 
          publications telling them that if they published any information 
          on this they'd be violating acts about the publication of 
          classified information, and they tried to contend that all 
          research in cryptography was born secret and that once you wrote
          a paper you couldn't read it again unless you had a security 
          clearance.  
          
          Unfortunately, as I mentioned, they were forced to back off of 
          this.  There were lots of reasons for this, one of which is that 
          the courts didn't agree with them.  One of them is that lots of 
          the research goes on in foreign countries, which, believe it or 
          not, are not run by the U.S. government, at least not all of them,
          not yet.  
          
          But anyway, what happened was that in the early Seventies these 
          people came up with this new concept.  This spurred an interesting
          revolution, because suddenly lots of people in academia saw that 
          there was interesting research to be done in cryptography and that
          they could do it outside of the N.S.A.  Before the early 1970s all
          the cryptographers in the United States for the most part who had
          any degree of serious interest in the subject worked for the 
          N.S.A.   That was it.  That was your only career path.  Now there
          are thousands of people who work on cryptography in academia in 
          this country and in countries around the world, and it's a real 
          serious subject of study.  There are conferences several times a 
          year, people publish this stuff in the open literature. 
          
          So there is now this thriving field of study, which the N.S.A. 
          really doesn't like -- because as I mentioned, the people who are
          basically that big ear trying to listen to all the conversations 
          around the world -- and by the way, when I say they try to, I 
          really mean it.  They've got listening posts all over the world 
          to try to intercept every possible radio transmission, 
          microwave-transmitted telephone call, every satellite-based 
          communication, everything they can get they tap-- you know, 
          cables going between foreign countries -- everything they can
          possibly do to listen to as many conversations as they can.
          

MALE:     Supposedly they monitor every overseas phone call in 
          this country.

PM:       Yeah.  Whether or not they actually do is a matter of speculation,
          but it's thought by many that they do.

FEMALE:   Well, they do sample.

DM:       We don't know what they do for sure.

FEMALE:   No, trust me.

DM:       Okay.

FEMALE:   So if you say, "Bomb the World Trade Center," they pick 
          up on those words.

DM:       Possibly.  Anyway -- while all of this was happening in the mid-
          Seventies and early Eighties with cryptography developing as a 
          field of study, at the same time the computer revolution was 
          happening.  Now computers -- I know that everyone on earth by 
          now has heard about -- has seen their People Magazine or Time 
          Magazine or Schlock Magazine No. 525th article on the Information
          Superhighway, and the Internet and how wonderful it all is -- and
          you probably all want to fall over and gag when you hear any more
          hype from people who don't know what they're talking about.  
          
          Well, I'm going to give you some more hype, but at least I do know
          what I'm talking about.  The Internet is a really amazing thing.
          I can sit in my office in New York and I can collaborate with an-
          other person who's working in Australia and I can send mail to 
          friends of mine that gets there instantaneously who happen to be 
          in Finland -- or communicate with tens of thousands of people 
          that I've never met.  If it wasn't for the Internet, I never would
          have met Dave.  In fact if it wasn't for the Internet the 
          Cypherpunks Movement would never have started, because all the 
          people involved in it found each other over the Net.  Now in the 
          future, whether you like it or not, the Net's going to be where 
          you do your catalog shopping ...

DM:       Perry, I just have to mention.  There are about 700 plus 
          Cypherpunks today.  I've met I think three of them in the flesh 
          in a year and a half.  

PM:       I've met more, but it's amazing how many people you get to know 
          and be friends with and you've never seen.  But you know, I -- 
          in the future it's possible for many kinds of work to be done 
          remotely thanks to these technologies. If you're a writer you
          don't need to be anywhere in particular, do you?  I mean you can
          write your books in Fiji for all you care.  

          And if you're a reporter, unless you're a beat reporter and you 
          go out to interview the fireman at the fire or what have you, if 
          you're someone who, say, covers wider issues you can do your 
          business from almost anywhere that you've got a telephone and a 
          computer.
            
          The Internet makes that an even bigger thing.  In the future I'm 
          probably going to be able to send a little message down to the 
          pizza parlor around the corner and have a pizza delivered over 
          the Internet.  Everything you do is going to be done over the Net.
          
MALE:     Isn't it going to taste a little funny sucking through that wire?

PM:       Well, no.

MALE:     No worse than Domino's, I guess.

PM:       It tastes fine once you encrypt the pizza.  Anyway -- the thing 
          is that the Internet -- now when Dave said that the Internet is 
          an anarchic thing, this is not a lie.  This is literally the 
          truth.  The Internet has no central control, no central planning.
          It's operated basically on the premise of, "Okay.  I've got a
          connection.  Oh, you want to connect up?  Okay.  Connect up to 
          me."  There is no such thing as a central Internet management 
          office. There is -- yes?

Q:        What's the Internet Naming Authority?

PM:       The I.A.N.A. is -- to the extent that there is any sort of central
          organization, that can be said to be it.  But what do they do?  
          They give out Internet numbers.  If they stopped doing it, people
          would probably start routing in NBGP domains, you know, on their
          own and assigning their own numbers.  It's not like you can exert
          control over the Net that way.  But never mind.  I don't want 
          to...

COMMENT:  It fits most people's definition of God.  The circle whose center
          is everywhere, whose circumfrence cannot be found.

PM:       The Net is organized basically without any -- the Net has no 
          knowledge of what borders are.  Okay?  I can communicate with a 
          machine in Finland as easily as I can communicate with a machine 
          in New York.  One of the results of this is that when people in 
          one country are told, "Oh, you can't put this sort of information
          up on your computer," well, generally speaking someone in another
          country will offer to put the information up for them. And at that
          point the attempt to control the flow of information is completely
          meaningless.  
          
          Does everyone know -- there's this court case now in Canada where
          the Canadian press has been forced not to say anything about the
          court case.  Well, of course anyone who's in Canada and is 
          connected to the Internet can read all the details that they want
          to.  Borders are completely meaningless. The U.S. government has 
          this interesting rule that you cannot export cryptographic 
          software from the United States.  I'll get into that more later.
          
          But one of the interesting results of this is that when people 
          have built large packages -- large pieces of software that 
          involve cryptography -- what they've generally done is to just 
          specify how the cryptographic pieces have to fit in, and people 
          in foreign countries have written a dozen or couple of dozen 
          lines of computer software to implement those things and put them
          up on computers in Finland. For some reason putting this stuff up
          on computers in Finland is really popular.  I don't know why. 
          [LAUGHTER]  Really, it is.  The Network traffic between the United
          States and France is dwarfed by a factor of five compared to the 
          traffic between the U.S. and Finland.  It doesn't make any sense,
          but that's the way it is.
          
          But, you know, the Internet has changed the way many people who 
          are computer professionals now live.  For instance, the chairman 
          of Autodesk, which is this very successful computer company, 
          decided that he didn't like living in the U.S.  So he moved to
          Switzerland, got an Internet connection and managed his company 
          from then on from there.  I think recently he decided he wanted 
          to retire and hired another manager, but never mind;  the point is
          that the Net really breaks down barriers to information.  You can
          not restrict information to one country, you cannot keep 
          information from flooding around the world almost instantaneously
          to any place that's on the Net.  
          
          Everyone is on the Net.  The Russians are on the Net.  People in 
          Singapore -- where the government of Singapore thinks that they're
          exerting control over what books can be sold in the country, I 
          have news for them.  Stuff going over the Net is far racier than 
          anything that they think that they're censoring at the border.
            
          So here we have this wonderful Internet, and the problem with it 
          is it's completely insecure.  The way it's been built right now, 
          anywhere I tap a line I get enormous amounts of traffic going by 
          and it's all conveniently already computerized so I can use 
          computers to listen in on it.  If the N.S.A. wanted to build a
          computer system to watch all the electronic mail going between 
          two countries, it would be nice, easy, feasible.  There'd be no 
          problem.  
          
          This is a problem.  Now the problem is of course easily solved 
          with cryptography.  If you encrypt all your communications, 
          suddenly it's impossible to tap them.  This is of course something
          that the National Security Agency doesn't like, so they try to 
          do things like restricting the export of cryptographic software 
          from the U.S.  
          
          Well, I have news for you. Software is just information.  Software
          is no different from any other kind of information, and if I put 
          software up on the Net suddenly it's in every country in the world
          within hours.  Mysterious how this happens.  This has happened 
          with cryptographic software several times. There's a fellow by 
          the name of Phil Zimmerman who wrote a nice public key 
          cryptography package called PGP, put it up on a machine in the 
          United States.  Well, wouldn't you know it -- available in Italy 
          -- oh.  By the way.  Duncan has about ten copies of PGP for 
          anyone who wants them.   [LAUGHTER]  We're having trouble 
          controlling the distribution of cryptography software here.
          [LAUGHTER]
     
          Anyway.  Sorry.  Flying disks.  Yes.  But seriously, that's as 
          easy as it is to get your hands on cryptography software these 
          days.  It's all over the Internet.  People can download it from
          Finland, from Italy, from France and England.  It's everywhere.  
          And the N.S.A. doesn't like this, either.
          
          Now stepping back from that for a moment, I'll mention that we've
          talked about ordinary applications for cryptography up to now:  
          how to keep your communications secret using cryptography. We 
          touched earlier on the fact that you can do banking using crypto-
          graphy.  Now why would this be particularly interesting?  Well, 
          this guy David Chaum, in Holland, came up with a system -- and 
          I'll just ask you to take this on faith -- you can read a book 
          like Bruce Schneider's book [Applied Cryptography] later if you 
          like and figure out why this would be so -- but it is possible
          to construct a money transfer system in which it is guaranteed
          that all parties are anonymous and no parties have to trust each
          other.  Now that's a really neat feature, isn't it? You don't have
          to trust the other parties, and you don't necessarily have to know
          who they are.
            
          Now remember that the Internet allows communications to go all
          over the world now.  So let me give you the following little 
          scenario.  Let's say that I had a little pocket computer in my 
          -- you have an Apple Newton, don't you?  Is it with you?  Let me 
          hold that for a minute. Now I don't know if people are aware, but,
          you know, this is as small as computers have gotten and in fact 
          this is large compared to the HP100.  There's a very powerful 
          computer here.  
          
          It even has a communication link so it can talk to other computers.
          Right here.  I can keep it with me.  Let's say that I'm sitting in
          a cafe in the East Village, say, and I'm going to meet up with 
          this guy who has promised to give me this contraband I've been
          really interested in -- nude pictures of Nancy Reagan.  Okay?
           
          So he shows up in the cafe.  You know, I've never seen the guy 
          before.  Never mind.  I look at the pictures. Yes, I want them.  
          We both get out our little computers, put them in front of each
          other.  Each of us presses a button and suddenly I've paid him
          $10,000 which I've extracted from my offshore bank account over
          the Internet, handed to him and lord knows what he's done with 
          it.  He might have sent it for all I know to the same bank or to
          one on the other side of the world.  No way to know.  No way to
          trace it. 
           
          Now U.S. banking law says that I can't do business with foreign 
          banks inside the U.S., but it's very difficult in the presence of
          strong cryptography to know whether or not I am communicating with
          a foreign bank.   Or to regulate the transport of money.
            
          If you're living in the underground economy and you're dealing 
          with cash all the time it gets very cumbersome, you know?  You're
          carrying around $10,000 in cash.  It's a big wad of bills.  
          Keeping cash in your home is inconvenient, moving cash around is
          inconvenient.  It's dangerous.  You can't get interest paid on 
          your cash.  So what you really want is offshore banking, but 
          offshore banking has been inaccessible to people.  Well, this 
          might very well blow that wide open, and I'm certain that the 
          I.R.S. and the N.S.A. dislike this possibility.
            
          Imagine what happens if half the population finds itself able to 
          function in the underground economy with all the ease with which
          they can function in the above-ground economy right now.  They've
          got their bank, they've got -- you know, they can make investments
          if they want.  They can transfer money.  Hell, it's more conven-
          ient.  It's much more convenient than the way we do things right 
          now, and I can clear and transact -- right now if I wanted to, 
          say, a credit card transaction, you know, a merchant has to be 
          set up to do a credit card transaction and it's really risky.
          
          Someone can steal the credit card numbers, etc.  This is 
          extremely secure, and I can exchange information with anyone and I
          can do it using ordinary equipment that I can buy off the shelf.
            
          That's another thing that I want to point out here. Every computer
          is dangerous to them.  Every single computer in the world is an 
          extremely high quality cypher machine if it has the right 
          programs, and programs are really easy to copy.  They're as free
          as air.  They move very fast.  I can throw one -- pretty 
          inaccurately, but never mind.  Anyway -- flying software, faster
          than the internet... [OVERLAPPING COMMENTS AND LAUGHTER]
          
          The people in Fort Meade, you know, at the N.S.A. --their offices
          are known as the Puzzle Palace to some people, largely because to
          a large extent what they do is they spend their days worrying 
          about really intricate mathematical problems.  And there's -- I 
          suspect not much that makes the people in the Puzzle Palace more
          nervous than the notion that equipment that anyone in the world 
          can buy for a couple of hundred dollars can make it impossible for
          them to tap some communications.  

          It's incredibly cheap -- cryptography software is virtually free 
          right now.  Almost anyone can get software that's really good for
          free.  And computers are cheap.  And you can't keep the software 
          from moving around.  This is probably the stuff of their 
          nightmares.
            
          You know, remember that their mission is to listen in on every-
          thing, and they're faced with the threat that they may be able to
          listen in on nothing.  Compound that with the fact that then we
          have these science fiction scenarios of people able to conduct 
          untraceable, unwatchable transactions without the I.R.S.'s all-
          seeing eye being able to detect it -- or FINCEN's.  
          
          How many people here know what FINCEN is?  I'm curious.  Okay, we
          have two or three people who know what FINCEN is.  Do you know 
          what FINCEN is, sir?

MALE:     No, I don't.

PM:       FINCEN is the government agency that collects information on all
          of your large bank transfers and tries to note if you are engaging
          in a pattern of criminality with them. Right now it can only watch
          all of your transfers over $10,000, or things that are 
          suspiciously close to $10,000.  They would like to watch all of 
          your bank transactions.  This is all in the name of...
     
          Oh, by the way.  Does everyone knows what the Four Horsemen of the
          modern governmental Apocalypse are?  The excuses for virtually 
          every civil rights reduction that's happened in the last few 
          years.  The Four Horsemen are: terrorists, drug dealers, 
          pornographers and child molesters.  Okay.  Now all the time 
          you're told, "But what if terrorists got their hands on
          cryptography technology?"  
          
          By the way, the answer to this is that anyone who wants to get 
          their hands on it -- let's put it this way.  This book [Applied 
          Cryptography] can be purchased in any bookstore. Explains 
          everything about the state of the art in modern cryptography.  
          
          Any of you who knew enough about computers could pick this book
          up and write software probably good enough that the government
          could not listen in on your communications.  Trying to keep
          this stuff out of the hands of anyone is rather difficult.  The 
          horse is already long out of the barn. 




From rarachel at photon.poly.edu  Wed Jun 29 18:59:18 1994
From: rarachel at photon.poly.edu (Arsen Ray Arachelian)
Date: Wed, 29 Jun 94 18:59:18 PDT
Subject: Feb 17 Transcript Part 3
Message-ID: <9406300200.AA14325@photon.poly.edu>



          
          But unfortunately, the Four Horsemen of the Apocalypse are still 
          there and the government is trying to use them as an excuse right
          now.   How many people saw the articles on the front page of the 
          New York Times about Clipper?  Okay.  A bunch of people have.  
          
          How many people saw the front page article in the New York Times 
          about the F.B.I. Digital Telephony Bill?  Ah.  Fewer people.  I'll
          start with the F.B.I.  Digital Telephony Bill, because it's much 
          easier to understand.  
          
          The F.B.I. is not satisfied with the fact that our phone system
          is not like the phone systems in Eastern Europe, and wants it to
          be that way.  [Laughter]  They want the capacity to be able to 
          push a button in Washington at any time they like and tap any 
          telephone in the country at will.  That's basically it in a
          nutshell.
            
          They claim that they need this capability because modern digital 
          telephone systems are becoming increasingly difficult to listen in
          on.  Computer Professionals for Social Responsibility did an 
          F.O.I.A. [Freedom Of Information Act] request on the F.B.I. and
          managed to get documents which said, "By the way, we know this is
          a lie but we're trying to get this bill through.  So please lobby
          for it."  In fact no one has ever found that they have any 
          difficult tapping the existing telephone systems, but never mind 
          that.  They are saying that because of advances in technology 
          they need the capacity to be able to sit in Washington, push a 
          button and listen to any telephone conversation in the country
          at will.  This is of course in order to stop the terrorists, drug
          dealers, pornographers and child molesters.  If they can find some
          one who is all of those at once I am sure it will make their day.
          
          Anyway, at the same time the National Security Agency has been 
          having these nightmares about cryptography so they've gotten the 
          Clinton Administration to front for them on a really, really 
          stupid idea.

MALE:     Ten copies of the Justice Department announcements, the five 
          press releases from a week ago.

PM:       Okay.  Well, basically what's happened -- maybe we'll pass these 
          out in a minute -- is that this has been in the works for some 
          time and people have been fighting it, and so many people have 
          been fighting it that we thought it was dead, but it seems to 
          have come back from the dead.  The government wants you to use 
          their cryptosystems.
            
          What they want is they want to give you a little cryptography box
          called "Clipper" that you can use, so that you don't have to 
          complain that all of your communications are insecure.  But 
          Clipper has a built-in bugging feature in it, so that if the 
          government wants to listen in on your communications they can do 
          so.
          
          Isn't that special of them?  And they expect that everyone in the
          country will want to use this.

MALE:     And each one's got a serial number.

PM:       Yes, yes.  The way this basically works is that they store 
          basically the equivalent of a master key to the cryptography 
          system inside -- I'm trying to keep this from being too technical
          -- essentially every time you use the Clipper chip to communicate
          with something that also contains a Clipper chip, well, what it 
          does is it includes information about the key you are using in 
          the data stream that it sends to the other machine, and it's 
          encrypted with an encryption key that is known to the government
          -- to keep everyone nice and honest.  You know, we don't want to 
          keep those terrorists, child molesters, pornographers, drug 
          dealers from being able to encrypt things.
          
          (Ie: "We're your government.  Trust us, we know what's good
          for you;  but we don't trust you.")
          
          However, they say that this standard is voluntary.  Now if you
          were a card-carrying terrorist would you use the government's 
          cryptography system, especially if it's voluntary to use it?
          
          No.  What you're probably going to do is go out and get yourself
          a decent cryptography system.  Hell, if you're actually being
          armed by the Libyans they probably have nice KGB crypto equipment
          that they can hand to you.  You don't have to worry about going 
          to the store to buy your cryptography equipment.
          
          So in general the notion that they can impose this as a voluntary
          standard for encryption, which you're not compelled to use, is 
          ludicrous, and almost everyone in the community thinks that what 
          they're doing is preparing to try to ban all forms of encryption
          other than the ones that they specifically approve.  So we've got
          these two interesting government movements right now, the one to
          make tapping all of your telephones easier and the one to make it
          easy to decrypt the communications on the telephones that they've
          made it very easy to tap.  
          
          I thought that the Berlin Wall had fallen and the Stazi was out 
          of business, but apparently they've all just moved to Washington.
          [Laughter] It's kind of annoying.  But on the other hand, ignoring
          all of this, they're -- by the way, I'll mention that every 
          industry group, groups like the Electronic Frontier Foundation
          and Computer Professionals for Social Responsibility, all the 
          trade magazines, everyone on earth has come out saying this is a 
          stupid idea.

DM:       The 700 Club did a ...

PM:       The 700 Club actually did a story about how evil the government's
          cryptography plan is.  It's amazing. Everyone and their mother
          has come out against this, but it doesn't seem to matter.  
          According to an article that's going to be published in next
          month's "Wired" several administration officials have admitted
          that this might be their Bay of Pigs, something really stupid that
          they inherited from the previous administration, which they did, 
          which they're going to push forward anyway full steam ahead.

MALE:     So whose head's going to explode like a flying -- you know, in 
          Dallas -- as a result of this thing?

PM:       I don't know.  Well, anyway, so -- now ignoring what the 
          government is trying to do to stop cryptography, I'll point out 
          that all is not rosy with cryptography.  You can encrypt your 
          communications, you can try to be really careful about all of the
          dealings you do, and if you try to live, say, purely in an 
          underground economy one day you sit in a caf with the wrong guy 
          and he pulls out his I.R.S. credentials and says, "Can we do an 
          audit, please?"  
     
          Now it might be difficult for them to be able to spend the 
          resources necessary to try to track lots of people down for
          abusing this sort of thing.  In fact, I would argue that there's
          no way that they have all the resources necessary to do that.  
          
          But nonetheless, let's point out you can't do everything in 
          cyberspace.  You can't live in cyberspace.  You have to live in
          a home somewhere.  You have to go to the corner store to eat. 
          You have a physical body.  They can still get you.  They 
          can still pass laws to try to restrict your freedoms. 
          Cryptography, however, does make them much weaker in many ways.
          
          One of the things that's been pointed out repeatedly is that 
          government feeds on money.  The lifeblood of government is money.
          If they don't have money -- what traditionally happens in a Third-
          World country that's experiencing hyperinflation?  At some point 
          the soldiers discover that their pay no long will buy them food, 
          and they start revolting.  Government workers are like everyone 
          else -- well, sort of like everyone else, but [LAUGHTER] --
          government workers do have families, they do have mouths to feed.
          
          They need to be paid.  And when the government tries to print
          money to pay them the money becomes less worthwhile.  So they 
          depend on taxes in order to be able to control people.
            
          In an environment where it becomes increasingly difficult to tax 
          activities, it becomes increasingly difficult for the government 
          to exert control over the population.  In fact, the more people
          move into some sort of cryptographic black market, the more
          difficult it becomes for the government to try to stop it because
          the fewer resources the government has.  It's sort of a vicious 
          cycle for them.  They need to have money in order to try to get
          money, and the less resources they have to -- actually, Duncan,
          you know this off the top of your head.  How many millions of
          Americans are thought to evade taxes right now?
          
DUNCAN:   The Feds say officially there are ten million nonfilers who should
          be filing, and at least another ten million filers who file 
          incorrectly on purpose.  That's out of 114 million personal tax 
          returns filed last year, down from 117 million predicted.  They 
          undershot by 4 mil.

FEMALE:   They had like 900 convictions out of ...

PM:       How many convictions were there for tax fraud last year?

DUNCAN:   It's only about three or four hundred a year.

PM:       In spite of this -- it's very, very difficult for them to expend 
          the resources to try to get a tax fraud conviction.

DUNCAN:   It costs $50,000 bucks, or -- and then you got to imprison 'em. I
          mean it costs half a mil or a mil.

MALE:     Usually there's one other factor, and that is that there's only 
          one Treasury agent per 900 filers.  So the enforcement bureaucracy
          is actually very small.  This came up in the debate over the gun 
          issue, where there's a mention of 240,000 gun dealers and about 
          one enforcement bureaucrat for every 240.  That's a highly 
          regulated field by comparison with general tax filers.

PM:       Anyway -- Dave points out that I'm kind of dragging this on, and 
          we should open it up for questions.

MALE:     ... one other factor that hampers the I.R.S.?

PM:       Yes?

MALE:     They've got infiltrators.

PM:       Oh?

MALE:     There are people in the I.R.S. who are on our side.

PM:       Okay.  Anyway, if we're done with the major, initial part of the 
          talk -- I think we made some of the interesting --I've missed 
          talking about a bunch of things, like the fact that you can put 
          -- there are all sorts of neat things people have discovered 
          about cryptography over the years.  You can play poker with people
          by computer without having to trust the dealer or any of the other
          players, and you can mathematically prove that no one has cheated
          in the course of the game.
            
          There are all sorts of neat tricks that cryptographers have come 
          up with over the last few years, and if people -- anyone with a 
          mathematical background, I strongly encourage you to go out and 
          buy a copy of one of the books on the subject.  Actually the best
          book on the subject right now is Bruce Schneier's Applied 
          Cryptography.  This is a technical text.  If you're not interested
          in cryptography on a technical level, if you stopped with math 
          before algebra or something -- I'm not trying to denigrate anyone.
          Some people are not interested in math.  There's nothing wrong 
          with not being interested in math.  But this is a math book, 
          basically. It's full of math.  If you want to know the details, 
          however -- published by John Wylie & Sons.
            
          There are some very good books -- it'll be up here. If you're 
          interested in the history of cryptography, David Kahn wrote an 
          extremely good book that only covers the world up to about 1970.
          He mentions the N.S.A. These were the days before they admitted 
          that they existed, but he has chapters discussing them.  The book
          is called The Code Breakers, by David Kahn.  It is still an 
          interesting book to read, because it gives you some idea about 
          how hard it is to produce good codes and how important it has 
          been in history.  Most people are completely unaware of the
          historical importance of secret communications and breaking
          secret communications.

MALE:     The British government for about seventy years claimed they 
          weren't breaking any telegrams, and in fact they were taking
          every one into a room and trying to ...
          
MALE:     The N.S.A. lied about it for years, also.

PM:       The so-called Black Chambers.  All through the 19th century 
          virtually every government in Europe had something called a 
          Black Chamber, which was the room into which all diplomatic
          correspondence coming into and out of the country was brought to
          be read.  Most of it was encrypted, but some countries had pretty
          good cryptographers.  This has been going on for centuries.  
          There is nothing new about this.  The only thing new about this is
          that suddenly world-class cryptography is in the hands of 
          everyday people. 
           
          Lastly, there's a great book about the N.S.A. that Lou mentioned
          a moment ago, called The Puzzle Palace by ...

DM:       Bamford.

PM:       The Puzzle Palace is, again, about ... (Inaudible; overlap)

DM:       It's available in cheap paperback.  Very good book.

PM:       Oh, by the way.  If you get a copy of The Codebreakers by David 
          Kahn, do not get the paperback.  Get the hard-cover. The text is 
          different.  The text of The Puzzle Palace in softcover is exactly
          the same.  It's a really good book. It's unfortunately about a 
          decade old, but it covers them in an enormous amount of detail.  
          Most people are completely oblivious to what the largest 
          intelligence agency in the U.S. is.  You should inform yourselves.
          

DM:       So let's open it up ...

PM:       For questions.

                               *   *   *

Q:     I don't understand the details of Chaum's method of electronic 
       banking, but I thought it required that the bank would issue 
       essentially denominations of bills that were public keys.

PM:    Are they publicly keys?  I could go into the details, but I don't 
       know ...

Q:     My point is, how do you get this going without the cooperation of a 
       bank?

PM:    Form your own bank.  That's basically the answer.  You have a digital 
       bank that issues digital money, basically.

MALE:  If you have a couple of hundred people you can form your 
       own credit union.

PM:    In fact there are some people in Texas who are now forming a credit 
       union on the premise that the credit union is going to permit people
       to make electronic cryptographic transactions.

MALE:  The problem with this digital bank and any other under-ground economy
       is that if your digital cash is stolen or if this digital 
       underground economy collapses you will have no recourse in law
       enforcement, in civil suits or FDIC insurance.

PM:    Well, first of all -- I don't want to claim that the FDIC is a 
       wonderful thing here, but even assuming that it was I honestly trust
       AAA-rated Swiss banks far more than I trust any bank in the United 
       States -- or the full faith and credit of the United States 
       government.

MALE:  Here, here.

PM:    Which is going down every day as the deficit increases.

Q:     But who issues digital cash?

PM:    No, the point is that you cannot steal digital cash.  It doesn't 
       work that way.  You can -- now the bank can defraud you.  You 
       admittedly have to trust your bank.  However, you cannot really 
       steal digital cash.  It doesn't work that way.

MALE:  It's protected using encryption.  It's very complicated.

Q:     Are you claiming that Virtual Virtue has been invented?

PM:    No.  I'm claiming cryptography has been invented.  It does not -- 
       the bank can defraud you.  Someone cannot steal your digital cash.

Q:     Why wouldn't this be an attractive notion to most Americans, and 
       subsequently why would this seem to be a scary notion to the 
       government?

PM:    I will explain it to you right now.  In this city, most people think
       that most people comply with the tax regulations and with Federal 
       regulation.  New York City is one of the most fascistly-run places
       in the United States, so it would not be surprising that we have the
       most thriving underground economy.  Go downtown to Chinatown and you
       will find building after building after building of off-books 
       businesses:  clothing manufacturers, import-export businesses,
       everything you can imagine, being run in a completely underground 
       manner.
        
       The garment industry would not exist in New York City if it was not
       for the underground economy in New York City. Okay, forget what 
       middle-American people will do.   The underground economy already
       exists, and this sort of thing is going to move forward and there's
       probably going to be demand from people who are already in it.
         
       As for the question of "virtue", as I said I would go into the 
       cryptographic protocols in detail, but -- you cannot be robbed of 
       your digital cash from your wallet the way that you can be robbed of
       real cash.

MALE:  They can't rob you any more than a regular bank can.

PM:    It's not actual cash.  It's really an anonymous transfer.

Q:     Doesn't digital cash (?) to the maximum capitalists and fascists, 
       too, or are we just catching up with things?

MALE:  This is a problem.

PM:    Whether you like it or not, it's there.  The computers are out there.
       The technology has been invented.  It cannot be uninvented.  It can't
       be put back in the bottle.  There are tens of thousands of people in
       this country who understand how to build these things.  At this point
       it's impossible to stop it.  So whether you like capitalism or don't
       like capitalism, whether you like technology or dislike technology, 
       this is a reality. I would advise personally that you try to use it 
       to your benefit.  Perhaps other people have different opinions. 
       That's what I would think.

Q:     A two-point question.  First of all, have you seen the article in the
       Humanist(?) about digital cash?

PM:    I'm afraid I have not.

Q:     Have you?

DM:    Can't say I have.  No.

Q:     Okay.  Secondly -- now the promo for this talk says it'll make the 
       State a thing of the past.

PM:    I think that's something of an exaggeration.

DM:    Basically what we're talking about, and it remains to be seen how far
       it's going to go, is the withering of the State in the sense that 
       governments can no longer say -- now they can say we won't let this 
       book cross our borders, you can't do certain kinds of financial 
       trans-actions, you're not allowed to read this stuff, you're not 
       allowed to make bootleg copies of this record.  All this stuff is 
       going to be going on more and more, and it's unstoppable by the 
       government.  So in other words, a lot of these laws are just
       unenforceable, superfluous, as this stuff starts travelling over the
       Net in encrypted forms.

MALE:  That's victory to some extent.

DM:    Right.

PM:    Oh, yes.  It is very much -- it's sort of the exponentiation of (?).
       As soon as you allow in -- the Chinese discovered this at Tiennamen 
       Square.  Fascists and totalitarian governments and Communist 
       governments have known this for a long time.  You want to keep the 
       copy machines in your country as difficult to get to as possible.  
       You want to keep the telephones difficult to get to, and make them 
       bad and tap them all the time.
       
       You want to restrict the flow of information.  One of the things that
       happened after Tiennamen Square were these informal fax networks came
       into existence all over China, and within hours people all over the 
       country knew the truth about what was going on. 
       
       Information from satellite broadcasts and from foreign radio stations
       got in and swept over the country.  This just compounds that problem.
       If you're going to take part in the modern world, if you're not going
       to be like Albania, you're going to have to allow in the Internet.
        
       As soon as you allow in the Internet, people are going to start 
       exchanging data.  As soon as they start exchanging data some of that
       data might be encrypted, and you have no way of knowing what it is 
       that they're bringing in or putting out.  You can't control it, not
       short of controlling every single computer that exists in your 
       country.

Q:     Has there ever been a case where the government has broken the code 
       and ... (Inaudible; overlap)

PM:    In the thirties all the time.  Bootleggers would use primitive 
       cryptographic systems to communicate with each other and would get 
       hauled into court.  In fact Kahn's book, The Codebreakers, talks a 
       lot about this.  You bring up a very important point.  Not all 
       cryptography is good cryptography.  The program WordPerfect is really
       popular out there.  It has a little function that will let you save 
       an encrypted version of your file.  It's totally useless.  With a 
       couple of milliseconds' worth of work, another program can just 
       break that wide open.
         
       You need strong cryptography.  Just any cryptography won't do.  
       Insist on -- but in the past very often people using secret codes 
       for communication have been hauled into court by the United States 
       government.  It's happened.

Q:     Were they drug dealers?

PM:    In Prohibition they were drug dealers.  Yes.

Q:     Recently.

PM:    Recently, no.  It has not happened recently.  One of the things 
       that's very strange is that more of them are not using cryptography.
       There are companies in the U.S. that will sell you commercially phone
       scramblers that are really, really good.

MALE:  [INAUDIBLE].  I'm not sure who is reading my mail. It takes a lot of
       effort to do something, to cause anarchy to happen, and everyone 
       would have to be involved, and I don't see that there's any payback.
       
PM:    I disagree for the following reason.  First of all, the people who 
       know these programs are reasonably smart, and most of them are 
       actually talking to each other right now.  And there are real 
       attempts made to try to make sure that they all communicate with 
       each other fairly well.  This is intentionally so that people do
       not face the question of having:  "Well, I've got Encryption 
       Program A and you've got Encryption Program B.  Yes, we can talk."  
       
       One of things also by the way in public key is that it makes it easy.
       Just so long as I know that you're -- Duncan can give you two disks.
       If you want you can just throw one at one of your friends.  Hopefully
       he'll catch it and it won't hit the floor.  And you don't actually 
       have to communicate with each other in advance or communicate with 
       any of your other friends in advance in order to exchange information.
       You just have to have compatible software.  And the marketplace is 
       taking care of that, because people want to communicate with each 
       other.

MALE:  But it is not anything the government can't regulate.  I know you 
       say that it can't, but you can regulate it that kind of stuff.

PM:    They can try to stop it.

MALE:  I don't see any way [INAUDIBLE] ... 

MALE:  It also benefits me.  I may consider that I benefitted from breaking
       Midway(?) codes or Atlantic codes or whatever it is.  [INAUDIBLE].
       
PM:    Well, there might be benefits to you, but unfortunately it's -- 
       whether this is fortunate or unfortunate in fact, it's not your 
       choice.  It's not up to me, it's not up to you, it's not up to 
       anyone.  The cat's out of the bag.

MALE:  It's not.

PM:    Oh, yes, it is.  Anyone can buy a copy of this book.

MALE:  I can get anything I want off your computer.  Anything I want.  
       You send any kind of electronic mail, I can get it (?).

PM:    How?

MALE:  There's always a way.

PM:    No. I'm an electronic mail administrator.  There are ...

MALE:  I can use a rubber hose cryptosystem.

PM:    Yes.  Admittedly.  I can come up to you and I can beat you up.  At 
       which point what does it matter?

MALE:  I can change your computer so it doesn't -- I can monitor your 
       keyboard, watching you type.  I mean there's all these ways.  It's 
       not a question of [INAUDIBLE].

PM:    It becomes very rapidly prohibitively expensive ... 
       (Inaudible; overlap)

DM:    There's a question of how much it'll cost the government. There are 
       estimates that if the N.S.A. used every computer they have and they 
       ran it for eighty years nonstop, they'd be able to break -- you know,
       it's like angels on the head of a pin.  I mean ...

PM:    He points out very correctly that if they're willing to spend enough
       money they can monitor -- they can break you.  On the other hand, 
       it's extremely expensive for them to do that and cryptography is 
       really cheap.  In fact if you have a computer already cryptography 
       is absolutely free.  Now admittedly, computers are not absolutely 
       free.  But anyone who has a computer right now, anyone who has a 
       computer right now can communicate with anyone else who has a
       computer right now securely, securely enough that what they spent a
       couple of hundred dollars setting up the government will have to
       spend tens of thousands of dollars trying to go after.

MALE:  It's actually millions probably.

PM:    Not necessarily.  If they come after you with rubber hoses it might 
       be relatively cheap ... [LAUGHTER]

MALE:  Forty dollars.

PM:    You say things like, "Well, I have to coordinate these things, and I
       have to come up with..."  Yes. Admittedly you have to have standards.
       But remember, most people in the world who do technical stuff very 
       naturally try to follow standards.  You won't go to the average 
       telephone store and buy a telephone that does not plug into your wall,
       and that's not because they particularly like you or they 
       particularly like modular jacks; it's because they want to make sure
       -- because they know that if you buy a phone that doesn't plug into
       your wall -- well, you won't buy a phone that doesn't plug into your
       wall.  Put it that way.

DM:     Perry, you know, keep in mind that a lot of this stuff is the 
        ground floor.  It's square one, whatever, and the idea is to let 
        people know what's going on, let people know what the problems are,
        let people know what the solutions are now, and maybe five years 
        from now -- again, the problem I sort of hinted at before was that
        because it's still early the government's trying to do things like 
        slip in the Clipper chip and stuff to prevent these things before 
        they happen.  It's just important for people to know about this 
        stuff.  As time goes by new systems, new software, will have all 
        this stuff built into it and ...

MALE:   You won't even know you're encrypting.

DM:     Yeah.

Q:      What about the falling price of processing power?

PM:     Well, this has two interesting effects.  There is an extent to which
        this makes it easier to crack codes. However, not as much as you 
        would think.

Q:      What about lengthening the number of digits in the prime that you ...

PM:     We won't get into these details, but basically one of the features 
        of things like public key cryptosystems is that if you have twice as
        much computer power lying around you can encrypt things much more 
        securely using the same amount of time and it takes exponentially 
        longer for the people who are trying to break what you've done.

MALE:   Not only -- as processing power falls -- it is cheaper...

PM:     It becomes faster.

MALE:   As the specific cost of processing falls, of processing power falls,
        it becomes progressively cheaper to use longer and longer keys, 
        which cost more and more time ...

FEMALE: Witfield Diffy says to use three crypto scans ABA.

PM:     Well, that's DES.  Never mind.  We're getting into details that we
        shouldn't, probably.

MALE:   The point is the cheaper ...

PM:     As computers get cheaper, it will become harder for them to break 
        codes using non-rubber hose techniques.  That's true.

MALE:   Decryption becomes more costly.

DM:     Steve, in the back.

STEVE:  First of all, it's been very interesting subject, thanks  but I'm 
        goin to rain on your parade...  A couple of things come to mind.  
        [INAUDIBLE].  One thing of course is the issue of acces.  Most of 
        the population doesn't have access to the equipment, and certainly
        if they have access to the equipment have very limited knowledge,
        and really it winds up ... [INAUDIBLE] ... being a very small group
        of individuals. [INAUDIBLE] ...  If we're talking about this in the
        context of -- this is creating a new, nonauthoritarian society, that
        can't be done by a small group of individuals acting through an 
        Internet or electronic data process.  It requires a [INAUDIBLE]
        social organization.  You know, you mentioned Tiannemen Square.  
        Well, the efforts [INAUDIBLE] ... You get an Army that is willing 
        to repress the rest of the population for the resources of the rest
        of the population.  As long as that happens ... [INAUDIBLE] ...
        
        One other thing I should mention, when we talk also about the issue
        about people pulling out, about the underground economy -- one you
        mentioned, the underground economy of Chinatown.  I'm not sure
        [INAUDIBLE] ... exactly a model we'd want to impose for the rest of
        society.  Suppose you get a lot of people to stop paying taxes 
        [INAUDIBLE] ... without an overt social organization when 
        sanitation services collapse and social services collapse -- unless
        you're [INAUDIBLE] ... It comes back to ultimately what anarchy 




From rarachel at photon.poly.edu  Wed Jun 29 18:59:53 1994
From: rarachel at photon.poly.edu (Arsen Ray Arachelian)
Date: Wed, 29 Jun 94 18:59:53 PDT
Subject: Feb 17 Transcript 4/4
Message-ID: <9406300201.AA14337@photon.poly.edu>



        is about is it's a new form of social organization.  [INAUDIBLE]
        The umbrella is that I think it can be an important tool, but ...

PM:     Answering your points -- I don't entirely disagree with them, but 
        I'll point out that the technology is actually very cheap.  It's 
        not free, but it's cheap enough that people we would consider to 
        be extremely poor can afford it at this point.  You can get a 
        computer that can link you up to the Internet for maybe something 
        on the order of $100 if you try hard right now.

MALE:   I could do it for $5.  A VIC-20 and a VIC-20 modem are essentially
        free.

PM:     Well, you have to find one.  That takes some time.

MALE:   It's in somebody's closet.

PM:     The other thing is Internet service is actually fairly cheap right 
        now.  For about $10 a month -- actually, if you count the cost of
        having to have a phone line around, call it $20 a month -- you can
        be on the Internet.  And the price is only going to fall with time.
        
        It's admittedly not free, but it's not out of the capability of 
        ordinary people to pay for.  You're right that most people don't 
        know this is an issue -- which is why we're here.  It's not -- and 
        I'll also agree with you that so long as the government has the 
        capacity to shoot people en masse if it so desires, the State will
        continue to exist.  
        
        This is not a panacea. It's just a tool.  There are people out there
        who are extremely enthusiastic about it. It might be a really neat 
        tool; a really good tool.  But it is just a tool.  However, if 
        people did in fact pull out of the economy in a big way, at least 
        out of the above-ground economy, or as De Soto refers to it, out of 
        the formal economy -- as opposed to the informal economy, because 
        after all, you know, why should you refer to it as a black market?
        
        It's a market for honest people, not a market for dishonest people.
        As more people enter the informal economy, being able to pay for the
        tanks and pay for the people to stand behind them becomes more and 
        more difficult.  Admittedly though, you're going to need to be able 
        to provide alternate means of society organization.
         
        There are all sorts of issues that come up.  This is not the answer
        to everything.  It's just a really, really important tool you should
        know about.  Yes.

FEMALE: Just to get back to the issue of digital cash. When Leonard(?) 
        talked to Chaum(?).  What he wants to do is develop a card reader 
        for your PC, so you can download cash onto your card in your home
        from your bank, wherever it is.

DM:     Citicorp already offers that service. 

PM:     But it's not terribly secure.

DM:     It's admittedly not secure, but they do offer it.

PM:     It's also not anonymous.

FEMALE: They have a debit card, do they?

DM:     They have a debit card.  If you go to their Queensboro center in 
        Long Island City you can see -- there are sample machines up there.
        They use it for all electronic transactions.

FEMALE: And so they give you a sort of -- they charge you ...

DM:     It's like five dollars a month.

FEMALE: You have to rent this? [INAUDIBLE; OVERLAPPING VOICES]

PM:     It's not purely abstract money in the sense that digital cash is not
        a form of currency.  It's really just a way of doing anonymous 
        transactions.  You can be doing anonymous transactions against bank 
        accounts backed in dollars or yen or gold or whatever else your 
        heart desires.  It's really just a way of simplifying the concept of
        doing anonymous digital transactions.  It's not really in and of 
        itself a currency.

MALE:   Right.  That's the part that's hard to imagine. [INAUDIBLE]

PM:     It could not be.  That's not the way that it's designed to work.

FEMALE: How do you generate such a system without trust to begin with?  I 
        mean -- I've got $10,000 in my Swiss bank account, Perry, and -- 
        alright, here you go.  Turn it into digital cash for me.  But -- 
        I mean you have to act as a banker for me, right?  And there's 
        just...

PM:     Someone has to act as a banker for you.  I suspect very soon it will
        be your Swiss bank, whom you already trust.  Or it will be some -- 
        you already have to trust someone. People ...

FEMALE: But you've got the FDIC behind it in CitiBank... [Inaudible]

PM:     But there are people who trust their money to Swiss banks right now,
        and Swiss banks don't fail.  And they don't, generally speaking, 
        commit fraud.

MALE:   People lost money on FDIC-insured accounts because of inflation, so
        you can lose money on insured accounts.

PM:     Well, anyway, the point is yes, you're right.  There is a question
        of trust involved.  You have to trust some of the people that you
        are doing transactions with.  If you have a banker, for instance...
        
MALE:   Use several banks.

DM:     We may develop methods -- protocols -- which will allow you -- I 
        can't get into this, because it hasn't been done yet, but it's 
        possible.  You may be able to deal with a financial institution that
        has wide-open books.  The books are published in electronic form, 
        kept on the Nets, so that anybody can check their account and they
        can even check everybody else's account -- except they can't check 
        the balance.  They can just tell that nobody's screwing around with
        it -- in a way that cannot be easily defeated.

PM:     There are some neat protocols people have come up with for doing
        anonymous cryptographic auditing.  Again, however, there are ways 
        of committing fraud -- say, that the bank is actually dealing with
        something being backed by gold.  You know, one day they could bring
        up trucks, take all the gold and leave everyone hanging.

DM:     There's always a way to do that.

PM:     You could do that with banks right now.  If you go to the super-
        market you can hand the guy your dollars, he can pull back the 
        groceries behind the counter and just refuse to give them to you.  
        You know, you can go to the park and you can give the guy your money
        and he can fail to deliver what people go to parks for these days.  
        Look. There are always issues of trust involved.  I'm not going to 
        address that.  That's a wide open issue. It's a huge issue.

FEMALE: There's no paper trail involved.  If I make a deposit and you give 
        me the goods, what record do we have that this ...

PM:     I can -- there are paper trails.  There are receipts.

DM:     No, there are.  It's complicated.

MALE:   It's not paper.

PM:     They're not paper, but I can demonstrate to an independent auditor 
        that I did in fact deposit the money and that these have been the 
        transactions I've done.

FEMALE: But then in fact does it not eliminate the beauty of ...

PM:     No.  I would have to reveal -- only -- if I want to go to an 
        auditor, I can choose to reveal my identity to some limited extent.
        I could for instance -- I could have an anonymous account.  There 
        can be nothing recorded on the account in terms of name or address.
        
        But I could show someone all the records for the account to 
        demonstrate that the bank is lying and that there is a certain 
        amount of money in that bank account and that they've not been 
        telling the truth.  There are audit trails possible. Yes, ma'am.

Q:      How can we sure that the software we use does not already have 
        master keys included?  Or get included as time goes on?

DM:     Because you can look at a PGP for example -- I don't know how much
        you know about computers, but there's source code.  I mean you can
        look at PGP, this program that's public domain that's distributed
        all over the world.  You can look at the program itself and see 
        exactly how it works.  It's well documented.

PM:     The program is distributed in source code.  You can recompile it if
        you want.  You can read all the codes.

DM:     You can.  You can look at the codes.

PM:     Many people have read it.  In fact the code is fully available.  
        Many people have read it.  You can compile the code yourself.  
        However, I'll point out that there was an ACM Turing Award talk by
        Ken Thompson where he proved that there is no way ultimately to 
        completely trust your computer systems.  There is also no guaranty
        that when you lie down next to your lover this evening that they're
        not going to take out a huge steak knife and plunge it right into
        you.  There are no guaranties, folks.  However, to a reasonable
        degree of confidence you can be sure that the software is free of
        holes.

DM:     We only have a couple more minutes, so -- a couple of quick 
        questions.

Q:      [INAUDIBLE]

PM:     Well, I don't know.  So far as I know, the United States government
        has never brought a prosecution against a foreign bank for doing
        overseas transactions.  They can't.  It's not their jurisdiction.  
        Presuming that you are doing your transactions with a bank in the 
        Bahamas, I don't think that the government -- the government can
        charge you with RICO violations.  It's unlikely that they can 
        charge anyone else with them.  Any other questions?

Q:      [INAUDIBLE]

PM:     You can start -- it's likely you're not, but if you were interested
        in started a digital bank and having a digital bank that, say, 
        backed its currency using a basket of commodities or wheat or gold
        or anything else you wanted, you can do that.  It's just a mechanism
        for conducting funds transfer.  Admittedly, it's abstract, and people
        are probably never going to go up to a gumball machine and stick in
        their computer in order to get a gumball out.  And in fact people 
        are probably very unlikely to use it for everyday ordinary 
        transactions.  But I'll point out one thing.  If you have an 
        offshore bank account you can get an ATM card for it and you can
        walk into an ATM machine anywhere in New York, stick it in, withdraw
        cash -- your name, your true name, is not necessarily recorded 
        anywhere.  You can walk to an ordinary supermarket and pay in 
        ordinary cash if you like.

MALE:   [INAUDIBLE]

PM:     Well, it is legal.

MALE:   [INAUDIBLE] You come into issues of how -- as the money forms 
        develop towards that, how other things that were previously stable
        may become more and more unstable, you know, which suggests to me
        that the further this thing goes the higher level there is going
        to be of barter.

PM:     This is more an economics question than a question about crypto-
        graphic technology.  I'll agree that there will be interesting
        effects as a result of the advent of digital cash, and that we can
        probably not predict what all of them will be.  At the same time,
        we probably can't stop it.

DM:     I think we have to wrap it up in about two seconds.

MALE:   May I risk of delying the obvious -- at one time you were told that
        the only secure crypto was the one-time pad.  What we're saying now
        is that here's a form of crypto that you can use all the time, 
        every time, and that you should encrypt.

DM:     One-time pads are impractical, and you don't need -- you don't 
        necessarily ...

MALE:   They're ancient history now.

PM:     They're still in use.

DM:     Well, maybe, maybe not necessarily.  They're still used. I feel like
        I have to make just one comment to save my ass here before we break
        up, and that is -- Perry -- I've tried to avoid this because we 
        probably agree on more or as much as we disagree.  Perry considers
        himself an anarcho-capitalist.  I am an anticapitalist.  I have
        problems with the whole idea of digital cash, with the whole idea of
        money.  I'm against money.  I'm against cash.  I don't like banks.
        We don't have time to get into that now, but I just wanted to 
        mention that, and also -- for all my friends here who think that 
        I'm a traitor -- also, that ...

PM:     They'd never think that about you, Dave.

DM:     That stuff is all controversial and you can debate about it, but 
        -- I mean the basic -- I hope that we got the basic ideas across.  
        The whole business about digital banks, digital cash and whatnot, 
        you know, do what you want with that, but -- that's gonna vary with
        your particular political slant.  I think that's probably it.

Q:      Do you want to share?

DM:     Yes, I do.
     [APPLAUSE]

--------------------------------------------------------------------------




From lile at netcom.com  Thu Jun 30 17:03:21 1994
From: lile at netcom.com (Lile Elam)
Date: Thu, 30 Jun 94 17:03:21 PDT
Subject: Lallapalooza Shakeout Tomorrow...
Message-ID: <199406302305.QAA23557@netcom14.netcom.com>



Hi folks,

I thought some of you might be interested in this hitech tent party. 
It is a test run / shakeout of the Lallapalooza media tent...
Please feel free to invite others too...

The tent opens at 1pm. Just mention that Wanda Web and Lile Elam
extended the invite and you will get in...


Directions:

The Lallapalooza media tent will be open
Friday 1pm; Intercal is throwing a party:
	Strawberry Field Recreation Center in Tiburon.
	Take 101N over GG Bridge.
	Exit Tiburon; turn right on Tiburon Blvd.
	turn right on Strawberry Drive (2nd light)
	turn right on Belveder (1st right)
	It should be easily visible from there...

-lile


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lile Elam	    |  "Remember... No matter where you go, there you are."
lile at netcom.com     |		
Un*x Admin / Artist |			 Buckaroo Banzai
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







From jya at pipeline.com  Thu Jun 30 17:03:41 1994
From: jya at pipeline.com (John Young)
Date: Thu, 30 Jun 94 17:03:41 PDT
Subject: (Fwd) What motivates Crypto-folk?
Message-ID: <199406302249.SAA08585@p03.pipeline.com>



Forwarding message by scmayo at rschp2.anu.edu.au
--------------------
From: scmayo at rschp2.anu.edu.au (Sherry Mayo)
Subject: What motivates Crypto-folk?
Date: 29 Jun 1994 08:14:16 GMT
Organization: Australian National University

The question in the subject of this thread may seem dumb to 
some people  in this group, but I'm curious about how varied 
the motivations  of  crypto-using people are.

I got PGP running on my machine a few weeks ago because I liked 
the  idea of being able to communicate privately if I wanted, 
as I felt  that email was much more insecure than other forms 
of communication.  I started reading some of the crypto stuff 
on WWW and noticed a political trend in the motivations of many 
of the people who are 'big' in the crypto scene in the US. The 
motivation for these people's interest in  cryptography seems 
to stem from a strong libertarian viewpoint, which  
incidentally often seems to coincide with strong views about 
the right to bear arms. 

It may seem that I am being particularly naive in being  
surprised by this but I am from the UK where libertarian views 
of this  kind are not so widely held. I have never held a hand 
gun and have no desire to do so. Similarly my motivations for 
using cryptography come simply from a desire for privacy from 
Govt. and other snooping but NOT  from the 'cyber-survivalist' 
inclinations that seem to motivate some in  the US at least. 

I read some stuff on Vince Cate's WWW site by Tim May about how 
crypto was going to bring down governments due to (legal?) tax 
evasion by those who are computer literate . I have to say that 
I think this is highly unlikely (and to be fair, Vince's site 
included an article by Hal Finney agreeing with my view). I 
know that Tim May's views are considered to  be extreme by 
some, but more moderate people seem to hold the view that 
crypto and also cyberspace (god I hate these buzzwords) in 
general herald an age of 'survival of the fittest' where those 
clued up about computers will be able to take advantage and do 
better due to paying less taxes  etc.

Personally I have no desire to evade tax since I quite like 
being able  to drive on tarmac without holes, and having 
schooling and health care  provided for all with the richer 
folk subsidising the poorer folk. I  realise my views are 
anathema to the libertarian and I'm curious to know  if there 
are other crypto users (I would NEVER call myself a cypherpunk 
:-)  who's interest stems from a left-wing rather than 
right-wing viewpoint.  I should point out that I consider tha 
libertarian/crypto-anarchist views  I've outlined above to be 
an extreme form of the (right-wing) philosphy of individualism. 
I'd never come across a right-wing anarchist before reading the 
crypto groups - weird!

Your thoughts please,

SCM






From jya at pipeline.com  Thu Jun 30 17:05:34 1994
From: jya at pipeline.com (John Young)
Date: Thu, 30 Jun 94 17:05:34 PDT
Subject: (Fwd) Bidzos life threatened?
Message-ID: <199406302237.SAA06113@p03.pipeline.com>



Forwarding message by gtoal at an-teallach.com
--------------------
From: gtoal at an-teallach.com (Graham Toal)
Subject: Re: Bidzos life threatened?
Date: Thu, 30 Jun 1994 17:29:30 +0000

	Please post who else NSA -- and its like -- has threatened 
	besides Bidzos
	and PRZ.

Several years ago lots of British scientists died under 
mysterious  circumstances.  They were generally described as 
'defence scientists'  but what a significant number of them had 
in common was work in  the area of surveillance.  Several of 
them were connected to UK's  system X.  I posted a long piece 
at the time (now lost, sorry)  hypothesising that what was 
going on was internecine warfare betweem  the UK and USA 
governments departments responsible for fitting  surveillance 
assistance to their telephone exchanges for contracts  with 
foreign countries.  (One UK govt official was found dead in  
his hotel room in an arab country while there at a trade fair 
in  an unofficial capacity helping to promotye system X).  At 
that time  the UK govt had a clear lead in selling bugged 
exchanges because complete surveillance capability was designed 
in to system X -  the USA doesn't have it everywhere yet - just 
in exchanges from  co-operative suppliers. (Hence the 'wiretap' 
FBI bill, to get  everyone else to play ball too).  The ability 
to remotely monitor  all the phone system of a foreign country 
would be *extremely*  valuable to an agency like the CIA or 
GCHQ.  Personally I don't  doubt it's worth killing for, in 
their view.

It was also my view when I suggested this hypothesis some years 
 ago that the phone systems were being sold to these countries 
by  telling the respective governments that *they* could use 
them for  surveillance purposes.  My suspicion was that there 
would be extra  code buried in the switches that the customers 
did not know about  which would enable remote callers to use 
the surveillance options  too, without the host country or 
telco being aware of them. This  latter capability being top 
secret and the risk of it being made  known by disaffected 
employees perhaps being the reason why some  of them were 
killed by our own security agencies.  Hence why the  multiple 
suspicious deaths were never properly investigated (or at  
least the investigations made public - MI5 couldn't expose the 
USA  dirty tricks without exposing their own.)

This is all highly speculative and I don't stand by it, I just  
offer it as a hypothesis.







From usacm_dc at acm.org  Thu Jun 30 17:11:11 1994
From: usacm_dc at acm.org (US ACM, DC Office)
Date: Thu, 30 Jun 94 17:11:11 PDT
Subject: ACM Releases Crypto Study
Message-ID: <9406301634.AA47061@Hacker2.cpsr.digex.net>



                Association for Computing Machinery

                           PRESS RELEASE
         __________________________________________________

Thursday, June 30, 1994

Contact:

Joseph DeBlasi, ACM Executive Director (212) 869-7440 
Dr. Stephen Kent, Panel Chair (617) 873-3988 
Dr. Susan Landau, Panel Staff (413) 545-0263


    COMPUTING SOCIETY RELEASES REPORT ON ENCRYPTION POLICY

      "CLIPPER CHIP" CONTROVERSY EXPLORED BY EXPERT PANEL

     WASHINGTON, DC � A panel of experts convened by the nation's 
foremost computing society today released a comprehensive report 
on U.S. cryptography policy.  The report, "Codes, Keys and 
Conflicts: Issues in U.S Crypto Policy," is the culmination of a 
ten-month review conducted by the panel of representatives of the 
computer industry and academia, government officials, and 
attorneys.  The 50-page document explores the complex technical 
and social issues underlying the current debate over the Clipper 
Chip and the export control of information security technology.

     "With the development of the information superhighway, 
cryptography has become a hotly debated policy issue," according 
to Joseph DeBlasi, Executive Director of the Association for 
Computing Machinery (ACM), which convened the expert panel.  "The 
ACM believes that this report is a significant contribution to the 
ongoing debate on the Clipper Chip and encryption policy.  It cuts 
through the rhetoric and lays out the facts."

     Dr. Stephen Kent, Chief Scientist for Security Technology 
with the firm of Bolt  Beranek and Newman, said that he was 
pleased with the final report.  "It provides a very balanced 
discussion of many of the issues that surround the debate on 
crypto policy, and we hope that it will serve as a foundation for 
further public debate on this topic."  

     The ACM report addresses the competing interests of the 
various stakeholders  in  the  encryption debate  --  law 
enforcement agencies,  the intelligence community, industry and 
users of communications services.  It reviews the recent history 
of U.S. cryptography policy and identifies key questions that 
policymakers must resolve as they grapple with this controversial 
issue.

     The ACM cryptography panel was chaired by Dr. Stephen Kent.  
Dr. Susan Landau, Research Associate Professor in Computer Science 
at the University of Massachusetts, co-ordinated the work of the 
panel and did most of the writing. Other panel members were Dr. 
Clinton Brooks, Advisor to the Director, National Security Agency; 
Scott Charney, Chief of the Computer Crime Unit, Criminal 
Division, U.S. Department of Justice; Dr. Dorothy Denning, 
Computer Science Chair, Georgetown University; Dr. Whitfield 
Diffie, Distinguished Engineer, Sun Microsystems; Dr. Anthony 
Lauck, Corporate Consulting Engineer, Digital Equipment 
Corporation; Douglas Miller, Government Affairs Manager, Software 
Publishers Association; Dr. Peter Neumann, Principal Scientist, 
SRI International; and David Sobel, Legal Counsel, Electronic 
Privacy Information Center.  Funding for the cryptography study 
was provided in part by the National Science Foundation. 

     The ACM, founded in 1947, is a 85,000 member non-profit 
educational and scientific society dedicated to the development 
and use of information technology, and to addressing the impact of 
that technology on the world's major social challenges.  For 
general information, contact ACM, 1515 Broadway, New York, NY  
10036. (212) 869-7440 (tel), (212) 869-0481 (fax).

     Information on accessing the report electronically will be 
posted soon in this newsgroup.











From usacm_dc at acm.org  Thu Jun 30 17:12:48 1994
From: usacm_dc at acm.org (US ACM, DC Office)
Date: Thu, 30 Jun 94 17:12:48 PDT
Subject: USACM Calls for Clipper Withdrawal
Message-ID: <9406301635.AA37142@Hacker2.cpsr.digex.net>


                              
                              U S A C M

 Association for Computing Machinery, U.S. Public Policy Committee

                          * PRESS  RELEASE *
 
Thursday, June 30, 1994	

Contact: 
Barbara Simons (408) 463-5661, simons at acm.org (e-mail)
Jim Horning  (415) 853-2216, horning at src.dec.com (e-mail)
Rob Kling (714) 856-5955, kling at ics.uci.edu (e-mail)


     COMPUTER POLICY COMMITTEE CALLS FOR WITHDRAWAL OF CLIPPER 

            COMMUNICATIONS PRIVACY "TOO IMPORTANT" FOR 
                     SECRET DECISION-MAKING

     WASHINGTON, DC ��The public policy arm of the oldest and 
largest international computing society today urged the White 
House to withdraw the controversial "Clipper Chip" encryption 
proposal.  Noting that the "security and privacy of electronic 
communications are vital to the development of national and 
international information infrastructures," the Association for 
Computing Machinery's U.S. Public Policy Committee (USACM) added 
its voice to the growing debate over encryption and privacy 
policy.

     In a position statement released at a press conference on 
Capitol Hill, the USACM said that "communications security is too 
important to be left to secret processes and classified 
algorithms."  The Clipper technology was developed by the National 
Security Agency, which classified the cryptographic algorithm that 
underlies the encryption device.  The USACM believes that Clipper 
"will put U.S. manufacturers at a disadvantage in the global 
market and will adversely affect technological development within 
the United States."   The technology has been championed by the 
Federal Bureau of Investigation and the NSA, which claim that 
"non-escrowed" encryption technology threatens law enforcement and 
national security.

     "As a body concerned with the development of government 
technology policy, USACM is troubled by the process that gave rise 
to the Clipper initiative," said Dr. Barbara Simons, a computer 
scientist with IBM who chairs the USACM.  "It is vitally important 
that privacy protections for our communications networks be 
developed openly and with full public participation."

     The USACM position statement was issued after completion of a 
comprehensive study of cryptography policy sponsored by the ACM 
(see companion release).  The study, "Codes, Keys and Conflicts: 
Issues in U.S Crypto Policy," was prepared by a panel of experts 
representing various constituencies involved in the debate over 
encryption.

     The ACM, founded in 1947, is a 85,000 member non-profit 
educational and scientific society dedicated to the development 
and use of information technology, and to addressing the impact of 
that technology on the world's major social challenges.  USACM was 
created by ACM to provide a means for presenting and discussing 
technological issues to and with U.S. policymakers and the general 
public.  For further information on USACM, please call (202) 298-
0842.

   =============================================================


       USACM Position on the Escrowed Encryption Standard


The ACM study "Codes, Keys and Conflicts: Issues in U.S Crypto 
Policy" sets forth the complex technical and social issues 
underlying the current debate over widespread use of encryption.  
The importance of encryption, and the need for appropriate 
policies, will increase as networked communication grows.  
Security and privacy of electronic communications are vital to  
the development of national and international information 
infrastructures.

The Clipper Chip, or "Escrowed Encryption Standard" (EES) 
Initiative, raises fundamental policy issues that must be fully 
addressed and publicly debated.  After reviewing the ACM study, 
which provides a balanced discussion of the issues, the U.S. 
Public Policy Committee of ACM (USACM) makes the following 
recommendations.

  1.  The USACM supports the development of public policies and 
technical standards for communications security in open forums in 
which all stakeholders -- government, industry, and the public -- 
participate.  Because we are moving rapidly to open networks, a 
prerequisite for the success of those networks must be standards 
for which there is widespread consensus, including international 
acceptance.  The USACM believes that communications security is 
too important to be left to secret processes and classified 
algorithms.  We support the principles underlying the Computer 
Security Act of 1987, in which Congress expressed its preference 
for the development of open and unclassified security standards.

  2.  The USACM recommends that any encryption standard adopted by 
the U.S. government not place U.S. manufacturers at a disadvantage 
in the global market or adversely affect technological development 
within the United States.  Few other nations are likely to adopt a 
standard that includes a classified algorithm and keys escrowed 
with the U.S. government.

  3.  The USACM supports changes in the process of developing 
Federal Information Processing Standards (FIPS) employed by the 
National Institute of Standards and Technology.  This process is 
currently predicated on the use of such standards solely to 
support Federal procurement.  Increasingly, the standards set 
through the FIPS process directly affect non-federal organizations 
and the public at large.  In the case of the EES, the vast 
majority of comments solicited by NIST opposed the standard, but 
were openly ignored.  The USACM recommends that the standards 
process be placed under the Administrative Procedures Act so that 
citizens may have the same opportunity to challenge government 
actions in the area of information processing standards as they do 
in other important aspects of Federal agency policy making.

  4.  The USACM urges the Administration at this point to withdraw 
the Clipper Chip proposal and to begin an open and public review 
of encryption policy.  The escrowed encryption initiative raises 
vital issues of privacy, law enforcement, competitiveness and 
scientific innovation that must be openly discussed.

  5.  The USACM reaffirms its support for privacy protection and 
urges the administration to encourage the development of 
technologies and institutional practices that will provide real 
privacy for future users of the National Information 
Infrastructure.








From ravage at bga.com  Thu Jun 30 17:21:44 1994
From: ravage at bga.com (Jim choate)
Date: Thu, 30 Jun 94 17:21:44 PDT
Subject: Opinions of a book requested...
Message-ID: <199406301807.NAA03858@zoom.bga.com>


Hi all,

Does anyone have any hands-on experience with:

Contemporary Cryptology: The Science of Information Integrity
Gustavus J. Simmons
656pp., 1992
ISBN 0-87942-277-7

It is listed in a catalog of books carried by Omega. I was wondering if
anyone has read it (or even looked it over peripheraly for that matter)?

Thanks.






From peb at netcom.com  Thu Jun 30 17:24:18 1994
From: peb at netcom.com (Paul E. Baclace)
Date: Thu, 30 Jun 94 17:24:18 PDT
Subject: ANI 800 number
Message-ID: <199406301636.JAA26325@netcom10.netcom.com>


The number I have no longer works.  Too bad, since I found it useful
to find out what number I'm dialing out on (rarely needed, but handy
when necessary).


Paul E. Baclace
peb at netcom.com






From pdn at msmail.dr.att.com  Thu Jun 30 17:24:57 1994
From: pdn at msmail.dr.att.com (Philippe Nave)
Date: Thu, 30 Jun 94 17:24:57 PDT
Subject: Where is SecureDevice? wuarchive directory missing..
Message-ID: <2E12F1FB@mspost.dr.att.com>



Hello, all!

I have just changed jobs within the company, and now I
find that my PC is not as secure as I'd like. (Long
story.) I'm looking for SecureDevice, hoping that
it will let me create a secure area on my hard drive.
I ftp'ed to wuarchive.wustl.edu, changed directory
to /pub/msdos_uploads, then tried to change directory
to cryptography only to find that the directory
does not exist!

Pointers? Suggestions? Thanks for your time!

    Philippe Nave

P.S. Does anybody have a FAQ or something about how to
integrate PGP with Microsoft Mail? (Note the lack of
a PGP signature while I'm getting my act together..)





From fnerd at smds.com  Thu Jun 30 17:25:12 1994
From: fnerd at smds.com (FutureNerd Steve Witham)
Date: Thu, 30 Jun 94 17:25:12 PDT
Subject: Chained Remailing Strategy and Tactics
Message-ID: <9406301631.AA10232@smds.com>


anonymous says-

> In order to preserve anonymity and thwart traffic analysis in 
> chained remailings, it would seem useful to include a very BUSY 
> remailer in the chain, and try to ensure that the message arrives 
> at the busiest time of the day for that remailer, from a traffic 
> standpoint.  Hitting a remailer at a slack time when, let's say, 
> only one message arrives over a period of several hours would 
> seem most unwise.

The problem for someone trying to trace a message is, which of
some set of outgoing messages matches this incoming message?
(Or vice-versa.)  The size of the set of possibilities 
determines how much uncertainty is introduced.  If the remailer
works by delaying messages a random amount of time up to a
maximum, then the number of possibilities varies with the traffic.
But if the remailer works in terms of sequence instead of
time, it can hold the size of the set of possibilities
constant (which makes the maximum delay time vary as a side
effect).

So, sequence, not clock time, is what matters (or ought to),
all other things being equal, and there's no reason a remailer
should be any less effective in low traffic periods.

-fnerd


- - - - - - - - - - - - - - -
the liquidy snack that drinks like a beverage!
-----BEGIN PGP SIGNATURE-----
Version: 2.3a

aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K
ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz
3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG
sRjLQs4iVVM=
=9wqs
-----END PGP SIGNATURE-----





From bdolan at well.sf.ca.us  Thu Jun 30 17:26:25 1994
From: bdolan at well.sf.ca.us (Brad Dolan)
Date: Thu, 30 Jun 94 17:26:25 PDT
Subject: Detweiler clone at WSJ
Message-ID: <199406301603.JAA07502@well.sf.ca.us>



The drumbeat against all those anonymous pedophiles continues....

_Wall Street Journal_, 6/30/94

PERSONAL TECHNOLOGY by Walter S. Mossberg
"Keeping Your Kids Away From Creeps As They Play Online"

(...Talk about striking up electronic friendships online ...)

But there's a dark side to this exciting phenomenon, one 
that's too rarely understood by computer novices.  Because they
offer instant access to others, and considerable anonymity to
participants, the services make it possible for people - 
especially computer-literate kids - to find themselves in 
unpleasant, sexually explicit social situations (Sex-ed sessions 
led by Joycelyn Elders?)

The online services all have rules banning bad conduct and,
fearing possible government-imposed restrictions, have stepped 
up the policing of online abuse. But parents could do more to
protect kids from these disturbing situations.  And I've gradually
come to adopt the view, which will be controversial among many online
users (!), that the use of nicknames and other forms of anonymity
must be eliminated or severly curbed to force people online into
at least as much accountability for their words and actions as 
exists in real social encounters.

(.. More talk about how your kid might [gasp!] download a "hardcore
pornographic photo" [This guy should see the stuff on the newstands
in Amsterdam!]...)

Beyond that, I think it's time now for the services to jettison the
long tradition of allowing members to hide behind "handles" or 
nicknames.  In general people should conduct themselves online
under their real names, or not at all.  IN THE SAME VEIN, I THINK THE
SERVICES SHOULD DELAY GRANTING NEW MEMBERS ACCESS FOR 24 OR 48 HOURS
...WHILE THEY VERIFY THAT THE APPLICANTS ARE REALLY WHO THEY SAY THEY
ARE ... (emphasis mine). 

(And some folks thought that Brady-style fascism would only be applied
to "gun-nuts"!  Won't be long before you have to have a license to 
drive on the information superhighway.)

(Article continues with more of same.  Lambasts AOL. Talks about "the 
most dangerous forms of communication," etc.)


-------------------------------------------------------------------
I didn't comment on NSA threatening Bidzos because dog bites man is
not news. If you annoy the Nazis in power and they can get away 
with it they will kill you.  

BTW: The current _New Republic_ contains a story about an Oxford 
student being threatened by the Secret Service over a much more 
trivial matter.
 







From rishab at dxm.ernet.in  Thu Jun 30 17:27:32 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 30 Jun 94 17:27:32 PDT
Subject: Copyright
Message-ID: <gate.3DDRoc1w165w@dxm.ernet.in>


    From: Robert Lau <rslau at skat.usc.edu>
    
    does anybody want a 26Mb .au file (uncompressed)?
    
    WHAT'S the copyright laws on this stuff anyway?

Not very different from those for all the articles that keep appearing on the
net, reproduced without permission from Time etc...

-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From rishab at dxm.ernet.in  Thu Jun 30 17:27:42 1994
From: rishab at dxm.ernet.in (rishab at dxm.ernet.in)
Date: Thu, 30 Jun 94 17:27:42 PDT
Subject: PC Expo summary!!
Message-ID: <gate.mJeRoc1w165w@dxm.ernet.in>


rarachel at photon.poly.edu (Arsen Ray Arachelian):
>                   FEB 17  CYPHERPUNKS TRANSCRIPT
>     Copyright (C) 1994, cypherpunks at toad.com  All Rights Reserved.      
                          ^^^^^^^^^^^^^^^^^^^^
I wonder how the courts will interpret that ;)

Pats on the back to you for going ahead with the distribution of disks. 
It would be a good idea to put up the contents of the disk at some FTP site,
maybe soda.


-----------------------------------------------------------------------------
Rishab Aiyer Ghosh             "Clean the air! clean the sky! wash the wind!
rishab at dxm.ernet.in                   take stone from stone and wash them..."
Voice/Fax/Data +91 11 6853410  
Voicemail +91 11 3760335                 H 34C Saket, New Delhi 110017, INDIA  





From Stu at nemesis.wimsey.com  Thu Jun 30 17:30:17 1994
From: Stu at nemesis.wimsey.com (Stuart Smith)
Date: Thu, 30 Jun 94 17:30:17 PDT
Subject: Chained Remailing Strategy and Tactics
In-Reply-To: <199406300128.SAA25746@jobe.shell.portal.com>
Message-ID: <2e12cfb0.nemesis@nemesis.wimsey.com>


-----BEGIN PGP SIGNED MESSAGE-----

In article <199406300128.SAA25746 at jobe.shell.portal.com> you write:
>standpoint.  Hitting a remailer at a slack time when, let's say, 
>only one message arrives over a period of several hours would 
>seem most unwise.

This is what junk messages are for.  A good remailer should mail
out random packets at random times 24 hrs a day, only some of
which would contain valid messages.  Making the sender of the
message try to time its delivery to a "busy" time would be
silly.

>Can someone familiar with remailer software answer something?  
>When a message is encrypted, using the "Encrypted: PGP" header, 
>will everything after the end of the encrypted message itself be 
>ignored?  I ask, because this seems like a good place to 
>introduce "padding" into the message length to thwart detection 
>of identical messages, assuming that such extraneous material 
>wouldn't screw something up.

Another thing that a good remailer should do, randomly pad
messages that it sends out.  I don't know if any of the current
crop actually do this though.

>What's the best strategy for utilizing a given group of remailers 
>in a chain?  Which ones would be most advantageous as the FIRST 
>link in the chain, since this is the one link that has direct 
>address to the originator's address.

I can't really think of any criteria.  It doesn't matter if the
first remailer knows your address or even if they decide to tell
the NSA you're using their remailer - as long as the other
remailers ( or most of them anyways ) aren't compromised, it
should still be very hard to trace any given message.

>Let's say that a message traveled down the chain A -> B -> C.  
>Couldn't someone with enough clout ask "C" where a certain 
>message (based on header data) originated, find out it was 
>relayed by "B", ask "B" for the source, etc. and trace it all the 
>way back to the source?  What, if anything, would prevent that?

Absolutely nothing.  If a message passes through x number of
people, and everyone of those people are working for the
government/intimitdated by the government - nothing on this
earth will keep your identity secret.  Think about it.  This is
another reason we should have *lots* of remailers - not only
does the difficulty in traffic analysis increase, but if one or
more remailers is compromised (read: bribed/threatened etc), you
should still be ok.

>military secrets.  IOW, a scenario where powerful agencies are 
>motivated enough to invest considerable resources in tracking the 
>culprit down.

There is a possibility they are still sunk - we don't know what
they know, so they might know something we don't know - you
know?  But... if most (I don't know how many or what percentage)
of the remailers were secure (not compromised/working for the
gov't) when the messages were sent and they kept *no* logs, even
going so far as to wipe from memory and disk any trace of
incoming and outgoing messages, then the problem the gov't
agencies face is not a problem of "clout" - it is a problem of
cryptanalysis.  The only way, at this point, to find the sender
is to start decrypting messages send to/from remailers (the
gov't would have had to capture them previously or they would be
gone now) and track what messages went where.  This brings up
another point, even if the remailers aren't/weren't compromised,
they *do* have the secret keys that the message was encrypted
with along each hop, so theoretically, unless every remailer
operator wiped his secret key immediately after such an event,
the government could tap/bribe/intimidate/rubber-hose its way to
the remailer's secret key and track the sender (with its
previously tapped messages to and from every remailer) long
after the event.

Perhaps remailers should get in the habit of changing keys often
or automatically.  If you wanted, you could "subscribe" to a
remailer to use it, and it would send you a new key say, every
24 hours.  Perhaps there could be another key for casual users
who can't be bothered.

>While we might agree that in those two cases, the persons deserve 
>to be caught, what's to prevent a President or other highly 
>placed federal bureaucrat from MISusing those same resources on 
>something less critical, such as tracking down and persecuting 
>someone who anonymously posts "Clinton is a prick" or "Clipper 
>sucks"?

Nothing at all.. unless you can code PGE - Pretty Good Ethics
and get the Gov't to use it.

- --
 Baba baby mama shaggy papa baba bro baba rock a shaggy baba sister
shag saggy hey doc baba baby shaggy hey baba can you dig it baba baba
        E7 E3 90 7E 16 2E F3 45   *   28 24 2E C6 03 02 37 5C 
   Stuart Smith                           <stu at nemesis.wimsey.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhLdu6i5iP4JtEWBAQEoDwP9GneWXsrTVWAanvOYY/NahfDeq9vLBzMw
pwdxzm7rBvFNCq25YX6bsxo5i7h6BMyQT8SRJ4hcuOQ3kXxU9DCrm8aKfMcyjNme
4hMBsnQL3Gt9sAQomZcyHSAqitI+H8PcTQ/GbY2q2wZWfBHIzIM0sPmkru6/KFAX
PtNH+B2G47g=
=lI+K
-----END PGP SIGNATURE-----





From root%pig.jjm.com%jjmhome.jjm.com at jjmhome  Thu Jun 30 17:41:24 1994
From: root%pig.jjm.com%jjmhome.jjm.com at jjmhome (0000-Super User0000)
Date: Thu, 30 Jun 94 17:41:24 PDT
Subject: NSA
Message-ID: <9406300401.AA17934@pig.jjm.com>



	Just two small points.  First NSA's two missions are protecting
classifed US communications and penetrating those of everyone else. 
Neither is aided at all by publication of NSA developed cipher
technology.  Seems particularly silly to assume that no matter how much
NSA mathematicians and engineers might like to publish that the agency
would let them if by so doing they made their job harder in either the
short or long term.  And certainly it is not in the agencies interest to
publish much of anything ex-officio either. 

	So it is really kind of stupid to complain that they must not be
any good because they have not contributed to the published body of work
that constitutes the infant modern science of mathematical cryptography
when the existance of and quality of that body of knowlage is their
greatest long term challenge. 

	NSA's mission depends critically on others underestimating NSAs
capability and overestimating their own skills at making and breaking
codes.  If those whose codes NSA has cracked thought they could be
cracked they would not have used them (would have used one time pads or
some other technology that is truly secure instead).  It is thus
obviously not in NSAs interest to allow the world to know just what they
have developed and when, especially if by so doing they frighten the
codemakers in the rest of the world into using more secure technology,
and certainly so if by thus admitting they can be seen to be endorsing a
particular technology that they have in fact been using in US codes
because they think it secure. 

	This brings up the second point.  IS NSA really presuring RSA
because they fear the security of the RSA exponentiation algorithms or
because they can break them and hope to induce people to use use them by
seeming afraid of them ? What would be a better endorsement of a
security product than that the NSA wanted it banned because it was too
good ? Or would it ?

	I personally find it extremely hard to believe that
Clipper/Skipjack is not riddled with holes and backdoors since it seems
inconceivable that NSA would allow a NSA technology that could be used
effectively against them to be circulated world wide.  They can't really
believe that the anti-reverse engineering stuff will protect them
against foreign goverments and other well funded research organizations
for long, and they admit to having known of Blaze's checksum hack so it
seems likely that anything one could extract from reverse engineering
the chip and algorithm is flawed in some more subtle way.  Weak Keys ?
Or do they have a general method of solving DES like ciphers ?

							Dave Emery
							N1PRE
							die at pig.jjm.com







From klbarrus at owlnet.rice.edu  Thu Jun 30 17:41:33 1994
From: klbarrus at owlnet.rice.edu (Karl Lui Barrus)
Date: Thu, 30 Jun 94 17:41:33 PDT
Subject: MAIL: chained remailing strategy
Message-ID: <9406300419.AA04143@flammulated.owlnet.rice.edu>


-----BEGIN PGP SIGNED MESSAGE-----

> Can some of the major remailer operators make available some
> "sanitized" traffic stats of average traffic by hour and day of the
> week?

Well, I don't run a remailer at the moment, but I can about ones I
used to run.

One I ran (elee9sf at menudo.uh.edu) batched all incoming messages and
remailed them randomly at midnight.  So in some sense it didn't matter
when during the day mail arrived.  During its operation, the remailer
averaged about 15-20 messages a week, or about 2-3 a day (I don't
remember which days of the week if any were more popular).

Sometimes there were severe usage "spikes", when the remailer would
handle several times its average (once nearly 100 messages in a week,
and 20 in one day).  However, I feel that this was due to users
repeatedly submitting messages - perhaps testing the remailer -
without realizing the remailer only resent at midnight.

I don't know what loads remailers operated with, but more messages
circulating via anonymous remailer would definitely help.

> Can someone familiar with remailer software answer something?  When
> a message is encrypted, using the "Encrypted: PGP" header, will
> everything after the end of the encrypted message itself be ignored?
> I ask, because this seems like a good place to introduce "padding"
> into the message length to thwart detection of identical messages,
> assuming that such extraneous material wouldn't screw something up.

Yes, the extra text is ignored.  In fact, the remailer implemented
this form of padding (however, it only padded messages shorter than 2K
out to 2K).  This isn't the best way to do padding since it is quite
obvious that it is in fact padding.  Hal Finney wrote some perl
scripts which pad inside the pgp message (add random text without
likewise updating the message length field; upon decryption the extra
text is throw away) and this is a better approach.

I think one thing that screws things up (Bill O'Hanlon pointed this
out months ago) is if somebody encrypts a message with the -m option
(for eyes only) - this causes the remailer to hang, waiting for
keyboard input.  I'm not sure if this problem is easily fixable on the
remailer side.

> What's the best strategy for utilizing a given group of remailers 
> in a chain?  Which ones would be most advantageous as the FIRST 

Run your own and use that one as the first link ;)

> How would "someone", hypothetically, follow the chain backwards?  

Hm... I guess exactly the way you describe, by going to each machine
and trying to piece together the remailing path, possibly with help
from the syslog file.

>  What, if anything, would prevent that?

By disabling sendmail logging, if the remailer operator is able to.
(I wasn't able to on any of the remailers I ran).  Of course, other
forms of logging would need to be disabled as well.

> For the sake of argument, let's assume a worst-case scenario: a 
> chained message to "president at whitehouse.gov" containing a 

Well, I'm not sure.  A few months ago, there was only one remailer
outside of the U.S. (in Canada, @extropia.wimsey.com).  However, now
there are several, in the Netherlands, and one in Italy (?).  I guess
it would depend on whether the chain includes out of the country
remailers, if each remailer keeps logs (including syslog which may or
may not be in control of the remailer operator).

All the same, I would recommend remailers block @whitehouse.gov. :)

Karl Barrus
klbarrus at owlnet.rice.edu


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhJHbcSF/V8IjI8hAQEGswP+LmW+DqIOr7UZS82/EVINGn57e+LtBzlJ
0HOonCMuId7DmC7OiqbRyHD2TSHNZB5KrPOVGg7N4QXtuzioJ55e/S9mdMxsSy0G
9oan4UGzMZEyw9rD09KIu5MqG4vt/KVQqpNhy7F8XMZwt9wwlbupeQv1v/92VdRU
rDOlw9pCnZE=
=A4af
-----END PGP SIGNATURE-----





From ghio at cmu.edu  Thu Jun 30 17:41:58 1994
From: ghio at cmu.edu (Matthew Ghio)
Date: Thu, 30 Jun 94 17:41:58 PDT
Subject: ANI 800 number
Message-ID: <199406300256.TAA07138@kaiwan.kaiwan.com>


shamrock at netcom.com (Lucky Green) wrote:

| About 1.5 years ago, Sandy posted an 800 number that would give you the |
| number of the phone you are calling from. Does anyone still have that?  |

No, but you can use AT&T's test number - 1073214049889664
(you won't be charged for the call)

If you're interested in that type of thing, you might want to read alt.2600





From nobody at soda.berkeley.edu  Thu Jun 30 17:42:37 1994
From: nobody at soda.berkeley.edu (Anonymous User)
Date: Thu, 30 Jun 94 17:42:37 PDT
Subject: Devil's advocate
Message-ID: <199407010042.RAA19250@soda.berkeley.edu>



I am being a sort of devil's advocate here.  Please leave the flame
throwers at home.

I see an argument of "what do you need to protect so badly that Clipper
cannot work?  Are you doing something ILLEGAL?  Clipper works, and only
trusted law enforcement personell can use the keys, therefore there is
no risk here.".

It is hard to explain to some liberal friends of mine that 
"trusted law enforcement personell" could mean judges, policeman, friends
of policeman, etc.

Just blathering on, but I have not seen any real counters to this.

PS:  Is there something out there that can do a sort of Kerboros with
PGP?  Basically the two hosts would use IDEA and RSA for communicating
with each other, and normal TCP/IP for communicating with hosts
without this program.




------------
To respond to the sender of this message, send mail to
remailer at soda.berkeley.edu, starting your message with
the following 8 lines:
::
Response-Key: ideaclipper

====Encrypted-Sender-Begin====
MI@```%AS^P;+]AB?X9TW6\8WR:2P&2%`$A:^X<=%NK,O<WT)5.AU1X(X-.IM
MXGP85,'U521D,MAL[8V$8.!?+;DI[1U<C\)3G54T(4'GQ=P$1&YL9%C=]'[,
#>D^@
====Encrypted-Sender-End====





From j.hastings6 at genie.geis.com  Thu Jun 30 17:42:52 1994
From: j.hastings6 at genie.geis.com (j.hastings6 at genie.geis.com)
Date: Thu, 30 Jun 94 17:42:52 PDT
Subject: Karl Hess Club
Message-ID: <199406300314.AA043916081@relay2.geis.com>


Fellow c-punks:
 
Since the topic of regional lists and meetings has been recently discussed,
I thought I could announce a libertarian supper club without getting
flamed for being off-topic. The first meeting of the club, named after
Karl "Extremism in the defense of liberty is no vice..." Hess, featured
J. Neil Schulman, author of Stopping Power: Why 70 Million Americans
Own Guns. Next meeting Victor Koman talks about private space.
 
Like any supper club I attend, I'll have the latest versions of PGP
available for $1 per disk. Last time I announced news about Clipper,
digital cash, and the MIT release, using information from this here list.
 
Hope to meet some of you at this cypherpunk-friendly event.
 
-----BEGIN PGP SIGNED MESSAGE-----
 
N A S A   v s   T h e   K i n g s   o f   t h e   H i g h   F r o n t i e r
===========================================================================
Victor Koman with his new novel, Kings of the High Frontier, goes where no
libertarian went before...
 
First he killed God -- the hardest-boiled private dick of the future did it
(in The Jehovah Contract). Then he solved the Abortion Controversy -- saved
the fetuses and kept a woman's Right to Choose (in Solomon's Knife). God and
abortion were warm-ups; now Vic takes on Darth Vader's cadet academy: the
National Aeronautics and Space Administration.
 
How many ways are there for free men and women to get to the High Frontier
in spite of the best efforts of the Space Nazg�l to keep them from it? Read
Kings of the High Frontier and count them, baby! And come hear Victor
himself blow the State out of our way into space at:
 
the second meeting of the
Karl Hess Club
Monday, July 18, 1994 -- 7 PM
 
Dinner at the Alpine Village Emerald Room, take the Torrance Blvd exit off
the 110 fwy, just South of where the 405 meets the 91, between Vermont and
Hamilton.
 
PROGRAM
== Presentation of the first ever Chauntecleer Medallion for Libertarian
Activism by Samuel Edward Konkin III, for the movement, to Chauntecleer
Michael for more than a decade of hard-core activism!
== Announcements
== Featured speaker (above)
== Questions and Answers (moderated by the speaker)
== Survey of Attendees: should this club move?
== After-meeting until midnight.
 
NOTES
=* Full bar. Pitchers of good, foreign dark beer available!
=* NEW: dinner (if you want to eat) now prix fixe $17 and includes a choice
of four entr�es (schnitzel, sauerbrauten, Tyrolian chicken, plus one),
coffee or tea, tax and tip. Only dessert extra.
=* Still no reservations needed and no charge for program.
=* Plenty of convenient parking available.
=* Photography and tape recording encouraged.
=* Smoking encouraged but not required. Kids welcome.
 
Kent - j.hastings6 at genie.geis.com
 
-----BEGIN PGP SIGNATURE-----
Version: 2.3
 
iQCVAgUBLhHLUzQYUX1dU7vxAQFQZwQAtjPmbRVfgql/u97CZ/h2qchlzUHqBkr2
OIai3eCnel/sgOrFQNjZBiIixUNIU9Phg5Rv43QybLlGjeajUWJHm7xPV1VP67Pf
gL6a+yXMj3l7TWtPpV8IZr5uPBnXQ5gjY0PTAvt45lD7MxI7PRStMBiDgCyZl6h5
fY+58UVxtGI=
=l9Jp
-----END PGP SIGNATURE-----





From nelson at crynwr.com  Thu Jun 30 18:16:08 1994
From: nelson at crynwr.com (Russell Nelson)
Date: Thu, 30 Jun 94 18:16:08 PDT
Subject: MAIL: chained remailing strategy
In-Reply-To: <9406300419.AA04143@flammulated.owlnet.rice.edu>
Message-ID: <m0qJXEb-000I7XC@crynwr.com>


   Date: Wed, 29 Jun 94 23:19:13 CDT
   From: Karl Lui Barrus <klbarrus at owlnet.rice.edu>

   All the same, I would recommend remailers block @whitehouse.gov. :)

And @[198.137.240.100].






From sandfort at crl.com  Thu Jun 30 18:22:21 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Thu, 30 Jun 94 18:22:21 PDT
Subject: Devil's advocate
In-Reply-To: <199407010042.RAA19250@soda.berkeley.edu>
Message-ID: <Pine.3.87.9406301803.A19355-0100000@crl.crl.com>


C'punks:

On Thu, 30 Jun 1994, Anonymous User wrote:

> 
> I see an argument of "what do you need to protect so badly that Clipper
> cannot work?  Are you doing something ILLEGAL?  Clipper works, and only
> trusted law enforcement personell can use the keys, therefore there is
> no risk here.".
> 
> It is hard to explain to some liberal friends of mine . . .

For liberals, I would examine some pet cause and examine the consequences 
of that cause becoming "illegal."  For instance, if your friends are "pro 
choice," you might ask them what they would do if the right to lifers 
outlawed abortion.  Would they think it was wrong for a rape victim to 
get an abortion just because it was illegal?  How would they feel about 
an abortion "underground railroad" organized via a network of "stations" 
coordinated via the Internet using "illegal encryption"?  Or would they 
trust Clipper in such a situation?

Everyone in America is passionate about something.  Such passion usually 
dispenses with mere legalism, when it comes to what the believer feels is 
a question of fundamental right and wrong.  Hit them with an argument 
that addresses their passion.  Craft a pro-crypto argument that helps 
preserve the object of that passion.


 S a n d y








From jim at acm.org  Thu Jun 30 18:45:27 1994
From: jim at acm.org (Jim Gillogly)
Date: Thu, 30 Jun 94 18:45:27 PDT
Subject: Devil's advocate
In-Reply-To: <199407010042.RAA19250@soda.berkeley.edu>
Message-ID: <9407010127.AA13673@mycroft.rand.org>



> Anonymous User <nobody at soda.berkeley.edu> writes:
> I see an argument of "what do you need to protect so badly that Clipper
> cannot work?  Are you doing something ILLEGAL?  Clipper works, and only

I suppose this has been answered so often that it doesn't make sense to
scrub over it again, but I'll give a few short answers anyway.

Answer 1:
    Wrong question: Once you allow the question "What do you have to hide?"
    about your communications, you don't have a good place to stop the
    inquiries about the rest of your life.  Law enforcement should not be
    allowed to dictate that you behave in a way that will facilitate their
    surveillance; they need to show probable cause <before> starting their
    proceedings against you.

Answer 2:
    Sometimes the advances of science favor the police, and sometimes they
    don't -- luck of the draw.  LE has a lot of tools available that they
    didn't have a few decades ago, including DNA matching, fiber analysis,
    and cellular phone triangulation.  Crypto may reduce one way for them
    to read our mail, but they have others that weren't available before;
    if they have reasonable cause for a court order, let them roll in the
    Van Eck radiation van, plant bugs, sneak in and dump your hard disk,
    or whatever.

Answer 3:
    Clipper's a crappy idea anyway.  The escrow concept is expensive and
    wouldn't be used by criminals as long as it's voluntary; it provides a
    single point of attack for non-governmental bad guys; and any red-neck
    sheriff who can convince a judge to issue a court order can get keys
    without the escrow agency even knowing that they're handing over the
    keys for the Republican state committee's phone system.

That's all independent of whether you can trust Mykotronx and their
masters not to keep copies of the keys while they're making them before
they put them in escrow.

	Jim Gillogly
	8 Afterlithe S.R. 1994, 01:25





From rarachel at prism.poly.edu  Thu Jun 30 18:51:15 1994
From: rarachel at prism.poly.edu (Arsen Ray Arachelian)
Date: Thu, 30 Jun 94 18:51:15 PDT
Subject: PC Expo summary!!
In-Reply-To: <gate.mJeRoc1w165w@dxm.ernet.in>
Message-ID: <9407010136.AA03743@prism.poly.edu>


> rarachel at photon.poly.edu (Arsen Ray Arachelian):
> >                   FEB 17  CYPHERPUNKS TRANSCRIPT
> >     Copyright (C) 1994, cypherpunks at toad.com  All Rights Reserved.      
>                           ^^^^^^^^^^^^^^^^^^^^
> I wonder how the courts will interpret that ;)

This will certainly put a nice toad up the NSA's ass.   Anyone reading this
will see that the cypherpunks are a bunch of folk that stick together as a
single entity whose purpose right now is to kill clipper.  (Right and if they
do, have I got a great bridge to sell them!)

Seriously though, I don't want this transcript to be butchered and quoted
from in some assinine magazine and have it pointed to as the reason we need
clipper.  At least with a copyright on its ass, it gets a bit harder to play
games.
 
> Pats on the back to you for going ahead with the distribution of disks. 
> It would be a good idea to put up the contents of the disk at some FTP site,
> maybe soda.

Will certainly do that. :-)  As a disk image.  But as I said, I have to fix
that bug first.  Also, look forward to seeing a few articles from your
column. :-)  Thanx for letting me use'em.




From ebrandt at jarthur.cs.hmc.edu  Thu Jun 30 20:00:40 1994
From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt)
Date: Thu, 30 Jun 94 20:00:40 PDT
Subject: Detweiler clone at WSJ
In-Reply-To: <199406301603.JAA07502@well.sf.ca.us>
Message-ID: <9407010300.AA16162@toad.com>


> _Wall Street Journal_, 6/30/94

> Beyond that, I think it's time now for the services to jettison the
> long tradition of allowing members to hide behind "handles" or 
> nicknames.  In general people should conduct themselves online
> under their real names, or not at all.

The sound-bite response to this: do you want your child's name, home
address, and phone number available to all those lurking pedophiles
worldwide?  Responsible parents encourage their children to use
remailers.

   Eli   ebrandt at hmc.edu






From jya at pipeline.com  Thu Jun 30 20:19:17 1994
From: jya at pipeline.com (John Young)
Date: Thu, 30 Jun 94 20:19:17 PDT
Subject: What motivates Crypto-folk?
Message-ID: <199407010318.XAA01827@p03.pipeline.com>


Sandy

Thanks for your thoughtful comments.  However the message was 
not by me but by Sherry May <scmay at rschp2.anu.edu.au>.

I forwarded it from talk.politics.crypto where it has produced 
an interesting thread with good discussions.  Tim May pointed 
to this thread on c'punks a few days ago and has joined the 
fray there.

I agree with Tim's statement there that Sherry has initiated a 
topic of substance by her letter.  I hope that c'punks will 
respond as well.





From jya at pipeline.com  Thu Jun 30 21:01:00 1994
From: jya at pipeline.com (John Young)
Date: Thu, 30 Jun 94 21:01:00 PDT
Subject: Detweiler clone at WSJ
Message-ID: <199407010400.AAA09604@p03.pipeline.com>


A less prurient article on youngsters use of online services 
appeared in The New York Times today.  Titled "In Cyberspace, 
and Talking to Strangers", by Felicity Barringer.

Barringer states:  "... there are precious few people who have 
been parents in the computer age.  In matters electronic, the 
children rule."

After recounting concern for her son's safety during a few 
mildly racy incidents online, she concludes that he will learn 
to cope with whatever comes up.  And that after giving him "his 
electronic safety pointers, it's time to let him go".

  





From roy at sendai.cybrspc.mn.org  Thu Jun 30 21:02:02 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Thu, 30 Jun 94 21:02:02 PDT
Subject: MAIL: chained remailing strategy
In-Reply-To: <9406300419.AA04143@flammulated.owlnet.rice.edu>
Message-ID: <940630.222317.5I7.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

[ Whew!  The list was strangely silent for about 18 hours here, and I
was afraid that the news system upgrade had gone awry. ]

In list.cypherpunks, klbarrus at owlnet.rice.edu writes:

> Yes, the extra text is ignored.  In fact, the remailer implemented
> this form of padding (however, it only padded messages shorter than 2K
> out to 2K).  This isn't the best way to do padding since it is quite
> obvious that it is in fact padding.  Hal Finney wrote some perl
> scripts which pad inside the pgp message (add random text without
> likewise updating the message length field; upon decryption the extra
> text is throw away) and this is a better approach.

How tough would that be to add to PGP itself?  And would it deplete the
random pool too much?  Or could psuedo-random lengths of psuedo-random
padding be as effective as real random padding?
- -- 
Roy M. Silvernail --  roy at sendai.cybrspc.mn.org will do just fine, thanks.
          "Does that not fit in with your plans?"
                      -- Mr Wiggen, of Ironside and Malone (Monty Python)
        PGP 2.3a public key available upon request (send yours)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLhONNBvikii9febJAQEfugP+Iw2bCJ86AfXkJeGGcpSFt6qrVqAQWwqd
5s4hZ1VUZzj8FF9u9GHMSPMtbmcuF5IcIF6dfARPbTcsF4zIKDZ+qgerMA3UckV1
y8QGDOtKGldSYP/b4uz7E7Keto9StFYjTMNH/tG2RUwdwyC3peFfAO7oh7zDjEYj
T5Yr+2L07E0=
=2Lxw
-----END PGP SIGNATURE-----






From roy at sendai.cybrspc.mn.org  Thu Jun 30 21:02:05 1994
From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Thu, 30 Jun 94 21:02:05 PDT
Subject: Detweiler clone at WSJ
In-Reply-To: <199406301603.JAA07502@well.sf.ca.us>
Message-ID: <940630.223046.1G9.rusnews.w165w@sendai.cybrspc.mn.org>


-----BEGIN PGP SIGNED MESSAGE-----

In list.cypherpunks, bdolan at well.sf.ca.us writes:

> (And some folks thought that Brady-style fascism would only be applied
> to "gun-nuts"!  Won't be long before you have to have a license to 
> drive on the information superhighway.)

More than a year ago, there was a brief flurry of concern in the Twin
Cities about porn on the BBS'.  I actually attended a meeting with a
bunch of ops and a state senator.  It was kinda humorous... the senator
really didn't have a clue what a BBS was, and the sysops had called her
to inquire about any possible legislation.

The down side was that licensing was mentioned as the first recourse
from the state.  When we complained of the financial hit, the talk
turned to registration.  But the sense was clearly toward proactive
state control.

There was a TV crew at the meeting.  The bimbette made the state
senator look positively well-informed.  And they didn't interview
me, either.
- -- 
Roy M. Silvernail  []  roy at sendai.cybrspc.mn.org

                          It's just this little chromium switch.......

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLhOPmhvikii9febJAQEzBQQAr0w9EG1ElGu6wRWG6fVsnAziEqr/1p2c
7CNvDcClwwQCSgEFGSmFwLWYTZZ0+EuZ2iLMIuUV2W5WTGIrAoFPHYbQ0DhQjXZI
Msbzs0hwdzc4P/JXl5oNGrssoEmdFuyj+X/Aq4uzVhNjsMlLr61a36e51BHkUf6A
HFZ+I4Nzwfo=
=Hr7v
-----END PGP SIGNATURE-----






From sandfort at crl.com  Thu Jun 30 22:10:17 1994
From: sandfort at crl.com (Sandy Sandfort)
Date: Thu, 30 Jun 94 22:10:17 PDT
Subject: What motivates Crypto-folk?
In-Reply-To: <199407010318.XAA01827@p03.pipeline.com>
Message-ID: <Pine.3.87.9406302201.A24197-0100000@crl2.crl.com>


C'punks,

On Thu, 30 Jun 1994, John Young wrote:

> Thanks for your thoughtful comments.  However the message was 
> not by me but by Sherry May <scmay at rschp2.anu.edu.au>.

Sherry May, Tim's EVIL TWIN?  (Or is it the other way 'round?)


 S a n d y








From hfinney at shell.portal.com  Thu Jun 30 22:23:03 1994
From: hfinney at shell.portal.com (Hal)
Date: Thu, 30 Jun 94 22:23:03 PDT
Subject: MAIL: chained remailing strategy
Message-ID: <199407010524.WAA11505@jobe.shell.portal.com>


Here are the times at which my remailer has received messages over the
past week.  (This is the only form of log which I keep, except for messages
titled "DEATH TO BLACKNET".)  In return for this information, please provide a
histogram showing usage as a function of time of day.  Thanks -
Hal Finney

Thu Jun 23 06:41:56 PDT 1994
Thu Jun 23 07:08:28 PDT 1994
Thu Jun 23 07:08:50 PDT 1994
Thu Jun 23 07:12:28 PDT 1994
Thu Jun 23 10:56:44 PDT 1994
Thu Jun 23 12:20:43 PDT 1994
Thu Jun 23 12:29:47 PDT 1994
Thu Jun 23 13:09:32 PDT 1994
Thu Jun 23 13:29:29 PDT 1994
Thu Jun 23 13:37:04 PDT 1994
Thu Jun 23 13:38:07 PDT 1994
Thu Jun 23 14:05:51 PDT 1994
Thu Jun 23 16:05:24 PDT 1994
Thu Jun 23 16:05:52 PDT 1994
Thu Jun 23 17:26:52 PDT 1994
Thu Jun 23 18:09:30 PDT 1994
Thu Jun 23 18:10:27 PDT 1994
Thu Jun 23 18:12:33 PDT 1994
Thu Jun 23 18:12:40 PDT 1994
Thu Jun 23 18:13:31 PDT 1994
Thu Jun 23 18:13:44 PDT 1994
Thu Jun 23 18:25:40 PDT 1994
Thu Jun 23 18:25:52 PDT 1994
Thu Jun 23 18:26:44 PDT 1994
Thu Jun 23 18:39:46 PDT 1994
Thu Jun 23 21:02:39 PDT 1994
Thu Jun 23 21:02:40 PDT 1994
Thu Jun 23 21:35:28 PDT 1994
Thu Jun 23 21:37:11 PDT 1994
Thu Jun 23 23:32:31 PDT 1994
Thu Jun 23 23:33:18 PDT 1994
Fri Jun 24 10:38:07 PDT 1994
Fri Jun 24 10:42:45 PDT 1994
Fri Jun 24 10:49:29 PDT 1994
Fri Jun 24 11:28:02 PDT 1994
Fri Jun 24 13:25:20 PDT 1994
Fri Jun 24 13:41:49 PDT 1994
Fri Jun 24 13:46:35 PDT 1994
Fri Jun 24 16:06:20 PDT 1994
Fri Jun 24 16:06:33 PDT 1994
Fri Jun 24 17:24:59 PDT 1994
Fri Jun 24 18:19:22 PDT 1994
Fri Jun 24 18:19:41 PDT 1994
Fri Jun 24 18:19:46 PDT 1994
Fri Jun 24 18:19:59 PDT 1994
Fri Jun 24 21:26:27 PDT 1994
Fri Jun 24 21:26:29 PDT 1994
Sat Jun 25 00:13:18 PDT 1994
Sat Jun 25 00:13:45 PDT 1994
Sat Jun 25 00:14:09 PDT 1994
Sat Jun 25 00:17:08 PDT 1994
Sat Jun 25 00:17:37 PDT 1994
Sat Jun 25 01:09:43 PDT 1994
Sat Jun 25 02:08:37 PDT 1994
Sat Jun 25 02:51:57 PDT 1994
Sat Jun 25 08:28:18 PDT 1994
Sat Jun 25 08:53:46 PDT 1994
Sat Jun 25 09:06:15 PDT 1994
Sat Jun 25 10:06:35 PDT 1994
Sat Jun 25 10:06:39 PDT 1994
Sat Jun 25 10:07:26 PDT 1994
Sat Jun 25 12:57:50 PDT 1994
Sat Jun 25 15:10:25 PDT 1994
Sat Jun 25 16:56:08 PDT 1994
Sat Jun 25 17:47:07 PDT 1994
Sat Jun 25 20:19:22 PDT 1994
Sat Jun 25 20:19:50 PDT 1994
Sun Jun 26 02:06:24 PDT 1994
Sun Jun 26 11:56:45 PDT 1994
Sun Jun 26 12:04:17 PDT 1994
Sun Jun 26 13:29:14 PDT 1994
Sun Jun 26 13:35:52 PDT 1994
Sun Jun 26 17:21:28 PDT 1994
Sun Jun 26 17:21:29 PDT 1994
Sun Jun 26 17:21:32 PDT 1994
Sun Jun 26 17:21:35 PDT 1994
Sun Jun 26 17:32:23 PDT 1994
Sun Jun 26 17:47:36 PDT 1994
Sun Jun 26 19:30:45 PDT 1994
Sun Jun 26 20:11:44 PDT 1994
Mon Jun 27 09:40:11 PDT 1994
Mon Jun 27 12:16:32 PDT 1994
Mon Jun 27 12:16:33 PDT 1994
Mon Jun 27 12:26:52 PDT 1994
Mon Jun 27 14:09:27 PDT 1994
Mon Jun 27 15:29:16 PDT 1994
Mon Jun 27 16:47:48 PDT 1994
Mon Jun 27 16:49:07 PDT 1994
Mon Jun 27 19:10:25 PDT 1994
Mon Jun 27 19:12:15 PDT 1994
Mon Jun 27 20:14:56 PDT 1994
Mon Jun 27 20:49:18 PDT 1994
Mon Jun 27 21:24:09 PDT 1994
Mon Jun 27 21:24:17 PDT 1994
Mon Jun 27 21:30:21 PDT 1994
Mon Jun 27 22:10:05 PDT 1994
Mon Jun 27 22:10:35 PDT 1994
Mon Jun 27 23:54:41 PDT 1994
Tue Jun 28 01:04:59 PDT 1994
Tue Jun 28 03:43:55 PDT 1994
Tue Jun 28 03:47:22 PDT 1994
Tue Jun 28 04:14:57 PDT 1994
Tue Jun 28 04:15:13 PDT 1994
Tue Jun 28 05:10:45 PDT 1994
Tue Jun 28 05:12:09 PDT 1994
Tue Jun 28 05:54:14 PDT 1994
Tue Jun 28 07:11:13 PDT 1994
Tue Jun 28 07:43:44 PDT 1994
Tue Jun 28 08:05:16 PDT 1994
Tue Jun 28 08:08:43 PDT 1994
Tue Jun 28 08:36:09 PDT 1994
Tue Jun 28 08:57:40 PDT 1994
Tue Jun 28 09:37:29 PDT 1994
Tue Jun 28 11:27:12 PDT 1994
Tue Jun 28 11:36:44 PDT 1994
Tue Jun 28 11:51:32 PDT 1994
Tue Jun 28 14:04:58 PDT 1994
Tue Jun 28 15:27:46 PDT 1994
Tue Jun 28 15:36:14 PDT 1994
Tue Jun 28 18:18:35 PDT 1994
Tue Jun 28 18:19:36 PDT 1994
Tue Jun 28 18:35:31 PDT 1994
Tue Jun 28 18:39:32 PDT 1994
Tue Jun 28 18:39:46 PDT 1994
Tue Jun 28 18:41:11 PDT 1994
Tue Jun 28 18:50:04 PDT 1994
Tue Jun 28 19:10:42 PDT 1994
Tue Jun 28 19:20:00 PDT 1994
Tue Jun 28 19:39:16 PDT 1994
Tue Jun 28 19:39:18 PDT 1994
Tue Jun 28 21:58:34 PDT 1994
Tue Jun 28 22:03:59 PDT 1994
Tue Jun 28 22:44:08 PDT 1994
Wed Jun 29 00:19:52 PDT 1994
Wed Jun 29 00:41:10 PDT 1994
Wed Jun 29 00:48:00 PDT 1994
Wed Jun 29 01:23:32 PDT 1994
Wed Jun 29 01:51:06 PDT 1994
Wed Jun 29 05:39:10 PDT 1994
Wed Jun 29 06:36:19 PDT 1994
Wed Jun 29 06:48:35 PDT 1994
Wed Jun 29 07:02:26 PDT 1994
Wed Jun 29 09:37:49 PDT 1994
Wed Jun 29 09:40:24 PDT 1994
Wed Jun 29 11:04:22 PDT 1994
Wed Jun 29 11:05:47 PDT 1994
Wed Jun 29 11:15:12 PDT 1994
Wed Jun 29 11:32:03 PDT 1994
Wed Jun 29 12:18:18 PDT 1994
Wed Jun 29 12:29:40 PDT 1994
Wed Jun 29 12:33:38 PDT 1994
Wed Jun 29 13:18:41 PDT 1994
Wed Jun 29 14:31:47 PDT 1994
Wed Jun 29 14:58:33 PDT 1994
Wed Jun 29 15:16:35 PDT 1994
Wed Jun 29 15:35:44 PDT 1994
Wed Jun 29 16:26:30 PDT 1994
Wed Jun 29 16:26:55 PDT 1994
Wed Jun 29 16:52:27 PDT 1994
Wed Jun 29 18:09:00 PDT 1994
Wed Jun 29 18:09:01 PDT 1994
Wed Jun 29 18:28:31 PDT 1994
Wed Jun 29 18:28:44 PDT 1994
Wed Jun 29 19:05:43 PDT 1994
Wed Jun 29 21:12:59 PDT 1994
Thu Jun 30 00:14:40 PDT 1994
Thu Jun 30 00:54:21 PDT 1994
Thu Jun 30 12:53:37 PDT 1994
Thu Jun 30 12:54:57 PDT 1994
Thu Jun 30 13:10:57 PDT 1994
Thu Jun 30 14:27:40 PDT 1994
Thu Jun 30 14:50:38 PDT 1994
Thu Jun 30 15:06:57 PDT 1994
Thu Jun 30 15:22:45 PDT 1994
Thu Jun 30 15:26:22 PDT 1994
Thu Jun 30 15:36:57 PDT 1994
Thu Jun 30 15:38:32 PDT 1994
Thu Jun 30 17:19:34 PDT 1994
Thu Jun 30 17:19:46 PDT 1994
Thu Jun 30 17:27:19 PDT 1994
Thu Jun 30 17:27:55 PDT 1994
Thu Jun 30 18:09:16 PDT 1994
Thu Jun 30 18:42:37 PDT 1994
Thu Jun 30 20:07:35 PDT 1994





From bryner at atlas.chem.utah.edu  Thu Jun 30 22:35:21 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Thu, 30 Jun 94 22:35:21 PDT
Subject: NSA
In-Reply-To: <9406300401.AA17934@pig.jjm.com>
Message-ID: <Pine.3.89.9406302353.A22501-0100000@atlas.chem.utah.edu>


On Thu, 30 Jun 1994, 0000-Super User wrote:
> 	This brings up the second point.  IS NSA really presuring RSA
> because they fear the security of the RSA exponentiation algorithms or
> because they can break them and hope to induce people to use use them by
> seeming afraid of them ? What would be a better endorsement of a
> security product than that the NSA wanted it banned because it was too
> good ? Or would it ?
This is bogus, imo.  They would not try and use reverse psycology, and 
would be quiet about it, lest they succeed in controling and actualy 
squash that they can break.

This argument also assumes the there are alternatives.  There arn't(at 
least not ones that have been explored as well, 1000++ years is a long time)

Did I miss anything?

Roger.





From bmorris at netcom.com  Thu Jun 30 22:41:36 1994
From: bmorris at netcom.com (Bob MorrisG)
Date: Thu, 30 Jun 94 22:41:36 PDT
Subject: (FWD) WHAT MOTIVATES CRYP
Message-ID: <199407010541.WAA24567@netcom8.netcom.com>


To: cypherpunks at toad.com

JJ> anathema to the libertarian and I'm curious to know  if there
JJ> are other crypto users (I would NEVER call myself a cypherpunk
JJ> :-)  who's interest stems from a left-wing rather than
JJ> right-wing viewpoint.

I'm a leftie and was also a bit bemused by the idea of using crypto to
avoid paying taxes.  Hopefully we can find a bit more exalted use of
crypto than that.

However, I assume all here are agreed that strong private crypto is a
good thing.  "Politics makes strange bedfellows", indeed.

This wouldn't be the first time that those on the fringes of the left
and the right saw a common enemy - encroaching government with control
in their hearts.

 * RM 1.4 B0037 *
                                                          





From bryner at atlas.chem.utah.edu  Thu Jun 30 22:44:51 1994
From: bryner at atlas.chem.utah.edu (Roger Bryner)
Date: Thu, 30 Jun 94 22:44:51 PDT
Subject: Devil's advocate
In-Reply-To: <9407010127.AA13673@mycroft.rand.org>
Message-ID: <Pine.3.89.9406302357.A22501-0100000@atlas.chem.utah.edu>


On Thu, 30 Jun 1994, Jim Gillogly wrote:
> > Anonymous User <nobody at soda.berkeley.edu> writes:
> > I see an argument of "what do you need to protect so badly that Clipper
> > cannot work?  Are you doing something ILLEGAL?  Clipper works, and only
Let me add:

#4
We, a concerned citizen group, are investigating *you(r orginisation)*  for 
suspicion of organized child abuse, and would like to keep the aligations we 
have so far private.  Why do you want our private messages put in public 
view, where everyone would hear these unsubstantiated rumors?  
Furthermore, you have nothing to hide, so why do you mind if we 
investigate you?

:-)

Roger, Go for the Juggler, Bryner.





From limpe001 at hio.tem.nhl.nl  Thu Jun 30 23:32:56 1994
From: limpe001 at hio.tem.nhl.nl (HHM LIMPENS)
Date: Thu, 30 Jun 94 23:32:56 PDT
Subject: Where is SecureDevice? wuarchive directory missing..
In-Reply-To: <2E12F1FB@mspost.dr.att.com>
Message-ID: <9407010725.AA00358@hio.tem.nhl.nl>


-----BEGIN PGP SIGNED MESSAGE-----


> Hello, all!

Hi,


> P.S. Does anybody have a FAQ or something about how to
> integrate PGP with Microsoft Mail? (Note the lack of
> a PGP signature while I'm getting my act together..)

When your Microsoft Mail supports an external Editor, you might
want to try PGS (Pretty Good Shell), available as PGS099B.ZIP at 
several ftp sites.
It enables you to run PGP from a shell, with a easy way to edit/encrypt
files.

When you can't find any site which has the above file, send me a private
mail, and I'll mail you a copy.
- -- 

Eric.

    'If we are ever in danger of undermining the NSA, they will either
     buy us or shoot us.'

 +----------------------------------------+----------------------------+
 | Eric Limpens                           |  Where is my spycamera !?  |
 |                                        |     ..Bart Simpson..       |
 | <Limpe001 at hio.tem.nhl.nl>              +----------------------------+
 | S=limpe001;OU=hio;OU=tem;O=nhl;PRMD=surf;ADMD=400net;C=nl           |
 |          finger limpe001 at 141.252.36.60 for PGP 2.7 key              |
 +---------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhPElugWAlGwR3dDAQE4UAQAgiEHWQtPpBnjquYCaOwfi2U7z24UWtZi
anrqlb75UnKBkIDTSXm+Wd2cMxBbg6MSyEbiJjMxltr0kadKnlQYIJ/gk+IzMW+Q
80txEYqn2o6YPE2J14NG0bn4PRObSjlg4KCYc6+grmsFIAsuNPlwagkvIWp19N+U
i+cwXZjEcAU=
=EwzW
-----END PGP SIGNATURE-----




From crame001 at hio.tem.nhl.nl  Thu Jun 30 23:41:34 1994
From: crame001 at hio.tem.nhl.nl (ER CRAMER)
Date: Thu, 30 Jun 94 23:41:34 PDT
Subject: Where is SecureDevice? wuarchive directory missing..
In-Reply-To: <2E12F1FB@mspost.dr.att.com>
Message-ID: <9407010733.AA00218@hio.tem.nhl.nl>



> P.S. Does anybody have a FAQ or something about how to
> integrate PGP with Microsoft Mail? (Note the lack of
> a PGP signature while I'm getting my act together..)

Is it possible to use an external editor in that program??? Or is is a
MS-Windows program???

-- 

... If you outlaw Privacy, only Outlaws will have Privacy!

Eelco Cramer <crame001 at hio.tem.nhl.nl> ------
--------------------------------------------------




From cactus at bb.com  Thu Jun 30 23:41:45 1994
From: cactus at bb.com (L. Todd Masco)
Date: Thu, 30 Jun 94 23:41:45 PDT
Subject: Strong crypto in new business on net
Message-ID: <199407010647.CAA11074@bb.com>



-----BEGIN PGP SIGNED MESSAGE-----


Hey, y'all.  I'm not sure how well this will be received on Cypherpunks,
 but it seems like it's appropriate, given the discussions of e$ and
 the use of encryption for fun and profit (this being the latter).

I recently quit my job on Wall Street (well, Broad Street) to go into
 the business of selling electronic forms of books (to start with,
 Voyager on the Macs (it's a toolkit that produces HyperCard stacks))
 and other forms of information.  We haven't made any money yet, but
 we're hoping (I'm the programmer/ part sys-admin).

What we (I)'ve done is this:  I took RIPEM (yes, we've licensed with 
 Jim Bidzos), and ripped out the key management stuff, replacing it
 with a keypair for the masses (just because RIPEM likes the sender's
 private key to be used to encrypt -- no security is expected here) and
 our public key hardcoded in. The user ftp's a binary for their
 platform (*) from bb.com and runs the client -- they answer the
 questions (credit card info, what items they want on what platforms),
 and the client encrypts, finds sendmail, and fires the mail off.  On
 platforms such as the Amiga, Mac, and PC where there isn't a standard
 e-mail interface, we'll just generate the crypto and let the user cut
 and paste it into their MUA.

(*) we're not distributing source at the moment.  It's simply too easy
 to spoof with the source.

Anyway, this is the announcement.  If anybody gets their nose out of
 joint about it, I sincerely apologize, and ask you not to blame my
 partners -- and I'll only do this one time. We're going on-line in earnest
 in the near future, but I got my partners to agree to let y'all take an
 early look, not entirely as an ad, but partially to show a willingness to
 work with y'all towards shaping a real information economy on the net. 
 Comments can go to me (cactus at bb.com) or to comments at bb.com. Flames should
 just go to me.

Oh, enclosed is our PGP 2.6 public key: we soon plan to take orders 
 encrypted with PGP -- as soon as we clear up the legalities (how does
 one license IDEA for commercial use?  Just buy ViaCrypt's PGP?).  We
 haven't decided whether we'll accept non-encrypted orders yet.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6

mQCNAi4TlOwAAAEEAO58V1yZKAZF3X+HIeWwjlna7/MkOJJBFhLNtPGh9qqte6zh
/XwRlWIpp7rSqv82WDA6tArYxyfzrP6MBwXbyzD4hqxMMsVOAHgZuIPcMqp75XJl
/4lBUR9BuQvJKAecOgRZm0GOwSmczaKtysmJqRFA7K+6rkQdIUh4eBG7Ai55AAUR
tB5CaWJsaW9ieXRlcyA8cGdwb3JkZXJzQGJiLmNvbT6JAJUCBRAuE7fIW7aHjZkR
V9kBARntBAC7UPYI2RxrllHbMpJA4qBI88KqYasTSJdSolScAu0WhcG9XjIEV+Ks
fvgTpGuw6yxd1HZKlwgHhoHKUbgb6WUaWD/g9s/Fra4eUnup87N93dPRCCccJeKe
PQydLajr8X/DDecE6w9Ood9K0B3qahW29rMykQMz3ojV34Ki9rDsm4kAlQIFEC4T
mJ4TYYKL6zwe3QEBJ7wD/3cHBOJwvP9WDd5XvtPmJ7eJDA/Bwzbu8DiIiO/eYV38
i1KcT4kOE2qRTRft93IQC11+g8WAgS3qUTwfmuLjXpjMw4FLQBbndW3kRQ10opBi
vd9wWcoRC5uv9GHrLdJswmFISoy75A++xb1p/rSbR8WGKI7hdEKOrhKdei9i1EWD
=SacH
- -----END PGP PUBLIC KEY BLOCK-----

Thanks,
- --
L. Todd Masco                   |  Bibliobytes books on computer, available on
cactus at bibliob.slip.netcom.com  |   any UNIX host with e-mail: mail info at bb.com

- ------- Start of forwarded message -------

Have you ever bought a book from thousands of miles away -- and had it in
your computer immediately?

Forget "You will" -- YOU CAN.

And the company that can bring them to you is BiblioBytes.

Hi, I'm Glenn Hauman.  I'm the publisher of BiblioBytes, and I'm proud to
welcome you into our world.  Here at BiblioBytes we hope to offer you the
best and most complete selection of books available on the Internet, which
you can buy and read instantly -- right now -- without needing any extra
equipment or time for your credit card to clear.

You understand what we're doing here -- you've been on the net, you don't
need AT&T commercials to explain it to you.  We've built an encrypted
financial exchange system, so you can purchase material safely over the
Internet.

We're using it to sell you electronic versions of books instantly.  
Any time.  Any place that Internet-based email can travel. No matter.

Thank you for asking about us.  I hope that this letter explains everything
you want to know -- but if you need more information, please send e-mail to
info at bb.com.

Thanks for checking us out! 
 --Glenn Hauman, Publisher, BiblioBytes, 7/1/94

**********************************************************
*                  INSIDE THIS DOCUMENT                  *
********************************************************** 

 1) WHAT ARE WE PUBLISHING?
 2) HOW DOES IT WORK?
 3) HOW DO YOU GET THESE BOOKS?
 4) WHAT FILE FORMATS DO WE OFFER?
 5) HOW DO YOU GET YOUR BOOKS DISTRIBUTED THROUGH BIBLIOBYTES?
 6) HOW DO YOU GET REVIEW COPIES?
 7) BIBLIOBYTES AND YOU

********************************************************** 

1) WHAT ARE WE PUBLISHING?

You name a genre -- mystery, SF, romance, fantasy, erotica, 
classics -- we've got something in it, if not this week, then soon.  
As of this writing (6/30/94) we have the rights to over one thousand 
titles, and we're trying to get as many of them online as quickly 
as possible.

Obviously, a catalog list that long is way beyond the scope of this letter.
To get our most current list, send e-mail to catalog at bb.com.  
To subscribe to our mailing list of catalog updates 
(as well as other BiblioBytes information) send e-mail to bb-stuff at bb.com.


2) HOW DOES IT WORK?

Pretty easily, actually.  Use our custom encryptors to send e-mail including
your order and credit card number to us.  We will then send your files direct
to you and charge your credit card.  

That's it.  No special hardware needed, no waiting for an account to be set
up, no joining additional computer networks to get your books.

Our encryptors use the RSAREF library with a 1024 bit key to provide the best
protection for your credit card information.  Current encryptor platforms
supported are:

  Sun 2
  Sun 3
  SPARC (SunOS 4 and Solaris 2)
  VAX/Ultrix 4.2
  MIPS Ultrix 4.3
  HP-UX 9.01
  OSF/1 AXP
  Amiga NetBSD
  Next (68k and x86 "fat binaries")

Other UNIX platforms on request -- send mail to platforms at bb.com.
Macintosh/PowerMac, DOS, Windows, and Amiga-DOS platforms in development.  
Release dates TBA.

You can get our encryptors via anonymous ftp from bb.com:/pub/orderbook or
e-mail to client at bb.com with the platform in the body.  Instructions are in
the same directory with the encryptors.


3) HOW DO YOU GET THESE BOOKS?

Just follow the instructions in the encryptors to send your name, address,
credit card information, and catalog codes in an encrypted e-mail message.

If you'd like to see a free sample, send e-mail to freebie at bb.com with the
catalog code in the body.


4) WHAT FILE FORMATS DO WE OFFER?

We have books in a wide variety of formats -- Voyager Expanded Books for the
Macintosh (and soon for Windows), ASCII, RTF, and others, depending on the
requirements of the book.  However, we're open to suggestions -- if there's a
particular format you'd like us to support, send e-mail to comments at bb.com.


5) HOW DO YOU GET BIBLIOBYTES TO DISTRIBUTE YOUR BOOKS?

Get our Writer's Guidelines by sending e-mail to guidelines at bb.com,
or look in "bb.com:/pub/info".
Details and a sample contract info are provided.


6) I WOULD LIKE TO REVIEW YOUR BOOKS FOR THE PRESS.  
   HOW DO I GET REVIEW COPIES?

Review copies are available upon request to the press and to list
administrators and moderators.  Please send your credentials to
critics at bb.com.

Of course, previews are available on most of our books by sending e-mail to
freebies at bb.com with the catalog code in the e-mail body.


7) BIBLIOBYTES AND YOU

Unlike some online entities, we want your feedback.  We can't do it without
you.  So let us know: What titles do you want to see? What topics? What
authors? What file formats? What type of Internet connections -- Web, Gopher,
FTP? What computers? How can we let you know about our products better? Would
you like to see weekly columns? Would you pay in advance for a discount on
books?

The main basis of our growth will be your word-of-mouth.  Please let other
people know about us.  Spreading the word is a real service to others and the
best support you could give us.  The second-best support is to take a minute
and let us know what you think of us.  As usual, send to comments at bb.com.


- ------- End of forwarded message -------

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLhO7ZRNhgovrPB7dAQGkzQP9FCluZMNOYFGW/lR06WIuv8ZM23Qt1u+J
qtnWOPE2f4ZdZbRJ8J0n/FtRVJ46LNtkqI6jWkNX5IJWzTrCVfAzTqGOzPgkXzCV
4WMGSDGyOV5TNqduJakDtmYuRvZOpgexMDCuCujv0vF1EMPI1U/IlNpCbPxSigOB
dnUE3eq0+C0=
=gAG3
-----END PGP SIGNATURE-----





From barrett at daisy.ee.und.ac.za  Thu Jun 30 23:49:02 1994
From: barrett at daisy.ee.und.ac.za (Alan Barrett)
Date: Thu, 30 Jun 94 23:49:02 PDT
Subject: Where is SecureDevice? wuarchive directory missing..
In-Reply-To: <2E12F1FB@mspost.dr.att.com>
Message-ID: <Pine.3.89.9407010835.K749-0100000@newdaisy.ee.und.ac.za>


> I'm looking for SecureDevice,

If you can't find it elsewhere, I have it at
ftp://ftp.ee.und.ac.za/pub/crypto/secdev13.arj, but that's at the end of a
saturated 64kbps link. 

--apb (Alan Barrett)






From Rolf.Michelsen at delab.sintef.no  Thu Jun 30 23:51:21 1994
From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen)
Date: Thu, 30 Jun 94 23:51:21 PDT
Subject: Opinions of a book requested...
In-Reply-To: <199406301807.NAA03858@zoom.bga.com>
Message-ID: <Pine.3.88.9407010848.A7636-0100000@svme.er.sintef.no>


On Thu, 30 Jun 1994, Jim choate wrote:

> Does anyone have any hands-on experience with:
> 
> Contemporary Cryptology: The Science of Information Integrity
> Gustavus J. Simmons
> 656pp., 1992
> ISBN 0-87942-277-7

Yes, I have read parts of it some time ago.  It contains a collection of 
self-contained papers on various aspects of crypto from pk cryptosystems 
to boolean functions.  Found it quite good at the time -- try it.

-- Rolf



----------------------------------------------------------------------
Rolf Michelsen                           "Standards are wonderful --     
Email: rolf.michelsen at delab.sintef.no      everyone should have one"
Phone: +47 73 59 87 33                       -- Ancient FORTH proverb
----------------------------------------------------------------------