Insecurity of public key crypto #1 (reply to Mandl)

Eric Johnson ejohnson at
Wed Mar 2 07:50:23 PST 1994

: > : Please don't do that.  I don't want to go through hoops to read this
: > : mailing list.  It's already cumbersome as is.  Adding PGP in the soup
: > : would make things very nasty.  I'd rather not use PGP except for private
: > : messages.
: > 
: > That was exactly the point Eric Hughes was making; it is not a good
: > strategy to save encryption for only private communications.
: > 
: > Besides, procmail (or similar) should be able to handle piping
: > incoming cypherpunks traffic through the decryptor, so the hoop 
: > would be transparent anyway.  No muss, no fuss.
: So, will procmail run for someone getting this mailing list via CCMail
: under DOS? There are people doing that, you know.

Yes, I am aware of that.

: Its one thing to write tools so people can encrypt their routine
: PRIVATE mail. Its another thing to encrypt mailing lists read by
: hundreds of people. The former can be adjusted on a case by case basis
: -- the latter cannot.
: Perry

I don't think "adjust[ing] on a case by case basis" is necessary.
I was suggesting just the opposite.  It obviously isn't a security
issue.  I believe it is more of a first principles issue; "Thou
shall encrypt thy communications, lest thou draw attention to thy
self, and the right be removed by thine opponents."

Oh well, since it was deleted in the first reply to my reply, let's try 
this again:

Eric Hughes wrote:
: If part of your communications are encrypted and part are not you have
: sent the message about what information is sensitive and what is not.
: This difference in encoding is a fir-class message in it's own right.
: Therefore _all_ communications should be encrypted at all time.  It is
: no argument against the principle that this is difficult to do at the
: current time.

Perhaps I am misunderstanding the above (I think not; "_all_" is
fairly inclusive).  I understand your argument about routine PRIVATE
mail.  However, key exchange alone involves considerably more hassle
than what I am suggesting (and judging from the reply I got from
Eric Hughes, I gather encrypting the list is hardly a new idea)
which is this: there would be a tangible benefit from encrypting
a list like cypherpunks with a well-known, even casual grade key.
For God's sake, *especially* cypherpunks (you know, the name, power
of example and all that) If the tools need to be built for some
platform; well, "cypherpunks write code".  Pipes _are_ available
under DOS, you know.


More information about the cypherpunks-legacy mailing list